PVer4: Verify checksum for downloaded updates

components/safe_browsing_db/v4_store.h

Index: components/safe_browsing_db/v4_store.h
diff --git a/components/safe_browsing_db/v4_store.h b/components/safe_browsing_db/v4_store.h
index 94621e5281cac0682e505c695513c4090bfb7b22..1cf46536d081419a9cc2c335ce156c7fec62b9bc 100644
--- a/components/safe_browsing_db/v4_store.h
+++ b/components/safe_browsing_db/v4_store.h
@@ -144,6 +144,10 @@ enum ApplyUpdateResult {
   // Compression type other than RAW and RICE for removals.
   UNEXPECTED_COMPRESSION_TYPE_REMOVALS_FAILURE = 10,
 
+  // The state of the store did not match the expected checksum sent by the
+  // server.
+  CHECKSUM_MISMATCH_FAILURE = 11,
+
   // Memory space for histograms is determined by the max.  ALWAYS
   // ADD NEW VALUES BEFORE THIS ONE.
   APPLY_UPDATE_RESULT_MAX
@@ -251,6 +255,7 @@ class V4Store {
                            TestAdditionsWithRiceEncodingFailsWithInvalidInput);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestAdditionsWithRiceEncodingSucceeds);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestRemovalsWithRiceEncodingSucceeds);
+  FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestMergeUpdatesFailsChecksum);
   friend class V4StoreTest;
 
   // If |prefix_size| is within expected range, and |raw_hashes| is not invalid,
@@ -279,6 +284,40 @@ class V4Store {
   static void InitializeIteratorMap(const HashPrefixMap& hash_prefix_map,
                                     IteratorMap* iterator_map);
 
+  // Processes the FULL_UPDATE |response| from the server, updates the V4Store
+  // in |new_store|, and writes the merged store to disk. If processing the
+  // |response| succeeds, it returns APPLY_UPDATE_SUCCESS.
+  // This method is only called when we receive a FULL_UPDATE from the server.
+  static ApplyUpdateResult ProcessFullUpdateAndWriteToDisk(
+      std::unique_ptr<ListUpdateResponse> response,
+      const std::unique_ptr<V4Store>& new_store);
+
+  // Processes a FULL_UPDATE |response| and updates |new_store|. If processing
+  // the |response| succeeds, it returns APPLY_UPDATE_SUCCESS.
+  // This method is called when we receive a FULL_UPDATE from the server, and
+  // when we read a store file from disk on startup.
+  static ApplyUpdateResult ProcessFullUpdate(
+      const std::unique_ptr<ListUpdateResponse>& response,
+      V4Store* new_store);

[Nathan Parker, 2016/08/08 21:17:19]

To consider:

It starts to get a bit murky when you have static functions within the class
that take a V4Store* -- they're basically a non-static function since they have
access to all the private members of V4Store (it's like new_store is "this"). 
You could consider making these non-static, or pulling them from the class and
putting them in a "namespace internal {...}" if they don't really need to access
private members.

[vakh (use Gerrit instead), 2016/08/08 22:46:47]

Agree. Made them non-static.

+
+  // Merges the hash prefixes in |hash_prefix_map_old| and |response|, updates
+  // the |hash_prefix_map_| and |state_| in |new_store|, and writes the merged
+  // store to disk. If processing succeeds, it returns APPLY_UPDATE_SUCCESS.
+  // This method is only called when we receive a PARTIAL_UPDATE from the
+  // server.
+  static ApplyUpdateResult ProcessPartialUpdateAndWriteToDisk(
+      const HashPrefixMap& hash_prefix_map_old,
+      std::unique_ptr<ListUpdateResponse> response,
+      const std::unique_ptr<V4Store>& new_store);
+
+  // Merges the hash prefixes in |hash_prefix_map_old| and |response|, and
+  // updates the |hash_prefix_map_| and |state_| in |new_store|. If processing
+  // succeeds, it returns APPLY_UPDATE_SUCCESS.
+  static ApplyUpdateResult ProcessUpdate(
+      const HashPrefixMap& hash_prefix_map_old,
+      const std::unique_ptr<ListUpdateResponse>& response,
+      V4Store* new_store);
+
   // Reserve the appropriate string size so that the string size of the merged
   // list is exact. This ignores the space that would otherwise be released by
   // deletions specified in the update because it is non-trivial to calculate
@@ -296,24 +335,13 @@ class V4Store {
   // Merges the prefix map from the old store (|old_hash_prefix_map|) and the
   // update (additions_map) to populate the prefix map for the current store.
   // The indices in the |raw_removals| list, which may be NULL, are not merged.
+  // The SHA256 checksum of the final list of hash prefixes, in lexographically
+  // sorted order, must match |expected_checksum| (if it's not empty).
   ApplyUpdateResult MergeUpdate(const HashPrefixMap& old_hash_prefix_map,
                                 const HashPrefixMap& additions_map,
                                 const ::google::protobuf::RepeatedField<
-                                    ::google::protobuf::int32>* raw_removals);
-
-  // Processes the FULL_UPDATE |response| from the server and updates the
-  // V4Store in |new_store| and writes it to disk. If processing the |response|
-  // succeeds, it returns APPLY_UPDATE_SUCCESS.
-  ApplyUpdateResult ProcessFullUpdate(
-      std::unique_ptr<ListUpdateResponse> response,
-      const std::unique_ptr<V4Store>& new_store);
-
-  // Processes the PARTIAL_UPDATE |response| from the server and updates the
-  // V4Store in |new_store|. If processing the |response| succeeds, it returns
-  // APPLY_UPDATE_SUCCESS.
-  ApplyUpdateResult ProcessPartialUpdate(
-      std::unique_ptr<ListUpdateResponse> response,
-      const std::unique_ptr<V4Store>& new_store);
+                                    ::google::protobuf::int32>* raw_removals,
+                                const std::string& expected_checksum);
 
   // Reads the state of the store from the file on disk and returns the reason
   // for the failure or reports success.