Skip to content
Browse files

improve secure_erase speed; add SIGINFO support

  • Loading branch information...
1 parent 00bc399 commit 69686eb7261a1555700cc74f0aedddcd9e8b8eaf @bwalex committed Jul 3, 2011
Showing with 60 additions and 7 deletions.
  1. +31 −4 io.c
  2. +11 −0 main.c
  3. +9 −0 tc-play-api.c
  4. +1 −0 tc-play-api.h
  5. +4 −3 tc-play.c
  6. +4 −0 tc-play.h
View
35 io.c
@@ -106,14 +106,28 @@ get_random(unsigned char *buf, size_t len)
return 0;
}
-/* XXX: improve secure_erase performance! */
+static size_t secure_erase_total_bytes = 0;
+static size_t secure_erase_erased_bytes = 0;
+
+static
+void
+secure_erase_summary(void)
+{
+ float pct_done;
+
+ pct_done = (1.0 * secure_erase_erased_bytes) /
+ (1.0 * secure_erase_total_bytes) * 100.0;
+ tc_log(0, "Securely erasing, %.0f%% done.\n", pct_done);
+}
+
int
secure_erase(const char *dev, size_t bytes, size_t blksz)
{
size_t erased = 0;
int fd_rand, fd;
- char buf[MAX_BLKSZ];
+ char buf[ERASE_BUFFER_SIZE];
ssize_t r, w;
+ size_t sz;
if (blksz > MAX_BLKSZ) {
tc_log(1, "blksz > MAX_BLKSZ\n");
@@ -131,21 +145,32 @@ secure_erase(const char *dev, size_t bytes, size_t blksz)
return -1;
}
+ summary_fn = secure_erase_summary;
+ secure_erase_total_bytes = bytes;
+
+ sz = ERASE_BUFFER_SIZE;
while (erased < bytes) {
- if ((r = read(fd_rand, buf, blksz)) < 0) {
+ secure_erase_erased_bytes = erased;
+ /* Switch to block size when not much is remaining */
+ if ((bytes - erased) <= ERASE_BUFFER_SIZE)
+ sz = blksz;
+
+ if ((r = read(fd_rand, buf, sz)) < 0) {
tc_log(1, "Error reading from /dev/urandom\n");
close(fd);
close(fd_rand);
+ summary_fn = NULL;
return -1;
}
if (r < blksz)
continue;
- if ((w = write(fd, buf, blksz)) < 0) {
+ if ((w = write(fd, buf, r)) < 0) {
tc_log(1, "Error writing to %s\n", dev);
close(fd);
close(fd_rand);
+ summary_fn = NULL;
return -1;
}
@@ -155,6 +180,8 @@ secure_erase(const char *dev, size_t bytes, size_t blksz)
close(fd);
close(fd_rand);
+ summary_fn = NULL;
+
return 0;
}
View
11 main.c
@@ -33,6 +33,7 @@
#include <unistd.h>
#include <errno.h>
#include <string.h>
+#include <signal.h>
#include <err.h>
#include <time.h>
#include <libutil.h>
@@ -41,6 +42,14 @@
static
void
+sig_handler(int sig)
+{
+ if ((sig == SIGUSR1 || sig == SIGINFO) && (summary_fn != NULL))
+ summary_fn();
+}
+
+static
+void
usage(void)
{
fprintf(stderr,
@@ -115,6 +124,8 @@ main(int argc, char *argv[])
struct tc_cipher_chain *cipher_chain = NULL;
tc_play_init();
+ signal(SIGUSR1, sig_handler);
+ signal(SIGINFO, sig_handler);
nkeyfiles = 0;
n_hkeyfiles = 0;
View
9 tc-play-api.c
@@ -56,6 +56,15 @@ tc_api_get_error_msg(void)
return (tc_internal_verbose) ? "" : tc_internal_log_buffer;
}
+char *
+tc_api_get_summary(void)
+{
+ if (summary_fn != NULL)
+ summary_fn();
+
+ return tc_internal_log_buffer;
+}
+
int
tc_api_create_volume(tc_api_op *api_opts)
{
View
1 tc-play-api.h
@@ -56,4 +56,5 @@ int tc_api_map_volume(tc_api_op *api_opts);
int tc_api_check_cipher(tc_api_op *api_opts);
int tc_api_check_prf_hash(tc_api_op *api_opts);
char *tc_api_get_error_msg(void);
+char *tc_api_get_summary(void);
View
7 tc-play.c
@@ -47,6 +47,7 @@
* - mlockall? (at least MCL_FUTURE, which is the only one we support)
*/
+summary_fn_t summary_fn = NULL;
int tc_internal_verbose = 1;
char tc_internal_log_buffer[LOG_BUFFER_SZ];
@@ -63,10 +64,10 @@ tc_log(int err, char *fmt, ...)
__va_start(ap, fmt);
- if (tc_internal_verbose)
+ vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
+
+ if (tc_internal_verbose)
vfprintf(fp, fmt, ap);
- else
- vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
__va_end(ap);
}
View
4 tc-play.h
@@ -46,6 +46,7 @@
#define MIN_VOL_BLOCKS 256
#define MAX_CIPHER_CHAINS 64
#define DEFAULT_RETRIES 3
+#define ERASE_BUFFER_SIZE 4*1024*1024 /* 4 MB */
/* TrueCrypt Volume flags */
#define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
@@ -182,8 +183,11 @@ int map_volume(const char *map_name, const char *device, int sflag,
char *passphrase, char *passphrase_hidden, int interactive, int retries);
int dm_setup(const char *mapname, struct tcplay_info *info);
+typedef void(*summary_fn_t)(void);
+
extern int tc_internal_verbose;
extern char tc_internal_log_buffer[];
+extern summary_fn_t summary_fn;
#define alloc_safe_mem(x) \
_alloc_safe_mem(x, __FILE__, __LINE__)

0 comments on commit 69686eb

Please sign in to comment.
Something went wrong with that request. Please try again.