2 * Python bindings to libcryptsetup
4 * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
5 * Written by Martin Sivak
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include <structmember.h>
26 #include "libcryptsetup.h"
31 /* Type-specific fields go here. */
32 struct crypt_device *device;
36 PyObject *yesDialogCB;
37 PyObject *cmdLineLogCB;
38 PyObject *passwordDialogCB;
41 static int yesDialog(const char *msg, void *this)
43 CryptSetupObject *self = this;
44 PyObject *result, *arglist;
47 if (self->yesDialogCB){
48 arglist = Py_BuildValue("(s)", msg);
52 result = PyEval_CallObject(self->yesDialogCB, arglist);
58 if (!PyArg_Parse(result, "i", &r))
68 static int passwordDialog(const char *msg, char *buf, size_t length, void *this)
70 CryptSetupObject *self = this;
71 PyObject *result, *arglist;
74 if(self->passwordDialogCB){
75 arglist = Py_BuildValue("(s)", msg);
79 result = PyEval_CallObject(self->passwordDialogCB, arglist);
85 if (!PyArg_Parse(result, "z", &res)) {
90 strncpy(buf, res, length - 1);
100 static void cmdLineLog(int cls, const char *msg, void *this)
102 CryptSetupObject *self = this;
103 PyObject *result, *arglist;
105 if(self->cmdLineLogCB) {
106 arglist = Py_BuildValue("(is)", cls, msg);
110 result = PyEval_CallObject(self->cmdLineLogCB, arglist);
116 static void CryptSetup_dealloc(CryptSetupObject* self)
118 /* free the callbacks */
119 Py_XDECREF(self->yesDialogCB);
120 Py_XDECREF(self->cmdLineLogCB);
121 Py_XDECREF(self->passwordDialogCB);
123 free(self->activated_as);
125 crypt_free(self->device);
128 self->ob_type->tp_free((PyObject*)self);
131 static PyObject *CryptSetup_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
133 CryptSetupObject *self = (CryptSetupObject *)type->tp_alloc(type, 0);
136 self->yesDialogCB = NULL;
137 self->passwordDialogCB = NULL;
138 self->cmdLineLogCB = NULL;
139 self->activated_as = NULL;
142 return (PyObject *)self;
145 static PyObject *PyObjectResult(int is)
147 PyObject *result = Py_BuildValue("i", is);
150 PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value");
155 #define CryptSetup_HELP "CryptSetup object\n\n\
156 constructor takes one to five arguments:\n\
157 __init__(device, name, yesDialog, passwordDialog, logFunc)\n\n\
158 yesDialog - python function with func(text) signature, \n\
159 which asks the user question text and returns 1\n\
160 of the answer was positive or 0 if not\n\
161 logFunc - python function with func(level, text) signature to log stuff somewhere"
163 static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwds)
165 static char *kwlist[] = {"device", "name", "yesDialog", "passwordDialog", "logFunc", NULL};
166 PyObject *yesDialogCB = NULL,
167 *passwordDialogCB = NULL,
168 *cmdLineLogCB = NULL,
170 char *device = NULL, *deviceName = NULL;
172 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOOO", kwlist, &device, &deviceName,
173 &yesDialogCB, &passwordDialogCB, &cmdLineLogCB))
177 if (crypt_init(&(self->device), device)) {
178 PyErr_SetString(PyExc_IOError, "Device cannot be opened");
182 } else if (deviceName) {
183 if (crypt_init_by_name(&(self->device), deviceName)) {
184 PyErr_SetString(PyExc_IOError, "Device cannot be opened");
188 PyErr_SetString(PyExc_RuntimeError, "Either device file or luks name has to be specified");
192 // FIXME: check return code
193 crypt_load(self->device, NULL, NULL);
195 self->activated_as = strdup(deviceName);
198 tmp = self->yesDialogCB;
199 Py_INCREF(yesDialogCB);
200 self->yesDialogCB = yesDialogCB;
202 crypt_set_confirm_callback(self->device, yesDialog, self);
205 if (passwordDialogCB) {
206 tmp = self->passwordDialogCB;
207 Py_INCREF(passwordDialogCB);
208 self->passwordDialogCB = passwordDialogCB;
210 crypt_set_password_callback(self->device, passwordDialog, self);
214 tmp = self->cmdLineLogCB;
215 Py_INCREF(cmdLineLogCB);
216 self->cmdLineLogCB = cmdLineLogCB;
218 crypt_set_log_callback(self->device, cmdLineLog, self);
224 #define CryptSetup_activate_HELP "Activate LUKS device\n\n\
227 static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyObject *kwds)
229 static char *kwlist[] = {"name", "passphrase", NULL};
230 char *name = NULL, *passphrase = NULL;
233 if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|s", kwlist, &name, &passphrase))
236 // FIXME: allow keyfile and \0 in passphrase
237 is = crypt_activate_by_passphrase(self->device, name, CRYPT_ANY_SLOT,
238 passphrase, passphrase ? strlen(passphrase) : 0, 0);
241 free(self->activated_as);
242 self->activated_as = strdup(name);
245 return PyObjectResult(is);
248 #define CryptSetup_deactivate_HELP "Dectivate LUKS device\n\n\
251 static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, PyObject *kwds)
253 int is = crypt_deactivate(self->device, self->activated_as);
256 free(self->activated_as);
257 self->activated_as = NULL;
260 return PyObjectResult(is);
263 #define CryptSetup_askyes_HELP "Asks a question using the configured dialog CB\n\n\
266 static PyObject *CryptSetup_askyes(CryptSetupObject* self, PyObject *args, PyObject *kwds)
268 static char *kwlist[] = {"message", NULL};
269 PyObject *message = NULL, *result, *arglist;
271 if (!PyArg_ParseTupleAndKeywords(args, kwds, "O", kwlist, &message))
276 arglist = Py_BuildValue("(O)", message);
278 PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for internal call");
282 result = PyEval_CallObject(self->yesDialogCB, arglist);
289 #define CryptSetup_log_HELP "Logs a string using the configured log CB\n\n\
290 log(int level, message)"
292 static PyObject *CryptSetup_log(CryptSetupObject* self, PyObject *args, PyObject *kwds)
294 static char *kwlist[] = {"priority", "message", NULL};
295 PyObject *message = NULL, *priority = NULL, *result, *arglist;
297 if (!PyArg_ParseTupleAndKeywords(args, kwds, "OO", kwlist, &message, &priority))
303 arglist = Py_BuildValue("(OO)", message, priority);
305 PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for internal call");
309 result = PyEval_CallObject(self->cmdLineLogCB, arglist);
317 #define CryptSetup_luksUUID_HELP "Get UUID of the LUKS device\n\n\
320 static PyObject *CryptSetup_luksUUID(CryptSetupObject* self, PyObject *args, PyObject *kwds)
324 result = Py_BuildValue("s", crypt_get_uuid(self->device));
326 PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value");
331 #define CryptSetup_isLuks_HELP "Is the device LUKS?\n\n\
334 static PyObject *CryptSetup_isLuks(CryptSetupObject* self, PyObject *args, PyObject *kwds)
336 return PyObjectResult(crypt_load(self->device, CRYPT_LUKS1, NULL));
339 #define CryptSetup_Info_HELP "Returns dictionary with info about opened device\nKeys:\n\
340 dir\n name\n uuid\n cipher\n cipher_mode\n keysize\n device\n\
341 offset\n size\n skip\n mode\n"
343 static PyObject *CryptSetup_Info(CryptSetupObject* self, PyObject *args, PyObject *kwds)
347 result = Py_BuildValue("{s:s,s:s,s:z,s:s,s:s,s:s,s:i,s:K}",
348 "dir", crypt_get_dir(),
349 "device", crypt_get_device_name(self->device),
350 "name", self->activated_as,
351 "uuid", crypt_get_uuid(self->device),
352 "cipher", crypt_get_cipher(self->device),
353 "cipher_mode", crypt_get_cipher_mode(self->device),
354 "keysize", crypt_get_volume_key_size(self->device) * 8,
356 //"mode", (co.flags & CRYPT_FLAG_READONLY) ? "readonly" : "read/write",
357 "offset", crypt_get_data_offset(self->device)
361 PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value");
366 #define CryptSetup_luksFormat_HELP "Format device to enable LUKS\n\n\
367 luksFormat(cipher = 'aes', cipherMode = 'cbc-essiv:sha256', keysize = 256)\n\n\
368 cipher - cipher specification, e.g. aes, serpent\n\
369 cipherMode - cipher mode specification, e.g. cbc-essiv:sha256, xts-plain64\n\
370 keysize - key size in bits"
372 static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, PyObject *kwds)
374 static char *kwlist[] = {"cipher", "cipherMode", "keysize", NULL};
375 char *cipher_mode = NULL, *cipher = NULL;
377 PyObject *keysize_object = NULL;
379 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzO", kwlist,
380 &cipher, &cipher_mode, &keysize_object))
383 if (!keysize_object || keysize_object == Py_None) {
384 /* use default value */
385 } else if (!PyInt_Check(keysize_object)) {
386 PyErr_SetString(PyExc_TypeError, "keysize must be an integer");
388 } else if (PyInt_AsLong(keysize_object) % 8) {
389 PyErr_SetString(PyExc_TypeError, "keysize must have integer value dividable by 8");
391 } else if (PyInt_AsLong(keysize_object) <= 0) {
392 PyErr_SetString(PyExc_TypeError, "keysize must be positive number bigger than 0");
395 keysize = PyInt_AsLong(keysize_object);
397 // FIXME use #defined defaults
398 return PyObjectResult(crypt_format(self->device, CRYPT_LUKS1,
399 cipher ?: "aes", cipher_mode ?: "cbc-essiv:sha256",
400 NULL, NULL, keysize / 8, NULL));
403 #define CryptSetup_addKeyByPassphrase_HELP "Initialize keyslot using passphrase\n\n\
404 addKeyByPassphrase(passphrase, newPassphrase, slot)\n\n\
405 passphrase - string or none to ask the user\n\
406 newPassphrase - passphrase to add\n\
407 slot - which slot to use (optional)"
409 static PyObject *CryptSetup_addKeyByPassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds)
411 static char *kwlist[] = {"passphrase", "newPassphrase", "slot", NULL};
412 char *passphrase = NULL, *newpassphrase = NULL;
413 size_t passphrase_len = 0, newpassphrase_len = 0;
414 int slot = CRYPT_ANY_SLOT;
416 if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|i", kwlist, &passphrase, &newpassphrase, &slot))
420 passphrase_len = strlen(passphrase);
423 newpassphrase_len = strlen(newpassphrase);
425 return PyObjectResult(crypt_keyslot_add_by_passphrase(self->device, slot,
426 passphrase, passphrase_len,
427 newpassphrase, newpassphrase_len));
430 #define CryptSetup_addKeyByVolumeKey_HELP "Initialize keyslot using cached volume key\n\n\
431 addKeyByVolumeKey(passphrase, newPassphrase, slot)\n\n\
432 newPassphrase - passphrase to add\n\
433 slot - which slot to use (optional)"
435 static PyObject *CryptSetup_addKeyByVolumeKey(CryptSetupObject* self, PyObject *args, PyObject *kwds)
437 static char *kwlist[] = {"newPassphrase", "slot", NULL};
438 char *newpassphrase = NULL;
439 size_t newpassphrase_len = 0;
440 int slot = CRYPT_ANY_SLOT;
442 if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|i", kwlist, &newpassphrase, &slot))
446 newpassphrase_len = strlen(newpassphrase);
448 return PyObjectResult(crypt_keyslot_add_by_volume_key(self->device, slot,
449 NULL, 0, newpassphrase, newpassphrase_len));
452 #define CryptSetup_removePassphrase_HELP "Destroy keyslot using passphrase\n\n\
453 removePassphrase(passphrase)\n\n\
454 passphrase - string or none to ask the user"
456 static PyObject *CryptSetup_removePassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds)
458 static char *kwlist[] = {"passphrase", NULL};
459 char *passphrase = NULL;
460 size_t passphrase_len = 0;
463 if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", kwlist, &passphrase))
467 passphrase_len = strlen(passphrase);
469 is = crypt_activate_by_passphrase(self->device, NULL, CRYPT_ANY_SLOT,
470 passphrase, passphrase_len, 0);
472 return PyObjectResult(is);
474 return PyObjectResult(crypt_keyslot_destroy(self->device, is));
477 #define CryptSetup_killSlot_HELP "Destroy keyslot\n\n\
479 slot - the slot to remove"
481 static PyObject *CryptSetup_killSlot(CryptSetupObject* self, PyObject *args, PyObject *kwds)
483 static char *kwlist[] = {"slot", NULL};
484 int slot = CRYPT_ANY_SLOT;
486 if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &slot))
489 switch (crypt_keyslot_status(self->device, slot)) {
490 case CRYPT_SLOT_ACTIVE:
491 return PyObjectResult(crypt_keyslot_destroy(self->device, slot));
492 case CRYPT_SLOT_ACTIVE_LAST:
493 PyErr_SetString(PyExc_ValueError, "Last slot, removing it would render the device unusable");
495 case CRYPT_SLOT_INACTIVE:
496 PyErr_SetString(PyExc_ValueError, "Inactive slot");
498 case CRYPT_SLOT_INVALID:
499 PyErr_SetString(PyExc_ValueError, "Invalid slot");
506 #define CryptSetup_Status_HELP "Status of LUKS device\n\n\
509 static PyObject *CryptSetup_Status(CryptSetupObject* self, PyObject *args, PyObject *kwds)
511 if (!self->activated_as){
512 PyErr_SetString(PyExc_IOError, "Device has not been activated yet.");
516 return PyObjectResult(crypt_status(self->device, self->activated_as));
519 #define CryptSetup_Resume_HELP "Resume LUKS device\n\n\
520 luksOpen(passphrase)\n\n\
521 passphrase - string or none to ask the user"
523 static PyObject *CryptSetup_Resume(CryptSetupObject* self, PyObject *args, PyObject *kwds)
525 static char *kwlist[] = {"passphrase", NULL};
526 char* passphrase = NULL;
527 size_t passphrase_len = 0;
529 if (!self->activated_as){
530 PyErr_SetString(PyExc_IOError, "Device has not been activated yet.");
534 if (! PyArg_ParseTupleAndKeywords(args, kwds, "|s", kwlist, &passphrase))
538 passphrase_len = strlen(passphrase);
540 return PyObjectResult(crypt_resume_by_passphrase(self->device, self->activated_as,
541 CRYPT_ANY_SLOT, passphrase, passphrase_len));
544 #define CryptSetup_Suspend_HELP "Suspend LUKS device\n\n\
547 static PyObject *CryptSetup_Suspend(CryptSetupObject* self, PyObject *args, PyObject *kwds)
549 if (!self->activated_as){
550 PyErr_SetString(PyExc_IOError, "Device has not been activated yet.");
554 return PyObjectResult(crypt_suspend(self->device, self->activated_as));
557 #define CryptSetup_debugLevel_HELP "Set debug level\n\n\
558 debugLevel(level)\n\n\
561 static PyObject *CryptSetup_debugLevel(CryptSetupObject* self, PyObject *args, PyObject *kwds)
563 static char *kwlist[] = {"level", NULL};
566 if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &level))
569 crypt_set_debug_level(level);
570 return PyObjectResult(0);
573 #define CryptSetup_iterationTime_HELP "Set iteration time\n\n\
574 iterationTime(time_ms)\n\n\
575 time_ms - time in miliseconds"
577 static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args, PyObject *kwds)
579 static char *kwlist[] = {"time_ms", NULL};
580 uint64_t time_ms = 0;
582 if (!PyArg_ParseTupleAndKeywords(args, kwds, "l", kwlist, &time_ms))
585 crypt_set_iterarion_time(self->device, time_ms);
586 return PyObjectResult(0);
589 static PyMemberDef CryptSetup_members[] = {
590 {"yesDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, yesDialogCB), 0, "confirmation dialog callback"},
591 {"cmdLineLogCB", T_OBJECT_EX, offsetof(CryptSetupObject, cmdLineLogCB), 0, "logging callback"},
592 {"passwordDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, passwordDialogCB), 0, "password dialog callback"},
596 static PyMethodDef CryptSetup_methods[] = {
597 /* self-test methods */
598 {"log", (PyCFunction)CryptSetup_log, METH_VARARGS|METH_KEYWORDS, CryptSetup_askyes_HELP},
599 {"askyes", (PyCFunction)CryptSetup_askyes, METH_VARARGS|METH_KEYWORDS, CryptSetup_log_HELP},
601 /* activation and deactivation */
602 {"deactivate", (PyCFunction)CryptSetup_deactivate, METH_NOARGS, CryptSetup_deactivate_HELP},
603 {"activate", (PyCFunction)CryptSetup_activate, METH_VARARGS|METH_KEYWORDS, CryptSetup_activate_HELP},
605 /* cryptsetup info entrypoints */
606 {"luksUUID", (PyCFunction)CryptSetup_luksUUID, METH_NOARGS, CryptSetup_luksUUID_HELP},
607 {"isLuks", (PyCFunction)CryptSetup_isLuks, METH_NOARGS, CryptSetup_isLuks_HELP},
608 {"info", (PyCFunction)CryptSetup_Info, METH_NOARGS, CryptSetup_Info_HELP},
609 {"status", (PyCFunction)CryptSetup_Status, METH_NOARGS, CryptSetup_Status_HELP},
611 /* cryptsetup mgmt entrypoints */
612 {"luksFormat", (PyCFunction)CryptSetup_luksFormat, METH_VARARGS|METH_KEYWORDS, CryptSetup_luksFormat_HELP},
613 {"addKeyByPassphrase", (PyCFunction)CryptSetup_addKeyByPassphrase, METH_VARARGS|METH_KEYWORDS, CryptSetup_addKeyByPassphrase_HELP},
614 {"addKeyByVolumeKey", (PyCFunction)CryptSetup_addKeyByVolumeKey, METH_VARARGS|METH_KEYWORDS, CryptSetup_addKeyByVolumeKey_HELP},
615 {"removePassphrase", (PyCFunction)CryptSetup_removePassphrase, METH_VARARGS|METH_KEYWORDS, CryptSetup_removePassphrase_HELP},
616 {"killSlot", (PyCFunction)CryptSetup_killSlot, METH_VARARGS|METH_KEYWORDS, CryptSetup_killSlot_HELP},
619 {"resume", (PyCFunction)CryptSetup_Resume, METH_VARARGS|METH_KEYWORDS, CryptSetup_Resume_HELP},
620 {"suspend", (PyCFunction)CryptSetup_Suspend, METH_NOARGS, CryptSetup_Suspend_HELP},
623 {"debugLevel", (PyCFunction)CryptSetup_debugLevel, METH_VARARGS|METH_KEYWORDS, CryptSetup_debugLevel_HELP},
624 {"iterationTime", (PyCFunction)CryptSetup_iterationTime, METH_VARARGS|METH_KEYWORDS, CryptSetup_iterationTime_HELP},
626 {NULL} /* Sentinel */
629 static PyTypeObject CryptSetupType = {
630 PyObject_HEAD_INIT(NULL)
632 "pycryptsetup.CryptSetup", /*tp_name*/
633 sizeof(CryptSetupObject), /*tp_basicsize*/
635 (destructor)CryptSetup_dealloc, /*tp_dealloc*/
642 0, /*tp_as_sequence*/
650 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/
651 CryptSetup_HELP, /* tp_doc */
654 0, /* tp_richcompare */
655 0, /* tp_weaklistoffset */
658 CryptSetup_methods, /* tp_methods */
659 CryptSetup_members, /* tp_members */
663 0, /* tp_descr_get */
664 0, /* tp_descr_set */
665 0, /* tp_dictoffset */
666 (initproc)CryptSetup_init, /* tp_init */
668 CryptSetup_new, /* tp_new */
671 static PyMethodDef pycryptsetup_methods[] = {
672 {NULL} /* Sentinel */
675 PyMODINIT_FUNC initpycryptsetup(void);
676 PyMODINIT_FUNC initpycryptsetup(void)
680 if (PyType_Ready(&CryptSetupType) < 0)
683 m = Py_InitModule3("pycryptsetup", pycryptsetup_methods, "CryptSetup pythonized API.");
684 Py_INCREF((PyObject *)&CryptSetupType);
686 PyModule_AddObject(m, "CryptSetup", (PyObject *)&CryptSetupType);