1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 23:38:09 +00:00

core: properly limit passphrase to 50 bytes

This commit is contained in:
Tomas Susanka 2020-02-11 15:39:00 +00:00
parent 2c0504ad1c
commit 0a13f7a441
3 changed files with 27 additions and 2 deletions

View File

@ -4,6 +4,7 @@ Version 2.x.x [not yet released]
Version 2.3.0 [not yet released] Version 2.3.0 [not yet released]
* Passphrase redesign * Passphrase redesign
* Properly limit passphrase to 50 bytes and not 50 characters
Version 2.2.0 [Jan 2020] Version 2.2.0 [Jan 2020]
* Remove unused ButtonRequest.data field * Remove unused ButtonRequest.data field

View File

@ -33,8 +33,8 @@ async def _request_from_user(ctx: wire.Context) -> str:
passphrase = await _request_on_device(ctx) passphrase = await _request_on_device(ctx)
else: else:
passphrase = await _request_on_host(ctx) passphrase = await _request_on_host(ctx)
if len(passphrase) > _MAX_PASSPHRASE_LEN: if len(passphrase.encode()) > _MAX_PASSPHRASE_LEN:
raise wire.DataError("Maximum passphrase length is %d" % _MAX_PASSPHRASE_LEN) raise wire.DataError("Maximum passphrase length is %d bytes" % _MAX_PASSPHRASE_LEN)
return passphrase return passphrase

View File

@ -230,6 +230,30 @@ def test_passphrase_missing(client):
assert response.code == FailureType.DataError assert response.code == FailureType.DataError
@pytest.mark.skip_ui
@pytest.mark.setup_client(passphrase=True)
def test_passphrase_length(client):
def call(passphrase: str, expected_result: bool):
_init_session(client)
response = client.call_raw(XPUB_REQUEST)
assert isinstance(response, messages.PassphraseRequest)
response = client.call_raw(messages.PassphraseAck(passphrase))
if expected_result:
assert isinstance(response, messages.PublicKey)
else:
assert isinstance(response, messages.Failure)
assert response.code == FailureType.DataError
# 50 is ok
call(passphrase="A" * 50, expected_result=True)
# 51 is not
call(passphrase="A" * 51, expected_result=False)
# "š" has two bytes - 48x A and "š" should be fine (50 bytes)
call(passphrase="A" * 48 + "š", expected_result=True)
# "š" has two bytes - 49x A and "š" should not (51 bytes)
call(passphrase="A" * 49 + "š", expected_result=False)
def _get_xpub_cardano(client, passphrase): def _get_xpub_cardano(client, passphrase):
msg = messages.CardanoGetPublicKey(address_n=parse_path("44'/1815'/0'/0/0")) msg = messages.CardanoGetPublicKey(address_n=parse_path("44'/1815'/0'/0/0"))
response = client.call_raw(msg) response = client.call_raw(msg)