"Unknown" Error on login - Looks like password is too long

[Lastof]

Describe the bug

When trying to add integration after entering User/Pass an "Unknown error occurred" error message appears. Looking at the HA Core logs the error in the logs section below appears, suggesting that the 100 character password I generated is being rejected by the cypher. Shortening the password bypassed the issue.

Version of the integration

If you are unsure about the version check the github release here.

1.9.4

Logs

2022-01-09 17:08:16 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_protocol.py", line 435, in _handle_request
    resp = await request_handler(request)
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 60, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 220, in forwarded_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 78, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 181, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 137, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 157, in post
    return await super().post(request, flow_id)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 62, in wrapper
    result = await method(view, request, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 110, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 252, in async_configure
    result = await self._async_handle_step(flow, cur_step["step_id"], user_input)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 325, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/config/custom_components/google_home/config_flow.py", line 61, in async_step_user
    master_token = await self._test_credentials(client)
  File "/config/custom_components/google_home/config_flow.py", line 96, in _test_credentials
    master_token = await client.async_get_master_token()
  File "/config/custom_components/google_home/api.py", line 75, in async_get_master_token
    master_token = await self.hass.async_add_executor_job(_get_master_token)
  File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/config/custom_components/google_home/api.py", line 73, in _get_master_token
    return self._client.get_master_token()
  File "/usr/local/lib/python3.9/site-packages/glocaltokens/client.py", line 218, in get_master_token
    res = perform_master_login(
  File "/usr/local/lib/python3.9/site-packages/gpsoauth/__init__.py", line 127, in perform_master_login
    "EncryptedPasswd": google.construct_signature(
  File "/usr/local/lib/python3.9/site-packages/gpsoauth/google.py", line 58, in construct_signature
    encrypted_login = cipher.encrypt((email + "\x00" + password).encode("utf-8"))
  File "/usr/local/lib/python3.9/site-packages/Cryptodome/Cipher/PKCS1_OAEP.py", line 115, in encrypt
    raise ValueError("Plaintext is too long.")
ValueError: Plaintext is too long.

[leikoilja]

Hmm interesting, thanks for reporting it, @Lastof.
Quick google search has confirmed that maximum allowed password length is 100 chars

We currently have no input length validation in neither https://github.com/leikoilja/gingernest nor in https://github.com/leikoilja/ha-google-home, but it would be nice to add.

[Lastof]

Notably the password was exactly 100 characters, and was able to login to google. From the errors I assume the issue is that a long email address + long password is meeting some issue with max length for the encryption algorithm (PKCS1_OAEP is throwing the error) before being sent out.

For refrence throwing the email+pass into a utf-8 byte calculator (but with a space rather than the "\x00", since I'm not sure how to add a special character in the webpage I'm using) the length is 135 bytes. Not sure what the max could be (128 seems low, but there would need to be lots of encryption padding to reach 256).

[ArnyminerZ]

I may suggest using an App Password from Google? Those are shorter, and you won't have issues. See FAQs. Also, I don't recommend using your real password on any custom integration or third party product, so this would be a good security-aimed step.

[Lastof]

Advice on the app password is noted. Since this was a specifically created account for use with the intergration, rather than a "real" account, I went with not needing to link it to an authentication method.

[ArnyminerZ]

Advice on the app password is noted. Since this was a specifically created account for use with the intergration, rather than a "real" account, I went with not needing to link it to an authentication method.

Okay, I understand. Then why not changing the password to 99 chars or something that works out? However, further investigation should be performed, or at least a check when logging in so this error does not occur.

[ArnyminerZ]

Please, @Lastof if you could test #506 with the old password, would help quite a bit. Theoretically should do the job, but since you said something about username+password length, not sure if this check is enough.