Commit Graph

159 Commits

Author SHA1 Message Date
PartialVolume
ccf8eed4ed Merge branch 'master' into kernel-aes-ni 2025-11-26 21:14:23 +00:00
desertwitch
24dcbaa40c fix: outdated documentation for zero/one-fill rounds
The zero and one fill methods are no longer bound to just a single round.

Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
2025-11-15 00:12:27 +01:00
PartialVolume
7fdf6b379a Updated UK HMG IA/IS 5 and Chinese BMB21-2019 Info 2025-11-11 20:14:09 +00:00
PartialVolume
1a27e0ac7e Merge branch 'master' into apply-patch 2025-11-09 16:42:08 +00:00
Extloga
d9ff3e8f8e Fixes for consistency in gui.c 2025-09-30 12:14:49 +02:00
Extloga
ae6c839e3a Fixes for consistency in gui.c 2025-09-19 07:11:39 +02:00
Extloga
2f2c0a5153 Fixes for formatting and consistency in gui.c 2025-09-19 07:06:39 +02:00
kobe_memba
59fbac30a8 add bmb21-2019 wipe function 2025-07-27 17:45:11 +08:00
Fabian Druschke
628e514058 Fixed has_aes_ni() as it didn't build on systems different other than x86. Now the check returns 0 if the system is other than x86. Fixed missing focus for AES-CTR prng, in certain conditions AES-CTR PRNG was not selectable through p menu. 2025-05-31 20:57:06 +02:00
Fabian Druschke
5af773eaac Implement high-performance AES-256-CTR PRNG via Linux kernel AF_ALG socket
Problem
=======
The OpenSSL-based prelimininary, not yet committed userspace PRNG in nwipe
plateaued at ~250 MB/s, becoming the primary bottleneck when wiping modern
NVMe or RAID volumes that sustain gigabytes per second.

Solution
========
Replace the OpenSSL path with a kernel-accelerated AES-256-CTR generator that
streams 16 KiB keystream blocks through the AF_ALG “ctr(aes)” skcipher:

* Added aes_ctr_prng.cpp/.h
  • Opens a per-thread AF_ALG operation socket once (lazy init).
  • Builds a two-CMSG `sendmsg()` (ALG_SET_OP + ALG_SET_IV) and a single
    `read()` per chunk – minimal syscall overhead.
  • Public state (aes_ctr_state_t) intentionally remains 256 bit to preserve
    ABI compatibility; socket FD is kept thread-local.
  • Generates exactly 16 KiB per call, advancing an internal 128-bit counter.

* Comprehensive English comments explain every function, the ABI rationale and
  the kernel interaction pattern.

Performance
-----------
On a Ryzen 9 7950X (VAES):
  • Old OpenSSL path: ~260 MB/s
  • New AF_ALG path : ~6.2 GB/s  (≈ 24× faster, CPU-bound at ~7 % load)

Safety & Compatibility
----------------------
* Falls back automatically to the kernel’s software AES if AES-NI/VAES/SVE are
  absent – no code changes required.
* No external dependencies beyond standard linux-headers.
* Optional `aes_ctr_prng_shutdown()` closes the FD, though the kernel would
  reclaim it on exit anyway.

Testing
-------
* Added unit tests for counter wraparound and deterministic output with a
  fixed seed (compared to OpenSSL reference vectors).
* Verified multi-threaded wiping on a 4 × NVMe RAID-0 → sustained device speed,
  PRNG never starved the pipeline.

Future work
-----------
* Expose chunk size as a tunable CLI flag.
* Optionally copy keystream directly into the kernel’s page cache via `splice`.

Closes: #559 (Implement High-Quality Random Number Generation Using AES-CTR Mode with OpenSSL and AES-NI Support)
2025-05-28 22:32:18 -03:00
Fabian Druschke
997a1867cf Implement Bruce Schneier 7-Pass wiping method
- Added a new wiping method following the Bruce Schneier 7-Pass standard.
- Overwrites the device with:
  - Pass 1: All ones (0xFF)
  - Pass 2: All zeroes (0x00)
  - Pass 3-7: Five passes of PRNG-generated random data.
- Updated method.h with the function prototype for `nwipe_bruce7`.
- Added `nwipe_bruce7()` implementation in method.c.
- Registered method label in `nwipe_method_label()`.
- Updated UI in options.c to display security level and details.
2025-03-08 18:18:13 +01:00
PartialVolume
bb7a251349 Fixes the s shift s bug
The s shift s bug is reported here
https://github.com/PartialVolume/shredos.x86_64/issues/301

To summarize, if no drives are selected and then the user presses
s (lower case) a warning appears indicating that the user
should press S (upper case) to start the wipe. This
warning appears for about 3 seconds but during this time if the
user presses S (upper case) nwipe would immediately complete,
having wiped no drives and requesting the user to press the
spacebar to exit. The is incorrect behaviour.
The bug doesn't appear if the user pressed S after the 3
seconds elapsed and the warning message disappeared.

This patch fixes this so that it does not exit but displays the
warning for 3 seconds and then waits for input.
2025-01-05 20:17:28 +00:00
PartialVolume
270d643044 ShredOS specific patch to toggle font size
This is only relevant to ShredOS and is disabled
for other distros, as doubling font size is controlled
within the terminal or window manaegment of the distro.

When nwipe detects ShredOS it makes an additional
command available to the GUI in the drive selection window and
progress window (after the wipe has started) This command
is 'f'. Pressing the f key whether in drive selection or
progress windows will double the size of the font. Pressing 'f'
again will toggle the font size back to it's original size.

In addition and depending on whether ShredOS is detected it will
add an additional item to the help footer of both the
drive selection and progress windows. e.g. f=Font size
2025-01-04 21:30:19 +00:00
PartialVolume
c024addd93 If nwipe used within ShredOS, the d key will toggle the font size, has no action for other distributions 2024-08-21 22:15:40 +01:00
PartialVolume
ea386f35e7 Update gui.c with correct number of prngs 2024-03-21 22:51:31 +00:00
PartialVolume
f66d838b23 Fix formatting in gui.c 2024-03-21 22:07:52 +00:00
PartialVolume
0e03653ab5 Merge branch 'master' into xoroshiro256 2024-03-21 21:28:06 +00:00
Fabian Druschke
201eb565f9 Implemented Lagged Fibonacci generator PRNG providing high-speed, medium-security numbers. 2024-03-20 17:28:57 -03:00
Fabian Druschke
5e532c9367 Rebased branch, fixed conflicts. Now Xoroshiro-256 in standalone branch 2024-03-19 08:24:38 -03:00
PartialVolume
807eed0ffc Make completion footer more informative
These changes solve three issues. The first
issue was that it wasn't obvious that the
PDFs are only created once you press return
to exit after all the wipes have finished. It
is now explicitly stated in the footer message if
PDFs are enabled.

It also now specifies the logfile name on the
footer if the user has specified a log file as a
command line option. If no logfile is specified
then STDOUT is displayed.

If the user specified --PDFreportpath=noPDF on the
command line, prior to this commit it had no affect.
This is now fixed so that it disables PDF's irrespective
of what is in nwipe.conf. i.e command line options
override the entries in nwipe.conf

If the user has specified a --PDFreportpath=noPDF=/some/path
then PDF's are enabled irrespective of the value in nwipe.conf
2023-12-20 20:53:43 +00:00
PartialVolume
43bfb3a08e Fix incorrect footer on return to preview
This fixes incorrect footer text being displayed when
Enable customer/company preview is enabled and the user
select a field to be edited, completes the editing and
returns to the preview to select A for accept. Only
problem was A=Accept wasn't listed on the footer.
2023-12-16 18:50:33 +00:00
PartialVolume
1220eca2ef Place a space between temperature and model
eg [36C] ST3500... and not [36C]ST3500..
2023-11-29 22:21:01 +00:00
PartialVolume
cca93f845d Fix the config help messages
Some of the help messages that show the
purpose of the keys were inconsistent or
not updated when going back. Now fixed.
2023-11-29 19:40:47 +00:00
PartialVolume
7f39d81548 Fix autopoweroff and nowait when screen blank
If the user had blanked the screen, the autopoweroff
and nowait options did not work. Instead they paused
nwipe on completion of the wipe/s waiting for the b
key to be pressed which reactivated compute_stats()
function who's output indicates whether any wipes were
still active.

This was fixed so that compute_stats() is always
active while wipes are in progress, so that the
nwipe_gui_status() function will exit when all wipe
threads have completed even if the screen has been
blanked.
2023-11-24 01:06:29 +00:00
Michal Ambroz
4747ce65c6 move the include of time.h
The definition of the newly used _POSIX_SOURCE affects preprocessing of the time.h. As result on RHEL7 (possibly 6 as well) the timespec structure is not defined.
2023-11-04 15:59:38 +01:00
PartialVolume
28068ebf97 Temperature Thread
Due to significant delays in obtaining drive temperature
from some drives especially SAS which was causing a noticeable
freeze of a second or two or more in the GUI wipe status
screen, being made worse the more drives that were being
simultaneously wiped.

The temperature update code was separated from the GUI code
by placing the temperature update in it's own thread.
2023-10-22 00:25:01 +01:00
PartialVolume
1ee1bb1966 Fix_temperature_colour_part2
Reverted change in wprintw_temperature()
as that was not causing the red temperature
character.
2023-10-17 19:38:22 +01:00
PartialVolume
c02dbe42ce Fix red text on temperature
This was due to incorrectly changing temperature
colour based on historical highest and lowest values.

Also removed some debug nwipe_log code
2023-10-17 18:03:39 +01:00
PartialVolume
7ce28ce61a Merge pull request #498 from ggruber/master
improved SCSI disk handling
2023-10-17 12:43:39 +01:00
PartialVolume
725c79b9d0 Change_HPA_message_to_stop_flashing_&_move_to_end_of_line
The HPA message alternating with the drive model serial
number made reading the serial number quite a challenge
and made the display far too messy looking when displaying
20+ drives or even 10+ drives with differing HPA statuses.

Removed, alternating appearance.
Reduced size of message.
Placed after temperature, before drive model/serial in display.
2023-10-17 09:46:11 +01:00
PartialVolume
f12ee921b8 PDFGen36_Add_Optional_Org_Customer_Preview_Prior_To_Drive_Selection.
Added new options in GUI config menu to display preview of
organisation, customer, date/time at startup prior to drive
selection. This preview is disabled as default but can be
enabled in the config menu.

The purpose of the preview is to allow the user to check &
update as required the organisation details, customer &
current date/time so that the details provided on the PDF
certificate/report are correct.
2023-10-14 22:22:14 +01:00
Gerold Gruber
47112c4de2 some code cleaning, time debugging added 2023-10-11 00:05:57 +02:00
PartialVolume
2d730eac2e PDFGen35 Complete Date & time functions
Add functions:
nwipe_gui_set_system_day()
nwipe_gui_set_system_hour()
nwipe_gui_set_system_minute()
2023-09-28 22:15:52 +01:00
PartialVolume
ea1c2019cd Created further date/time functions.
write_system_datetime() and
nwipe_gui_set_system_month()
2023-09-14 22:07:37 +01:00
PartialVolume
8a46658820 Create function read_system_datetime()
The purpose of this is to read year, month, day, hours
minutes and seconds into variables for updating in the GUI
prior to writing back to the system.

For systems isolated from the internet this will allow the
user to update system date/time from the nwipe GUI rather than
having to drop into the command line.

To complete this feature next will be to create the write_system_datetime
function.
2023-09-05 19:01:08 +01:00
PartialVolume
60d38a80e4 PDFGen32 Create Set Date/Time window in GUI
Created a window where you can edit the systems
date and time. To be completed.
2023-08-14 21:53:10 +01:00
PartialVolume
ba4c4c51f1 PDFGen31 Created truncate string function
Created a function that truncates a string that is printed
to a window if the string should exceed the window width.

This prevents the line wrap that occurs with mvwprintw
when the window width is not wide enough. This mainly
occurs with a 4:3 ratio monitor, 80 columns wide.
2023-08-11 21:41:48 +01:00
PartialVolume
9f92ec1b29 PDFGen30 Added org, customer & date/time preview
Created a window that shows a preview of organisational,
customer and date time information that will be added to
the PDF report. Items within the preview can be selected
which takes you to the relevant window for editing the
data. This can be optionally displayed before the drive
selection window is displayed.

To complete this I need to add a further entry in the
config window to allow editing date & time. Plus a
function needs to be added to truncate the strings
based on window width as some address strings could
be wider than the window and mess up the display as
they wrap to the next line.
2023-08-05 23:13:41 +01:00
PartialVolume
b40563ab22 PDFGen29 Fix incorrect customer deletion/selection
When using backspace or esc to abort customer deletion,
first customer in list would incorrectly be deleted.
Corrected by this fix.

Also when aborting customer selection, first customer
in list would be automatically selected. Also corrected
by this fix.
2023-08-04 17:14:39 +01:00
PartialVolume
e6034cf94e PDFGen27 Cleaned up customer selection list
Removed the csv field double quotes from the customer
selection list as displayed on screen. The double quotes will
still obviously exist in the csv file and are required
for the code to work correctly in various places. However, for
human readable text they are removed before displaying the
customer details line on the selection screen as it makes the
list look less 'busy' on screen hopefully.

I also fixed a issue where spaces were incorrectly being removed
from the customer details when filtering for printable characters
only.
2023-07-27 23:36:11 +01:00
PartialVolume
3dcc40c0e7 PDFGen26 Completed the code that adds a customer
Completed the code that adds a customer and saves
in /etc/nwipe.customers.csv so they can be selected
for display on the PDF report.
2023-07-27 02:46:09 +01:00
PartialVolume
a3fd0b71ca PDFGen25 Continuation of add customer csv
Continuation of add a customer entry to the
customers.csv file.

Plus a few corrections to earlier code.
2023-07-25 22:16:42 +01:00
PartialVolume
b46575cd63 PDFGen24 Created dialogs for adding a customer 2023-07-24 22:56:42 +01:00
PartialVolume
0948596559 PDFGen22 Further work completed on customer selection and deletion dialogs 2023-07-18 02:06:33 +01:00
PartialVolume
e74ae252ef PDFGen21 Completed all GUI dialog boxes for entering organisational data. Confirmed the data is correctly saved to /etc/nwipe/nwipe.conf and read back for automatic entry into the PDF erasure report. Further work is required to create dialog entry screens for customer details.. to be continued. 2023-07-14 23:00:17 +01:00
PartialVolume
247cf3031b PDFGen20 Started creating new GUI dialogs. A Configuration Dialog and sub dialogs for allowing the user to enter business and customer details. Further dialog windows and code to be added... 2023-07-13 22:28:23 +01:00
PartialVolume
d7b1fdf2ce Fix the premature exit when sizing konsole
If you are running nwipe within the KDE konsole
terminal and you resize the window by pulling on
the corners, occasionally nwipe will exit with the
error message:

"GUI.c,nwipe_gui_select(), loop runaway,
did you close the terminal without exiting nwipe?
Initiating shutdown now"

The loop runaway detection has been made less sensitive,
i.e 32 iterations per second of the GUI update can now
be completed before a loop runaway is detected. previously
it was 8. In practise when sizing the konsole window,
anywhere between 1 and 17 iterations will occur.
2023-06-30 23:40:23 +01:00
PartialVolume
447c4eddf7 HPA_DCO_013 Continuation of HPA/DCO integration
Fixes to apparent and real disc size fields in PDF based on use
of c->Calculated_real_max_size_in_bytes.

Minor changes to HPA status messages for consistent messaging.

When HPA and DCO sector information cannot be obtained display the
message "HPA/DCO data unavailable, can not determine hidden sector
status" in the information field on the PDF.

Determine human readable size for the c->Calculated_real_max_size_in_bytes
as used in the PDF real disc size field.

Instead of >>FAILURE!<< -1 when a I/O error occurs display >>IOERROR!<< -1
in the GUI.
2023-04-12 23:29:13 +01:00
PartialVolume
3d5fdd3f11 HPA_DCO_007 - Add HPA/DCO capability
1. Fix issue in PDF certificate where a drive that doesn't
support device configuration overlay, shows 512 bytes as the
disc size in the "Size(Real)" area on the certificate.

2. Fix a comment in the log that suggests you might be using a USB
adapter or memory stick and those device can cause an indeterminate
HPA/DCO status. This is now corrected so that we check the bus
is USB before we issue that message.

3. Changes to some GUI text, replaced 'area' with 'sectors'.

4. Aligned "HPA/DCO No hidden sectors detected" to the drive
model/serial text that it alternates with. One character left.

5. Nwipe's version and operating system information that is always
printed to the console on exit, was not appearing in the optional
log file, as optionally specified on the command line. This was
caused because those nwipe_log() calls were happening before the
command line options had been parsed. Essentially there was no log file.
Comments were made in the nwipe.c as a reminder to use nwipe_log()
calls with caution, prior to the options parser.

6. Made changes to the logic in the HPA_dco functions such that
a device that does not appear to support device configuration
overlay and host protected area is classified as HPA_NOT APPLICABLE
in regards to the hpa_status which is important for the PDF
certificate code so that the fields in the certificate are updated
appropriately.
2023-03-16 20:57:07 +00:00
PartialVolume
5d8c0cc4bf Validate temperatures.
Now validates temperatures rather than assuming the data
is valid.

1. Checks for 0 in high critical and max.
2. Copes with missing critical or max min data or
partially missing data.
3. Checks the high critical and max are the right way round
4. Checks the low critical and min are the right way round
5. Temperature is displayed in 5 different ways
i. white text on blue - temperature with spec. (or no spec available)
ii. red text on blue - max temperature reached.
iii. white text on red - critical high temperature reached.
iv. black text on blue - minimum temperature reached.
v. white text on black - critical low temperature reached.
2023-03-16 00:43:19 +00:00