asherah 1.2.9 → 1.3.2

package/.asherah-version

@@ -1 +1 @@
-ASHERAH_VERSION=v0.4.25
+ASHERAH_VERSION=v0.4.26

package/binding.gyp

@@ -1,13 +1,23 @@
 {
   'targets': [
-    {
+      {
       'target_name': 'napiasherah',
       'include_dirs': ["<!(node -p \"require('node-addon-api').include_dir\")"],
+      "cflags": ["-fexceptions", "-g"],
+      "cflags_cc": ["-fexceptions", "-g"],
+      "cflags!": [ "-fno-exceptions"],
+      "cflags_cc!": [ "-fno-exceptions" ],
+      'xcode_settings': {
+        'OTHER_CFLAGS': [
+          '-fexceptions',
+          '-g'
+        ],
+      },
+      'defines': [ 'NAPI_CPP_EXCEPTIONS', 'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS' ],
       'sources': [
         'lib/libasherah.h',
         'src/napiasherah.cc'
       ],
-      'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],
       'libraries': [ '../lib/libasherah.a' ]
     }
   ]

package/dist/asherah.d.ts

@@ -1,5 +1,4 @@
 /// <reference types="node" />
-/// <reference types="ref-napi" />
 export type AsherahConfig = {
     /** The name of this service (Required) */
     ServiceName: string;
@@ -46,3 +45,5 @@ export declare function decrypt(partitionId: string, dataRowRecord: string): Buf
 export declare function encrypt(partitionId: string, data: Buffer): string;
 export declare function decrypt_string(partitionId: string, dataRowRecord: string): string;
 export declare function encrypt_string(partitionId: string, data: string): string;
+export declare function set_max_stack_alloc_item_size(max_item_size: number): void;
+export declare function set_safety_padding_overhead(safety_padding_overhead: number): void;

package/dist/asherah.js

@@ -1,23 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
-const cobhan_1 = require("cobhan");
+exports.set_safety_padding_overhead = exports.set_max_stack_alloc_item_size = exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
 const napi_asherah = require('../build/Release/napiasherah.node');
-const EstimatedEncryptionOverhead = 48;
-const EstimatedEnvelopeOverhead = 185;
-const Base64Overhead = 1.34;
-let EstimatedIntermediateKeyOverhead = 0;
-function estimate_buffer(dataLen, partitionLen) {
-    const estimatedDataLen = (dataLen + EstimatedEncryptionOverhead) * Base64Overhead;
-    return EstimatedEnvelopeOverhead + EstimatedIntermediateKeyOverhead + partitionLen + estimatedDataLen;
-}
 function setup(config) {
-    const configJsonBuffer = (0, cobhan_1.json_to_cbuffer)(config);
-    EstimatedIntermediateKeyOverhead = config.ProductID.length + config.ServiceName.length;
-    const result = napi_asherah.Napi_SetupJson(configJsonBuffer);
-    if (result < 0) {
-        throw new Error('setupJson failed: ' + result);
-    }
+    const configStr = JSON.stringify(config);
+    napi_asherah.Napi_SetupJson(configStr, config.ProductID.length, config.ServiceName.length, config.Verbose);
 }
 exports.setup = setup;
 function shutdown() {
@@ -25,32 +12,26 @@ function shutdown() {
 }
 exports.shutdown = shutdown;
 function decrypt(partitionId, dataRowRecord) {
-    const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
-    const jsonBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord);
-    const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(jsonBuffer.byteLength);
-    const result = napi_asherah.Napi_DecryptFromJson(partitionIdBuffer, jsonBuffer, outputDataBuffer);
-    if (result < 0) {
-        throw new Error('decrypt failed: ' + result);
-    }
-    return (0, cobhan_1.cbuffer_to_buffer)(outputDataBuffer);
+    return napi_asherah.Napi_DecryptFromJsonToBuffer(partitionId, dataRowRecord);
 }
 exports.decrypt = decrypt;
 function encrypt(partitionId, data) {
-    const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
-    const dataBuffer = (0, cobhan_1.buffer_to_cbuffer)(data);
-    const outputJsonBuffer = (0, cobhan_1.allocate_cbuffer)(estimate_buffer(data.byteLength, partitionId.length));
-    const result = napi_asherah.Napi_EncryptToJson(partitionIdBuffer, dataBuffer, outputJsonBuffer);
-    if (result < 0) {
-        throw new Error('encrypt failed: ' + result);
-    }
-    return (0, cobhan_1.cbuffer_to_string)(outputJsonBuffer);
+    return napi_asherah.Napi_EncryptFromBufferToJson(partitionId, data);
 }
 exports.encrypt = encrypt;
 function decrypt_string(partitionId, dataRowRecord) {
-    return decrypt(partitionId, dataRowRecord).toString('utf8');
+    return napi_asherah.Napi_DecryptFromJsonToString(partitionId, dataRowRecord);
 }
 exports.decrypt_string = decrypt_string;
 function encrypt_string(partitionId, data) {
-    return encrypt(partitionId, Buffer.from(data, 'utf8'));
+    return napi_asherah.Napi_EncryptFromStringToJson(partitionId, data);
 }
 exports.encrypt_string = encrypt_string;
+function set_max_stack_alloc_item_size(max_item_size) {
+    return napi_asherah.Napi_SetMaxStackAllocItemSize(max_item_size);
+}
+exports.set_max_stack_alloc_item_size = set_max_stack_alloc_item_size;
+function set_safety_padding_overhead(safety_padding_overhead) {
+    return napi_asherah.Napi_SetSafetyPaddingOverhead(safety_padding_overhead);
+}
+exports.set_safety_padding_overhead = set_safety_padding_overhead;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "asherah",
-  "version": "1.2.9",
+  "version": "1.3.2",
   "description": "Asherah envelope encryption and key rotation library",
   "main": "dist/asherah.js",
   "repository": {
@@ -10,7 +10,7 @@
   "scripts": {
     "build": "npx tsc",
     "preinstall": "scripts/download-libraries.sh",
-    "install": "node-gyp rebuild",
+    "install": "CFLAGS=-fexceptions CXXFLAGS=-fexceptions node-gyp rebuild",
     "test:mocha": "mocha",
     "test": "nyc npm run test:mocha",
     "posttest": "npm run lint",
@@ -34,7 +34,6 @@
     "@types/chai": "^4.3.0",
     "@types/mocha": "^9.1.0",
     "@types/node": "^17.0.22",
-    "@types/ref-napi": "^3.0.4",
     "@typescript-eslint/eslint-plugin": "^5.16.0",
     "@typescript-eslint/parser": "^5.16.0",
     "benchmark": "^2.1.4",

package/src/napiasherah.cc

@@ -1,86 +1,868 @@
-#include <napi.h>
 #include "../lib/libasherah.h"
+#include <iostream>
+#include <napi.h>
+
+#define unlikely(expr) __builtin_expect(!!(expr), 0)
+#define likely(expr) __builtin_expect(!!(expr), 1)
+
+const size_t cobhan_header_size = 64 / 8;
+const size_t est_encryption_overhead = 48;
+const size_t est_envelope_overhead = 185;
+const double base64_overhead = 1.34;
+
+size_t est_intermediate_key_overhead = 0;
+size_t safety_padding = 0;
+size_t max_stack_alloc_size = 2048;
+
+const char *setupjson_failed_message = "SetupJson failed: ";
+const char *decrypt_failed_message = "Decrypt failed: ";
+const char *encrypt_failed_message = "Encrypt failed: ";
+
+int32_t setup_state = 0;
+int32_t verbose_flag = 0;
+
+__attribute__((always_inline)) inline void debug_log(std::string message) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << message << std::endl << std::flush;
+  }
+}
+
+__attribute__((always_inline)) inline void debug_log_alloca(size_t length) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << "Calling alloca(" << length << ") (stack)" << std::endl << std::flush;
+  }
+}
+
+__attribute__((always_inline)) inline void error_log(std::string message) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << message << std::endl << std::flush;
+  }
+}
+
+std::string napi_status_to_string(napi_status status) {
+  switch (status) {
+  case napi_ok:
+    return "napi_ok";
+  case napi_invalid_arg:
+    return "napi_invalid_arg";
+  case napi_object_expected:
+    return "napi_object_expected";
+  case napi_string_expected:
+    return "napi_string_expected";
+  case napi_name_expected:
+    return "napi_name_expected";
+  case napi_function_expected:
+    return "napi_function_expected";
+  case napi_number_expected:
+    return "napi_number_expected";
+  case napi_boolean_expected:
+    return "napi_boolean_expected";
+  case napi_array_expected:
+    return "napi_array_expected";
+  case napi_generic_failure:
+    return "napi_generic_failure";
+  case napi_pending_exception:
+    return "napi_pending_exception";
+  case napi_cancelled:
+    return "napi_cancelled";
+  case napi_escape_called_twice:
+    return "napi_escape_called_twice";
+  case napi_handle_scope_mismatch:
+    return "napi_handle_scope_mismatch";
+  case napi_callback_scope_mismatch:
+    return "napi_callback_scope_mismatch";
+  case napi_queue_full:
+    return "napi_queue_full";
+  case napi_closing:
+    return "napi_closing";
+  case napi_bigint_expected:
+    return "napi_bigint_expected";
+  case napi_date_expected:
+    return "napi_date_expected";
+  case napi_arraybuffer_expected:
+    return "napi_arraybuffer_expected";
+  case napi_detachable_arraybuffer_expected:
+    return "napi_detachable_arraybuffer_expected";
+  case napi_would_deadlock:
+    return "napi_would_deadlock";
+  default:
+    return "Unknown napi_status";
+  }
+}
+
+__attribute__((always_inline)) inline Napi::Value
+LogErrorAndThrow(Napi::Env &env, std::string error_msg) {
+  error_log(error_msg);
+  Napi::Error::New(env, error_msg).ThrowAsJavaScriptException();
+  return env.Null();
+}
+
+__attribute__((always_inline)) inline size_t
+cobhan_buffer_size(size_t dataLen) {
+  return dataLen + cobhan_header_size + safety_padding +
+         1; // Add one for possible NULL delimiter due to Node string functions
+}
+
+__attribute__((always_inline)) inline size_t
+estimate_asherah_output_size(size_t dataLen, size_t partitionLen) {
+  double estimatedDataLen =
+      double(dataLen + est_encryption_overhead) * base64_overhead;
+  if(unlikely(verbose_flag)) {
+    std::string log_msg = "estimate_asherah_output_size(" + std::to_string(dataLen) + ", " + std::to_string(partitionLen) + ") estimatedDataLen: " + std::to_string(estimatedDataLen) + " base64_overhead: " + std::to_string(base64_overhead) + " est_encryption_overhead: " + std::to_string(est_encryption_overhead);
+    debug_log(log_msg);
+  }
+  size_t asherah_output_size = size_t(est_envelope_overhead + est_intermediate_key_overhead +
+                partitionLen + estimatedDataLen + safety_padding);
+  if(unlikely(verbose_flag)) {
+    std::string log_msg = "estimate_asherah_output_size(" + std::to_string(dataLen) + ", " + std::to_string(partitionLen) + ") estimatedDataLen: " + std::to_string(estimatedDataLen) + " asherah_output_size: " + std::to_string(asherah_output_size);
+    debug_log(log_msg);
+  }
+  return asherah_output_size;
+}
+
+__attribute__((always_inline)) inline void configure_cbuffer(char *buffer,
+                                                             size_t length) {
+  *((int32_t *)buffer) = length;
+  // Reserved for future use
+  *((int32_t *)(buffer + sizeof(int32_t))) = 0;
+}
+
+__attribute__((always_inline)) inline std::unique_ptr<char[]>
+allocate_cbuffer(size_t length) {
+  size_t cobhanBufferSize = cobhan_buffer_size(length);
+  if (unlikely(verbose_flag)) {
+    std::string log_msg =
+        "allocate_cbuffer(" + std::to_string(length) +
+        ") (heap) cobhanBufferSize: " + std::to_string(cobhanBufferSize);
+    debug_log(log_msg);
+  }
+
+  char *cobhanBuffer = new (std::nothrow) char[cobhanBufferSize];
+  if (unlikely(cobhanBuffer == nullptr)) {
+    std::string error_msg = "allocate_cbuffer: new[" +
+                            std::to_string(cobhanBufferSize) + " returned null";
+    error_log(error_msg);
+    return nullptr;
+  }
+  std::unique_ptr<char[]> cobhanBufferPtr(cobhanBuffer);
+  configure_cbuffer(cobhanBuffer, length + safety_padding);
+  return cobhanBufferPtr;
+}
+
+__attribute__((always_inline)) inline Napi::Value
+cbuffer_to_nstring(Napi::Env &env, char *cobhanBuffer) {
+  napi_value output;
+
+  // Using C function because it allows length delimited input
+  napi_status status = napi_create_string_utf8(
+      env, ((const char *)cobhanBuffer) + cobhan_header_size,
+      *((int *)cobhanBuffer), &output);
+
+  if (unlikely(status != napi_ok)) {
+    return LogErrorAndThrow(
+        env, "cbuffer_to_nstring: napi_create_string_utf8 failed: " +
+                 napi_status_to_string(status));
+  }
+
+  return Napi::String(env, output);
+}
+
+__attribute__((always_inline)) inline size_t
+nstring_utf8_length(Napi::Env &env, Napi::String &str) {
+  napi_status status;
+  size_t utf8_length;
+
+  status = napi_get_value_string_utf8(env, str, nullptr, 0, &utf8_length);
+  if (unlikely(status != napi_ok)) {
+    LogErrorAndThrow(
+        env,
+        "nstring_utf8_length: napi_get_value_string_utf8 length check failed" +
+            napi_status_to_string(status));
+    return (size_t)(-1);
+  }
+
+  return utf8_length;
+}
+
+__attribute__((always_inline)) inline char *
+copy_nstring_to_cbuffer(Napi::Env &env, Napi::String &str, size_t utf8_length,
+                        char *cbuffer, size_t *length = nullptr) {
+  napi_status status;
+  size_t copied_bytes;
+  status = napi_get_value_string_utf8(env, str, cbuffer + cobhan_header_size,
+                                      utf8_length + 1, &copied_bytes);
+  if (unlikely(status != napi_ok)) {
+    LogErrorAndThrow(env,
+                     "copy_nstring_to_cbuffer: Napi utf8 string conversion "
+                     "failure: " +
+                         napi_status_to_string(status));
+    return nullptr;
+  }
+
+  if (unlikely(copied_bytes != utf8_length)) {
+    LogErrorAndThrow(env,
+                     "copy_nstring_to_cbuffer: Did not copy expected number "
+                     "of bytes " +
+                         std::to_string(utf8_length) + " copied " +
+                         std::to_string(copied_bytes));
+    return nullptr;
+  }
 
-//extern GoInt32 SetupJson(void* configJson);
-Napi::Value Napi_SetupJson(const Napi::CallbackInfo& info) {
+  *((int *)cbuffer) = copied_bytes;
+  *((int *)(cbuffer + sizeof(int32_t))) = 0;
+
+  if (length != nullptr)
+    *length = copied_bytes;
+  return cbuffer;
+}
+
+__attribute__((always_inline)) inline Napi::Buffer<unsigned char>
+cbuffer_to_nbuffer(Napi::Env &env, char *cobhanBuffer) {
+  return Napi::Buffer<unsigned char>::Copy(
+      env, ((unsigned char *)cobhanBuffer) + cobhan_header_size,
+      *((int *)cobhanBuffer));
+}
+
+Napi::Value Napi_SetupJson(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 1) {
-    Napi::TypeError::New(env, "Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("SetupJson called");
+  }
+
+  if (unlikely(setup_state == 1)) {
+    return LogErrorAndThrow(env, setupjson_failed_message +
+                                     std::string("SetupJson called twice"));
+  }
+
+  if (unlikely(info.Length() < 3)) {
+    return LogErrorAndThrow(env, "SetupJson: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsNumber() ||
+               !info[2].IsNumber() || !info[3].IsBoolean())) {
+    return LogErrorAndThrow(env, "SetupJson: Wrong argument types");
+  }
+
+  Napi::Boolean verbose = info[3].As<Napi::Boolean>();
+  verbose.Value() ? verbose_flag = 1 : verbose_flag = 0;
+  debug_log("SetupJson: verbose_flag: " + std::to_string(verbose_flag) +
+            " verbose.Value(): " + std::to_string(verbose.Value()));
+
+  // Determine size
+  size_t config_utf8_length;
+  Napi::String configJson = info[0].As<Napi::String>();
+  config_utf8_length = nstring_utf8_length(env, configJson);
+  if (unlikely(config_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get configJson utf8 length"));
+  }
+
+  // Allocate
+  char *configJsonCobhanBuffer;
+  std::unique_ptr<char[]> configJsonCobhanBufferPtr;
+  if (config_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(config_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    configJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    configJsonCobhanBufferPtr = allocate_cbuffer(config_utf8_length);
+    configJsonCobhanBuffer = configJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(configJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate configJson cobhan buffer"));
+  }
+
+  // Copy
+  size_t config_copied_bytes;
+  configJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, configJson, config_utf8_length,
+                              configJsonCobhanBuffer, &config_copied_bytes);
+  if (unlikely(configJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy configJson to cobhan buffer"));
+  }
+
+  Napi::Number productIdLength = info[1].As<Napi::Number>();
+  Napi::Number serviceNameLength = info[2].As<Napi::Number>();
+
+  est_intermediate_key_overhead =
+      productIdLength.Int32Value() + serviceNameLength.Int32Value();
+
+  // extern GoInt32 SetupJson(void* configJson);
+  GoInt32 result = SetupJson(configJsonCobhanBuffer);
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            setupjson_failed_message + std::to_string(result));
+  }
+  setup_state = 1;
+  return env.Null();
+}
+
+Napi::Value encrypt_to_json(Napi::Env &env, size_t partition_bytes,
+                            size_t data_bytes, char *partitionIdCobhanBuffer,
+                            char *dataCobhanBuffer) {
+
+  size_t asherah_output_size =
+      estimate_asherah_output_size(data_bytes, partition_bytes);
+
+  if(unlikely(verbose_flag)) {
+    debug_log("encrypt_to_json asherah_output_size " +
+            std::to_string(asherah_output_size));
   }
 
-  Napi::Buffer<unsigned char> configJson = info[0].As<Napi::Buffer<unsigned char>>();
+  char *cobhanOutputBuffer;
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (asherah_output_size < max_stack_alloc_size) {
+    size_t cobhan_ouput_buffer_size = cobhan_buffer_size(asherah_output_size);
+    debug_log_alloca(cobhan_ouput_buffer_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_ouput_buffer_size);
+    configure_cbuffer(cobhanOutputBuffer, asherah_output_size + safety_padding);
+  } else {
+    cobhanOutputBufferPtr = allocate_cbuffer(asherah_output_size);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
+  }
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
+  }
 
-  GoInt32 result = SetupJson(configJson.Data());
+  // extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void*
+  // jsonPtr);
+  GoInt32 result = EncryptToJson(partitionIdCobhanBuffer, dataCobhanBuffer,
+                                 cobhanOutputBuffer);
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            encrypt_failed_message + std::to_string(result));
+  }
 
-  Napi::Number num = Napi::Number::New(env, result);
-  return num;
+  Napi::Value output = cbuffer_to_nstring(env, cobhanOutputBuffer);
+  return output;
 }
 
-//extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void* jsonPtr);
-Napi::Value Napi_EncryptToJson(const Napi::CallbackInfo& info) {
+Napi::Value Napi_EncryptFromBufferToJson(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 3) {
-    Napi::TypeError::New(env, "Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("EncryptFromBufferToJson called");
   }
 
-  if (!info[0].IsBuffer() || !info[1].IsBuffer() || !info[2].IsBuffer()) {
-    Napi::TypeError::New(env, "Wrong arguments").ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, encrypt_failed_message +
+                                     std::string("SetupJson not called"));
   }
 
-  Napi::Buffer<unsigned char> partitionId = info[0].As<Napi::Buffer<unsigned char>>();
-  Napi::Buffer<unsigned char> data = info[1].As<Napi::Buffer<unsigned char>>();
-  Napi::Buffer<unsigned char> outputJson = info[2].As<Napi::Buffer<unsigned char>>();
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "EncryptFromBufferToJson: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsBuffer())) {
+    return LogErrorAndThrow(env,
+                            "EncryptFromBufferToJson: Wrong argument types");
+  }
 
-  GoInt32 result = EncryptToJson(partitionId.Data(), data.Data(), outputJson.Data());
+  // Determine size
+  size_t partition_utf8_length;
+  Napi::String partitionId = info[0].As<Napi::String>();
+  partition_utf8_length = nstring_utf8_length(env, partitionId);
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
+  }
 
-  Napi::Number num = Napi::Number::New(env, result);
-  return num;
+  // Allocate
+  char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
+  if (partition_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
+  }
+
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  Napi::Buffer<unsigned char> inputNapiBuffer =
+      info[1].As<Napi::Buffer<unsigned char>>();
+  size_t input_byte_length = inputNapiBuffer.ByteLength();
+
+  // Allocate
+  char *inputBuffer;
+  std::unique_ptr<char[]> inputBufferPtr;
+  if (input_byte_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_byte_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputBufferPtr = allocate_cbuffer(input_byte_length);
+    inputBuffer = inputBufferPtr.get();
+  }
+  if (unlikely(inputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env,
+        encrypt_failed_message +
+            std::string(" failed to allocate cobhan buffer for input buffer"));
+  }
+
+  // Copy
+  memcpy(inputBuffer + cobhan_header_size, inputNapiBuffer.Data(),
+         input_byte_length);
+  configure_cbuffer(inputBuffer, input_byte_length);
+
+  return encrypt_to_json(env, partition_copied_bytes, input_byte_length,
+                         partitionIdCobhanBuffer, inputBuffer);
 }
 
-//extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void* dataPtr);
-Napi::Value Napi_DecryptFromJson(const Napi::CallbackInfo& info) {
+Napi::Value Napi_EncryptFromStringToJson(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 3) {
-    Napi::TypeError::New(env, "Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("EncryptFromStringToJson called");
+  }
+
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, encrypt_failed_message +
+                                     std::string("SetupJson not called"));
   }
 
-  if (!info[0].IsBuffer() || !info[1].IsBuffer() || !info[2].IsBuffer()) {
-    Napi::TypeError::New(env, "Wrong arguments").ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "EncryptFromStringToJson: Wrong number of arguments");
   }
 
-  Napi::Buffer<unsigned char> partitionId = info[0].As<Napi::Buffer<unsigned char>>();
-  Napi::Buffer<unsigned char> inputJson = info[1].As<Napi::Buffer<unsigned char>>();
-  Napi::Buffer<unsigned char> outputData = info[2].As<Napi::Buffer<unsigned char>>();
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "EncryptFromStringToJson: Wrong argument types");
+  }
 
-  GoInt32 result = DecryptFromJson(partitionId.Data(), inputJson.Data(), outputData.Data());
+  // Determine size
+  size_t partition_utf8_length;
+  Napi::String partitionId = info[0].As<Napi::String>();
+  partition_utf8_length = nstring_utf8_length(env, partitionId);
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
+  }
 
-  Napi::Number num = Napi::Number::New(env, result);
-  return num;
+  // Allocate
+  char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
+  if (partition_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
+  }
+
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  // Allocate
+  char *inputCobhanBuffer;
+  std::unique_ptr<char[]> inputCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputCobhanBuffer = inputCobhanBufferPtr.get();
+  }
+  if (unlikely(inputCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputCobhanBuffer = copy_nstring_to_cbuffer(
+      env, input, input_utf8_length, inputCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy input to cobhan buffer"));
+  }
+
+  return encrypt_to_json(env, partition_copied_bytes, input_utf8_length,
+                         partitionIdCobhanBuffer, inputCobhanBuffer);
+}
+
+Napi::Value Napi_DecryptFromJsonToBuffer(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToBuffer called");
+  }
+
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, decrypt_failed_message +
+                                     std::string("SetupJson not called"));
+  }
+
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "DecryptFromJsonToBuffer: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "DecryptFromJsonToBuffer: Wrong argument types");
+  }
+
+  // Determine size
+  size_t partition_utf8_length, partition_copied_bytes;
+  Napi::String partitionId = info[0].As<Napi::String>();
+  partition_utf8_length = nstring_utf8_length(env, partitionId);
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
+  }
+
+  // Allocate
+  char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
+  if (partition_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
+  }
+
+  // Copy
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToBuffer input size " +
+            std::to_string(input_utf8_length));
+  }
+
+  // Allocate
+  char *inputJsonCobhanBuffer;
+  std::unique_ptr<char[]> inputJsonCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputJsonCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputJsonCobhanBuffer = inputJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, input, input_utf8_length,
+                              inputJsonCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy inputJson to cobhan buffer"));
+  }
+
+  char *cobhanOutputBuffer;
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_buf_size);
+    configure_cbuffer(cobhanOutputBuffer, input_utf8_length);
+  } else {
+    cobhanOutputBufferPtr = allocate_cbuffer(input_utf8_length);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
+  }
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
+  }
+
+  // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
+  // dataPtr);
+  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer,
+                                   inputJsonCobhanBuffer, cobhanOutputBuffer);
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            decrypt_failed_message + std::to_string(result));
+  }
+
+  return cbuffer_to_nbuffer(env, cobhanOutputBuffer);
 }
 
-//extern void Shutdown();
-Napi::Value Napi_Shutdown(const Napi::CallbackInfo& info) {
+Napi::Value Napi_DecryptFromJsonToString(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToString called");
+  }
+
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, decrypt_failed_message +
+                                     std::string("SetupJson not called"));
+  }
+
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "DecryptFromJsonToString: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "DecryptFromJsonToString: Wrong argument types");
+  }
+
+  // Determine size
+  size_t partition_utf8_length;
+  Napi::String partitionId = info[0].As<Napi::String>();
+  partition_utf8_length = nstring_utf8_length(env, partitionId);
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
+  }
+
+  // Allocate
+  char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
+  if (partition_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
+  }
+
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  // Allocate
+  char *inputJsonCobhanBuffer;
+  std::unique_ptr<char[]> inputJsonCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputJsonCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputJsonCobhanBuffer = inputJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, input, input_utf8_length,
+                              inputJsonCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy inputJson to cobhan buffer"));
+  }
+
+  char *cobhanOutputBuffer;
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_buf_size);
+    configure_cbuffer(cobhanOutputBuffer, input_utf8_length);
+  } else {
+    cobhanOutputBufferPtr = allocate_cbuffer(input_utf8_length);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
+  }
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
+  }
+
+  // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
+  // dataPtr);
+  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer,
+                                   inputJsonCobhanBuffer, cobhanOutputBuffer);
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            decrypt_failed_message + std::to_string(result));
+  }
+
+  Napi::Value output = cbuffer_to_nstring(env, cobhanOutputBuffer);
+  return output;
+}
+
+Napi::Value Napi_Shutdown(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Shutdown called");
+  }
+
+  setup_state = 0;
+  // extern void Shutdown();
   Shutdown();
   return env.Null();
 }
 
+Napi::Value Napi_SetMaxStackAllocItemSize(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("SetMaxStackAllocItemSize called");
+  }
+
+  if (unlikely(info.Length() < 1)) {
+    return LogErrorAndThrow(
+        env, "SetMaxStackAllocItemSize: Wrong number of arguments");
+  }
+
+  Napi::Number item_size = info[0].As<Napi::Number>();
+
+  max_stack_alloc_size = (size_t)item_size.Int32Value();
+  return env.Null();
+}
+
+Napi::Value Napi_SetSafetyPaddingOverhead(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("SetSafetyPaddingOverhead called");
+  }
+
+  if (unlikely(info.Length() < 1)) {
+    return LogErrorAndThrow(
+        env, "SetSafetyPaddingOverhead: Wrong number of arguments");
+  }
+
+  Napi::Number safety_padding_number = info[0].As<Napi::Number>();
+
+  safety_padding = (size_t)safety_padding_number.Int32Value();
+  return env.Null();
+}
+
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
-  exports.Set(Napi::String::New(env, "Napi_SetupJson"), Napi::Function::New(env, Napi_SetupJson));
-  exports.Set(Napi::String::New(env, "Napi_EncryptToJson"), Napi::Function::New(env, Napi_EncryptToJson));
-  exports.Set(Napi::String::New(env, "Napi_DecryptFromJson"), Napi::Function::New(env, Napi_DecryptFromJson));
-  exports.Set(Napi::String::New(env, "Napi_Shutdown"), Napi::Function::New(env, Napi_Shutdown));
+  exports.Set(Napi::String::New(env, "Napi_SetupJson"),
+              Napi::Function::New(env, Napi_SetupJson));
+  exports.Set(Napi::String::New(env, "Napi_EncryptFromBufferToJson"),
+              Napi::Function::New(env, Napi_EncryptFromBufferToJson));
+  exports.Set(Napi::String::New(env, "Napi_EncryptFromStringToJson"),
+              Napi::Function::New(env, Napi_EncryptFromStringToJson));
+  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToBuffer"),
+              Napi::Function::New(env, Napi_DecryptFromJsonToBuffer));
+  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToString"),
+              Napi::Function::New(env, Napi_DecryptFromJsonToString));
+  exports.Set(Napi::String::New(env, "Napi_SetSafetyPaddingOverhead"),
+              Napi::Function::New(env, Napi_SetSafetyPaddingOverhead));
+  exports.Set(Napi::String::New(env, "Napi_SetMaxStackAllocItemSize"),
+              Napi::Function::New(env, Napi_SetMaxStackAllocItemSize));
+  exports.Set(Napi::String::New(env, "Napi_Shutdown"),
+              Napi::Function::New(env, Napi_Shutdown));
   return exports;
 }