PVer4: Test checksum on startup outside the hotpath of DB load

components/safe_browsing_db/v4_store.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_
 #define COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_
 
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
 #include "base/sequenced_task_runner.h"
@@ skipping 162 matching lines @@
   // If a hash prefix in this store matches |full_hash|, returns that hash
   // prefix; otherwise returns an empty hash prefix.
   virtual HashPrefix GetMatchingHashPrefix(const FullHash& full_hash);
 
   std::string DebugString() const;
 
   // Reads the store file from disk and populates the in-memory representation
   // of the hash prefixes.
   void Initialize();
 
-  // Reset internal state and delete the backing file.
-  virtual bool Reset();
+  // Reset internal state.
+  void Reset();
+
+  // Scheduled after reading the store file from disk on startup. When run, it
+  // ensures that the checksum of the hash prefixes in lexicographical sorted
+  // order matches the expected value in |expected_checksum_|. Returns true if
+  // it matches; false otherwise. Checksum verification can take a long time,
+  // so it is performed outside of the hotpath of loading SafeBrowsing database,
+  // which blocks resource loads.
+  bool VerifyChecksum();
 
  private:
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromEmptyFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromAbsentFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromInvalidContentsFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromUnexpectedMagicFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromLowVersionFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromNoHashPrefixInfoFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestReadFromNoHashPrefixesFile);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestWriteNoResponseType);
@@ skipping 44 matching lines @@
                            TestHashPrefixExistsInMapWithSingleSize);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestHashPrefixExistsInMapWithDifferentSizes);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestHashPrefixDoesNotExistInMapWithDifferentSizes);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest,
                            TestAdditionsWithRiceEncodingFailsWithInvalidInput);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestAdditionsWithRiceEncodingSucceeds);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestRemovalsWithRiceEncodingSucceeds);
   FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestMergeUpdatesFailsChecksum);
+  FRIEND_TEST_ALL_PREFIXES(V4StoreTest, TestChecksumErrorOnStartup);
   friend class V4StoreTest;
 
   // If |prefix_size| is within expected range, and |raw_hashes_length| is a
   // multiple of prefix_size, then it sets the string of length
   // |raw_hashes_length| starting at |raw_hashes_begin| as the value at key
   // |prefix_size| in |additions_map|
   static ApplyUpdateResult AddUnlumpedHashes(PrefixSize prefix_size,
                                              const char* raw_hashes_begin,
                                              const size_t raw_hashes_length,
                                              HashPrefixMap* additions_map);
@@ skipping 27 matching lines @@
   // list is exact. This ignores the space that would otherwise be released by
   // deletions specified in the update because it is non-trivial to calculate
   // those deletions upfront. This isn't so bad since deletions are supposed to
   // be small and infrequent.
   static void ReserveSpaceInPrefixMap(const HashPrefixMap& other_prefixes_map,
                                       HashPrefixMap* prefix_map_to_update);
 
   // Merges the prefix map from the old store (|old_hash_prefix_map|) and the
   // update (additions_map) to populate the prefix map for the current store.
   // The indices in the |raw_removals| list, which may be NULL, are not merged.
-  // The SHA256 checksum of the final list of hash prefixes, in lexographically
-  // sorted order, must match |expected_checksum| (if it's not empty).
+  // The SHA256 checksum of the final list of hash prefixes, in
+  // lexicographically sorted order, must match |expected_checksum| (if it's not
+  // empty).
   ApplyUpdateResult MergeUpdate(const HashPrefixMap& old_hash_prefix_map,
                                 const HashPrefixMap& additions_map,
                                 const ::google::protobuf::RepeatedField<
                                     ::google::protobuf::int32>* raw_removals,
                                 const std::string& expected_checksum);
 
   // Processes the FULL_UPDATE |response| from the server, and writes the
   // merged V4Store to disk. If processing the |response| succeeds, it returns
   // APPLY_UPDATE_SUCCESS.
   // This method is only called when we receive a FULL_UPDATE from the server.
@@ skipping 30 matching lines @@
   // Updates the |additions_map| with the additions received in the partial
   // update from the server.
   ApplyUpdateResult UpdateHashPrefixMapFromAdditions(
       const ::google::protobuf::RepeatedPtrField<ThreatEntrySet>& additions,
       HashPrefixMap* additions_map);
 
   // Writes the FULL_UPDATE |response| to disk as a V4StoreFileFormat proto.
   StoreWriteResult WriteToDisk(
       std::unique_ptr<ListUpdateResponse> response) const;
 
+  // The checksum value as read from the disk, until it is verified. Once
+  // verified, it is cleared.
+  std::string expected_checksum_;
+
   // The state of the store as returned by the PVer4 server in the last applied
   // update response.
   std::string state_;
   const base::FilePath store_path_;
   HashPrefixMap hash_prefix_map_;
   const scoped_refptr<base::SequencedTaskRunner> task_runner_;
 };
 
 std::ostream& operator<<(std::ostream& os, const V4Store& store);
 
 }  // namespace safe_browsing
 
 #endif  // COMPONENTS_SAFE_BROWSING_DB_V4_STORE_H_