npm - asherah - Versions diffs - 2.0.0 → 3.0.0 - Mend

asherah 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/binding.gyp +10 -11
package/package.json +14 -11
package/scripts/download-libraries.sh +261 -46
package/src/asherah.cc +530 -442
package/src/asherah.d.ts +7 -0
package/src/asherah_async_worker.h +65 -0
package/src/cobhan_buffer.h +237 -0
package/src/cobhan_buffer_napi.h +196 -0
package/src/logging.cc +26 -180
package/src/logging.h +44 -43
package/src/napi_utils.h +160 -0
package/src/scoped_allocate.h +53 -0
package/src/asherah.h +0 -14
package/src/cobhan.cc +0 -2
package/src/cobhan.h +0 -133
package/src/cobhan_napi_interop.h +0 -244

package/src/asherah.cc CHANGED Viewed

@@ -1,545 +1,640 @@
-#include "asherah.h"
-#include "../lib/libasherah.h"
-#include "cobhan_napi_interop.h"
+#define USE_SCOPE_ALLOCATE_BUFFER 1
+#include "asherah_async_worker.h"
+#include "cobhan_buffer_napi.h"
 #include "hints.h"
-#include "logging.h"
-#include <iostream>
-#include <mutex>
+#include "libasherah.h"
+#include "logging_napi.h"
+#include "napi_utils.h"
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+#include "scoped_allocate.h"
+#endif
+#include <atomic>
 #include <napi.h>
+#ifndef NAPI_CPP_EXCEPTIONS
+#error Support for C++ exceptions is required
+#endif
+static volatile std::atomic<int32_t> setup_state{0};
 class Asherah : public Napi::Addon<Asherah> {
 public:
-  Asherah(Napi::Env env, Napi::Object exports) {
-    DefineAddon(exports,
-                {InstanceMethod("setup", &Asherah::SetupAsherah),
-                 InstanceMethod("encrypt", &Asherah::Encrypt),
-                 InstanceMethod("encrypt_string", &Asherah::EncryptString),
-                 InstanceMethod("decrypt", &Asherah::Decrypt),
-                 InstanceMethod("decrypt_string", &Asherah::DecryptString),
-                 InstanceMethod("shutdown", &Asherah::ShutdownAsherah),
-                 InstanceMethod("set_max_stack_alloc_item_size",
-                                &Asherah::SetMaxStackAllocItemSize),
-                 InstanceMethod("set_safety_padding_overhead",
-                                &Asherah::SetSafetyPaddingOverhead),
-                 InstanceMethod("set_log_hook", &Asherah::SetLogHook)});
+  Asherah(Napi::Env env, Napi::Object exports) : logger(env, "asherah-node") {
+    DefineAddon(
+        exports,
+        {
+            InstanceMethod("setup", &Asherah::SetupAsherahSync),
+            InstanceMethod("setup_async", &Asherah::SetupAsherahAsync),
+            InstanceMethod("encrypt", &Asherah::EncryptSync),
+            InstanceMethod("encrypt_async", &Asherah::EncryptAsync),
+            InstanceMethod("encrypt_string", &Asherah::EncryptSync),
+            InstanceMethod("encrypt_string_async", &Asherah::EncryptAsync),
+            InstanceMethod("decrypt", &Asherah::DecryptSync),
+            InstanceMethod("decrypt_async", &Asherah::DecryptAsync),
+            InstanceMethod("decrypt_string", &Asherah::DecryptStringSync),
+            InstanceMethod("decrypt_string_async",
+                           &Asherah::DecryptStringAsync),
+            InstanceMethod("shutdown", &Asherah::ShutdownAsherahSync),
+            InstanceMethod("shutdown_async", &Asherah::ShutdownAsherahAsync),
+            InstanceMethod("set_max_stack_alloc_item_size",
+                           &Asherah::SetMaxStackAllocItemSize),
+            InstanceMethod("set_safety_padding_overhead",
+                           &Asherah::SetSafetyPaddingOverhead),
+            InstanceMethod("get_setup_status", &Asherah::GetSetupStatus),
+            InstanceMethod("set_log_hook", &Asherah::SetLogHook),
+        });
   }
 private:
-  size_t est_intermediate_key_overhead;
+  size_t est_intermediate_key_overhead = 0;
   size_t maximum_stack_alloc_size = 2048;
   int32_t verbose_flag = 0;
-  int32_t setup_state = 0;
-  std::mutex asherah_lock;
   Napi::FunctionReference log_hook;
-  Logger logger;
+  LoggerNapi logger;
-  void SetLogHook(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+#pragma region Published Node Addon Methods
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
-    if (unlikely(info.Length() < 1)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
-    }
-    if (unlikely(!info[0].IsFunction())) {
-      logger.log_error_and_throw(__func__, "Wrong argument type");
+  void SetupAsherahSync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      Napi::String config_string;
+      size_t product_id_length;
+      size_t service_name_length;
+      BeginSetupAsherah(env, __func__, info, config_string, product_id_length,
+                        service_name_length);
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+      char *config_cbuffer;
+      size_t config_cbuffer_size =
+          CobhanBufferNapi::StringToAllocationSize(env, config_string);
+      SCOPED_ALLOCATE_BUFFER(logger, config_cbuffer, config_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi config(env, config_string, config_cbuffer,
+                              config_cbuffer_size);
+#else
+      CobhanBufferNapi config(env, config_string);
+#endif
+      // extern GoInt32 SetupJson(void* configJson);
+      GoInt32 result = SetupJson(config);
+      EndSetupAsherah(result, product_id_length, service_name_length);
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
-    logger.set_log_hook(info[0].As<Napi::Function>());
   }
-  void SetupAsherah(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+  Napi::Value SetupAsherahAsync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      Napi::String config_string;
+      size_t product_id_length;
+      size_t service_name_length;
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
+      BeginSetupAsherah(env, __func__, info, config_string, product_id_length,
+                        service_name_length);
-    if (unlikely(setup_state == 1)) {
-      logger.log_error_and_throw(__func__, "setup called twice");
-    }
+      CobhanBufferNapi config(env, config_string);
-    if (unlikely(info.Length() < 1)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
+      auto worker = new SetupAsherahWorker(env, this, config, product_id_length,
+                                           service_name_length);
+      worker->Queue();
+      return worker->Promise();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
+  }
-    Napi::String config;
-    Napi::Object config_json;
+  void ShutdownAsherahSync(const Napi::CallbackInfo &info) {
     Napi::Env env = info.Env();
-    Napi::Object json = env.Global().Get("JSON").As<Napi::Object>();
-    if (likely(info[0].IsObject())) {
-      config_json = info[0].As<Napi::Object>();
-      Napi::Function stringify = json.Get("stringify").As<Napi::Function>();
-      config = stringify.Call(json, {config_json}).As<Napi::String>();
-    } else if (likely(info[0].IsString())) {
-      config = info[0].As<Napi::String>();
-      Napi::Function parse = json.Get("parse").As<Napi::Function>();
-      config_json = parse.Call(json, {config}).As<Napi::Object>();
-    } else {
-      logger.log_error_and_throw(__func__, "Wrong argument type");
+    Napi::HandleScope scope(env);
+    try {
+      BeginShutdownAsherah(env, __func__, info);
+      Shutdown();
+      EndShutdownAsherah();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
+  }
-    Napi::String product_id = config_json.Get("ProductID").As<Napi::String>();
-    Napi::String service_name =
-        config_json.Get("ServiceName").As<Napi::String>();
-    est_intermediate_key_overhead =
-        product_id.Utf8Value().length() + service_name.Utf8Value().length();
-    Napi::Value verbose = config_json.Get("Verbose");
-    if (likely(verbose.IsBoolean())) {
-      verbose_flag = verbose.As<Napi::Boolean>().Value();
-      logger.set_verbose_flag(verbose_flag);
-      logger.debug_log(__func__,
-                       "verbose_flag: " + std::to_string(verbose_flag));
-    } else {
-      verbose_flag = 0;
-      logger.set_verbose_flag(verbose_flag);
-      logger.debug_log(__func__, "verbose_flag: defaulting to false");
+  Napi::Value ShutdownAsherahAsync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      BeginShutdownAsherah(env, __func__, info);
+      auto worker = new ShutdownAsherahWorker(env, this);
+      worker->Queue();
+      return worker->Promise();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
+  }
-    char *config_cobhan_buffer;
-    size_t config_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(env, logger, config, config_cobhan_buffer,
-                           config_copied_bytes, maximum_stack_alloc_size,
-                           __func__);
+  // This is the exported sync Encrypt function
+  Napi::Value EncryptSync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    Napi::String output_string;
+    try {
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginEncryptToJson(env, __func__, info, partition_id_string, input_value);
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+      char *partition_id_cbuffer;
+      size_t partition_id_cbuffer_size =
+          CobhanBufferNapi::StringToAllocationSize(env, partition_id_string);
+      SCOPED_ALLOCATE_BUFFER(logger, partition_id_cbuffer,
+                             partition_id_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      char *input_cbuffer;
+      size_t input_cbuffer_size =
+          CobhanBufferNapi::ValueToAllocationSize(env, input_value);
+      SCOPED_ALLOCATE_BUFFER(logger, input_cbuffer, input_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi partition_id(env, partition_id_string,
+                                    partition_id_cbuffer,
+                                    partition_id_cbuffer_size);
+      CobhanBufferNapi input(env, input_value, input_cbuffer,
+                             input_cbuffer_size);
+#else
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
+#endif
+      size_t partition_id_data_len_bytes = partition_id.get_data_len_bytes();
+      size_t input_data_len_bytes = input.get_data_len_bytes();
+      size_t asherah_output_size_bytes = EstimateAsherahOutputSize(
+          input_data_len_bytes, partition_id_data_len_bytes);
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+      char *output_cobhan_buffer;
+      size_t output_size_bytes =
+          CobhanBuffer::DataSizeToAllocationSize(asherah_output_size_bytes);
+      SCOPED_ALLOCATE_BUFFER(logger, output_cobhan_buffer, output_size_bytes,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi output(output_cobhan_buffer, output_size_bytes);
+#else
+      CobhanBufferNapi output(asherah_output_size_bytes);
+#endif
+      GoInt32 result = EncryptToJson(partition_id, input, output);
+      EndEncryptToJson(env, output, result, output_string);
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
+    }
+    return output_string;
+  }
-    char *config_canary_ptr = get_canary_ptr(config_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, config_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for config_cobhan_buffer");
-    }
+  // This is the exported async Encrypt function
+  Napi::Value EncryptAsync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginEncryptToJson(env, __func__, info, partition_id_string, input_value);
-    // extern GoInt32 SetupJson(void* configJson);
-    GoInt32 result = SetupJson(config_cobhan_buffer);
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Returned from asherah-cobhan SetupJson");
-    }
+      size_t partition_id_data_len_bytes = partition_id.get_data_len_bytes();
+      size_t input_data_len_bytes = input.get_data_len_bytes();
+      size_t asherah_output_size_bytes = EstimateAsherahOutputSize(
+          input_data_len_bytes, partition_id_data_len_bytes);
-    if (unlikely(!check_canary_ptr(logger, config_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for config_cobhan_buffer");
-    }
+      CobhanBufferNapi output(asherah_output_size_bytes);
-    if (unlikely(result < 0)) {
-      logger.log_error_and_throw(__func__, AsherahCobhanErrorToString(result));
+      auto worker =
+          new EncryptAsherahWorker(env, this, partition_id, input, output);
+      worker->Queue();
+      return worker->Promise();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
-    setup_state = 1;
   }
-  Napi::Value Encrypt(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
-    if (unlikely(setup_state == 0)) {
-      logger.log_error_and_throw(__func__, "setup() not called");
-    }
-    if (unlikely(info.Length() < 2)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
-    }
+  Napi::Value DecryptSync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    Napi::Object output_value;
+    try {
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginDecryptFromJson(env, __func__, info, partition_id_string,
+                           input_value);
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+      char *partition_id_cbuffer;
+      size_t partition_id_cbuffer_size =
+          CobhanBufferNapi::StringToAllocationSize(env, partition_id_string);
+      SCOPED_ALLOCATE_BUFFER(logger, partition_id_cbuffer,
+                             partition_id_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      char *input_cbuffer;
+      size_t input_cbuffer_size =
+          CobhanBufferNapi::ValueToAllocationSize(env, input_value);
+      SCOPED_ALLOCATE_BUFFER(logger, input_cbuffer, input_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi partition_id(env, partition_id_string,
+                                    partition_id_cbuffer,
+                                    partition_id_cbuffer_size);
+      CobhanBufferNapi input(env, input_value, input_cbuffer,
+                             input_cbuffer_size);
+      char *output_cobhan_buffer;
+      size_t output_size_bytes =
+          CobhanBuffer::DataSizeToAllocationSize(input.get_data_len_bytes());
+      SCOPED_ALLOCATE_BUFFER(logger, output_cobhan_buffer, output_size_bytes,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi output(output_cobhan_buffer, output_size_bytes);
+#else
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
+      CobhanBufferNapi output(input.get_data_len_bytes());
+#endif
+      // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr,
+      // void* dataPtr);
+      GoInt32 result = DecryptFromJson(partition_id, input, output);
+      CheckResult(result);
+      output_value = output.ToBuffer(env); // NOLINT(*-slicing)
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
+    }
+    return output_value;
+  }
-    if (unlikely(!info[0].IsString() || !info[1].IsBuffer())) {
-      logger.log_error_and_throw(__func__, "Wrong argument types");
+  Napi::Value DecryptAsync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginDecryptFromJson(env, __func__, info, partition_id_string,
+                           input_value);
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
+      CobhanBufferNapi output(input.get_data_len_bytes());
+      auto worker = new DecryptFromJsonWorker<Napi::Buffer<unsigned char>>(
+          env, this, partition_id, input, output);
+      worker->Queue();
+      return worker->Promise();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
+  }
+  Napi::Value DecryptStringSync(const Napi::CallbackInfo &info) {
     Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    Napi::String output_string;
+    try {
+      NapiUtils::RequireParameterCount(info, 2);
+      if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+        logger.log_error_and_throw(__func__, "Wrong argument types");
+      }
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginDecryptFromJson(env, __func__, info, partition_id_string,
+                           input_value);
+#ifdef USE_SCOPED_ALLOCATE_BUFFER
+      char *partition_id_cbuffer;
+      size_t partition_id_cbuffer_size =
+          CobhanBufferNapi::StringToAllocationSize(env, partition_id_string);
+      SCOPED_ALLOCATE_BUFFER(logger, partition_id_cbuffer,
+                             partition_id_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      char *input_cbuffer;
+      size_t input_cbuffer_size =
+          CobhanBufferNapi::ValueToAllocationSize(env, input_value);
+      SCOPED_ALLOCATE_BUFFER(logger, input_cbuffer, input_cbuffer_size,
+                             maximum_stack_alloc_size, __func__);
+      CobhanBufferNapi partition_id(env, partition_id_string,
+                                    partition_id_cbuffer,
+                                    partition_id_cbuffer_size);
+      CobhanBufferNapi input(env, input_value, input_cbuffer,
+                             input_cbuffer_size);
+      CobhanBufferNapi output(input.get_data_len_bytes());
+#else
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
+      CobhanBufferNapi output(input.get_data_len_bytes());
+#endif
+      GoInt32 result = DecryptFromJson(partition_id, input, output);
+      EndDecryptFromJson(env, output, result, output_string);
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
+    }
+    return output_string;
+  }
-    Napi::String partition_id = info[0].As<Napi::String>();
-    char *partition_id_cobhan_buffer;
-    size_t partition_id_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(
-        env, logger, partition_id, partition_id_cobhan_buffer,
-        partition_id_copied_bytes, maximum_stack_alloc_size, __func__);
-    Napi::Buffer<unsigned char> input_napi_buffer =
-        info[1].As<Napi::Buffer<unsigned char>>();
-    char *input_cobhan_buffer;
-    size_t input_copied_bytes;
-    NAPI_BUFFER_TO_CBUFFER(env, logger, input_napi_buffer, input_cobhan_buffer,
-                           input_copied_bytes, maximum_stack_alloc_size,
-                           __func__);
-    Napi::String output = EncryptCobhanBufferToJson(
-        env, partition_id_copied_bytes, input_copied_bytes,
-        partition_id_cobhan_buffer, input_cobhan_buffer);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "finished");
-    }
+  Napi::Value DecryptStringAsync(const Napi::CallbackInfo &info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      NapiUtils::RequireParameterCount(info, 2);
-    return output;
-  }
+      if (unlikely(!info[0].IsString() || !info[1].IsString())) {
+        logger.log_error_and_throw(__func__, "Wrong argument types");
+      }
-  Napi::Value EncryptString(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+      Napi::String partition_id_string;
+      Napi::Value input_value;
+      BeginDecryptFromJson(env, __func__, info, partition_id_string,
+                           input_value);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
+      CobhanBufferNapi partition_id(env, partition_id_string);
+      CobhanBufferNapi input(env, input_value);
-    if (unlikely(setup_state == 0)) {
-      logger.log_error_and_throw(__func__, "setup() not called");
-    }
+      CobhanBufferNapi output(input.get_data_len_bytes());
-    if (unlikely(info.Length() < 2)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
-    }
+      auto worker = new DecryptFromJsonWorker<Napi::String>(
+          env, this, partition_id, input, output);
+      worker->Queue();
-    if (unlikely(!info[0].IsString() || !info[1].IsString())) {
-      logger.log_error_and_throw(__func__, "Wrong argument types");
+      return worker->Promise();
+    } catch (const std::exception &e) {
+      logger.log_error_and_throw(__func__, e.what());
     }
+  }
-    Napi::Env env = info.Env();
+  void SetMaxStackAllocItemSize(const Napi::CallbackInfo &info) {
+    NapiUtils::RequireParameterCount(info, 1);
-    Napi::String partition_id = info[0].As<Napi::String>();
-    char *partition_id_cobhan_buffer;
-    size_t partition_id_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(
-        env, logger, partition_id, partition_id_cobhan_buffer,
-        partition_id_copied_bytes, maximum_stack_alloc_size, __func__);
-    Napi::String input = info[1].As<Napi::String>();
-    char *input_cobhan_buffer;
-    size_t input_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(env, logger, input, input_cobhan_buffer,
-                           input_copied_bytes, maximum_stack_alloc_size,
-                           __func__);
-    Napi::String output = EncryptCobhanBufferToJson(
-        env, partition_id_copied_bytes, input_copied_bytes,
-        partition_id_cobhan_buffer, input_cobhan_buffer);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "finished");
-    }
+    Napi::Number item_size = info[0].ToNumber();
+    auto new_size = (size_t)item_size.Int32Value();
-    return output;
+    maximum_stack_alloc_size = new_size;
   }
-  Napi::String EncryptCobhanBufferToJson(Napi::Env &env, size_t partition_bytes,
-                                         size_t data_bytes,
-                                         char *partition_id_cobhan_buffer,
-                                         char *input_cobhan_buffer) {
+  void SetSafetyPaddingOverhead(const Napi::CallbackInfo &info) {
+    NapiUtils::RequireParameterCount(info, 1);
-    size_t asherah_output_size_bytes =
-        EstimateAsherahOutputSize(data_bytes, partition_bytes);
+    // Napi::Number safety_padding_number = info[0].ToNumber();
+    // auto new_safety_padding_bytes = (size_t)
+    // safety_padding_number.Int32Value(); Safety padding size is now fixed -
+    // ignore the input set_safety_padding_bytes(new_safety_padding_bytes);
+  }
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, " asherah_output_size_bytes " +
-                                     std::to_string(asherah_output_size_bytes));
-    }
+  Napi::Value
+  GetSetupStatus(const Napi::CallbackInfo
+                     &info) { // NOLINT(*-convert-member-functions-to-static)
+    int32_t setup_status = setup_state.load(std::memory_order_acquire);
+    return Napi::Boolean::New(info.Env(), setup_status != 0);
+  }
-    char *output_cobhan_buffer;
-    ALLOCATE_CBUFFER(logger, output_cobhan_buffer, asherah_output_size_bytes,
-                     maximum_stack_alloc_size, __func__);
+  void SetLogHook(const Napi::CallbackInfo &info) {
+    NapiUtils::RequireParameterCount(info, 1);
-    char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed initial canary check for partition_id_cobhan_buffer");
-    }
-    char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for input_cobhan_buffer");
-    }
-    char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for output_cobhan_buffer");
+    if (unlikely(!info[0].IsFunction())) {
+      logger.log_error_and_throw(__func__, "Wrong argument type");
     }
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Calling asherah-cobhan EncryptToJson");
-    }
+    logger.set_log_hook(info[0].As<Napi::Function>());
+  }
-    // extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr, void*
-    // jsonPtr);
-    GoInt32 result = EncryptToJson(partition_id_cobhan_buffer,
-                                   input_cobhan_buffer, output_cobhan_buffer);
+  void BeginSetupAsherah(const Napi::Env &env, const char *func_name,
+                         const Napi::CallbackInfo &info,
+                         Napi::String &config_string, size_t &product_id_length,
+                         size_t &service_name_length) {
+    RequireAsherahNotSetup(func_name);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Returning from asherah-cobhan EncryptToJson");
-    }
+    NapiUtils::RequireParameterCount(info, 1);
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed post-call canary check for partition_id_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for input_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for output_cobhan_buffer");
-    }
+    Napi::Object config_json;
+    NapiUtils::AsJsonObjectAndString(env, info[0], config_string, config_json);
-    if (unlikely(result < 0)) {
-      logger.log_error_and_throw(__func__, AsherahCobhanErrorToString(result));
-    }
+    Napi::String product_id;
+    NapiUtils::GetStringProperty(config_json, "ProductID", product_id);
+    product_id_length = NapiUtils::GetUtf8StringLength(env, product_id);
+    Napi::String service_name;
+    NapiUtils::GetStringProperty(config_json, "ServiceName", service_name);
+    service_name_length = NapiUtils::GetUtf8StringLength(env, service_name);
-    Napi::String output = cbuffer_to_nstring(env, logger, output_cobhan_buffer);
-    return output;
+    bool verbose;
+    NapiUtils::GetBooleanProperty(config_json, "Verbose", verbose, false);
+    verbose_flag = verbose;
   }
-  Napi::Value Decrypt(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+  void EndSetupAsherah(GoInt32 result, size_t product_id_length,
+                       size_t service_name_length) {
+    CheckResult(result);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
+    est_intermediate_key_overhead = product_id_length + service_name_length;
-    if (unlikely(setup_state == 0)) {
-      logger.log_error_and_throw(__func__, "setup() not called");
+    auto old_setup_state = setup_state.exchange(1, std::memory_order_acq_rel);
+    if (unlikely(old_setup_state != 0)) {
+      logger.log_error_and_throw(__func__, "lost race to mark setup_state!");
     }
+  }
-    if (unlikely(info.Length() < 2)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
-    }
+  void BeginEncryptToJson(const Napi::Env &env, const char *func_name,
+                          const Napi::CallbackInfo &info,
+                          Napi::String &partition_id, Napi::Value &input) {
+    RequireAsherahSetup(func_name);
-    if (unlikely(!info[0].IsString() || !info[1].IsString())) {
-      logger.log_error_and_throw(__func__, "Wrong argument types");
-    }
+    NapiUtils::RequireParameterCount(info, 2);
-    Napi::Env env = info.Env();
+    partition_id = NapiUtils::RequireParameterString(env, func_name, info[0]);
+    input = NapiUtils::RequireParameterStringOrBuffer(env, func_name, info[1]);
+  }
-    Napi::String partition_id = info[0].As<Napi::String>();
-    char *partition_id_cobhan_buffer;
-    size_t partition_id_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(
-        env, logger, partition_id, partition_id_cobhan_buffer,
-        partition_id_copied_bytes, maximum_stack_alloc_size, __func__);
-    Napi::String input = info[1].As<Napi::String>();
-    char *input_cobhan_buffer;
-    size_t input_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(env, logger, input, input_cobhan_buffer,
-                           input_copied_bytes, maximum_stack_alloc_size,
-                           __func__);
-    char *output_cobhan_buffer;
-    ALLOCATE_CBUFFER(logger, output_cobhan_buffer, input_copied_bytes,
-                     maximum_stack_alloc_size, __func__);
-    char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed initial canary check for partition_id_cobhan_buffer");
-    }
-    char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for input_cobhan_buffer");
-    }
-    char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for output_cobhan_buffer");
-    }
+  void EndEncryptToJson(Napi::Env env, CobhanBufferNapi &output, GoInt32 result,
+                        Napi::String &output_string) {
+    CheckResult(result);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Calling asherah-cobhan DecryptFromJson");
-    }
+    output_string = output.ToString(env);
+  }
-    // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
-    // dataPtr);
-    GoInt32 result = DecryptFromJson(partition_id_cobhan_buffer,
-                                     input_cobhan_buffer, output_cobhan_buffer);
+  void EndEncryptToJson(Napi::Env env, CobhanBufferNapi &output, GoInt32 result,
+                        Napi::Buffer<unsigned char> &output_buffer) {
+    CheckResult(result);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__,
-                       "Returned from asherah-cobhan DecryptFromJson");
-    }
+    output_buffer = output.ToBuffer(env);
+  }
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed post-call canary check for partition_id_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for input_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for output_cobhan_buffer");
-    }
+  void BeginDecryptFromJson(const Napi::Env &env, const char *func_name,
+                            const Napi::CallbackInfo &info,
+                            Napi::String &partition_id, Napi::Value &input) {
+    RequireAsherahSetup(func_name);
-    if (unlikely(result < 0)) {
-      logger.log_error_and_throw(__func__, AsherahCobhanErrorToString(result));
-    }
+    NapiUtils::RequireParameterCount(info, 2);
-    Napi::Buffer<unsigned char> output =
-        cbuffer_to_nbuffer(env, logger, output_cobhan_buffer);
+    partition_id = NapiUtils::RequireParameterString(env, func_name, info[0]);
+    input = NapiUtils::RequireParameterStringOrBuffer(env, func_name, info[1]);
+  }
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "finished");
-    }
+  void EndDecryptFromJson(Napi::Env &env, CobhanBufferNapi &output,
+                          GoInt32 result,
+                          Napi::Buffer<unsigned char> &output_buffer) {
+    CheckResult(result);
-    return output;
+    output_buffer = output.ToBuffer(env);
   }
-  Napi::Value DecryptString(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+  void EndDecryptFromJson(Napi::Env &env, CobhanBufferNapi &output,
+                          GoInt32 result, Napi::String &output_string) {
+    CheckResult(result);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
-    }
+    output_string = output.ToString(env);
+  }
-    if (unlikely(setup_state == 0)) {
-      logger.log_error_and_throw(__func__, "setup() not called");
-    }
+  void BeginShutdownAsherah(const Napi::Env &, const char *func_name,
+                            const Napi::CallbackInfo &info) {
+    RequireAsherahSetup(func_name);
+    NapiUtils::RequireParameterCount(info, 0);
+  }
-    if (unlikely(info.Length() < 2)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
+  void EndShutdownAsherah() {
+    auto old_setup_state = setup_state.exchange(0, std::memory_order_acq_rel);
+    if (unlikely(old_setup_state == 0)) {
+      logger.log_error_and_throw(__func__, "lost race to mark setup_state!");
     }
+  }
-    if (unlikely(!info[0].IsString() || !info[1].IsString())) {
-      logger.log_error_and_throw(__func__, "Wrong argument types");
-    }
+#pragma endregion Begin / End Methods
-    Napi::Env env = info.Env();
+#pragma region AsyncWorkers
-    Napi::String partition_id = info[0].As<Napi::String>();
-    char *partition_id_cobhan_buffer;
-    size_t partition_id_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(
-        env, logger, partition_id, partition_id_cobhan_buffer,
-        partition_id_copied_bytes, maximum_stack_alloc_size, __func__);
-    Napi::String input = info[1].As<Napi::String>();
-    char *input_cobhan_buffer;
-    size_t input_copied_bytes;
-    NAPI_STRING_TO_CBUFFER(env, logger, input, input_cobhan_buffer,
-                           input_copied_bytes, maximum_stack_alloc_size,
-                           __func__);
-    char *output_cobhan_buffer;
-    ALLOCATE_CBUFFER(logger, output_cobhan_buffer, input_copied_bytes,
-                     maximum_stack_alloc_size, __func__);
-    char *partition_id_canary_ptr = get_canary_ptr(partition_id_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed initial canary check for partition_id_cobhan_buffer");
-    }
-    char *input_canary_ptr = get_canary_ptr(input_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for input_cobhan_buffer");
-    }
-    char *output_canary_ptr = get_canary_ptr(output_cobhan_buffer);
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed initial canary check for output_cobhan_buffer");
-    }
+  class SetupAsherahWorker : public AsherahAsyncWorker<GoInt32> {
+  public:
+    SetupAsherahWorker(Napi::Env env, Asherah *instance,
+                       CobhanBufferNapi &config, size_t product_id_length,
+                       size_t service_name_length)
+        : AsherahAsyncWorker<GoInt32>(env, instance), config(std::move(config)),
+          product_id_length(product_id_length),
+          service_name_length(service_name_length) {}
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Calling asherah-cobhan DecryptFromJson");
+    GoInt32 ExecuteTask() override { return SetupJson(config); }
+    Napi::Value OnOKTask(Napi::Env &env) override {
+      asherah->EndSetupAsherah(result, product_id_length, service_name_length);
+      return env.Undefined();
     }
-    // extern GoInt32 DecryptFromJson(void* partitionIdPtr, void* jsonPtr, void*
-    // dataPtr);
-    GoInt32 result = DecryptFromJson(partition_id_cobhan_buffer,
-                                     input_cobhan_buffer, output_cobhan_buffer);
+  private:
+    CobhanBufferNapi config;
+    size_t product_id_length;
+    size_t service_name_length;
+  };
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__,
-                       "Returned from asherah-cobhan DecryptFromJson");
-    }
+  class EncryptAsherahWorker : public AsherahAsyncWorker<GoInt32> {
+  public:
+    EncryptAsherahWorker(const Napi::Env &env, Asherah *instance,
+                         CobhanBufferNapi &partition_id,
+                         CobhanBufferNapi &input, CobhanBufferNapi &output)
+        : AsherahAsyncWorker(env, instance),
+          partition_id(std::move(partition_id)), input(std::move(input)),
+          output(std::move(output)) {}
-    if (unlikely(!check_canary_ptr(logger, partition_id_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__,
-          "Failed post-call canary check for partition_id_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, input_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for input_cobhan_buffer");
-    }
-    if (unlikely(!check_canary_ptr(logger, output_canary_ptr))) {
-      logger.log_error_and_throw(
-          __func__, "Failed post-call canary check for output_cobhan_buffer");
+    // extern GoInt32 EncryptToJson(void* partitionIdPtr, void* dataPtr,
+    // void* jsonPtr);
+    GoInt32 ExecuteTask() override {
+      return EncryptToJson(partition_id, input, output);
     }
-    if (unlikely(result < 0)) {
-      logger.log_error_and_throw(__func__, AsherahCobhanErrorToString(result));
+    Napi::Value OnOKTask(Napi::Env &env) override {
+      Napi::String output_string;
+      asherah->EndEncryptToJson(env, output, result, output_string);
+      return output_string;
     }
-    Napi::String output = cbuffer_to_nstring(env, logger, output_cobhan_buffer);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "finished");
-    }
+  private:
+    CobhanBufferNapi partition_id;
+    CobhanBufferNapi input;
+    CobhanBufferNapi output;
+  };
-    return output;
-  }
+  template <typename T>
+  class DecryptFromJsonWorker : public AsherahAsyncWorker<GoInt32> {
+  public:
+    DecryptFromJsonWorker(const Napi::Env &env, Asherah *instance,
+                          CobhanBufferNapi &partition_id,
+                          CobhanBufferNapi &input, CobhanBufferNapi &output)
+        : AsherahAsyncWorker(env, instance),
+          partition_id(std::move(partition_id)), input(std::move(input)),
+          output(std::move(output)) {}
-  void ShutdownAsherah(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
+    GoInt32 ExecuteTask() override {
+      return DecryptFromJson(partition_id, input, output);
+    }
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
+    Napi::Value OnOKTask(Napi::Env &env) override {
+      T output_result;
+      asherah->EndDecryptFromJson(env, output, result, output_result);
+      return output_result;
     }
-    setup_state = 0;
+  protected:
+    CobhanBufferNapi partition_id;
+    CobhanBufferNapi input;
+    CobhanBufferNapi output;
+  };
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Calling asherah-cobhan Shutdown");
-    }
+  class ShutdownAsherahWorker : public AsherahAsyncWorker<GoInt32> {
+  public:
+    using AsherahAsyncWorker::AsherahAsyncWorker;
     // extern void Shutdown();
-    Shutdown();
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "Returned from asherah-cobhan Shutdown");
+    GoInt32 ExecuteTask() override {
+      Shutdown();
+      return 0;
     }
-  }
-  void SetMaxStackAllocItemSize(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
+    Napi::Value OnOKTask(Napi::Env &env) override {
+      asherah->EndShutdownAsherah();
+      return env.Undefined();
     }
+  };
-    if (unlikely(info.Length() < 1)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
-    }
+#pragma endregion AsyncWorkers
-    Napi::Number item_size = info[0].ToNumber();
+#pragma region Helpers
-    maximum_stack_alloc_size = (size_t)item_size.Int32Value();
+  void CheckResult(GoInt32 result) {
+    if (unlikely(result < 0)) {
+      logger.log_error_and_throw(__func__, AsherahCobhanErrorToString(result));
+    }
   }
-  void SetSafetyPaddingOverhead(const Napi::CallbackInfo &info) {
-    std::lock_guard<std::mutex> lock(asherah_lock);
-    if (unlikely(verbose_flag)) {
-      logger.debug_log(__func__, "called");
+  void RequireAsherahSetup(const char *func_name) {
+    if (unlikely(setup_state.load(std::memory_order_acquire) == 0)) {
+      logger.log_error_and_throw(func_name, "setup() not called");
     }
+  }
-    if (unlikely(info.Length() < 1)) {
-      logger.log_error_and_throw(__func__, "Wrong number of arguments");
+  void RequireAsherahNotSetup(const char *func_name) {
+    if (unlikely(setup_state.load(std::memory_order_acquire) != 0)) {
+      logger.log_error_and_throw(func_name, "setup() already called");
     }
-    Napi::Number safety_padding_number = info[0].ToNumber();
-    set_safety_padding_bytes((size_t)safety_padding_number.Int32Value());
   }
   __attribute__((always_inline)) inline size_t
@@ -549,25 +644,16 @@ private:
     const double base64_overhead = 1.34;
     // Add one rather than using std::ceil to round up
-    double est_data_byte_len =
-        (double(data_byte_len + est_encryption_overhead) * base64_overhead) + 1;
-    size_t asherah_output_size_bytes =
-        size_t(est_envelope_overhead + est_intermediate_key_overhead +
-               partition_byte_len + est_data_byte_len);
-    if (unlikely(verbose_flag)) {
-      std::string log_msg =
-          __func__ + ("(" + std::to_string(data_byte_len)) + ", " +
-          std::to_string(partition_byte_len) +
-          ") est_data_byte_len: " + std::to_string(est_data_byte_len) +
-          " asherah_output_size_bytes: " +
-          std::to_string(asherah_output_size_bytes);
-      logger.debug_log(__func__, log_msg);
-    }
-    return asherah_output_size_bytes;
+    size_t est_data_byte_len =
+        size_t(double(data_byte_len + est_encryption_overhead) *
+               base64_overhead) +
+        1;
+    return est_envelope_overhead + est_intermediate_key_overhead +
+           partition_byte_len + est_data_byte_len;
   }
-  __attribute__((always_inline)) inline const char *
+  __attribute__((always_inline)) static inline const char *
   AsherahCobhanErrorToString(int32_t error) {
     switch (error) {
     case 0:
@@ -606,6 +692,8 @@ private:
       return "Unknown error";
     }
   }
+#pragma endregion Helpers
 };
 NODE_API_NAMED_ADDON('asherah', Asherah)