search

martijnvanbrummelen / nwipe

nwipe secure disk eraser
GNU General Public License v2.0
799 stars 86 forks source link

Aes ctr openssl submodule #609

Closed Knogle closed 1 month ago

Knogle commented 2 months ago

Ahoy, OpenSSL integrated through git submodule :) Stically linked during build.

PartialVolume commented 2 months ago

Thanks, I'll check this out shortly. I'm finalising stfp transfers for ShredOS, as soon as I'm done with that I'll review this PR. What did you get nwipe's binary size down too in the end?

Knogle commented 2 months ago

Currently we are on 3.7M (still w.o. compression) , we can crop this down even further, but in order to do so i have to check with the OpenSSL IRC, what else we can remove during build, there are a few things that can be stripped still. If you say this is OK so i can invest some little more time and do some further optimizations on this PR.

PartialVolume commented 2 months ago

Yes, I'd like it stripped down to the absolute minimum, I'd hate to go from 1MB to nearly 4MB just to add one prng. However once it's size has been optimised as far as it will go, I'll test it in ShredOS on some older systems to make sure there's no obvious performance issues.

I do hate bloat though, so the smaller you can make it the better. 😁

Knogle commented 2 months ago

Yes, I'd like it stripped down to the absolute minimum, I'd hate to go from 1MB to nearly 4MB just to add one prng. However once it's size has been optimised as far as it will go, I'll test it in ShredOS on some older systems to make sure there's no obvious performance issues.

I do hate bloat though, so the smaller you can make it the better. 😁

I think we won't reach something similar to the dynamic library approach with around 1M, but maybe we can get a little closer :) My current nwipe binary is around 2.3M now. I think i can still get it a little lighter.

So the best i can currently do is 2.3M, if we remove instrinsics and assembler instructions it goes down to 1.5M but at cost of speed (AES get's very slow, as it doesn't use CPU acceleration anymore). Another option, have the libcrypto.soinstead in the directory, so a shared library.

Or, using upx, to put it down to 1.1M.


root@afdaca0502f3:/workspace/kwipe/src# du -sh nwipe
1.1M    nwipe
root@afdaca0502f3:/workspace/kwipe/src# ls
Makefile     PDFGen  conf.c  context.h     create_pdf.o  customers.o  device.o         gui.h         hpa_dco.c  isaac_rand  logging.o  method.o         miscellaneous.o  nwipe.c  options.c  pass.c  prng.c  redcross.jpg   temperature.h  version.h
Makefile.am  aes     conf.h  create_pdf.c  customers.c   device.c     embedded_images  gui.o         hpa_dco.h  logging.c   method.c   miscellaneous.c  mt19937ar-cok    nwipe.h  options.h  pass.h  prng.h  te.jpg         temperature.o  version.o
Makefile.in  alfg    conf.o  create_pdf.h  customers.h   device.h     gui.c            hddtemp_scsi  hpa_dco.o  logging.h   method.h   miscellaneous.h  nwipe            nwipe.o  options.o  pass.o  prng.o  temperature.c  version.c      xor
root@afdaca0502f3:/workspace/kwipe/src# ./nwipe 
[2024/09/19 15:01:48] warning: /etc/nwipe/nwipe.conf does not exist
[2024/09/19 15:01:48]    info: Created /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Created group [Organisation_Details] in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Created setting name Organisation_Details.Business_Name in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Organisation_Details.Business_Name in /etc/nwipe/nwipe.conf to Not Applicable (BN)
[2024/09/19 15:01:48]    info: Created setting name Organisation_Details.Business_Address in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Organisation_Details.Business_Address in /etc/nwipe/nwipe.conf to Not Applicable (BA)
[2024/09/19 15:01:48]    info: Created setting name Organisation_Details.Contact_Name in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Organisation_Details.Contact_Name in /etc/nwipe/nwipe.conf to Not Applicable (BCN)
[2024/09/19 15:01:48]    info: Created setting name Organisation_Details.Contact_Phone in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Organisation_Details.Contact_Phone in /etc/nwipe/nwipe.conf to Not Applicable (BCP)
[2024/09/19 15:01:48]    info: Created setting name Organisation_Details.Op_Tech_Name in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Organisation_Details.Op_Tech_Name in /etc/nwipe/nwipe.conf to Not Applicable (OTN)
[2024/09/19 15:01:48]    info: Created group [PDF_Certificate] in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Created setting name PDF_Certificate.PDF_Enable in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for PDF_Certificate.PDF_Enable in /etc/nwipe/nwipe.conf to ENABLED
[2024/09/19 15:01:48]    info: Created setting name PDF_Certificate.PDF_Preview in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for PDF_Certificate.PDF_Preview in /etc/nwipe/nwipe.conf to DISABLED
[2024/09/19 15:01:48]    info: Created group [Selected_Customer] in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Created setting name Selected_Customer.Customer_Name in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Selected_Customer.Customer_Name in /etc/nwipe/nwipe.conf to Not Applicable (CN)
[2024/09/19 15:01:48]    info: Created setting name Selected_Customer.Customer_Address in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Selected_Customer.Customer_Address in /etc/nwipe/nwipe.conf to Not Applicable (CA)
[2024/09/19 15:01:48]    info: Created setting name Selected_Customer.Contact_Name in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Selected_Customer.Contact_Name in /etc/nwipe/nwipe.conf to Not Applicable (CCN)
[2024/09/19 15:01:48]    info: Created setting name Selected_Customer.Contact_Phone in /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48]    info: Set value for Selected_Customer.Contact_Phone in /etc/nwipe/nwipe.conf to Not Applicable (CP)
[2024/09/19 15:01:48]    info: Sucessfully written nwipe config to /etc/nwipe/nwipe.conf
[2024/09/19 15:01:48] warning: /etc/nwipe/nwipe_customers.csv does not exist
[2024/09/19 15:01:48]    info: Created /etc/nwipe/nwipe_customers.csv
[2024/09/19 15:01:48]    info: Populated /etc/nwipe/nwipe_customers.csv with basic config
[2024/09/19 15:01:48]    info: nwipe 0.37
[2024/09/19 15:01:48]    info: Linux version 6.10.9-200.fc40.x86_64 (mockbuild@
                               eed293a01169418eb17e82cca872df8c) (gcc (GCC) 14
                               .2.1 20240801 (Red Hat 14.2.1-1), GNU ld versio
                               n 2.41-37.fc40) #1 SMP PREEMPT_DYNAMIC Sun Sep 
                                8 17:23:55 UTC 2024
[2024/09/19 15:01:48]    info: Storage devices not found. Nwipe should be run as root or sudo/su, i.e sudo nwipe etc
Knogle commented 2 months ago

@PartialVolume This one as a second option. 432k binary, and the libcrypto.so (symlinked to libcrypto.so.3 etc.) in the same folder as shared library.

https://github.com/Knogle/kwipe/tree/shared-openssl-library-in-build-directory

Knogle commented 1 month ago

Closed due to dynamic approach.