argument for --kdf required again

While possible to make the argument optional, it introduced some wonkyness.
It kinda required a fixed ordering of arguments then, which wasn't needed before.

doc/tomb.1

@@ -287,7 +287,8 @@ trusted keys in GPG.
 .B
 .IP "--kdf \fI[argon2 | pbkdf2]\fR"
 Enable the KDF feature against dictionary attacks when creating a key.
-An optional argument allows to choose between \fIargon2\fR or \fIpbkdf2\fR.
+The required argument currently allows to choose between \fIargon2\fR
+or \fIpbkdf2\fR.
 \fIargon2\fR is using a mix of RAM capacity, number of threads and
 iterations to achieve a time cost.
 \fIpbkdf2\fR is only about calculation speed to achieve a time cost.

extras/test/30_kdf-pbkdf2.sh

@@ -8,7 +8,7 @@ if test_have_prereq KDF; then
     test_export "kdf"
     test_expect_success 'Testing pbkdf2 KDF: tomb creation' '
         tt_dig -s 20 &&
-        tt_forge --tomb-pwd $DUMMYPASS --kdf &&
+        tt_forge --tomb-pwd $DUMMYPASS --kdf pbkdf2 &&
         print $DUMMYPASS \
             | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
             | xxd &&

tomb

@@ -751,7 +751,7 @@ usage() {
 	_print " --sudo       super user exec alternative to sudo (doas or none)"
 
 	[[ $KDF == 1 ]] || [[ $ARGON2 == 1 ]] && {
-		_print " --kdf        forge keys armored against dictionary attacks (pbkdf2 (default), argon2)"
+		_print " --kdf        forge keys armored against dictionary attacks (pbkdf2, argon2)"
 		_print " --kdfiter    Number of iterations (meaning depending on KDF algorithm) (pbkdf2, argon2)"
 	}
 	[[ $ARGON2 == 1 ]] && {
@@ -1503,10 +1503,8 @@ gen_key() {
 				fi
 				_message "kdf salt: ::1 kdfsalt::" $kdfsalt
 
-				# --kdf takes one optional parameter: what KDF
+				# --kdf takes one parameter: what KDF
-				# (pbkdf2 being the default)
 				kdftype="`option_value --kdf`"
-				kdftype=${kdftype:-pbkdf2}
 				case ${kdftype} in
 				pbkdf2)
 					local -i microseconds
@@ -1534,6 +1532,7 @@ gen_key() {
 				*)
 					_warning "unrecognized KDF ::1::" $kdftype
 					_warning "key won\'t be protected via a KDF implementation"
+					_warning "only pbkdf2 and argon2 are valid arguments"
 					;;
 				esac
 			}
@@ -3155,13 +3154,13 @@ main() {
 	subcommands_opts[create]="" # deprecated, will issue warning
 
 	# -o in forge and lock is used to pass an alternate cipher.
-	subcommands_opts[forge]="-ignore-swap k: -kdf:: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: "
+	subcommands_opts[forge]="-ignore-swap k: -kdf: -kdfiter: -kdfmem: -kdfpar: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[dig]="-ignore-swap s: -size=s "
 	subcommands_opts[lock]="-ignore-swap k: o: -tomb-pwd: r: R: -sphx-host: -sphx-user: -filesystem: "
 	subcommands_opts[setkey]="k: -ignore-swap -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[engrave]="k: "
 
-	subcommands_opts[passwd]="k: -ignore-swap -kdf:: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
+	subcommands_opts[passwd]="k: -ignore-swap -kdf: -kdfiter: -kdfmem: -kdfpar: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
 	subcommands_opts[close]=""
 	subcommands_opts[help]=""
 	subcommands_opts[slam]=""