def luks_format(device, passphrase=None, cipher=None, key_size=None, key_file=None): if not passphrase: raise ValueError("luks_format requires passphrase") cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) #None is not considered as default value and pycryptsetup doesn't accept it #so we need to filter out all Nones kwargs = {} # Split cipher designator to cipher name and cipher mode cipherType = None cipherMode = None if cipher: cparts = cipher.split("-") cipherType = "".join(cparts[0:1]) cipherMode = "-".join(cparts[1:]) if cipherType: kwargs["cipher"] = cipherType if cipherMode: kwargs["cipherMode"] = cipherMode if key_size: kwargs["keysize"] = key_size rc = cs.luksFormat(**kwargs) if rc: raise CryptoError("luks_format failed for '%s'" % device) # activate first keyslot cs.addKeyByVolumeKey(newPassphrase = passphrase) if rc: raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device, passphrase=None, cipher=None, key_size=None, key_file=None): if not passphrase: raise ValueError("luks_format requires passphrase") cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase) #None is not considered as default value and pycryptsetup doesn't accept it #so we need to filter out all Nones kwargs = {} # Split cipher designator to cipher name and cipher mode cipherType = None cipherMode = None if cipher: cparts = cipher.split("-") cipherType = "".join(cparts[0:1]) cipherMode = "-".join(cparts[1:]) if cipherType: kwargs["cipher"] = cipherType if cipherMode: kwargs["cipherMode"] = cipherMode if key_size: kwargs["keysize"] = key_size rc = cs.luksFormat(**kwargs) if rc: raise CryptoError("luks_format failed for '%s'" % device) # activate first keyslot cs.addKeyByVolumeKey(newPassphrase=passphrase) if rc: raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device, passphrase, cipher=None, key_size=None, key_file=None, min_entropy=0): cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog) kwargs = {} cipherType, cipherMode = None, None if cipher: cparts = cipher.split("-") cipherType = "".join(cparts[0:1]) cipherMode = "-".join(cparts[1:]) if cipherType: kwargs["cipher"] = cipherType if cipherMode: kwargs["cipherMode"] = cipherMode if key_size: kwargs["keysize"] = key_size if min_entropy > 0: while get_current_entropy() < min_entropy: time.sleep(1) rc = cs.luksFormat(**kwargs) if rc: return rc rc = cs.addKeyByVolumeKey(newPassphrase=passphrase) return rc if rc else 0
def luks_format(device, passphrase, cipher=None, key_size=None, key_file=None, min_entropy=0): """ Format a device as a LUKS device. :param str device: device identifier :param str passphrase: passphrase to encrypt with :param str cipher: cipher to use (if not default) :param int key_size: key size to use (if not default) :param str key_file: path to key file to use (optional) :param int min_entropy: Don't encrypt until system has this much entropy :returns: 0 on success """ cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc) kwargs = {} cipherType, cipherMode = None, None if cipher: cparts = cipher.split("-") cipherType = "".join(cparts[0:1]) cipherMode = "-".join(cparts[1:]) if cipherType: kwargs["cipher"] = cipherType if cipherMode: kwargs["cipherMode"] = cipherMode if key_size: kwargs["keysize"] = key_size if min_entropy > 0: while get_current_entropy() < min_entropy: time.sleep(1) rc = cs.luksFormat(**kwargs) if rc: return rc rc = cs.addKeyByVolumeKey(newPassphrase=passphrase) return rc if rc else 0
def luks_format(device, passphrase=None, cipher=None, key_size=None, key_file=None, min_entropy=0): """ Format device as LUKS with the specified parameters. :param str device: device to format :param str passphrase: passphrase to add to the new LUKS device :param str cipher: cipher mode to use :param int keysize: keysize to use :param str key_file: key file to use :param int min_entropy: minimum random data entropy level required for LUKS format creation (0 means entropy level is not checked) note:: If some minimum entropy is required (min_entropy > 0), the function waits for enough entropy to be gathered by the kernel which may potentially take very long time or even forever. """ # pylint: disable=unused-argument if not passphrase: raise ValueError("luks_format requires passphrase") cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog) #None is not considered as default value and pycryptsetup doesn't accept it #so we need to filter out all Nones kwargs = {} # Split cipher designator to cipher name and cipher mode cipherType = None cipherMode = None if cipher: cparts = cipher.split("-") cipherType = "".join(cparts[0:1]) cipherMode = "-".join(cparts[1:]) if cipherType: kwargs["cipher"] = cipherType if cipherMode: kwargs["cipherMode"] = cipherMode if key_size: kwargs["keysize"] = key_size if min_entropy > 0: # min_entropy == 0 means "don't care" while get_current_entropy() < min_entropy: # wait for entropy to become high enough time.sleep(1) rc = cs.luksFormat(**kwargs) if rc: raise CryptoError("luks_format failed for '%s'" % device) # activate first keyslot cs.addKeyByVolumeKey(newPassphrase=passphrase) if rc: raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)