Commit | Line | Data |
---|---|---|
80b77646 DT |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 David Thompson <davet@gnu.org> | |
b0cf606f | 3 | ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> |
9381a02a | 4 | ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> |
893d963a | 5 | ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox> |
fb8a5d63 | 6 | ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr> |
6fabb196 | 7 | ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> |
d56c55ff | 8 | ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org> |
80b77646 DT |
9 | ;;; |
10 | ;;; This file is part of GNU Guix. | |
11 | ;;; | |
12 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
13 | ;;; under the terms of the GNU General Public License as published by | |
14 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
15 | ;;; your option) any later version. | |
16 | ;;; | |
17 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
18 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ;;; GNU General Public License for more details. | |
21 | ;;; | |
22 | ;;; You should have received a copy of the GNU General Public License | |
23 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
24 | ||
25 | (define-module (gnu packages crypto) | |
26 | #:use-module (gnu packages) | |
2e3f1851 EB |
27 | #:use-module (gnu packages admin) |
28 | #:use-module (gnu packages aidc) | |
b6f87ec0 | 29 | #:use-module (gnu packages attr) |
893d963a | 30 | #:use-module (gnu packages autotools) |
fb8a5d63 | 31 | #:use-module (gnu packages boost) |
2e3f1851 | 32 | #:use-module (gnu packages cryptsetup) |
fb8a5d63 | 33 | #:use-module (gnu packages gettext) |
2e3f1851 EB |
34 | #:use-module (gnu packages gnupg) |
35 | #:use-module (gnu packages image) | |
f1876bfc LF |
36 | #:use-module (gnu packages pkg-config) |
37 | #:use-module (gnu packages libbsd) | |
fb8a5d63 | 38 | #:use-module (gnu packages linux) |
893d963a LG |
39 | #:use-module (gnu packages nettle) |
40 | #:use-module (gnu packages password-utils) | |
fb8a5d63 | 41 | #:use-module (gnu packages perl) |
893d963a | 42 | #:use-module (gnu packages readline) |
2e3f1851 | 43 | #:use-module (gnu packages search) |
893d963a | 44 | #:use-module (gnu packages serialization) |
19b2ea1b | 45 | #:use-module (gnu packages shells) |
b6f87ec0 | 46 | #:use-module (gnu packages tcl) |
893d963a | 47 | #:use-module (gnu packages tls) |
b6f87ec0 | 48 | #:use-module (gnu packages xml) |
7fb18f57 | 49 | #:use-module ((guix licenses) #:prefix license:) |
80b77646 DT |
50 | #:use-module (guix packages) |
51 | #:use-module (guix download) | |
6fabb196 | 52 | #:use-module (guix git-download) |
b6f87ec0 | 53 | #:use-module (guix build-system cmake) |
09c36743 LF |
54 | #:use-module (guix build-system gnu) |
55 | #:use-module (guix build-system python)) | |
80b77646 DT |
56 | |
57 | (define-public libsodium | |
58 | (package | |
59 | (name "libsodium") | |
188ba38e | 60 | (version "1.0.13") |
80b77646 DT |
61 | (source (origin |
62 | (method url-fetch) | |
4150ac88 LF |
63 | (uri (list (string-append |
64 | "http://download.libsodium.org/libsodium/" | |
65 | "releases/libsodium-" version ".tar.gz") | |
66 | (string-append | |
67 | "https://download.libsodium.org/libsodium/" | |
68 | "releases/old/libsodium-" version ".tar.gz"))) | |
80b77646 DT |
69 | (sha256 |
70 | (base32 | |
188ba38e | 71 | "1z93wfg4k5svg8yck6cgdr6ysj91kbpn03nyzwxanncy3b5sq4ww")))) |
80b77646 DT |
72 | (build-system gnu-build-system) |
73 | (synopsis "Portable NaCl-based crypto library") | |
74 | (description | |
35b9e423 | 75 | "Sodium is a new easy-to-use high-speed software library for network |
80b77646 | 76 | communication, encryption, decryption, signatures, etc.") |
7fb18f57 | 77 | (license license:isc) |
fddb6409 | 78 | (home-page "http://libsodium.org"))) |
f1876bfc LF |
79 | |
80 | (define-public signify | |
81 | (package | |
82 | (name "signify") | |
2ad7919d | 83 | (version "21") |
f1876bfc LF |
84 | (source (origin |
85 | (method url-fetch) | |
86 | (uri (string-append "https://github.com/aperezdc/signify/" | |
87 | "archive/v" version ".tar.gz")) | |
88 | (file-name (string-append name "-" version ".tar.gz")) | |
89 | (sha256 | |
90 | (base32 | |
2ad7919d | 91 | "0jd26kxwmmar3bylpx9x5dpqxzs17ky5dvwx8pdgcg95n4lyk223")))) |
f1876bfc LF |
92 | (build-system gnu-build-system) |
93 | ;; TODO Build with libwaive (described in README.md), to implement something | |
94 | ;; like OpenBSD's pledge(). | |
95 | (arguments | |
96 | `(#:tests? #f ; no test suite | |
97 | #:make-flags | |
98 | (list "CC=gcc" | |
99 | (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
100 | #:phases | |
101 | (modify-phases %standard-phases | |
102 | (delete 'configure)))) | |
103 | (native-inputs | |
104 | `(("pkg-config" ,pkg-config))) | |
105 | (inputs | |
106 | `(("libbsd" ,libbsd))) | |
107 | (synopsis "Create and verify cryptographic signatures") | |
108 | (description "The signify utility creates and verifies cryptographic | |
109 | signatures using the elliptic curve Ed25519. This is a Linux port of the | |
110 | OpenBSD tool of the same name.") | |
111 | (home-page "https://github.com/aperezdc/signify") | |
112 | ;; This package includes third-party code that was originally released under | |
113 | ;; various non-copyleft licenses. See the source files for clarification. | |
7fb18f57 TGR |
114 | (license (list license:bsd-3 license:bsd-4 license:expat license:isc |
115 | license:public-domain (license:non-copyleft | |
116 | "file://base64.c" | |
117 | "See base64.c in the distribution for | |
118 | the license from IBM."))))) | |
893d963a LG |
119 | |
120 | ||
121 | (define-public opendht | |
122 | (package | |
123 | (name "opendht") | |
124 | (version "0.6.1") | |
125 | (source | |
126 | (origin | |
127 | (method url-fetch) | |
128 | (uri | |
129 | (string-append | |
130 | "https://github.com/savoirfairelinux/" name | |
131 | "/archive/" version ".tar.gz")) | |
132 | (file-name (string-append name "-" version ".tar.gz")) | |
133 | (modules '((guix build utils))) | |
134 | (snippet | |
135 | '(begin | |
136 | (delete-file-recursively "src/argon2") | |
137 | (substitute* "src/Makefile.am" | |
138 | (("./argon2/libargon2.la") "") | |
139 | (("SUBDIRS = argon2") "")) | |
140 | (substitute* "src/crypto.cpp" | |
141 | (("argon2/argon2.h") "argon2.h")) | |
142 | (substitute* "configure.ac" | |
143 | (("src/argon2/Makefile") "")))) | |
144 | (sha256 | |
145 | (base32 | |
146 | "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x")))) | |
147 | (build-system gnu-build-system) | |
148 | (inputs | |
149 | `(("gnutls" ,gnutls) | |
150 | ("nettle" ,nettle) | |
893d963a LG |
151 | ("readline" ,readline) |
152 | ("argon2" ,argon2))) | |
615c9990 LG |
153 | (propagated-inputs |
154 | `(("msgpack" ,msgpack))) ;included in several installed headers | |
893d963a LG |
155 | (native-inputs |
156 | `(("autoconf" ,autoconf) | |
157 | ("pkg-config" ,pkg-config) | |
158 | ("automake" ,automake) | |
159 | ("libtool" ,libtool))) | |
160 | (arguments | |
161 | `(#:configure-flags '("--disable-tools" "--disable-python") | |
162 | #:phases (modify-phases %standard-phases | |
163 | (add-before 'configure 'autoconf | |
164 | (lambda _ | |
165 | (zero? (system* "autoreconf" "-vfi"))))))) | |
166 | (home-page "https://github.com/savoirfairelinux/opendht/") | |
167 | (synopsis "Distributed Hash Table (DHT) library") | |
168 | (description "OpenDHT is a Distributed Hash Table (DHT) library. It may | |
169 | be used to manage peer-to-peer network connections as needed for real time | |
170 | communication.") | |
7fb18f57 | 171 | (license license:gpl3))) |
fb8a5d63 | 172 | |
fb8a5d63 TGR |
173 | (define-public encfs |
174 | (package | |
175 | (name "encfs") | |
ffabdc18 | 176 | (version "1.9.1") |
fb8a5d63 TGR |
177 | (source |
178 | (origin | |
179 | (method url-fetch) | |
180 | (uri | |
181 | (string-append "https://github.com/vgough/encfs/releases/download/v" | |
182 | version "/encfs-" version ".tar.gz")) | |
183 | (sha256 | |
184 | (base32 | |
ffabdc18 | 185 | "1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837")) |
b6f87ec0 TGR |
186 | (modules '((guix build utils))) |
187 | ;; Remove bundled dependencies in favour of proper inputs. | |
188 | (snippet '(for-each delete-file-recursively | |
189 | (find-files "internal" "^tinyxml2-[0-9]" | |
190 | #:directories? #t))))) | |
191 | (build-system cmake-build-system) | |
fb8a5d63 | 192 | (native-inputs |
79355ae3 | 193 | `(("gettext" ,gettext-minimal) |
b6f87ec0 TGR |
194 | |
195 | ;; Test dependencies. | |
196 | ("expect" ,expect) | |
197 | ("perl" ,perl))) | |
fb8a5d63 | 198 | (inputs |
b6f87ec0 | 199 | `(("attr" ,attr) |
fb8a5d63 TGR |
200 | ("fuse" ,fuse) |
201 | ("openssl" ,openssl) | |
b6f87ec0 TGR |
202 | ("tinyxml2" ,tinyxml2))) |
203 | (arguments | |
204 | `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF"))) | |
fb8a5d63 TGR |
205 | (home-page "https://vgough.github.io/encfs") |
206 | (synopsis "Encrypted virtual file system") | |
207 | (description | |
208 | "EncFS creates a virtual encrypted file system in user-space. Each file | |
209 | created under an EncFS mount point is stored as a separate encrypted file on | |
210 | the underlying file system. Like most encrypted file systems, EncFS is meant | |
211 | to provide security against off-line attacks, such as a drive falling into | |
212 | the wrong hands.") | |
b6f87ec0 TGR |
213 | (license (list license:expat ; internal/easylogging++.h |
214 | license:lgpl3+ ; encfs library | |
215 | license:gpl3+)))) ; command-line tools | |
279d902b TGR |
216 | |
217 | (define-public keyutils | |
218 | (package | |
219 | (name "keyutils") | |
220 | (version "1.5.9") | |
221 | (source | |
222 | (origin | |
223 | (method url-fetch) | |
224 | (uri | |
225 | (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-" | |
226 | version ".tar.bz2")) | |
227 | (sha256 | |
228 | (base32 | |
229 | "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd")) | |
230 | (modules '((guix build utils))) | |
231 | ;; Create relative symbolic links instead of absolute ones to /lib/* | |
232 | (snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/") | |
233 | "$(LNS) "))))) | |
234 | (build-system gnu-build-system) | |
235 | (arguments | |
236 | `(#:phases (modify-phases %standard-phases | |
237 | (delete 'configure)) ; no configure script | |
238 | #:make-flags (list "CC=gcc" | |
239 | "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)" | |
240 | (string-append "DESTDIR=" | |
241 | (assoc-ref %outputs "out")) | |
242 | "INCLUDEDIR=/include" | |
243 | "LIBDIR=/lib" | |
244 | "MANDIR=/share/man" | |
245 | "SHAREDIR=/share/keyutils") | |
246 | #:test-target "test")) | |
247 | (home-page "https://people.redhat.com/dhowells/keyutils/") | |
5b63a856 | 248 | (synopsis "Linux key management utilities") |
279d902b TGR |
249 | (description |
250 | "Keyutils is a set of utilities for managing the key retention facility in | |
251 | the Linux kernel, which can be used by file systems, block devices, and more to | |
252 | gain and retain the authorization and encryption keys required to perform | |
253 | secure operations. ") | |
254 | (license (list license:lgpl2.1+ ; the files keyutils.* | |
255 | license:gpl2+)))) ; the rest | |
6fabb196 | 256 | |
257 | ;; There is no release candidate but commits point out a version number, | |
258 | ;; furthermore no tarball exists. | |
259 | (define-public eschalot | |
260 | (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44") | |
261 | (revision "1")) | |
262 | (package | |
263 | (name "eschalot") | |
264 | (version (string-append "1.2.0-" revision "." (string-take commit 7))) | |
265 | (source | |
266 | (origin | |
267 | (method git-fetch) | |
268 | (uri (git-reference | |
269 | (url "https://github.com/schnabear/eschalot") | |
270 | (commit commit))) | |
271 | (file-name (string-append name "-" version)) | |
272 | (sha256 | |
273 | (base32 | |
274 | "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98")))) | |
275 | (inputs | |
276 | `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h | |
277 | (build-system gnu-build-system) | |
278 | (arguments | |
279 | `(#:make-flags (list "CC=gcc" | |
280 | (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
281 | (string-append "INSTALL=" "install")) | |
282 | ;; XXX: make test would run a !VERY! long hashing of names with the use | |
283 | ;; of a wordlist, the amount of computing time this would waste on build | |
284 | ;; servers is in no relation to the size or importance of this small | |
285 | ;; application, therefore we run our own tests on eschalot and worgen. | |
286 | #:phases | |
287 | (modify-phases %standard-phases | |
288 | (delete 'configure) | |
289 | (replace 'check | |
290 | (lambda _ | |
291 | (and | |
292 | (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt" | |
293 | "3-6" "top150adjectives.txt" "3-6")) | |
294 | (zero? (system* "./eschalot" "-r" "^guix|^guixsd")) | |
295 | (zero? (system* "./eschalot" "-r" "^gnu|^free")) | |
296 | (zero? (system* "./eschalot" "-r" "^cyber|^hack")) | |
297 | (zero? (system* "./eschalot" "-r" "^troll"))))) | |
298 | ;; Make install can not create the bin dir, create it. | |
299 | (add-before 'install 'create-bin-dir | |
300 | (lambda* (#:key outputs #:allow-other-keys) | |
301 | (let* ((out (assoc-ref outputs "out")) | |
302 | (bin (string-append out "/bin"))) | |
303 | (mkdir-p bin) | |
304 | #t)))))) | |
305 | (home-page "https://github.com/schnabear/eschalot") | |
306 | (synopsis "Tor hidden service name generator") | |
307 | (description | |
308 | "Eschalot is a tor hidden service name generator, it allows one to | |
309 | produce customized vanity .onion addresses using a brute-force method. Searches | |
310 | for valid names can be run with regular expressions and wordlists. For the | |
311 | generation of wordlists the included tool @code{worgen} can be used. There is | |
312 | no man page, refer to the home page for usage details.") | |
313 | (license (list license:isc license:expat))))) | |
2e3f1851 EB |
314 | |
315 | (define-public tomb | |
316 | (package | |
317 | (name "tomb") | |
d56c55ff | 318 | (version "2.4") |
2e3f1851 EB |
319 | (source (origin |
320 | (method url-fetch) | |
321 | (uri (string-append "https://files.dyne.org/tomb/" | |
8ca2cb58 | 322 | "Tomb-" version ".tar.gz")) |
2e3f1851 EB |
323 | (sha256 |
324 | (base32 | |
d56c55ff | 325 | "1hv1w79as7swqj0n137vz8n8mwvcgwlvd91sdyssz41jarg7f1vr")))) |
2e3f1851 | 326 | (build-system gnu-build-system) |
d56c55ff | 327 | (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase |
2e3f1851 EB |
328 | (inputs |
329 | `(("zsh" ,zsh) | |
2e3f1851 EB |
330 | ("gnupg" ,gnupg) |
331 | ("cryptsetup" ,cryptsetup) | |
332 | ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4 | |
7c90d0f4 | 333 | ("gettext" ,gettext-minimal) ;used at runtime |
2e3f1851 EB |
334 | ("mlocate" ,mlocate) |
335 | ("pinentry" ,pinentry) | |
336 | ("qrencode" ,qrencode) | |
d56c55ff | 337 | ("steghide" ,steghide))) |
2e3f1851 EB |
338 | (arguments |
339 | `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
340 | ;; TODO: Build and install gtk and qt trays | |
341 | #:phases | |
342 | (modify-phases %standard-phases | |
343 | (delete 'configure) ;no configuration to be done | |
344 | (add-after 'install 'i18n | |
345 | (lambda* (#:key make-flags #:allow-other-keys) | |
346 | (zero? (apply system* | |
347 | "make" "-C" "extras/translations" | |
348 | "install" make-flags)))) | |
349 | (add-after 'install 'wrap | |
350 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
351 | (let ((out (assoc-ref outputs "out"))) | |
352 | (wrap-program (string-append out "/bin/tomb") | |
353 | `("PATH" ":" prefix | |
354 | (,(string-append (assoc-ref inputs "mlocate") "/bin") | |
355 | ,@(map (lambda (program) | |
356 | (or (and=> (which program) dirname) | |
357 | (error "program not found:" program))) | |
358 | '("seq" "mkfs.ext4" "pinentry" "sudo" | |
359 | "gpg" "cryptsetup" "gettext" | |
d56c55ff | 360 | "qrencode" "steghide"))))) |
2e3f1851 EB |
361 | #t))) |
362 | (delete 'check) | |
363 | (add-after 'wrap 'check | |
364 | (lambda* (#:key outputs #:allow-other-keys) | |
365 | ;; Running the full tests requires sudo/root access for | |
366 | ;; cryptsetup, which is not available in the build environment. | |
367 | ;; But we can run `tomb dig` without root, so make sure that | |
368 | ;; works. TODO: It Would Be Nice to check the expected "index", | |
369 | ;; "search", "bury", and "exhume" features are available by | |
370 | ;; querying `tomb -h`. | |
371 | (let ((tomb (string-append (assoc-ref outputs "out") | |
372 | "/bin/tomb"))) | |
373 | (zero? (system* tomb "dig" "-s" "10" "secrets.tomb")))))))) | |
374 | (home-page "http://www.dyne.org/software/tomb") | |
375 | (synopsis "File encryption for secret data") | |
376 | (description | |
377 | "Tomb is an application to manage the creation and access of encrypted | |
378 | storage files: it can be operated from commandline and it can integrate with a | |
379 | user's graphical desktop.") | |
380 | (license license:gpl3+))) | |
9381a02a LF |
381 | |
382 | (define-public scrypt | |
383 | (package | |
384 | (name "scrypt") | |
6c067a3f | 385 | (version "1.2.1") |
9381a02a LF |
386 | (source |
387 | (origin | |
388 | (method url-fetch) | |
389 | (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-" | |
390 | version ".tgz")) | |
391 | (sha256 | |
392 | (base32 | |
6c067a3f | 393 | "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6")))) |
9381a02a LF |
394 | (build-system gnu-build-system) |
395 | (arguments | |
396 | `(#:phases (modify-phases %standard-phases | |
397 | (add-after 'unpack 'patch-command-invocations | |
398 | (lambda _ | |
399 | (substitute* "Makefile.in" | |
400 | (("command -p") "")) | |
401 | #t)) | |
402 | (add-after 'install 'install-docs | |
403 | (lambda* (#:key outputs #:allow-other-keys) | |
404 | (let* ((out (assoc-ref %outputs "out")) | |
405 | (misc (string-append out "/share/doc/scrypt"))) | |
406 | (install-file "FORMAT" misc) | |
407 | #t)))))) | |
408 | (inputs | |
409 | `(("openssl" ,openssl))) | |
410 | (home-page "https://www.tarsnap.com/scrypt.html") | |
411 | (synopsis "Memory-hard encryption tool based on scrypt") | |
412 | (description "This packages provides a simple password-based encryption | |
413 | utility as a demonstration of the @code{scrypt} key derivation function. | |
414 | @code{Scrypt} is designed to be far more resistant against hardware brute-force | |
415 | attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") | |
416 | (license license:bsd-2))) | |
09c36743 LF |
417 | |
418 | (define-public python-asn1crypto | |
419 | (package | |
420 | (name "python-asn1crypto") | |
421 | (version "0.22.0") | |
422 | (source | |
423 | (origin | |
424 | (method url-fetch) | |
425 | (uri (string-append "https://github.com/wbond/asn1crypto/archive/" | |
426 | version ".tar.gz")) | |
427 | (sha256 | |
428 | (base32 | |
429 | "1kn910896l3knmilla1c9ly20q181s43w1ah08lzkbm1h3j6pcz0")))) | |
430 | (build-system python-build-system) | |
431 | (home-page "https://github.com/wbond/asn1crypto") | |
432 | (synopsis "ASN.1 parser and serializer in Python") | |
433 | (description "asn1crypto is an ASN.1 parser and serializer with definitions | |
434 | for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, | |
435 | PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.") | |
436 | (license license:expat))) | |
437 | ||
438 | (define-public python2-asn1crypto | |
439 | (package-with-python2 python-asn1crypto)) |