mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-12 16:30:56 +00:00
core: properly limit passphrase to 50 bytes
This commit is contained in:
parent
2c0504ad1c
commit
0a13f7a441
@ -4,6 +4,7 @@ Version 2.x.x [not yet released]
|
|||||||
|
|
||||||
Version 2.3.0 [not yet released]
|
Version 2.3.0 [not yet released]
|
||||||
* Passphrase redesign
|
* Passphrase redesign
|
||||||
|
* Properly limit passphrase to 50 bytes and not 50 characters
|
||||||
|
|
||||||
Version 2.2.0 [Jan 2020]
|
Version 2.2.0 [Jan 2020]
|
||||||
* Remove unused ButtonRequest.data field
|
* Remove unused ButtonRequest.data field
|
||||||
|
@ -33,8 +33,8 @@ async def _request_from_user(ctx: wire.Context) -> str:
|
|||||||
passphrase = await _request_on_device(ctx)
|
passphrase = await _request_on_device(ctx)
|
||||||
else:
|
else:
|
||||||
passphrase = await _request_on_host(ctx)
|
passphrase = await _request_on_host(ctx)
|
||||||
if len(passphrase) > _MAX_PASSPHRASE_LEN:
|
if len(passphrase.encode()) > _MAX_PASSPHRASE_LEN:
|
||||||
raise wire.DataError("Maximum passphrase length is %d" % _MAX_PASSPHRASE_LEN)
|
raise wire.DataError("Maximum passphrase length is %d bytes" % _MAX_PASSPHRASE_LEN)
|
||||||
|
|
||||||
return passphrase
|
return passphrase
|
||||||
|
|
||||||
|
@ -230,6 +230,30 @@ def test_passphrase_missing(client):
|
|||||||
assert response.code == FailureType.DataError
|
assert response.code == FailureType.DataError
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.skip_ui
|
||||||
|
@pytest.mark.setup_client(passphrase=True)
|
||||||
|
def test_passphrase_length(client):
|
||||||
|
def call(passphrase: str, expected_result: bool):
|
||||||
|
_init_session(client)
|
||||||
|
response = client.call_raw(XPUB_REQUEST)
|
||||||
|
assert isinstance(response, messages.PassphraseRequest)
|
||||||
|
response = client.call_raw(messages.PassphraseAck(passphrase))
|
||||||
|
if expected_result:
|
||||||
|
assert isinstance(response, messages.PublicKey)
|
||||||
|
else:
|
||||||
|
assert isinstance(response, messages.Failure)
|
||||||
|
assert response.code == FailureType.DataError
|
||||||
|
|
||||||
|
# 50 is ok
|
||||||
|
call(passphrase="A" * 50, expected_result=True)
|
||||||
|
# 51 is not
|
||||||
|
call(passphrase="A" * 51, expected_result=False)
|
||||||
|
# "š" has two bytes - 48x A and "š" should be fine (50 bytes)
|
||||||
|
call(passphrase="A" * 48 + "š", expected_result=True)
|
||||||
|
# "š" has two bytes - 49x A and "š" should not (51 bytes)
|
||||||
|
call(passphrase="A" * 49 + "š", expected_result=False)
|
||||||
|
|
||||||
|
|
||||||
def _get_xpub_cardano(client, passphrase):
|
def _get_xpub_cardano(client, passphrase):
|
||||||
msg = messages.CardanoGetPublicKey(address_n=parse_path("44'/1815'/0'/0/0"))
|
msg = messages.CardanoGetPublicKey(address_n=parse_path("44'/1815'/0'/0/0"))
|
||||||
response = client.call_raw(msg)
|
response = client.call_raw(msg)
|
||||||
|
Loading…
Reference in New Issue
Block a user