argument for --kdf required again

While possible to make the argument optional, it introduced some wonkyness. It kinda required a fixed ordering of arguments then, which wasn't needed before.
2025-01-08 08:08:51 +00:00 · 2024-10-30 22:10:12 +01:00 · 2024-10-30 22:10:12 +01:00 · 40ee08c3b4
commit 40ee08c3b4
parent 651681a9fb
3 changed files with 8 additions and 8 deletions
--- a/doc/tomb.1
+++ b/doc/tomb.1
@ -287,7 +287,8 @@ trusted keys in GPG.
 .B
 .IP "--kdf \fI[argon2 | pbkdf2]\fR"
 Enable the KDF feature against dictionary attacks when creating a key.
-An optional argument allows to choose between \fIargon2\fR or \fIpbkdf2\fR.
+The required argument currently allows to choose between \fIargon2\fR
+or \fIpbkdf2\fR.
 \fIargon2\fR is using a mix of RAM capacity, number of threads and
 iterations to achieve a time cost.
 \fIpbkdf2\fR is only about calculation speed to achieve a time cost.
--- a/extras/test/30_kdf-pbkdf2.sh
+++ b/extras/test/30_kdf-pbkdf2.sh
@ -8,7 +8,7 @@ if test_have_prereq KDF; then
    test_export "kdf"
    test_expect_success 'Testing pbkdf2 KDF: tomb creation' '
        tt_dig -s 20 &&
-        tt_forge --tomb-pwd $DUMMYPASS --kdf &&
+        tt_forge --tomb-pwd $DUMMYPASS --kdf pbkdf2 &&
        print $DUMMYPASS \
            | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
            | xxd &&
--- a/11
+++ b/11
@ -751,7 +751,7 @@ usage() {
 	_print " --sudo       super user exec alternative to sudo (doas or none)"

 	[[ $KDF == 1 ]] || [[ $ARGON2 == 1 ]] && {
-		_print " --kdf        forge keys armored against dictionary attacks (pbkdf2 (default), argon2)"
+		_print " --kdf        forge keys armored against dictionary attacks (pbkdf2, argon2)"
 		_print " --kdfiter    Number of iterations (meaning depending on KDF algorithm) (pbkdf2, argon2)"
 	}
 	[[ $ARGON2 == 1 ]] && {
@ -1503,10 +1503,8 @@ gen_key() {
 				fi
 				_message "kdf salt: ::1 kdfsalt::" $kdfsalt

-				# --kdf takes one optional parameter: what KDF
-				# (pbkdf2 being the default)
+				# --kdf takes one parameter: what KDF
 				kdftype="`option_value --kdf`"
-				kdftype=${kdftype:-pbkdf2}
 				case ${kdftype} in
 				pbkdf2)
 					local -i microseconds
@ -1534,6 +1532,7 @@ gen_key() {
 				*)
 					_warning "unrecognized KDF ::1::" $kdftype
 					_warning "key won\'t be protected via a KDF implementation"
+					_warning "only pbkdf2 and argon2 are valid arguments"
 					;;
 				esac
 			}
@ -3155,13 +3154,13 @@ main() {
 	subcommands_opts[create]="" # deprecated, will issue warning

 	# -o in forge and lock is used to pass an alternate cipher.
-	subcommands_opts[forge]="-ignore-swap k: -kdf:: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: "
+	subcommands_opts[forge]="-ignore-swap k: -kdf: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[dig]="-ignore-swap s: -size=s "
 	subcommands_opts[lock]="-ignore-swap k: o: -tomb-pwd: r: R: -sphx-host: -sphx-user: -filesystem: "
 	subcommands_opts[setkey]="k: -ignore-swap -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[engrave]="k: "

-	subcommands_opts[passwd]="k: -ignore-swap -kdf:: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
+	subcommands_opts[passwd]="k: -ignore-swap -kdf: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[close]=""
 	subcommands_opts[help]=""
 	subcommands_opts[slam]=""