Skip to content

Commit

Permalink
Implement high-quality random number generation using AES-CTR mode wi…
Browse files Browse the repository at this point in the history 
…th OpenSSL and AES-NI support

This commit introduces significant improvements to `nwipe`'s random number generation by implementing AES-CTR mode using OpenSSL with AES-NI hardware acceleration. The changes include:

- **AES-CTR PRNG Implementation**: A new pseudo-random number generator (PRNG) based on AES-128 in counter (CTR) mode has been added. This PRNG uses OpenSSL’s EVP API for cryptographic operations, ensuring strong random number generation.

- **AES-NI Hardware Support**: The PRNG now detects if the system supports AES-NI and uses hardware acceleration when available for improved performance, particularly on 64-bit systems. A new function `has_aes_ni()` checks for AES-NI support, ensuring that the fastest available option is used.

- **Default PRNG Selection**: For 64-bit systems, AES-CTR is now the default PRNG due to its higher performance and security. On 32-bit systems, the XORoshiro-256 PRNG remains the default due to performance considerations.

- **Improved Error Handling**: Error handling has been extensively revised. The AES-CTR PRNG now provides detailed error messages, including the detection of potential OpenSSL failures, and uses structured logging (`NWIPE_LOG_DEBUG` and `NWIPE_LOG_NOTICE`) to report PRNG initialization and errors.

- **Memory Management**: Smart pointers have been introduced to manage memory automatically within the AES-CTR PRNG, preventing memory leaks. All memory used by the OpenSSL contexts (EVP_MD_CTX and EVP_CIPHER_CTX) is now properly cleaned up after use.

- **Performance Enhancements**: The PRNG’s performance has been optimized, especially for 64-bit systems. Additionally, the code now checks for edge cases when reading remaining bytes, and memset is used to handle uninitialized memory areas.

- **Formatting and Code Cleanup**: Deprecated SHA256 calls have been replaced with OpenSSL’s EVP API. Multiple formatting issues in various source files (`pass.c`, `options.c`, `gui.c`, etc.) have been fixed, improving code readability and compliance with the coding standards.

- **Regression Fixes**: Several small regressions from previous changes have been fixed, including uninitialized variables, implicit function declarations, and incorrect function calls that previously led to warnings and potential crashes (e.g., segfaults in `pass.c`).

- **Logging and Debugging**: Improved logging messages and detailed debug information have been added, particularly around the AES-CTR initialization and error handling paths.

This implementation significantly improves the security, performance, and reliability of random number generation in `nwipe` and ensures that the tool is better equipped for modern cryptographic standards.

Squashed commit of the following:

commit 03284d7
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri Aug 23 19:17:05 2024 +0200

    Fixed formatting

commit 31df3eb
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri Aug 23 19:15:01 2024 +0200

    Fixed type error on i686 - uint64_t for AES-CTR

commit e56a47c
Merge: 3465260 d1edd05
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Tue Aug 20 10:39:26 2024 +0100

    Merge branch 'master' into aes-ctr

commit 3465260
Merge: 1bf5ff1 5140f92
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri May 10 01:41:09 2024 +0200

    Merge branch 'master' into aes-ctr

commit 1bf5ff1
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri May 10 01:14:11 2024 +0200

    Added check for return value in prng.c and nwipe_log accordingly.

commit 9015a32
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri May 10 00:11:59 2024 +0200

    Removed error handling using goto, now returning instead. Changed from void to int functions, removed cleanup(); on error , instead relying on cleanup routine on exit.

commit 10ea2bb
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Mon Apr 15 13:47:05 2024 +0200

    Adapted the aes-ctr-prng accordingly, to report SANITY level errors, in case of failure.

commit 71e7f8f
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Mon Apr 15 13:46:35 2024 +0200

    Added case handling for NWIPE_LOG_LEVEL_SANITY, providing the github issue link, if a SANITY level error occurs.

commit 0f3e7f5
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Mon Apr 15 00:40:22 2024 +0200

    Added check in pass.c wether nwipe_aes_ctr_prng is being used or not, if not a segfault was the result. Now fixed.

commit ce09d8e
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sat Apr 13 00:58:34 2024 +0200

    Missing NWIPE_LOG_NOTICE for AES-CTR init changed to DEBUG level.

commit 8b284f3
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sat Apr 13 00:50:25 2024 +0200

    Changed notification for successful PRNG init for AES-CTR to NWIPE_LOG_DEBUG.

commit 8702cc3
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sat Apr 13 00:13:51 2024 +0200

    Added missing cleanup routine in prior commit in aes_ctr_prng.c and header definitions.

commit 35cd055
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sat Apr 13 00:12:01 2024 +0200

    Fixed formatting in pass.c

commit beff746
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sat Apr 13 00:11:28 2024 +0200

    Added cleanup routine aes_ctr_prng_general_cleanup() after nwipe_random_pass and nwipe_random_verify in order to cleanup PRNG state.

commit 1a95202
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri Apr 12 23:25:04 2024 +0200

    Part of the comments were missing, fixed.

commit a65410a
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Fri Apr 12 23:20:41 2024 +0200

    Added extensive error handling, in order to check for OpenSSL library malfunction.

commit 6518963
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Thu Apr 11 00:20:54 2024 +0200

    Improved PRNG description for AES-CTR-256 in gui.c

commit fe493cf
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 23:51:12 2024 +0200

    Added function has_aes_ni() in order to check for AES-Ni support, and set the PRNG accordingly.

commit adcd442
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 15:40:24 2024 +0200

    Handle edge case for remaining bytes in nwipe_aes_ctr_prng_read using memset.

commit ce2db63
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 15:08:25 2024 +0200

    Fixed comments, indicating AES-CTR-128 instead of 256 bit

commit da53ee0
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 14:53:45 2024 +0200

    Reverted by mistake nwipe_random back to nwipe_dodshort, now compliant with master

commit e479239
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 13:23:36 2024 +0200

    Fixed formatting

commit e0d9584
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Wed Apr 10 13:22:25 2024 +0200

    Minor changes, added comments for further explanation.

commit 7410d21
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Tue Apr 9 12:49:02 2024 +0200

    Fixed uninitialized temp_buffer in aes_ctr_prng_genrand_uint256_to_buf

commit cd5f071
Merge: 3cb78ca 2809580
Author: PartialVolume <22084881+PartialVolume@users.noreply.github.com>
Date:   Sun Apr 7 22:22:55 2024 +0100

    Merge branch 'master' into aes-ctr

commit 3cb78ca
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sun Mar 31 14:03:38 2024 +0200

    Added error checking and nwipe_log to aes_ctr_prng.c

commit 20fea0d
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sun Mar 31 13:54:54 2024 +0200

    Only C implementation, removed CPP here.

commit d5b39f6
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sun Mar 31 00:43:58 2024 +0100

    Introduced smart pointers to manage memory for EVP_MD_CTX and EVP_CIPHER_CTX within the AES CTR PRNG C++ implementation. This ensures automatic resource release, preventing memory leaks and enhancing code safety.

commit f6aeae3
Author: Fabian Druschke <fdruschke@outlook.com>
Date:   Sun Mar 31 00:34:15 2024 +0100

    Created seamless integrated .cpp AES-CTR-PRNG in order to avoid memory issues.

commit eecddb2
Author: Knogle <fdruschke@outlook.com>
Date:   Sun Mar 24 22:48:06 2024 +0000

    aes_ctr_prng_init was missing in header, causing implicit declaration warnings.

commit 8fe4db4
Author: Knogle <fdruschke@outlook.com>
Date:   Sun Mar 24 18:30:52 2024 +0000

    Replaced traditional deprecated SHA256 declarations with EVP-API infrastructure

commit 55472fb
Author: Knogle <fdruschke@outlook.com>
Date:   Sun Mar 24 03:43:36 2024 +0000

    To consider, AES-128-CTR as default option for 64-Bit, and Xoroshiro-256 as default option for 32-Bit due to performance and quality reasons.

commit 1a964bc
Author: Fabian Druschke <fabian@knogle.industries>
Date:   Sat Mar 23 19:12:24 2024 -0300

    Fixed missing XORoshiro-256 in options.c bottom section. Added AES-128-CTR OpenSSL descriptions.

commit cf9822a
Author: Fabian Druschke <fabian@knogle.industries>
Date:   Sat Mar 23 18:48:38 2024 -0300

    Several changes, adding AES-128 using libssl in CTR mode as new PRNG, in experimental state. Fixed formatting, fixed AES PRNG header.
  • Loading branch information
@Knogle
Knogle committed Sep 8, 2024
1 parent f250aee commit 25693a9
Show file tree
Hide file tree
Showing 12 changed files with 524 additions and 49 deletions.
18 changes: 18 additions & 0 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,24 @@ PKG_CHECK_MODULES(
)]
)

PKG_CHECK_MODULES(
[OPENSSL],
[openssl],
[
CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
LIBS="${LIBS} ${OPENSSL_LIBS}"
],
[AC_CHECK_LIB([ssl], [SSL_library_init], [
LIBS="-lssl -lcrypto $LIBS"
AC_CHECK_HEADERS(openssl/ssl.h,, [
AC_CHECK_HEADERS(openssl/crypto.h, [
AC_DEFINE([OPENSSL_IN_SUBDIR], [openssl/], [Look for openssl headers in subdir])
], [AC_MSG_ERROR([openssl headers not found])])
])
], [AC_MSG_ERROR([OpenSSL development library not found])]
)]
)

PKG_CHECK_MODULES(
[LIBCONFIG],
[libconfig],
Expand Down
2 changes: 1 addition & 1 deletion src/Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@ AM_LDFLAGS =
# this lists the binaries to produce, the (non-PHONY, binary) targets in
# the previous manual Makefile
bin_PROGRAMS = nwipe
nwipe_SOURCES = context.h logging.h options.h prng.h version.h temperature.h nwipe.c gui.c method.h pass.c device.c gui.h isaac_rand/isaac_standard.h isaac_rand/isaac_rand.h isaac_rand/isaac_rand.c isaac_rand/isaac64.h isaac_rand/isaac64.c mt19937ar-cok/mt19937ar-cok.c nwipe.h mt19937ar-cok/mt19937ar-cok.h alfg/add_lagg_fibonacci_prng.h alfg/add_lagg_fibonacci_prng.c xor/xoroshiro256_prng.h xor/xoroshiro256_prng.c pass.h device.h logging.c method.c options.c prng.c version.c temperature.c PDFGen/pdfgen.h PDFGen/pdfgen.c create_pdf.c create_pdf.h embedded_images/shred_db.jpg.c embedded_images/shred_db.jpg.h embedded_images/tick_erased.jpg.c embedded_images/tick_erased.jpg.h embedded_images/redcross.c embedded_images/redcross.h hpa_dco.h hpa_dco.c miscellaneous.h miscellaneous.c embedded_images/nwipe_exclamation.jpg.h embedded_images/nwipe_exclamation.jpg.c conf.h conf.c customers.h customers.c hddtemp_scsi/hddtemp.h hddtemp_scsi/scsi.h hddtemp_scsi/scsicmds.h hddtemp_scsi/get_scsi_temp.c hddtemp_scsi/scsi.c hddtemp_scsi/scsicmds.c
nwipe_SOURCES = context.h logging.h options.h prng.h version.h temperature.h nwipe.c gui.c method.h pass.c device.c gui.h isaac_rand/isaac_standard.h isaac_rand/isaac_rand.h isaac_rand/isaac_rand.c isaac_rand/isaac64.h isaac_rand/isaac64.c mt19937ar-cok/mt19937ar-cok.c nwipe.h mt19937ar-cok/mt19937ar-cok.h alfg/add_lagg_fibonacci_prng.h alfg/add_lagg_fibonacci_prng.c xor/xoroshiro256_prng.h xor/xoroshiro256_prng.c aes/aes_ctr_prng.h aes/aes_ctr_prng.c pass.h device.h logging.c method.c options.c prng.c version.c temperature.c PDFGen/pdfgen.h PDFGen/pdfgen.c create_pdf.c create_pdf.h embedded_images/shred_db.jpg.c embedded_images/shred_db.jpg.h embedded_images/tick_erased.jpg.c embedded_images/tick_erased.jpg.h embedded_images/redcross.c embedded_images/redcross.h hpa_dco.h hpa_dco.c miscellaneous.h miscellaneous.c embedded_images/nwipe_exclamation.jpg.h embedded_images/nwipe_exclamation.jpg.c conf.h conf.c customers.h customers.c hddtemp_scsi/hddtemp.h hddtemp_scsi/scsi.h hddtemp_scsi/scsicmds.h hddtemp_scsi/get_scsi_temp.c hddtemp_scsi/scsi.c hddtemp_scsi/scsicmds.c
nwipe_LDADD = $(PARTED_LIBS) $(LIBCONFIG)
160 changes: 160 additions & 0 deletions src/aes/aes_ctr_prng.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
/*
* AES CTR PRNG Implementation
* Author: Fabian Druschke
* Date: 2024-03-13
*
* This header file contains definitions for the AES (Advanced Encryption Standard)
* implementation in CTR (Counter) mode for pseudorandom number generation, utilizing
* OpenSSL for cryptographic functions.
*
* As the author of this work, I, Fabian Druschke, hereby release this work into the public
* domain. I dedicate any and all copyright interest in this work to the public domain,
* making it free to use for anyone for any purpose without any conditions, unless such
* conditions are required by law.
*
* This software is provided "as is", without warranty of any kind, express or implied,
* including but not limited to the warranties of merchantability, fitness for a particular
* purpose and noninfringement. In no event shall the authors be liable for any claim,
* damages or other liability, whether in an action of contract, tort or otherwise, arising
* from, out of or in connection with the software or the use or other dealings in the software.
*
* USAGE OF OPENSSL IN THIS SOFTWARE:
* This software uses OpenSSL for cryptographic operations. Users are responsible for
* ensuring compliance with OpenSSL's licensing terms.
*/

#include "aes_ctr_prng.h"
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/err.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>

typedef enum {
NWIPE_LOG_NONE = 0,
NWIPE_LOG_DEBUG, // Debugging messages, detailed for troubleshooting
NWIPE_LOG_INFO, // Informative logs, for regular operation insights
NWIPE_LOG_NOTICE, // Notices for significant but non-critical events
NWIPE_LOG_WARNING, // Warnings about potential errors
NWIPE_LOG_ERROR, // Error messages, significant issues that affect operation
NWIPE_LOG_FATAL, // Fatal errors, require immediate termination of the program
NWIPE_LOG_SANITY, // Sanity checks, used primarily in debugging phases
NWIPE_LOG_NOTIMESTAMP // Log entries without timestamp information
} nwipe_log_t;

extern void nwipe_log( nwipe_log_t level, const char* format, ... );

/* Initializes the AES CTR pseudorandom number generator state.
This function sets up the cryptographic context necessary for generating
pseudorandom numbers using AES in CTR mode. It utilizes SHA-256 to derive
a key from the provided seed, ensuring that the PRNG output is unpredictable
and secure, provided the seed is kept secret and is sufficiently random.
- state: Pointer to the AES CTR PRNG state structure.
- init_key: Array containing the seed for key generation.
- key_length: Length of the seed array. */
int aes_ctr_prng_init( aes_ctr_state_t* state, unsigned long init_key[], unsigned long key_length )
{
assert( state != NULL && init_key != NULL && key_length > 0 ); // Validate inputs

unsigned char key[32]; // Storage for the 256-bit key
memset( state->ivec, 0, AES_BLOCK_SIZE ); // Clear IV buffer
state->num = 0; // Reset the block counter
memset( state->ecount, 0, AES_BLOCK_SIZE ); // Clear encryption count buffer

nwipe_log( NWIPE_LOG_DEBUG, "Initializing AES CTR PRNG with provided seed." ); // Log initialization

EVP_MD_CTX* mdctx = EVP_MD_CTX_new(); // Create new SHA-256 context
if( !mdctx )
{
nwipe_log( NWIPE_LOG_FATAL,
"Failed to allocate EVP_MD_CTX for SHA-256, return code: %d.",
ERR_get_error() ); // Log context allocation failure
return -1; // Handle error
}

if( EVP_DigestInit_ex( mdctx, EVP_sha256(), NULL ) != 1 )
{
nwipe_log( NWIPE_LOG_FATAL,
"SHA-256 context initialization failed, return code: %d.",
ERR_get_error() ); // Log init failure
return -1; // Handle error
}

EVP_DigestUpdate(
mdctx, (const unsigned char*) init_key, key_length * sizeof( unsigned long ) ); // Process the seed

if( EVP_DigestFinal_ex( mdctx, key, NULL ) != 1 )
{
nwipe_log( NWIPE_LOG_FATAL,
"SHA-256 hash finalization failed, return code: %d.",
ERR_get_error() ); // Log finalization failure
return -1; // Handle error
}
EVP_MD_CTX_free( mdctx );
mdctx = NULL; // Clean up SHA-256 context

state->ctx = EVP_CIPHER_CTX_new(); // Create new AES-256-CTR context
if( !state->ctx )
{
nwipe_log( NWIPE_LOG_FATAL,
"Failed to allocate EVP_CIPHER_CTX, return code: %d.",
ERR_get_error() ); // Log cipher context failure
return -1; // Handle error
}

if( EVP_EncryptInit_ex( state->ctx, EVP_aes_256_ctr(), NULL, key, state->ivec ) != 1 )
{
nwipe_log( NWIPE_LOG_FATAL,
"AES-256-CTR encryption context initialization failed, return code: %d.",
ERR_get_error() ); // Log encryption init failure
return -1; // Handle error
}

nwipe_log( NWIPE_LOG_DEBUG, "AES CTR PRNG successfully initialized." ); // Log successful initialization
return 0; // Exit successfully
}
/* Generates pseudorandom numbers and writes them to a buffer.
This function performs the core operation of producing pseudorandom data.
It directly updates the buffer provided, filling it with pseudorandom bytes
generated using the AES-256-CTR mode of operation.
- state: Pointer to the initialized AES CTR PRNG state.
- bufpos: Target buffer where the pseudorandom numbers will be written. */
int aes_ctr_prng_genrand_uint256_to_buf( aes_ctr_state_t* state, unsigned char* bufpos )
{
assert( state != NULL && bufpos != NULL ); // Validate inputs

unsigned char temp_buffer[32]; // Temporary storage for pseudorandom bytes
memset( temp_buffer, 0, sizeof( temp_buffer ) ); // Zero out temporary buffer
int outlen; // Length of data produced by encryption

if( EVP_EncryptUpdate( state->ctx, temp_buffer, &outlen, temp_buffer, sizeof( temp_buffer ) ) != 1 )
{
nwipe_log( NWIPE_LOG_ERROR,
"Failed to generate pseudorandom numbers, return code: %d.",
ERR_get_error() ); // Log generation failure
return -1; // Handle error
}

memcpy( bufpos, temp_buffer, sizeof( temp_buffer ) ); // Copy pseudorandom bytes to buffer
return 0; // Exit successfully
}
// General cleanup function for AES CTR PRNG
int aes_ctr_prng_general_cleanup( aes_ctr_state_t* state )
{
if( state != NULL )
{
// Free the EVP_CIPHER_CTX if it has been allocated
if( state->ctx )
{
EVP_CIPHER_CTX_free( state->ctx );
state->ctx = NULL; // Nullify the pointer after free
}

// Clear sensitive information from the state
memset( state->ivec, 0, AES_BLOCK_SIZE );
memset( state->ecount, 0, AES_BLOCK_SIZE );
state->num = 0;
}
return 0;
}
51 changes: 51 additions & 0 deletions src/aes/aes_ctr_prng.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
/*
* AES CTR PRNG Definitions
* Author: Fabian Druschke
* Date: 2024-03-13
*
* This header file contains definitions for the AES (Advanced Encryption Standard)
* implementation in CTR (Counter) mode for pseudorandom number generation, utilizing
* OpenSSL for cryptographic functions.
*
* As the author of this work, I, Fabian Druschke, hereby release this work into the public
* domain. I dedicate any and all copyright interest in this work to the public domain,
* making it free to use for anyone for any purpose without any conditions, unless such
* conditions are required by law.
*
* This software is provided "as is", without warranty of any kind, express or implied,
* including but not limited to the warranties of merchantability, fitness for a particular
* purpose and noninfringement. In no event shall the authors be liable for any claim,
* damages or other liability, whether in an action of contract, tort or otherwise, arising
* from, out of or in connection with the software or the use or other dealings in the software.
*
* USAGE OF OPENSSL IN THIS SOFTWARE:
* This software uses OpenSSL for cryptographic operations. Users are responsible for
* ensuring compliance with OpenSSL's licensing terms.
*/

#ifndef AES_CTR_RNG_H
#define AES_CTR_RNG_H

#include <stdint.h>
#include <openssl/aes.h>
#include <openssl/evp.h>

// Structure to store the state of the AES-CTR random number generator
typedef struct
{
EVP_CIPHER_CTX* ctx;
unsigned char ivec[AES_BLOCK_SIZE];
unsigned int num;
unsigned char ecount[AES_BLOCK_SIZE];
} aes_ctr_state_t;

// Initializes the AES-CTR random number generator
int aes_ctr_prng_init( aes_ctr_state_t* state, unsigned long init_key[], unsigned long key_length );

// Generates a 256-bit random number using AES-CTR and stores it directly in the output buffer
int aes_ctr_prng_genrand_uint256_to_buf( aes_ctr_state_t* state, unsigned char* bufpos );

// General cleanup function for AES CTR PRNG
int aes_ctr_prng_general_cleanup( aes_ctr_state_t* state );

#endif // AES_CTR_RNG_H
55 changes: 54 additions & 1 deletion src/gui.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1616,11 +1616,12 @@ void nwipe_gui_prng( void )
extern nwipe_prng_t nwipe_aes_ctr_prng;
extern nwipe_prng_t nwipe_xoroshiro256_prng;
extern nwipe_prng_t nwipe_add_lagg_fibonacci_prng;
extern nwipe_prng_t nwipe_aes_ctr_prng;

extern int terminate_signal;

/* The number of implemented PRNGs. */
const int count = 5;
const int count = 6;

/* The first tabstop. */
const int tab1 = 2;
Expand Down Expand Up @@ -1662,6 +1663,10 @@ void nwipe_gui_prng( void )
{
focus = 4;
}
if( nwipe_options.prng == &nwipe_aes_ctr_prng )
{
focus = 5;
}
do
{
/* Clear the main window. */
Expand All @@ -1678,6 +1683,7 @@ void nwipe_gui_prng( void )
mvwprintw( main_window, yy++, tab1, " %s", nwipe_isaac64.label );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_add_lagg_fibonacci_prng.label );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_xoroshiro256_prng.label );
mvwprintw( main_window, yy++, tab1, " %s", nwipe_aes_ctr_prng.label );
yy++;

/* Print the cursor. */
Expand Down Expand Up @@ -1852,6 +1858,49 @@ void nwipe_gui_prng( void )
tab1,
"especially for legacy systems, due to its efficiency and minimal demands. " );
break;
case 5:

mvwprintw(
main_window, yy++, tab1, "AES-256 in Counter Mode (CTR), securely implemented by Fabian Druschke" );
mvwprintw( main_window,
yy++,
tab1,
"within nwipe using OpenSSL, leverages the cryptographic robustness and " );
mvwprintw( main_window,
yy++,
tab1,
"efficiency of AES for generating high-quality pseudo-random numbers. " );
mvwprintw( main_window,
yy++,
tab1,
" " );
mvwprintw(
main_window, yy++, tab1, "This adaptation emphasizes the utilization of AES New Instructions " );
mvwprintw( main_window,
yy++,
tab1,
"(AES-NI) starting from the Westmere-EP microarchitecture, enhancing the" );
mvwprintw( main_window,
yy++,
tab1,
"performance and security for data wiping applications. The integration " );
mvwprintw( main_window,
yy++,
tab1,
"of AES-NI accelerates cryptographic computations, making AES-256 CTR an" );
mvwprintw( main_window, yy++, tab1, "ideal choice for efficient and secure data erasure in nwipe." );
mvwprintw( main_window,
yy++,
tab1,
" " );
mvwprintw( main_window,
yy++,
tab1,
"Compliant with NIST SP 800-38A for cryptographic standards, AES-256 CTR" );
mvwprintw(
main_window, yy++, tab1, "stands as the world gold standard for data encryption techniques." );
mvwprintw( main_window, yy++, tab1, "Intended to be used only with 64-Bit CPUs, supporting AES-Ni." );
break;
}

/* switch */
Expand Down Expand Up @@ -1922,6 +1971,10 @@ void nwipe_gui_prng( void )
{
nwipe_options.prng = &nwipe_xoroshiro256_prng;
}
if( focus == 5 )
{
nwipe_options.prng = &nwipe_aes_ctr_prng;
}
return;

case KEY_BACKSPACE:
Expand Down
4 changes: 4 additions & 0 deletions src/logging.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,10 @@ void nwipe_log( nwipe_log_t level, const char* format, ... )
{
fprintf( stderr, "nwipe_log: pthread_mutex_unlock failed. Code %i \n", r );
}
if( level == NWIPE_LOG_SANITY )
{
nwipe_log( NWIPE_LOG_NOTICE, "Please report this bug to %s." NWIPE_GITHUB_ISSUE_URL );
}
return;

} /* nwipe_log */
Expand Down
2 changes: 2 additions & 0 deletions src/nwipe.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ typedef unsigned char u8;

#define THREAD_CANCELLATION_TIMEOUT 10

#define NWIPE_GITHUB_ISSUE_URL "https://github.com/martijnvanbrummelen/nwipe/issues"

/* This is required for ioctl FDFLUSH. */
#include <linux/fd.h>

Expand Down
Loading

0 comments on commit 25693a9

Please sign in to comment.