Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: nydus support encrypted images #1333

Merged
merged 2 commits into from
Jul 6, 2023

Commits on Jul 4, 2023

  1. feat: nydus support encrypted images

    Extend native nydus v6 to support handling encrypted
    containers images:
    * An encrypted nydus image is composed of encrypted
    bootstrap and chunk-level encrypted data blobs. The
    bootstrap is encrypted by the Ocicrypt and the data
    blobs are encrypted by aes-128-xts with randomly
    generated key and iv at chunk-level.
    * For every data blob, all the chunk data, conpression
    context. table and compression context table header
    are encrypted.
    * The chunk encryption key and iv are stored in the blob
    info reusing some items of the structure to save reserved
    space.
    * Encrypted chunk data will be decrypted and then be
    decompressed while be fetched by the storage backend.
    * Encrypted or unencrypted blobs can be merged together.
    
    Signed-off-by: taohong <[email protected]>
    taoohong committed Jul 4, 2023
    Configuration menu
    Copy the full SHA
    7103c7c View commit details
    Browse the repository at this point in the history
  2. tests: add encrypt integration test

    Add image encryption test integration case to Smoke test.
    
    Signed-off-by: taohong <[email protected]>
    taoohong committed Jul 4, 2023
    Configuration menu
    Copy the full SHA
    0314971 View commit details
    Browse the repository at this point in the history