This patch adds the computation of previous layers accumulated hashes
on the encryption side and writes this computed hash into the private
options of a layer. The private options will be encrypted then. On the
decryption side it also performs the computations and, if the private
options contain the previous layers' hash, which may not be the case for
older images but will be the case for newer ones, it compares the expected
hash against the computed one and errors if they don't match.
The previous layers' digest needs to be passed from one layer encrytion
step to the next. The sequence must begin with the bottom-most layer
getting sha256.Sum256(nil) passed so that no other layer can be slid
underneath the bottom-most one.
This patch at least helps fulfill the requirement that previous layers
cannot be manipulated assuming the attacker can access the registry but
of course not manipulate the decryption code.
This patch adds the computation of previous layers accumulated hashes on the encryption side and writes this computed hash into the private options of a layer. The private options will be encrypted then. On the decryption side it also performs the computations and, if the private options contain the previous layers' hash, which may not be the case for older images but will be the case for newer ones, it compares the expected hash against the computed one and errors if they don't match.
The previous layers' digest needs to be passed from one layer encrytion step to the next. The sequence must begin with the bottom-most layer getting sha256.Sum256(nil) passed so that no other layer can be slid underneath the bottom-most one.
This patch at least helps fulfill the requirement that previous layers cannot be manipulated assuming the attacker can access the registry but of course not manipulate the decryption code.
Signed-off-by: Stefan Berger stefanb@linux.ibm.com