From 0924b068111bab9cfbfc8716db8c8c1c9f0a6c65 Mon Sep 17 00:00:00 2001 From: Jan Friesse Date: Fri, 23 Jun 2017 14:31:53 +0200 Subject: [PATCH] corosync-keygen: Make less-secure default /dev/urandom is good enough for crypto keys and it's not blocking. If superb randomness is really needed, it's possible to use newly added option -r. Also manpage is reworked a bit to use .nf instead of many .br. Signed-off-by: Jan Friesse Reviewed-by: Christine Caulfield --- man/corosync-keygen.8 | 53 +++++++++++++++++++++++++++-------------- tools/corosync-keygen.c | 30 +++++++++++++---------- 2 files changed, 52 insertions(+), 31 deletions(-) diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 index 41ae470a..e87f1adf 100644 --- a/man/corosync-keygen.8 +++ b/man/corosync-keygen.8 @@ -35,7 +35,7 @@ .SH NAME corosync-keygen \- Generate an authentication key for Corosync. .SH SYNOPSIS -.B "corosync-keygen [\-k ] [\-s size] [\-l] [\-h]" +.B "corosync-keygen [\-k ] [-m ] [\-s size] [\-l] [\-h]" .SH DESCRIPTION If you want to configure corosync to use cryptographic techniques to ensure authenticity @@ -57,8 +57,6 @@ unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/ If a message "Invalid digest" appears from the corosync executive, the keys are not consistent between processors. .PP -.B Note: corosync-keygen -will ask for user input to assist in generating entropy unless the -l option is used. .SH OPTIONS .TP .B -k @@ -66,13 +64,16 @@ This specifies the fully qualified path to the shared key to create. .br The default is /etc/corosync/authkey. .TP +.B -r +Random number source file. Default is /dev/urandom. As an example /dev/random may be +used when really superb randomness is needed. +.TP .B -s size Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>. .TP +.TP .B -l -Use a less secure random data source that will not require user input to help generate -entropy. This may be useful when this utility is used from a script or hardware random number -generator is not available (f.e. in virtual machine). +Option is not used and it's kept only for compatibility. .TP .B -h Print basic usage. @@ -80,22 +81,38 @@ Print basic usage. .SH EXAMPLES .TP Generate the key. -.PP +.nf # corosync-keygen -.br Corosync Cluster Engine Authentication key generator. -.br -Gathering 8192 bits for key from /dev/random. -.br -Press keys on your keyboard to generate entropy. -.br -.PP -$ corosync-keygen -l -k /tmp/authkey -.br +Gathering 8192 bits for key from /dev/urandom. +Writing corosync key to /etc/corosync/authkey +.fi + +.TP +Generate longer key and store it in the /tmp/authkey file. +.nf +$ corosync-keygen -s 2048 -k /tmp/authkey Corosync Cluster Engine Authentication key generator. -.br +Gathering 16384 bits for key from /dev/urandom. Writing corosync key to /tmp/authkey. -.br +.fi + +.TP +Generate superb key using /dev/random +.nf +# corosync-keygen -r /dev/random +Corosync Cluster Engine Authentication key generator. +Gathering 8192 bits for key from /dev/random. +Press keys on your keyboard to generate entropy. +Press keys on your keyboard to generate entropy (bits = 96). +Press keys on your keyboard to generate entropy (bits = 144). +Press keys on your keyboard to generate entropy (bits = 192). + ... +Press keys on your keyboard to generate entropy (bits = 8112). +Press keys on your keyboard to generate entropy (bits = 8160). +Writing corosync key to /etc/corosync/authkey. +.fi + .SH SEE ALSO .BR corosync_overview (8), .BR corosync.conf (5), diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c index e2b685d0..56607a9b 100644 --- a/tools/corosync-keygen.c +++ b/tools/corosync-keygen.c @@ -54,16 +54,17 @@ #define DEFAULT_KEYFILE_LEN TOTEM_PRIVATE_KEY_LEN_MIN -#define DEFAULT_RANDOM_DEV "/dev/random" +#define DEFAULT_RANDOM_DEV "/dev/urandom" static const char usage[] = - "Usage: corosync-keygen [-k ] [-l] [-h]\n" + "Usage: corosync-keygen [-k ] [-s size] [-m ] [-l] [-h]\n" " -k / --key-file= - Write to the specified keyfile\n" " instead of the default " DEFAULT_KEYFILE ".\n" - " -l / --less-secure - Use a less secure random number source\n" - " (/dev/urandom) that is guaranteed not to require user\n" - " input for entropy. This can be used when this\n" - " application is used from a script.\n" + " -r / --random-file - Random number source file. Default is \n" + " /dev/urandom. As an example /dev/random may be requested\n" + " (that may require user input for entropy).\n" + " -l / --less-secure - Not used, option is kept only\n" + " for compatibility.\n" " -s / --size - Length of key.\n" " -h / --help - Print basic usage.\n"; @@ -82,34 +83,37 @@ int main (int argc, char *argv[]) char *ep; int c; int option_index; - int less_secure = 0; static struct option long_options[] = { { "key-file", required_argument, NULL, 'k' }, { "less-secure", no_argument, NULL, 'l' }, + { "random-file", required_argument, NULL, 'r' }, { "size", required_argument, NULL, 's' }, { "help", no_argument, NULL, 'h' }, { 0, 0, NULL, 0 }, }; - while ((c = getopt_long (argc, argv, "k:s:lh", + while ((c = getopt_long (argc, argv, "k:r:s:lh", long_options, &option_index)) != -1) { switch (c) { case 'k': keyfile = optarg; break; case 'l': - less_secure = 1; - random_dev = "/dev/urandom"; + /* + * Only kept for compatibility + */ + break; + case 'r': + random_dev = optarg; break; case 's': tmpll = strtoll(optarg, &ep, 10); if (tmpll < TOTEM_PRIVATE_KEY_LEN_MIN || tmpll > TOTEM_PRIVATE_KEY_LEN_MAX || errno != 0 || *ep != '\0') { - printf ("Unsupported key size (supported <%u,%u>)\n", + errx (1, "Unsupported key size (supported <%u,%u>)\n", TOTEM_PRIVATE_KEY_LEN_MIN, TOTEM_PRIVATE_KEY_LEN_MAX); - exit(1); } key_len = (size_t)tmpll; @@ -137,7 +141,7 @@ int main (int argc, char *argv[]) err (1, "Failed to open random source"); } - if (!less_secure) { + if (strcmp(random_dev, "/dev/random") == 0) { printf ("Press keys on your keyboard to generate entropy.\n"); } /* -- 2.39.5