def luks_format(device,
passphrase=None,
cipher=None, key_size=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase=passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device,
passphrase=None,
key_file=None,
cipher=None,
key_size=None):
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
key_file_unlink = False
if passphrase:
key_file = cs.prepare_passphrase_file(passphrase)
key_file_unlink = True
elif key_file and os.path.isfile(key_file):
pass
else:
raise ValueError(
"luks_format requires either a passphrase or a key file")
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
kwargs["device"] = device
if cipher: kwargs["cipher"] = cipher
if key_file: kwargs["keyfile"] = key_file
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if key_file_unlink: os.unlink(key_file)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
def luks_format(device, passphrase, cipher=None, key_size=None, key_file=None, min_entropy=0):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
kwargs = {}
cipherType, cipherMode = None, None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType:
kwargs["cipher"] = cipherType
if cipherMode:
kwargs["cipherMode"] = cipherMode
if key_size:
kwargs["keysize"] = key_size
if min_entropy > 0:
while get_current_entropy() < min_entropy:
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
return rc
rc = cs.addKeyByVolumeKey(newPassphrase=passphrase)
return rc if rc else 0
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(name=name,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
return cs.status()
def luks_format(device,
passphrase=None,
cipher=None, key_size=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase = passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" % device)
def luks_format(device,
passphrase=None, key_file=None,
cipher=None, key_size=None):
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
key_file_unlink = False
if passphrase:
key_file = cs.prepare_passphrase_file(passphrase)
key_file_unlink = True
elif key_file and os.path.isfile(key_file):
pass
else:
raise ValueError("luks_format requires either a passphrase or a key file")
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
kwargs["device"] = device
if cipher: kwargs["cipher"] = cipher
if key_file: kwargs["keyfile"] = key_file
if key_size: kwargs["keysize"] = key_size
rc = cs.luksFormat(**kwargs)
if key_file_unlink: os.unlink(key_file)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(name=name,
yesDialog=askyes,
logFunc=dolog,
passwordDialog=askpassphrase)
return cs.status()
def luks_open(device, name, passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase)
rc = cs.activate(passphrase=passphrase, name=name)
if rc<0:
raise CryptoError("luks_open failed for %s (%s) with errno %d" % (device, name, rc))
def luks_close(name):
"""
Close connection to a LUKS device.
:param str name: redirected device identifier
:returns: 0 on success
"""
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc)
return cs.deactivate()
def luks_close(name):
cs = CryptSetup(name=name,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
rc = cs.deactivate()
if rc:
raise CryptoError("luks_close failed for %s" % name)
def luks_open(device, name, passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
rc = cs.activate(passphrase = passphrase, name = name)
if rc<0:
raise CryptoError("luks_open failed for %s (%s) with errno %d" % (device, name, rc))
def luks_close(name):
cs = CryptSetup(name=name,
yesDialog=askyes,
logFunc=dolog,
passwordDialog=askpassphrase)
rc = cs.deactivate()
if rc:
raise CryptoError("luks_close failed for %s" % name)
def luks_open(device, name, passphrase=None, key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
rc = cs.activate(passphrase=passphrase, name=name)
if rc<0:
raise CryptoError("luks_open failed for %s (%s) with errno %d" % (device, name, rc))
def luks_add_key(device,
new_passphrase=None,
passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_add_key requires passphrase")
cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase)
rc = cs.addKeyByPassphrase(passphrase=passphrase, newPassphrase=new_passphrase)
if rc<0:
raise CryptoError("luks add key failed with errcode %d" % (rc,))
def luks_remove_key(device, del_passphrase, passphrase, key_file=None):
"""
Remove passphrase from a LUKS device.
:param str device: device idenfitier
:param str del_passphrase: old passphrase to remove
:param str passphrase: authenticate with current passphrase
:param str key_file: authenticate with this key file
:returns: 0 on success
"""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
return cs.removePassphrase(passphrase=passphrase)
def luks_remove_key(device,
del_passphrase=None,
passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_remove_key requires passphrase")
cs = CryptSetup(device=device, yesDialog=askyes, logFunc=dolog, passwordDialog=askpassphrase)
rc = cs.removePassphrase(passphrase = passphrase)
if rc:
raise CryptoError("luks remove key failed with errcode %d" % (rc,))
def luks_open(device, name, passphrase, key_file=None):
"""
Open a connection to the LUKS device for mounting or management.
:param str device: device identifier
:param str name: device identifier to redirect to
:param str passphrase: passphrase to unlock with
:param str key_file: path to key file to unlock with
:returns: 0 on success
"""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
return cs.activate(passphrase=passphrase, name=name)
def luks_add_key(device,
new_passphrase=None,
passphrase=None, key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_add_key requires passphrase")
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
rc = cs.addKeyByPassphrase(passphrase=passphrase, newPassphrase=new_passphrase)
if rc<0:
raise CryptoError("luks add key failed with errcode %d" % (rc,))
def luks_add_key(device,
new_passphrase=None,
passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_add_key requires passphrase")
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
rc = cs.addPassphrase(passphrase = passphrase, newPassphrase = new_passphrase)
if rc<0:
raise CryptoError("luks add key failed with errcode %d" % (rc,))
def luks_remove_key(device,
del_passphrase=None,
passphrase=None, key_file=None):
if not passphrase:
raise ValueError("luks_remove_key requires passphrase")
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
rc = cs.removePassphrase(passphrase = passphrase)
if rc:
raise CryptoError("luks remove key failed with errcode %d" % (rc,))
def luks_remove_key(device,
del_passphrase=None,
passphrase=None, key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_remove_key requires passphrase")
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
rc = cs.removePassphrase(passphrase = passphrase)
if rc:
raise CryptoError("luks remove key failed with errcode %d" % (rc,))
def luks_add_key(device, new_passphrase, passphrase, key_file=None):
"""
Add passphrase to a LUKS device.
:param str device: device idenfitier
:param str new_passphrase: new passphrase to assign
:param str passphrase: authenticate with current passphrase
:param str key_file: authenticate with this key file
:returns: 0 on success
"""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
return cs.addKeyByPassphrase(passphrase=passphrase,
newPassphrase=new_passphrase)
def luks_open(device, name, passphrase=None, key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
rc = cs.activate(passphrase=passphrase, name=name)
if rc < 0:
raise CryptoError("luks_open failed for %s (%s) with errno %d" %
(device, name, rc))
def luks_add_key(device, new_passphrase=None, passphrase=None, key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_add_key requires passphrase")
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
rc = cs.addKeyByPassphrase(passphrase=passphrase,
newPassphrase=new_passphrase)
if rc < 0:
raise CryptoError("luks add key failed with errcode %d" % (rc, ))
def luks_remove_key(device,
del_passphrase=None,
passphrase=None,
key_file=None):
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_remove_key requires passphrase")
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
rc = cs.removePassphrase(passphrase=passphrase)
if rc:
raise CryptoError("luks remove key failed with errcode %d" % (rc, ))
def luks_open(device, name, passphrase=None, key_file=None):
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
key_file_unlink = False
if passphrase:
key_file = cs.prepare_passphrase_file(passphrase)
key_file_unlink = True
elif key_file and os.path.isfile(key_file):
pass
else:
raise ValueError("luks_open requires either a passphrase or a key file")
rc = cs.luksOpen(device = device, name = name, keyfile = key_file)
if key_file_unlink: os.unlink(key_file)
if rc:
raise CryptoError("luks_open failed for %s (%s)" % (device, name))
def luks_open(device, name, passphrase=None, key_file=None):
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
key_file_unlink = False
if passphrase:
key_file = cs.prepare_passphrase_file(passphrase)
key_file_unlink = True
elif key_file and os.path.isfile(key_file):
pass
else:
raise ValueError(
"luks_open requires either a passphrase or a key file")
rc = cs.luksOpen(device=device, name=name, keyfile=key_file)
if key_file_unlink: os.unlink(key_file)
if rc:
raise CryptoError("luks_open failed for %s (%s)" % (device, name))
def luks_format(device,
passphrase,
cipher=None,
key_size=None,
key_file=None,
min_entropy=0):
"""
Format a device as a LUKS device.
:param str device: device identifier
:param str passphrase: passphrase to encrypt with
:param str cipher: cipher to use (if not default)
:param int key_size: key size to use (if not default)
:param str key_file: path to key file to use (optional)
:param int min_entropy: Don't encrypt until system has this much entropy
:returns: 0 on success
"""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
kwargs = {}
cipherType, cipherMode = None, None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType:
kwargs["cipher"] = cipherType
if cipherMode:
kwargs["cipherMode"] = cipherMode
if key_size:
kwargs["keysize"] = key_size
if min_entropy > 0:
while get_current_entropy() < min_entropy:
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
return rc
rc = cs.addKeyByVolumeKey(newPassphrase=passphrase)
return rc if rc else 0
def is_luks(device):
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
return cs.isLuks(device)
def luks_close(name):
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
rc = cs.luksClose(name)
if rc:
raise CryptoError("luks_close failed for %s" % name)
def is_luks(device):
"""Check to see if provided device is a LUKS device."""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
return cs.isLuks()
def luks_uuid(device):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.luksUUID()
def luks_close(name):
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
rc = cs.luksClose(name)
if rc:
raise CryptoError("luks_close failed for %s" % name)
def luks_uuid(device):
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
return cs.luksUUID(device).strip()
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
return cs.luksStatus(name) != 0
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
return cs.status()
def luks_remove_key(device, del_passphrase, passphrase, key_file=None):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.removePassphrase(passphrase=passphrase)
def luks_status(name):
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.status()
def luks_close(name):
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.deactivate()
def luks_close(name):
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
rc = cs.deactivate()
if rc:
raise CryptoError("luks_close failed for %s" % name)
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.status()
def is_luks(device):
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
return cs.isLuks()
def luks_uuid(device):
cs = CryptSetup(device=device,
yesDialog=askyes,
logFunc=dolog,
passwordDialog=askpassphrase)
return cs.luksUUID()
def luks_uuid(device):
cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
return cs.luksUUID()
def luks_uuid(device):
cs = CryptSetup(yesDialog=askyes, logFunc=dolog)
return cs.luksUUID(device).strip()
def luks_uuid(device):
"""Obtain LUKS device's UUID."""
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc)
return cs.luksUUID()
def luks_format(device,
passphrase=None,
cipher=None,
key_size=None,
key_file=None,
min_entropy=0):
"""
Format device as LUKS with the specified parameters.
:param str device: device to format
:param str passphrase: passphrase to add to the new LUKS device
:param str cipher: cipher mode to use
:param int keysize: keysize to use
:param str key_file: key file to use
:param int min_entropy: minimum random data entropy level required for LUKS
format creation (0 means entropy level is not checked)
note::
If some minimum entropy is required (min_entropy > 0), the
function waits for enough entropy to be gathered by the kernel
which may potentially take very long time or even forever.
"""
# pylint: disable=unused-argument
if not passphrase:
raise ValueError("luks_format requires passphrase")
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
#None is not considered as default value and pycryptsetup doesn't accept it
#so we need to filter out all Nones
kwargs = {}
# Split cipher designator to cipher name and cipher mode
cipherType = None
cipherMode = None
if cipher:
cparts = cipher.split("-")
cipherType = "".join(cparts[0:1])
cipherMode = "-".join(cparts[1:])
if cipherType: kwargs["cipher"] = cipherType
if cipherMode: kwargs["cipherMode"] = cipherMode
if key_size: kwargs["keysize"] = key_size
if min_entropy > 0:
# min_entropy == 0 means "don't care"
while get_current_entropy() < min_entropy:
# wait for entropy to become high enough
time.sleep(1)
rc = cs.luksFormat(**kwargs)
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
# activate first keyslot
cs.addKeyByVolumeKey(newPassphrase=passphrase)
if rc:
raise CryptoError("luks_add_key_by_volume_key failed for '%s'" %
device)
def is_luks(device):
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
return cs.isLuks(device)
def luks_status(name):
"""Obtain LUKS device status."""
cs = CryptSetup(name=name, yesDialog=yesDialog, logFunc=logFunc)
return cs.status()
def luks_status(name):
"""True means active, False means inactive (or non-existent)"""
cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
return cs.luksStatus(name)!=0
def luks_close(name):
cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
rc = cs.deactivate()
if rc:
raise CryptoError("luks_close failed for %s" % name)
def is_luks(device):
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
return cs.isLuks()
def luks_add_key(device, new_passphrase, passphrase, key_file=None):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.addKeyByPassphrase(passphrase=passphrase, newPassphrase=new_passphrase)
def is_luks(device):
cs = CryptSetup(device=device,
yesDialog=askyes,
logFunc=dolog,
passwordDialog=askpassphrase)
return cs.isLuks()
def luks_uuid(device):
cs = CryptSetup(device=device,
yesDialog=yesDialog,
logFunc=logFunc,
passwordDialog=passwordDialog)
return cs.luksUUID()
def is_luks(device):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.isLuks()
def luks_open(device, name, passphrase, key_file=None):
cs = CryptSetup(device=device, yesDialog=yesDialog, logFunc=logFunc, passwordDialog=passwordDialog)
return cs.activate(passphrase=passphrase, name=name)