Add computation and verification of previous layers' hashes

This patch adds the computation of previous layers accumulated hashes
on the encryption side and writes this computed hash into the private
options of a layer. The private options will be encrypted then. On the
decryption side it also performs the computations and, if the private
options contain the previous layers' hash, which may not be the case for
older images but will be the case for newer ones, it compares the expected
hash against the computed one and errors if they don't match.

The previous layers' digest needs to be passed from one layer encrytion
step to the next. The sequence must begin with the bottom-most layer
getting sha256.Sum256(nil) passed so that no other layer can be slid
underneath the bottom-most one.

This patch at least helps fulfill the requirement that previous layers
cannot be manipulated assuming the attacker can access the registry but
of course not manipulate the decryption code.

Signed-off-by: Stefan Berger <[email protected]>

blockcipher/blockcipher.go

@@ -45,6 +45,9 @@ type PrivateLayerBlockCipherOptions struct {
 	// CipherOptions contains the cipher metadata used for encryption/decryption
 	// This field should be populated by Encrypt/Decrypt calls
 	CipherOptions map[string][]byte `json:"cipheroptions"`
+
+	// PreviousLayersDigest is the accumulated digest of all previous layers
+	PreviousLayersDigest digest.Digest `json:"previouslayersdigest"`
 }
 
 // PublicLayerBlockCipherOptions includes the information required to encrypt/decrypt

encryption.go

@@ -17,25 +17,28 @@
 package ocicrypt
 
 import (
+	"bytes"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	keyproviderconfig "github.com/containers/ocicrypt/config/keyprovider-config"
-	"github.com/containers/ocicrypt/keywrap/keyprovider"
 	"io"
 	"strings"
 
 	"github.com/containers/ocicrypt/blockcipher"
 	"github.com/containers/ocicrypt/config"
+	keyproviderconfig "github.com/containers/ocicrypt/config/keyprovider-config"
 	"github.com/containers/ocicrypt/keywrap"
 	"github.com/containers/ocicrypt/keywrap/jwe"
+	"github.com/containers/ocicrypt/keywrap/keyprovider"
 	"github.com/containers/ocicrypt/keywrap/pgp"
 	"github.com/containers/ocicrypt/keywrap/pkcs11"
 	"github.com/containers/ocicrypt/keywrap/pkcs7"
+	"github.com/containers/ocicrypt/utils"
 	"github.com/opencontainers/go-digest"
-	log "github.com/sirupsen/logrus"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	log "github.com/sirupsen/logrus"
 )
 
 // EncryptLayerFinalizer is a finalizer run to return the annotations to set for
@@ -86,8 +89,20 @@ func GetWrappedKeysMap(desc ocispec.Descriptor) map[string]string {
 	return wrappedKeysMap
 }
 
+// comparePreviousLayersDigests compares the given digests and returns an error if they do not match
+func comparePreviousLayersDigests(previousLayersDigest []byte, expPreviousLayersDigest digest.Digest) error {
+	digest, err := hex.DecodeString(expPreviousLayersDigest.Encoded())
+	if err != nil {
+		return errors.Wrapf(err, "Hex-decoding expected previous layers hash failed")
+	}
+	if !bytes.Equal(digest, previousLayersDigest) {
+		return errors.Errorf("Previous layer digest '%x' does not match expected one '%x'", previousLayersDigest, digest)
+	}
+	return nil
+}
+
 // EncryptLayer encrypts the layer by running one encryptor after the other
-func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, desc ocispec.Descriptor) (io.Reader, EncryptLayerFinalizer, error) {
+func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, desc ocispec.Descriptor, previousLayersDigest []byte) (io.Reader, EncryptLayerFinalizer, []byte, error) {
 	var (
 		encLayerReader io.Reader
 		err            error
@@ -97,20 +112,30 @@ func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, des
 		pubOptsData    []byte
 	)
 
+	if len(previousLayersDigest) == 0 {
+		/* bottom-most layer MUST start with sha256.Sum(nil) */
+		return nil, nil, nil, errors.New("previousLayersDigest must not be nil")
+	}
+
 	if ec == nil {
-		return nil, nil, errors.New("EncryptConfig must not be nil")
+		return nil, nil, nil, errors.New("EncryptConfig must not be nil")
+	}
+
+	newLayersDigest, err := utils.GetNewLayersDigest(previousLayersDigest, desc.Digest)
+	if err != nil {
+		return nil, nil, nil, err
 	}
 
 	for annotationsID := range keyWrapperAnnotations {
 		annotation := desc.Annotations[annotationsID]
 		if annotation != "" {
 			privOptsData, err = decryptLayerKeyOptsData(&ec.DecryptConfig, desc)
 			if err != nil {
-				return nil, nil, err
+				return nil, nil, nil, err
 			}
 			pubOptsData, err = getLayerPubOpts(desc)
 			if err != nil {
-				return nil, nil, err
+				return nil, nil, nil, err
 			}
 			// already encrypted!
 			encrypted = true
@@ -120,7 +145,7 @@ func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, des
 	if !encrypted {
 		encLayerReader, bcFin, err = commonEncryptLayer(encOrPlainLayerReader, desc.Digest, blockcipher.AES256CTR)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 
@@ -131,6 +156,8 @@ func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, des
 			if err != nil {
 				return nil, err
 			}
+
+			opts.Private.PreviousLayersDigest = digest.NewDigestFromBytes(digest.SHA256, previousLayersDigest)
 			privOptsData, err = json.Marshal(opts.Private)
 			if err != nil {
 				return nil, errors.Wrapf(err, "could not JSON marshal opts")
@@ -169,8 +196,7 @@ func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, des
 	}
 
 	// if nothing was encrypted, we just return encLayer = nil
-	return encLayerReader, encLayerFinalizer, err
-
+	return encLayerReader, encLayerFinalizer, newLayersDigest, err
 }
 
 // preWrapKeys calls WrapKeys and handles the base64 encoding and concatenation of the
@@ -190,22 +216,22 @@ func preWrapKeys(keywrapper keywrap.KeyWrapper, ec *config.EncryptConfig, b64Ann
 // DecryptLayer decrypts a layer trying one keywrap.KeyWrapper after the other to see whether it
 // can apply the provided private key
 // If unwrapOnly is set we will only try to decrypt the layer encryption key and return
-func DecryptLayer(dc *config.DecryptConfig, encLayerReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool) (io.Reader, digest.Digest, error) {
+func DecryptLayer(dc *config.DecryptConfig, encLayerReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool, previousLayersDigest []byte) (io.Reader, digest.Digest, []byte, error) {
 	if dc == nil {
-		return nil, "", errors.New("DecryptConfig must not be nil")
+		return nil, "", nil, errors.New("DecryptConfig must not be nil")
 	}
 	privOptsData, err := decryptLayerKeyOptsData(dc, desc)
 	if err != nil || unwrapOnly {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 
 	var pubOptsData []byte
 	pubOptsData, err = getLayerPubOpts(desc)
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 
-	return commonDecryptLayer(encLayerReader, privOptsData, pubOptsData)
+	return commonDecryptLayer(encLayerReader, privOptsData, pubOptsData, previousLayersDigest)
 }
 
 func decryptLayerKeyOptsData(dc *config.DecryptConfig, desc ocispec.Descriptor) ([]byte, error) {
@@ -301,23 +327,36 @@ func commonEncryptLayer(plainLayerReader io.Reader, d digest.Digest, typ blockci
 
 // commonDecryptLayer decrypts an encrypted layer previously encrypted with commonEncryptLayer
 // by passing along the optsData
-func commonDecryptLayer(encLayerReader io.Reader, privOptsData []byte, pubOptsData []byte) (io.Reader, digest.Digest, error) {
+func commonDecryptLayer(encLayerReader io.Reader, privOptsData []byte, pubOptsData []byte, previousLayersDigest []byte) (io.Reader, digest.Digest, []byte, error) {
 	privOpts := blockcipher.PrivateLayerBlockCipherOptions{}
 	err := json.Unmarshal(privOptsData, &privOpts)
 	if err != nil {
-		return nil, "", errors.Wrapf(err, "could not JSON unmarshal privOptsData")
+		return nil, "", nil, errors.Wrapf(err, "could not JSON unmarshal privOptsData")
+	}
+
+	if len(privOpts.PreviousLayersDigest) > 0 {
+		/* older images do not have this */
+		err = comparePreviousLayersDigests(previousLayersDigest, privOpts.PreviousLayersDigest)
+		if err != nil {
+			return nil, "", nil, err
+		}
+	}
+
+	newLayersDigest, err := utils.GetNewLayersDigest(previousLayersDigest, privOpts.Digest)
+	if err != nil {
+		return nil, "", nil, err
 	}
 
 	lbch, err := blockcipher.NewLayerBlockCipherHandler()
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 
 	pubOpts := blockcipher.PublicLayerBlockCipherOptions{}
 	if len(pubOptsData) > 0 {
 		err := json.Unmarshal(pubOptsData, &pubOpts)
 		if err != nil {
-			return nil, "", errors.Wrapf(err, "could not JSON unmarshal pubOptsData")
+			return nil, "", nil, errors.Wrapf(err, "could not JSON unmarshal pubOptsData")
 		}
 	}
 
@@ -328,10 +367,10 @@ func commonDecryptLayer(encLayerReader io.Reader, privOptsData []byte, pubOptsDa
 
 	plainLayerReader, opts, err := lbch.Decrypt(encLayerReader, opts)
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 
-	return plainLayerReader, opts.Private.Digest, nil
+	return plainLayerReader, opts.Private.Digest, newLayersDigest, nil
 }
 
 // FilterOutAnnotations filters out the annotations belonging to the image encryption 'namespace'

encryption_test.go

@@ -18,11 +18,13 @@ package ocicrypt
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"io"
 	"reflect"
 	"testing"
 
 	"github.com/containers/ocicrypt/config"
+	"github.com/containers/ocicrypt/utils"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
@@ -100,12 +102,22 @@ func TestEncryptLayer(t *testing.T) {
 	}
 
 	dataReader := bytes.NewReader(data)
+	digest := sha256.Sum256(nil)
+	previousLayersDigest := digest[:]
 
-	encLayerReader, encLayerFinalizer, err := EncryptLayer(ec, dataReader, desc)
+	encLayerReader, encLayerFinalizer, newLayersDigest, err := EncryptLayer(ec, dataReader, desc, previousLayersDigest)
 	if err != nil {
 		t.Fatal(err)
 	}
 
+	expDigest, err := utils.GetNewLayersDigest(previousLayersDigest, desc.Digest)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(expDigest, newLayersDigest) {
+		t.Fatal("Previous layer digest is wrong")
+	}
+
 	encLayer := make([]byte, 1024)
 	encsize, err := encLayerReader.Read(encLayer)
 	if err != io.EOF {
@@ -126,7 +138,7 @@ func TestEncryptLayer(t *testing.T) {
 		Annotations: annotations,
 	}
 
-	decLayerReader, _, err := DecryptLayer(dc, encLayerReaderAt, newDesc, false)
+	decLayerReader, _, _, err := DecryptLayer(dc, encLayerReaderAt, newDesc, false, previousLayersDigest)
 	if err != nil {
 		t.Fatal(err)
 	}

utils/utils.go

@@ -18,14 +18,17 @@ package utils
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/pem"
 	"fmt"
 	"strings"
 
 	"github.com/containers/ocicrypt/crypto/pkcs11"
 
+	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/openpgp"
 	json "gopkg.in/square/go-jose.v2"
@@ -248,3 +251,20 @@ func SortDecryptionKeys(b64ItemList string) (map[string][][]byte, error) {
 
 	return dcparameters, nil
 }
+
+// GetNewLayersDigestCmp calculates the new layer digest from the previousLayersDigest and the layerDigest.
+func GetNewLayersDigest(previousLayersDigest []byte, layerDigest digest.Digest) ([]byte, error) {
+	newDigest := sha256.New()
+	// never returns an error but linter requires us to look at it
+	_, err := newDigest.Write(previousLayersDigest)
+	if err != nil {
+		return nil, err
+	}
+
+	digest, err := hex.DecodeString(layerDigest.Encoded())
+	if err != nil {
+		return nil, errors.Wrap(err, "Hex decoding digest failed")
+	}
+	_, err = newDigest.Write(digest)
+	return newDigest.Sum(nil), err
+}