diff --git a/.gitignore b/.gitignore index 1ab7e1e..b626445 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,10 @@ kr +*.bak +*.exe *.o *.profraw *.profdata +*~ tmp test.out cov diff --git a/README.md b/README.md index ba5fcf6..aee9fa0 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ AEAD interface of Monocypher to encrypt/decrypt files using `kr` offers two modes of operation: - Keyfile-based: a private key is stored on the user's machine and is used to - encrypt and decrypt files. + encrypt and decrypt files. - Passphrase-based: an encryption/decryption key is generated, on the fly, using Argon2i (with a random salt). @@ -65,7 +65,7 @@ _same_ pair (passphrase, userID) on every invocation. For example: ``` $ kr -guUSERID -p"PASS PHRASE" ~/key.sec ``` - Or + Or ``` $ kr -g --uid=USERID --passphrase="PASS PHRASE" ~/key.sec @@ -173,7 +173,7 @@ pipes: ``` $ echo 'Hello, world!' | kr -epPASS | kr -dpPASS ``` -or with keyfiles +or with keyfiles ``` $ echo 'Hello, world!' | kr -ek ~/.key.sec | kr -dk ~/.key.sec diff --git a/src/kr.c b/src/kr.c index 8e070a4..55ca803 100644 --- a/src/kr.c +++ b/src/kr.c @@ -264,7 +264,7 @@ static enum error encrypt(FILE *in, FILE *out, const uint8_t key[KEY_SIZE], uint8_t *ad = (eof) ? END_TAG : NULL; // if last chunk, tag it. size_t adlen = (eof) ? 4 : 0; - // Arguments order: + // Arguments order: // ctx, cipher_text, mac, ad, ad_size, plain_text, text_size. // The mac comes after the encrypted chunk, thus: // - the mac is located at buf_out + len, and @@ -318,7 +318,7 @@ static enum error decrypt(FILE *in, FILE *out, const uint8_t key[KEY_SIZE], uint8_t *ad = (eof) ? END_TAG : 0; // last chunk should've been tagged. size_t adlen = (eof) ? 4 : 0; - // Arguments order: + // Arguments order: // ctx, plain_text, mac, ad, ad_size, cipher_text, text_size. // The read 'len' bytes from 'in' already includes the mac, thus: // - the mac is located at buf_in + len - MAC_SIZE, and @@ -343,7 +343,7 @@ static enum error decrypt(FILE *in, FILE *out, const uint8_t key[KEY_SIZE], } // Generate a key_size bytes key from a passphrase and a salt (random) -// using Argon2i (with configuration in 'config', inputs (password and salt) +// using Argon2i (with configuration in 'config', inputs (password and salt) // data in 'inputs'), and extras (key and ad). This needs a work area that // has to be allocated. If this allocation fails, securely wipe inputs and // extras and exit. @@ -448,7 +448,7 @@ static enum error read_keyfile(FILE *kf, uint8_t key[KEY_SIZE]) // Inspect the protection-version byte, and get its MSB. int protected = *version >> 7; if (!protected) { - // Key is not protected. Copy the last KEY_SIZE bytes. + // Key is not protected. Copy the last KEY_SIZE bytes. memcpy(key, fkey, KEY_SIZE); } else { // Ask the user to provide a passphrase to decrypt the key. @@ -709,7 +709,7 @@ int main(int argc, char *argv[]) // outfile is needed for encryption, decryption, and keygen. if (mode & (MODE_ENCRYPT | MODE_DECRYPT | MODE_KEYGEN)) { outfile = optparse_arg(&options); - out = !outfile ? stdout : fopen(outfile, "wb"); + out = !outfile || !strcmp(outfile, "-") ? stdout : fopen(outfile, "wb"); if (!out) { BAIL(ERR_OUTPUT_FILE); } @@ -722,7 +722,7 @@ int main(int argc, char *argv[]) BAIL(ERR_NO_RANDOM); } // If the key to be generated depends on a uid and a passphrase, - // generate a deterministic one with the same value when given + // generate a deterministic one with the same value when given // the same uid and passphrase. if (use_passphrase) { // Hash the uid to use it as a salt for key derivation. @@ -830,7 +830,7 @@ int main(int argc, char *argv[]) } // Clean everything and exit. -bail: +bail: // Safely wipe sensitive info. crypto_wipe(key, KEY_SIZE); crypto_wipe(passphrase, MAXPASS); diff --git a/tests/tests.c b/tests/tests.c index e1df47a..b4a33e2 100644 --- a/tests/tests.c +++ b/tests/tests.c @@ -266,7 +266,7 @@ static int p_encrypt_decrypt(void) fsize = 0; } if (DEBUG) { - printf(YELLOW "\tFile size:" BLUE " %lu bytes\n", fsize); + printf(YELLOW "\tFile size:" BLUE " %" PRIu64 " bytes\n", fsize); } fillrand(data, fsize); fillrand(key, KEY_SIZE); @@ -428,7 +428,7 @@ int p_password_enc_dec(void) } if (DEBUG) { - printf(YELLOW "\tFile size:" BLUE " %lu bytes\n", fsize); + printf(YELLOW "\tFile size:" BLUE " %" PRIu64 " bytes\n", fsize); } fillrand(data, fsize);