Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 392523879
|
|
Read all data into memory in one Read call and verify them block by
block instead of read each block during verification. This is for
performance purpose to avoid invoking multiple syscalls.
PiperOrigin-RevId: 391877937
|
|
The unordered map may generate different hash due to its order. The
children map needs to be sorted each time before hashing to avoid false
verification failure due to the map.
Store the sorted children map in verity dentry to avoid sorting it each
time verification happens.
Also serialize the whole VerityDescriptor struct to hash now that the
map is removed from it.
PiperOrigin-RevId: 382201560
|
|
PiperOrigin-RevId: 371198372
|
|
This field was missing and should be provided.
PiperOrigin-RevId: 367474481
|
|
Split usermem package to help remove syserror dependency in go_marshal.
New hostarch package contains code not dependent on syserror.
PiperOrigin-RevId: 365651233
|
|
PiperOrigin-RevId: 357090170
|
|
PiperOrigin-RevId: 347091372
|
|
children names map can be used to verify whether a child is expected
during walking, so that we can detect unexpected modifications that
deleted/renamed both the target file and the corresponding merkle tree
file.
PiperOrigin-RevId: 342170715
|
|
The file size can now also be verified. Also, since we are zero-padding
the last block of the data, we cannot differentiate the cases between
zero-padded block from the blocks that are ends with zeroes. With the
size included this can be addressed, as those cases would have different
file size.
PiperOrigin-RevId: 340695510
|
|
PiperOrigin-RevId: 339377254
|
|
Merkle tree library was originally using Read/Seek to access data and
tree, since the parameters are io.ReadSeeker. This could cause race
conditions if multiple threads accesses the same fd to read. Here we
change to use ReaderAt, and implement it with PRead to make it thread
safe.
PiperOrigin-RevId: 336779260
|
|
PiperOrigin-RevId: 336395445
|
|
PiperOrigin-RevId: 335709552
|
|
PRead is implemented by read from the underlying file in blocks, and
verify each block. The verified contents are saved into the output
buffer.
PiperOrigin-RevId: 332092267
|
|
Implement walk directories in gvisor verity file system. For each step,
the child dentry is verified against a verified parent root hash.
PiperOrigin-RevId: 329358747
|
|
If the data is in the same Reader as the merkle tree, we should verify
from the first layer in the tree, instead of from the beginning.
PiperOrigin-RevId: 328230988
|
|
Verify checks input data against the merkle tree, and compares the root
hash with expectation.
PiperOrigin-RevId: 327116711
|
|
A method is added to generate a merkle tree for data, and store the
generated tree in the output.
PiperOrigin-RevId: 315966571
|
|
This change creates a merkletree package which will be used in the future
for an implementation of file system API.
PiperOrigin-RevId: 315952451
|