mirror of https://github.com/skeeto/enchive.git
Completely remove random device options
This option adds needless complexity. Just hardcode /dev/urandom.w32-compat
Christopher Wellons
parent
79c7bf97f9
commit
39bc92455f
15
README.md
15
README.md
|
|
@ -243,21 +243,6 @@ The compile-time options below also apply to this amalgamation build.
|
|||
Various options and defaults can be configured at compile time using C
|
||||
defines (`-D...`).
|
||||
|
||||
#### `ENCHIVE_RANDOM_DEVICE`
|
||||
|
||||
For unix-like systems, this is the default source of entropy when
|
||||
creating keys and IVs. The default value is `/dev/urandom`. You could
|
||||
set this to `/dev/random`, though that's [pointless][djb] and [a waste
|
||||
of time][myths]. It can be changed at run time with `--random-device`.
|
||||
|
||||
In the future, Enchive may first try `getrandom(2)` / `getentropy(2)`.
|
||||
|
||||
#### `ENCHIVE_OPTION_RANDOM_DEVICE`
|
||||
|
||||
Whether or not the `--random-device` option should be available. This
|
||||
option is 0 by default on Windows, where Enchive always uses a
|
||||
[Cryptographic Service Provider][csp].
|
||||
|
||||
#### `ENCHIVE_OPTION_AGENT`
|
||||
|
||||
Whether to expose the `--agent` and `--no-agent` option. This option
|
||||
|
|
|
|||
12
config.h
12
config.h
|
|
@ -11,10 +11,6 @@
|
|||
# define ENCHIVE_FORMAT_VERSION 3
|
||||
#endif
|
||||
|
||||
#ifndef ENCHIVE_RANDOM_DEVICE
|
||||
# define ENCHIVE_RANDOM_DEVICE /dev/urandom
|
||||
#endif
|
||||
|
||||
#ifndef ENCHIVE_KEY_DERIVE_ITERATIONS
|
||||
# define ENCHIVE_KEY_DERIVE_ITERATIONS 25 /* 32MB */
|
||||
#endif
|
||||
|
|
@ -23,14 +19,6 @@
|
|||
# define ENCHIVE_SECKEY_DERIVE_ITERATIONS 29 /* 512MB */
|
||||
#endif
|
||||
|
||||
#ifndef ENCHIVE_OPTION_RANDOM_DEVICE
|
||||
# if defined(__unix__) || defined(__APPLE__)
|
||||
# define ENCHIVE_OPTION_RANDOM_DEVICE 1
|
||||
# else
|
||||
# define ENCHIVE_OPTION_RANDOM_DEVICE 0
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef ENCHIVE_OPTION_AGENT
|
||||
# if defined(__unix__) || defined(__APPLE__)
|
||||
# define ENCHIVE_OPTION_AGENT 1
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ enchive \- personal archive encryption
|
|||
.HP 8
|
||||
.B enchive
|
||||
[\-\fBa\fR[\fIseconds\fR]|\fB\-A\fR]
|
||||
[\fB\-r\ \fIdevice\fR]
|
||||
[\fB\-p\ \fIpubkey\fR]
|
||||
[\fB\-s\ \fIseckey\fR]
|
||||
[\fB\-\-version\fR]
|
||||
|
|
@ -52,9 +51,6 @@ Do not start the key agent (default).
|
|||
\fB\-p, \-\-pubkey\fR \fIfile\fR
|
||||
Specifies the public key file to use for encryption.
|
||||
.TP
|
||||
\fB\-r\fR, \fB\-\-random\-device\fR \fIdevice\fR
|
||||
Use \fIdevice\fR as an entropy source instead of \fB/dev/urandom\fR.
|
||||
.TP
|
||||
\fB\-s, \-\-seckey\fR \fIfile\fR
|
||||
Specifies the secret key file to use for decryption.
|
||||
.TP
|
||||
|
|
@ -67,7 +63,7 @@ Print a synopsis of the command line interface.
|
|||
Any unique prefix for a command is accepted. For example, the command \fBa\fR would mean \fBarchive\fR.
|
||||
.TP
|
||||
\fBkeygen\fR [\fIOPTION\fR]...
|
||||
Generates a new keypair either from the random device or a passphrase.
|
||||
Generates a new keypair either from system entropy or a passphrase.
|
||||
.RS 4
|
||||
.TP
|
||||
\fB\-d\fR[\fIN\fR], \fB\-\-derive\fR[=\fIN\fR]
|
||||
|
|
|
|||
11
src/docs.h
11
src/docs.h
|
|
@ -3,12 +3,7 @@ static const char *docs_usage[] = {
|
|||
#if ENCHIVE_OPTION_AGENT
|
||||
" [-a|--agent[=seconds]] [-A|--no-agent]",
|
||||
#endif
|
||||
#if ENCHIVE_OPTION_RANDOM_DEVICE
|
||||
" [-r|--random-device <file>] "
|
||||
#else
|
||||
" "
|
||||
#endif
|
||||
"[--version] [--help]",
|
||||
" [--version] [--help]",
|
||||
" <command> [args]",
|
||||
"",
|
||||
"Commands (unique prefixes accepted):",
|
||||
|
|
@ -29,10 +24,6 @@ static const char *docs_usage[] = {
|
|||
" (default)",
|
||||
# endif
|
||||
#endif
|
||||
#if ENCHIVE_OPTION_RANDOM_DEVICE
|
||||
" -r, --random-device <dev> device for secure entropy ["
|
||||
STR(ENCHIVE_RANDOM_DEVICE) "]",
|
||||
#endif
|
||||
" --version display version information",
|
||||
" --help display this usage information",
|
||||
"",
|
||||
|
|
|
|||
|
|
@ -610,14 +610,12 @@ key_derive(const char *passphrase, u8 *buf, int iexp, const u8 *salt)
|
|||
static void secure_entropy(void *buf, size_t len);
|
||||
|
||||
#if defined(__unix__) || defined(__APPLE__)
|
||||
static char *global_random_device = STR(ENCHIVE_RANDOM_DEVICE);
|
||||
|
||||
static void
|
||||
secure_entropy(void *buf, size_t len)
|
||||
{
|
||||
FILE *r = fopen(global_random_device, "rb");
|
||||
FILE *r = fopen("/dev/urandom", "rb");
|
||||
if (!r)
|
||||
fatal("failed to open %s", global_random_device);
|
||||
fatal("failed to open %s", "/dev/urandom");
|
||||
if (!fread(buf, len, 1, r))
|
||||
fatal("failed to gather entropy");
|
||||
fclose(r);
|
||||
|
|
@ -1402,9 +1400,6 @@ main(int argc, char **argv)
|
|||
#if ENCHIVE_OPTION_AGENT
|
||||
{"agent", 'a', OPTPARSE_OPTIONAL},
|
||||
{"no-agent", 'A', OPTPARSE_NONE},
|
||||
#endif
|
||||
#if ENCHIVE_OPTION_RANDOM_DEVICE
|
||||
{"random-device", 'r', OPTPARSE_REQUIRED},
|
||||
#endif
|
||||
{"pubkey", 'p', OPTPARSE_REQUIRED},
|
||||
{"seckey", 's', OPTPARSE_REQUIRED},
|
||||
|
|
@ -1437,11 +1432,6 @@ main(int argc, char **argv)
|
|||
case 'A':
|
||||
global_agent_timeout = 0;
|
||||
break;
|
||||
#endif
|
||||
#if ENCHIVE_OPTION_RANDOM_DEVICE
|
||||
case 'r':
|
||||
global_random_device = options->optarg;
|
||||
break;
|
||||
#endif
|
||||
case 'p':
|
||||
global_pubkey = options->optarg;
|
||||
|
|
|
|||
Loading…
Reference in New Issue