Re: [PATCH] storage: Support different wiping algorithms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 09, 2012 at 05:56:19PM +0100, Michal Privoznik wrote:
> Currently, we support only filling a volume with zeroes on wiping.
> However, it is not enough as data might still be readable by
> experienced and equipped attacker. Many technical papers have been
> written, therefore we should support other wiping algorithms.
> ---
> diff to v1:
> -Daniel's suggestions taken in (notably, moved to new API)
>  configure.ac                 |   27 ++++++++++-
>  include/libvirt/libvirt.h.in |   30 ++++++++++++
>  src/driver.h                 |    5 ++
>  src/libvirt.c                |   49 +++++++++++++++++++
>  src/libvirt_public.syms      |    5 ++
>  src/remote/remote_driver.c   |    1 +
>  src/remote/remote_protocol.x |    9 +++-
>  src/remote_protocol-structs  |    6 ++
>  src/storage/storage_driver.c |  105 ++++++++++++++++++++++++++++++++++--------
>  tools/virsh.c                |   37 +++++++++++++--
>  tools/virsh.pod              |   26 ++++++++++-
>  11 files changed, 271 insertions(+), 29 deletions(-)

Sorry I missed this before - it is better to start a new top level
thread, and include "v2" in the subject line to make it stand out,
otherwise it gets threaded in with old archived mail.
> diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
> index ad6fcce..15ba928 100644
> --- a/include/libvirt/libvirt.h.in
> +++ b/include/libvirt/libvirt.h.in
> @@ -2118,6 +2118,33 @@ typedef enum {
>    VIR_STORAGE_VOL_DELETE_ZEROED = 1,  /* Clear all data to zeros (slow) */
>  } virStorageVolDeleteFlags;
>  
> +typedef enum {
> +  VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */
q> +  VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass  NNSA Policy Letter
> +                                        NAP-14.1-C (XVI-8) */
> +  VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section
> +                                       8-306 procedure */
> +  VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the
> +                                       German Center of Security in
> +                                       Information Technologies */
> +  VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */
> +  VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by
> +                                             Bruce Schneier in "Applied
> +                                             Cryptography" (1996) */
> +  VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */
> +
> +  VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */
> +
> +  VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */
> +

With eric's recent change you can add

#ifdef VIR_ENUM_SENTINELS


> +  /*
> +   * NB: this enum value will increase over time as new algorithms are
> +   * added to the libvirt API. It reflects the last algorithm supported
> +   * by this version of the libvirt API.
> +   */
> +  VIR_STORAGE_VOL_WIPE_ALG_LAST

#endif

> +} virStorageVolWipeAlgorithm;
> +


>  /**
> + * virStorageVolWipePattern:
> + * @vol: pointer to storage volume
> + * @algorithm: one of virStorageVolWipeAlgorithm
> + * @flags: future flags, use 0 for now
> + *
> + * Similar to virStorageVolWipe, but one can choose
> + * between different wiping algorithms.
> + *
> + * Returns 0 on success, or -1 on error.
> + */
> +int
> +virStorageVolWipePattern(virStorageVolPtr vol,
> +                         unsigned int algorithm,
> +                         unsigned int flags)
> +{
> +    virConnectPtr conn;
> +    VIR_DEBUG("vol=%p, algorithm=%d, flags=%x", vol, algorithm, flags);

%u  for algorithm since it is unsigned now

> +
> +    virResetLastError();
> +
> +    if (!VIR_IS_CONNECTED_STORAGE_VOL(vol)) {
> +        virLibStorageVolError(VIR_ERR_INVALID_STORAGE_VOL, __FUNCTION__);
> +        virDispatchError(NULL);
> +        return -1;
> +    }
> +
> +    conn = vol->conn;
> +    if (conn->flags & VIR_CONNECT_RO) {
> +        virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
> +        goto error;
> +    }
> +
> +    if (conn->storageDriver && conn->storageDriver->volWipePattern) {
> +        int ret;
> +        ret = conn->storageDriver->volWipePattern(vol, algorithm, flags);
> +        if (ret < 0) {
> +            goto error;
> +        }
> +        return ret;
> +    }
> +
> +    virLibConnError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> +
> +error:
> +    virDispatchError(vol->conn);
> +    return -1;
> +}
> +
> +/**
>   * virStorageVolFree:
>   * @vol: pointer to storage volume
>   *
> diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
> index 4ca7216..09dd17c 100644
> --- a/src/libvirt_public.syms
> +++ b/src/libvirt_public.syms
> @@ -516,4 +516,9 @@ LIBVIRT_0.9.9 {
>          virDomainSetNumaParameters;
>  } LIBVIRT_0.9.8;
>  
> +LIBVIRT_0.9.10 {
> +    global:
> +        virStorageVolWipePattern;
> +} LIBVIRT_0.9.9;

Trivial rebase to avoid conflict

> diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
> index 8c2d6e1..bbaf22f 100644
> --- a/src/storage/storage_driver.c
> +++ b/src/storage/storage_driver.c
> @@ -1801,14 +1801,17 @@ out:
>  
>  
>  static int
> -storageVolumeWipeInternal(virStorageVolDefPtr def)
> +storageVolumeWipeInternal(virStorageVolDefPtr def,
> +                          unsigned int algorithm)
>  {
>      int ret = -1, fd = -1;
>      struct stat st;
>      char *writebuf = NULL;
>      size_t bytes_wiped = 0;
> +    virCommandPtr cmd = NULL;
>  
> -    VIR_DEBUG("Wiping volume with path '%s'", def->target.path);
> +    VIR_DEBUG("Wiping volume with path '%s' and algorithm %d",
> +              def->target.path, algorithm);

%u  here too


ACK if those minor fixes are done + obvious rebase conflict resolution


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]