From a379329fcac0bbc9924600f06b3d973d86eab322 Mon Sep 17 00:00:00 2001 From: PartialVolume Date: Thu, 28 Oct 2021 21:50:19 +0100 Subject: [PATCH] Add ones (0xFF) verification method. --- man/nwipe.1 | 8 +++-- src/gui.c | 33 +++++++++++++++----- src/method.c | 83 ++++++++++++++++++++++++++++++++++++++++++++------- src/method.h | 3 +- src/options.c | 13 ++++++-- 5 files changed, 116 insertions(+), 24 deletions(-) diff --git a/man/nwipe.1 b/man/nwipe.1 index cb7ca1e..a200e04 100644 --- a/man/nwipe.1 +++ b/man/nwipe.1 @@ -98,11 +98,13 @@ ops2 \- RCMP TSSIT OPS\-II .IP random / prng / stream \- PRNG Stream .IP -zero / quick \- Overwrite with zeros +zero / quick \- Overwrite with zeros 0x00 .IP -one \- Overwrite with ones +one \- Overwrite with ones 0xFF .IP -verify \- Verifies disk is zero filled +verify_zero \- Verifies disk is zero filled +.IP +verify_one \- Verifies disk is 0xFF filled .IP is5enh \- HMG IS5 enhanced .TP diff --git a/src/gui.c b/src/gui.c index 5ce57d6..b6ec3f5 100644 --- a/src/gui.c +++ b/src/gui.c @@ -1048,7 +1048,7 @@ void nwipe_gui_select( int count, nwipe_context_t** c ) break; } - if( nwipe_options.method == &nwipe_verify ) + if( nwipe_options.method == &nwipe_verify_zero || nwipe_options.method == &nwipe_verify_one ) { /* Warn the user about that zero blanking with the ops2 method is not allowed */ wattron( footer_window, COLOR_PAIR( 10 ) ); @@ -1244,7 +1244,8 @@ void nwipe_gui_options( void ) mvwprintw( options_window, NWIPE_GUI_OPTIONS_ROUNDS_Y, NWIPE_GUI_OPTIONS_ROUNDS_X, "Rounds: " ); /* Disable blanking for ops2 and verify methods */ - if( nwipe_options.method == &nwipe_ops2 || nwipe_options.method == &nwipe_verify ) + if( nwipe_options.method == &nwipe_ops2 || nwipe_options.method == &nwipe_verify_zero + || nwipe_options.method == &nwipe_verify_one ) { nwipe_options.noblank = 1; } @@ -1930,7 +1931,7 @@ void nwipe_gui_method( void ) extern int terminate_signal; /* The number of implemented methods. */ - const int count = 9; + const int count = 10; /* The first tabstop. */ const int tab1 = 2; @@ -1980,14 +1981,18 @@ void nwipe_gui_method( void ) { focus = 6; } - if( nwipe_options.method == &nwipe_verify ) + if( nwipe_options.method == &nwipe_verify_zero ) { focus = 7; } - if( nwipe_options.method == &nwipe_is5enh ) + if( nwipe_options.method == &nwipe_verify_one ) { focus = 8; } + if( nwipe_options.method == &nwipe_is5enh ) + { + focus = 9; + } do { @@ -2007,7 +2012,8 @@ void nwipe_gui_method( void ) mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_dod522022m ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_gutmann ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_random ) ); - mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify ) ); + mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify_zero ) ); + mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_verify_one ) ); mvwprintw( main_window, yy++, tab1, " %s", nwipe_method_label( &nwipe_is5enh ) ); mvwprintw( main_window, yy++, tab1, " " ); @@ -2124,6 +2130,15 @@ void nwipe_gui_method( void ) case 8: + mvwprintw( main_window, 2, tab2, "Security Level: Not applicable" ); + + mvwprintw( main_window, 4, tab2, "This method only reads the device and checks " ); + mvwprintw( main_window, 5, tab2, "that it is all ones (0xFF). " ); + + break; + + case 9: + mvwprintw( main_window, 2, tab2, "Security Level: higher (3 passes)" ); mvwprintw( main_window, 4, tab2, "HMG IA/IS 5 (Infosec Standard 5): Secure " ); @@ -2220,10 +2235,14 @@ void nwipe_gui_method( void ) break; case 7: - nwipe_options.method = &nwipe_verify; + nwipe_options.method = &nwipe_verify_zero; break; case 8: + nwipe_options.method = &nwipe_verify_one; + break; + + case 9: nwipe_options.method = &nwipe_is5enh; break; } diff --git a/src/method.c b/src/method.c index de7a7a6..e1cdcb1 100644 --- a/src/method.c +++ b/src/method.c @@ -65,7 +65,8 @@ const char* nwipe_ops2_label = "RCMP TSSIT OPS-II"; const char* nwipe_random_label = "PRNG Stream"; const char* nwipe_zero_label = "Fill With Zeros"; const char* nwipe_one_label = "Fill With Ones"; -const char* nwipe_verify_label = "Verify Blank"; +const char* nwipe_verify_zero_label = "Verify Zeros (0x00)"; +const char* nwipe_verify_one_label = "Verify Ones (0xFF)"; const char* nwipe_is5enh_label = "HMG IS5 Enhanced"; const char* nwipe_unknown_label = "Unknown Method (FIXME)"; @@ -105,9 +106,13 @@ const char* nwipe_method_label( void* method ) { return nwipe_one_label; } - if( method == &nwipe_verify ) + if( method == &nwipe_verify_zero ) { - return nwipe_verify_label; + return nwipe_verify_zero_label; + } + if( method == &nwipe_verify_one ) + { + return nwipe_verify_one_label; } if( method == &nwipe_is5enh ) { @@ -185,10 +190,40 @@ void* nwipe_one( void* ptr ) return NULL; } /* nwipe_one */ -void* nwipe_verify( void* ptr ) +void* nwipe_verify_zero( void* ptr ) { /** - * Fill the device with zeroes. + * Verify the device is full of zeros. + */ + + nwipe_context_t* c; + c = (nwipe_context_t*) ptr; + + /* get current time at the start of the wipe */ + time( &c->start_time ); + + /* set wipe in progress flag for GUI */ + c->wipe_status = 1; + + /* Do nothing because nwipe_runmethod appends a zero-fill. */ + nwipe_pattern_t patterns[] = { { 0, NULL } }; + + /* Run the method. */ + c->result = nwipe_runmethod( c, patterns ); + + /* Finished. Set the wipe_status flag so that the GUI knows */ + c->wipe_status = 0; + + /* get current time at the end of the wipe */ + time( &c->end_time ); + + return NULL; +} /* nwipe_verify zeros */ + +void* nwipe_verify_one( void* ptr ) +{ + /** + * Verify the device is full of ones. */ nwipe_context_t* c; @@ -739,6 +774,9 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns ) /* The zero-fill pattern for the final pass of most methods. */ nwipe_pattern_t pattern_zero = { 1, "\x00" }; + /* The one-fill pattern for verification of the ones fill */ + nwipe_pattern_t pattern_one = { 1, "\xFF" }; + /* Create the PRNG state buffer. */ c->prng_seed.length = NWIPE_KNOB_PRNG_STATE_LENGTH; c->prng_seed.s = malloc( c->prng_seed.length ); @@ -769,7 +807,7 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns ) c->result = c->round_size; /* If only verifing then the round size is the device size */ - if( nwipe_options.method == &nwipe_verify ) + if( nwipe_options.method == &nwipe_verify_zero || nwipe_options.method == &nwipe_verify_one ) { c->round_size = c->device_size; } @@ -1032,9 +1070,9 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns ) } /* final ops2 */ - else if( nwipe_options.method == &nwipe_verify ) + else if( nwipe_options.method == &nwipe_verify_zero ) { - nwipe_log( NWIPE_LOG_NOTICE, "Verifying that %s is empty", c->device_name ); + nwipe_log( NWIPE_LOG_NOTICE, "Verifying that %s is zeroed", c->device_name ); /* Verify the final zero pass. */ c->pass_type = NWIPE_PASS_VERIFY; @@ -1048,11 +1086,36 @@ int nwipe_runmethod( nwipe_context_t* c, nwipe_pattern_t* patterns ) } if( c->verify_errors == 0 ) { - nwipe_log( NWIPE_LOG_NOTICE, "[SUCCESS] Verified that %s is empty.", c->device_name ); + nwipe_log( NWIPE_LOG_NOTICE, "[SUCCESS] Verified that %s is Zeroed.", c->device_name ); } else { - nwipe_log( NWIPE_LOG_ERROR, "[FAILURE] %s is not empty .", c->device_name ); + nwipe_log( NWIPE_LOG_ERROR, "[FAILURE] %s has not been Zeroed .", c->device_name ); + } + + } /* verify */ + + else if( nwipe_options.method == &nwipe_verify_one ) + { + nwipe_log( NWIPE_LOG_NOTICE, "Verifying that %s is Ones (0xFF)", c->device_name ); + + /* Verify the final ones pass. */ + c->pass_type = NWIPE_PASS_VERIFY; + r = nwipe_static_verify( c, &pattern_one ); + c->pass_type = NWIPE_PASS_NONE; + + /* Check for a fatal error. */ + if( r < 0 ) + { + return r; + } + if( c->verify_errors == 0 ) + { + nwipe_log( NWIPE_LOG_NOTICE, "[SUCCESS] Verified that %s is full of ones (0xFF).", c->device_name ); + } + else + { + nwipe_log( NWIPE_LOG_ERROR, "[FAILURE] %s is not full of ones (0xFF).", c->device_name ); } } /* verify */ diff --git a/src/method.h b/src/method.h index a58d26b..f6fdbc2 100644 --- a/src/method.h +++ b/src/method.h @@ -52,7 +52,8 @@ void* nwipe_is5enh( void* ptr ); void* nwipe_random( void* ptr ); void* nwipe_zero( void* ptr ); void* nwipe_one( void* ptr ); -void* nwipe_verify( void* ptr ); +void* nwipe_verify_zero( void* ptr ); +void* nwipe_verify_one( void* ptr ); void calculate_round_size( nwipe_context_t* ); diff --git a/src/options.c b/src/options.c index 8bd20a4..8d68738 100644 --- a/src/options.c +++ b/src/options.c @@ -282,9 +282,15 @@ int nwipe_options_parse( int argc, char** argv ) break; } - if( strcmp( optarg, "verify" ) == 0 ) + if( strcmp( optarg, "verify_zero" ) == 0 ) { - nwipe_options.method = &nwipe_verify; + nwipe_options.method = &nwipe_verify_zero; + break; + } + + if( strcmp( optarg, "verify_one" ) == 0 ) + { + nwipe_options.method = &nwipe_verify_one; break; } @@ -536,7 +542,8 @@ void display_help() puts( " random / prng / stream - PRNG Stream" ); puts( " zero / quick - Overwrite with zeros" ); puts( " one - Overwrite with ones (0xFF)" ); - puts( " verify - Verifies disk is zero filled\n" ); + puts( " verify_zero - Verifies disk is zero filled\n" ); + puts( " verify_one - Verifies disk is 0xFF filled\n" ); puts( " -l, --logfile=FILE Filename to log to. Default is STDOUT\n" ); puts( " -p, --prng=METHOD PRNG option (mersenne|twister|isaac)\n" ); puts( " -r, --rounds=NUM Number of times to wipe the device using the selected" );