diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c index 1e5001ba02..83bbee59c3 100644 --- a/src/util-mpm-hs-cache.c +++ b/src/util-mpm-hs-cache.c @@ -34,17 +34,17 @@ #ifdef BUILD_HYPERSCAN +#include "rust.h" #include -static const char *HSCacheConstructFPath(const char *folder_path, uint64_t hs_db_hash) +static const char *HSCacheConstructFPath(const char *folder_path, const char *hs_db_hash) { static char hash_file_path[PATH_MAX]; char hash_file_path_suffix[] = "_v1.hs"; char filename[NAME_MAX]; - uint64_t r = snprintf( - filename, sizeof(filename), "%020" PRIu64 "%s", hs_db_hash, hash_file_path_suffix); - if (r != (uint64_t)(20 + strlen(hash_file_path_suffix))) + uint64_t r = snprintf(filename, sizeof(filename), "%s%s", hs_db_hash, hash_file_path_suffix); + if (r != (uint64_t)(strlen(hs_db_hash) + strlen(hash_file_path_suffix))) return NULL; r = PathMerge(hash_file_path, sizeof(hash_file_path), folder_path, filename); @@ -104,22 +104,22 @@ static char *HSReadStream(const char *file_path, size_t *buffer_sz) * Function to hash the searched pattern, only things relevant to Hyperscan * compilation are hashed. */ -static void SCHSCachePatternHash(const SCHSPattern *p, uint32_t *h1, uint32_t *h2) +static void SCHSCachePatternHash(const SCHSPattern *p, SCSha256 *sha256) { BUG_ON(p->original_pat == NULL); BUG_ON(p->sids == NULL); - hashlittle2_safe(&p->len, sizeof(p->len), h1, h2); - hashlittle2_safe(&p->flags, sizeof(p->flags), h1, h2); - hashlittle2_safe(p->original_pat, p->len, h1, h2); - hashlittle2_safe(&p->id, sizeof(p->id), h1, h2); - hashlittle2_safe(&p->offset, sizeof(p->offset), h1, h2); - hashlittle2_safe(&p->depth, sizeof(p->depth), h1, h2); - hashlittle2_safe(&p->sids_size, sizeof(p->sids_size), h1, h2); - hashlittle2_safe(p->sids, p->sids_size * sizeof(SigIntId), h1, h2); + SCSha256Update(sha256, (const uint8_t *)&p->len, sizeof(p->len)); + SCSha256Update(sha256, (const uint8_t *)&p->flags, sizeof(p->flags)); + SCSha256Update(sha256, (const uint8_t *)p->original_pat, p->len); + SCSha256Update(sha256, (const uint8_t *)&p->id, sizeof(p->id)); + SCSha256Update(sha256, (const uint8_t *)&p->offset, sizeof(p->offset)); + SCSha256Update(sha256, (const uint8_t *)&p->depth, sizeof(p->depth)); + SCSha256Update(sha256, (const uint8_t *)&p->sids_size, sizeof(p->sids_size)); + SCSha256Update(sha256, (const uint8_t *)p->sids, p->sids_size * sizeof(SigIntId)); } -int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath) +int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath) { const char *hash_file_static = HSCacheConstructFPath(dirpath, hs_db_hash); if (hash_file_static == NULL) @@ -161,7 +161,7 @@ freeup: return ret; } -static int HSSaveCache(hs_database_t *hs_db, uint64_t hs_db_hash, const char *dstpath) +static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char *dstpath) { static bool notified = false; char *db_stream = NULL; @@ -220,14 +220,26 @@ cleanup: return ret; } -uint64_t HSHashDb(const PatternDatabase *pd) +int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len) { - uint32_t hash[2] = { 0 }; - hashword2(&pd->pattern_cnt, 1, &hash[0], &hash[1]); + SCSha256 *hasher = SCSha256New(); + if (hasher == NULL) { + SCLogDebug("sha256 hashing failed"); + return -1; + } + SCSha256Update(hasher, (const uint8_t *)&pd->pattern_cnt, sizeof(pd->pattern_cnt)); for (uint32_t i = 0; i < pd->pattern_cnt; i++) { - SCHSCachePatternHash(pd->parray[i], &hash[0], &hash[1]); + SCHSCachePatternHash(pd->parray[i], hasher); + } + + if (!SCSha256FinalizeToHex(hasher, hash, hash_len)) { + hasher = NULL; + SCLogDebug("sha256 hashing failed"); + return -1; } - return ((uint64_t)hash[1] << 32) | hash[0]; + + hasher = NULL; + return 0; } void HSSaveCacheIterator(void *data, void *aux) @@ -244,7 +256,11 @@ void HSSaveCacheIterator(void *data, void *aux) return; } - if (HSSaveCache(pd->hs_db, HSHashDb(pd), iter_data->cache_path) == 0) { + char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator + if (HSHashDb(pd, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) { + return; + } + if (HSSaveCache(pd->hs_db, hs_db_hash, iter_data->cache_path) == 0) { pd->cached = true; // for rule reloads iter_data->pd_stats->hs_dbs_cache_saved_cnt++; } diff --git a/src/util-mpm-hs-cache.h b/src/util-mpm-hs-cache.h index 237762d5ae..225c5001a9 100644 --- a/src/util-mpm-hs-cache.h +++ b/src/util-mpm-hs-cache.h @@ -35,8 +35,8 @@ struct HsIteratorData { const char *cache_path; }; -int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath); -uint64_t HSHashDb(const PatternDatabase *pd); +int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath); +int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len); void HSSaveCacheIterator(void *data, void *aux); #endif /* BUILD_HYPERSCAN */ diff --git a/src/util-mpm-hs.c b/src/util-mpm-hs.c index 210a77b645..8f9b504c94 100644 --- a/src/util-mpm-hs.c +++ b/src/util-mpm-hs.c @@ -683,8 +683,11 @@ static int PatternDatabaseGetCached( return 0; } else if (cache_dir_path) { pd_cached = *pd; - uint64_t db_lookup_hash = HSHashDb(pd_cached); - if (HSLoadCache(&pd_cached->hs_db, db_lookup_hash, cache_dir_path) == 0) { + char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator + if (HSHashDb(pd_cached, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) { + return -1; + } + if (HSLoadCache(&pd_cached->hs_db, hs_db_hash, cache_dir_path) == 0) { pd_cached->ref_cnt = 1; pd_cached->cached = true; if (HSScratchAlloc(pd_cached->hs_db) != 0) {