asherah 1.3.17 → 1.3.19

package/binding.gyp

@@ -15,7 +15,7 @@
           '-O3'
         ],
       },
-      'defines': [ 'NAPI_CPP_EXCEPTIONS', 'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS', 'NODE_ADDON_API_DISABLE_DEPRECATED' ],
+      'defines': [ 'NAPI_CPP_EXCEPTIONS', 'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS', 'NODE_ADDON_API_DISABLE_DEPRECATED', 'NODE_API_NO_EXTERNAL_BUFFERS_ALLOWED' ],
       'sources': [
         'lib/libasherah.h',
         'src/asherah.cc',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "asherah",
-  "version": "1.3.17",
+  "version": "1.3.19",
   "description": "Asherah envelope encryption and key rotation library",
   "exports": {
     "node-addons": "./dist/asherah.node"
@@ -62,6 +62,6 @@
   "types": "dist/asherah.d.ts",
   "dependencies": {
     "cobhan": "^1.0.37",
-    "node-addon-api": "*"
+    "node-addon-api": "7.0.0"
   }
 }

package/src/asherah.cc

@@ -44,7 +44,7 @@ void setup(const Napi::CallbackInfo &info) {
   Napi::String product_id = config_json.Get("ProductID").As<Napi::String>();
   Napi::String service_name = config_json.Get("ServiceName").As<Napi::String>();
 
-  est_intermediate_key_overhead =
+  *est_intermediate_key_overhead_ptr =
       product_id.Utf8Value().length() + service_name.Utf8Value().length();
 
   Napi::Value verbose = config_json.Get("Verbose");
@@ -149,6 +149,22 @@ Napi::Value encrypt_to_json(Napi::Env &env, size_t partition_bytes,
                                "Failed to allocate cobhan output buffer");
   }
 
+  char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for partition_id_cobhan_buffer");
+  }
+  char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for input_cobhan_buffer");
+  }
+  char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(verbose_flag)) {
     debug_log("encrypt_to_json", "Calling asherah-cobhan EncryptToJson");
   }
@@ -162,6 +178,19 @@ Napi::Value encrypt_to_json(Napi::Env &env, size_t partition_bytes,
     debug_log("encrypt_to_json", "Returning from asherah-cobhan EncryptToJson");
   }
 
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for partition_id_cobhan_buffer");
+  }
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for input_cobhan_buffer");
+  }
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(result < 0)) {
     // TODO: Convert this to a proper error message
     return log_error_and_throw(env, "encrypt_to_json", std::to_string(result));
@@ -537,6 +566,22 @@ Napi::Value decrypt(const Napi::CallbackInfo &info) {
                                "Failed to allocate cobhan output buffer");
   }
 
+  char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for partition_id_cobhan_buffer");
+  }
+  char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for input_cobhan_buffer");
+  }
+  char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(verbose_flag)) {
     debug_log("decrypt", "Calling asherah-cobhan DecryptFromJson");
   }
@@ -550,6 +595,19 @@ Napi::Value decrypt(const Napi::CallbackInfo &info) {
     debug_log("decrypt", "Returned from asherah-cobhan DecryptFromJson");
   }
 
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for partition_id_cobhan_buffer");
+  }
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for input_cobhan_buffer");
+  }
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(result < 0)) {
     // TODO: Convert this to a proper error message
     return log_error_and_throw(env, "decrypt", std::to_string(result));
@@ -694,6 +752,22 @@ Napi::Value decrypt_string(const Napi::CallbackInfo &info) {
                                "Failed to allocate cobhan output buffer");
   }
 
+  char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for partition_id_cobhan_buffer");
+  }
+  char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for input_cobhan_buffer");
+  }
+  char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed initial canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(verbose_flag)) {
     debug_log("decrypt_string", "Calling asherah-cobhan DecryptFromJson");
   }
@@ -707,6 +781,19 @@ Napi::Value decrypt_string(const Napi::CallbackInfo &info) {
     debug_log("decrypt_string", "Returned from asherah-cobhan DecryptFromJson");
   }
 
+  if(!check_canary_ptr(partition_id_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for partition_id_cobhan_buffer");
+  }
+  if(!check_canary_ptr(input_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for input_cobhan_buffer");
+  }
+  if(!check_canary_ptr(output_canary_ptr)) {
+    return log_error_and_throw(env, "encrypt_to_json",
+                               "Failed post-call canary check for output_cobhan_buffer");
+  }
+
   if (unlikely(result < 0)) {
     // TODO: Convert this to a proper error message
     return log_error_and_throw(env, "decrypt_string", std::to_string(result));
@@ -773,7 +860,7 @@ void set_safety_padding_overhead(const Napi::CallbackInfo &info) {
 
   Napi::Number safety_padding_number = info[0].ToNumber();
 
-  safety_padding_bytes = (size_t)safety_padding_number.Int32Value();
+  *safety_padding_bytes_ptr = (size_t)safety_padding_number.Int32Value();
 }
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {

package/src/cobhan_napi_interop.cc

@@ -1,3 +1,11 @@
 #include <stddef.h>
-size_t est_intermediate_key_overhead = 0;
-size_t safety_padding_bytes = 0;
+static size_t est_intermediate_key_overhead = 0;
+static size_t safety_padding_bytes = 0;
+
+size_t* get_est_intermediate_key_overhead_ptr() {
+  return &est_intermediate_key_overhead;
+}
+
+size_t* get_safety_padding_bytes_ptr() {
+  return &safety_padding_bytes;
+}

package/src/cobhan_napi_interop.h

@@ -2,17 +2,24 @@
 #define COBHAN_NAPI_INTEROP_H
 #include "hints.h"
 #include "logging.h"
-#include <string>
 #include <napi.h>
+#include <string>
 
-extern size_t est_intermediate_key_overhead;
-extern size_t safety_padding_bytes;
+// Stupid hack to get around extern issues
+size_t *get_est_intermediate_key_overhead_ptr();
+size_t *get_safety_padding_bytes_ptr();
+
+size_t *est_intermediate_key_overhead_ptr =
+    get_est_intermediate_key_overhead_ptr();
+size_t *safety_padding_bytes_ptr = get_safety_padding_bytes_ptr();
 
 const size_t est_encryption_overhead = 48;
 const size_t est_envelope_overhead = 185;
 const double base64_overhead = 1.34;
 
 const size_t cobhan_header_size_bytes = 64 / 8;
+const size_t canary_size = sizeof(int32_t) * 2;
+const int32_t canary_constant = 0xdeadbeef;
 
 std::string napi_status_to_string(napi_status status) {
   switch (status) {
@@ -81,8 +88,10 @@ log_error_and_throw(Napi::Env &env, const char *function_name,
 
 __attribute__((always_inline)) inline size_t
 calculate_cobhan_buffer_size_bytes(size_t data_len_bytes) {
-  return data_len_bytes + cobhan_header_size_bytes + safety_padding_bytes +
-         1; // Add one for possible NULL delimiter due to Node string functions
+  return data_len_bytes + cobhan_header_size_bytes +
+         1 + // Add one for possible NULL delimiter due to Node string functions
+         canary_size                  // Add space for canary value
+         + *safety_padding_bytes_ptr; // Add safety padding if configured
 }
 
 __attribute__((always_inline)) inline size_t
@@ -92,9 +101,9 @@ estimate_asherah_output_size_bytes(size_t data_byte_len,
   double est_data_byte_len =
       (double(data_byte_len + est_encryption_overhead) * base64_overhead) + 1;
 
-  size_t asherah_output_size_bytes =
-      size_t(est_envelope_overhead + est_intermediate_key_overhead +
-             partition_byte_len + est_data_byte_len + safety_padding_bytes);
+  size_t asherah_output_size_bytes = size_t(
+      est_envelope_overhead + *est_intermediate_key_overhead_ptr +
+      partition_byte_len + est_data_byte_len + *safety_padding_bytes_ptr);
   if (unlikely(verbose_flag)) {
     std::string log_msg =
         "estimate_asherah_output_size(" + std::to_string(data_byte_len) + ", " +
@@ -107,11 +116,68 @@ estimate_asherah_output_size_bytes(size_t data_byte_len,
   return asherah_output_size_bytes;
 }
 
+__attribute__((always_inline)) inline char* cbuffer_data_ptr(char *cobhan_buffer) {
+  return cobhan_buffer + cobhan_header_size_bytes;
+}
+
 __attribute__((always_inline)) inline void configure_cbuffer(char *buffer,
                                                              size_t length) {
+  if (verbose_flag) {
+    debug_log("configure_cbuffer", "configure_cbuffer(" +
+                                       std::to_string((intptr_t)buffer) + ", " +
+                                       std::to_string(length) + ")");
+  }
+
   *((int32_t *)buffer) = length;
   // Reserved for future use
   *((int32_t *)(buffer + sizeof(int32_t))) = 0;
+
+  // Write canary values
+  char *data_ptr = cbuffer_data_ptr(buffer);
+  if (verbose_flag) {
+    debug_log("configure_cbuffer",
+              "Writing first canary at " +
+                  std::to_string((intptr_t)(data_ptr + length + 1)));
+  }
+
+  // First canary value is a int32_t 0 which gives us four NULLs
+  *((int32_t *)(data_ptr + length + 1)) = 0;
+
+  if (verbose_flag) {
+    debug_log(
+        "configure_cbuffer",
+        "Writing second canary at " +
+            std::to_string((intptr_t)(data_ptr + length + 1 + sizeof(int32_t))));
+  }
+
+  // Second canary value is a int32_t 0xdeadbeef
+  *((int32_t *)(data_ptr + length + 1 + sizeof(int32_t))) = canary_constant;
+}
+
+__attribute__((always_inline)) inline char *
+get_canary_ptr(char *cobhan_buffer) {
+  int32_t cobhan_buffer_size_bytes = cbuffer_byte_length(cobhan_buffer);
+  return cbuffer_data_ptr(cobhan_buffer) + cobhan_buffer_size_bytes + 1;
+}
+
+__attribute__((always_inline)) inline bool
+check_canary_ptr(char *canary_ptr) {
+  int32_t zero_value = *((int32_t *)(canary_ptr));
+  if (zero_value != 0) {
+    std::string error_msg =
+        "Canary check failed: " + std::to_string(zero_value) + " != 0";
+    error_log("canary_check_cbuffer", error_msg);
+    return false;
+  }
+  int32_t canary_value = *((int32_t *)(canary_ptr + sizeof(int32_t)));
+  if (canary_value != canary_constant) {
+    std::string error_msg =
+        "Canary check failed: " + std::to_string(canary_value) +
+        " != " + std::to_string(canary_constant);
+    error_log("canary_check_cbuffer", error_msg);
+    return false;
+  }
+  return true;
 }
 
 __attribute__((always_inline)) inline std::unique_ptr<char[]>
@@ -134,7 +200,7 @@ heap_allocate_cbuffer(const char *variable_name, size_t size_bytes) {
     return nullptr;
   }
   std::unique_ptr<char[]> cobhan_buffer_unique_ptr(cobhan_buffer);
-  configure_cbuffer(cobhan_buffer, size_bytes + safety_padding_bytes);
+  configure_cbuffer(cobhan_buffer, size_bytes + *safety_padding_bytes_ptr);
   return cobhan_buffer_unique_ptr;
 }
 
@@ -196,6 +262,17 @@ copy_nstring_to_cbuffer(Napi::Env &env, Napi::String &str,
     return nullptr;
   }
 
+  if (unlikely(verbose_flag)) {
+    debug_log("copy_nstring_to_cbuffer",
+              "Copying " + std::to_string(str_utf8_byte_length) + " bytes to " +
+                  std::to_string(
+                      (intptr_t)(cobhan_buffer + cobhan_header_size_bytes)) +
+                      "-" +
+                      std::to_string((intptr_t)(cobhan_buffer +
+                                                cobhan_header_size_bytes +
+                                                str_utf8_byte_length)));
+  }
+
   napi_status status;
   size_t copied_bytes;
   // NOTE: This implementation relies on the additional byte that is reserved