Implemented image encryption/decryption libraries and ctr commands

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>

content/helpers.go

@@ -87,6 +87,46 @@ func WriteBlob(ctx context.Context, cs Ingester, ref string, r io.Reader, desc o
 	return Copy(ctx, cw, r, desc.Size, desc.Digest, opts...)
 }
 
+// WriteBlobBlind writes data without expected digest into the content store. If
+// expected already exists, the method returns immediately and the reader will
+// not be consumed.
+//
+// This is useful when the digest and size are NOT known beforehand.
+//
+// Copy is buffered, so no need to wrap reader in buffered io.
+func WriteBlobBlind(ctx context.Context, cs Ingester, ref string, r io.Reader, opts ...Opt) (digest.Digest, int64, error) {
+	cw, err := OpenWriter(ctx, cs, WithRef(ref))
+	if err != nil {
+		return "", 0, errors.Wrap(err, "failed to open writer")
+	}
+	defer cw.Close()
+
+	ws, err := cw.Status()
+	if err != nil {
+		return "", 0, errors.Wrap(err, "failed to get status")
+	}
+
+	if ws.Offset > 0 {
+		// not needed
+		return "", 0, errors.New("ws.Offset > 0 is not supported")
+	}
+
+	size, err := copyWithBuffer(cw, r)
+	if err != nil {
+		return "", 0, errors.Wrap(err, "failed to copy")
+	}
+
+	digest := cw.Digest()
+
+	if err := cw.Commit(ctx, size, digest); err != nil {
+		if !errdefs.IsAlreadyExists(err) {
+			return "", 0, errors.Wrapf(err, "failed commit block")
+		}
+	}
+
+	return digest, size, err
+}
+
 // OpenWriter opens a new writer for the given reference, retrying if the writer
 // is locked until the reference is available or returns an error.
 func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, error) {