Commit | Line | Data |
---|---|---|
80b77646 DT |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 David Thompson <davet@gnu.org> | |
d96e162a | 3 | ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net> |
b6beda1d | 4 | ;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name> |
893d963a | 5 | ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox> |
c6220b13 | 6 | ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
4a78fd46 | 7 | ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is> |
d56c55ff | 8 | ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org> |
de98f4ed | 9 | ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com> |
fa58a0a6 | 10 | ;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il> |
a21eb019 | 11 | ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> |
84be0e9a | 12 | ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr> |
80b77646 DT |
13 | ;;; |
14 | ;;; This file is part of GNU Guix. | |
15 | ;;; | |
16 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
17 | ;;; under the terms of the GNU General Public License as published by | |
18 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
19 | ;;; your option) any later version. | |
20 | ;;; | |
21 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
22 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
23 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
24 | ;;; GNU General Public License for more details. | |
25 | ;;; | |
26 | ;;; You should have received a copy of the GNU General Public License | |
27 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
28 | ||
29 | (define-module (gnu packages crypto) | |
30 | #:use-module (gnu packages) | |
2e3f1851 EB |
31 | #:use-module (gnu packages admin) |
32 | #:use-module (gnu packages aidc) | |
b6f87ec0 | 33 | #:use-module (gnu packages attr) |
893d963a | 34 | #:use-module (gnu packages autotools) |
fb8a5d63 | 35 | #:use-module (gnu packages boost) |
47de00af | 36 | #:use-module (gnu packages check) |
de98f4ed | 37 | #:use-module (gnu packages compression) |
2e3f1851 | 38 | #:use-module (gnu packages cryptsetup) |
b6beda1d | 39 | #:use-module (gnu packages databases) |
fb8a5d63 | 40 | #:use-module (gnu packages gettext) |
2e3f1851 EB |
41 | #:use-module (gnu packages gnupg) |
42 | #:use-module (gnu packages image) | |
8a68b71d | 43 | #:use-module (gnu packages kerberos) |
f1876bfc | 44 | #:use-module (gnu packages libbsd) |
0751fddd | 45 | #:use-module (gnu packages libffi) |
fb8a5d63 | 46 | #:use-module (gnu packages linux) |
893d963a LG |
47 | #:use-module (gnu packages nettle) |
48 | #:use-module (gnu packages password-utils) | |
fb8a5d63 | 49 | #:use-module (gnu packages perl) |
5ccde207 | 50 | #:use-module (gnu packages perl-check) |
b6beda1d LF |
51 | #:use-module (gnu packages pkg-config) |
52 | #:use-module (gnu packages python) | |
893d963a | 53 | #:use-module (gnu packages readline) |
2e3f1851 | 54 | #:use-module (gnu packages search) |
893d963a | 55 | #:use-module (gnu packages serialization) |
19b2ea1b | 56 | #:use-module (gnu packages shells) |
b6f87ec0 | 57 | #:use-module (gnu packages tcl) |
893d963a | 58 | #:use-module (gnu packages tls) |
b6f87ec0 | 59 | #:use-module (gnu packages xml) |
7fb18f57 | 60 | #:use-module ((guix licenses) #:prefix license:) |
80b77646 DT |
61 | #:use-module (guix packages) |
62 | #:use-module (guix download) | |
6fabb196 | 63 | #:use-module (guix git-download) |
b6f87ec0 | 64 | #:use-module (guix build-system cmake) |
09c36743 | 65 | #:use-module (guix build-system gnu) |
fa58a0a6 EF |
66 | #:use-module (guix build-system perl) |
67 | #:use-module (srfi srfi-1) | |
68 | #:use-module (srfi srfi-26)) | |
80b77646 DT |
69 | |
70 | (define-public libsodium | |
71 | (package | |
72 | (name "libsodium") | |
7bd9af73 | 73 | (version "1.0.16") |
80b77646 DT |
74 | (source (origin |
75 | (method url-fetch) | |
4150ac88 | 76 | (uri (list (string-append |
bee98a9f | 77 | "https://download.libsodium.org/libsodium/" |
4150ac88 LF |
78 | "releases/libsodium-" version ".tar.gz") |
79 | (string-append | |
80 | "https://download.libsodium.org/libsodium/" | |
81 | "releases/old/libsodium-" version ".tar.gz"))) | |
80b77646 DT |
82 | (sha256 |
83 | (base32 | |
7bd9af73 | 84 | "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf")))) |
80b77646 DT |
85 | (build-system gnu-build-system) |
86 | (synopsis "Portable NaCl-based crypto library") | |
87 | (description | |
35b9e423 | 88 | "Sodium is a new easy-to-use high-speed software library for network |
80b77646 | 89 | communication, encryption, decryption, signatures, etc.") |
7fb18f57 | 90 | (license license:isc) |
bee98a9f | 91 | (home-page "https://libsodium.org"))) |
f1876bfc | 92 | |
32977915 CB |
93 | (define-public libmd |
94 | (package | |
95 | (name "libmd") | |
f1d7e14a | 96 | (version "1.0.0") |
32977915 CB |
97 | (source (origin |
98 | (method url-fetch) | |
f1d7e14a MB |
99 | (uri |
100 | (list | |
101 | (string-append "https://archive.hadrons.org/software/libmd/libmd-" | |
102 | version ".tar.xz") | |
103 | (string-append "https://libbsd.freedesktop.org/releases/libmd-" | |
104 | version ".tar.xz"))) | |
32977915 CB |
105 | (sha256 |
106 | (base32 | |
f1d7e14a | 107 | "1iv45npzv0gncjgcpx5m081861zdqxw667ysghqb8721yrlyl6pj")))) |
32977915 CB |
108 | (build-system gnu-build-system) |
109 | (synopsis "Message Digest functions from BSD systems") | |
110 | (description | |
111 | "The currently provided message digest algorithms are: | |
112 | @itemize | |
113 | @item MD2 | |
114 | @item MD4 | |
115 | @item MD5 | |
116 | @item RIPEMD-160 | |
117 | @item SHA-1 | |
118 | @item SHA-2 (SHA-256, SHA-384 and SHA-512) | |
119 | @end itemize") | |
120 | (license (list license:bsd-3 | |
121 | license:bsd-2 | |
122 | license:isc | |
123 | license:public-domain)) | |
124 | (home-page "https://www.hadrons.org/software/libmd/"))) | |
125 | ||
f1876bfc LF |
126 | (define-public signify |
127 | (package | |
128 | (name "signify") | |
c2311644 | 129 | (version "24") |
f1876bfc LF |
130 | (source (origin |
131 | (method url-fetch) | |
132 | (uri (string-append "https://github.com/aperezdc/signify/" | |
133 | "archive/v" version ".tar.gz")) | |
134 | (file-name (string-append name "-" version ".tar.gz")) | |
135 | (sha256 | |
136 | (base32 | |
c2311644 | 137 | "0594vyvkq176xxzaz9xbq8qs0xdnr8s9gkd1prblwpdvnzmw0xvc")))) |
f1876bfc LF |
138 | (build-system gnu-build-system) |
139 | ;; TODO Build with libwaive (described in README.md), to implement something | |
140 | ;; like OpenBSD's pledge(). | |
141 | (arguments | |
142 | `(#:tests? #f ; no test suite | |
143 | #:make-flags | |
144 | (list "CC=gcc" | |
145 | (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
146 | #:phases | |
147 | (modify-phases %standard-phases | |
148 | (delete 'configure)))) | |
149 | (native-inputs | |
150 | `(("pkg-config" ,pkg-config))) | |
151 | (inputs | |
152 | `(("libbsd" ,libbsd))) | |
153 | (synopsis "Create and verify cryptographic signatures") | |
154 | (description "The signify utility creates and verifies cryptographic | |
155 | signatures using the elliptic curve Ed25519. This is a Linux port of the | |
156 | OpenBSD tool of the same name.") | |
157 | (home-page "https://github.com/aperezdc/signify") | |
158 | ;; This package includes third-party code that was originally released under | |
159 | ;; various non-copyleft licenses. See the source files for clarification. | |
7fb18f57 TGR |
160 | (license (list license:bsd-3 license:bsd-4 license:expat license:isc |
161 | license:public-domain (license:non-copyleft | |
162 | "file://base64.c" | |
163 | "See base64.c in the distribution for | |
164 | the license from IBM."))))) | |
893d963a LG |
165 | |
166 | ||
167 | (define-public opendht | |
168 | (package | |
169 | (name "opendht") | |
170 | (version "0.6.1") | |
171 | (source | |
172 | (origin | |
173 | (method url-fetch) | |
174 | (uri | |
175 | (string-append | |
176 | "https://github.com/savoirfairelinux/" name | |
177 | "/archive/" version ".tar.gz")) | |
178 | (file-name (string-append name "-" version ".tar.gz")) | |
179 | (modules '((guix build utils))) | |
180 | (snippet | |
181 | '(begin | |
182 | (delete-file-recursively "src/argon2") | |
183 | (substitute* "src/Makefile.am" | |
184 | (("./argon2/libargon2.la") "") | |
185 | (("SUBDIRS = argon2") "")) | |
186 | (substitute* "src/crypto.cpp" | |
187 | (("argon2/argon2.h") "argon2.h")) | |
188 | (substitute* "configure.ac" | |
6cbee49d MW |
189 | (("src/argon2/Makefile") "")) |
190 | #t)) | |
893d963a LG |
191 | (sha256 |
192 | (base32 | |
193 | "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x")))) | |
194 | (build-system gnu-build-system) | |
195 | (inputs | |
196 | `(("gnutls" ,gnutls) | |
197 | ("nettle" ,nettle) | |
893d963a LG |
198 | ("readline" ,readline) |
199 | ("argon2" ,argon2))) | |
615c9990 LG |
200 | (propagated-inputs |
201 | `(("msgpack" ,msgpack))) ;included in several installed headers | |
893d963a LG |
202 | (native-inputs |
203 | `(("autoconf" ,autoconf) | |
204 | ("pkg-config" ,pkg-config) | |
205 | ("automake" ,automake) | |
206 | ("libtool" ,libtool))) | |
207 | (arguments | |
208 | `(#:configure-flags '("--disable-tools" "--disable-python") | |
209 | #:phases (modify-phases %standard-phases | |
d10092b8 | 210 | (add-after 'unpack 'autoconf |
893d963a LG |
211 | (lambda _ |
212 | (zero? (system* "autoreconf" "-vfi"))))))) | |
213 | (home-page "https://github.com/savoirfairelinux/opendht/") | |
214 | (synopsis "Distributed Hash Table (DHT) library") | |
215 | (description "OpenDHT is a Distributed Hash Table (DHT) library. It may | |
216 | be used to manage peer-to-peer network connections as needed for real time | |
217 | communication.") | |
7fb18f57 | 218 | (license license:gpl3))) |
fb8a5d63 | 219 | |
fb8a5d63 TGR |
220 | (define-public encfs |
221 | (package | |
222 | (name "encfs") | |
47de00af | 223 | (version "1.9.5") |
fb8a5d63 TGR |
224 | (source |
225 | (origin | |
226 | (method url-fetch) | |
227 | (uri | |
228 | (string-append "https://github.com/vgough/encfs/releases/download/v" | |
229 | version "/encfs-" version ".tar.gz")) | |
230 | (sha256 | |
231 | (base32 | |
47de00af | 232 | "0qzxavvv20577bxvly8s7d3y7bqasqclc2mllp0ddfncjm9z02a7")) |
b6f87ec0 TGR |
233 | (modules '((guix build utils))) |
234 | ;; Remove bundled dependencies in favour of proper inputs. | |
6cbee49d MW |
235 | (snippet '(begin |
236 | (for-each delete-file-recursively | |
47de00af PN |
237 | '("vendor/github.com/leethomason/tinyxml2" |
238 | "vendor/github.com/google/googletest")) | |
6cbee49d | 239 | #t)))) |
b6f87ec0 | 240 | (build-system cmake-build-system) |
fb8a5d63 | 241 | (native-inputs |
79355ae3 | 242 | `(("gettext" ,gettext-minimal) |
b6f87ec0 TGR |
243 | |
244 | ;; Test dependencies. | |
245 | ("expect" ,expect) | |
47de00af | 246 | ("googletest-source" ,(package-source googletest)) |
b6f87ec0 | 247 | ("perl" ,perl))) |
fb8a5d63 | 248 | (inputs |
b6f87ec0 | 249 | `(("attr" ,attr) |
fb8a5d63 TGR |
250 | ("fuse" ,fuse) |
251 | ("openssl" ,openssl) | |
b6f87ec0 TGR |
252 | ("tinyxml2" ,tinyxml2))) |
253 | (arguments | |
47de00af PN |
254 | `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF") |
255 | #:phases | |
256 | (modify-phases %standard-phases | |
257 | (add-after 'unpack 'unpack-googletest | |
258 | (lambda* (#:key inputs #:allow-other-keys) | |
259 | (mkdir-p "vendor/github.com/google/googletest") | |
260 | (invoke "tar" "xvf" (assoc-ref inputs "googletest-source") | |
261 | "-C" "vendor/github.com/google/googletest" | |
262 | "--strip-components=1"))) | |
263 | (add-before 'check 'make-unittests | |
264 | (lambda _ | |
265 | (invoke "make" "unittests")))))) | |
fb8a5d63 TGR |
266 | (home-page "https://vgough.github.io/encfs") |
267 | (synopsis "Encrypted virtual file system") | |
268 | (description | |
269 | "EncFS creates a virtual encrypted file system in user-space. Each file | |
270 | created under an EncFS mount point is stored as a separate encrypted file on | |
271 | the underlying file system. Like most encrypted file systems, EncFS is meant | |
272 | to provide security against off-line attacks, such as a drive falling into | |
273 | the wrong hands.") | |
b6f87ec0 TGR |
274 | (license (list license:expat ; internal/easylogging++.h |
275 | license:lgpl3+ ; encfs library | |
276 | license:gpl3+)))) ; command-line tools | |
279d902b TGR |
277 | |
278 | (define-public keyutils | |
279 | (package | |
280 | (name "keyutils") | |
8a68b71d | 281 | (version "1.5.11") |
279d902b TGR |
282 | (source |
283 | (origin | |
284 | (method url-fetch) | |
285 | (uri | |
286 | (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-" | |
287 | version ".tar.bz2")) | |
288 | (sha256 | |
289 | (base32 | |
8a68b71d | 290 | "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i")) |
279d902b | 291 | (modules '((guix build utils))) |
8a68b71d | 292 | ;; Create relative symbolic links instead of absolute ones to /lib/*. |
6cbee49d MW |
293 | (snippet '(begin |
294 | (substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/") | |
295 | "$(LNS) ")) | |
296 | #t)))) | |
279d902b TGR |
297 | (build-system gnu-build-system) |
298 | (arguments | |
299 | `(#:phases (modify-phases %standard-phases | |
300 | (delete 'configure)) ; no configure script | |
301 | #:make-flags (list "CC=gcc" | |
302 | "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)" | |
303 | (string-append "DESTDIR=" | |
304 | (assoc-ref %outputs "out")) | |
305 | "INCLUDEDIR=/include" | |
306 | "LIBDIR=/lib" | |
307 | "MANDIR=/share/man" | |
308 | "SHAREDIR=/share/keyutils") | |
309 | #:test-target "test")) | |
8a68b71d TGR |
310 | (inputs |
311 | `(("mit-krb5" ,mit-krb5))) | |
279d902b | 312 | (home-page "https://people.redhat.com/dhowells/keyutils/") |
5b63a856 | 313 | (synopsis "Linux key management utilities") |
279d902b TGR |
314 | (description |
315 | "Keyutils is a set of utilities for managing the key retention facility in | |
316 | the Linux kernel, which can be used by file systems, block devices, and more to | |
317 | gain and retain the authorization and encryption keys required to perform | |
318 | secure operations. ") | |
319 | (license (list license:lgpl2.1+ ; the files keyutils.* | |
320 | license:gpl2+)))) ; the rest | |
6fabb196 | 321 | |
322 | ;; There is no release candidate but commits point out a version number, | |
323 | ;; furthermore no tarball exists. | |
324 | (define-public eschalot | |
325 | (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44") | |
326 | (revision "1")) | |
327 | (package | |
328 | (name "eschalot") | |
329 | (version (string-append "1.2.0-" revision "." (string-take commit 7))) | |
330 | (source | |
331 | (origin | |
332 | (method git-fetch) | |
333 | (uri (git-reference | |
334 | (url "https://github.com/schnabear/eschalot") | |
335 | (commit commit))) | |
336 | (file-name (string-append name "-" version)) | |
337 | (sha256 | |
338 | (base32 | |
339 | "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98")))) | |
340 | (inputs | |
341 | `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h | |
342 | (build-system gnu-build-system) | |
343 | (arguments | |
344 | `(#:make-flags (list "CC=gcc" | |
345 | (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
346 | (string-append "INSTALL=" "install")) | |
347 | ;; XXX: make test would run a !VERY! long hashing of names with the use | |
348 | ;; of a wordlist, the amount of computing time this would waste on build | |
349 | ;; servers is in no relation to the size or importance of this small | |
350 | ;; application, therefore we run our own tests on eschalot and worgen. | |
351 | #:phases | |
352 | (modify-phases %standard-phases | |
353 | (delete 'configure) | |
354 | (replace 'check | |
355 | (lambda _ | |
356 | (and | |
357 | (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt" | |
358 | "3-6" "top150adjectives.txt" "3-6")) | |
359 | (zero? (system* "./eschalot" "-r" "^guix|^guixsd")) | |
360 | (zero? (system* "./eschalot" "-r" "^gnu|^free")) | |
361 | (zero? (system* "./eschalot" "-r" "^cyber|^hack")) | |
362 | (zero? (system* "./eschalot" "-r" "^troll"))))) | |
363 | ;; Make install can not create the bin dir, create it. | |
364 | (add-before 'install 'create-bin-dir | |
365 | (lambda* (#:key outputs #:allow-other-keys) | |
366 | (let* ((out (assoc-ref outputs "out")) | |
367 | (bin (string-append out "/bin"))) | |
368 | (mkdir-p bin) | |
369 | #t)))))) | |
370 | (home-page "https://github.com/schnabear/eschalot") | |
371 | (synopsis "Tor hidden service name generator") | |
372 | (description | |
373 | "Eschalot is a tor hidden service name generator, it allows one to | |
374 | produce customized vanity .onion addresses using a brute-force method. Searches | |
375 | for valid names can be run with regular expressions and wordlists. For the | |
376 | generation of wordlists the included tool @code{worgen} can be used. There is | |
377 | no man page, refer to the home page for usage details.") | |
378 | (license (list license:isc license:expat))))) | |
2e3f1851 EB |
379 | |
380 | (define-public tomb | |
381 | (package | |
382 | (name "tomb") | |
1a16b925 | 383 | (version "2.5") |
2e3f1851 EB |
384 | (source (origin |
385 | (method url-fetch) | |
386 | (uri (string-append "https://files.dyne.org/tomb/" | |
8ca2cb58 | 387 | "Tomb-" version ".tar.gz")) |
2e3f1851 EB |
388 | (sha256 |
389 | (base32 | |
1a16b925 | 390 | "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc")))) |
2e3f1851 | 391 | (build-system gnu-build-system) |
d56c55ff | 392 | (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase |
2e3f1851 EB |
393 | (inputs |
394 | `(("zsh" ,zsh) | |
2e3f1851 EB |
395 | ("gnupg" ,gnupg) |
396 | ("cryptsetup" ,cryptsetup) | |
397 | ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4 | |
7c90d0f4 | 398 | ("gettext" ,gettext-minimal) ;used at runtime |
2e3f1851 EB |
399 | ("mlocate" ,mlocate) |
400 | ("pinentry" ,pinentry) | |
401 | ("qrencode" ,qrencode) | |
1a16b925 TGR |
402 | ("steghide" ,steghide) |
403 | ("util-linux" ,util-linux))) | |
2e3f1851 EB |
404 | (arguments |
405 | `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
406 | ;; TODO: Build and install gtk and qt trays | |
407 | #:phases | |
408 | (modify-phases %standard-phases | |
409 | (delete 'configure) ;no configuration to be done | |
410 | (add-after 'install 'i18n | |
411 | (lambda* (#:key make-flags #:allow-other-keys) | |
635dd0cc TGR |
412 | (apply invoke "make" "-C" "extras/translations" |
413 | "install" make-flags) | |
414 | #t)) | |
2e3f1851 EB |
415 | (add-after 'install 'wrap |
416 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
417 | (let ((out (assoc-ref outputs "out"))) | |
418 | (wrap-program (string-append out "/bin/tomb") | |
419 | `("PATH" ":" prefix | |
420 | (,(string-append (assoc-ref inputs "mlocate") "/bin") | |
421 | ,@(map (lambda (program) | |
422 | (or (and=> (which program) dirname) | |
423 | (error "program not found:" program))) | |
424 | '("seq" "mkfs.ext4" "pinentry" "sudo" | |
425 | "gpg" "cryptsetup" "gettext" | |
1a16b925 | 426 | "qrencode" "steghide" "findmnt"))))) |
2e3f1851 EB |
427 | #t))) |
428 | (delete 'check) | |
429 | (add-after 'wrap 'check | |
430 | (lambda* (#:key outputs #:allow-other-keys) | |
431 | ;; Running the full tests requires sudo/root access for | |
432 | ;; cryptsetup, which is not available in the build environment. | |
433 | ;; But we can run `tomb dig` without root, so make sure that | |
434 | ;; works. TODO: It Would Be Nice to check the expected "index", | |
435 | ;; "search", "bury", and "exhume" features are available by | |
436 | ;; querying `tomb -h`. | |
437 | (let ((tomb (string-append (assoc-ref outputs "out") | |
438 | "/bin/tomb"))) | |
635dd0cc TGR |
439 | (invoke tomb "dig" "-s" "10" "secrets.tomb") |
440 | #t)))))) | |
9539016e | 441 | (home-page "https://www.dyne.org/software/tomb") |
2e3f1851 EB |
442 | (synopsis "File encryption for secret data") |
443 | (description | |
444 | "Tomb is an application to manage the creation and access of encrypted | |
445 | storage files: it can be operated from commandline and it can integrate with a | |
446 | user's graphical desktop.") | |
447 | (license license:gpl3+))) | |
9381a02a LF |
448 | |
449 | (define-public scrypt | |
450 | (package | |
451 | (name "scrypt") | |
6c067a3f | 452 | (version "1.2.1") |
9381a02a LF |
453 | (source |
454 | (origin | |
455 | (method url-fetch) | |
456 | (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-" | |
457 | version ".tgz")) | |
458 | (sha256 | |
459 | (base32 | |
6c067a3f | 460 | "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6")))) |
9381a02a LF |
461 | (build-system gnu-build-system) |
462 | (arguments | |
463 | `(#:phases (modify-phases %standard-phases | |
464 | (add-after 'unpack 'patch-command-invocations | |
465 | (lambda _ | |
466 | (substitute* "Makefile.in" | |
467 | (("command -p") "")) | |
468 | #t)) | |
469 | (add-after 'install 'install-docs | |
470 | (lambda* (#:key outputs #:allow-other-keys) | |
471 | (let* ((out (assoc-ref %outputs "out")) | |
472 | (misc (string-append out "/share/doc/scrypt"))) | |
473 | (install-file "FORMAT" misc) | |
474 | #t)))))) | |
475 | (inputs | |
476 | `(("openssl" ,openssl))) | |
477 | (home-page "https://www.tarsnap.com/scrypt.html") | |
478 | (synopsis "Memory-hard encryption tool based on scrypt") | |
479 | (description "This packages provides a simple password-based encryption | |
480 | utility as a demonstration of the @code{scrypt} key derivation function. | |
481 | @code{Scrypt} is designed to be far more resistant against hardware brute-force | |
482 | attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") | |
483 | (license license:bsd-2))) | |
09c36743 | 484 | |
84be0e9a NG |
485 | (define-public libscrypt |
486 | (package | |
487 | (name "libscrypt") | |
488 | (version "1.21") | |
489 | (source | |
490 | (origin | |
491 | (method git-fetch) | |
492 | (uri (git-reference | |
493 | (url "https://github.com/technion/libscrypt.git") | |
494 | (commit (string-append "v" version)))) | |
495 | (file-name (git-file-name name version)) | |
496 | (sha256 | |
497 | (base32 | |
498 | "1d76ys6cp7fi4ng1w3mz2l0p9dbr7ljbk33dcywyimzjz8bahdng")))) | |
499 | (build-system gnu-build-system) | |
500 | (arguments | |
501 | `(#:make-flags (list (string-append "PREFIX=" %output) | |
502 | "CC=gcc") | |
503 | #:phases | |
504 | (modify-phases %standard-phases | |
505 | (delete 'configure)))) | |
506 | (home-page "https://lolware.net/libscrypt.html") | |
507 | (synopsis "Password hashing library") | |
508 | (description "@code{libscrypt} implements @code{scrypt} key derivation | |
509 | function. It is designed to be far more secure against hardware brute-force | |
510 | attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") | |
511 | (license license:bsd-3))) | |
512 | ||
d96e162a RW |
513 | (define-public perl-math-random-isaac-xs |
514 | (package | |
515 | (name "perl-math-random-isaac-xs") | |
516 | (version "1.004") | |
517 | (source | |
518 | (origin | |
519 | (method url-fetch) | |
520 | (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/" | |
521 | "Math-Random-ISAAC-XS-" version ".tar.gz")) | |
522 | (sha256 | |
523 | (base32 | |
524 | "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws")))) | |
525 | (build-system perl-build-system) | |
526 | (native-inputs | |
527 | `(("perl-module-build" ,perl-module-build) | |
528 | ("perl-test-nowarnings" ,perl-test-nowarnings))) | |
9aba9b12 | 529 | (home-page "https://metacpan.org/release/Math-Random-ISAAC-XS") |
d96e162a RW |
530 | (synopsis "C implementation of the ISAAC PRNG algorithm") |
531 | (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a | |
532 | fast pseudo-random number generator. It is suitable for applications where a | |
533 | significant amount of random data needs to be produced quickly, such as | |
534 | solving using the Monte Carlo method or for games. The results are uniformly | |
535 | distributed, unbiased, and unpredictable unless you know the seed. | |
536 | ||
537 | This package implements the same interface as @code{Math::Random::ISAAC}.") | |
538 | (license license:public-domain))) | |
649238cb RW |
539 | |
540 | (define-public perl-math-random-isaac | |
541 | (package | |
542 | (name "perl-math-random-isaac") | |
543 | (version "1.004") | |
544 | (source | |
545 | (origin | |
546 | (method url-fetch) | |
547 | (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/" | |
548 | "Math-Random-ISAAC-" version ".tar.gz")) | |
549 | (sha256 | |
550 | (base32 | |
551 | "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7")))) | |
552 | (build-system perl-build-system) | |
553 | (native-inputs | |
554 | `(("perl-test-nowarnings" ,perl-test-nowarnings))) | |
555 | (propagated-inputs | |
556 | `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs))) | |
9aba9b12 | 557 | (home-page "https://metacpan.org/release/Math-Random-ISAAC") |
649238cb RW |
558 | (synopsis "Perl interface to the ISAAC PRNG algorithm") |
559 | (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a | |
560 | fast pseudo-random number generator. It is suitable for applications where a | |
561 | significant amount of random data needs to be produced quickly, such as | |
562 | solving using the Monte Carlo method or for games. The results are uniformly | |
563 | distributed, unbiased, and unpredictable unless you know the seed. | |
564 | ||
565 | This package provides a Perl interface to the ISAAC pseudo random number | |
566 | generator.") | |
567 | (license license:public-domain))) | |
2023b79f RW |
568 | |
569 | (define-public perl-crypt-random-source | |
570 | (package | |
571 | (name "perl-crypt-random-source") | |
572 | (version "0.12") | |
573 | (source | |
574 | (origin | |
575 | (method url-fetch) | |
576 | (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/" | |
577 | "Crypt-Random-Source-" version ".tar.gz")) | |
578 | (sha256 | |
579 | (base32 | |
580 | "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h")))) | |
581 | (build-system perl-build-system) | |
582 | (native-inputs | |
583 | `(("perl-module-build-tiny" ,perl-module-build-tiny) | |
584 | ("perl-test-exception" ,perl-test-exception))) | |
585 | (propagated-inputs | |
586 | `(("perl-capture-tiny" ,perl-capture-tiny) | |
587 | ("perl-module-find" ,perl-module-find) | |
588 | ("perl-module-runtime" ,perl-module-runtime) | |
589 | ("perl-moo" ,perl-moo) | |
590 | ("perl-namespace-clean" ,perl-namespace-clean) | |
591 | ("perl-sub-exporter" ,perl-sub-exporter) | |
592 | ("perl-type-tiny" ,perl-type-tiny))) | |
9aba9b12 | 593 | (home-page "https://metacpan.org/release/Crypt-Random-Source") |
2023b79f RW |
594 | (synopsis "Get weak or strong random data from pluggable sources") |
595 | (description "This module provides implementations for a number of | |
596 | byte-oriented sources of random data.") | |
8cb537ac | 597 | (license license:perl-license))) |
233f4f43 RW |
598 | |
599 | (define-public perl-math-random-secure | |
600 | (package | |
601 | (name "perl-math-random-secure") | |
602 | (version "0.080001") | |
603 | (source | |
604 | (origin | |
605 | (method url-fetch) | |
606 | (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/" | |
607 | "Math-Random-Secure-" version ".tar.gz")) | |
608 | (sha256 | |
609 | (base32 | |
610 | "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z")))) | |
611 | (build-system perl-build-system) | |
612 | (native-inputs | |
613 | `(("perl-list-moreutils" ,perl-list-moreutils) | |
614 | ("perl-test-leaktrace" ,perl-test-leaktrace) | |
615 | ("perl-test-sharedfork" ,perl-test-sharedfork) | |
616 | ("perl-test-warn" ,perl-test-warn))) | |
617 | (inputs | |
618 | `(("perl-crypt-random-source" ,perl-crypt-random-source) | |
619 | ("perl-math-random-isaac" ,perl-math-random-isaac) | |
620 | ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs) | |
621 | ("perl-moo" ,perl-moo))) | |
9aba9b12 | 622 | (home-page "https://metacpan.org/release/Math-Random-Secure") |
233f4f43 RW |
623 | (synopsis "Cryptographically secure replacement for rand()") |
624 | (description "This module is intended to provide a | |
625 | cryptographically-secure replacement for Perl's built-in @code{rand} function. | |
626 | \"Crytographically secure\", in this case, means: | |
627 | ||
628 | @enumerate | |
629 | @item No matter how many numbers you see generated by the random number | |
630 | generator, you cannot guess the future numbers, and you cannot guess the seed. | |
631 | @item There are so many possible seeds that it would take decades, centuries, | |
8d0d1447 | 632 | or millennia for an attacker to try them all. |
233f4f43 RW |
633 | @item The seed comes from a source that generates relatively strong random |
634 | data on your platform, so the seed itself will be as random as possible. | |
635 | @end enumerate\n") | |
636 | (license license:artistic2.0))) | |
f0f6f9f6 | 637 | |
de98f4ed PL |
638 | (define-public crypto++ |
639 | (package | |
640 | (name "crypto++") | |
6ca15c9e | 641 | (version "6.0.0") |
de98f4ed PL |
642 | (source (origin |
643 | (method url-fetch/zipbomb) | |
644 | (uri (string-append "https://cryptopp.com/cryptopp" | |
645 | (string-join (string-split version #\.) "") | |
646 | ".zip")) | |
647 | (sha256 | |
648 | (base32 | |
6ca15c9e | 649 | "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34")))) |
de98f4ed PL |
650 | (build-system gnu-build-system) |
651 | (arguments | |
652 | `(#:make-flags | |
653 | (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
654 | #:phases | |
655 | (modify-phases %standard-phases | |
c300cae6 TGR |
656 | (add-after 'unpack 'disable-native-optimisation |
657 | ;; This package installs more than just headers. Ensure that the | |
658 | ;; cryptest.exe binary & static library aren't CPU model specific. | |
659 | (lambda _ | |
660 | (substitute* "GNUmakefile" | |
661 | ((" -march=native") "")) | |
662 | #t)) | |
de98f4ed PL |
663 | (delete 'configure)))) |
664 | (native-inputs | |
665 | `(("unzip" ,unzip))) | |
666 | (home-page "https://cryptopp.com/") | |
667 | (synopsis "C++ class library of cryptographic schemes") | |
668 | (description "Crypto++ is a C++ class library of cryptographic schemes.") | |
669 | ;; The compilation is distributed under the Boost license; the individual | |
670 | ;; files in the compilation are in the public domain. | |
671 | (license (list license:boost1.0 license:public-domain)))) | |
60e95297 | 672 | |
c6220b13 | 673 | (define-public libb2 |
e9997e47 MB |
674 | (package |
675 | (name "libb2") | |
676 | (version "0.98") | |
677 | (source (origin | |
678 | (method url-fetch) | |
679 | (uri (string-append | |
680 | "https://github.com/BLAKE2/libb2/releases/download/v" | |
681 | version "/libb2-" version ".tar.gz")) | |
682 | (sha256 | |
683 | (base32 | |
684 | "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8")))) | |
685 | (build-system gnu-build-system) | |
686 | (arguments | |
687 | `(#:configure-flags | |
688 | (list | |
689 | ,@(if (any (cute string-prefix? <> (or (%current-system) | |
690 | (%current-target-system))) | |
691 | '("x86_64" "i686")) | |
692 | ;; fat only checks for Intel optimisations | |
693 | '("--enable-fat") | |
694 | '()) | |
695 | "--disable-native"))) ;don't optimise at build time | |
696 | (home-page "https://blake2.net/") | |
697 | (synopsis "Library implementing the BLAKE2 family of hash functions") | |
698 | (description | |
699 | "libb2 is a portable implementation of the BLAKE2 family of cryptographic | |
c6220b13 TGR |
700 | hash functions. It includes optimised implementations for IA-32 and AMD64 |
701 | processors, and an interface layer that automatically selects the best | |
702 | implementation for the processor it is run on. | |
703 | ||
704 | @dfn{BLAKE2} (RFC 7693) is a family of high-speed cryptographic hash functions | |
705 | that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure | |
706 | as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist | |
707 | BLAKE.") | |
e9997e47 | 708 | (license license:public-domain))) |
a21eb019 AI |
709 | |
710 | (define-public rhash | |
711 | (package | |
712 | (name "rhash") | |
53bed209 | 713 | (version "1.3.6") |
a21eb019 AI |
714 | (source |
715 | (origin | |
716 | (method url-fetch) | |
717 | (uri (string-append "https://github.com/rhash/RHash/archive/v" | |
718 | version ".tar.gz")) | |
719 | (file-name (string-append name "-" version ".tar.gz")) | |
720 | (sha256 | |
721 | (base32 | |
53bed209 | 722 | "14ngzfgmd1lfp7m78sn49x8ymf2s37nrr67c6p5vas85nrrgjkcn")))) |
a21eb019 AI |
723 | (build-system gnu-build-system) |
724 | (arguments | |
53bed209 TGR |
725 | `(#:make-flags |
726 | ;; The binaries in /bin need some help finding librhash.so.0. | |
727 | (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")) | |
728 | #:test-target "test" ; ‘make check’ just checks the sources | |
a21eb019 AI |
729 | #:phases |
730 | (modify-phases %standard-phases | |
731 | (replace 'configure | |
53bed209 TGR |
732 | ;; ./configure is not GNU autotools' and doesn't gracefully handle |
733 | ;; unrecognized options, so we must call it manually. | |
a21eb019 | 734 | (lambda* (#:key outputs #:allow-other-keys) |
53bed209 TGR |
735 | (invoke "./configure" |
736 | (string-append "--prefix=" (assoc-ref outputs "out"))))) | |
737 | (add-after 'install 'install-library-extras | |
952a20d2 | 738 | (lambda* (#:key make-flags #:allow-other-keys) |
a21eb019 | 739 | (apply invoke |
53bed209 TGR |
740 | "make" "-C" "librhash" |
741 | "install-headers" "install-so-link" | |
742 | make-flags)))))) | |
a21eb019 AI |
743 | (home-page "https://sourceforge.net/projects/rhash/") |
744 | (synopsis "Utility for computing hash sums") | |
745 | (description "RHash is a console utility for calculation and verification | |
746 | of magnet links and a wide range of hash sums like CRC32, MD4, MD5, SHA1, | |
747 | SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R | |
748 | 34.11-94, RIPEMD-160, HAS-160, EDON-R, Whirlpool and Snefru.") | |
749 | (license (license:non-copyleft "file://COPYING")))) | |
b6beda1d LF |
750 | |
751 | (define-public botan | |
752 | (package | |
753 | (name "botan") | |
cfe25568 | 754 | (version "2.7.0") |
b6beda1d LF |
755 | (source (origin |
756 | (method url-fetch) | |
757 | (uri (string-append "https://botan.randombit.net/releases/" | |
758 | "Botan-" version ".tgz")) | |
759 | (sha256 | |
760 | (base32 | |
cfe25568 | 761 | "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4")))) |
b6beda1d LF |
762 | (build-system gnu-build-system) |
763 | (arguments | |
764 | '(#:phases | |
765 | (modify-phases %standard-phases | |
b6beda1d LF |
766 | (replace 'configure |
767 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
768 | (let* ((out (assoc-ref %outputs "out")) | |
769 | (lib (string-append out "/lib"))) | |
770 | (invoke "python" "./configure.py" | |
771 | (string-append "--prefix=" out) | |
772 | ;; Otherwise, the `botan` executable cannot find | |
773 | ;; libbotan. | |
774 | (string-append "--ldflags=-Wl,-rpath=" lib) | |
775 | "--with-rst2man" | |
776 | ;; Recommended by upstream | |
777 | "--with-zlib" "--with-bzip2" "--with-sqlite3")))) | |
778 | (replace 'check | |
779 | (lambda _ (invoke "./botan-test")))))) | |
780 | (native-inputs | |
781 | `(("python" ,python-minimal-wrapper) | |
782 | ("python-docutils" ,python-docutils))) | |
783 | (inputs | |
784 | `(("sqlite" ,sqlite) | |
785 | ("bzip2" ,bzip2) | |
786 | ("zlib" ,zlib))) | |
787 | (synopsis "Cryptographic library in C++11") | |
788 | (description "Botan is a cryptography library, written in C++11, offering | |
789 | the tools necessary to implement a range of practical systems, such as TLS/DTLS, | |
790 | PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, | |
791 | and post-quantum crypto schemes. In addition to the C++, botan has a C89 API | |
792 | specifically designed to be easy to call from other languages. A Python binding | |
793 | using ctypes is included, and several other language bindings are available.") | |
794 | (home-page "https://botan.randombit.net") | |
795 | (license license:bsd-2))) | |
0cfc168b PN |
796 | |
797 | (define-public ccrypt | |
798 | (package | |
799 | (name "ccrypt") | |
fc79867d | 800 | (version "1.11") |
0cfc168b PN |
801 | (source (origin |
802 | (method url-fetch) | |
fc79867d | 803 | (uri (string-append "mirror://sourceforge/ccrypt/" |
0cfc168b PN |
804 | version "/ccrypt-" version ".tar.gz")) |
805 | (sha256 | |
806 | (base32 | |
fc79867d | 807 | "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i")))) |
0cfc168b PN |
808 | (build-system gnu-build-system) |
809 | (home-page "http://ccrypt.sourceforge.net") | |
810 | (synopsis "Command-line utility for encrypting and decrypting files and streams") | |
811 | (description "@command{ccrypt} is a utility for encrypting and decrypting | |
812 | files and streams. It was designed as a replacement for the standard unix | |
813 | @command{crypt} utility, which is notorious for using a very weak encryption | |
814 | algorithm. @command{ccrypt} is based on the Rijndael block cipher, a version of | |
815 | which is also used in the Advanced Encryption Standard (AES, see | |
816 | @url{http://www.nist.gov/aes}). This cipher is believed to provide very strong | |
817 | security.") | |
818 | (license license:gpl2))) | |
de15ff1a LF |
819 | |
820 | (define-public asignify | |
821 | (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5") | |
822 | (revision "0")) | |
823 | (package | |
824 | (name "asignify") | |
825 | (version (git-version "1.1" revision commit)) | |
826 | (source (origin | |
827 | (method git-fetch) | |
828 | (uri (git-reference | |
829 | (url "https://github.com/vstakhov/asignify.git") | |
830 | (commit commit))) | |
831 | (file-name (git-file-name name version)) | |
832 | (sha256 | |
833 | (base32 | |
834 | "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw")))) | |
835 | (build-system gnu-build-system) | |
836 | (arguments | |
837 | `(#:configure-flags | |
838 | (list "--enable-openssl" | |
839 | (string-append "--with-openssl=" | |
840 | (assoc-ref %build-inputs "openssl"))))) | |
841 | (native-inputs | |
842 | `(("autoconf" ,autoconf) | |
843 | ("automake" ,automake) | |
844 | ("libtool" ,libtool))) | |
845 | (inputs | |
846 | `(("openssl" ,openssl-next))) | |
847 | (home-page "https://github.com/vstakhov/asignify") | |
848 | (synopsis "Cryptographic authentication and encryption tool and library") | |
849 | (description "Asignify offers public cryptographic signatures and | |
850 | encryption with a library or a command-line tool. The tool is heavily inspired | |
851 | by signify as used in OpenBSD. The main goal of this project is to define a | |
852 | high level API for signing files, validating signatures and encrypting using | |
853 | public-key cryptography. Asignify is designed to be portable and self-contained | |
854 | with zero external dependencies. Asignify can verify OpenBSD signatures, but it | |
855 | cannot sign messages in OpenBSD format yet.") | |
856 | (license license:bsd-2)))) |