Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gracefully handling panics #66

Open
olegbespalov opened this issue Mar 15, 2024 · 0 comments · May be fixed by #78
Open

Gracefully handling panics #66

olegbespalov opened this issue Mar 15, 2024 · 0 comments · May be fixed by #78
Assignees
@olegbespalov
Labels
bug Something isn't working

Comments

@olegbespalov
Copy link
Contributor

olegbespalov commented Mar 15, 2024
edited
Loading

What?

During the preparation of #65 I faced the case where using incorrect data, I ended up with panic in k6

Here is an example of script that causes the panic:

import { crypto } from "k6/experimental/webcrypto";

export default async function () {
  const keyData = new Uint8Array([
    7, 152, 164, 45, 255, 169, 164, 66, 164, 163, 20, 197, 194, 223, 48, 213,
    93, 115, 173, 86, 215, 81, 128, 188, 45, 237, 156, 92, 163, 197, 248, 114,
  ]);

  const transmittedData = new Uint8Array([
    167, 9, 89, 202, 97, 13, 137, 77, 223, 24, 226, 161, 225, 228, 121, 248,
    181, 4, 25, 202, 215, 230, 193, 94, 143, 77, 187, 231, 84, 3, 198, 75, 22,
    211, 83, 101, 241, 159, 117, 124, 155, 229, 244, 173, 58, 149, 57, 18,
  ]);

  const iv = new Uint8Array(transmittedData.slice(0, 16));

  // here was my mistake, I cut the transmittedData from 12 to the end
  const encryptedData = new Uint8Array(transmittedData.slice(12));

  const importedKey = await crypto.subtle.importKey(
    "raw",
    keyData,
    { name: "AES-CBC", length: "256" },
    true,
    ["encrypt", "decrypt"]
  );

  // since I wrongly cut the transmittedData the decryption should fail with error
  // but it panics instead
  await crypto.subtle.decrypt(
    {
      name: "AES-CBC",
      iv: iv,
    },
    importedKey,
    encryptedData
  );
}

if I run this, I'll get:

panic: crypto/cipher: input not full blocks

goroutine 104 [running]:
crypto/cipher.(*cbcDecrypter).CryptBlocks(0x1be5890?, {0xc0003587b0?, 0xc000b8e080?, 0x10?}, {0xc000358780?, 0xc000f1c000?, 0xc002515707?})
        /home/olegbespalov/.go/src/crypto/cipher/cbc.go:145 +0x40b
github.com/grafana/xk6-webcrypto/webcrypto.(*AESCBCParams).Decrypt(0xc000b94900, {0xc000358780, 0x24, 0x24}, {{0x181d1fd, 0x6}, 0x1, {0x169f220, 0xc0003ce6c0}, {0xc000e2fa20, ...}, ...})
        /home/olegbespalov/go/pkg/mod/github.com/grafana/[email protected]/webcrypto/aes.go:308 +0xf1
github.com/grafana/xk6-webcrypto/webcrypto.(*SubtleCrypto).Decrypt.func1()
        /home/olegbespalov/go/pkg/mod/github.com/grafana/[email protected]/webcrypto/subtle_crypto.go:187 +0x235
created by github.com/grafana/xk6-webcrypto/webcrypto.(*SubtleCrypto).Decrypt in goroutine 101
        /home/olegbespalov/go/pkg/mod/github.com/grafana/[email protected]/webcrypto/subtle_crypto.go:175 +0x4d7

The panic happens in the go-sdk, but we should catch this and return the user a meaningful error instead. That particular case is related to the cbcDecrypter, but it could be so that not only this algorithm could produce them, so we should be ready and convert it to regular error.

Why?

There should be no panic, but a meaningful error instead.
@olegbespalov olegbespalov added the bug Something isn't working label Mar 15, 2024
@olegbespalov olegbespalov linked a pull request Apr 23, 2024 that will close this issue
Open
@olegbespalov olegbespalov self-assigned this May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olegbespalov olegbespalov

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handling panics in encrypt/decrypt grafana/xk6-webcrypto
1 participant
@olegbespalov