Merge pull request #78 from godaddy/add-disable-zero-copy

jgowdy-godaddy · web-flow · commit 098cd1ce0402 · 2026-03-03T10:52:00.000-08:00
Add DisableZeroCopy config option
diff --git a/internal/asherah/options.go b/internal/asherah/options.go
@@ -24,6 +24,7 @@ type Options struct {
 	PreferredRegion        string        `long:"preferred-region" description:"The preferred AWS region (required if --kms=aws)" env:"ASHERAH_PREFERRED_REGION"`
 	EnableRegionSuffix     bool          `long:"enable-region-suffix" description:"Configure the metastore to use regional suffixes (only supported by --metastore=dynamodb)" env:"ASHERAH_ENABLE_REGION_SUFFIX"`
 	EnableSessionCaching   bool          `long:"enable-session-caching" description:"Enable shared session caching" env:"ASHERAH_ENABLE_SESSION_CACHING"`
+	DisableZeroCopy    bool          `long:"disable-zero-copy" description:"Disable zero-copy FFI input buffers to prevent use-after-free from caller runtime" env:"ASHERAH_DISABLE_ZERO_COPY"`
 	Verbose                bool          `short:"v" long:"verbose" description:"Enable verbose logging output" env:"ASHERAH_VERBOSE"`
 }
 
diff --git a/libasherah.go b/libasherah.go
@@ -19,6 +19,7 @@ import (
 )
 
 var EstimatedIntermediateKeyOverhead = 0
+var DisableZeroCopy = false
 
 func main() {
 }
@@ -92,6 +93,7 @@ func SetupJson(configJson unsafe.Pointer) int32 {
 	log.DebugLog("Successfully deserialized config JSON")
 
 	EstimatedIntermediateKeyOverhead = len(options.ProductID) + len(options.ServiceName)
+	DisableZeroCopy = options.DisableZeroCopy
 
 	err := asherah.Setup(options)
 	if err == asherah.ErrAsherahAlreadyInitialized {
@@ -304,6 +306,12 @@ func encryptData(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer) (*appenc
 		return nil, result, errors.New(errorMessage)
 	}
 
+	if DisableZeroCopy {
+		dataCopy := make([]byte, len(data))
+		copy(dataCopy, data)
+		data = dataCopy
+	}
+
 	drr, err := asherah.Encrypt(partitionId, data)
 	if err != nil {
 		if err == asherah.ErrAsherahNotInitialized {
diff --git a/libasherah_test.go b/libasherah_test.go
@@ -282,6 +282,90 @@ func TestEncryptDecryptRoundTrip(t *testing.T) {
 	}
 }
 
+func TestEncryptDecryptRoundTripWithDefensiveCopy(t *testing.T) {
+	config := &asherah.Options{}
+
+	config.KMS = "static"
+	config.ServiceName = "TestService"
+	config.ProductID = "TestProduct"
+	config.Metastore = "memory"
+	config.EnableSessionCaching = true
+	config.SessionCacheDuration = 1000
+	config.SessionCacheMaxSize = 2
+	config.ExpireAfter = 1000
+	config.CheckInterval = 1000
+	config.Verbose = Verbose
+	config.DisableZeroCopy = true
+	config.RegionMap = asherah.RegionMap{}
+	config.RegionMap["region1"] = "arn1"
+	config.RegionMap["region2"] = "arn2"
+
+	buf := testAllocateJsonBuffer(t, config)
+
+	result := SetupJson(cobhan.Ptr(&buf))
+	if result != cobhan.ERR_NONE {
+		t.Errorf("SetupJson returned %v", result)
+	}
+	defer Shutdown()
+
+	if !DisableZeroCopy {
+		t.Error("DisableZeroCopy was not set by SetupJson")
+	}
+
+	input := "InputData"
+	partitionId := testAllocateStringBuffer(t, "Partition")
+	data := testAllocateStringBuffer(t, input)
+	encryptedData := cobhan.AllocateBuffer(256)
+	encryptedKey := cobhan.AllocateBuffer(256)
+	createdBuf := cobhan.AllocateBuffer(8)
+	parentKeyId := cobhan.AllocateBuffer(256)
+	parentKeyCreatedBuf := cobhan.AllocateBuffer(8)
+
+	result = Encrypt(cobhan.Ptr(&partitionId),
+		cobhan.Ptr(&data),
+		cobhan.Ptr(&encryptedData),
+		cobhan.Ptr(&encryptedKey),
+		cobhan.Ptr(&createdBuf),
+		cobhan.Ptr(&parentKeyId),
+		cobhan.Ptr(&parentKeyCreatedBuf),
+	)
+	if result != cobhan.ERR_NONE {
+		t.Errorf("Encrypt returned %v", result)
+	}
+
+	decryptedData := cobhan.AllocateBuffer(256)
+
+	created, result := cobhan.BufferToInt64Safe(&createdBuf)
+	if result != cobhan.ERR_NONE {
+		t.Errorf("BufferToInt64Safe returned %v", result)
+	}
+
+	parentKeyCreated, result := cobhan.BufferToInt64Safe(&parentKeyCreatedBuf)
+	if result != cobhan.ERR_NONE {
+		t.Errorf("BufferToInt64Safe returned %v", result)
+	}
+
+	result = Decrypt(cobhan.Ptr(&partitionId),
+		cobhan.Ptr(&encryptedData),
+		cobhan.Ptr(&encryptedKey),
+		created,
+		cobhan.Ptr(&parentKeyId),
+		parentKeyCreated,
+		cobhan.Ptr(&decryptedData),
+	)
+	if result != cobhan.ERR_NONE {
+		t.Errorf("Decrypt returned %v", result)
+	}
+
+	output, result := cobhan.BufferToStringSafe(&decryptedData)
+	if result != cobhan.ERR_NONE {
+		t.Errorf("BufferToStringSafe returned %v", result)
+	}
+	if output != input {
+		t.Errorf("Expected %v Actual %v", input, output)
+	}
+}
+
 func TestEncryptWithoutInit(t *testing.T) {
 	partitionId := testAllocateStringBuffer(t, "Partition")
 	data := testAllocateStringBuffer(t, "InputData")

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ type Options struct {`
`24`	`24`	PreferredRegion string `long:"preferred-region" description:"The preferred AWS region (required if --kms=aws)" env:"ASHERAH_PREFERRED_REGION"`
`25`	`25`	EnableRegionSuffix bool `long:"enable-region-suffix" description:"Configure the metastore to use regional suffixes (only supported by --metastore=dynamodb)" env:"ASHERAH_ENABLE_REGION_SUFFIX"`
`26`	`26`	EnableSessionCaching bool `long:"enable-session-caching" description:"Enable shared session caching" env:"ASHERAH_ENABLE_SESSION_CACHING"`
	`27`	+ DisableZeroCopy bool `long:"disable-zero-copy" description:"Disable zero-copy FFI input buffers to prevent use-after-free from caller runtime" env:"ASHERAH_DISABLE_ZERO_COPY"`
`27`	`28`	Verbose bool `short:"v" long:"verbose" description:"Enable verbose logging output" env:"ASHERAH_VERBOSE"`
`28`	`29`	`}`
`29`	`30`