5:47 a.m.
On Mon, Jan 09, 2012 at 05:56:19PM +0100, Michal Privoznik wrote:
Currently, we support only filling a volume with zeroes on wiping.
However, it is not enough as data might still be readable by
experienced and equipped attacker. Many technical papers have been
written, therefore we should support other wiping algorithms.
---
diff to v1:
-Daniel's suggestions taken in (notably, moved to new API)
configure.ac | 27 ++++++++++-
include/libvirt/libvirt.h.in | 30 ++++++++++++
src/driver.h | 5 ++
src/libvirt.c | 49 +++++++++++++++++++
src/libvirt_public.syms | 5 ++
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 9 +++-
src/remote_protocol-structs | 6 ++
src/storage/storage_driver.c | 105 ++++++++++++++++++++++++++++++++++--------
tools/virsh.c | 37 +++++++++++++--
tools/virsh.pod | 26 ++++++++++-
11 files changed, 271 insertions(+), 29 deletions(-)
Sorry I missed this before - it is better to start a new top level
thread, and include "v2" in the subject line to make it stand out,
otherwise it gets threaded in with old archived mail.
diff --git a/include/libvirt/libvirt.h.in
b/include/libvirt/libvirt.h.in
index ad6fcce..15ba928 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -2118,6 +2118,33 @@ typedef enum {
VIR_STORAGE_VOL_DELETE_ZEROED = 1, /* Clear all data to zeros (slow) */
} virStorageVolDeleteFlags;
+typedef enum {
+ VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */
q> +
VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass NNSA Policy Letter
+ NAP-14.1-C (XVI-8) */
+ VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section
+ 8-306 procedure */
+ VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the
+ German Center of Security in
+ Information Technologies */
+ VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */
+ VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by
+ Bruce Schneier in "Applied
+ Cryptography" (1996) */
+ VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */
+
+ VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */
+
+ VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */
+
With eric's recent change you can add
#ifdef VIR_ENUM_SENTINELS
+ /*
+ * NB: this enum value will increase over time as new algorithms are
+ * added to the libvirt API. It reflects the last algorithm supported
+ * by this version of the libvirt API.
+ */
+ VIR_STORAGE_VOL_WIPE_ALG_LAST
#endif
+} virStorageVolWipeAlgorithm;
+
/**
+ * virStorageVolWipePattern:
+ * @vol: pointer to storage volume
+ * @algorithm: one of virStorageVolWipeAlgorithm
+ * @flags: future flags, use 0 for now
+ *
+ * Similar to virStorageVolWipe, but one can choose
+ * between different wiping algorithms.
+ *
+ * Returns 0 on success, or -1 on error.
+ */
+int
+virStorageVolWipePattern(virStorageVolPtr vol,
+ unsigned int algorithm,
+ unsigned int flags)
+{
+ virConnectPtr conn;
+ VIR_DEBUG("vol=%p, algorithm=%d, flags=%x", vol, algorithm, flags);
%u for algorithm since it is unsigned now
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECTED_STORAGE_VOL(vol)) {
+ virLibStorageVolError(VIR_ERR_INVALID_STORAGE_VOL, __FUNCTION__);
+ virDispatchError(NULL);
+ return -1;
+ }
+
+ conn = vol->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
+ if (conn->storageDriver && conn->storageDriver->volWipePattern) {
+ int ret;
+ ret = conn->storageDriver->volWipePattern(vol, algorithm, flags);
+ if (ret < 0) {
+ goto error;
+ }
+ return ret;
+ }
+
+ virLibConnError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ virDispatchError(vol->conn);
+ return -1;
+}
+
+/**
* virStorageVolFree:
* @vol: pointer to storage volume
*
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 4ca7216..09dd17c 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -516,4 +516,9 @@ LIBVIRT_0.9.9 {
virDomainSetNumaParameters;
} LIBVIRT_0.9.8;
+LIBVIRT_0.9.10 {
+ global:
+ virStorageVolWipePattern;
+} LIBVIRT_0.9.9;
Trivial rebase to avoid conflict
diff --git a/src/storage/storage_driver.c
b/src/storage/storage_driver.c
index 8c2d6e1..bbaf22f 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1801,14 +1801,17 @@ out:
static int
-storageVolumeWipeInternal(virStorageVolDefPtr def)
+storageVolumeWipeInternal(virStorageVolDefPtr def,
+ unsigned int algorithm)
{
int ret = -1, fd = -1;
struct stat st;
char *writebuf = NULL;
size_t bytes_wiped = 0;
+ virCommandPtr cmd = NULL;
- VIR_DEBUG("Wiping volume with path '%s'", def->target.path);
+ VIR_DEBUG("Wiping volume with path '%s' and algorithm %d",
+ def->target.path, algorithm);
%u here too
ACK if those minor fixes are done + obvious rebase conflict resolution
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|