Use SHA256 hash for plugin cache

Use SHA256 hash for plugin cache key. Otherwise, a raw plugin
config (concatenated with root ID and key) is stored in the key which
may cause unnecessary memory consumption.

Author: phmx

BUILD

@@ -66,6 +66,8 @@ cc_library(
         "src/bytecode_util.cc",
         "src/context.cc",
         "src/exports.cc",
+        "src/hash.cc",
+        "src/hash.h",
         "src/pairs_util.cc",
         "src/shared_data.cc",
         "src/shared_data.h",

include/proxy-wasm/context.h

@@ -23,6 +23,7 @@
 #include <map>
 #include <memory>
 #include <string>
+#include <string_view>
 #include <vector>
 
 #include "include/proxy-wasm/context_interface.h"
@@ -53,8 +54,7 @@ struct PluginBase {
              std::string_view key)
       : name_(std::string(name)), root_id_(std::string(root_id)), vm_id_(std::string(vm_id)),
         engine_(std::string(engine)), plugin_configuration_(plugin_configuration),
-        fail_open_(fail_open),
-        key_(root_id_ + "||" + plugin_configuration_ + "||" + std::string(key)),
+        fail_open_(fail_open), key_(makePluginKey(root_id, plugin_configuration, key)),
         log_prefix_(makeLogPrefix()) {}
 
   const std::string name_;
@@ -69,6 +69,8 @@ struct PluginBase {
 
 private:
   std::string makeLogPrefix() const;
+  static std::string makePluginKey(std::string_view root_id, std::string_view plugin_configuration,
+                                   std::string_view key);
 
   const std::string key_;
   const std::string log_prefix_;

src/context.cc

@@ -22,6 +22,7 @@
 
 #include "include/proxy-wasm/context.h"
 #include "include/proxy-wasm/wasm.h"
+#include "src/hash.h"
 #include "src/shared_data.h"
 #include "src/shared_queue.h"
 
@@ -85,6 +86,11 @@ std::string PluginBase::makeLogPrefix() const {
   return prefix;
 }
 
+std::string PluginBase::makePluginKey(std::string_view root_id,
+                                      std::string_view plugin_configuration, std::string_view key) {
+  return Sha256String({root_id, "||", plugin_configuration, "||", key});
+}
+
 ContextBase::ContextBase() : parent_context_(this) {}
 
 ContextBase::ContextBase(WasmBase *wasm) : wasm_(wasm), parent_context_(this) {

src/hash.cc

@@ -0,0 +1,54 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "src/hash.h"
+
+#include <string>
+#include <vector>
+
+#include <openssl/sha.h>
+
+namespace proxy_wasm {
+
+namespace {
+
+std::string BytesToHex(const std::vector<uint8_t> &bytes) {
+  static const char *const hex = "0123456789ABCDEF";
+  std::string result;
+  result.reserve(bytes.size() * 2);
+  for (auto byte : bytes) {
+    result.push_back(hex[byte >> 4]);
+    result.push_back(hex[byte & 0xf]);
+  }
+  return result;
+}
+
+} // namespace
+
+std::vector<uint8_t> Sha256(const std::vector<std::string_view> &parts) {
+  uint8_t sha256[SHA256_DIGEST_LENGTH];
+  SHA256_CTX sha_ctx;
+  SHA256_Init(&sha_ctx);
+  for (auto part : parts) {
+    SHA256_Update(&sha_ctx, part.data(), part.size());
+  }
+  SHA256_Final(sha256, &sha_ctx);
+  return std::vector<uint8_t>(std::begin(sha256), std::end(sha256));
+}
+
+std::string Sha256String(const std::vector<std::string_view> &parts) {
+  return BytesToHex(Sha256(parts));
+}
+
+} // namespace proxy_wasm

src/hash.h

@@ -0,0 +1,27 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include <openssl/sha.h>
+
+namespace proxy_wasm {
+
+std::vector<uint8_t> Sha256(const std::vector<std::string_view> &parts);
+std::string Sha256String(const std::vector<std::string_view> &parts);
+
+} // namespace proxy_wasm

src/wasm.cc

@@ -27,11 +27,10 @@
 #include <unordered_map>
 #include <utility>
 
-#include <openssl/sha.h>
-
 #include "include/proxy-wasm/bytecode_util.h"
 #include "include/proxy-wasm/signature_util.h"
 #include "include/proxy-wasm/vm_id_handle.h"
+#include "src/hash.h"
 
 namespace proxy_wasm {
 
@@ -44,33 +43,11 @@ thread_local std::unordered_map<std::string, std::weak_ptr<PluginHandleBase>> lo
 std::mutex base_wasms_mutex;
 std::unordered_map<std::string, std::weak_ptr<WasmHandleBase>> *base_wasms = nullptr;
 
-std::vector<uint8_t> Sha256(const std::vector<std::string_view> &parts) {
-  uint8_t sha256[SHA256_DIGEST_LENGTH];
-  SHA256_CTX sha_ctx;
-  SHA256_Init(&sha_ctx);
-  for (auto part : parts) {
-    SHA256_Update(&sha_ctx, part.data(), part.size());
-  }
-  SHA256_Final(sha256, &sha_ctx);
-  return std::vector<uint8_t>(std::begin(sha256), std::end(sha256));
-}
-
-std::string BytesToHex(const std::vector<uint8_t> &bytes) {
-  static const char *const hex = "0123456789ABCDEF";
-  std::string result;
-  result.reserve(bytes.size() * 2);
-  for (auto byte : bytes) {
-    result.push_back(hex[byte >> 4]);
-    result.push_back(hex[byte & 0xf]);
-  }
-  return result;
-}
-
 } // namespace
 
 std::string makeVmKey(std::string_view vm_id, std::string_view vm_configuration,
                       std::string_view code) {
-  return BytesToHex(Sha256({vm_id, vm_configuration, code}));
+  return Sha256String({vm_id, "||", vm_configuration, "||", code});
 }
 
 class WasmBase::ShutdownHandle {