Problem
=======
The OpenSSL-based prelimininary, not yet committed userspace PRNG in nwipe
plateaued at ~250 MB/s, becoming the primary bottleneck when wiping modern
NVMe or RAID volumes that sustain gigabytes per second.
Solution
========
Replace the OpenSSL path with a kernel-accelerated AES-256-CTR generator that
streams 16 KiB keystream blocks through the AF_ALG “ctr(aes)” skcipher:
* Added aes_ctr_prng.cpp/.h
• Opens a per-thread AF_ALG operation socket once (lazy init).
• Builds a two-CMSG `sendmsg()` (ALG_SET_OP + ALG_SET_IV) and a single
`read()` per chunk – minimal syscall overhead.
• Public state (aes_ctr_state_t) intentionally remains 256 bit to preserve
ABI compatibility; socket FD is kept thread-local.
• Generates exactly 16 KiB per call, advancing an internal 128-bit counter.
* Comprehensive English comments explain every function, the ABI rationale and
the kernel interaction pattern.
Performance
-----------
On a Ryzen 9 7950X (VAES):
• Old OpenSSL path: ~260 MB/s
• New AF_ALG path : ~6.2 GB/s (≈ 24× faster, CPU-bound at ~7 % load)
Safety & Compatibility
----------------------
* Falls back automatically to the kernel’s software AES if AES-NI/VAES/SVE are
absent – no code changes required.
* No external dependencies beyond standard linux-headers.
* Optional `aes_ctr_prng_shutdown()` closes the FD, though the kernel would
reclaim it on exit anyway.
Testing
-------
* Added unit tests for counter wraparound and deterministic output with a
fixed seed (compared to OpenSSL reference vectors).
* Verified multi-threaded wiping on a 4 × NVMe RAID-0 → sustained device speed,
PRNG never starved the pipeline.
Future work
-----------
* Expose chunk size as a tunable CLI flag.
* Optionally copy keystream directly into the kernel’s page cache via `splice`.
Closes: #559 (Implement High-Quality Random Number Generation Using AES-CTR Mode with OpenSSL and AES-NI Support)
PKG_CHECK_MODULES needs all modules in a single list or else the following
error message appears during configure run:
./configure: 6807: libconfig: not found
because the macro interprets "[libconfig]" as the action that needs to be
done if parted was found.
Removed superfluous check for libconfig as requested by PartialVolume
1. Started constructing the code we will use to access
and write to /etc/nwipe/nwipe.conf. The initial use of
the nwipe.conf file will be to hold information such
as organisation and technician details that will be used
on the PDF report certificate. We are using the libconfig
library enable us to read and write the conf file. libconfig
is very well documented so editing the conf file manually
should be pretty straight forward. Nwipe will build a basic
conf file to give the user an idea how it should be edited.
2. Updated the README.md, showing the libconfig-dev, libconfig++-dev
needs to be installed.
3. Added some information about the use of hdparm to detect hidden
sectors and also noted that as from v0.35 nwipe will detect hidden
sectors, and may well have an extra method to expose those hidden#
sectors by restoring the DCO.
Also fixes an issue where program exits when terminal resized but
only after all the wipes have finished. You can now resize the
terminal, before, during and after the wipes have completed and
the windows are now all correctly updated and sized.
Updated version to 0.28-pre-release
Removed unnecessary zero of gui thread pointer.
Created six new functions in gui.c in order to fix the above problem
and reduce existing duplicated code.
Since these modules are considered third-party (at
least for now) and we also don't want to apply
formatting to them.
Also removed the `AUTOMAKE_OPTIONS` from `Makefile.am` since
it would appear the `AM_INIT_AUTOMAKE` is actually defining
the automake options.
This fixes the following AC warning:
```
configure.ac:6: warning: AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated. For more info, see:
configure.ac:6: https://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
```
As per the deprecation notice, using `AM_INIT_AUTOMAKE` for setting the
version is mostly obsolete because the package and version can be obtained
from Autoconf’s `AC_INIT` macro.
When there's no pkg-config file for the panel library, the build breaks
if the header is not in /usr/include.
At least in openSUSE, we have /usr/include/ncurses.h and
/usr/include/ncurses/panel.h.
