Narcissus/nwipe
2
0
Fork 0
mirror of https://github.com/martijnvanbrummelen/nwipe.git synced 2026-02-20 05:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

add an initial implementation of HMG IS5 enhanced

Browse Source 
I could not find the original specification of this standard, although
many proprietary implementations exist (or claim to exist). Also there
are many 3rd-party descriptions of the method, which often differ in one
or another detail, but after some reading I could conclude that the most
likely definition should be as follows:

1. Fill the device with zeroes, do not verify.
2. Fill the device with ones, do not verify.
3. Fill the device with a PRNG stream, do verify.

In other words, this is a simplified version of nwipe's "dodshort".
This commit is contained in:
Denis Ovsienko
2019-12-28 21:39:28 +00:00
parent ead64479f4
commit 04fe9f217e
6 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -15,6 +15,7 @@ The user can select from a variety of recognised secure erase methods which incl
* Gutmann Wipe - Peter Gutmann's method (Secure Deletion of Data from Magnetic and Solid-State Memory). * Gutmann Wipe - Peter Gutmann's method (Secure Deletion of Data from Magnetic and Solid-State Memory).
* PRNG Stream - Fills the device with a stream from the PRNG. * PRNG Stream - Fills the device with a stream from the PRNG.
* Verify only - This method only reads the device and checks that it is all zero. * Verify only - This method only reads the device and checks that it is all zero.
* HMG IS5 enhanced - Secure Sanitisation of Protectively Marked Information or Sensitive Information
It also includes the following pseudo random number generators: It also includes the following pseudo random number generators:
* Mersenne Twister * Mersenne Twister

5
man/nwipe.1
View File

@@ -60,6 +60,9 @@ off \- Do not verify
last \- Verify after the last pass last \- Verify after the last pass
.IP .IP
all \- Verify every pass all \- Verify every pass
.IP
Please mind that HMG IS5 enhanced always verifies the last (PRNG) pass
regardless of this option.
.TP .TP
\fB\-m\fR, \fB\-\-method\fR=\fIMETHOD\fR \fB\-m\fR, \fB\-\-method\fR=\fIMETHOD\fR
The wiping method (default: dodshort). The wiping method (default: dodshort).
@@ -77,6 +80,8 @@ random / prng / stream \- PRNG Stream
zero / quick \- Overwrite with zeros zero / quick \- Overwrite with zeros
.IP .IP
verify \- Verifies disk is zero filled verify \- Verifies disk is zero filled
.IP
is5enh \- HMG IS5 enhanced
.TP .TP
\fB\-l\fR, \fB\-\-logfile\fR=\fIFILE\fR \fB\-l\fR, \fB\-\-logfile\fR=\fIFILE\fR
Filename to log to. Default is STDOUT Filename to log to. Default is STDOUT

21
src/gui.c
View File

@@ -1454,7 +1454,7 @@ void nwipe_gui_method( void )
extern int terminate_signal; extern int terminate_signal;
/* The number of implemented methods. */ /* The number of implemented methods. */
const int count = 7; const int count = 8;
/* The first tabstop. */ /* The first tabstop. */
const int tab1 = 2; const int tab1 = 2;
@@ -1483,6 +1483,7 @@ void nwipe_gui_method( void )
if( nwipe_options.method == &nwipe_gutmann ) { focus = 4; } if( nwipe_options.method == &nwipe_gutmann ) { focus = 4; }
if( nwipe_options.method == &nwipe_random ) { focus = 5; } if( nwipe_options.method == &nwipe_random ) { focus = 5; }
if( nwipe_options.method == &nwipe_verify ) { focus = 6; } if( nwipe_options.method == &nwipe_verify ) { focus = 6; }
if( nwipe_options.method == &nwipe_is5enh ) { focus = 7; }
do do
@@ -1501,6 +1502,7 @@ void nwipe_gui_method( void )
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_gutmann ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_gutmann ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_random ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_random ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_is5enh ) );
mvwprintw( main_window, yy++, tab1, " " ); mvwprintw( main_window, yy++, tab1, " " );
/* Print the cursor. */ /* Print the cursor. */
@@ -1588,6 +1590,19 @@ void nwipe_gui_method( void )
break; break;
case 7:
mvwprintw( main_window, 2, tab2, "syslinux.cfg: nuke=\"nwipe --method is5enh\"" );
mvwprintw( main_window, 3, tab2, "Security Level: Medium (3 passes)" );
/* 0 1 2 3 4 5 6 7 8 */
mvwprintw( main_window, yy++, tab1, "HMG IA/IS 5 (Infosec Standard 5): Secure Sanitisation of Protectively Marked " );
mvwprintw( main_window, yy++, tab1, "Information or Sensitive Information " );
mvwprintw( main_window, yy++, tab1, " " );
mvwprintw( main_window, yy++, tab1, "This method fills the device with 0s, then with 1s, then with a PRNG stream, " );
mvwprintw( main_window, yy++, tab1, "then reads the device to verify the PRNG stream was successfully written. " );
break;
} /* switch */ } /* switch */
/* Add a border. */ /* Add a border. */
@@ -1665,6 +1680,10 @@ void nwipe_gui_method( void )
case 6: case 6:
nwipe_options.method = &nwipe_verify; nwipe_options.method = &nwipe_verify;
break; break;
case 7:
nwipe_options.method = &nwipe_is5enh;
break;
} }

24
src/method.c
View File

@@ -66,6 +66,7 @@ const char* nwipe_ops2_label = "RCMP TSSIT OPS-II";
const char* nwipe_random_label = "PRNG Stream"; const char* nwipe_random_label = "PRNG Stream";
const char* nwipe_zero_label = "Zero Fill"; const char* nwipe_zero_label = "Zero Fill";
const char* nwipe_verify_label = "Verify Blank"; const char* nwipe_verify_label = "Verify Blank";
const char* nwipe_is5enh_label = "HMG IS5 Enhanced";
const char* nwipe_unknown_label = "Unknown Method (FIXME)"; const char* nwipe_unknown_label = "Unknown Method (FIXME)";
@@ -83,6 +84,7 @@ const char* nwipe_method_label( void* method )
if( method == &nwipe_random ) { return nwipe_random_label; } if( method == &nwipe_random ) { return nwipe_random_label; }
if( method == &nwipe_zero ) { return nwipe_zero_label; } if( method == &nwipe_zero ) { return nwipe_zero_label; }
if( method == &nwipe_verify ) { return nwipe_verify_label; } if( method == &nwipe_verify ) { return nwipe_verify_label; }
if( method == &nwipe_is5enh ) { return nwipe_is5enh_label; }
/* else */ /* else */
return nwipe_unknown_label; return nwipe_unknown_label;
@@ -574,7 +576,24 @@ void *nwipe_ops2( void *ptr )
return NULL; return NULL;
} /* nwipe_ops2 */ } /* nwipe_ops2 */
void *nwipe_is5enh( void *ptr )
{
nwipe_context_t *c = (nwipe_context_t *) ptr;
c->wipe_status = 1;
char is5enh[3] = {'\x00', '\xFF', '\x00'};
nwipe_pattern_t patterns[] =
{
{ 1, &is5enh[0] }, /* Pass 1: 0s */
{ 1, &is5enh[1] }, /* Pass 2: 1s */
{ -1, &is5enh[2] }, /* Pass 3: random bytes with verification */
{ 0, NULL }
};
c->result = nwipe_runmethod( c, patterns );
c->wipe_status = 0;
return NULL;
} /* nwipe_is5enh */
void *nwipe_random( void *ptr ) void *nwipe_random( void *ptr )
{ {
@@ -796,7 +815,10 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns )
/* Check for a fatal error. */ /* Check for a fatal error. */
if( r < 0 ) { return r; } if( r < 0 ) { return r; }
if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 ) /* Make sure IS5 enhanced always verifies its PRNG pass regardless */
/* of the current combination of the --noblank (which influences */
/* the lastpass variable) and --verify options. */
if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 || nwipe_options.method == &nwipe_is5enh )
{ {
nwipe_log( NWIPE_LOG_NOTICE, "Verifying pass %i of %i, round %i of %i, on device '%s'.", \ nwipe_log( NWIPE_LOG_NOTICE, "Verifying pass %i of %i, round %i of %i, on device '%s'.", \
c->pass_working, c->pass_count, c->round_working, c->round_count, c->device_name ); c->pass_working, c->pass_count, c->round_working, c->round_count, c->device_name );

1
src/method.h
View File

@@ -50,6 +50,7 @@ void *nwipe_dod522022m( void *ptr );
void *nwipe_dodshort( void *ptr ); void *nwipe_dodshort( void *ptr );
void *nwipe_gutmann( void *ptr ); void *nwipe_gutmann( void *ptr );
void *nwipe_ops2( void *ptr ); void *nwipe_ops2( void *ptr );
void *nwipe_is5enh( void *ptr );
void *nwipe_random( void *ptr ); void *nwipe_random( void *ptr );
void *nwipe_zero( void *ptr ); void *nwipe_zero( void *ptr );
void *nwipe_verify( void *ptr ); void *nwipe_verify( void *ptr );

6
src/options.c
View File

@@ -254,6 +254,12 @@ int nwipe_options_parse( int argc, char** argv )
break; break;
} }
if( strcmp( optarg, "is5enh" ) == 0 )
{
nwipe_options.method = &nwipe_is5enh;
break;
}
/* Else we do not know this wipe method. */ /* Else we do not know this wipe method. */
fprintf( stderr, "Error: Unknown wipe method '%s'.\n", optarg ); fprintf( stderr, "Error: Unknown wipe method '%s'.\n", optarg );
exit( EINVAL ); exit( EINVAL );