Rename salt-method to base-salt

Erotemic · Erotemic · commit 2262fb74b178 · 2022-07-03T13:52:01.000-04:00
diff --git a/tests/test_transcrypt.py b/tests/test_transcrypt.py
@@ -26,7 +26,7 @@ class Transcrypt(ub.NiceRepr):
         >>> sandbox = DemoSandbox(verbose=1, dpath='special:cache').setup()
         >>> config = {'digest': 'sha256',
         >>>           'kdf': 'pbkdf2',
-        >>>           'salt_method': '665896be121e1a0a4a7b18f01780061'}
+        >>>           'base_salt': '665896be121e1a0a4a7b18f01780061'}
         >>> self = Transcrypt(sandbox.repo_dpath,
         >>>                   config=config, env=sandbox.env, verbose=1)
         >>> print(self.version())
@@ -57,7 +57,7 @@ class Transcrypt(ub.NiceRepr):
         'password': None,
         'digest': 'md5',
         'kdf': 'none',
-        'salt_method': 'password',
+        'base_salt': 'password',
     }
 
     def __init__(self, dpath, config=None, env=None, transcript_exe=None, verbose=0):
@@ -89,7 +89,7 @@ def _config_args(self):
             "-p", self.config['password'],
             "-md", self.config['digest'],
             "--kdf", self.config['kdf'],
-            "-sm", self.config['salt_method'],
+            "-bs", self.config['base_salt'],
         ]
         args = [template.format(**self.config) for template in arg_templates]
         return args
@@ -111,7 +111,7 @@ def login(self):
         args = self._config_args()
         command = [str(self.transcript_exe), *args, '-y']
         self._cmd(command)
-        self.config['salt_method'] = self._load_unversioned_config()['salt_method']
+        self.config['base_salt'] = self._load_unversioned_config()['base_salt']
 
     def logout(self):
         """
@@ -127,7 +127,7 @@ def rekey(self, new_config):
         args = self._config_args()
         command = [str(self.transcript_exe), '--rekey', *args, '-y']
         self._cmd(command)
-        self.config['salt_method'] = self._load_unversioned_config()['salt_method']
+        self.config['base_salt'] = self._load_unversioned_config()['base_salt']
 
     def display(self):
         """
@@ -202,7 +202,7 @@ def _load_unversioned_config(self):
             'cipher': self._cmd('git config --get --local transcrypt.cipher')['out'].strip(),
             'digest': self._cmd('git config --get --local transcrypt.digest')['out'].strip(),
             'kdf': self._cmd('git config --get --local transcrypt.kdf')['out'].strip(),
-            'salt_method': self._cmd('git config --get --local transcrypt.salt-method')['out'].strip(),
+            'base_salt': self._cmd('git config --get --local transcrypt.base-salt')['out'].strip(),
             'password': self._cmd('git config --get --local transcrypt.password')['out'].strip(),
             'openssl_path': self._cmd('git config --get --local transcrypt.openssl-path')['out'].strip(),
         }
@@ -237,6 +237,8 @@ def setup(self):
         self._setup_gpghome()
         self._setup_gitrepo()
         self._setup_contents()
+        if self.verbose > 2:
+            self._show_manual_env_setup()
         return self
 
     def _setup_gpghome(self):
@@ -262,6 +264,8 @@ def _setup_gpghome(self):
         ub.cmd('find ' + str(self.gpg_home) + r' -type f -exec chmod 600 {} \;', shell=True, cwd=self.gpg_home)
         ub.cmd('find ' + str(self.gpg_home) + r' -type d -exec chmod 700 {} \;', shell=True, cwd=self.gpg_home)
         self.env['GNUPGHOME'] = str(self.gpg_home)
+        if self.verbose:
+            pass
 
     def _setup_gitrepo(self):
         if self.verbose:
@@ -298,7 +302,7 @@ def _setup_contents(self):
         self.secret_fpath = self.safe_dpath / 'secret.txt'
         self.secret_fpath.write_text('secret content')
 
-    def _manual_hack_info(self):
+    def _show_manual_env_setup(self):
         """
         Info on how to get an env to run a failing command manually
         """
@@ -393,7 +397,7 @@ def test_rekey(self):
             'password': '12345',
             'digest': 'sha256',
             'kdf': 'pbkdf2',
-            'salt_method': 'random',
+            'base_salt': 'random',
         }
         raw_before = self.tc.show_raw(self.sandbox.secret_fpath)
         self.tc.rekey(new_config)
@@ -408,7 +412,7 @@ def test_legacy_defaults():
         'password': 'correct horse battery staple',
         'digest': 'md5',
         'kdf': 'none',
-        'salt_method': 'password',
+        'base_salt': 'password',
     }
     verbose = 1
     self = TestCases(config=config, verbose=verbose)
@@ -423,7 +427,7 @@ def test_secure_defaults():
         'password': 'correct horse battery staple',
         'digest': 'sha512',
         'kdf': 'pbkdf2',
-        'salt_method': 'random',
+        'base_salt': 'random',
     }
     verbose = 1
     self = TestCases(config=config, verbose=verbose)
@@ -438,19 +442,19 @@ def test_configured_salt_changes_on_rekey():
         'password': 'correct horse battery staple',
         'digest': 'sha512',
         'kdf': 'pbkdf2',
-        'salt_method': 'random',
+        'base_salt': 'random',
     }
     verbose = 1
     self = TestCases(config=config, verbose=verbose)
     self.setup()
     before_config = self.tc._load_unversioned_config()
-    self.tc.rekey({'password': '12345', 'salt_method': ''})
+    self.tc.rekey({'password': '12345', 'base_salt': ''})
     self.sandbox.git.commit('-am commit rekey')
     after_config = self.tc._load_unversioned_config()
     assert before_config['password'] != after_config['password']
     assert before_config['cipher'] == after_config['cipher']
     assert before_config['kdf'] == after_config['kdf']
-    assert before_config['salt_method'] == after_config['salt_method']
+    assert before_config['base_salt'] == after_config['base_salt']
     assert before_config['openssl_path'] == after_config['openssl_path']
 
 
@@ -463,7 +467,7 @@ def test_configuration_grid():
         >>> from test_transcrypt import *  # NOQA
         >>> self = TestCases()
         >>> self.setup()
-        >>> self.sandbox._manual_hack_info()
+        >>> self.sandbox._show_manual_env_setup()
         >>> self.test_round_trip()
         >>> self.test_export_gpg()
     """
@@ -473,10 +477,10 @@ def test_configuration_grid():
         'password': ['correct horse battery staple'],
         'digest': ['md5', 'sha256'],
         'kdf': ['none', 'pbkdf2'],
-        'salt_method': ['password', 'random', 'mylittlecustomsalt'],
+        'base_salt': ['password', 'random', 'mylittlecustomsalt'],
     }
     test_grid = list(ub.named_product(basis))
-    verbose = 0
+    verbose = 3
     dpath = 'special:temp'
     dpath = 'special:cache'
     for params in ub.ProgIter(test_grid, desc='test configs', freq=1):
@@ -485,7 +489,7 @@ def test_configuration_grid():
         self.setup()
         if 1:
             # Manual debug
-            self.sandbox._manual_hack_info()
+            self.sandbox._show_manual_env_setup()
 
         self.test_round_trip()
         self.test_export_gpg()
diff --git a/transcrypt b/transcrypt
@@ -238,10 +238,10 @@ _load_transcrypt_config_vars() {
 	cipher=$(_load_config_var "transcrypt.cipher") || (echo "failed to load transcrypt.cipher" && false)
 	digest=$(_load_config_var "transcrypt.digest") || (echo "failed to load transcrypt.digest" && false)
 	kdf=$(_load_config_var "transcrypt.kdf") || (echo "failed to load transcrypt.kdf" && false)
-	salt_method=$(_load_config_var "transcrypt.salt-method") || (echo "failed to load transcrypt.salt-method" && false)
+	base_salt=$(_load_config_var "transcrypt.base-salt") || (echo "failed to load transcrypt.base-salt" && false)
 	openssl_path=$(_load_config_var "transcrypt.openssl-path") || (echo "failed to load transcrypt.openssl-path" && false)
 	password=$(_load_unversioned_config_var transcrypt.password) || (echo "failed to load transcrypt.password" && false)
-	ensure_salt_method
+	ensure_base_salt
 	validate_kdf || die "invalid value of kdf in config"
 	validate_digest || die "invalid value of digest in config"
 }
@@ -254,12 +254,12 @@ _load_vars_for_encryption() {
 		pbkdf2_arg='-pbkdf2'
 	fi
 
-	if [[ "$salt_method" == "password" ]]; then
+	if [[ "$base_salt" == "password" ]]; then
 		extra_salt=$password
-	elif [[ "$salt_method" == "" ]]; then
+	elif [[ "$base_salt" == "" ]]; then
 		die "salt must be specified"
 	else
-		extra_salt=$salt_method
+		extra_salt=$base_salt
 	fi
 
 	if [[ "$extra_salt" == "" ]]; then
@@ -569,7 +569,7 @@ validate_kdf() {
 	_validate_variable_str "kdf" "0 1 none pbkdf2"
 }
 
-validate_salt_method() {
+validate_base_salt() {
 	true
 }
 
@@ -605,16 +605,15 @@ get_kdf() {
 	_get_user_input kdf "$DEFAULT_KDF" "validate_kdf" "$prompt"
 }
 
-get_salt_method() {
+get_base_salt() {
 	local prompt
-	prompt=$(printf 'Which salt method? [%s] ' "$DEFAULT_SALT_METHOD")
-	if [[ "$salt_method" == "" ]]; then
-		salt_method=$(_load_versioned_config_var "transcrypt.salt-method" || echo "")
-		# echo "Loaded salt_method = $salt_method from local config"
+	prompt=$(printf 'Which base salt? [%s] ' "$DEFAULT_SALT_METHOD")
+	if [[ "$base_salt" == "" ]]; then
+		base_salt=$(_load_versioned_config_var "transcrypt.base-salt" || echo "")
+		# echo "Loaded base_salt = $base_salt from local config"
 	fi
-	_get_user_input salt_method "$DEFAULT_SALT_METHOD" "validate_salt_method" "$prompt"
-	ensure_salt_method
-	# echo "Got salt_method = $salt_method"
+	_get_user_input base_salt "$DEFAULT_SALT_METHOD" "validate_base_salt" "$prompt"
+	ensure_base_salt
 }
 
 # ensure we have a password to encrypt with
@@ -642,17 +641,17 @@ get_password() {
 	done
 }
 
-ensure_salt_method() {
+ensure_base_salt() {
 	# Check if randomized salt needs to be written
-	if [[ "$salt_method" == "random" ]]; then
+	if [[ "$base_salt" == "random" ]]; then
 		# Replace random with something random.
-		# If we have not configured the salt_method (or we need to rekey),
+		# If we have not configured the base_salt (or we need to rekey),
 		# then generate new random salt
-		salt_method=$(openssl rand -hex 32)
+		base_salt=$(openssl rand -hex 32)
 	fi
-	if [[ $rekey ]] && [[ $salt_method != "password" ]]; then
+	if [[ $rekey ]] && [[ $base_salt != "password" ]]; then
 		# Assume we want a new random salt unless we are explicitly using password
-		salt_method=$(openssl rand -hex 32)
+		base_salt=$(openssl rand -hex 32)
 	fi
 }
 
@@ -767,7 +766,7 @@ save_configuration() {
 	_set_config_var "transcrypt.cipher" "$cipher"
 	_set_config_var "transcrypt.digest" "$digest"
 	_set_config_var "transcrypt.kdf" "$kdf"
-	_set_config_var "transcrypt.salt-method" "$salt_method"
+	_set_config_var "transcrypt.base-salt" "$base_salt"
 	_set_unversioned_config_var "transcrypt.openssl-path" "$openssl_path"
 	_set_unversioned_config_var "transcrypt.password" "$password"
 
@@ -816,9 +815,9 @@ _display_git_configuration() {
 _display_runtime_configuration() {
 	printf '  DIGEST:  %s\n' "$digest"
 	printf '  KDF: %s\n' "$kdf"
-	printf '  SALT_METHOD: %s\n' "$salt_method"
-	if [[ "$salt_method" == "configured" ]]; then
-		printf '  CONFIG_SALT: %s\n' "$salt_method"
+	printf '  SALT_METHOD: %s\n' "$base_salt"
+	if [[ "$base_salt" == "configured" ]]; then
+		printf '  CONFIG_SALT: %s\n' "$base_salt"
 	fi
 	printf '  CIPHER:   %s\n' "$cipher"
 	printf '  PASSWORD: %s\n\n' "$password"
@@ -833,8 +832,8 @@ display_configuration() {
 	_display_git_configuration
 	_display_runtime_configuration
 	printf 'Copy and paste the following command to initialize a cloned repository:\n\n'
-	printf "  transcrypt -c '%s' -p '%s' -md '%s' --kdf '%s' -sm '%s'\n" \
-		"$cipher" "$escaped_password" "$digest" "$kdf" "$salt_method"
+	printf "  transcrypt -c '%s' -p '%s' -md '%s' --kdf '%s' -bs '%s'\n" \
+		"$cipher" "$escaped_password" "$digest" "$kdf" "$base_salt"
 }
 
 # remove transcrypt-related settings from the repository's git config
@@ -1114,8 +1113,8 @@ export_gpg() {
 
 	local gpg_encrypt_cmd="gpg --batch --recipient $gpg_recipient --trust-model always --yes --armor --quiet --encrypt -"
 	#printf 'password=%s\ncipher=%s\n' "$current_password" "$current_cipher" | $gpg_encrypt_cmd >"${CRYPT_DIR}/${gpg_recipient}.asc"
-	printf 'password=%s\ncipher=%s\ndigest=%s\nkdf=%s\nsalt_method=%s\n\n' \
-		"$password" "$cipher" "$digest" "$kdf" "$salt_method" |
+	printf 'password=%s\ncipher=%s\ndigest=%s\nkdf=%s\nbase_salt=%s\n\n' \
+		"$password" "$cipher" "$digest" "$kdf" "$base_salt" |
 		$gpg_encrypt_cmd >"${CRYPT_DIR}/${gpg_recipient}.asc"
 	printf "The transcrypt configuration has been encrypted and exported to:\n%s/crypt/%s.asc\n" "$GIT_DIR" "$gpg_recipient"
 }
@@ -1151,8 +1150,8 @@ import_gpg() {
 	password=$(printf '%s' "$configuration" | grep '^password' | cut -d'=' -f 2-)
 	digest=$(printf '%s' "$configuration" | grep '^digest' | cut -d'=' -f 2-)
 	kdf=$(printf '%s' "$configuration" | grep '^kdf' | cut -d'=' -f 2-)
-	salt_method=$(printf '%s' "$configuration" | grep '^salt_method' | cut -d'=' -f 2-)
-	salt_method=$(printf '%s' "$configuration" | grep '^salt_method' | cut -d'=' -f 2-)
+	base_salt=$(printf '%s' "$configuration" | grep '^base_salt' | cut -d'=' -f 2-)
+	base_salt=$(printf '%s' "$configuration" | grep '^base_salt' | cut -d'=' -f 2-)
 }
 
 # print this script's usage message to stderr
@@ -1202,7 +1201,7 @@ help() {
 		     -pbkdf2
 		            equivalent to passing --kdf2='pbkdf2'
 
-		     -sm, --salt_method=SALT_METHOD
+		     -bs, --base-salt=SALT_METHOD
 		            Method used to compute deterministic salt; can be 'password', 'random',
 		            or a custom string to be used as the salt. Unless set to password,
 		            the salt is randomized on a rekey.
@@ -1314,8 +1313,8 @@ transcrypt_main() {
 	openssl_path='openssl'
 	kdf=''
 	digest=''
-	salt_method=''
-	salt_method=''
+	base_salt=''
+	base_salt=''
 
 	# used to bypass certain safety checks
 	requires_existing_config=''
@@ -1374,12 +1373,12 @@ transcrypt_main() {
 		--kdf=*)
 			kdf=${1#*=}
 			;;
-		-sm | --salt-method)
-			salt_method=$2
+		-bs | --base-salt)
+			base_salt=$2
 			shift
 			;;
-		--salt-method=*)
-			salt_method=${1#*=}
+		--base-salt=*)
+			base_salt=${1#*=}
 			;;
 		-p | --password)
 			password=$2
@@ -1520,7 +1519,7 @@ transcrypt_main() {
 	get_cipher
 	get_digest
 	get_kdf
-	get_salt_method
+	get_base_salt
 	get_password
 
 	if [[ $rekey ]] && [[ $interactive ]]; then
