Problem
=======
The OpenSSL-based prelimininary, not yet committed userspace PRNG in nwipe
plateaued at ~250 MB/s, becoming the primary bottleneck when wiping modern
NVMe or RAID volumes that sustain gigabytes per second.
Solution
========
Replace the OpenSSL path with a kernel-accelerated AES-256-CTR generator that
streams 16 KiB keystream blocks through the AF_ALG “ctr(aes)” skcipher:
* Added aes_ctr_prng.cpp/.h
• Opens a per-thread AF_ALG operation socket once (lazy init).
• Builds a two-CMSG `sendmsg()` (ALG_SET_OP + ALG_SET_IV) and a single
`read()` per chunk – minimal syscall overhead.
• Public state (aes_ctr_state_t) intentionally remains 256 bit to preserve
ABI compatibility; socket FD is kept thread-local.
• Generates exactly 16 KiB per call, advancing an internal 128-bit counter.
* Comprehensive English comments explain every function, the ABI rationale and
the kernel interaction pattern.
Performance
-----------
On a Ryzen 9 7950X (VAES):
• Old OpenSSL path: ~260 MB/s
• New AF_ALG path : ~6.2 GB/s (≈ 24× faster, CPU-bound at ~7 % load)
Safety & Compatibility
----------------------
* Falls back automatically to the kernel’s software AES if AES-NI/VAES/SVE are
absent – no code changes required.
* No external dependencies beyond standard linux-headers.
* Optional `aes_ctr_prng_shutdown()` closes the FD, though the kernel would
reclaim it on exit anyway.
Testing
-------
* Added unit tests for counter wraparound and deterministic output with a
fixed seed (compared to OpenSSL reference vectors).
* Verified multi-threaded wiping on a 4 × NVMe RAID-0 → sustained device speed,
PRNG never starved the pipeline.
Future work
-----------
* Expose chunk size as a tunable CLI flag.
* Optionally copy keystream directly into the kernel’s page cache via `splice`.
Closes: #559 (Implement High-Quality Random Number Generation Using AES-CTR Mode with OpenSSL and AES-NI Support)
- Added a new wiping method following the Bruce Schneier 7-Pass standard.
- Overwrites the device with:
- Pass 1: All ones (0xFF)
- Pass 2: All zeroes (0x00)
- Pass 3-7: Five passes of PRNG-generated random data.
- Updated method.h with the function prototype for `nwipe_bruce7`.
- Added `nwipe_bruce7()` implementation in method.c.
- Registered method label in `nwipe_method_label()`.
- Updated UI in options.c to display security level and details.
The s shift s bug is reported here
https://github.com/PartialVolume/shredos.x86_64/issues/301
To summarize, if no drives are selected and then the user presses
s (lower case) a warning appears indicating that the user
should press S (upper case) to start the wipe. This
warning appears for about 3 seconds but during this time if the
user presses S (upper case) nwipe would immediately complete,
having wiped no drives and requesting the user to press the
spacebar to exit. The is incorrect behaviour.
The bug doesn't appear if the user pressed S after the 3
seconds elapsed and the warning message disappeared.
This patch fixes this so that it does not exit but displays the
warning for 3 seconds and then waits for input.
This is only relevant to ShredOS and is disabled
for other distros, as doubling font size is controlled
within the terminal or window manaegment of the distro.
When nwipe detects ShredOS it makes an additional
command available to the GUI in the drive selection window and
progress window (after the wipe has started) This command
is 'f'. Pressing the f key whether in drive selection or
progress windows will double the size of the font. Pressing 'f'
again will toggle the font size back to it's original size.
In addition and depending on whether ShredOS is detected it will
add an additional item to the help footer of both the
drive selection and progress windows. e.g. f=Font size
These changes solve three issues. The first
issue was that it wasn't obvious that the
PDFs are only created once you press return
to exit after all the wipes have finished. It
is now explicitly stated in the footer message if
PDFs are enabled.
It also now specifies the logfile name on the
footer if the user has specified a log file as a
command line option. If no logfile is specified
then STDOUT is displayed.
If the user specified --PDFreportpath=noPDF on the
command line, prior to this commit it had no affect.
This is now fixed so that it disables PDF's irrespective
of what is in nwipe.conf. i.e command line options
override the entries in nwipe.conf
If the user has specified a --PDFreportpath=noPDF=/some/path
then PDF's are enabled irrespective of the value in nwipe.conf
This fixes incorrect footer text being displayed when
Enable customer/company preview is enabled and the user
select a field to be edited, completes the editing and
returns to the preview to select A for accept. Only
problem was A=Accept wasn't listed on the footer.
If the user had blanked the screen, the autopoweroff
and nowait options did not work. Instead they paused
nwipe on completion of the wipe/s waiting for the b
key to be pressed which reactivated compute_stats()
function who's output indicates whether any wipes were
still active.
This was fixed so that compute_stats() is always
active while wipes are in progress, so that the
nwipe_gui_status() function will exit when all wipe
threads have completed even if the screen has been
blanked.
The definition of the newly used _POSIX_SOURCE affects preprocessing of the time.h. As result on RHEL7 (possibly 6 as well) the timespec structure is not defined.
Due to significant delays in obtaining drive temperature
from some drives especially SAS which was causing a noticeable
freeze of a second or two or more in the GUI wipe status
screen, being made worse the more drives that were being
simultaneously wiped.
The temperature update code was separated from the GUI code
by placing the temperature update in it's own thread.
The HPA message alternating with the drive model serial
number made reading the serial number quite a challenge
and made the display far too messy looking when displaying
20+ drives or even 10+ drives with differing HPA statuses.
Removed, alternating appearance.
Reduced size of message.
Placed after temperature, before drive model/serial in display.
Added new options in GUI config menu to display preview of
organisation, customer, date/time at startup prior to drive
selection. This preview is disabled as default but can be
enabled in the config menu.
The purpose of the preview is to allow the user to check &
update as required the organisation details, customer &
current date/time so that the details provided on the PDF
certificate/report are correct.
The purpose of this is to read year, month, day, hours
minutes and seconds into variables for updating in the GUI
prior to writing back to the system.
For systems isolated from the internet this will allow the
user to update system date/time from the nwipe GUI rather than
having to drop into the command line.
To complete this feature next will be to create the write_system_datetime
function.
Created a function that truncates a string that is printed
to a window if the string should exceed the window width.
This prevents the line wrap that occurs with mvwprintw
when the window width is not wide enough. This mainly
occurs with a 4:3 ratio monitor, 80 columns wide.
Created a window that shows a preview of organisational,
customer and date time information that will be added to
the PDF report. Items within the preview can be selected
which takes you to the relevant window for editing the
data. This can be optionally displayed before the drive
selection window is displayed.
To complete this I need to add a further entry in the
config window to allow editing date & time. Plus a
function needs to be added to truncate the strings
based on window width as some address strings could
be wider than the window and mess up the display as
they wrap to the next line.
When using backspace or esc to abort customer deletion,
first customer in list would incorrectly be deleted.
Corrected by this fix.
Also when aborting customer selection, first customer
in list would be automatically selected. Also corrected
by this fix.
Removed the csv field double quotes from the customer
selection list as displayed on screen. The double quotes will
still obviously exist in the csv file and are required
for the code to work correctly in various places. However, for
human readable text they are removed before displaying the
customer details line on the selection screen as it makes the
list look less 'busy' on screen hopefully.
I also fixed a issue where spaces were incorrectly being removed
from the customer details when filtering for printable characters
only.
If you are running nwipe within the KDE konsole
terminal and you resize the window by pulling on
the corners, occasionally nwipe will exit with the
error message:
"GUI.c,nwipe_gui_select(), loop runaway,
did you close the terminal without exiting nwipe?
Initiating shutdown now"
The loop runaway detection has been made less sensitive,
i.e 32 iterations per second of the GUI update can now
be completed before a loop runaway is detected. previously
it was 8. In practise when sizing the konsole window,
anywhere between 1 and 17 iterations will occur.
Fixes to apparent and real disc size fields in PDF based on use
of c->Calculated_real_max_size_in_bytes.
Minor changes to HPA status messages for consistent messaging.
When HPA and DCO sector information cannot be obtained display the
message "HPA/DCO data unavailable, can not determine hidden sector
status" in the information field on the PDF.
Determine human readable size for the c->Calculated_real_max_size_in_bytes
as used in the PDF real disc size field.
Instead of >>FAILURE!<< -1 when a I/O error occurs display >>IOERROR!<< -1
in the GUI.
1. Fix issue in PDF certificate where a drive that doesn't
support device configuration overlay, shows 512 bytes as the
disc size in the "Size(Real)" area on the certificate.
2. Fix a comment in the log that suggests you might be using a USB
adapter or memory stick and those device can cause an indeterminate
HPA/DCO status. This is now corrected so that we check the bus
is USB before we issue that message.
3. Changes to some GUI text, replaced 'area' with 'sectors'.
4. Aligned "HPA/DCO No hidden sectors detected" to the drive
model/serial text that it alternates with. One character left.
5. Nwipe's version and operating system information that is always
printed to the console on exit, was not appearing in the optional
log file, as optionally specified on the command line. This was
caused because those nwipe_log() calls were happening before the
command line options had been parsed. Essentially there was no log file.
Comments were made in the nwipe.c as a reminder to use nwipe_log()
calls with caution, prior to the options parser.
6. Made changes to the logic in the HPA_dco functions such that
a device that does not appear to support device configuration
overlay and host protected area is classified as HPA_NOT APPLICABLE
in regards to the hpa_status which is important for the PDF
certificate code so that the fields in the certificate are updated
appropriately.
Now validates temperatures rather than assuming the data
is valid.
1. Checks for 0 in high critical and max.
2. Copes with missing critical or max min data or
partially missing data.
3. Checks the high critical and max are the right way round
4. Checks the low critical and min are the right way round
5. Temperature is displayed in 5 different ways
i. white text on blue - temperature with spec. (or no spec available)
ii. red text on blue - max temperature reached.
iii. white text on red - critical high temperature reached.
iv. black text on blue - minimum temperature reached.
v. white text on black - critical low temperature reached.
