diff --git a/src/gui.c b/src/gui.c index 1bb6cf7..8e1f433 100644 --- a/src/gui.c +++ b/src/gui.c @@ -2305,7 +2305,7 @@ void nwipe_gui_method( void ) extern int terminate_signal; /* The number of implemented methods. */ - const int count = 11; + const int count = 12; /* The first tabstop. */ const int tab1 = 2; @@ -2371,6 +2371,10 @@ void nwipe_gui_method( void ) { focus = 10; } + if( nwipe_options.method == &nwipe_bmb ) + { + focus = 11; + } do { @@ -2394,6 +2398,7 @@ void nwipe_gui_method( void ) mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify_one ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_is5enh ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_bruce7 ) ); + mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_bmb ) ); mvwprintw( main_window, yy++, tab1, " " ); /* Print the cursor. */ @@ -2542,6 +2547,23 @@ void nwipe_gui_method( void ) mvwprintw( main_window, 10, tab2, "it performs five additional passes of PRNG- " ); mvwprintw( main_window, 11, tab2, "generated random data to maximize security. " ); break; + case 11: + + mvwprintw( main_window, 2, tab2, "Security Level: very high (6 passes)" ); + + mvwprintw( main_window, 4, tab2, "BMB21-2019 Chinese State Secrets Bureau standard " ); + mvwprintw( main_window, 5, tab2, "Technical Requirement for Data Sanitization " ); + mvwprintw( main_window, 6, tab2, ". of Storage Media Involving State Secrets " ); + mvwprintw( + main_window, + 7, + tab2, + "This method first overwrites the device with " ); + mvwprintw( main_window, 8, tab2, "ones (0xFF), followed by zeroes (0x00). Then, " ); + mvwprintw( main_window, 9, tab2, "it performs three additional passes of PRNG- " ); + mvwprintw( main_window, 10, tab2, "generated random data to maximize security. " ); + mvwprintw( main_window, 11, tab2, "finally overwrites ones (0xFF) " ); + break; } /* switch */ @@ -2641,6 +2663,10 @@ void nwipe_gui_method( void ) case 10: nwipe_options.method = &nwipe_bruce7; break; + + case 11: + nwipe_options.method = &nwipe_bmb; + break; } } /* nwipe_gui_method */ diff --git a/src/method.c b/src/method.c index 5b6751c..259c3f3 100644 --- a/src/method.c +++ b/src/method.c @@ -69,6 +69,7 @@ const char* nwipe_verify_zero_label = "Verify Zeros (0x00)"; const char* nwipe_verify_one_label = "Verify Ones (0xFF)"; const char* nwipe_is5enh_label = "HMG IS5 Enhanced"; const char* nwipe_bruce7_label = "Bruce Schneier 7-Pass"; +const char* nwipe_bmb_label = "BMB21-2019"; const char* nwipe_unknown_label = "Unknown Method (FIXME)"; @@ -123,6 +124,10 @@ const char* nwipe_method_label( void* method ) { return nwipe_bruce7_label; } + if( method == &nwipe_bmb ) + { + return nwipe_bmb_label; + } /* else */ return nwipe_unknown_label; @@ -799,6 +804,42 @@ void* nwipe_bruce7( void* ptr ) return NULL; } +void* nwipe_bmb( void* ptr ) +{ + /** + * BMB Secure Wipe Method: + * Pass 1: 0xFF + * Pass 2: 0x00 + * Pass 3-5: 3× Random + * Pass 6: 0xFF + */ + + nwipe_context_t* c = (nwipe_context_t*) ptr; + + time( &c->start_time ); + c->wipe_status = 1; + + char onefill[1] = { '\xFF' }; + char zerofill[1] = { '\x00' }; + + nwipe_pattern_t patterns[] = { + { 1, &onefill[0] }, // 0xFF + { 1, &zerofill[0] }, // 0x00 + { -1, "" }, // RANDOM + { -1, "" }, // RANDOM + { -1, "" }, // RANDOM + { 1, &onefill[0] }, // 0xFF + { 0, NULL } // 0X00 + }; + + c->result = nwipe_runmethod( c, patterns ); + + c->wipe_status = 0; + time( &c->end_time ); + + return NULL; +} + int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns ) { /** diff --git a/src/method.h b/src/method.h index cb35e83..71d3558 100644 --- a/src/method.h +++ b/src/method.h @@ -55,6 +55,7 @@ void* nwipe_one( void* ptr ); void* nwipe_verify_zero( void* ptr ); void* nwipe_verify_one( void* ptr ); void* nwipe_bruce7( void* ptr ); +void* nwipe_bmb( void* ptr ); void calculate_round_size( nwipe_context_t* ); diff --git a/src/options.c b/src/options.c index 0798faa..926d999 100644 --- a/src/options.c +++ b/src/options.c @@ -391,6 +391,11 @@ int nwipe_options_parse( int argc, char** argv ) nwipe_options.method = &nwipe_bruce7; break; } + if( strcmp( optarg, "bmb" ) == 0 ) + { + nwipe_options.method = &nwipe_bmb; + break; + } /* Else we do not know this wipe method. */ fprintf( stderr, "Error: Unknown wipe method '%s'.\n", optarg ); @@ -666,46 +671,47 @@ void display_help() printf( "Options:\n" ); /* Limit line length to a maximum of 80 characters so it looks good in 80x25 terminals i.e shredos */ /* ___12345678901234567890123456789012345678901234567890123456789012345678901234567890< Do not exceed */ - puts( " -V, --version Prints the version number\n" ); - puts( " -v, --verbose Prints more messages to the log\n" ); - puts( " -h, --help Prints this help\n" ); - puts( " --autonuke If no devices have been specified on the command line," ); - puts( " starts wiping all devices immediately. If devices have" ); - puts( " been specified, starts wiping only those specified" ); - puts( " devices immediately.\n" ); - puts( " --autopoweroff Power off system on completion of wipe delayed for" ); - puts( " for one minute. During this one minute delay you can" ); - puts( " abort the shutdown by typing sudo shutdown -c\n" ); - printf( " --sync=NUM Will perform a sync after NUM writes (default: %d)\n", DEFAULT_SYNC_RATE ); - puts( " 0 - fdatasync after the disk is completely written." ); - puts( " fdatasync errors not detected until completion." ); - puts( " 0 is not recommended as disk errors may cause" ); - puts( " nwipe to appear to hang." ); - puts( " 1 - fdatasync after every write." ); - puts( " Warning: Lower values will reduce wipe speeds." ); - puts( " 1000 - fdatasync after 1000 writes etc.\n" ); - puts( " --verify=TYPE Whether to perform verification of erasure" ); - puts( " (default: last)" ); - puts( " off - Do not verify." ); - puts( " last - Verify after the last pass." ); - puts( " all - Verify every pass." ); - puts( " " ); - puts( " Please mind that HMG IS5 enhanced always verifies the" ); - puts( " last (PRNG) pass regardless of this option.\n" ); - puts( " -m, --method=METHOD The wiping method. See man page for more details." ); - puts( " (default: dodshort)" ); - puts( " dod522022m / dod - 7 pass DOD 5220.22-M method" ); - puts( " dodshort / dod3pass - 3 pass DOD method" ); - puts( " gutmann - Peter Gutmann's algorithm" ); - puts( " ops2 - RCMP TSSIT OPS-II" ); - puts( " random / prng / stream - PRNG Stream" ); - puts( " zero / quick - Overwrite with zeros (0x00)" ); - puts( " one - Overwrite with ones (0xFF)" ); - puts( " verify_zero - Verifies disk is zero (0x00) filled" ); - puts( " verify_one - Verifies disk is one (0xFF) filled" ); - puts( " is5enh - HMG IS5 enhanced\n" ); - puts( " bruce7 - Schneier Bruce 7-pass mixed pattern\n" ); - puts( " -l, --logfile=FILE Filename to log to. Default is STDOUT\n" ); + puts( " -V, --version Prints the version number\n" ); + puts( " -v, --verbose Prints more messages to the log\n" ); + puts( " -h, --help Prints this help\n" ); + puts( " --autonuke If no devices have been specified on the command line," ); + puts( " starts wiping all devices immediately. If devices have" ); + puts( " been specified, starts wiping only those specified" ); + puts( " devices immediately.\n" ); + puts( " --autopoweroff Power off system on completion of wipe delayed for" ); + puts( " for one minute. During this one minute delay you can" ); + puts( " abort the shutdown by typing sudo shutdown -c\n" ); + printf( " --sync=NUM Will perform a sync after NUM writes (default: %d)\n", DEFAULT_SYNC_RATE ); + puts( " 0 - fdatasync after the disk is completely written" ); + puts( " fdatasync errors not detected until completion." ); + puts( " 0 is not recommended as disk errors may cause" ); + puts( " nwipe to appear to hang" ); + puts( " 1 - fdatasync after every write" ); + puts( " Warning: Lower values will reduce wipe speeds." ); + puts( " 1000 - fdatasync after 1000 writes etc.\n" ); + puts( " --verify=TYPE Whether to perform verification of erasure" ); + puts( " (default: last)" ); + puts( " off - Do not verify" ); + puts( " last - Verify after the last pass" ); + puts( " all - Verify every pass" ); + puts( " " ); + puts( " Please mind that HMG IS5 enhanced always verifies the" ); + puts( " last (PRNG) pass regardless of this option.\n" ); + puts( " -m, --method=METHOD The wiping method. See man page for more details." ); + puts( " (default: dodshort)" ); + puts( " dod522022m / dod - 7 pass DOD 5220.22-M method" ); + puts( " dodshort / dod3pass - 3 pass DOD method" ); + puts( " gutmann - Peter Gutmann's Algorithm" ); + puts( " ops2 - RCMP TSSIT OPS-II" ); + puts( " random / prng / stream - PRNG Stream" ); + puts( " zero / quick - Overwrite with zeros" ); + puts( " one - Overwrite with ones (0xFF)" ); + puts( " verify_zero - Verifies disk is zero filled" ); + puts( " verify_one - Verifies disk is 0xFF filled" ); + puts( " is5enh - HMG IS5 enhanced\n" ); + puts( " bruce7 - Schneier Bruce 7-pass mixed pattern\n" ); + puts( " bmb - BMB21-2019 mixed pattern\n" ); + puts( " -l, --logfile=FILE Filename to log to. Default is STDOUT\n" ); puts( " -P, --PDFreportpath=PATH Path to write PDF reports to. Default is \".\"" ); puts( " If set to \"noPDF\" no PDF reports are written.\n" ); puts( " -p, --prng=METHOD PRNG option "