add an initial implementation of HMG IS5 enhanced

I could not find the original specification of this standard, although
many proprietary implementations exist (or claim to exist). Also there
are many 3rd-party descriptions of the method, which often differ in one
or another detail, but after some reading I could conclude that the most
likely definition should be as follows:

1. Fill the device with zeroes, do not verify.
2. Fill the device with ones, do not verify.
3. Fill the device with a PRNG stream, do verify.

In other words, this is a simplified version of nwipe's "dodshort".

README.md

@@ -15,6 +15,7 @@ The user can select from a variety of recognised secure erase methods which incl
 * Gutmann Wipe       - Peter Gutmann's method (Secure Deletion of Data from Magnetic and Solid-State Memory).
 * PRNG Stream        - Fills the device with a stream from the PRNG.
 * Verify only        - This method only reads the device and checks that it is all zero.
+* HMG IS5 enhanced   - Secure Sanitisation of Protectively Marked Information or Sensitive Information
 
 It also includes the following pseudo random number generators:
 * Mersenne Twister

man/nwipe.1

@@ -60,6 +60,9 @@ off   \- Do not verify
 last  \- Verify after the last pass
 .IP
 all   \- Verify every pass
+.IP
+Please mind that HMG IS5 enhanced always verifies the last (PRNG) pass
+regardless of this option.
 .TP
 \fB\-m\fR, \fB\-\-method\fR=\fIMETHOD\fR
 The wiping method (default: dodshort).
@@ -77,6 +80,8 @@ random / prng / stream \- PRNG Stream
 zero / quick           \- Overwrite with zeros
 .IP
 verify                 \- Verifies disk is zero filled
+.IP
+is5enh                 \- HMG IS5 enhanced
 .TP
 \fB\-l\fR, \fB\-\-logfile\fR=\fIFILE\fR
 Filename to log to. Default is STDOUT

src/gui.c

@@ -1454,7 +1454,7 @@ void nwipe_gui_method( void )
    extern int terminate_signal;
 
 	/* The number of implemented methods. */
-	const int count = 7;
+	const int count = 8;
 
 	/* The first tabstop. */
 	const int tab1 = 2;
@@ -1483,6 +1483,7 @@ void nwipe_gui_method( void )
         if( nwipe_options.method == &nwipe_gutmann    ) { focus = 4; }
         if( nwipe_options.method == &nwipe_random     ) { focus = 5; }
         if( nwipe_options.method == &nwipe_verify     ) { focus = 6; }
+        if( nwipe_options.method == &nwipe_is5enh     ) { focus = 7; }
 
 
 	do
@@ -1501,6 +1502,7 @@ void nwipe_gui_method( void )
                 mvwprintw( main_window, yy++, tab1, "  %s", nwipe_method_label( &nwipe_gutmann    ) );
                 mvwprintw( main_window, yy++, tab1, "  %s", nwipe_method_label( &nwipe_random     ) );
                 mvwprintw( main_window, yy++, tab1, "  %s", nwipe_method_label( &nwipe_verify     ) );
+                mvwprintw( main_window, yy++, tab1, "  %s", nwipe_method_label( &nwipe_is5enh     ) );
                 mvwprintw( main_window, yy++, tab1, "                                             " );
 
 		/* Print the cursor. */
@@ -1588,6 +1590,19 @@ void nwipe_gui_method( void )
 
 				break;
 
+			case 7:
+
+				mvwprintw( main_window, 2, tab2, "syslinux.cfg: nuke=\"nwipe --method is5enh\"" );
+				mvwprintw( main_window, 3, tab2, "Security Level: Medium (3 passes)" );
+
+				/*                                 0         1         2         3         4         5         6         7         8  */
+				mvwprintw( main_window, yy++, tab1, "HMG IA/IS 5 (Infosec Standard 5): Secure Sanitisation of Protectively Marked " );
+				mvwprintw( main_window, yy++, tab1, "Information or Sensitive Information                                         " );
+				mvwprintw( main_window, yy++, tab1, "                                                                             " );
+				mvwprintw( main_window, yy++, tab1, "This method fills the device with 0s, then with 1s, then with a PRNG stream, " );
+				mvwprintw( main_window, yy++, tab1, "then reads the device to verify the PRNG stream was successfully written.    " );
+				break;
+
 		} /* switch */
 
 		/* Add a border. */
@@ -1665,6 +1680,10 @@ void nwipe_gui_method( void )
                 case 6:
                         nwipe_options.method = &nwipe_verify;
                         break;
+
+                case 7:
+                        nwipe_options.method = &nwipe_is5enh;
+                        break;
         }
 
 

src/method.c

@@ -66,6 +66,7 @@ const char* nwipe_ops2_label       = "RCMP TSSIT OPS-II";
 const char* nwipe_random_label     = "PRNG Stream";
 const char* nwipe_zero_label       = "Zero Fill";
 const char* nwipe_verify_label     = "Verify Blank";
+const char* nwipe_is5enh_label     = "HMG IS5 Enhanced";
 
 const char* nwipe_unknown_label    = "Unknown Method (FIXME)";
 
@@ -83,6 +84,7 @@ const char* nwipe_method_label( void* method )
 	if( method == &nwipe_random     ) { return nwipe_random_label;     }
 	if( method == &nwipe_zero       ) { return nwipe_zero_label;       }
 	if( method == &nwipe_verify     ) { return nwipe_verify_label;     }
+	if( method == &nwipe_is5enh     ) { return nwipe_is5enh_label;     }
 
 	/* else */
 	return nwipe_unknown_label;
@@ -574,7 +576,24 @@ void *nwipe_ops2( void *ptr )
     return NULL;
 } /* nwipe_ops2 */
 
+void *nwipe_is5enh( void *ptr )
+{
+	nwipe_context_t *c = (nwipe_context_t *) ptr;
+	c->wipe_status = 1;
 
+	char is5enh[3] = {'\x00', '\xFF', '\x00'};
+	nwipe_pattern_t patterns[] =
+	{
+		{  1, &is5enh[0] }, /* Pass 1: 0s                                */
+		{  1, &is5enh[1] }, /* Pass 2: 1s                                */
+		{ -1, &is5enh[2] }, /* Pass 3: random bytes with verification    */
+		{  0, NULL   }
+	};
+	c->result = nwipe_runmethod( c, patterns );
+
+	c->wipe_status = 0;
+	return NULL;
+} /* nwipe_is5enh */
 
 void *nwipe_random( void *ptr )
 {
@@ -796,7 +815,10 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns )
 				/* Check for a fatal error. */
 				if( r < 0 ) { return r; }
 	
-				if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 )
+				/* Make sure IS5 enhanced always verifies its PRNG pass regardless */
+				/* of the current combination of the --noblank (which influences   */
+				/* the lastpass variable) and --verify options.                    */
+				if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 || nwipe_options.method == &nwipe_is5enh )
 				{
 					nwipe_log( NWIPE_LOG_NOTICE, "Verifying pass %i of %i, round %i of %i, on device '%s'.", \
 			  		  c->pass_working, c->pass_count, c->round_working, c->round_count, c->device_name );

src/method.h

@@ -50,6 +50,7 @@ void *nwipe_dod522022m( void *ptr );
 void *nwipe_dodshort( void *ptr );
 void *nwipe_gutmann( void *ptr );
 void *nwipe_ops2( void *ptr );
+void *nwipe_is5enh( void *ptr );
 void *nwipe_random( void *ptr );
 void *nwipe_zero( void *ptr );
 void *nwipe_verify( void *ptr );

src/options.c

@@ -254,6 +254,12 @@ int nwipe_options_parse( int argc, char** argv )
 					break;
 				}
 
+				if( strcmp( optarg, "is5enh" ) == 0 )
+				{
+					nwipe_options.method = &nwipe_is5enh;
+					break;
+				}
+
 				/* Else we do not know this wipe method. */
 				fprintf( stderr, "Error: Unknown wipe method '%s'.\n", optarg );
 				exit( EINVAL );