On Mon, Jan 09, 2012 at 05:56:19PM +0100, Michal Privoznik wrote: > Currently, we support only filling a volume with zeroes on wiping. > However, it is not enough as data might still be readable by > experienced and equipped attacker. Many technical papers have been > written, therefore we should support other wiping algorithms. > --- > diff to v1: > -Daniel's suggestions taken in (notably, moved to new API) > configure.ac | 27 ++++++++++- > include/libvirt/libvirt.h.in | 30 ++++++++++++ > src/driver.h | 5 ++ > src/libvirt.c | 49 +++++++++++++++++++ > src/libvirt_public.syms | 5 ++ > src/remote/remote_driver.c | 1 + > src/remote/remote_protocol.x | 9 +++- > src/remote_protocol-structs | 6 ++ > src/storage/storage_driver.c | 105 ++++++++++++++++++++++++++++++++++-------- > tools/virsh.c | 37 +++++++++++++-- > tools/virsh.pod | 26 ++++++++++- > 11 files changed, 271 insertions(+), 29 deletions(-) Sorry I missed this before - it is better to start a new top level thread, and include "v2" in the subject line to make it stand out, otherwise it gets threaded in with old archived mail. > diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in > index ad6fcce..15ba928 100644 > --- a/include/libvirt/libvirt.h.in > +++ b/include/libvirt/libvirt.h.in > @@ -2118,6 +2118,33 @@ typedef enum { > VIR_STORAGE_VOL_DELETE_ZEROED = 1, /* Clear all data to zeros (slow) */ > } virStorageVolDeleteFlags; > > +typedef enum { > + VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */ q> + VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass NNSA Policy Letter > + NAP-14.1-C (XVI-8) */ > + VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section > + 8-306 procedure */ > + VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the > + German Center of Security in > + Information Technologies */ > + VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */ > + VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by > + Bruce Schneier in "Applied > + Cryptography" (1996) */ > + VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */ > + > + VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */ > + > + VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */ > + With eric's recent change you can add #ifdef VIR_ENUM_SENTINELS > + /* > + * NB: this enum value will increase over time as new algorithms are > + * added to the libvirt API. It reflects the last algorithm supported > + * by this version of the libvirt API. > + */ > + VIR_STORAGE_VOL_WIPE_ALG_LAST #endif > +} virStorageVolWipeAlgorithm; > + > /** > + * virStorageVolWipePattern: > + * @vol: pointer to storage volume > + * @algorithm: one of virStorageVolWipeAlgorithm > + * @flags: future flags, use 0 for now > + * > + * Similar to virStorageVolWipe, but one can choose > + * between different wiping algorithms. > + * > + * Returns 0 on success, or -1 on error. > + */ > +int > +virStorageVolWipePattern(virStorageVolPtr vol, > + unsigned int algorithm, > + unsigned int flags) > +{ > + virConnectPtr conn; > + VIR_DEBUG("vol=%p, algorithm=%d, flags=%x", vol, algorithm, flags); %u for algorithm since it is unsigned now > + > + virResetLastError(); > + > + if (!VIR_IS_CONNECTED_STORAGE_VOL(vol)) { > + virLibStorageVolError(VIR_ERR_INVALID_STORAGE_VOL, __FUNCTION__); > + virDispatchError(NULL); > + return -1; > + } > + > + conn = vol->conn; > + if (conn->flags & VIR_CONNECT_RO) { > + virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); > + goto error; > + } > + > + if (conn->storageDriver && conn->storageDriver->volWipePattern) { > + int ret; > + ret = conn->storageDriver->volWipePattern(vol, algorithm, flags); > + if (ret < 0) { > + goto error; > + } > + return ret; > + } > + > + virLibConnError(VIR_ERR_NO_SUPPORT, __FUNCTION__); > + > +error: > + virDispatchError(vol->conn); > + return -1; > +} > + > +/** > * virStorageVolFree: > * @vol: pointer to storage volume > * > diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms > index 4ca7216..09dd17c 100644 > --- a/src/libvirt_public.syms > +++ b/src/libvirt_public.syms > @@ -516,4 +516,9 @@ LIBVIRT_0.9.9 { > virDomainSetNumaParameters; > } LIBVIRT_0.9.8; > > +LIBVIRT_0.9.10 { > + global: > + virStorageVolWipePattern; > +} LIBVIRT_0.9.9; Trivial rebase to avoid conflict > diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c > index 8c2d6e1..bbaf22f 100644 > --- a/src/storage/storage_driver.c > +++ b/src/storage/storage_driver.c > @@ -1801,14 +1801,17 @@ out: > > > static int > -storageVolumeWipeInternal(virStorageVolDefPtr def) > +storageVolumeWipeInternal(virStorageVolDefPtr def, > + unsigned int algorithm) > { > int ret = -1, fd = -1; > struct stat st; > char *writebuf = NULL; > size_t bytes_wiped = 0; > + virCommandPtr cmd = NULL; > > - VIR_DEBUG("Wiping volume with path '%s'", def->target.path); > + VIR_DEBUG("Wiping volume with path '%s' and algorithm %d", > + def->target.path, algorithm); %u here too ACK if those minor fixes are done + obvious rebase conflict resolution Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list