From 40ee08c3b46465ce58365cb363f303f41fb9a193 Mon Sep 17 00:00:00 2001 From: Narrat Date: Wed, 30 Oct 2024 22:10:12 +0100 Subject: [PATCH] argument for --kdf required again While possible to make the argument optional, it introduced some wonkyness. It kinda required a fixed ordering of arguments then, which wasn't needed before. --- doc/tomb.1 | 3 ++- extras/test/30_kdf-pbkdf2.sh | 2 +- tomb | 11 +++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/tomb.1 b/doc/tomb.1 index 652e34f..5bd0c50 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -287,7 +287,8 @@ trusted keys in GPG. .B .IP "--kdf \fI[argon2 | pbkdf2]\fR" Enable the KDF feature against dictionary attacks when creating a key. -An optional argument allows to choose between \fIargon2\fR or \fIpbkdf2\fR. +The required argument currently allows to choose between \fIargon2\fR +or \fIpbkdf2\fR. \fIargon2\fR is using a mix of RAM capacity, number of threads and iterations to achieve a time cost. \fIpbkdf2\fR is only about calculation speed to achieve a time cost. diff --git a/extras/test/30_kdf-pbkdf2.sh b/extras/test/30_kdf-pbkdf2.sh index a97f4a5..f89cc5d 100644 --- a/extras/test/30_kdf-pbkdf2.sh +++ b/extras/test/30_kdf-pbkdf2.sh @@ -8,7 +8,7 @@ if test_have_prereq KDF; then test_export "kdf" test_expect_success 'Testing pbkdf2 KDF: tomb creation' ' tt_dig -s 20 && - tt_forge --tomb-pwd $DUMMYPASS --kdf && + tt_forge --tomb-pwd $DUMMYPASS --kdf pbkdf2 && print $DUMMYPASS \ | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \ | xxd && diff --git a/tomb b/tomb index 6e7afc2..707a52d 100755 --- a/tomb +++ b/tomb @@ -751,7 +751,7 @@ usage() { _print " --sudo super user exec alternative to sudo (doas or none)" [[ $KDF == 1 ]] || [[ $ARGON2 == 1 ]] && { - _print " --kdf forge keys armored against dictionary attacks (pbkdf2 (default), argon2)" + _print " --kdf forge keys armored against dictionary attacks (pbkdf2, argon2)" _print " --kdfiter Number of iterations (meaning depending on KDF algorithm) (pbkdf2, argon2)" } [[ $ARGON2 == 1 ]] && { @@ -1503,10 +1503,8 @@ gen_key() { fi _message "kdf salt: ::1 kdfsalt::" $kdfsalt - # --kdf takes one optional parameter: what KDF - # (pbkdf2 being the default) + # --kdf takes one parameter: what KDF kdftype="`option_value --kdf`" - kdftype=${kdftype:-pbkdf2} case ${kdftype} in pbkdf2) local -i microseconds @@ -1534,6 +1532,7 @@ gen_key() { *) _warning "unrecognized KDF ::1::" $kdftype _warning "key won\'t be protected via a KDF implementation" + _warning "only pbkdf2 and argon2 are valid arguments" ;; esac } @@ -3155,13 +3154,13 @@ main() { subcommands_opts[create]="" # deprecated, will issue warning # -o in forge and lock is used to pass an alternate cipher. - subcommands_opts[forge]="-ignore-swap k: -kdf:: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: " + subcommands_opts[forge]="-ignore-swap k: -kdf: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: " subcommands_opts[dig]="-ignore-swap s: -size=s " subcommands_opts[lock]="-ignore-swap k: o: -tomb-pwd: r: R: -sphx-host: -sphx-user: -filesystem: " subcommands_opts[setkey]="k: -ignore-swap -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: " subcommands_opts[engrave]="k: " - subcommands_opts[passwd]="k: -ignore-swap -kdf:: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: " + subcommands_opts[passwd]="k: -ignore-swap -kdf: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: " subcommands_opts[close]="" subcommands_opts[help]="" subcommands_opts[slam]=""