PVer4: Verify checksum for downloaded updates

components/safe_browsing_db/v4_store.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_
 #define COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_
 
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
 #include "base/sequenced_task_runner.h"
@@ skipping 120 matching lines @@
 
   // Failed to decode the Rice-encoded additions/removals field.
   RICE_DECODING_FAILURE = 8,
 
   // Compression type other than RAW and RICE for additions.
   UNEXPECTED_COMPRESSION_TYPE_ADDITIONS_FAILURE = 9,
 
   // Compression type other than RAW and RICE for removals.
   UNEXPECTED_COMPRESSION_TYPE_REMOVALS_FAILURE = 10,
 
+  // The state of the store did not match the expected checksum sent by the
+  // server.
+  CHECKSUM_MISMATCH_FAILURE = 11,
+
   // Memory space for histograms is determined by the max.  ALWAYS
   // ADD NEW VALUES BEFORE THIS ONE.
   APPLY_UPDATE_RESULT_MAX
 };
 
 // Factory for creating V4Store. Tests implement this factory to create fake
 // stores for testing.
 class V4StoreFactory {
  public:
   virtual ~V4StoreFactory() {}
@@ skipping 87 matching lines @@
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestHashPrefixExistsInMapWithSingleSize);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestHashPrefixExistsInMapWithDifferentSizes);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestHashPrefixDoesNotExistInMapWithDifferentSizes);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestAdditionsWithRiceEncodingFailsWithInvalidInput);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestAdditionsWithRiceEncodingSucceeds);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestRemovalsWithRiceEncodingSucceeds);
+  FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestMergeUpdatesFailsChecksum);
   friend class V4StoreTest;
 
   // If |prefix_size| is within expected range, and |raw_hashes| is not invalid,
   // then it sets |raw_hashes| as the value at key |prefix_size| in
   // |additions_map|
   static ApplyUpdateResult AddUnlumpedHashes(PrefixSize prefix_size,
                                              const std::string& raw_hashes,
                                              HashPrefixMap* additions_map);
 
   // Get the next unmerged hash prefix in dictionary order from
@@ skipping 25 matching lines @@
 
   // Updates the |additions_map| with the additions received in the partial
   // update from the server.
   static ApplyUpdateResult UpdateHashPrefixMapFromAdditions(
       const ::google::protobuf::RepeatedPtrField<ThreatEntrySet>& additions,
       HashPrefixMap* additions_map);
 
   // Merges the prefix map from the old store (|old_hash_prefix_map|) and the
   // update (additions_map) to populate the prefix map for the current store.
   // The indices in the |raw_removals| list, which may be NULL, are not merged.
+  // The SHA256 checksum of the final list of hash prefixes, in lexographically
+  // sorted order, must match |expected_checksum| (if it's not empty).
   ApplyUpdateResult MergeUpdate(const HashPrefixMap& old_hash_prefix_map,
                                 const HashPrefixMap& additions_map,
                                 const ::google::protobuf::RepeatedField<
-                                    ::google::protobuf::int32>* raw_removals);
+                                    ::google::protobuf::int32>* raw_removals,
+                                const std::string& expected_checksum);
 
-  // Processes the FULL_UPDATE |response| from the server and updates the
-  // V4Store in |new_store| and writes it to disk. If processing the |response|
+  // Processes the FULL_UPDATE |response| from the server, and writes the
+  // merged V4Store to disk. If processing the |response| succeeds, it returns
+  // APPLY_UPDATE_SUCCESS.
+  // This method is only called when we receive a FULL_UPDATE from the server.
+  ApplyUpdateResult ProcessFullUpdateAndWriteToDisk(
+      std::unique_ptr<ListUpdateResponse> response);
+
+  // Processes a FULL_UPDATE |response| and updates the V4Store. If processing
+  // the |response| succeeds, it returns APPLY_UPDATE_SUCCESS.
+  // This method is called when we receive a FULL_UPDATE from the server, and
+  // when we read a store file from disk on startup.
+  ApplyUpdateResult ProcessFullUpdate(
+      const std::unique_ptr<ListUpdateResponse>& response);
+
+  // Merges the hash prefixes in |hash_prefix_map_old| and |response|, updates
+  // the |hash_prefix_map_| and |state_| in the V4Store, and writes the merged
+  // store to disk. If processing succeeds, it returns APPLY_UPDATE_SUCCESS.
+  // This method is only called when we receive a PARTIAL_UPDATE from the
+  // server.
+  ApplyUpdateResult ProcessPartialUpdateAndWriteToDisk(
+      const HashPrefixMap& hash_prefix_map_old,
+      std::unique_ptr<ListUpdateResponse> response);
+
+  // Merges the hash prefixes in |hash_prefix_map_old| and |response|, and
+  // updates the |hash_prefix_map_| and |state_| in the V4Store. If processing
   // succeeds, it returns APPLY_UPDATE_SUCCESS.
-  ApplyUpdateResult ProcessFullUpdate(
-      std::unique_ptr<ListUpdateResponse> response,
-      const std::unique_ptr<V4Store>& new_store);
-
-  // Processes the PARTIAL_UPDATE |response| from the server and updates the
-  // V4Store in |new_store|. If processing the |response| succeeds, it returns
-  // APPLY_UPDATE_SUCCESS.
-  ApplyUpdateResult ProcessPartialUpdate(
-      std::unique_ptr<ListUpdateResponse> response,
-      const std::unique_ptr<V4Store>& new_store);
+  ApplyUpdateResult ProcessUpdate(
+      const HashPrefixMap& hash_prefix_map_old,
+      const std::unique_ptr<ListUpdateResponse>& response);
 
   // Reads the state of the store from the file on disk and returns the reason
   // for the failure or reports success.
   StoreReadResult ReadFromDisk();
 
   // Writes the FULL_UPDATE |response| to disk as a V4StoreFileFormat proto.
   StoreWriteResult WriteToDisk(
       std::unique_ptr<ListUpdateResponse> response) const;
 
   // The state of the store as returned by the PVer4 server in the last applied
   // update response.
   std::string state_;
   const base::FilePath store_path_;
   HashPrefixMap hash_prefix_map_;
   const scoped_refptr<base::SequencedTaskRunner> task_runner_;
 };
 
 std::ostream& operator<<(std::ostream& os, const V4Store& store);
 
 }  // namespace safe_browsing
 
 #endif  // COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_