corosync-keygen: Make less-secure default

/dev/urandom is good enough for crypto keys and it's not blocking. If
superb randomness is really needed, it's possible to use newly added
option -r.

Also manpage is reworked a bit to use .nf instead of many .br.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>

man/corosync-keygen.8

@@ -35,7 +35,7 @@
 .SH NAME
 corosync-keygen \- Generate an authentication key for Corosync.
 .SH SYNOPSIS
-.B "corosync-keygen [\-k <filename>] [\-s size] [\-l] [\-h]"
+.B "corosync-keygen [\-k <filename>]  [-m <randomfile>] [\-s size] [\-l] [\-h]"
 .SH DESCRIPTION
 
 If you want to configure corosync to use cryptographic techniques to ensure authenticity
@@ -57,8 +57,6 @@ unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/
 If a message "Invalid digest" appears from the corosync executive, the keys
 are not consistent between processors.
 .PP
-.B Note: corosync-keygen
-will ask for user input to assist in generating entropy unless the -l option is used.
 .SH OPTIONS
 .TP
 .B -k <filename>
@@ -66,13 +64,16 @@ This specifies the fully qualified path to the shared key to create.
 .br
 The default is /etc/corosync/authkey.
 .TP
+.B -r
+Random number source file. Default is /dev/urandom. As an example /dev/random may be
+used when really superb randomness is needed.
+.TP
 .B -s size
 Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
 .TP
+.TP
 .B -l
-Use a less secure random data source that will not require user input to help generate
-entropy.  This may be useful when this utility is used from a script or hardware random number
-generator is not available (f.e. in virtual machine).
+Option is not used and it's kept only for compatibility.
 .TP
 .B -h
 Print basic usage.
@@ -80,22 +81,38 @@ Print basic usage.
 .SH EXAMPLES
 .TP
 Generate the key.
-.PP
+.nf
 # corosync-keygen
-.br
 Corosync Cluster Engine Authentication key generator.
-.br
-Gathering 8192 bits for key from /dev/random.
-.br
-Press keys on your keyboard to generate entropy.
-.br
-.PP
-$ corosync-keygen -l -k /tmp/authkey
-.br
+Gathering 8192 bits for key from /dev/urandom.
+Writing corosync key to /etc/corosync/authkey
+.fi
+
+.TP
+Generate longer key and store it in the /tmp/authkey file.
+.nf
+$ corosync-keygen -s 2048 -k /tmp/authkey
 Corosync Cluster Engine Authentication key generator.
-.br
+Gathering 16384 bits for key from /dev/urandom.
 Writing corosync key to /tmp/authkey.
-.br
+.fi
+
+.TP
+Generate superb key using /dev/random
+.nf
+# corosync-keygen -r /dev/random
+Corosync Cluster Engine Authentication key generator.
+Gathering 8192 bits for key from /dev/random.
+Press keys on your keyboard to generate entropy.
+Press keys on your keyboard to generate entropy (bits = 96).
+Press keys on your keyboard to generate entropy (bits = 144).
+Press keys on your keyboard to generate entropy (bits = 192).
+ ...
+Press keys on your keyboard to generate entropy (bits = 8112).
+Press keys on your keyboard to generate entropy (bits = 8160).
+Writing corosync key to /etc/corosync/authkey.
+.fi
+
 .SH SEE ALSO
 .BR corosync_overview (8),
 .BR corosync.conf (5),

tools/corosync-keygen.c

@@ -54,16 +54,17 @@
 
 #define DEFAULT_KEYFILE_LEN		TOTEM_PRIVATE_KEY_LEN_MIN
 
-#define DEFAULT_RANDOM_DEV		"/dev/random"
+#define DEFAULT_RANDOM_DEV		"/dev/urandom"
 
 static const char usage[] =
-	"Usage: corosync-keygen [-k <keyfile>] [-l] [-h]\n"
+	"Usage: corosync-keygen [-k <keyfile>] [-s size] [-m <randomfile>] [-l] [-h]\n"
 	"     -k / --key-file=<filename> -  Write to the specified keyfile\n"
 	"            instead of the default " DEFAULT_KEYFILE ".\n"
-	"     -l / --less-secure -  Use a less secure random number source\n"
-	"            (/dev/urandom) that is guaranteed not to require user\n"
-	"            input for entropy.  This can be used when this\n"
-	"            application is used from a script.\n"
+	"     -r / --random-file -  Random number source file. Default is \n"
+	"            /dev/urandom. As an example /dev/random may be requested\n"
+	"            (that may require user input for entropy).\n"
+	"     -l / --less-secure - Not used, option is kept only\n"
+	"            for compatibility.\n"
 	"     -s / --size -  Length of key.\n"
 	"     -h / --help -  Print basic usage.\n";
 
@@ -82,34 +83,37 @@ int main (int argc, char *argv[])
 	char *ep;
 	int c;
 	int option_index;
-	int less_secure = 0;
 	static struct option long_options[] = {
 		{ "key-file",    required_argument, NULL, 'k' },
 		{ "less-secure", no_argument,       NULL, 'l' },
+		{ "random-file", required_argument, NULL, 'r' },
 		{ "size",        required_argument, NULL, 's' },
 		{ "help",        no_argument,       NULL, 'h' },
 		{ 0,             0,                 NULL, 0   },
 	};
 
-	while ((c = getopt_long (argc, argv, "k:s:lh",
+	while ((c = getopt_long (argc, argv, "k:r:s:lh",
 			long_options, &option_index)) != -1) {
 		switch (c) {
 		case 'k':
 			keyfile = optarg;
 			break;
 		case 'l':
-			less_secure = 1;
-			random_dev = "/dev/urandom";
+			/*
+			 * Only kept for compatibility
+			 */
+			break;
+		case 'r':
+			random_dev = optarg;
 			break;
 		case 's':
 			tmpll = strtoll(optarg, &ep, 10);
 			if (tmpll < TOTEM_PRIVATE_KEY_LEN_MIN ||
 			    tmpll > TOTEM_PRIVATE_KEY_LEN_MAX ||
 			    errno != 0 || *ep != '\0') {
-				printf ("Unsupported key size (supported <%u,%u>)\n",
+				errx (1, "Unsupported key size (supported <%u,%u>)\n",
 				    TOTEM_PRIVATE_KEY_LEN_MIN,
 				    TOTEM_PRIVATE_KEY_LEN_MAX);
-				exit(1);
 			}
 
 			key_len = (size_t)tmpll;
@@ -137,7 +141,7 @@ int main (int argc, char *argv[])
 		err (1, "Failed to open random source");
 	}
 
-	if (!less_secure) {
+	if (strcmp(random_dev, "/dev/random") == 0) {
 		printf ("Press keys on your keyboard to generate entropy.\n");
 	}
 	/*