def luks_format(device,
passphrase=None,
cipher=None, key_size=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase = passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device,
passphrase=None,
cipher=None, key_size=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase=passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device, passphrase, cipher=None, key_size=None, key_file=None, min_entropy=0):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
kwargs = {}
cipherType, cipherMode = None, None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType:
kwargs["cipher"] = cipherType
if cipherMode:
kwargs["cipherMode"] = cipherMode
if key_size:
kwargs["keysize"] = key_size
if min_entropy > 0:
while get_current_entropy() < min_entropy:
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
return rc
rc = cs.addKeyByVolumeKey(newPassphrase=passphrase)
return rc if rc else 0
def luks_format(device,
passphrase,
cipher=None,
key_size=None,
key_file=None,
min_entropy=0):
"""
Format a device as a LUKS device.
:param str device: device identifier
:param str passphrase: passphrase to encrypt with
:param str cipher: cipher to use (if not default)
:param int key_size: key size to use (if not default)
:param str key_file: path to key file to use (optional)
:param int min_entropy: Don't encrypt until system has this much entropy
:returns: 0 on success
"""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
kwargs = {}
cipherType, cipherMode = None, None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType:
kwargs["cipher"] = cipherType
if cipherMode:
kwargs["cipherMode"] = cipherMode
if key_size:
kwargs["keysize"] = key_size
if min_entropy > 0:
while get_current_entropy() < min_entropy:
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
return rc
rc = cs.addKeyByVolumeKey(newPassphrase=passphrase)
return rc if rc else 0
def luks_format(device,
passphrase=None,
cipher=None,
key_size=None,
key_file=None,
min_entropy=0):
"""
Format device as LUKS with the specified parameters.
:param str device: device to format
:param str passphrase: passphrase to add to the new LUKS device
:param str cipher: cipher mode to use
:param int keysize: keysize to use
:param str key_file: key file to use
:param int min_entropy: minimum random data entropy level required for LUKS
format creation (0 means entropy level is not checked)
note::
If some minimum entropy is required (min_entropy > 0), the
function waits for enough entropy to be gathered by the kernel
which may potentially take very long time or even forever.
"""
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
if min_entropy > 0:
# min_entropy == 0 means "don't care"
while get_current_entropy() < min_entropy:
# wait for entropy to become high enough
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase=passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" %
device)
