Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp
authorDimi Lee <dlee@mozilla.com>
Thu, 07 Mar 2019 14:40:14 +0000
changeset 520888 c2331373e10707aa5259eb3d8436f65c8d59c684
parent 520887 29867c8ea3ec95630a82a43e432969391f2decda
child 520889 c7a253aed4508a8df4f1309d889dbfd669cd1693
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1353956
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp SafeBrowsing V4 protocol use SHA-256 as the checksum to check integrity of update data and also the integrity of prefix files. SafeBrowsing V2 HashStore use MD5 as the checksum to check integrity of .sbstore Since we are going to use CRC32 as the integrity check of V4 prefix files, I think rename V4 "checksum" to SHA256 can improve readability. Differential Revision: https://phabricator.services.mozilla.com/D21460
toolkit/components/url-classifier/Classifier.cpp
toolkit/components/url-classifier/HashStore.cpp
toolkit/components/url-classifier/HashStore.h
toolkit/components/url-classifier/LookupCacheV4.cpp
toolkit/components/url-classifier/LookupCacheV4.h
toolkit/components/url-classifier/ProtocolParser.cpp
toolkit/components/url-classifier/tests/gtest/TestUrlClassifierTableUpdateV4.cpp
--- a/toolkit/components/url-classifier/Classifier.cpp
+++ b/toolkit/components/url-classifier/Classifier.cpp
@@ -1572,31 +1572,30 @@ nsresult Classifier::LoadMetadata(nsIFil
       if (lookupCache) {
         lookupCacheV4 = LookupCache::Cast<LookupCacheV4>(lookupCache);
       }
     }
     if (!lookupCacheV4) {
       continue;
     }
 
-    nsCString state;
-    nsCString checksum;
-    rv = lookupCacheV4->LoadMetadata(state, checksum);
+    nsCString state, sha256;
+    rv = lookupCacheV4->LoadMetadata(state, sha256);
     if (NS_FAILED(rv)) {
       LOG(("Failed to get metadata for table %s", tableName.get()));
       continue;
     }
 
     // The state might include '\n' so that we have to encode.
     nsAutoCString stateBase64;
     rv = Base64Encode(state, stateBase64);
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsAutoCString checksumBase64;
-    rv = Base64Encode(checksum, checksumBase64);
+    rv = Base64Encode(sha256, checksumBase64);
     NS_ENSURE_SUCCESS(rv, rv);
 
     LOG(("Appending state '%s' and checksum '%s' for table %s",
          stateBase64.get(), checksumBase64.get(), tableName.get()));
 
     aResult.AppendPrintf("%s;%s:%s\n", tableName.get(), stateBase64.get(),
                          checksumBase64.get());
   }
--- a/toolkit/components/url-classifier/HashStore.cpp
+++ b/toolkit/components/url-classifier/HashStore.cpp
@@ -201,18 +201,18 @@ nsresult TableUpdateV4::NewRemovalIndice
   }
 
   for (size_t i = 0; i < aNumOfIndices; i++) {
     mRemovalIndiceArray.AppendElement(aIndices[i]);
   }
   return NS_OK;
 }
 
-void TableUpdateV4::NewChecksum(const std::string& aChecksum) {
-  mChecksum.Assign(aChecksum.data(), aChecksum.size());
+void TableUpdateV4::SetSHA256(const std::string& aSHA256) {
+  mSHA256.Assign(aSHA256.data(), aSHA256.size());
 }
 
 nsresult TableUpdateV4::NewFullHashResponse(
     const Prefix& aPrefix, const CachedFullHashResponse& aResponse) {
   CachedFullHashResponse* response =
       mFullHashResponseMap.LookupOrAdd(aPrefix.ToUint32());
   if (!response) {
     return NS_ERROR_OUT_OF_MEMORY;
--- a/toolkit/components/url-classifier/HashStore.h
+++ b/toolkit/components/url-classifier/HashStore.h
@@ -154,41 +154,41 @@ class TableUpdateV4 : public TableUpdate
   }
 
   bool IsFullUpdate() const { return mFullUpdate; }
   const PrefixStringMap& Prefixes() const { return mPrefixesMap; }
   const RemovalIndiceArray& RemovalIndices() const {
     return mRemovalIndiceArray;
   }
   const nsACString& ClientState() const { return mClientState; }
-  const nsACString& Checksum() const { return mChecksum; }
+  const nsACString& SHA256() const { return mSHA256; }
   const FullHashResponseMap& FullHashResponse() const {
     return mFullHashResponseMap;
   }
 
   // For downcasting.
   static const int TAG = 4;
 
   void SetFullUpdate(bool aIsFullUpdate) { mFullUpdate = aIsFullUpdate; }
   void NewPrefixes(int32_t aSize, const nsACString& aPrefixes);
   void SetNewClientState(const nsACString& aState) { mClientState = aState; }
-  void NewChecksum(const std::string& aChecksum);
+  void SetSHA256(const std::string& aSHA256);
 
   nsresult NewRemovalIndices(const uint32_t* aIndices, size_t aNumOfIndices);
   nsresult NewFullHashResponse(const Prefix& aPrefix,
                                const CachedFullHashResponse& aResponse);
 
  private:
   virtual int Tag() const override { return TAG; }
 
   bool mFullUpdate;
   PrefixStringMap mPrefixesMap;
   RemovalIndiceArray mRemovalIndiceArray;
   nsCString mClientState;
-  nsCString mChecksum;
+  nsCString mSHA256;
 
   // This is used to store response from fullHashes.find.
   FullHashResponseMap mFullHashResponseMap;
 };
 
 // There is one hash store per table.
 class HashStore {
  public:
--- a/toolkit/components/url-classifier/LookupCacheV4.cpp
+++ b/toolkit/components/url-classifier/LookupCacheV4.cpp
@@ -168,25 +168,25 @@ nsresult LookupCacheV4::StoreToFile(nsCO
 }
 
 nsresult LookupCacheV4::LoadFromFile(nsCOMPtr<nsIFile>& aFile) {
   nsresult rv = mVLPrefixSet->LoadFromFile(aFile);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  nsCString state, checksum;
-  rv = LoadMetadata(state, checksum);
+  nsCString state, sha256;
+  rv = LoadMetadata(state, sha256);
   Telemetry::Accumulate(Telemetry::URLCLASSIFIER_VLPS_METADATA_CORRUPT,
                         rv == NS_ERROR_FILE_CORRUPTED);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  rv = VerifyChecksum(checksum);
+  rv = VerifySHA256(sha256);
   Telemetry::Accumulate(Telemetry::URLCLASSIFIER_VLPS_LOAD_CORRUPT,
                         rv == NS_ERROR_FILE_CORRUPTED);
   Unused << NS_WARN_IF(NS_FAILED(rv));
   return rv;
 }
 
 size_t LookupCacheV4::SizeOfPrefixSet() const {
   return mVLPrefixSet->SizeOfIncludingThis(moz_malloc_size_of);
@@ -217,18 +217,18 @@ static nsresult InitCrypto(nsCOMPtr<nsIC
 
   rv = aCrypto->Init(nsICryptoHash::SHA256);
   NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "InitCrypto failed");
 
   return rv;
 }
 
 // Read prefix into a buffer and also update the hash which
-// keeps track of the checksum
-static void UpdateChecksum(nsICryptoHash* aCrypto, const nsACString& aPrefix) {
+// keeps track of the sha256 hash
+static void UpdateSHA256(nsICryptoHash* aCrypto, const nsACString& aPrefix) {
   MOZ_ASSERT(aCrypto);
   aCrypto->Update(
       reinterpret_cast<uint8_t*>(const_cast<char*>(aPrefix.BeginReading())),
       aPrefix.Length());
 }
 
 // Please see https://bug1287058.bmoattachments.org/attachment.cgi?id=8795366
 // for detail about partial update algorithm.
@@ -310,26 +310,26 @@ nsresult LookupCacheV4::ApplyUpdate(RefP
           numOldPrefixPicked == removalArray[removalIndex]) {
         removalIndex++;
       } else {
         rv = AppendPrefixToMap(aOutputMap, smallestOldPrefix);
         if (NS_WARN_IF(NS_FAILED(rv))) {
           return rv;
         }
 
-        UpdateChecksum(crypto, smallestOldPrefix);
+        UpdateSHA256(crypto, smallestOldPrefix);
       }
       smallestOldPrefix.SetLength(0);
     } else {
       rv = AppendPrefixToMap(aOutputMap, smallestAddPrefix);
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return rv;
       }
 
-      UpdateChecksum(crypto, smallestAddPrefix);
+      UpdateSHA256(crypto, smallestAddPrefix);
       smallestAddPrefix.SetLength(0);
     }
   }
 
   // We expect index will be greater to 0 because max number of runs will be
   // the number of original prefix plus add prefix.
   if (index <= 0) {
     LOG(("There are still prefixes remaining after reaching maximum runs."));
@@ -338,68 +338,68 @@ nsresult LookupCacheV4::ApplyUpdate(RefP
 
   if (removalIndex < removalArray.Length()) {
     LOG(
         ("There are still prefixes to remove after exhausting the old "
          "PrefixSet."));
     return NS_ERROR_UC_UPDATE_WRONG_REMOVAL_INDICES;
   }
 
-  nsAutoCString checksum;
-  crypto->Finish(false, checksum);
-  if (aTableUpdate->Checksum().IsEmpty()) {
-    LOG(("Update checksum missing."));
+  nsAutoCString sha256;
+  crypto->Finish(false, sha256);
+  if (aTableUpdate->SHA256().IsEmpty()) {
+    LOG(("Update sha256 hash missing."));
     Telemetry::Accumulate(
         Telemetry::URLCLASSIFIER_UPDATE_ERROR, mProvider,
         NS_ERROR_GET_CODE(NS_ERROR_UC_UPDATE_MISSING_CHECKSUM));
 
-    // Generate our own checksum to tableUpdate to ensure there is always
+    // Generate our own sha256 to tableUpdate to ensure there is always
     // checksum in .metadata
-    std::string stdChecksum(checksum.BeginReading(), checksum.Length());
-    aTableUpdate->NewChecksum(stdChecksum);
-  } else if (aTableUpdate->Checksum() != checksum) {
-    LOG(("Checksum mismatch after applying partial update"));
+    std::string stdSha256(sha256.BeginReading(), sha256.Length());
+    aTableUpdate->SetSHA256(stdSha256);
+  } else if (aTableUpdate->SHA256() != sha256) {
+    LOG(("SHA256 hash mismatch after applying partial update"));
     return NS_ERROR_UC_UPDATE_CHECKSUM_MISMATCH;
   }
 
   return NS_OK;
 }
 
 nsresult LookupCacheV4::AddFullHashResponseToCache(
     const FullHashResponseMap& aResponseMap) {
   CopyClassHashTable<FullHashResponseMap>(aResponseMap, mFullHashCache);
 
   return NS_OK;
 }
 
-nsresult LookupCacheV4::VerifyChecksum(const nsACString& aChecksum) {
+nsresult LookupCacheV4::VerifySHA256(const nsACString& aSHA256) {
   nsCOMPtr<nsICryptoHash> crypto;
   nsresult rv = InitCrypto(crypto);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   PrefixStringMap map;
   mVLPrefixSet->GetPrefixes(map);
 
   VLPrefixSet loadPSet(map);
   uint32_t index = loadPSet.Count() + 1;
   for (; index > 0; index--) {
     nsAutoCString prefix;
     if (!loadPSet.GetSmallestPrefix(prefix)) {
       break;
     }
-    UpdateChecksum(crypto, prefix);
+    UpdateSHA256(crypto, prefix);
   }
 
-  nsAutoCString checksum;
-  crypto->Finish(false, checksum);
+  nsAutoCString sha256;
+  crypto->Finish(false, sha256);
 
-  if (checksum != aChecksum) {
-    LOG(("Checksum mismatch when loading prefixes from file."));
+  if (sha256 != aSHA256) {
+    LOG(("Sha256 hash mismatch when loading prefixes from file."));
     return NS_ERROR_FILE_CORRUPTED;
   }
 
   return NS_OK;
 }
 
 //////////////////////////////////////////////////////////////////////////
 // A set of lightweight functions for reading/writing value from/to file.
@@ -507,25 +507,24 @@ nsresult LookupCacheV4::WriteMetadata(
   rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), metaFile,
                                    PR_WRONLY | PR_TRUNCATE | PR_CREATE_FILE);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Write the state.
   rv = WriteValue(outputStream, aTableUpdate->ClientState());
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // Write the checksum.
-  rv = WriteValue(outputStream, aTableUpdate->Checksum());
+  // Write the SHA256 hash.
+  rv = WriteValue(outputStream, aTableUpdate->SHA256());
   NS_ENSURE_SUCCESS(rv, rv);
 
   return rv;
 }
 
-nsresult LookupCacheV4::LoadMetadata(nsACString& aState,
-                                     nsACString& aChecksum) {
+nsresult LookupCacheV4::LoadMetadata(nsACString& aState, nsACString& aSHA256) {
   nsCOMPtr<nsIFile> metaFile;
   nsresult rv = mStoreDirectory->Clone(getter_AddRefs(metaFile));
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = metaFile->AppendNative(mTableName + METADATA_SUFFIX);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIInputStream> localInFile;
@@ -538,20 +537,20 @@ nsresult LookupCacheV4::LoadMetadata(nsA
 
   // Read the list state.
   rv = ReadValue(localInFile, aState);
   if (NS_FAILED(rv)) {
     LOG(("Failed to read state."));
     return rv;
   }
 
-  // Read the checksum.
-  rv = ReadValue(localInFile, aChecksum);
+  // Read the SHA256 hash.
+  rv = ReadValue(localInFile, aSHA256);
   if (NS_FAILED(rv)) {
-    LOG(("Failed to read checksum."));
+    LOG(("Failed to read SHA256 hash."));
     return rv;
   }
 
   return rv;
 }
 
 VLPrefixSet::VLPrefixSet(const PrefixStringMap& aMap) : mCount(0) {
   for (auto iter = aMap.ConstIter(); !iter.Done(); iter.Next()) {
--- a/toolkit/components/url-classifier/LookupCacheV4.h
+++ b/toolkit/components/url-classifier/LookupCacheV4.h
@@ -51,17 +51,17 @@ class LookupCacheV4 final : public Looku
   virtual nsresult LoadFromFile(nsCOMPtr<nsIFile>& aFile) override;
   virtual size_t SizeOfPrefixSet() const override;
 
  private:
   ~LookupCacheV4() {}
 
   virtual int Ver() const override { return VER; }
 
-  nsresult VerifyChecksum(const nsACString& aChecksum);
+  nsresult VerifySHA256(const nsACString& aSHA256);
 
   RefPtr<VariableLengthPrefixSet> mVLPrefixSet;
 };
 
 }  // namespace safebrowsing
 }  // namespace mozilla
 
 #endif
--- a/toolkit/components/url-classifier/ProtocolParser.cpp
+++ b/toolkit/components/url-classifier/ProtocolParser.cpp
@@ -824,17 +824,17 @@ nsresult ProtocolParserProtobuf::Process
   auto tuV4 = TableUpdate::Cast<TableUpdateV4>(tu);
   NS_ENSURE_TRUE(tuV4, NS_ERROR_FAILURE);
 
   nsCString state(aResponse.new_client_state().c_str(),
                   aResponse.new_client_state().size());
   tuV4->SetNewClientState(state);
 
   if (aResponse.has_checksum()) {
-    tuV4->NewChecksum(aResponse.checksum().sha256());
+    tuV4->SetSHA256(aResponse.checksum().sha256());
   }
 
   PARSER_LOG(
       ("==== Update for threat type '%d' ====", aResponse.threat_type()));
   PARSER_LOG(("* aListName: %s\n", PromiseFlatCString(aListName).get()));
   PARSER_LOG(("* newState: %s\n", aResponse.new_client_state().c_str()));
   PARSER_LOG(("* isFullUpdate: %s\n", (isFullUpdate ? "yes" : "no")));
   PARSER_LOG(
--- a/toolkit/components/url-classifier/tests/gtest/TestUrlClassifierTableUpdateV4.cpp
+++ b/toolkit/components/url-classifier/tests/gtest/TestUrlClassifierTableUpdateV4.cpp
@@ -49,31 +49,31 @@ static void MergeAndSortArray(const _Pre
                               const _PrefixArray& array2,
                               _PrefixArray& output) {
   output.Clear();
   output.AppendElements(array1);
   output.AppendElements(array2);
   output.Sort();
 }
 
-static void CalculateCheckSum(_PrefixArray& prefixArray, nsCString& checksum) {
+static void CalculateSHA256(_PrefixArray& prefixArray, nsCString& sha256) {
   prefixArray.Sort();
 
   nsresult rv;
   nsCOMPtr<nsICryptoHash> cryptoHash =
       do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
 
   cryptoHash->Init(nsICryptoHash::SHA256);
   for (uint32_t i = 0; i < prefixArray.Length(); i++) {
     const _Prefix& prefix = prefixArray[i];
     cryptoHash->Update(
         reinterpret_cast<uint8_t*>(const_cast<char*>(prefix.get())),
         prefix.Length());
   }
-  cryptoHash->Finish(false, checksum);
+  cryptoHash->Finish(false, sha256);
 }
 
 // N: Number of prefixes, MIN/MAX: minimum/maximum prefix size
 // This function will append generated prefixes to outArray.
 static void CreateRandomSortedPrefixArray(uint32_t N, uint32_t MIN,
                                           uint32_t MAX,
                                           _PrefixArray& outArray) {
   outArray.SetCapacity(outArray.Length() + N);
@@ -109,36 +109,36 @@ static void CreateRandomRemovalIndices(u
     if (!outArray.Contains(idx)) {
       outArray.InsertElementSorted(idx);
     }
   }
 }
 
 // Function to generate TableUpdateV4.
 static void GenerateUpdateData(bool fullUpdate, PrefixStringMap& add,
-                               nsTArray<uint32_t>* removal, nsCString* checksum,
+                               nsTArray<uint32_t>* removal, nsCString* sha256,
                                TableUpdateArray& tableUpdates) {
   RefPtr<TableUpdateV4> tableUpdate = new TableUpdateV4(GTEST_TABLE);
   tableUpdate->SetFullUpdate(fullUpdate);
 
   for (auto iter = add.ConstIter(); !iter.Done(); iter.Next()) {
     nsCString* pstring = iter.Data();
     tableUpdate->NewPrefixes(iter.Key(), *pstring);
   }
 
   if (removal) {
     tableUpdate->NewRemovalIndices(removal->Elements(), removal->Length());
   }
 
-  if (checksum) {
-    std::string stdChecksum;
-    stdChecksum.assign(const_cast<char*>(checksum->BeginReading()),
-                       checksum->Length());
+  if (sha256) {
+    std::string stdSHA256;
+    stdSHA256.assign(const_cast<char*>(sha256->BeginReading()),
+                     sha256->Length());
 
-    tableUpdate->NewChecksum(stdChecksum);
+    tableUpdate->SetSHA256(stdSHA256);
   }
 
   tableUpdates.AppendElement(tableUpdate);
 }
 
 static void VerifyPrefixSet(PrefixStringMap& expected) {
   // Verify the prefix set is written to disk.
   nsCOMPtr<nsIFile> file;
@@ -195,28 +195,28 @@ static void testUpdate(TableUpdateArray&
   RefPtr<Classifier> classifier = new Classifier();
   classifier->Open(*file);
 
   nsresult rv = SyncApplyUpdates(classifier, tableUpdates);
   ASSERT_TRUE(rv == NS_OK);
   VerifyPrefixSet(expected);
 }
 
-static void testFullUpdate(PrefixStringMap& add, nsCString* checksum) {
+static void testFullUpdate(PrefixStringMap& add, nsCString* sha256) {
   TableUpdateArray tableUpdates;
 
-  GenerateUpdateData(true, add, nullptr, checksum, tableUpdates);
+  GenerateUpdateData(true, add, nullptr, sha256, tableUpdates);
 
   testUpdate(tableUpdates, add);
 }
 
 static void testPartialUpdate(PrefixStringMap& add, nsTArray<uint32_t>* removal,
-                              nsCString* checksum, PrefixStringMap& expected) {
+                              nsCString* sha256, PrefixStringMap& expected) {
   TableUpdateArray tableUpdates;
-  GenerateUpdateData(false, add, removal, checksum, tableUpdates);
+  GenerateUpdateData(false, add, removal, sha256, tableUpdates);
 
   testUpdate(tableUpdates, expected);
 }
 
 static void testOpenLookupCache() {
   nsCOMPtr<nsIFile> file;
   NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, getter_AddRefs(file));
   file->AppendNative(GTEST_SAFEBROWSING_DIR);
@@ -233,153 +233,153 @@ static void testOpenLookupCache() {
 }
 
 // Tests start from here.
 TEST(UrlClassifierTableUpdateV4, FixLenghtPSetFullUpdate) {
   srand(time(NULL));
 
   _PrefixArray array;
   PrefixStringMap map;
-  nsCString checksum;
+  nsCString sha256;
 
   CreateRandomSortedPrefixArray(5000, 4, 4, array);
   PrefixArrayToPrefixStringMap(array, map);
-  CalculateCheckSum(array, checksum);
+  CalculateSHA256(array, sha256);
 
-  testFullUpdate(map, &checksum);
+  testFullUpdate(map, &sha256);
 
   Clear();
 }
 
 TEST(UrlClassifierTableUpdateV4, VariableLenghtPSetFullUpdate) {
   _PrefixArray array;
   PrefixStringMap map;
-  nsCString checksum;
+  nsCString sha256;
 
   CreateRandomSortedPrefixArray(5000, 5, 32, array);
   PrefixArrayToPrefixStringMap(array, map);
-  CalculateCheckSum(array, checksum);
+  CalculateSHA256(array, sha256);
 
-  testFullUpdate(map, &checksum);
+  testFullUpdate(map, &sha256);
 
   Clear();
 }
 
 // This test contain both variable length prefix set and fixed-length prefix set
 TEST(UrlClassifierTableUpdateV4, MixedPSetFullUpdate) {
   _PrefixArray array;
   PrefixStringMap map;
-  nsCString checksum;
+  nsCString sha256;
 
   CreateRandomSortedPrefixArray(5000, 4, 4, array);
   CreateRandomSortedPrefixArray(1000, 5, 32, array);
   PrefixArrayToPrefixStringMap(array, map);
-  CalculateCheckSum(array, checksum);
+  CalculateSHA256(array, sha256);
 
-  testFullUpdate(map, &checksum);
+  testFullUpdate(map, &sha256);
 
   Clear();
 }
 
 TEST(UrlClassifierTableUpdateV4, PartialUpdateWithRemoval) {
   _PrefixArray fArray;
 
   // Apply a full update first.
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(10000, 4, 4, fArray);
     CreateRandomSortedPrefixArray(2000, 5, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply a partial update with removal.
   {
     _PrefixArray pArray, mergedArray;
     PrefixStringMap pMap, mergedMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(5000, 4, 4, pArray);
     CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
     RemoveIntersection(fArray, pArray);
     PrefixArrayToPrefixStringMap(pArray, pMap);
 
     // Remove 1/5 of elements of original prefix set.
     nsTArray<uint32_t> removal;
     CreateRandomRemovalIndices(fArray.Length() / 5, fArray.Length(), removal);
     RemoveElements(removal, fArray);
 
     // Calculate the expected prefix map.
     MergeAndSortArray(fArray, pArray, mergedArray);
     PrefixArrayToPrefixStringMap(mergedArray, mergedMap);
-    CalculateCheckSum(mergedArray, checksum);
+    CalculateSHA256(mergedArray, sha256);
 
-    testPartialUpdate(pMap, &removal, &checksum, mergedMap);
+    testPartialUpdate(pMap, &removal, &sha256, mergedMap);
   }
 
   Clear();
 }
 
 TEST(UrlClassifierTableUpdateV4, PartialUpdateWithoutRemoval) {
   _PrefixArray fArray;
 
   // Apply a full update first.
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(10000, 4, 4, fArray);
     CreateRandomSortedPrefixArray(2000, 5, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply a partial update without removal
   {
     _PrefixArray pArray, mergedArray;
     PrefixStringMap pMap, mergedMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(5000, 4, 4, pArray);
     CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
     RemoveIntersection(fArray, pArray);
     PrefixArrayToPrefixStringMap(pArray, pMap);
 
     // Calculate the expected prefix map.
     MergeAndSortArray(fArray, pArray, mergedArray);
     PrefixArrayToPrefixStringMap(mergedArray, mergedMap);
-    CalculateCheckSum(mergedArray, checksum);
+    CalculateSHA256(mergedArray, sha256);
 
-    testPartialUpdate(pMap, nullptr, &checksum, mergedMap);
+    testPartialUpdate(pMap, nullptr, &sha256, mergedMap);
   }
 
   Clear();
 }
 
 // Expect failure because partial update contains prefix already
 // in old prefix set.
 TEST(UrlClassifierTableUpdateV4, PartialUpdatePrefixAlreadyExist) {
   _PrefixArray fArray;
 
   // Apply a full update fist.
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(1000, 4, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply a partial update which contains a prefix in previous full update.
   // This should cause an update error.
   {
     _PrefixArray pArray;
     PrefixStringMap pMap;
     TableUpdateArray tableUpdates;
@@ -396,91 +396,91 @@ TEST(UrlClassifierTableUpdateV4, Partial
 
   Clear();
 }
 
 // Test apply partial update directly without applying an full update first.
 TEST(UrlClassifierTableUpdateV4, OnlyPartialUpdate) {
   _PrefixArray pArray;
   PrefixStringMap pMap;
-  nsCString checksum;
+  nsCString sha256;
 
   CreateRandomSortedPrefixArray(5000, 4, 4, pArray);
   CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
   PrefixArrayToPrefixStringMap(pArray, pMap);
-  CalculateCheckSum(pArray, checksum);
+  CalculateSHA256(pArray, sha256);
 
-  testPartialUpdate(pMap, nullptr, &checksum, pMap);
+  testPartialUpdate(pMap, nullptr, &sha256, pMap);
 
   Clear();
 }
 
 // Test partial update without any ADD prefixes, only removalIndices.
 TEST(UrlClassifierTableUpdateV4, PartialUpdateOnlyRemoval) {
   _PrefixArray fArray;
 
   // Apply a full update first.
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(5000, 4, 4, fArray);
     CreateRandomSortedPrefixArray(1000, 5, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply a partial update without add prefix, only contain removal indices.
   {
     _PrefixArray pArray;
     PrefixStringMap pMap, mergedMap;
-    nsCString checksum;
+    nsCString sha256;
 
     // Remove 1/5 of elements of original prefix set.
     nsTArray<uint32_t> removal;
     CreateRandomRemovalIndices(fArray.Length() / 5, fArray.Length(), removal);
     RemoveElements(removal, fArray);
 
     PrefixArrayToPrefixStringMap(fArray, mergedMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testPartialUpdate(pMap, &removal, &checksum, mergedMap);
+    testPartialUpdate(pMap, &removal, &sha256, mergedMap);
   }
 
   Clear();
 }
 
 // Test one tableupdate array contains full update and multiple partial updates.
 TEST(UrlClassifierTableUpdateV4, MultipleTableUpdates) {
   _PrefixArray fArray, pArray, mergedArray;
   PrefixStringMap fMap, pMap, mergedMap;
-  nsCString checksum;
+  nsCString sha256;
 
   TableUpdateArray tableUpdates;
 
   // Generate first full udpate
   CreateRandomSortedPrefixArray(10000, 4, 4, fArray);
   CreateRandomSortedPrefixArray(2000, 5, 32, fArray);
   PrefixArrayToPrefixStringMap(fArray, fMap);
-  CalculateCheckSum(fArray, checksum);
+  CalculateSHA256(fArray, sha256);
 
-  GenerateUpdateData(true, fMap, nullptr, &checksum, tableUpdates);
+  GenerateUpdateData(true, fMap, nullptr, &sha256, tableUpdates);
 
   // Generate second partial update
   CreateRandomSortedPrefixArray(3000, 4, 4, pArray);
   CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
   RemoveIntersection(fArray, pArray);
   PrefixArrayToPrefixStringMap(pArray, pMap);
 
   MergeAndSortArray(fArray, pArray, mergedArray);
-  CalculateCheckSum(mergedArray, checksum);
+  CalculateSHA256(mergedArray, sha256);
 
-  GenerateUpdateData(false, pMap, nullptr, &checksum, tableUpdates);
+  GenerateUpdateData(false, pMap, nullptr, &sha256, tableUpdates);
 
   // Generate thrid partial update
   fArray.AppendElements(pArray);
   fArray.Sort();
   pArray.Clear();
   CreateRandomSortedPrefixArray(3000, 4, 4, pArray);
   CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
   RemoveIntersection(fArray, pArray);
@@ -488,66 +488,66 @@ TEST(UrlClassifierTableUpdateV4, Multipl
 
   // Remove 1/5 of elements of original prefix set.
   nsTArray<uint32_t> removal;
   CreateRandomRemovalIndices(fArray.Length() / 5, fArray.Length(), removal);
   RemoveElements(removal, fArray);
 
   MergeAndSortArray(fArray, pArray, mergedArray);
   PrefixArrayToPrefixStringMap(mergedArray, mergedMap);
-  CalculateCheckSum(mergedArray, checksum);
+  CalculateSHA256(mergedArray, sha256);
 
-  GenerateUpdateData(false, pMap, &removal, &checksum, tableUpdates);
+  GenerateUpdateData(false, pMap, &removal, &sha256, tableUpdates);
 
   testUpdate(tableUpdates, mergedMap);
 
   Clear();
 }
 
 // Test apply full update first, and then apply multiple partial updates
 // in one tableupdate array.
 TEST(UrlClassifierTableUpdateV4, MultiplePartialUpdateTableUpdates) {
   _PrefixArray fArray;
 
   // Apply a full update first
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     // Generate first full udpate
     CreateRandomSortedPrefixArray(10000, 4, 4, fArray);
     CreateRandomSortedPrefixArray(3000, 5, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply multiple partial updates in one table update
   {
     _PrefixArray pArray, mergedArray;
     PrefixStringMap pMap, mergedMap;
-    nsCString checksum;
+    nsCString sha256;
     nsTArray<uint32_t> removal;
     TableUpdateArray tableUpdates;
 
     // Generate first partial update
     CreateRandomSortedPrefixArray(3000, 4, 4, pArray);
     CreateRandomSortedPrefixArray(1000, 5, 32, pArray);
     RemoveIntersection(fArray, pArray);
     PrefixArrayToPrefixStringMap(pArray, pMap);
 
     // Remove 1/5 of elements of original prefix set.
     CreateRandomRemovalIndices(fArray.Length() / 5, fArray.Length(), removal);
     RemoveElements(removal, fArray);
 
     MergeAndSortArray(fArray, pArray, mergedArray);
-    CalculateCheckSum(mergedArray, checksum);
+    CalculateSHA256(mergedArray, sha256);
 
-    GenerateUpdateData(false, pMap, &removal, &checksum, tableUpdates);
+    GenerateUpdateData(false, pMap, &removal, &sha256, tableUpdates);
 
     fArray.AppendElements(pArray);
     fArray.Sort();
     pArray.Clear();
     removal.Clear();
 
     // Generate second partial update.
     CreateRandomSortedPrefixArray(2000, 4, 4, pArray);
@@ -556,40 +556,40 @@ TEST(UrlClassifierTableUpdateV4, Multipl
     PrefixArrayToPrefixStringMap(pArray, pMap);
 
     // Remove 1/5 of elements of original prefix set.
     CreateRandomRemovalIndices(fArray.Length() / 5, fArray.Length(), removal);
     RemoveElements(removal, fArray);
 
     MergeAndSortArray(fArray, pArray, mergedArray);
     PrefixArrayToPrefixStringMap(mergedArray, mergedMap);
-    CalculateCheckSum(mergedArray, checksum);
+    CalculateSHA256(mergedArray, sha256);
 
-    GenerateUpdateData(false, pMap, &removal, &checksum, tableUpdates);
+    GenerateUpdateData(false, pMap, &removal, &sha256, tableUpdates);
 
     testUpdate(tableUpdates, mergedMap);
   }
 
   Clear();
 }
 
 // Test removal indices are larger than the original prefix set.
 TEST(UrlClassifierTableUpdateV4, RemovalIndexTooLarge) {
   _PrefixArray fArray;
 
   // Apply a full update first
   {
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(1000, 4, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
   // Apply a partial update with removal indice array larger than
   // old prefix set(fArray). This should cause an error.
   {
     _PrefixArray pArray;
     PrefixStringMap pMap;
     nsTArray<uint32_t> removal;
@@ -610,67 +610,67 @@ TEST(UrlClassifierTableUpdateV4, Removal
   Clear();
 }
 
 TEST(UrlClassifierTableUpdateV4, ChecksumMismatch) {
   // Apply a full update first
   {
     _PrefixArray fArray;
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(1000, 4, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
   }
 
-  // Apply a partial update with incorrect checksum
+  // Apply a partial update with incorrect sha256
   {
     _PrefixArray pArray;
     PrefixStringMap pMap;
-    nsCString checksum;
+    nsCString sha256;
     TableUpdateArray tableUpdates;
 
     CreateRandomSortedPrefixArray(200, 4, 32, pArray);
     PrefixArrayToPrefixStringMap(pArray, pMap);
 
-    // Checksum should be calculated with both old prefix set and add prefix
-    // set, here we only calculate checksum with add prefix set to check if
+    // sha256 should be calculated with both old prefix set and add prefix
+    // set, here we only calculate sha256 with add prefix set to check if
     // applyUpdate will return failure.
-    CalculateCheckSum(pArray, checksum);
+    CalculateSHA256(pArray, sha256);
 
-    GenerateUpdateData(false, pMap, nullptr, &checksum, tableUpdates);
+    GenerateUpdateData(false, pMap, nullptr, &sha256, tableUpdates);
     testUpdateFail(tableUpdates);
   }
 
   Clear();
 }
 
 TEST(UrlClassifierTableUpdateV4, ApplyUpdateThenLoad) {
-  // Apply update with checksum
+  // Apply update with sha256
   {
     _PrefixArray fArray;
     PrefixStringMap fMap;
-    nsCString checksum;
+    nsCString sha256;
 
     CreateRandomSortedPrefixArray(1000, 4, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
-    CalculateCheckSum(fArray, checksum);
+    CalculateSHA256(fArray, sha256);
 
-    testFullUpdate(fMap, &checksum);
+    testFullUpdate(fMap, &sha256);
 
-    // Open lookup cache will load prefix set and verify the checksum
+    // Open lookup cache will load prefix set and verify the sha256
     testOpenLookupCache();
   }
 
   Clear();
 
-  // Apply update without checksum
+  // Apply update without sha256
   {
     _PrefixArray fArray;
     PrefixStringMap fMap;
 
     CreateRandomSortedPrefixArray(1000, 4, 32, fArray);
     PrefixArrayToPrefixStringMap(fArray, fMap);
 
     testFullUpdate(fMap, nullptr);
@@ -701,82 +701,81 @@ TEST(UrlClassifierTableUpdateV4, ApplyUp
                          _Prefix("juno"),
                          _Prefix("mercury"),
                          _Prefix("Stheno, Euryale and Medusa")};
   fArray.Sort();
 
   PrefixStringMap fMap;
   PrefixArrayToPrefixStringMap(fArray, fMap);
 
-  nsCString checksum(
+  nsCString sha256(
       "\xae\x18\x94\xd7\xd0\x83\x5f\xc1"
       "\x58\x59\x5c\x2c\x72\xb9\x6e\x5e"
       "\xf4\xe8\x0a\x6b\xff\x5e\x6b\x81"
       "\x65\x34\x06\x16\x06\x59\xa0\x67");
 
-  testFullUpdate(fMap, &checksum);
+  testFullUpdate(fMap, &sha256);
 
-  // Open lookup cache will load prefix set and verify the checksum
+  // Open lookup cache will load prefix set and verify the sha256
   testOpenLookupCache();
 
   Clear();
 }
 
 // This test ensure that an empty update works correctly. Empty update
 // should be skipped by CheckValidUpdate in Classifier::UpdateTableV4.
 TEST(UrlClassifierTableUpdateV4, EmptyUpdate) {
   PrefixStringMap emptyAddition;
   nsTArray<uint32_t> emptyRemoval;
 
   _PrefixArray array;
   PrefixStringMap map;
-  nsCString checksum;
+  nsCString sha256;
 
-  CalculateCheckSum(array, checksum);
+  CalculateSHA256(array, sha256);
 
   // Test apply empty full/partial update before we already
   // have data in DB.
-  testFullUpdate(emptyAddition, &checksum);
-  testPartialUpdate(emptyAddition, &emptyRemoval, &checksum, map);
+  testFullUpdate(emptyAddition, &sha256);
+  testPartialUpdate(emptyAddition, &emptyRemoval, &sha256, map);
 
   // Apply an full update.
   CreateRandomSortedPrefixArray(100, 4, 4, array);
   CreateRandomSortedPrefixArray(10, 5, 32, array);
   PrefixArrayToPrefixStringMap(array, map);
-  CalculateCheckSum(array, checksum);
+  CalculateSHA256(array, sha256);
 
-  testFullUpdate(map, &checksum);
+  testFullUpdate(map, &sha256);
 
   // Test apply empty full/partial update when we already
   // have data in DB
-  testPartialUpdate(emptyAddition, &emptyRemoval, &checksum, map);
-  testFullUpdate(emptyAddition, &checksum);
+  testPartialUpdate(emptyAddition, &emptyRemoval, &sha256, map);
+  testFullUpdate(emptyAddition, &sha256);
 
   Clear();
 }
 
 // This test ensure applying an empty update directly through update algorithm
 // should be correct.
 TEST(UrlClassifierTableUpdateV4, EmptyUpdate2) {
   // Setup LookupCache with initial data
   _PrefixArray array;
   CreateRandomSortedPrefixArray(100, 4, 4, array);
   CreateRandomSortedPrefixArray(10, 5, 32, array);
   RefPtr<LookupCacheV4> cache = SetupLookupCache<LookupCacheV4>(array);
 
-  // Setup TableUpdate object with only checksum from previous update(initial
+  // Setup TableUpdate object with only sha256 from previous update(initial
   // data).
-  nsCString checksum;
-  CalculateCheckSum(array, checksum);
-  std::string stdChecksum;
-  stdChecksum.assign(const_cast<char*>(checksum.BeginReading()),
-                     checksum.Length());
+  nsCString sha256;
+  CalculateSHA256(array, sha256);
+  std::string stdSHA256;
+  stdSHA256.assign(const_cast<char*>(sha256.BeginReading()), sha256.Length());
 
   RefPtr<TableUpdateV4> tableUpdate = new TableUpdateV4(GTEST_TABLE);
-  tableUpdate->NewChecksum(stdChecksum);
+  tableUpdate->SetSHA256(stdSHA256);
 
   // Apply update directly through LookupCache interface
   PrefixStringMap input, output;
   PrefixArrayToPrefixStringMap(array, input);
   nsresult rv = cache->ApplyUpdate(tableUpdate.get(), input, output);
 
   ASSERT_TRUE(rv == NS_OK);