[jackhill/guix/guix.git] / gnu / packages / crypto.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 David Thompson <davet@gnu.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages crypto)
  #:use-module (gnu packages)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages aidc)
  #:use-module (gnu packages attr)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages boost)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages image)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages libbsd)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages password-utils)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages readline)
  #:use-module (gnu packages search)
  #:use-module (gnu packages serialization)
  #:use-module (gnu packages shells)
  #:use-module (gnu packages tcl)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system cmake)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python))

(define-public libsodium
  (package
    (name "libsodium")
    (version "1.0.13")
    (source (origin
            (method url-fetch)
            (uri (list (string-append
                        "http://download.libsodium.org/libsodium/"
                        "releases/libsodium-" version ".tar.gz")
                       (string-append
                        "https://download.libsodium.org/libsodium/"
                        "releases/old/libsodium-" version ".tar.gz")))
            (sha256
             (base32
              "1z93wfg4k5svg8yck6cgdr6ysj91kbpn03nyzwxanncy3b5sq4ww"))))
    (build-system gnu-build-system)
    (synopsis "Portable NaCl-based crypto library")
    (description
     "Sodium is a new easy-to-use high-speed software library for network
communication, encryption, decryption, signatures, etc.")
    (license license:isc)
    (home-page "http://libsodium.org")))

(define-public signify
  (package
    (name "signify")
    (version "21")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/aperezdc/signify/"
                                  "archive/v" version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "0jd26kxwmmar3bylpx9x5dpqxzs17ky5dvwx8pdgcg95n4lyk223"))))
    (build-system gnu-build-system)
    ;; TODO Build with libwaive (described in README.md), to implement something
    ;; like OpenBSD's pledge().
    (arguments
     `(#:tests? #f ; no test suite
       #:make-flags
       (list "CC=gcc"
             (string-append "PREFIX=" (assoc-ref %outputs "out")))
       #:phases
       (modify-phases %standard-phases
         (delete 'configure))))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("libbsd" ,libbsd)))
    (synopsis "Create and verify cryptographic signatures")
    (description "The signify utility creates and verifies cryptographic
signatures using the elliptic curve Ed25519.  This is a Linux port of the
OpenBSD tool of the same name.")
    (home-page "https://github.com/aperezdc/signify")
    ;; This package includes third-party code that was originally released under
    ;; various non-copyleft licenses. See the source files for clarification.
    (license (list license:bsd-3 license:bsd-4 license:expat license:isc
                   license:public-domain (license:non-copyleft
                                          "file://base64.c"
                                          "See base64.c in the distribution for
                                           the license from IBM.")))))


(define-public opendht
  (package
    (name "opendht")
    (version "0.6.1")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append
         "https://github.com/savoirfairelinux/" name
         "/archive/" version ".tar.gz"))
       (file-name (string-append name "-" version ".tar.gz"))
       (modules '((guix build utils)))
       (snippet
        '(begin
           (delete-file-recursively "src/argon2")
           (substitute* "src/Makefile.am"
             (("./argon2/libargon2.la") "")
             (("SUBDIRS = argon2") ""))
           (substitute* "src/crypto.cpp"
             (("argon2/argon2.h") "argon2.h"))
           (substitute* "configure.ac"
             (("src/argon2/Makefile") ""))))
       (sha256
        (base32
         "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
    (build-system gnu-build-system)
    (inputs
     `(("gnutls" ,gnutls)
       ("nettle" ,nettle)
       ("readline" ,readline)
       ("argon2" ,argon2)))
    (propagated-inputs
     `(("msgpack" ,msgpack)))           ;included in several installed headers
    (native-inputs
     `(("autoconf" ,autoconf)
       ("pkg-config" ,pkg-config)
       ("automake" ,automake)
       ("libtool" ,libtool)))
    (arguments
     `(#:configure-flags '("--disable-tools" "--disable-python")
       #:phases (modify-phases %standard-phases
                  (add-before 'configure 'autoconf
                    (lambda _
                      (zero? (system* "autoreconf" "-vfi")))))))
    (home-page "https://github.com/savoirfairelinux/opendht/")
    (synopsis "Distributed Hash Table (DHT) library")
    (description "OpenDHT is a Distributed Hash Table (DHT) library.  It may
be used to manage peer-to-peer network connections as needed for real time
communication.")
    (license license:gpl3)))

(define-public encfs
  (package
    (name "encfs")
    (version "1.9.1")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append "https://github.com/vgough/encfs/releases/download/v"
                       version "/encfs-" version ".tar.gz"))
       (sha256
        (base32
         "1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837"))
       (modules '((guix build utils)))
       ;; Remove bundled dependencies in favour of proper inputs.
       (snippet '(for-each delete-file-recursively
                           (find-files "internal" "^tinyxml2-[0-9]"
                                       #:directories? #t)))))
    (build-system cmake-build-system)
    (native-inputs
     `(("gettext" ,gettext-minimal)

       ;; Test dependencies.
       ("expect" ,expect)
       ("perl" ,perl)))
    (inputs
     `(("attr" ,attr)
       ("fuse" ,fuse)
       ("openssl" ,openssl)
       ("tinyxml2" ,tinyxml2)))
    (arguments
     `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")))
    (home-page "https://vgough.github.io/encfs")
    (synopsis "Encrypted virtual file system")
    (description
     "EncFS creates a virtual encrypted file system in user-space.  Each file
created under an EncFS mount point is stored as a separate encrypted file on
the underlying file system.  Like most encrypted file systems, EncFS is meant
to provide security against off-line attacks, such as a drive falling into
the wrong hands.")
    (license (list license:expat                  ; internal/easylogging++.h
                   license:lgpl3+                 ; encfs library
                   license:gpl3+))))              ; command-line tools

(define-public keyutils
  (package
    (name "keyutils")
    (version "1.5.9")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
                       version ".tar.bz2"))
       (sha256
        (base32
         "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"))
       (modules '((guix build utils)))
       ;; Create relative symbolic links instead of absolute ones to /lib/*
       (snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
                                          "$(LNS) ")))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases (modify-phases %standard-phases
                  (delete 'configure))          ; no configure script
       #:make-flags (list "CC=gcc"
                          "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
                          (string-append "DESTDIR="
                                         (assoc-ref %outputs "out"))
                          "INCLUDEDIR=/include"
                          "LIBDIR=/lib"
                          "MANDIR=/share/man"
                          "SHAREDIR=/share/keyutils")
       #:test-target "test"))
    (home-page "https://people.redhat.com/dhowells/keyutils/")
    (synopsis "Linux key management utilities")
    (description
     "Keyutils is a set of utilities for managing the key retention facility in
the Linux kernel, which can be used by file systems, block devices, and more to
gain and retain the authorization and encryption keys required to perform
secure operations. ")
    (license (list license:lgpl2.1+             ; the files keyutils.*
                   license:gpl2+))))            ; the rest

;; There is no release candidate but commits point out a version number,
;; furthermore no tarball exists.
(define-public eschalot
  (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
        (revision "1"))
    (package
      (name "eschalot")
      (version (string-append "1.2.0-" revision "." (string-take commit 7)))
      (source
       (origin
         (method git-fetch)
         (uri (git-reference
               (url "https://github.com/schnabear/eschalot")
               (commit commit)))
         (file-name (string-append name "-" version))
         (sha256
          (base32
           "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
      (inputs
       `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
      (build-system gnu-build-system)
      (arguments
       `(#:make-flags (list "CC=gcc"
                            (string-append "PREFIX=" (assoc-ref %outputs "out"))
                            (string-append "INSTALL=" "install"))
         ;; XXX: make test would run a !VERY! long hashing of names with the use
         ;; of a wordlist, the amount of computing time this would waste on build
         ;; servers is in no relation to the size or importance of this small
         ;; application, therefore we run our own tests on eschalot and worgen.
         #:phases
         (modify-phases %standard-phases
           (delete 'configure)
           (replace 'check
             (lambda _
               (and
                 (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
                                 "3-6" "top150adjectives.txt" "3-6"))
                 (zero? (system* "./eschalot" "-r" "^guix|^guixsd"))
                 (zero? (system* "./eschalot" "-r" "^gnu|^free"))
                 (zero? (system* "./eschalot" "-r" "^cyber|^hack"))
                 (zero? (system* "./eschalot" "-r" "^troll")))))
           ;; Make install can not create the bin dir, create it.
           (add-before 'install 'create-bin-dir
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (bin (string-append out "/bin")))
                 (mkdir-p bin)
                 #t))))))
      (home-page "https://github.com/schnabear/eschalot")
      (synopsis "Tor hidden service name generator")
      (description
       "Eschalot is a tor hidden service name generator, it allows one to
produce customized vanity .onion addresses using a brute-force method.  Searches
for valid names can be run with regular expressions and wordlists.  For the
generation of wordlists the included tool @code{worgen} can be used.  There is
no man page, refer to the home page for usage details.")
      (license (list license:isc license:expat)))))

(define-public tomb
  (package
    (name "tomb")
    (version "2.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://files.dyne.org/tomb/"
                                  "Tomb-" version ".tar.gz"))
              (sha256
               (base32
                "1hv1w79as7swqj0n137vz8n8mwvcgwlvd91sdyssz41jarg7f1vr"))))
    (build-system gnu-build-system)
    (native-inputs `(("sudo" ,sudo)))   ;presence needed for 'check' phase
    (inputs
     `(("zsh" ,zsh)
       ("gnupg" ,gnupg)
       ("cryptsetup" ,cryptsetup)
       ("e2fsprogs" ,e2fsprogs)         ;for mkfs.ext4
       ("gettext" ,gettext-minimal)     ;used at runtime
       ("mlocate" ,mlocate)
       ("pinentry" ,pinentry)
       ("qrencode" ,qrencode)
       ("steghide" ,steghide)))
    (arguments
     `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
       ;; TODO: Build and install gtk and qt trays
       #:phases
       (modify-phases %standard-phases
         (delete 'configure)   ;no configuration to be done
         (add-after 'install 'i18n
           (lambda* (#:key make-flags #:allow-other-keys)
             (zero? (apply system*
                           "make" "-C" "extras/translations"
                           "install" make-flags))))
         (add-after 'install 'wrap
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (wrap-program (string-append out "/bin/tomb")
                 `("PATH" ":" prefix
                   (,(string-append (assoc-ref inputs "mlocate") "/bin")
                    ,@(map (lambda (program)
                             (or (and=> (which program) dirname)
                                 (error "program not found:" program)))
                           '("seq" "mkfs.ext4" "pinentry" "sudo"
                             "gpg" "cryptsetup" "gettext"
                             "qrencode" "steghide")))))
               #t)))
         (delete 'check)
         (add-after 'wrap 'check
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Running the full tests requires sudo/root access for
             ;; cryptsetup, which is not available in the build environment.
             ;; But we can run `tomb dig` without root, so make sure that
             ;; works.  TODO: It Would Be Nice to check the expected "index",
             ;; "search", "bury", and "exhume" features are available by
             ;; querying `tomb -h`.
             (let ((tomb (string-append (assoc-ref outputs "out")
                                        "/bin/tomb")))
               (zero? (system* tomb "dig" "-s" "10" "secrets.tomb"))))))))
    (home-page "http://www.dyne.org/software/tomb")
    (synopsis "File encryption for secret data")
    (description
     "Tomb is an application to manage the creation and access of encrypted
storage files: it can be operated from commandline and it can integrate with a
user's graphical desktop.")
    (license license:gpl3+)))

(define-public scrypt
  (package
    (name "scrypt")
    (version "1.2.1")
    (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
                            version ".tgz"))
        (sha256
         (base32
          "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases (modify-phases %standard-phases
        (add-after 'unpack 'patch-command-invocations
          (lambda _
            (substitute* "Makefile.in"
              (("command -p") ""))
            #t))
        (add-after 'install 'install-docs
          (lambda* (#:key outputs #:allow-other-keys)
            (let* ((out (assoc-ref %outputs "out"))
                   (misc (string-append out "/share/doc/scrypt")))
              (install-file "FORMAT" misc)
              #t))))))
    (inputs
     `(("openssl" ,openssl)))
    (home-page "https://www.tarsnap.com/scrypt.html")
    (synopsis "Memory-hard encryption tool based on scrypt")
    (description "This packages provides a simple password-based encryption
utility as a demonstration of the @code{scrypt} key derivation function.
@code{Scrypt} is designed to be far more resistant against hardware brute-force
attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
    (license license:bsd-2)))

(define-public python-asn1crypto
  (package
    (name "python-asn1crypto")
    (version "0.22.0")
    (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/wbond/asn1crypto/archive/"
                            version ".tar.gz"))
        (sha256
         (base32
          "1kn910896l3knmilla1c9ly20q181s43w1ah08lzkbm1h3j6pcz0"))))
    (build-system python-build-system)
    (home-page "https://github.com/wbond/asn1crypto")
    (synopsis "ASN.1 parser and serializer in Python")
    (description "asn1crypto is an ASN.1 parser and serializer with definitions
for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7,
PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
    (license license:expat)))

(define-public python2-asn1crypto
  (package-with-python2 python-asn1crypto))
Commit	Line	Data
80b77646 DT	1	;;; GNU Guix --- Functional package management for GNU
80b77646 DT	2	;;; Copyright © 2014 David Thompson <davet@gnu.org>
b0cf606f	3	;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
9381a02a	4	;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
893d963a	5	;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
fb8a5d63	6	;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
6fabb196	7	;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
d56c55ff	8	;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
80b77646 DT	9	;;;
	10	;;; This file is part of GNU Guix.
	11	;;;
	12	;;; GNU Guix is free software; you can redistribute it and/or modify it
	13	;;; under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 3 of the License, or (at
	15	;;; your option) any later version.
	16	;;;
	17	;;; GNU Guix is distributed in the hope that it will be useful, but
	18	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	24
	25	(define-module (gnu packages crypto)
	26	#:use-module (gnu packages)
2e3f1851 EB	27	#:use-module (gnu packages admin)
2e3f1851 EB	28	#:use-module (gnu packages aidc)
b6f87ec0	29	#:use-module (gnu packages attr)
893d963a	30	#:use-module (gnu packages autotools)
fb8a5d63	31	#:use-module (gnu packages boost)
2e3f1851	32	#:use-module (gnu packages cryptsetup)
fb8a5d63	33	#:use-module (gnu packages gettext)
2e3f1851 EB	34	#:use-module (gnu packages gnupg)
2e3f1851 EB	35	#:use-module (gnu packages image)
f1876bfc LF	36	#:use-module (gnu packages pkg-config)
f1876bfc LF	37	#:use-module (gnu packages libbsd)
fb8a5d63	38	#:use-module (gnu packages linux)
893d963a LG	39	#:use-module (gnu packages nettle)
893d963a LG	40	#:use-module (gnu packages password-utils)
fb8a5d63	41	#:use-module (gnu packages perl)
893d963a	42	#:use-module (gnu packages readline)
2e3f1851	43	#:use-module (gnu packages search)
893d963a	44	#:use-module (gnu packages serialization)
19b2ea1b	45	#:use-module (gnu packages shells)
b6f87ec0	46	#:use-module (gnu packages tcl)
893d963a	47	#:use-module (gnu packages tls)
b6f87ec0	48	#:use-module (gnu packages xml)
7fb18f57	49	#:use-module ((guix licenses) #:prefix license:)
80b77646 DT	50	#:use-module (guix packages)
80b77646 DT	51	#:use-module (guix download)
6fabb196	52	#:use-module (guix git-download)
b6f87ec0	53	#:use-module (guix build-system cmake)
09c36743 LF	54	#:use-module (guix build-system gnu)
09c36743 LF	55	#:use-module (guix build-system python))
80b77646 DT	56
	57	(define-public libsodium
	58	(package
	59	(name "libsodium")
188ba38e	60	(version "1.0.13")
80b77646 DT	61	(source (origin
80b77646 DT	62	(method url-fetch)
4150ac88 LF	63	(uri (list (string-append
	64	"http://download.libsodium.org/libsodium/"
	65	"releases/libsodium-" version ".tar.gz")
	66	(string-append
	67	"https://download.libsodium.org/libsodium/"
	68	"releases/old/libsodium-" version ".tar.gz")))
80b77646 DT	69	(sha256
80b77646 DT	70	(base32
188ba38e	71	"1z93wfg4k5svg8yck6cgdr6ysj91kbpn03nyzwxanncy3b5sq4ww"))))
80b77646 DT	72	(build-system gnu-build-system)
	73	(synopsis "Portable NaCl-based crypto library")
	74	(description
35b9e423	75	"Sodium is a new easy-to-use high-speed software library for network
80b77646	76	communication, encryption, decryption, signatures, etc.")
7fb18f57	77	(license license:isc)
fddb6409	78	(home-page "http://libsodium.org")))
f1876bfc LF	79
	80	(define-public signify
	81	(package
	82	(name "signify")
2ad7919d	83	(version "21")
f1876bfc LF	84	(source (origin
	85	(method url-fetch)
	86	(uri (string-append "https://github.com/aperezdc/signify/"
	87	"archive/v" version ".tar.gz"))
	88	(file-name (string-append name "-" version ".tar.gz"))
	89	(sha256
	90	(base32
2ad7919d	91	"0jd26kxwmmar3bylpx9x5dpqxzs17ky5dvwx8pdgcg95n4lyk223"))))
f1876bfc LF	92	(build-system gnu-build-system)
	93	;; TODO Build with libwaive (described in README.md), to implement something
	94	;; like OpenBSD's pledge().
	95	(arguments
	96	`(#:tests? #f ; no test suite
	97	#:make-flags
	98	(list "CC=gcc"
	99	(string-append "PREFIX=" (assoc-ref %outputs "out")))
	100	#:phases
	101	(modify-phases %standard-phases
	102	(delete 'configure))))
	103	(native-inputs
	104	`(("pkg-config" ,pkg-config)))
	105	(inputs
	106	`(("libbsd" ,libbsd)))
	107	(synopsis "Create and verify cryptographic signatures")
	108	(description "The signify utility creates and verifies cryptographic
	109	signatures using the elliptic curve Ed25519. This is a Linux port of the
	110	OpenBSD tool of the same name.")
	111	(home-page "https://github.com/aperezdc/signify")
	112	;; This package includes third-party code that was originally released under
	113	;; various non-copyleft licenses. See the source files for clarification.
7fb18f57 TGR	114	(license (list license:bsd-3 license:bsd-4 license:expat license:isc
	115	license:public-domain (license:non-copyleft
	116	"file://base64.c"
	117	"See base64.c in the distribution for
	118	the license from IBM.")))))
893d963a LG	119
	120
	121	(define-public opendht
	122	(package
	123	(name "opendht")
	124	(version "0.6.1")
	125	(source
	126	(origin
	127	(method url-fetch)
	128	(uri
	129	(string-append
	130	"https://github.com/savoirfairelinux/" name
	131	"/archive/" version ".tar.gz"))
	132	(file-name (string-append name "-" version ".tar.gz"))
	133	(modules '((guix build utils)))
	134	(snippet
	135	'(begin
	136	(delete-file-recursively "src/argon2")
	137	(substitute* "src/Makefile.am"
	138	(("./argon2/libargon2.la") "")
	139	(("SUBDIRS = argon2") ""))
	140	(substitute* "src/crypto.cpp"
	141	(("argon2/argon2.h") "argon2.h"))
	142	(substitute* "configure.ac"
	143	(("src/argon2/Makefile") ""))))
	144	(sha256
	145	(base32
	146	"09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
	147	(build-system gnu-build-system)
	148	(inputs
	149	`(("gnutls" ,gnutls)
	150	("nettle" ,nettle)
893d963a LG	151	("readline" ,readline)
893d963a LG	152	("argon2" ,argon2)))
615c9990 LG	153	(propagated-inputs
615c9990 LG	154	`(("msgpack" ,msgpack))) ;included in several installed headers
893d963a LG	155	(native-inputs
	156	`(("autoconf" ,autoconf)
	157	("pkg-config" ,pkg-config)
	158	("automake" ,automake)
	159	("libtool" ,libtool)))
	160	(arguments
	161	`(#:configure-flags '("--disable-tools" "--disable-python")
	162	#:phases (modify-phases %standard-phases
	163	(add-before 'configure 'autoconf
	164	(lambda _
	165	(zero? (system* "autoreconf" "-vfi")))))))
	166	(home-page "https://github.com/savoirfairelinux/opendht/")
	167	(synopsis "Distributed Hash Table (DHT) library")
	168	(description "OpenDHT is a Distributed Hash Table (DHT) library. It may
	169	be used to manage peer-to-peer network connections as needed for real time
	170	communication.")
7fb18f57	171	(license license:gpl3)))
fb8a5d63	172
fb8a5d63 TGR	173	(define-public encfs
	174	(package
	175	(name "encfs")
ffabdc18	176	(version "1.9.1")
fb8a5d63 TGR	177	(source
	178	(origin
	179	(method url-fetch)
	180	(uri
	181	(string-append "https://github.com/vgough/encfs/releases/download/v"
	182	version "/encfs-" version ".tar.gz"))
	183	(sha256
	184	(base32
ffabdc18	185	"1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837"))
b6f87ec0 TGR	186	(modules '((guix build utils)))
	187	;; Remove bundled dependencies in favour of proper inputs.
	188	(snippet '(for-each delete-file-recursively
	189	(find-files "internal" "^tinyxml2-[0-9]"
	190	#:directories? #t)))))
	191	(build-system cmake-build-system)
fb8a5d63	192	(native-inputs
79355ae3	193	`(("gettext" ,gettext-minimal)
b6f87ec0 TGR	194
	195	;; Test dependencies.
	196	("expect" ,expect)
	197	("perl" ,perl)))
fb8a5d63	198	(inputs
b6f87ec0	199	`(("attr" ,attr)
fb8a5d63 TGR	200	("fuse" ,fuse)
fb8a5d63 TGR	201	("openssl" ,openssl)
b6f87ec0 TGR	202	("tinyxml2" ,tinyxml2)))
	203	(arguments
	204	`(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")))
fb8a5d63 TGR	205	(home-page "https://vgough.github.io/encfs")
	206	(synopsis "Encrypted virtual file system")
	207	(description
	208	"EncFS creates a virtual encrypted file system in user-space. Each file
	209	created under an EncFS mount point is stored as a separate encrypted file on
	210	the underlying file system. Like most encrypted file systems, EncFS is meant
	211	to provide security against off-line attacks, such as a drive falling into
	212	the wrong hands.")
b6f87ec0 TGR	213	(license (list license:expat ; internal/easylogging++.h
	214	license:lgpl3+ ; encfs library
	215	license:gpl3+)))) ; command-line tools
279d902b TGR	216
	217	(define-public keyutils
	218	(package
	219	(name "keyutils")
	220	(version "1.5.9")
	221	(source
	222	(origin
	223	(method url-fetch)
	224	(uri
	225	(string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
	226	version ".tar.bz2"))
	227	(sha256
	228	(base32
	229	"1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"))
	230	(modules '((guix build utils)))
	231	;; Create relative symbolic links instead of absolute ones to /lib/*
	232	(snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
	233	"$(LNS) ")))))
	234	(build-system gnu-build-system)
	235	(arguments
	236	`(#:phases (modify-phases %standard-phases
	237	(delete 'configure)) ; no configure script
	238	#:make-flags (list "CC=gcc"
	239	"RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
	240	(string-append "DESTDIR="
	241	(assoc-ref %outputs "out"))
	242	"INCLUDEDIR=/include"
	243	"LIBDIR=/lib"
	244	"MANDIR=/share/man"
	245	"SHAREDIR=/share/keyutils")
	246	#:test-target "test"))
	247	(home-page "https://people.redhat.com/dhowells/keyutils/")
5b63a856	248	(synopsis "Linux key management utilities")
279d902b TGR	249	(description
	250	"Keyutils is a set of utilities for managing the key retention facility in
	251	the Linux kernel, which can be used by file systems, block devices, and more to
	252	gain and retain the authorization and encryption keys required to perform
	253	secure operations. ")
	254	(license (list license:lgpl2.1+ ; the files keyutils.*
	255	license:gpl2+)))) ; the rest
6fabb196	256
	257	;; There is no release candidate but commits point out a version number,
	258	;; furthermore no tarball exists.
	259	(define-public eschalot
	260	(let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
	261	(revision "1"))
	262	(package
	263	(name "eschalot")
	264	(version (string-append "1.2.0-" revision "." (string-take commit 7)))
	265	(source
	266	(origin
	267	(method git-fetch)
	268	(uri (git-reference
	269	(url "https://github.com/schnabear/eschalot")
	270	(commit commit)))
	271	(file-name (string-append name "-" version))
	272	(sha256
	273	(base32
	274	"0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
	275	(inputs
	276	`(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
	277	(build-system gnu-build-system)
	278	(arguments
	279	`(#:make-flags (list "CC=gcc"
	280	(string-append "PREFIX=" (assoc-ref %outputs "out"))
	281	(string-append "INSTALL=" "install"))
	282	;; XXX: make test would run a !VERY! long hashing of names with the use
	283	;; of a wordlist, the amount of computing time this would waste on build
	284	;; servers is in no relation to the size or importance of this small
	285	;; application, therefore we run our own tests on eschalot and worgen.
	286	#:phases
	287	(modify-phases %standard-phases
	288	(delete 'configure)
	289	(replace 'check
	290	(lambda _
	291	(and
	292	(zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
	293	"3-6" "top150adjectives.txt" "3-6"))
	294	(zero? (system* "./eschalot" "-r" "^guix\|^guixsd"))
	295	(zero? (system* "./eschalot" "-r" "^gnu\|^free"))
	296	(zero? (system* "./eschalot" "-r" "^cyber\|^hack"))
	297	(zero? (system* "./eschalot" "-r" "^troll")))))
	298	;; Make install can not create the bin dir, create it.
	299	(add-before 'install 'create-bin-dir
	300	(lambda* (#:key outputs #:allow-other-keys)
	301	(let* ((out (assoc-ref outputs "out"))
	302	(bin (string-append out "/bin")))
	303	(mkdir-p bin)
	304	#t))))))
	305	(home-page "https://github.com/schnabear/eschalot")
	306	(synopsis "Tor hidden service name generator")
	307	(description
	308	"Eschalot is a tor hidden service name generator, it allows one to
	309	produce customized vanity .onion addresses using a brute-force method. Searches
	310	for valid names can be run with regular expressions and wordlists. For the
	311	generation of wordlists the included tool @code{worgen} can be used. There is
	312	no man page, refer to the home page for usage details.")
	313	(license (list license:isc license:expat)))))
2e3f1851 EB	314
	315	(define-public tomb
	316	(package
	317	(name "tomb")
d56c55ff	318	(version "2.4")
2e3f1851 EB	319	(source (origin
	320	(method url-fetch)
	321	(uri (string-append "https://files.dyne.org/tomb/"
8ca2cb58	322	"Tomb-" version ".tar.gz"))
2e3f1851 EB	323	(sha256
2e3f1851 EB	324	(base32
d56c55ff	325	"1hv1w79as7swqj0n137vz8n8mwvcgwlvd91sdyssz41jarg7f1vr"))))
2e3f1851	326	(build-system gnu-build-system)
d56c55ff	327	(native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
2e3f1851 EB	328	(inputs
2e3f1851 EB	329	`(("zsh" ,zsh)
2e3f1851 EB	330	("gnupg" ,gnupg)
	331	("cryptsetup" ,cryptsetup)
	332	("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
7c90d0f4	333	("gettext" ,gettext-minimal) ;used at runtime
2e3f1851 EB	334	("mlocate" ,mlocate)
	335	("pinentry" ,pinentry)
	336	("qrencode" ,qrencode)
d56c55ff	337	("steghide" ,steghide)))
2e3f1851 EB	338	(arguments
	339	`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
	340	;; TODO: Build and install gtk and qt trays
	341	#:phases
	342	(modify-phases %standard-phases
	343	(delete 'configure) ;no configuration to be done
	344	(add-after 'install 'i18n
	345	(lambda* (#:key make-flags #:allow-other-keys)
	346	(zero? (apply system*
	347	"make" "-C" "extras/translations"
	348	"install" make-flags))))
	349	(add-after 'install 'wrap
	350	(lambda* (#:key inputs outputs #:allow-other-keys)
	351	(let ((out (assoc-ref outputs "out")))
	352	(wrap-program (string-append out "/bin/tomb")
	353	`("PATH" ":" prefix
	354	(,(string-append (assoc-ref inputs "mlocate") "/bin")
	355	,@(map (lambda (program)
	356	(or (and=> (which program) dirname)
	357	(error "program not found:" program)))
	358	'("seq" "mkfs.ext4" "pinentry" "sudo"
	359	"gpg" "cryptsetup" "gettext"
d56c55ff	360	"qrencode" "steghide")))))
2e3f1851 EB	361	#t)))
	362	(delete 'check)
	363	(add-after 'wrap 'check
	364	(lambda* (#:key outputs #:allow-other-keys)
	365	;; Running the full tests requires sudo/root access for
	366	;; cryptsetup, which is not available in the build environment.
	367	;; But we can run `tomb dig` without root, so make sure that
	368	;; works. TODO: It Would Be Nice to check the expected "index",
	369	;; "search", "bury", and "exhume" features are available by
	370	;; querying `tomb -h`.
	371	(let ((tomb (string-append (assoc-ref outputs "out")
	372	"/bin/tomb")))
	373	(zero? (system* tomb "dig" "-s" "10" "secrets.tomb"))))))))
	374	(home-page "http://www.dyne.org/software/tomb")
	375	(synopsis "File encryption for secret data")
	376	(description
	377	"Tomb is an application to manage the creation and access of encrypted
	378	storage files: it can be operated from commandline and it can integrate with a
	379	user's graphical desktop.")
	380	(license license:gpl3+)))
9381a02a LF	381
	382	(define-public scrypt
	383	(package
	384	(name "scrypt")
6c067a3f	385	(version "1.2.1")
9381a02a LF	386	(source
	387	(origin
	388	(method url-fetch)
	389	(uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
	390	version ".tgz"))
	391	(sha256
	392	(base32
6c067a3f	393	"0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
9381a02a LF	394	(build-system gnu-build-system)
	395	(arguments
	396	`(#:phases (modify-phases %standard-phases
	397	(add-after 'unpack 'patch-command-invocations
	398	(lambda _
	399	(substitute* "Makefile.in"
	400	(("command -p") ""))
	401	#t))
	402	(add-after 'install 'install-docs
	403	(lambda* (#:key outputs #:allow-other-keys)
	404	(let* ((out (assoc-ref %outputs "out"))
	405	(misc (string-append out "/share/doc/scrypt")))
	406	(install-file "FORMAT" misc)
	407	#t))))))
	408	(inputs
	409	`(("openssl" ,openssl)))
	410	(home-page "https://www.tarsnap.com/scrypt.html")
	411	(synopsis "Memory-hard encryption tool based on scrypt")
	412	(description "This packages provides a simple password-based encryption
	413	utility as a demonstration of the @code{scrypt} key derivation function.
	414	@code{Scrypt} is designed to be far more resistant against hardware brute-force
	415	attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
	416	(license license:bsd-2)))
09c36743 LF	417
	418	(define-public python-asn1crypto
	419	(package
	420	(name "python-asn1crypto")
	421	(version "0.22.0")
	422	(source
	423	(origin
	424	(method url-fetch)
	425	(uri (string-append "https://github.com/wbond/asn1crypto/archive/"
	426	version ".tar.gz"))
	427	(sha256
	428	(base32
	429	"1kn910896l3knmilla1c9ly20q181s43w1ah08lzkbm1h3j6pcz0"))))
	430	(build-system python-build-system)
	431	(home-page "https://github.com/wbond/asn1crypto")
	432	(synopsis "ASN.1 parser and serializer in Python")
	433	(description "asn1crypto is an ASN.1 parser and serializer with definitions
	434	for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7,
	435	PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
	436	(license license:expat)))
	437
	438	(define-public python2-asn1crypto
	439	(package-with-python2 python-asn1crypto))