mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-12 00:10:58 +00:00
core: properly limit passphrase to 50 bytes
This commit is contained in:
parent
2c0504ad1c
commit
0a13f7a441
@ -4,6 +4,7 @@ Version 2.x.x [not yet released]
|
||||
|
||||
Version 2.3.0 [not yet released]
|
||||
* Passphrase redesign
|
||||
* Properly limit passphrase to 50 bytes and not 50 characters
|
||||
|
||||
Version 2.2.0 [Jan 2020]
|
||||
* Remove unused ButtonRequest.data field
|
||||
|
@ -33,8 +33,8 @@ async def _request_from_user(ctx: wire.Context) -> str:
|
||||
passphrase = await _request_on_device(ctx)
|
||||
else:
|
||||
passphrase = await _request_on_host(ctx)
|
||||
if len(passphrase) > _MAX_PASSPHRASE_LEN:
|
||||
raise wire.DataError("Maximum passphrase length is %d" % _MAX_PASSPHRASE_LEN)
|
||||
if len(passphrase.encode()) > _MAX_PASSPHRASE_LEN:
|
||||
raise wire.DataError("Maximum passphrase length is %d bytes" % _MAX_PASSPHRASE_LEN)
|
||||
|
||||
return passphrase
|
||||
|
||||
|
@ -230,6 +230,30 @@ def test_passphrase_missing(client):
|
||||
assert response.code == FailureType.DataError
|
||||
|
||||
|
||||
@pytest.mark.skip_ui
|
||||
@pytest.mark.setup_client(passphrase=True)
|
||||
def test_passphrase_length(client):
|
||||
def call(passphrase: str, expected_result: bool):
|
||||
_init_session(client)
|
||||
response = client.call_raw(XPUB_REQUEST)
|
||||
assert isinstance(response, messages.PassphraseRequest)
|
||||
response = client.call_raw(messages.PassphraseAck(passphrase))
|
||||
if expected_result:
|
||||
assert isinstance(response, messages.PublicKey)
|
||||
else:
|
||||
assert isinstance(response, messages.Failure)
|
||||
assert response.code == FailureType.DataError
|
||||
|
||||
# 50 is ok
|
||||
call(passphrase="A" * 50, expected_result=True)
|
||||
# 51 is not
|
||||
call(passphrase="A" * 51, expected_result=False)
|
||||
# "š" has two bytes - 48x A and "š" should be fine (50 bytes)
|
||||
call(passphrase="A" * 48 + "š", expected_result=True)
|
||||
# "š" has two bytes - 49x A and "š" should not (51 bytes)
|
||||
call(passphrase="A" * 49 + "š", expected_result=False)
|
||||
|
||||
|
||||
def _get_xpub_cardano(client, passphrase):
|
||||
msg = messages.CardanoGetPublicKey(address_n=parse_path("44'/1815'/0'/0/0"))
|
||||
response = client.call_raw(msg)
|
||||
|
Loading…
Reference in New Issue
Block a user