X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=tfc_error.c;h=d95f420f2f13d33dc00716a31d58a70964eab560;hb=13cc886eb2edfe7be4e65067be6df01e2f08436a;hp=cb8ee057e7f25756e22dc3e512fb4aa94d0a7a11;hpb=630fb7d8dc740715cdc52114d736d64bf14f0798;p=tfcrypt.git

diff --git a/tfc_error.c b/tfc_error.c
index cb8ee05..d95f420 100644
--- a/tfc_error.c
+++ b/tfc_error.c
@@ -2,7 +2,7 @@
  * tfcrypt -- high security Threefish encryption tool.
  *
  * tfcrypt is copyrighted:
- * Copyright (C) 2012-2018 Andrey Rys. All rights reserved.
+ * Copyright (C) 2012-2019 Andrey Rys. All rights reserved.
  *
  * tfcrypt is licensed to you under the terms of std. MIT/X11 license:
  *
@@ -62,6 +62,17 @@ _ex:
 
 void xexit(int status)
 {
+	if (status > 1) goto _do_clean_and_exit;
+
+	xclose(sfd);
+	if (do_ftrunc > TFC_NO_FTRUNC) {
+		if (do_ftrunc == TFC_FTRUNC_TAIL) ftrunc_dfd = total_processed_dst;
+		if (ftruncate(dfd, (off_t)ftrunc_dfd) == -1) xerror(YES, NO, YES, "ftruncate(%d)", dfd);
+	}
+	if (do_preserve_time) fcopy_matime(dfd, &s_stat);
+	xclose(dfd);
+
+_do_clean_and_exit:
 	memset(srcblk, 0, sizeof(srcblk));
 	memset(dstblk, 0, sizeof(dstblk));
 
@@ -69,6 +80,7 @@ void xexit(int status)
 	memset(ctr, 0, sizeof(ctr));
 	memset(mackey, 0, sizeof(mackey));
 	memset(xtskey, 0, sizeof(xtskey));
+	memset(tweak, 0, sizeof(tweak));
 	memset(&sk, 0, sizeof(struct skein));
 	memset(&tfe, 0, sizeof(struct tfe_stream));
 
@@ -91,10 +103,64 @@ void usage(void)
 
 	if (optopt == 'V') {
 		tfc_say("tfcrypt toolkit, version %s.", _TFCRYPT_VERSION);
+		if (ctr_mode != TFC_MODE_PLAIN) {
+			char shash[64];
+
+			hash_defaults(shash, sizeof(shash));
+			tfc_say("Defaults hash: %s", shash);
+			memset(shash, 0, sizeof(shash));
+		}
 		xexit(0);
 	}
 
-	if ((strlen(progname) <= 9)
+	if (!strcmp(progname, "iotool")) {
+		is_embedded_prog = YES;
+		tfc_say("usage: %s [-E how] [-l length] [-O opts] [-aqvw] [-V secs] [source] [output]", progname);
+		tfc_say("\n");
+		tfc_say("%s: do dd-like input/output, writing source to output whole or partially.", progname);
+		tfc_say("  -E how: how to behave on I/O errors (both src or dst):");
+		tfc_say("    exit: print error if not quiet, then exit,");
+		tfc_say("    cont: print error if not quiet, then continue,");
+		tfc_say("      no action to pad missing data is attempted.");
+		tfc_say("      may be dangerous when working with block devices.");
+		tfc_say("    sync: print error if not quiet, then continue,");
+		tfc_say("      pad missing data block with zeroes.");
+		tfc_say("    lsync: same as sync, but does not use SEEK_SET logic,");
+		tfc_say("      lsync uses only relative seek operations, and does not prequery");
+		tfc_say("      the current file position for exact offsets, which maybe unsafe.");
+		tfc_say("      For this reason, it is HIGHLY recommended to use sync instead!");
+		tfc_say("      Note that both sync and lsync work only with read errors!");
+		tfc_say("  default error action is exit with printing status if not quiet.");
+		tfc_say("  -E xall: turn on error actions above for all errors, not just EIO errors.");
+		tfc_say("  -E xseek: ignore positioning and other seek related errors.");
+		tfc_say("    Multiple -E specifiers may be given in separate options.");
+		tfc_say("  -a: shortcut of -O xtime.");
+		tfc_say("  -l length: read only these first bytes of source.");
+		tfc_say("  -O opts: set options (comma separated list):");
+		tfc_say("    sync: request a synchronous I/O for a output,");
+		tfc_say("    fsync: on each write() call a corresponding fsync(fd),");
+		tfc_say("    trunc: open(O_WRONLY) will truncate output file to zero size.");
+		tfc_say("    pad: pad incomplete (l.t. %u bytes) block with zeroes.", TFC_U(TF_BLOCK_SIZE));
+		tfc_say("    xtime: copy timestamps from source to destination files.");
+		tfc_say("    gibsize: use SI units of size: 1k = 1000. Applies only to size prefixes.");
+		tfc_say("    Computers convention is to use 1024, whereas SI/hdd measure in 1000.");
+		tfc_say("    plainstats: force status line to be plain: no fancy dynamic stuff.");
+		tfc_say("    Dynamic line works well only on VT100 compatible ttys, and");
+		tfc_say("    when the whole status line width is smaller than tty width.");
+		tfc_say("    statless: emit less information in status line (only processed data).");
+		tfc_say("    iobs=val: set IO block size value. Must not exceed %u bytes.", TFC_U(TFC_BLKSIZE));
+		tfc_say("    iseek=val: seek source file/device by these val bytes.");
+		tfc_say("    oseek=val: seek destination file/device by these val bytes.");
+		tfc_say("    count=val: process only these val bytes, both input and output.");
+		tfc_say("    ftrunc=val: truncate output file to these val bytes before closing it.");
+		tfc_say("    ftrunc=tail: truncate output's tail, leaving only processed data.");
+		tfc_say("  -w: overwrite source file. If not file, ignored.");
+		tfc_say("  -q: always be quiet, never tell anything (except when signaled).");
+		tfc_say("  -v: print number of read and written encrypted bytes, and explain stages.");
+		tfc_say("  -V seconds: activate timer that will repeatedly print statistics to stderr.");
+		tfc_say("\n");
+	}
+	else if ((strlen(progname) <= 9)
 	&& ((!strcmp(progname, "sksum"))
 	|| ((!memcmp(progname, "sk", 2))
 	&& (!memcmp(progname+3, "sum", 3)
@@ -118,7 +184,7 @@ void usage(void)
 		tfc_say("them is specified as \"-\", then reads are performed from stdin.");
 		tfc_say("\n");
 	}
-	else if (!strcmp(progname, "base64")) {
+	else if (!strcmp(progname, "tfbase64")) {
 		is_embedded_prog = YES;
 		tfc_say("usage: %s [-ed] [source] [output]", progname);
 		tfc_say("\n");
@@ -151,6 +217,8 @@ void usage(void)
 	tfc_say("convert encrypted data into ASCII format to ease transmission.");
 	tfc_say("\n");
 	tfc_say("  -e, -d: encrypt, decrypt (it maybe required).");
+	tfc_say("  -L <file>: load tfcrypt defaults from file.");
+	tfc_say("    defaults is text file which defines salt, nr_turns and default mode.");
 	tfc_say("  -s <file>: load tfcrypt salt from file.");
 	tfc_say("  -s disable: disable key salting at all.");
 	tfc_say("  -p: instead of using key, ask for password.");
@@ -158,8 +226,7 @@ void usage(void)
 	tfc_say("  -z: ask for key in plain C string form through password asker.");
 	tfc_say("  -x: ask for key in hex string form through password asker.");
 	tfc_say("  -K <file>: generate key from keyfile or password and write it to file.");
-	tfc_say("  -T: enable tfcrypt1 old mode (useful only for old encryptions).");
-	tfc_say("  -t <file>: use tweak from file (useful only for old encryptions).");
+	tfc_say("  -t <file>: use (raw) tweak from file.");
 	tfc_say("  -w: overwrite source file. If not file, ignored.");
 	tfc_say("  -n TURNS: number of turns to perform in Skein function.");
 	tfc_say("    Default is always defined when building tfcrypt.");
@@ -169,6 +236,12 @@ void usage(void)
 	tfc_say("    show: do default action, then dump CTR value to stderr,");
 	tfc_say("    head: when decrypting, read CTR from beginning of stream,");
 	tfc_say("    rand: generate random CTR and write it to beginning of stream,");
+	tfc_say("    zero: assume zero CTR is used, do not read from and write it to stream,");
+	tfc_say("    hexc:nr[,hexc:nr,...]: construct counter from given pattern.");
+	tfc_say("      Example: \"ff:124,08:2,80:2\" will fill counter first with 124 0xff bytes,");
+	tfc_say("      then with 2 0x08 bytes, then 2 0x80 bytes. To fill with zeroes, it is");
+	tfc_say("      simple to specify just a \"0:128\" as a pattern. Note that bytes that");
+	tfc_say("      exceed CTR space will be just dropped, and any unused bytes are set to zeroes.");
 	tfc_say("    <file>: read CTR from given file (both when encrypting/decrypting).");
 	tfc_say("      default is to derive CTR from user provided password or keyfile with");
 	tfc_say("      a single Skein function turn over derived, %u byte raw key", TFC_U(TF_KEY_SIZE));
@@ -176,6 +249,7 @@ void usage(void)
 	tfc_say("  -v: print number of read and written encrypted bytes, and explain stages.");
 	tfc_say("  -V seconds: activate timer that will repeatedly print statistics to stderr.");
 	tfc_say("  -a: shortcut of -O xtime.");
+	tfc_say("  -l length: read only these first bytes of source.");
 	tfc_say("  -r <file>: specify random source instead of /dev/urandom.");
 	tfc_say("  -R nr_bytes: generate nr_bytes of random bytes suitable for use as key data.");
 	tfc_say("    -R also supports these aliases specified instead of nr_bytes:");
@@ -206,7 +280,11 @@ void usage(void)
 	tfc_say("    -: read a detached MAC signature from stdin,");
 	tfc_say("    drop: do not verify attached MAC, if any, and drop it from output.");
 	tfc_say("  -m: just verify MAC provided with -M. Do not write output file.");
-	tfc_say("    This option must be specified after -M.");
+	tfc_say("  -u: almost same as -m, but turns on MAC pre-test mode, when verified");
+	tfc_say("    signature enables writing output file. It is useful when decrypting small texts.");
+	tfc_say("    The source must be a seekable file, otherwise this mode will be disabled.");
+	tfc_say("    In this mode, decryption is done twice and verification done once.");
+	tfc_say("    Both -m and -u options must be specified after -M.");
 	tfc_say("  -E how: how to behave on I/O errors (both src or dst):");
 	tfc_say("    exit: print error if not quiet, then exit,");
 	tfc_say("    cont: print error if not quiet, then continue,");
@@ -223,6 +301,7 @@ void usage(void)
 	tfc_say("  -E xall: turn on error actions above for all errors, not just EIO errors.");
 	tfc_say("  -E xseek: ignore positioning and other seek related errors.");
 	tfc_say("    Multiple -E specifiers may be given in separate options.");
+	tfc_say("  -o logfile: redirect all messages to logfile instead of stderr.");
 	tfc_say("  -O opts: set options (comma separated list):");
 	tfc_say("    sync: request a synchronous I/O for a output,");
 	tfc_say("    fsync: on each write() call a corresponding fsync(fd),");
@@ -236,9 +315,12 @@ void usage(void)
 	tfc_say("    when the whole status line width is smaller than tty width.");
 	tfc_say("    statless: emit less information in status line (only processed data).");
 	tfc_say("    norepeat: do not ask for any possible password confirmations.");
+	tfc_say("    showsecrets: show passwords in plaintext instead of masking them.");
+	tfc_say("    finished: add \"finished\" word before status line when work is finished.");
 	tfc_say("    prompt=str: set main password prompts to this string.");
 	tfc_say("    macprompt=str: set MAC password prompts to this string.");
 	tfc_say("    shorthex: with -H, do not print printable characters, dump only hex string.");
+	tfc_say("    logfile: (same as -o) redirect all messages to logfile instead of stderr.");
 	tfc_say("    iobs=val: set IO block size value. Must not exceed %u bytes.", TFC_U(TFC_BLKSIZE));
 	tfc_say("    xtsblocks=val: use these nr of TF blocks per XTS block. Default is %u.", TFC_U(TFC_XTSBLOCKS));
 	tfc_say("    iseek=val: seek source file/device by these val bytes.");
@@ -252,9 +334,12 @@ void usage(void)
 	tfc_say("    Internally this number is translated into number of %u byte blocks.", TFC_U(TF_BLOCK_SIZE));
 	tfc_say("    oseek=val: seek destination file/device by these val bytes.");
 	tfc_say("    count=val: process only these val bytes, both input and output.");
+	tfc_say("    ftrunc=val: truncate output file to these val bytes before closing it.");
+	tfc_say("    ftrunc=tail: truncate output's tail, leaving only processed data.");
 	tfc_say("    xkey=val: take only val bytes from user keyfile.");
 	tfc_say("    okey=val: seek the key before reading it (usually a device).");
 	tfc_say("    xctr=val: specify size in bytes of initial counter prepended or read.");
+	tfc_say("    fullkey: occupy tweak space by key space, extending key size by 256 bits.");
 	tfc_say("  -P: plain IO mode: disable encryption/decryption code at all.");
 	tfc_say("\n");
 	tfc_say("Default is to ask for password, then encrypt stdin into stdout.");