ValueError: plaintext is too long

Question

ValueError: plaintext is too long

jtleniger opened this issue 8 years ago · 9 comments

I have a pretty lengthy password and receive this exception when trying to login.

Answer 1 · 2016-11-14T22:02:07.000Z

Huh, that's a new one. Can you provide a traceback? I'm not sure off the top of my head where this would be coming from.

Answer 2 · 2016-11-14T22:09:43.000Z

I think I must have pasted my password more than once on accident. Can't reproduce with my actual password, but if I paste it 2-3 times:

Traceback (most recent call last):
  File "ImportList.py", line 193, in <module>
    api = open_api()
  File "D:\gmusic-playlist\common.py", line 181, in open_api
    if not api.login(username, password, Mobileclient.FROM_MAC_ADDRESS):
  File "C:\python27\lib\site-packages\gmusicapi\clients\mobileclient.py", line 122, in login
    if not self.session.login(email, password, android_id):
  File "C:\python27\lib\site-packages\gmusicapi\session.py", line 191, in login
    res = gpsoauth.perform_master_login(email, password, android_id)
  File "C:\python27\lib\site-packages\gpsoauth\__init__.py", line 60, in perform_master_login
    'EncryptedPasswd': google.signature(email, password, android_key_7_3_29),
  File "C:\python27\lib\site-packages\gpsoauth\google.py", line 50, in signature
    encrypted_login = cipher.encrypt((email + u'\x00' + password).encode('utf-8'))
  File "C:\python27\lib\site-packages\Cryptodome\Cipher\PKCS1_OAEP.py", line 141, in encrypt
    raise ValueError("Plaintext is too long.")
ValueError: Plaintext is too long.

Can probably close this unless it happens on someone's real password.

Answer 3 · 2016-11-14T22:14:34.000Z

Ah, ok, that makes sense. We can check the size of the key to find the max plaintext length, and see if anybody has looked into what Google does to handle longer plaintext (probably some kind of chunking?).

Answer 4 · 2018-01-13T18:26:59.000Z

I can reproduce this with a long password (64 characters long).

Answer 5 · 2018-01-13T21:36:11.000Z

Gotcha. There's a mention of an 80-char username+password limit in the blog post I based my code on, but it's not immediately clear to me how to work around it.

Answer 6 · 2018-01-13T22:33:20.000Z

~~I've managed to find a JS implementation of the login details encryption, which might provide a good starting point.~~

Oops, that implementation suffers the same issue too!

Answer 7 · 2018-01-13T23:32:21.000Z

Just spent the last 30 minutes reverse-engineering the original Java source from Android from 2014, and it seems that it also has the 80 character combined limitation!

I did some more research, and it looks like authentication has changed how it works for these services, as linking a Google account to your device uses this URL for setup now. I've not looked into how it stores the authentication token or uses it with Google Play Services though.

Answer 8 · 2018-01-14T03:07:32.000Z

Interesting. Nice work!

Answer 9 · 2020-11-09T21:25:02.000Z

Have you looked into this any further? Google has details about it's OAuth implementation at https://developers.google.com/identity/protocols/oauth2