asherah 1.3.0 → 1.3.3

package/.asherah-version

@@ -1 +1 @@
-ASHERAH_VERSION=v0.4.25
+ASHERAH_VERSION=v0.4.26

package/binding.gyp

@@ -1,13 +1,23 @@
 {
   'targets': [
-    {
+      {
       'target_name': 'napiasherah',
       'include_dirs': ["<!(node -p \"require('node-addon-api').include_dir\")"],
+      "cflags": ["-fexceptions", "-g"],
+      "cflags_cc": ["-fexceptions", "-g"],
+      "cflags!": [ "-fno-exceptions"],
+      "cflags_cc!": [ "-fno-exceptions" ],
+      'xcode_settings': {
+        'OTHER_CFLAGS': [
+          '-fexceptions',
+          '-g'
+        ],
+      },
+      'defines': [ 'NAPI_CPP_EXCEPTIONS', 'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS' ],
       'sources': [
         'lib/libasherah.h',
         'src/napiasherah.cc'
       ],
-      'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],
       'libraries': [ '../lib/libasherah.a' ]
     }
   ]

package/dist/asherah.d.ts

@@ -1,5 +1,4 @@
 /// <reference types="node" />
-/// <reference types="ref-napi" />
 export type AsherahConfig = {
     /** The name of this service (Required) */
     ServiceName: string;
@@ -46,4 +45,5 @@ export declare function decrypt(partitionId: string, dataRowRecord: string): Buf
 export declare function encrypt(partitionId: string, data: Buffer): string;
 export declare function decrypt_string(partitionId: string, dataRowRecord: string): string;
 export declare function encrypt_string(partitionId: string, data: string): string;
-export declare function set_max_stack_alloc_item_size(max_item_size: number): any;
+export declare function set_max_stack_alloc_item_size(max_item_size: number): void;
+export declare function set_safety_padding_overhead(safety_padding_overhead: number): void;

package/dist/asherah.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.set_max_stack_alloc_item_size = exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
+exports.set_safety_padding_overhead = exports.set_max_stack_alloc_item_size = exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
 const napi_asherah = require('../build/Release/napiasherah.node');
 function setup(config) {
     const configStr = JSON.stringify(config);
-    napi_asherah.Napi_SetupJson(configStr, config.ProductID.length, config.ServiceName.length, configStr.length);
+    napi_asherah.Napi_SetupJson(configStr, config.ProductID.length, config.ServiceName.length, config.Verbose);
 }
 exports.setup = setup;
 function shutdown() {
@@ -31,3 +31,7 @@ function set_max_stack_alloc_item_size(max_item_size) {
     return napi_asherah.Napi_SetMaxStackAllocItemSize(max_item_size);
 }
 exports.set_max_stack_alloc_item_size = set_max_stack_alloc_item_size;
+function set_safety_padding_overhead(safety_padding_overhead) {
+    return napi_asherah.Napi_SetSafetyPaddingOverhead(safety_padding_overhead);
+}
+exports.set_safety_padding_overhead = set_safety_padding_overhead;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "asherah",
-  "version": "1.3.0",
+  "version": "1.3.3",
   "description": "Asherah envelope encryption and key rotation library",
   "main": "dist/asherah.js",
   "repository": {
@@ -10,7 +10,7 @@
   "scripts": {
     "build": "npx tsc",
     "preinstall": "scripts/download-libraries.sh",
-    "install": "node-gyp rebuild",
+    "install": "CFLAGS=-fexceptions CXXFLAGS=-fexceptions node-gyp rebuild",
     "test:mocha": "mocha",
     "test": "nyc npm run test:mocha",
     "posttest": "npm run lint",
@@ -34,7 +34,6 @@
     "@types/chai": "^4.3.0",
     "@types/mocha": "^9.1.0",
     "@types/node": "^17.0.22",
-    "@types/ref-napi": "^3.0.4",
     "@typescript-eslint/eslint-plugin": "^5.16.0",
     "@typescript-eslint/parser": "^5.16.0",
     "benchmark": "^2.1.4",

package/src/napiasherah.cc

@@ -1,444 +1,871 @@
-#include <napi.h>
 #include "../lib/libasherah.h"
+#include <iostream>
+#include <napi.h>
+
+#define unlikely(expr) __builtin_expect(!!(expr), 0)
+#define likely(expr) __builtin_expect(!!(expr), 1)
+
+const size_t cobhan_header_size = 64 / 8;
+const size_t est_encryption_overhead = 48;
+const size_t est_envelope_overhead = 185;
+const double base64_overhead = 1.34;
+
+size_t est_intermediate_key_overhead = 0;
+size_t safety_padding = 0;
+size_t max_stack_alloc_size = 2048;
+
+const char *setupjson_failed_message = "SetupJson failed: ";
+const char *decrypt_failed_message = "Decrypt failed: ";
+const char *encrypt_failed_message = "Encrypt failed: ";
+
+int32_t setup_state = 0;
+int32_t verbose_flag = 0;
+
+__attribute__((always_inline)) inline void debug_log(std::string message) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << message << std::endl << std::flush;
+  }
+}
+
+__attribute__((always_inline)) inline void debug_log_alloca(size_t length) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << "Calling alloca(" << length << ") (stack)" << std::endl << std::flush;
+  }
+}
+
+__attribute__((always_inline)) inline void error_log(std::string message) {
+  if (unlikely(verbose_flag)) {
+    std::cerr << "asherah-node:" << message << std::endl << std::flush;
+  }
+}
+
+std::string napi_status_to_string(napi_status status) {
+  switch (status) {
+  case napi_ok:
+    return "napi_ok";
+  case napi_invalid_arg:
+    return "napi_invalid_arg";
+  case napi_object_expected:
+    return "napi_object_expected";
+  case napi_string_expected:
+    return "napi_string_expected";
+  case napi_name_expected:
+    return "napi_name_expected";
+  case napi_function_expected:
+    return "napi_function_expected";
+  case napi_number_expected:
+    return "napi_number_expected";
+  case napi_boolean_expected:
+    return "napi_boolean_expected";
+  case napi_array_expected:
+    return "napi_array_expected";
+  case napi_generic_failure:
+    return "napi_generic_failure";
+  case napi_pending_exception:
+    return "napi_pending_exception";
+  case napi_cancelled:
+    return "napi_cancelled";
+  case napi_escape_called_twice:
+    return "napi_escape_called_twice";
+  case napi_handle_scope_mismatch:
+    return "napi_handle_scope_mismatch";
+  case napi_callback_scope_mismatch:
+    return "napi_callback_scope_mismatch";
+  case napi_queue_full:
+    return "napi_queue_full";
+  case napi_closing:
+    return "napi_closing";
+  case napi_bigint_expected:
+    return "napi_bigint_expected";
+  case napi_date_expected:
+    return "napi_date_expected";
+  case napi_arraybuffer_expected:
+    return "napi_arraybuffer_expected";
+  case napi_detachable_arraybuffer_expected:
+    return "napi_detachable_arraybuffer_expected";
+  case napi_would_deadlock:
+    return "napi_would_deadlock";
+  default:
+    return "Unknown napi_status";
+  }
+}
 
-const size_t EstimatedEncryptionOverhead = 48;
-const size_t EstimatedEnvelopeOverhead = 185;
-const double Base64Overhead = 1.34;
-size_t EstimatedIntermediateKeyOverhead = 0;
-size_t SafetyPaddingOverhead = 0;
-const size_t header_size = 64 / 8;
-size_t max_stack_alloc_size = 4096;
-const char* SetupJsonFailedMessage = "SetupJson failed: ";
-const char* DecryptFailedMessage = "Decrypt failed: ";
-const char* EncryptFailedMessage = "Encrypt failed: ";
-
-void finalize_cbuffer(napi_env env, void* finalize_data) {
-  char* buffer = ((char*) finalize_data) - header_size;
-  delete[] buffer;
+__attribute__((always_inline)) inline Napi::Value
+LogErrorAndThrow(Napi::Env &env, std::string error_msg) {
+  error_log(error_msg);
+  Napi::Error::New(env, error_msg).ThrowAsJavaScriptException();
+  return env.Null();
 }
 
-__attribute__((always_inline)) inline size_t estimate_buffer(size_t dataLen, size_t partitionLen) {
-  double estimatedDataLen = double(dataLen + EstimatedEncryptionOverhead) * Base64Overhead;
-  return size_t(EstimatedEnvelopeOverhead + EstimatedIntermediateKeyOverhead + partitionLen + estimatedDataLen + SafetyPaddingOverhead);
+__attribute__((always_inline)) inline size_t
+cobhan_buffer_size(size_t dataLen) {
+  return dataLen + cobhan_header_size + safety_padding +
+         1; // Add one for possible NULL delimiter due to Node string functions
 }
-__attribute__((always_inline)) inline char* configure_cbuffer(char *buffer, size_t length) {
-  *((int32_t*)buffer) = length;
-  *((int32_t*)(buffer+sizeof(int32_t))) = 0;
-  return buffer;
+
+__attribute__((always_inline)) inline size_t
+estimate_asherah_output_size(size_t dataLen, size_t partitionLen) {
+  double estimatedDataLen =
+      double(dataLen + est_encryption_overhead) * base64_overhead;
+  if(unlikely(verbose_flag)) {
+    std::string log_msg = "estimate_asherah_output_size(" + std::to_string(dataLen) + ", " + std::to_string(partitionLen) + ") estimatedDataLen: " + std::to_string(estimatedDataLen) + " base64_overhead: " + std::to_string(base64_overhead) + " est_encryption_overhead: " + std::to_string(est_encryption_overhead);
+    debug_log(log_msg);
+  }
+  size_t asherah_output_size = size_t(est_envelope_overhead + est_intermediate_key_overhead +
+                partitionLen + estimatedDataLen + safety_padding);
+  if(unlikely(verbose_flag)) {
+    std::string log_msg = "estimate_asherah_output_size(" + std::to_string(dataLen) + ", " + std::to_string(partitionLen) + ") estimatedDataLen: " + std::to_string(estimatedDataLen) + " asherah_output_size: " + std::to_string(asherah_output_size);
+    debug_log(log_msg);
+  }
+  return asherah_output_size;
 }
 
-__attribute__((always_inline)) inline char* allocate_cbuffer(size_t length) {
-  char *cobhanBuffer = new char[length + header_size + SafetyPaddingOverhead];
-  return configure_cbuffer(cobhanBuffer, length);
+__attribute__((always_inline)) inline void configure_cbuffer(char *buffer,
+                                                             size_t length) {
+  *((int32_t *)buffer) = length;
+  // Reserved for future use
+  *((int32_t *)(buffer + sizeof(int32_t))) = 0;
 }
 
-__attribute__((always_inline)) inline char* nbuffer_to_cbuffer(Napi::Env &env, Napi::Buffer<unsigned char> &buffer) {
-  size_t bufferLength = buffer.ByteLength();
-  char *cobhanBuffer = new char[bufferLength + header_size + SafetyPaddingOverhead];
-  memcpy(cobhanBuffer + header_size, buffer.Data(), bufferLength);
-  return configure_cbuffer(cobhanBuffer, bufferLength);
+__attribute__((always_inline)) inline std::unique_ptr<char[]>
+allocate_cbuffer(size_t length) {
+  size_t cobhanBufferSize = cobhan_buffer_size(length);
+  if (unlikely(verbose_flag)) {
+    std::string log_msg =
+        "allocate_cbuffer(" + std::to_string(length) +
+        ") (heap) cobhanBufferSize: " + std::to_string(cobhanBufferSize);
+    debug_log(log_msg);
+  }
+
+  char *cobhanBuffer = new (std::nothrow) char[cobhanBufferSize];
+  if (unlikely(cobhanBuffer == nullptr)) {
+    std::string error_msg = "allocate_cbuffer: new[" +
+                            std::to_string(cobhanBufferSize) + " returned null";
+    error_log(error_msg);
+    return nullptr;
+  }
+  std::unique_ptr<char[]> cobhanBufferPtr(cobhanBuffer);
+  configure_cbuffer(cobhanBuffer, length + safety_padding);
+  return cobhanBufferPtr;
 }
 
-__attribute__((always_inline)) inline Napi::Value cbuffer_to_nstring(Napi::Env &env, char *cobhanBuffer) {
+__attribute__((always_inline)) inline Napi::Value
+cbuffer_to_nstring(Napi::Env &env, char *cobhanBuffer) {
   napi_value output;
-  //Using C function because it allows length delimited input
-  napi_status status = napi_create_string_utf8(env, ((const char*) cobhanBuffer) + header_size, *((int*) cobhanBuffer), &output);
-  if(status != napi_ok) {
-    Napi::Error::New(env, "cbuffer_to_nstring failed")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+
+  // Using C function because it allows length delimited input
+  napi_status status = napi_create_string_utf8(
+      env, ((const char *)cobhanBuffer) + cobhan_header_size,
+      *((int *)cobhanBuffer), &output);
+
+  if (unlikely(status != napi_ok)) {
+    return LogErrorAndThrow(
+        env, "cbuffer_to_nstring: napi_create_string_utf8 failed: " +
+                 napi_status_to_string(status));
   }
+
   return Napi::String(env, output);
 }
 
-__attribute__((always_inline)) inline size_t nstring_utf8_length(Napi::Env &env, Napi::String &str) {
+__attribute__((always_inline)) inline size_t
+nstring_utf8_length(Napi::Env &env, Napi::String &str) {
   napi_status status;
   size_t utf8_length;
 
-  status = napi_get_value_string_utf8(env, str, NULL, 0, &utf8_length);
-  if(status != napi_ok) {
-    Napi::Error::New(env, "nstring_to_cbuffer: Napi utf8 string conversion failure (length check): " + std::to_string(status))
-      .ThrowAsJavaScriptException();
+  status = napi_get_value_string_utf8(env, str, nullptr, 0, &utf8_length);
+  if (unlikely(status != napi_ok)) {
+    LogErrorAndThrow(
+        env,
+        "nstring_utf8_length: napi_get_value_string_utf8 length check failed" +
+            napi_status_to_string(status));
     return (size_t)(-1);
   }
+
   return utf8_length;
 }
 
-__attribute__((always_inline)) inline char* copy_nstring_to_cbuffer(Napi::Env &env, Napi::String &str, size_t utf8_length, char *cbuffer, size_t *length = NULL) {
+__attribute__((always_inline)) inline char *
+copy_nstring_to_cbuffer(Napi::Env &env, Napi::String &str, size_t utf8_length,
+                        char *cbuffer, size_t *length = nullptr) {
   napi_status status;
   size_t copied_bytes;
-  status = napi_get_value_string_utf8(env, str, cbuffer + header_size, utf8_length + 1, &copied_bytes);
-  if(status != napi_ok) {
-    Napi::Error::New(env, "nstring_to_cbuffer: Napi utf8 string conversion failure: " + std::to_string(status))
-      .ThrowAsJavaScriptException();
-    return NULL;
+  status = napi_get_value_string_utf8(env, str, cbuffer + cobhan_header_size,
+                                      utf8_length + 1, &copied_bytes);
+  if (unlikely(status != napi_ok)) {
+    LogErrorAndThrow(env,
+                     "copy_nstring_to_cbuffer: Napi utf8 string conversion "
+                     "failure: " +
+                         napi_status_to_string(status));
+    return nullptr;
   }
 
-  if(copied_bytes != utf8_length) {
-    Napi::Error::New(env, "nstring_to_cbuffer: Did not copy expected number of bytes " + std::to_string(utf8_length) + " copied " + std::to_string(copied_bytes))
-      .ThrowAsJavaScriptException();
-    return NULL;
+  if (unlikely(copied_bytes != utf8_length)) {
+    LogErrorAndThrow(env,
+                     "copy_nstring_to_cbuffer: Did not copy expected number "
+                     "of bytes " +
+                         std::to_string(utf8_length) + " copied " +
+                         std::to_string(copied_bytes));
+    return nullptr;
   }
 
-  *((int*)cbuffer) = copied_bytes;
-  *((int*)(cbuffer+sizeof(int32_t))) = 0;
+  *((int *)cbuffer) = copied_bytes;
+  *((int *)(cbuffer + sizeof(int32_t))) = 0;
 
-  if(length != NULL)
+  if (length != nullptr)
     *length = copied_bytes;
   return cbuffer;
 }
 
-__attribute__((always_inline)) inline char* nstring_to_cbuffer(Napi::Env &env, Napi::String &str, size_t *length = NULL) {
-  size_t utf8_length = nstring_utf8_length(env, str);
-  if(utf8_length == (size_t)(-1)) {
-    return NULL;
-  }
+__attribute__((always_inline)) inline Napi::Buffer<unsigned char>
+cbuffer_to_nbuffer(Napi::Env &env, char *cobhanBuffer) {
+  return Napi::Buffer<unsigned char>::Copy(
+      env, ((unsigned char *)cobhanBuffer) + cobhan_header_size,
+      *((int *)cobhanBuffer));
+}
 
-  char *cobhanBuffer = new char[utf8_length + 1 + header_size + SafetyPaddingOverhead];
+Napi::Value Napi_SetupJson(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
 
-  char *output = copy_nstring_to_cbuffer(env, str, utf8_length, cobhanBuffer, length);
-  if(output == NULL) {
-    delete[] cobhanBuffer;
+  if(unlikely(verbose_flag)) {
+    debug_log("SetupJson called");
   }
-  return output;
-}
 
-Napi::Value Napi_SetupJson(const Napi::CallbackInfo& info) {
-  Napi::Env env = info.Env();
+  if (unlikely(setup_state == 1)) {
+    return LogErrorAndThrow(env, setupjson_failed_message +
+                                     std::string("SetupJson called twice"));
+  }
 
-  if (info.Length() < 3) {
-    Napi::TypeError::New(env, "SetupJson: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(info.Length() < 3)) {
+    return LogErrorAndThrow(env, "SetupJson: Wrong number of arguments");
   }
 
-  if (!info[0].IsString() || !info[1].IsNumber() || !info[2].IsNumber()) {
-    Napi::TypeError::New(env, "SetupJson: Wrong argument types")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(!info[0].IsString() || !info[1].IsNumber() ||
+               !info[2].IsNumber() || !info[3].IsBoolean())) {
+    return LogErrorAndThrow(env, "SetupJson: Wrong argument types");
   }
 
+  Napi::Boolean verbose = info[3].As<Napi::Boolean>();
+  verbose.Value() ? verbose_flag = 1 : verbose_flag = 0;
+  debug_log("SetupJson: verbose_flag: " + std::to_string(verbose_flag) +
+            " verbose.Value(): " + std::to_string(verbose.Value()));
+
+  // Determine size
+  size_t config_utf8_length;
   Napi::String configJson = info[0].As<Napi::String>();
-  char *configJsonCobhanBuffer = nstring_to_cbuffer(env, configJson);
-  if (configJsonCobhanBuffer == NULL) {
-    return env.Null();
+  config_utf8_length = nstring_utf8_length(env, configJson);
+  if (unlikely(config_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get configJson utf8 length"));
+  }
+
+  // Allocate
+  char *configJsonCobhanBuffer;
+  std::unique_ptr<char[]> configJsonCobhanBufferPtr;
+  if (config_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(config_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    configJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    configJsonCobhanBufferPtr = allocate_cbuffer(config_utf8_length);
+    configJsonCobhanBuffer = configJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(configJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate configJson cobhan buffer"));
+  }
+
+  // Copy
+  size_t config_copied_bytes;
+  configJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, configJson, config_utf8_length,
+                              configJsonCobhanBuffer, &config_copied_bytes);
+  if (unlikely(configJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy configJson to cobhan buffer"));
   }
 
   Napi::Number productIdLength = info[1].As<Napi::Number>();
   Napi::Number serviceNameLength = info[2].As<Napi::Number>();
 
-  EstimatedIntermediateKeyOverhead = productIdLength.Int32Value() + serviceNameLength.Int32Value();
+  est_intermediate_key_overhead =
+      productIdLength.Int32Value() + serviceNameLength.Int32Value();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Calling asherah-cobhan SetupJson");
+  }
 
-  //extern GoInt32 SetupJson(void* configJson);
+  // extern GoInt32 SetupJson(void* configJson);
   GoInt32 result = SetupJson(configJsonCobhanBuffer);
-  delete[] configJsonCobhanBuffer;
-  if (result < 0) {
-      Napi::TypeError::New(env, SetupJsonFailedMessage + std::to_string(result))
-        .ThrowAsJavaScriptException();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Returned from asherah-cobhan SetupJson");
   }
+
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            setupjson_failed_message + std::to_string(result));
+  }
+  setup_state = 1;
   return env.Null();
 }
 
-Napi::Value Napi_EncryptFromBufferToJson(const Napi::CallbackInfo& info) {
-  Napi::Env env = info.Env();
+Napi::Value encrypt_to_json(Napi::Env &env, size_t partition_bytes,
+                            size_t data_bytes, char *partitionIdCobhanBuffer,
+                            char *dataCobhanBuffer) {
 
-  if (info.Length() < 2) {
-    Napi::TypeError::New(env, "EncryptFromBufferToJson: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
-  }
+  size_t asherah_output_size =
+      estimate_asherah_output_size(data_bytes, partition_bytes);
 
-  if (!info[0].IsString() || !info[1].IsBuffer()) {
-    Napi::TypeError::New(env, "EncryptFromBufferToJson: Wrong argument types")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("encrypt_to_json asherah_output_size " +
+            std::to_string(asherah_output_size));
   }
 
-  size_t partition_utf8_length, partition_copied_bytes;
-  Napi::String partitionId = info[0].As<Napi::String>();
-  partition_utf8_length = nstring_utf8_length(env, partitionId);
-  if(partition_utf8_length == (size_t)(-1)) {
-    return env.Null();
-  }
-  char *partitionIdCobhanBuffer;
-  if (partition_utf8_length < max_stack_alloc_size) {
-    partitionIdCobhanBuffer = (char*)alloca(partition_utf8_length + 1 + header_size + SafetyPaddingOverhead);
+  char *cobhanOutputBuffer;
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (asherah_output_size < max_stack_alloc_size) {
+    size_t cobhan_ouput_buffer_size = cobhan_buffer_size(asherah_output_size);
+    debug_log_alloca(cobhan_ouput_buffer_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_ouput_buffer_size);
+    configure_cbuffer(cobhanOutputBuffer, asherah_output_size + safety_padding);
   } else {
-    partitionIdCobhanBuffer = new char[partition_utf8_length + 1 + header_size + SafetyPaddingOverhead];
+    cobhanOutputBufferPtr = allocate_cbuffer(asherah_output_size);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
   }
-  partitionIdCobhanBuffer = copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length, partitionIdCobhanBuffer, &partition_copied_bytes);
-  if (partitionIdCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
   }
 
-  Napi::Buffer<unsigned char> data = info[1].As<Napi::Buffer<unsigned char>>();
-  char *dataCobhanBuffer = nbuffer_to_cbuffer(env, data);
-  if (dataCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("Calling asherah-cobhan EncryptToJson");
   }
 
-  size_t bufferSize = estimate_buffer(partition_copied_bytes, data.ByteLength());
+  // extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void*
+  // jsonPtr);
+  GoInt32 result = EncryptToJson(partitionIdCobhanBuffer, dataCobhanBuffer,
+                                 cobhanOutputBuffer);
 
-  char *cobhanOutputBuffer;
-  if (bufferSize < max_stack_alloc_size) {
-    cobhanOutputBuffer = configure_cbuffer((char*)alloca(bufferSize + header_size + SafetyPaddingOverhead), bufferSize);
-  } else {
-    cobhanOutputBuffer = allocate_cbuffer(bufferSize);
+  if(unlikely(verbose_flag)) {
+    debug_log("Returning from asherah-cobhan EncryptToJson");
   }
 
-  //extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void* jsonPtr);
-  GoInt32 result = EncryptToJson(partitionIdCobhanBuffer, dataCobhanBuffer, cobhanOutputBuffer);
-  if (partition_utf8_length >= max_stack_alloc_size)
-    delete[] partitionIdCobhanBuffer;
-  delete[] dataCobhanBuffer;
-  if (result < 0) {
-      if (bufferSize >= max_stack_alloc_size)
-        delete[] cobhanOutputBuffer;
-      Napi::TypeError::New(env, EncryptFailedMessage + std::to_string(result))
-        .ThrowAsJavaScriptException();
-      return env.Null();
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            encrypt_failed_message + std::to_string(result));
   }
 
   Napi::Value output = cbuffer_to_nstring(env, cobhanOutputBuffer);
-  if (bufferSize >= max_stack_alloc_size)
-    delete[] cobhanOutputBuffer;
   return output;
 }
 
-Napi::Value Napi_EncryptFromStringToJson(const Napi::CallbackInfo& info) {
+Napi::Value Napi_EncryptFromBufferToJson(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 2) {
-    Napi::TypeError::New(env, "EncryptFromStringToJson: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("EncryptFromBufferToJson called");
   }
 
-  if (!info[0].IsString() || !info[1].IsString()) {
-    Napi::TypeError::New(env, "EncryptFromStringToJson: Wrong argument types")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, encrypt_failed_message +
+                                     std::string("SetupJson not called"));
   }
 
-  size_t partition_utf8_length, partition_copied_bytes;
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "EncryptFromBufferToJson: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsBuffer())) {
+    return LogErrorAndThrow(env,
+                            "EncryptFromBufferToJson: Wrong argument types");
+  }
+
+  // Determine size
+  size_t partition_utf8_length;
   Napi::String partitionId = info[0].As<Napi::String>();
   partition_utf8_length = nstring_utf8_length(env, partitionId);
-  if(partition_utf8_length == (size_t)(-1)) {
-    return env.Null();
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
   }
+
+  // Allocate
   char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
   if (partition_utf8_length < max_stack_alloc_size) {
-    partitionIdCobhanBuffer = (char*)alloca(partition_utf8_length + 1 + header_size + SafetyPaddingOverhead);
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
+  }
+
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  Napi::Buffer<unsigned char> inputNapiBuffer =
+      info[1].As<Napi::Buffer<unsigned char>>();
+  size_t input_byte_length = inputNapiBuffer.ByteLength();
+
+  // Allocate
+  char *inputBuffer;
+  std::unique_ptr<char[]> inputBufferPtr;
+  if (input_byte_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_byte_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputBuffer = (char *)alloca(cobhan_buf_size);
   } else {
-    partitionIdCobhanBuffer = new char[partition_utf8_length + 1 + header_size + SafetyPaddingOverhead];
+    inputBufferPtr = allocate_cbuffer(input_byte_length);
+    inputBuffer = inputBufferPtr.get();
   }
-  partitionIdCobhanBuffer = copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length, partitionIdCobhanBuffer, &partition_copied_bytes);
-  if (partitionIdCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  if (unlikely(inputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env,
+        encrypt_failed_message +
+            std::string(" failed to allocate cobhan buffer for input buffer"));
   }
 
-  size_t input_utf8_length;
-  Napi::String input = info[1].As<Napi::String>();
-  char *inputCobhanBuffer = nstring_to_cbuffer(env, input, &input_utf8_length);
-  if (inputCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  // Copy
+  memcpy(inputBuffer + cobhan_header_size, inputNapiBuffer.Data(),
+         input_byte_length);
+  configure_cbuffer(inputBuffer, input_byte_length);
+
+  return encrypt_to_json(env, partition_copied_bytes, input_byte_length,
+                         partitionIdCobhanBuffer, inputBuffer);
+}
+
+Napi::Value Napi_EncryptFromStringToJson(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("EncryptFromStringToJson called");
   }
 
-  //Call estimate_buffer to determine Cobhan output buffer length
-  size_t bufferSize = estimate_buffer(partition_utf8_length, input_utf8_length);
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, encrypt_failed_message +
+                                     std::string("SetupJson not called"));
+  }
 
-  char *cobhanOutputBuffer;
-  if (bufferSize < max_stack_alloc_size) {
-    cobhanOutputBuffer = configure_cbuffer((char*)alloca(bufferSize + header_size + SafetyPaddingOverhead), bufferSize);
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "EncryptFromStringToJson: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "EncryptFromStringToJson: Wrong argument types");
+  }
+
+  // Determine size
+  size_t partition_utf8_length;
+  Napi::String partitionId = info[0].As<Napi::String>();
+  partition_utf8_length = nstring_utf8_length(env, partitionId);
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
+  }
+
+  // Allocate
+  char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
+  if (partition_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
   } else {
-    cobhanOutputBuffer = allocate_cbuffer(bufferSize);
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
+  }
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
   }
 
-  //extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void* jsonPtr);
-  GoInt32 result = EncryptToJson(partitionIdCobhanBuffer, inputCobhanBuffer, cobhanOutputBuffer);
-  if (partition_utf8_length >= max_stack_alloc_size)
-    delete[] partitionIdCobhanBuffer;
-  delete[] inputCobhanBuffer;
-  if (result < 0) {
-      if (bufferSize >= max_stack_alloc_size)
-        delete[] cobhanOutputBuffer;
-      Napi::TypeError::New(env, EncryptFailedMessage + std::to_string(result))
-        .ThrowAsJavaScriptException();
-      return env.Null();
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
   }
 
-  Napi::Value output = cbuffer_to_nstring(env, cobhanOutputBuffer);
-  if (bufferSize >= max_stack_alloc_size)
-    delete[] cobhanOutputBuffer;
-  return output;
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  // Allocate
+  char *inputCobhanBuffer;
+  std::unique_ptr<char[]> inputCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputCobhanBuffer = inputCobhanBufferPtr.get();
+  }
+  if (unlikely(inputCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputCobhanBuffer = copy_nstring_to_cbuffer(
+      env, input, input_utf8_length, inputCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, encrypt_failed_message +
+                 std::string(" failed to copy input to cobhan buffer"));
+  }
+
+  return encrypt_to_json(env, partition_copied_bytes, input_utf8_length,
+                         partitionIdCobhanBuffer, inputCobhanBuffer);
 }
 
-Napi::Value Napi_DecryptFromJsonToBuffer(const Napi::CallbackInfo& info) {
+Napi::Value Napi_DecryptFromJsonToBuffer(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 2) {
-    Napi::TypeError::New(env, "DecryptFromJsonToBuffer: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToBuffer called");
   }
 
-  if (!info[0].IsString() || !info[1].IsString()) {
-    Napi::TypeError::New(env, "DecryptFromJsonToBuffer: Wrong argument types")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, decrypt_failed_message +
+                                     std::string("SetupJson not called"));
   }
 
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "DecryptFromJsonToBuffer: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "DecryptFromJsonToBuffer: Wrong argument types");
+  }
+
+  // Determine size
   size_t partition_utf8_length, partition_copied_bytes;
   Napi::String partitionId = info[0].As<Napi::String>();
   partition_utf8_length = nstring_utf8_length(env, partitionId);
-  if(partition_utf8_length == (size_t)(-1)) {
-    return env.Null();
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
   }
+
+  // Allocate
   char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
   if (partition_utf8_length < max_stack_alloc_size) {
-    partitionIdCobhanBuffer = (char*)alloca(partition_utf8_length + 1 + header_size + SafetyPaddingOverhead);
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
   } else {
-    partitionIdCobhanBuffer = new char[partition_utf8_length + 1 + header_size + SafetyPaddingOverhead];
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
   }
-  partitionIdCobhanBuffer = copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length, partitionIdCobhanBuffer, &partition_copied_bytes);
-  if (partitionIdCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
   }
 
-  size_t utf8_length;
-  Napi::String inputJson = info[1].As<Napi::String>();
-  char *inputJsonCobhanBuffer = nstring_to_cbuffer(env, inputJson, &utf8_length);
-  if (inputJsonCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  // Copy
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
   }
 
-  char *cobhanOutputBuffer;
-  if (utf8_length < max_stack_alloc_size) {
-    cobhanOutputBuffer = configure_cbuffer((char*)alloca(utf8_length + header_size + SafetyPaddingOverhead), utf8_length);
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToBuffer input size " +
+            std::to_string(input_utf8_length));
+  }
+
+  // Allocate
+  char *inputJsonCobhanBuffer;
+  std::unique_ptr<char[]> inputJsonCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
   } else {
-    cobhanOutputBuffer = allocate_cbuffer(utf8_length);
-  }
-
-  //extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void* dataPtr);
-  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer, inputJsonCobhanBuffer, cobhanOutputBuffer);
-  if (partition_utf8_length >= max_stack_alloc_size)
-    delete[] partitionIdCobhanBuffer;
-  delete[] inputJsonCobhanBuffer;
-  if (result < 0) {
-      delete[] cobhanOutputBuffer;
-      Napi::TypeError::New(env, DecryptFailedMessage + std::to_string(result))
-        .ThrowAsJavaScriptException();
-      return env.Null();
-  }
-
-  //Wrap the Cobhan output buffer with a NAPI buffer with finalizer
-  if (utf8_length < max_stack_alloc_size) {
-    return Napi::Buffer<unsigned char>::Copy(env,
-      ((unsigned char*) cobhanOutputBuffer) + header_size,
-      *((int*) cobhanOutputBuffer));
+    inputJsonCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputJsonCobhanBuffer = inputJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, input, input_utf8_length,
+                              inputJsonCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy inputJson to cobhan buffer"));
+  }
+
+  char *cobhanOutputBuffer;
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_buf_size);
+    configure_cbuffer(cobhanOutputBuffer, input_utf8_length);
   } else {
-    return Napi::Buffer<unsigned char>::New(env,
-      ((unsigned char*) cobhanOutputBuffer) + header_size,
-      *((int*) cobhanOutputBuffer),
-      &finalize_cbuffer);
+    cobhanOutputBufferPtr = allocate_cbuffer(input_utf8_length);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
+  }
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
+  }
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Calling asherah-cobhan DecryptFromJson");
+  }
+
+  // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
+  // dataPtr);
+  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer,
+                                   inputJsonCobhanBuffer, cobhanOutputBuffer);
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Returned from asherah-cobhan DecryptFromJson");
+  }
+
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            decrypt_failed_message + std::to_string(result));
   }
+
+  return cbuffer_to_nbuffer(env, cobhanOutputBuffer);
 }
 
-Napi::Value Napi_DecryptFromJsonToString(const Napi::CallbackInfo& info) {
+Napi::Value Napi_DecryptFromJsonToString(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 2) {
-    Napi::TypeError::New(env, "DecryptFromJsonToString: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("DecryptFromJsonToString called");
   }
 
-  if (!info[0].IsString() || !info[1].IsString()) {
-    Napi::TypeError::New(env, "DecryptFromJsonToString: Wrong argument types")
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(setup_state == 0)) {
+    return LogErrorAndThrow(env, decrypt_failed_message +
+                                     std::string("SetupJson not called"));
   }
 
-  size_t partition_utf8_length, partition_copied_bytes;
+  if (unlikely(info.Length() < 2)) {
+    return LogErrorAndThrow(
+        env, "DecryptFromJsonToString: Wrong number of arguments");
+  }
+
+  if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+    return LogErrorAndThrow(env,
+                            "DecryptFromJsonToString: Wrong argument types");
+  }
+
+  // Determine size
+  size_t partition_utf8_length;
   Napi::String partitionId = info[0].As<Napi::String>();
   partition_utf8_length = nstring_utf8_length(env, partitionId);
-  if(partition_utf8_length == (size_t)(-1)) {
-    return env.Null();
+  if (unlikely(partition_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get partitionId utf8 length"));
   }
+
+  // Allocate
   char *partitionIdCobhanBuffer;
+  std::unique_ptr<char[]> partitionIdCobhanBufferPtr;
   if (partition_utf8_length < max_stack_alloc_size) {
-    partitionIdCobhanBuffer = (char*)alloca(partition_utf8_length + 1 + header_size + SafetyPaddingOverhead);
+    size_t cobhan_buf_size = cobhan_buffer_size(partition_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    partitionIdCobhanBuffer = (char *)alloca(cobhan_buf_size);
   } else {
-    partitionIdCobhanBuffer = new char[partition_utf8_length + 1 + header_size + SafetyPaddingOverhead];
+    partitionIdCobhanBufferPtr = allocate_cbuffer(partition_utf8_length);
+    partitionIdCobhanBuffer = partitionIdCobhanBufferPtr.get();
   }
-  partitionIdCobhanBuffer = copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length, partitionIdCobhanBuffer, &partition_copied_bytes);
-  if (partitionIdCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate partitionId cobhan buffer"));
   }
 
-  size_t utf8_length;
-  Napi::String inputJson = info[1].As<Napi::String>();
-  char *inputJsonCobhanBuffer = nstring_to_cbuffer(env, inputJson, &utf8_length);
-  if (inputJsonCobhanBuffer == NULL) {
-    if (partition_utf8_length >= max_stack_alloc_size)
-      delete[] partitionIdCobhanBuffer;
-    return env.Null();
+  // Copy
+  size_t partition_copied_bytes;
+  partitionIdCobhanBuffer =
+      copy_nstring_to_cbuffer(env, partitionId, partition_utf8_length,
+                              partitionIdCobhanBuffer, &partition_copied_bytes);
+  if (unlikely(partitionIdCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy partitionId to cobhan buffer"));
+  }
+
+  // Determine size
+  size_t input_utf8_length;
+  Napi::String input = info[1].As<Napi::String>();
+  input_utf8_length = nstring_utf8_length(env, input);
+  if (unlikely(input_utf8_length == (size_t)(-1))) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to get input utf8 length"));
+  }
+
+  // Allocate
+  char *inputJsonCobhanBuffer;
+  std::unique_ptr<char[]> inputJsonCobhanBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    inputJsonCobhanBuffer = (char *)alloca(cobhan_buf_size);
+  } else {
+    inputJsonCobhanBufferPtr = allocate_cbuffer(input_utf8_length);
+    inputJsonCobhanBuffer = inputJsonCobhanBufferPtr.get();
+  }
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate input cobhan buffer"));
+  }
+
+  // Copy
+  size_t input_copied_bytes;
+  inputJsonCobhanBuffer =
+      copy_nstring_to_cbuffer(env, input, input_utf8_length,
+                              inputJsonCobhanBuffer, &input_copied_bytes);
+  if (unlikely(inputJsonCobhanBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to copy inputJson to cobhan buffer"));
   }
 
   char *cobhanOutputBuffer;
-  if (utf8_length < max_stack_alloc_size) {
-    cobhanOutputBuffer = configure_cbuffer((char*)alloca(utf8_length + header_size + SafetyPaddingOverhead), utf8_length);
+  std::unique_ptr<char[]> cobhanOutputBufferPtr;
+  if (input_utf8_length < max_stack_alloc_size) {
+    size_t cobhan_buf_size = cobhan_buffer_size(input_utf8_length);
+    debug_log_alloca(cobhan_buf_size);
+    cobhanOutputBuffer = (char *)alloca(cobhan_buf_size);
+    configure_cbuffer(cobhanOutputBuffer, input_utf8_length);
   } else {
-    cobhanOutputBuffer = allocate_cbuffer(utf8_length);
+    cobhanOutputBufferPtr = allocate_cbuffer(input_utf8_length);
+    cobhanOutputBuffer = cobhanOutputBufferPtr.get();
+  }
+  if (unlikely(cobhanOutputBuffer == nullptr)) {
+    return LogErrorAndThrow(
+        env, decrypt_failed_message +
+                 std::string(" failed to allocate cobhan output buffer"));
+  }
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Calling asherah-cobhan DecryptFromJson");
+  }
+
+  // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
+  // dataPtr);
+  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer,
+                                   inputJsonCobhanBuffer, cobhanOutputBuffer);
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Returned from asherah-cobhan DecryptFromJson");
   }
 
-  //extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void* dataPtr);
-  GoInt32 result = DecryptFromJson(partitionIdCobhanBuffer, inputJsonCobhanBuffer, cobhanOutputBuffer);
-  if (partition_utf8_length >= max_stack_alloc_size)
-    delete[] partitionIdCobhanBuffer;
-  delete[] inputJsonCobhanBuffer;
-  if (result < 0) {
-    if (utf8_length >= max_stack_alloc_size)
-      delete[] cobhanOutputBuffer;
-    Napi::TypeError::New(env, DecryptFailedMessage + std::to_string(result))
-      .ThrowAsJavaScriptException();
-    return env.Null();
+  if (unlikely(result < 0)) {
+    return LogErrorAndThrow(env,
+                            decrypt_failed_message + std::to_string(result));
   }
 
   Napi::Value output = cbuffer_to_nstring(env, cobhanOutputBuffer);
-  if (utf8_length >= max_stack_alloc_size)
-    delete[] cobhanOutputBuffer;
   return output;
 }
 
-Napi::Value Napi_Shutdown(const Napi::CallbackInfo& info) {
+Napi::Value Napi_Shutdown(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
-  //extern void Shutdown();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Shutdown called");
+  }
+
+  setup_state = 0;
+  // extern void Shutdown();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Calling asherah-cobhan Shutdown");
+  }
+
   Shutdown();
+
+  if(unlikely(verbose_flag)) {
+    debug_log("Returned from asherah-cobhan Shutdown");
+  }
+
   return env.Null();
 }
 
-Napi::Value Napi_SetMaxStackAllocItemSize(const Napi::CallbackInfo& info) {
+Napi::Value Napi_SetMaxStackAllocItemSize(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 1) {
-    Napi::TypeError::New(env, "SetMaxStackAllocItemSize: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("SetMaxStackAllocItemSize called");
+  }
+
+  if (unlikely(info.Length() < 1)) {
+    return LogErrorAndThrow(
+        env, "SetMaxStackAllocItemSize: Wrong number of arguments");
   }
 
   Napi::Number item_size = info[0].As<Napi::Number>();
@@ -447,28 +874,41 @@ Napi::Value Napi_SetMaxStackAllocItemSize(const Napi::CallbackInfo& info) {
   return env.Null();
 }
 
-Napi::Value Napi_SetSafetyPaddingOverhead(const Napi::CallbackInfo& info) {
+Napi::Value Napi_SetSafetyPaddingOverhead(const Napi::CallbackInfo &info) {
   Napi::Env env = info.Env();
 
-  if (info.Length() < 1) {
-    Napi::TypeError::New(env, "SetSafetyPaddingOverhead: Wrong number of arguments")
-        .ThrowAsJavaScriptException();
-    return env.Null();
+  if(unlikely(verbose_flag)) {
+    debug_log("SetSafetyPaddingOverhead called");
+  }
+
+  if (unlikely(info.Length() < 1)) {
+    return LogErrorAndThrow(
+        env, "SetSafetyPaddingOverhead: Wrong number of arguments");
   }
 
-  Napi::Number safety_padding = info[0].As<Napi::Number>();
+  Napi::Number safety_padding_number = info[0].As<Napi::Number>();
 
-  SafetyPaddingOverhead = (size_t)safety_padding.Int32Value();
+  safety_padding = (size_t)safety_padding_number.Int32Value();
   return env.Null();
 }
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
-  exports.Set(Napi::String::New(env, "Napi_SetupJson"), Napi::Function::New(env, Napi_SetupJson));
-  exports.Set(Napi::String::New(env, "Napi_EncryptFromBufferToJson"), Napi::Function::New(env, Napi_EncryptFromBufferToJson));
-  exports.Set(Napi::String::New(env, "Napi_EncryptFromStringToJson"), Napi::Function::New(env, Napi_EncryptFromStringToJson));
-  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToBuffer"), Napi::Function::New(env, Napi_DecryptFromJsonToBuffer));
-  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToString"), Napi::Function::New(env, Napi_DecryptFromJsonToString));
-  exports.Set(Napi::String::New(env, "Napi_Shutdown"), Napi::Function::New(env, Napi_Shutdown));
+  exports.Set(Napi::String::New(env, "Napi_SetupJson"),
+              Napi::Function::New(env, Napi_SetupJson));
+  exports.Set(Napi::String::New(env, "Napi_EncryptFromBufferToJson"),
+              Napi::Function::New(env, Napi_EncryptFromBufferToJson));
+  exports.Set(Napi::String::New(env, "Napi_EncryptFromStringToJson"),
+              Napi::Function::New(env, Napi_EncryptFromStringToJson));
+  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToBuffer"),
+              Napi::Function::New(env, Napi_DecryptFromJsonToBuffer));
+  exports.Set(Napi::String::New(env, "Napi_DecryptFromJsonToString"),
+              Napi::Function::New(env, Napi_DecryptFromJsonToString));
+  exports.Set(Napi::String::New(env, "Napi_SetSafetyPaddingOverhead"),
+              Napi::Function::New(env, Napi_SetSafetyPaddingOverhead));
+  exports.Set(Napi::String::New(env, "Napi_SetMaxStackAllocItemSize"),
+              Napi::Function::New(env, Napi_SetMaxStackAllocItemSize));
+  exports.Set(Napi::String::New(env, "Napi_Shutdown"),
+              Napi::Function::New(env, Napi_Shutdown));
   return exports;
 }