Narcissus/nwipe
2
0
Fork 0
mirror of https://github.com/martijnvanbrummelen/nwipe.git synced 2026-02-20 05:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #168 from infrastation/master

Browse Source 
add HMG IS5 enhanced and make minor fixups
This commit is contained in:
PartialVolume
2019-12-29 20:55:57 +00:00
committed by GitHub
parent 559bc3db56 615c2ee035
commit 7a87bafc0f
6 changed files with 75 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -15,11 +15,11 @@ The user can select from a variety of recognised secure erase methods which incl
* Gutmann Wipe - Peter Gutmann's method (Secure Deletion of Data from Magnetic and Solid-State Memory).
* PRNG Stream - Fills the device with a stream from the PRNG.
* Verify only - This method only reads the device and checks that it is all zero.
* HMG IS5 enhanced - Secure Sanitisation of Protectively Marked Information or Sensitive Information
It also includes the following pseudo random number generators:
* mersenne
* twister
* isaac
* Mersenne Twister
* ISAAC
It is a fork of the dwipe command used by
Darik's Boot and Nuke (dban). nwipe is included with [partedmagic](https://partedmagic.com) and

14
man/nwipe.1
View File

@@ -1,4 +1,4 @@
.TH NWIPE "1" "September 2019" "nwipe version 0.26" "User Commands"
.TH NWIPE "1" "December 2019" "nwipe version 0.26" "User Commands"
.SH NAME
nwipe \- securely erase disks
.SH SYNOPSIS
@@ -37,6 +37,10 @@ those specified devices immediately.
\fB\-\-sync\fR
Open devices in sync mode
.TP
\fB\-\-noblank\fR
Do not perform the final blanking pass after the wipe (default is to blank,
except when the method is RCMP TSSIT OPS\-II).
.TP
\fB\-\-nowait\fR
Do not wait for a key before exiting (default is to wait).
.TP
@@ -50,9 +54,15 @@ SIGUSR1 can be used to retrieve the current wiping statistics.
.TP
\fB\-\-verify\fR=\fITYPE\fR
Whether to perform verification of erasure (default: last)
.IP
off \- Do not verify
.IP
last \- Verify after the last pass
.IP
all \- Verify every pass
.IP
Please mind that HMG IS5 enhanced always verifies the last (PRNG) pass
regardless of this option.
.TP
\fB\-m\fR, \fB\-\-method\fR=\fIMETHOD\fR
The wiping method (default: dodshort).
@@ -70,6 +80,8 @@ random / prng / stream \- PRNG Stream
zero / quick \- Overwrite with zeros
.IP
verify \- Verifies disk is zero filled
.IP
is5enh \- HMG IS5 enhanced
.TP
\fB\-l\fR, \fB\-\-logfile\fR=\fIFILE\fR
Filename to log to. Default is STDOUT

27
src/gui.c
View File

@@ -1366,15 +1366,19 @@ void nwipe_gui_noblank( void )
/* 0 1 2 3 4 5 6 7 8 */
mvwprintw( main_window, yy++, tab1, "Perform a final blanking pass after the wipe, leaving disk with only zeros. " );
mvwprintw( main_window, yy++, tab1, "Note that the RCMP TSSIT OPS-II method never blanks the device regardless " );
mvwprintw( main_window, yy++, tab1, "of this setting. " );
mvwprintw( main_window, yy++, tab1, " " );
break;
case 1:
mvwprintw( main_window, 2, tab2, "syslinux.cfg: nuke=\"nwipe -b\"" );
mvwprintw( main_window, 2, tab2, "syslinux.cfg: nuke=\"nwipe --noblank\"" );
/* 0 1 2 3 4 5 6 7 8 */
mvwprintw( main_window, yy++, tab1, "Do not perform a final blanking pass. Leave data as per final wiping pass. " );
mvwprintw( main_window, yy++, tab1, "Note that the RCMP TSSIT OPS-II method never blanks the device regardless " );
mvwprintw( main_window, yy++, tab1, "of this setting. " );
mvwprintw( main_window, yy++, tab1, " " );
break;
@@ -1450,7 +1454,7 @@ void nwipe_gui_method( void )
extern int terminate_signal;
/* The number of implemented methods. */
const int count = 7;
const int count = 8;
/* The first tabstop. */
const int tab1 = 2;
@@ -1479,6 +1483,7 @@ void nwipe_gui_method( void )
if( nwipe_options.method == &nwipe_gutmann ) { focus = 4; }
if( nwipe_options.method == &nwipe_random ) { focus = 5; }
if( nwipe_options.method == &nwipe_verify ) { focus = 6; }
if( nwipe_options.method == &nwipe_is5enh ) { focus = 7; }
do
@@ -1497,6 +1502,7 @@ void nwipe_gui_method( void )
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_gutmann ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_random ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify ) );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_is5enh ) );
mvwprintw( main_window, yy++, tab1, " " );
/* Print the cursor. */
@@ -1584,6 +1590,19 @@ void nwipe_gui_method( void )
break;
case 7:
mvwprintw( main_window, 2, tab2, "syslinux.cfg: nuke=\"nwipe --method is5enh\"" );
mvwprintw( main_window, 3, tab2, "Security Level: Medium (3 passes)" );
/* 0 1 2 3 4 5 6 7 8 */
mvwprintw( main_window, yy++, tab1, "HMG IA/IS 5 (Infosec Standard 5): Secure Sanitisation of Protectively Marked " );
mvwprintw( main_window, yy++, tab1, "Information or Sensitive Information " );
mvwprintw( main_window, yy++, tab1, " " );
mvwprintw( main_window, yy++, tab1, "This method fills the device with 0s, then with 1s, then with a PRNG stream, " );
mvwprintw( main_window, yy++, tab1, "then reads the device to verify the PRNG stream was successfully written. " );
break;
} /* switch */
/* Add a border. */
@@ -1661,6 +1680,10 @@ void nwipe_gui_method( void )
case 6:
nwipe_options.method = &nwipe_verify;
break;
case 7:
nwipe_options.method = &nwipe_is5enh;
break;
}

30
src/method.c
View File

@@ -22,11 +22,11 @@
/* HOWTO: Add another wipe method.
*
* 1. Create a new function here and add the prototype to the 'nwipe.h' file.
* 1. Create a new function here and add the prototype to the 'method.h' file.
* 2. Update nwipe_method_label() appropriately.
* 3. Put the passes that you wish to run into a nwipe_patterns_t array.
* 3. Put the passes that you wish to run into a nwipe_pattern_t array.
* 4. Call nwipe_runmethod() with your array of patterns.
* 5. Cut-and-paste within the 'options.c' file so that the new method can be invoked.
* 5. Copy-and-paste within the 'options.c' file so that the new method can be invoked.
* 6. Optionally try to plug your function into 'gui.c'.
*
*
@@ -66,6 +66,7 @@ const char* nwipe_ops2_label = "RCMP TSSIT OPS-II";
const char* nwipe_random_label = "PRNG Stream";
const char* nwipe_zero_label = "Zero Fill";
const char* nwipe_verify_label = "Verify Blank";
const char* nwipe_is5enh_label = "HMG IS5 Enhanced";
const char* nwipe_unknown_label = "Unknown Method (FIXME)";
@@ -83,6 +84,7 @@ const char* nwipe_method_label( void* method )
if( method == &nwipe_random ) { return nwipe_random_label; }
if( method == &nwipe_zero ) { return nwipe_zero_label; }
if( method == &nwipe_verify ) { return nwipe_verify_label; }
if( method == &nwipe_is5enh ) { return nwipe_is5enh_label; }
/* else */
return nwipe_unknown_label;
@@ -574,7 +576,24 @@ void *nwipe_ops2( void *ptr )
return NULL;
} /* nwipe_ops2 */
void *nwipe_is5enh( void *ptr )
{
nwipe_context_t *c = (nwipe_context_t *) ptr;
c->wipe_status = 1;
char is5enh[3] = {'\x00', '\xFF', '\x00'};
nwipe_pattern_t patterns[] =
{
{ 1, &is5enh[0] }, /* Pass 1: 0s */
{ 1, &is5enh[1] }, /* Pass 2: 1s */
{ -1, &is5enh[2] }, /* Pass 3: random bytes with verification */
{ 0, NULL }
};
c->result = nwipe_runmethod( c, patterns );
c->wipe_status = 0;
return NULL;
} /* nwipe_is5enh */
void *nwipe_random( void *ptr )
{
@@ -796,7 +815,10 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns )
/* Check for a fatal error. */
if( r < 0 ) { return r; }
if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 )
/* Make sure IS5 enhanced always verifies its PRNG pass regardless */
/* of the current combination of the --noblank (which influences */
/* the lastpass variable) and --verify options. */
if( nwipe_options.verify == NWIPE_VERIFY_ALL || lastpass == 1 || nwipe_options.method == &nwipe_is5enh )
{
nwipe_log( NWIPE_LOG_NOTICE, "Verifying pass %i of %i, round %i of %i, on device '%s'.", \
c->pass_working, c->pass_count, c->round_working, c->round_count, c->device_name );

1
src/method.h
View File

@@ -50,6 +50,7 @@ void *nwipe_dod522022m( void *ptr );
void *nwipe_dodshort( void *ptr );
void *nwipe_gutmann( void *ptr );
void *nwipe_ops2( void *ptr );
void *nwipe_is5enh( void *ptr );
void *nwipe_random( void *ptr );
void *nwipe_zero( void *ptr );
void *nwipe_verify( void *ptr );

8
src/options.c
View File

@@ -53,7 +53,7 @@ int nwipe_options_parse( int argc, char** argv )
int i;
/* The list of acceptable short options. */
char nwipe_options_short[] = "Vhl:hm:p:r:e:";
char nwipe_options_short[] = "Vhl:m:p:r:e:";
/* The list of acceptable long options. */
static struct option nwipe_options_long[] = {
@@ -252,6 +252,12 @@ int nwipe_options_parse( int argc, char** argv )
break;
}
if( strcmp( optarg, "is5enh" ) == 0 )
{
nwipe_options.method = &nwipe_is5enh;
break;
}
/* Else we do not know this wipe method. */
fprintf( stderr, "Error: Unknown wipe method '%s'.\n", optarg );
exit( EINVAL );