hs: change hash in the cache name to SHA256

(cherry picked from commit c282880174)

src/util-mpm-hs-cache.c

@@ -34,17 +34,17 @@
 
 #ifdef BUILD_HYPERSCAN
 
+#include "rust.h"
 #include <hs.h>
 
-static const char *HSCacheConstructFPath(const char *folder_path, uint64_t hs_db_hash)
+static const char *HSCacheConstructFPath(const char *folder_path, const char *hs_db_hash)
 {
     static char hash_file_path[PATH_MAX];
 
     char hash_file_path_suffix[] = "_v1.hs";
     char filename[NAME_MAX];
-    uint64_t r = snprintf(
-            filename, sizeof(filename), "%020" PRIu64 "%s", hs_db_hash, hash_file_path_suffix);
-    if (r != (uint64_t)(20 + strlen(hash_file_path_suffix)))
+    uint64_t r = snprintf(filename, sizeof(filename), "%s%s", hs_db_hash, hash_file_path_suffix);
+    if (r != (uint64_t)(strlen(hs_db_hash) + strlen(hash_file_path_suffix)))
         return NULL;
 
     r = PathMerge(hash_file_path, sizeof(hash_file_path), folder_path, filename);
@@ -104,22 +104,22 @@ static char *HSReadStream(const char *file_path, size_t *buffer_sz)
  * Function to hash the searched pattern, only things relevant to Hyperscan
  * compilation are hashed.
  */
-static void SCHSCachePatternHash(const SCHSPattern *p, uint32_t *h1, uint32_t *h2)
+static void SCHSCachePatternHash(const SCHSPattern *p, SCSha256 *sha256)
 {
     BUG_ON(p->original_pat == NULL);
     BUG_ON(p->sids == NULL);
 
-    hashlittle2_safe(&p->len, sizeof(p->len), h1, h2);
-    hashlittle2_safe(&p->flags, sizeof(p->flags), h1, h2);
-    hashlittle2_safe(p->original_pat, p->len, h1, h2);
-    hashlittle2_safe(&p->id, sizeof(p->id), h1, h2);
-    hashlittle2_safe(&p->offset, sizeof(p->offset), h1, h2);
-    hashlittle2_safe(&p->depth, sizeof(p->depth), h1, h2);
-    hashlittle2_safe(&p->sids_size, sizeof(p->sids_size), h1, h2);
-    hashlittle2_safe(p->sids, p->sids_size * sizeof(SigIntId), h1, h2);
+    SCSha256Update(sha256, (const uint8_t *)&p->len, sizeof(p->len));
+    SCSha256Update(sha256, (const uint8_t *)&p->flags, sizeof(p->flags));
+    SCSha256Update(sha256, (const uint8_t *)p->original_pat, p->len);
+    SCSha256Update(sha256, (const uint8_t *)&p->id, sizeof(p->id));
+    SCSha256Update(sha256, (const uint8_t *)&p->offset, sizeof(p->offset));
+    SCSha256Update(sha256, (const uint8_t *)&p->depth, sizeof(p->depth));
+    SCSha256Update(sha256, (const uint8_t *)&p->sids_size, sizeof(p->sids_size));
+    SCSha256Update(sha256, (const uint8_t *)p->sids, p->sids_size * sizeof(SigIntId));
 }
 
-int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath)
+int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath)
 {
     const char *hash_file_static = HSCacheConstructFPath(dirpath, hs_db_hash);
     if (hash_file_static == NULL)
@@ -161,7 +161,7 @@ freeup:
     return ret;
 }
 
-static int HSSaveCache(hs_database_t *hs_db, uint64_t hs_db_hash, const char *dstpath)
+static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char *dstpath)
 {
     static bool notified = false;
     char *db_stream = NULL;
@@ -220,14 +220,26 @@ cleanup:
     return ret;
 }
 
-uint64_t HSHashDb(const PatternDatabase *pd)
+int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len)
 {
-    uint32_t hash[2] = { 0 };
-    hashword2(&pd->pattern_cnt, 1, &hash[0], &hash[1]);
+    SCSha256 *hasher = SCSha256New();
+    if (hasher == NULL) {
+        SCLogDebug("sha256 hashing failed");
+        return -1;
+    }
+    SCSha256Update(hasher, (const uint8_t *)&pd->pattern_cnt, sizeof(pd->pattern_cnt));
     for (uint32_t i = 0; i < pd->pattern_cnt; i++) {
-        SCHSCachePatternHash(pd->parray[i], &hash[0], &hash[1]);
+        SCHSCachePatternHash(pd->parray[i], hasher);
+    }
+
+    if (!SCSha256FinalizeToHex(hasher, hash, hash_len)) {
+        hasher = NULL;
+        SCLogDebug("sha256 hashing failed");
+        return -1;
     }
-    return ((uint64_t)hash[1] << 32) | hash[0];
+
+    hasher = NULL;
+    return 0;
 }
 
 void HSSaveCacheIterator(void *data, void *aux)
@@ -244,7 +256,11 @@ void HSSaveCacheIterator(void *data, void *aux)
         return;
     }
 
-    if (HSSaveCache(pd->hs_db, HSHashDb(pd), iter_data->cache_path) == 0) {
+    char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator
+    if (HSHashDb(pd, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) {
+        return;
+    }
+    if (HSSaveCache(pd->hs_db, hs_db_hash, iter_data->cache_path) == 0) {
         pd->cached = true; // for rule reloads
         iter_data->pd_stats->hs_dbs_cache_saved_cnt++;
     }

src/util-mpm-hs-cache.h

@@ -35,8 +35,8 @@ struct HsIteratorData {
     const char *cache_path;
 };
 
-int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath);
-uint64_t HSHashDb(const PatternDatabase *pd);
+int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath);
+int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len);
 void HSSaveCacheIterator(void *data, void *aux);
 #endif /* BUILD_HYPERSCAN */
 

src/util-mpm-hs.c

@@ -683,8 +683,11 @@ static int PatternDatabaseGetCached(
         return 0;
     } else if (cache_dir_path) {
         pd_cached = *pd;
-        uint64_t db_lookup_hash = HSHashDb(pd_cached);
-        if (HSLoadCache(&pd_cached->hs_db, db_lookup_hash, cache_dir_path) == 0) {
+        char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator
+        if (HSHashDb(pd_cached, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) {
+            return -1;
+        }
+        if (HSLoadCache(&pd_cached->hs_db, hs_db_hash, cache_dir_path) == 0) {
             pd_cached->ref_cnt = 1;
             pd_cached->cached = true;
             if (HSScratchAlloc(pd_cached->hs_db) != 0) {