Commit | Line | Data |
---|---|---|
80b77646 DT |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2014 David Thompson <davet@gnu.org> | |
b0cf606f | 3 | ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> |
9381a02a | 4 | ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> |
893d963a | 5 | ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox> |
fb8a5d63 | 6 | ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr> |
6fabb196 | 7 | ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> |
2e3f1851 | 8 | ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org> |
80b77646 DT |
9 | ;;; |
10 | ;;; This file is part of GNU Guix. | |
11 | ;;; | |
12 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
13 | ;;; under the terms of the GNU General Public License as published by | |
14 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
15 | ;;; your option) any later version. | |
16 | ;;; | |
17 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
18 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ;;; GNU General Public License for more details. | |
21 | ;;; | |
22 | ;;; You should have received a copy of the GNU General Public License | |
23 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
24 | ||
25 | (define-module (gnu packages crypto) | |
26 | #:use-module (gnu packages) | |
2e3f1851 EB |
27 | #:use-module (gnu packages admin) |
28 | #:use-module (gnu packages aidc) | |
b6f87ec0 | 29 | #:use-module (gnu packages attr) |
893d963a | 30 | #:use-module (gnu packages autotools) |
fb8a5d63 | 31 | #:use-module (gnu packages boost) |
2e3f1851 | 32 | #:use-module (gnu packages cryptsetup) |
fb8a5d63 | 33 | #:use-module (gnu packages gettext) |
2e3f1851 EB |
34 | #:use-module (gnu packages gnupg) |
35 | #:use-module (gnu packages image) | |
f1876bfc LF |
36 | #:use-module (gnu packages pkg-config) |
37 | #:use-module (gnu packages libbsd) | |
fb8a5d63 | 38 | #:use-module (gnu packages linux) |
893d963a LG |
39 | #:use-module (gnu packages nettle) |
40 | #:use-module (gnu packages password-utils) | |
fb8a5d63 | 41 | #:use-module (gnu packages perl) |
893d963a | 42 | #:use-module (gnu packages readline) |
2e3f1851 | 43 | #:use-module (gnu packages search) |
893d963a | 44 | #:use-module (gnu packages serialization) |
19b2ea1b | 45 | #:use-module (gnu packages shells) |
b6f87ec0 | 46 | #:use-module (gnu packages tcl) |
893d963a | 47 | #:use-module (gnu packages tls) |
b6f87ec0 | 48 | #:use-module (gnu packages xml) |
7fb18f57 | 49 | #:use-module ((guix licenses) #:prefix license:) |
80b77646 DT |
50 | #:use-module (guix packages) |
51 | #:use-module (guix download) | |
6fabb196 | 52 | #:use-module (guix git-download) |
b6f87ec0 | 53 | #:use-module (guix build-system cmake) |
80b77646 DT |
54 | #:use-module (guix build-system gnu)) |
55 | ||
56 | (define-public libsodium | |
57 | (package | |
58 | (name "libsodium") | |
b46cefc9 | 59 | (version "1.0.11") |
80b77646 DT |
60 | (source (origin |
61 | (method url-fetch) | |
4150ac88 LF |
62 | (uri (list (string-append |
63 | "http://download.libsodium.org/libsodium/" | |
64 | "releases/libsodium-" version ".tar.gz") | |
65 | (string-append | |
66 | "https://download.libsodium.org/libsodium/" | |
67 | "releases/old/libsodium-" version ".tar.gz"))) | |
80b77646 DT |
68 | (sha256 |
69 | (base32 | |
b46cefc9 | 70 | "0rf7z6bgpnf8lyz8sph4h43fbb28pmj4dgybf0hsxxj97kdljid1")))) |
80b77646 DT |
71 | (build-system gnu-build-system) |
72 | (synopsis "Portable NaCl-based crypto library") | |
73 | (description | |
35b9e423 | 74 | "Sodium is a new easy-to-use high-speed software library for network |
80b77646 | 75 | communication, encryption, decryption, signatures, etc.") |
7fb18f57 | 76 | (license license:isc) |
fddb6409 | 77 | (home-page "http://libsodium.org"))) |
f1876bfc LF |
78 | |
79 | (define-public signify | |
80 | (package | |
81 | (name "signify") | |
27d7c4e9 | 82 | (version "20") |
f1876bfc LF |
83 | (source (origin |
84 | (method url-fetch) | |
85 | (uri (string-append "https://github.com/aperezdc/signify/" | |
86 | "archive/v" version ".tar.gz")) | |
87 | (file-name (string-append name "-" version ".tar.gz")) | |
88 | (sha256 | |
89 | (base32 | |
27d7c4e9 | 90 | "08my2kbbjdal9z6c1fykgr9zpixh694fw42lyiaci01a7i50zp4r")))) |
f1876bfc LF |
91 | (build-system gnu-build-system) |
92 | ;; TODO Build with libwaive (described in README.md), to implement something | |
93 | ;; like OpenBSD's pledge(). | |
94 | (arguments | |
95 | `(#:tests? #f ; no test suite | |
96 | #:make-flags | |
97 | (list "CC=gcc" | |
98 | (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
99 | #:phases | |
100 | (modify-phases %standard-phases | |
101 | (delete 'configure)))) | |
102 | (native-inputs | |
103 | `(("pkg-config" ,pkg-config))) | |
104 | (inputs | |
105 | `(("libbsd" ,libbsd))) | |
106 | (synopsis "Create and verify cryptographic signatures") | |
107 | (description "The signify utility creates and verifies cryptographic | |
108 | signatures using the elliptic curve Ed25519. This is a Linux port of the | |
109 | OpenBSD tool of the same name.") | |
110 | (home-page "https://github.com/aperezdc/signify") | |
111 | ;; This package includes third-party code that was originally released under | |
112 | ;; various non-copyleft licenses. See the source files for clarification. | |
7fb18f57 TGR |
113 | (license (list license:bsd-3 license:bsd-4 license:expat license:isc |
114 | license:public-domain (license:non-copyleft | |
115 | "file://base64.c" | |
116 | "See base64.c in the distribution for | |
117 | the license from IBM."))))) | |
893d963a LG |
118 | |
119 | ||
120 | (define-public opendht | |
121 | (package | |
122 | (name "opendht") | |
123 | (version "0.6.1") | |
124 | (source | |
125 | (origin | |
126 | (method url-fetch) | |
127 | (uri | |
128 | (string-append | |
129 | "https://github.com/savoirfairelinux/" name | |
130 | "/archive/" version ".tar.gz")) | |
131 | (file-name (string-append name "-" version ".tar.gz")) | |
132 | (modules '((guix build utils))) | |
133 | (snippet | |
134 | '(begin | |
135 | (delete-file-recursively "src/argon2") | |
136 | (substitute* "src/Makefile.am" | |
137 | (("./argon2/libargon2.la") "") | |
138 | (("SUBDIRS = argon2") "")) | |
139 | (substitute* "src/crypto.cpp" | |
140 | (("argon2/argon2.h") "argon2.h")) | |
141 | (substitute* "configure.ac" | |
142 | (("src/argon2/Makefile") "")))) | |
143 | (sha256 | |
144 | (base32 | |
145 | "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x")))) | |
146 | (build-system gnu-build-system) | |
147 | (inputs | |
148 | `(("gnutls" ,gnutls) | |
149 | ("nettle" ,nettle) | |
893d963a LG |
150 | ("readline" ,readline) |
151 | ("argon2" ,argon2))) | |
615c9990 LG |
152 | (propagated-inputs |
153 | `(("msgpack" ,msgpack))) ;included in several installed headers | |
893d963a LG |
154 | (native-inputs |
155 | `(("autoconf" ,autoconf) | |
156 | ("pkg-config" ,pkg-config) | |
157 | ("automake" ,automake) | |
158 | ("libtool" ,libtool))) | |
159 | (arguments | |
160 | `(#:configure-flags '("--disable-tools" "--disable-python") | |
161 | #:phases (modify-phases %standard-phases | |
162 | (add-before 'configure 'autoconf | |
163 | (lambda _ | |
164 | (zero? (system* "autoreconf" "-vfi"))))))) | |
165 | (home-page "https://github.com/savoirfairelinux/opendht/") | |
166 | (synopsis "Distributed Hash Table (DHT) library") | |
167 | (description "OpenDHT is a Distributed Hash Table (DHT) library. It may | |
168 | be used to manage peer-to-peer network connections as needed for real time | |
169 | communication.") | |
7fb18f57 | 170 | (license license:gpl3))) |
fb8a5d63 | 171 | |
fb8a5d63 TGR |
172 | (define-public encfs |
173 | (package | |
174 | (name "encfs") | |
ffabdc18 | 175 | (version "1.9.1") |
fb8a5d63 TGR |
176 | (source |
177 | (origin | |
178 | (method url-fetch) | |
179 | (uri | |
180 | (string-append "https://github.com/vgough/encfs/releases/download/v" | |
181 | version "/encfs-" version ".tar.gz")) | |
182 | (sha256 | |
183 | (base32 | |
ffabdc18 | 184 | "1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837")) |
b6f87ec0 TGR |
185 | (modules '((guix build utils))) |
186 | ;; Remove bundled dependencies in favour of proper inputs. | |
187 | (snippet '(for-each delete-file-recursively | |
188 | (find-files "internal" "^tinyxml2-[0-9]" | |
189 | #:directories? #t))))) | |
190 | (build-system cmake-build-system) | |
fb8a5d63 | 191 | (native-inputs |
79355ae3 | 192 | `(("gettext" ,gettext-minimal) |
b6f87ec0 TGR |
193 | |
194 | ;; Test dependencies. | |
195 | ("expect" ,expect) | |
196 | ("perl" ,perl))) | |
fb8a5d63 | 197 | (inputs |
b6f87ec0 | 198 | `(("attr" ,attr) |
fb8a5d63 TGR |
199 | ("fuse" ,fuse) |
200 | ("openssl" ,openssl) | |
b6f87ec0 TGR |
201 | ("tinyxml2" ,tinyxml2))) |
202 | (arguments | |
203 | `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF"))) | |
fb8a5d63 TGR |
204 | (home-page "https://vgough.github.io/encfs") |
205 | (synopsis "Encrypted virtual file system") | |
206 | (description | |
207 | "EncFS creates a virtual encrypted file system in user-space. Each file | |
208 | created under an EncFS mount point is stored as a separate encrypted file on | |
209 | the underlying file system. Like most encrypted file systems, EncFS is meant | |
210 | to provide security against off-line attacks, such as a drive falling into | |
211 | the wrong hands.") | |
b6f87ec0 TGR |
212 | (license (list license:expat ; internal/easylogging++.h |
213 | license:lgpl3+ ; encfs library | |
214 | license:gpl3+)))) ; command-line tools | |
279d902b TGR |
215 | |
216 | (define-public keyutils | |
217 | (package | |
218 | (name "keyutils") | |
219 | (version "1.5.9") | |
220 | (source | |
221 | (origin | |
222 | (method url-fetch) | |
223 | (uri | |
224 | (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-" | |
225 | version ".tar.bz2")) | |
226 | (sha256 | |
227 | (base32 | |
228 | "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd")) | |
229 | (modules '((guix build utils))) | |
230 | ;; Create relative symbolic links instead of absolute ones to /lib/* | |
231 | (snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/") | |
232 | "$(LNS) "))))) | |
233 | (build-system gnu-build-system) | |
234 | (arguments | |
235 | `(#:phases (modify-phases %standard-phases | |
236 | (delete 'configure)) ; no configure script | |
237 | #:make-flags (list "CC=gcc" | |
238 | "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)" | |
239 | (string-append "DESTDIR=" | |
240 | (assoc-ref %outputs "out")) | |
241 | "INCLUDEDIR=/include" | |
242 | "LIBDIR=/lib" | |
243 | "MANDIR=/share/man" | |
244 | "SHAREDIR=/share/keyutils") | |
245 | #:test-target "test")) | |
246 | (home-page "https://people.redhat.com/dhowells/keyutils/") | |
5b63a856 | 247 | (synopsis "Linux key management utilities") |
279d902b TGR |
248 | (description |
249 | "Keyutils is a set of utilities for managing the key retention facility in | |
250 | the Linux kernel, which can be used by file systems, block devices, and more to | |
251 | gain and retain the authorization and encryption keys required to perform | |
252 | secure operations. ") | |
253 | (license (list license:lgpl2.1+ ; the files keyutils.* | |
254 | license:gpl2+)))) ; the rest | |
6fabb196 | 255 | |
256 | ;; There is no release candidate but commits point out a version number, | |
257 | ;; furthermore no tarball exists. | |
258 | (define-public eschalot | |
259 | (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44") | |
260 | (revision "1")) | |
261 | (package | |
262 | (name "eschalot") | |
263 | (version (string-append "1.2.0-" revision "." (string-take commit 7))) | |
264 | (source | |
265 | (origin | |
266 | (method git-fetch) | |
267 | (uri (git-reference | |
268 | (url "https://github.com/schnabear/eschalot") | |
269 | (commit commit))) | |
270 | (file-name (string-append name "-" version)) | |
271 | (sha256 | |
272 | (base32 | |
273 | "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98")))) | |
274 | (inputs | |
275 | `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h | |
276 | (build-system gnu-build-system) | |
277 | (arguments | |
278 | `(#:make-flags (list "CC=gcc" | |
279 | (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
280 | (string-append "INSTALL=" "install")) | |
281 | ;; XXX: make test would run a !VERY! long hashing of names with the use | |
282 | ;; of a wordlist, the amount of computing time this would waste on build | |
283 | ;; servers is in no relation to the size or importance of this small | |
284 | ;; application, therefore we run our own tests on eschalot and worgen. | |
285 | #:phases | |
286 | (modify-phases %standard-phases | |
287 | (delete 'configure) | |
288 | (replace 'check | |
289 | (lambda _ | |
290 | (and | |
291 | (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt" | |
292 | "3-6" "top150adjectives.txt" "3-6")) | |
293 | (zero? (system* "./eschalot" "-r" "^guix|^guixsd")) | |
294 | (zero? (system* "./eschalot" "-r" "^gnu|^free")) | |
295 | (zero? (system* "./eschalot" "-r" "^cyber|^hack")) | |
296 | (zero? (system* "./eschalot" "-r" "^troll"))))) | |
297 | ;; Make install can not create the bin dir, create it. | |
298 | (add-before 'install 'create-bin-dir | |
299 | (lambda* (#:key outputs #:allow-other-keys) | |
300 | (let* ((out (assoc-ref outputs "out")) | |
301 | (bin (string-append out "/bin"))) | |
302 | (mkdir-p bin) | |
303 | #t)))))) | |
304 | (home-page "https://github.com/schnabear/eschalot") | |
305 | (synopsis "Tor hidden service name generator") | |
306 | (description | |
307 | "Eschalot is a tor hidden service name generator, it allows one to | |
308 | produce customized vanity .onion addresses using a brute-force method. Searches | |
309 | for valid names can be run with regular expressions and wordlists. For the | |
310 | generation of wordlists the included tool @code{worgen} can be used. There is | |
311 | no man page, refer to the home page for usage details.") | |
312 | (license (list license:isc license:expat))))) | |
2e3f1851 EB |
313 | |
314 | (define-public tomb | |
315 | (package | |
316 | (name "tomb") | |
8ca2cb58 | 317 | (version "2.3") |
2e3f1851 EB |
318 | (source (origin |
319 | (method url-fetch) | |
320 | (uri (string-append "https://files.dyne.org/tomb/" | |
8ca2cb58 | 321 | "Tomb-" version ".tar.gz")) |
2e3f1851 EB |
322 | (sha256 |
323 | (base32 | |
8ca2cb58 | 324 | "1j90ab8x4cf10167yw4cs4frz694gb0qwkhgqiz1ly7mnr8ysmby")))) |
2e3f1851 EB |
325 | (build-system gnu-build-system) |
326 | (inputs | |
327 | `(("zsh" ,zsh) | |
328 | ("sudo" ,sudo) | |
329 | ("gnupg" ,gnupg) | |
330 | ("cryptsetup" ,cryptsetup) | |
331 | ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4 | |
7c90d0f4 | 332 | ("gettext" ,gettext-minimal) ;used at runtime |
2e3f1851 EB |
333 | ("mlocate" ,mlocate) |
334 | ("pinentry" ,pinentry) | |
335 | ("qrencode" ,qrencode) | |
336 | ("steghide" ,steghide) | |
337 | ("swish-e" ,swish-e))) | |
338 | (arguments | |
339 | `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
340 | ;; TODO: Build and install gtk and qt trays | |
341 | #:phases | |
342 | (modify-phases %standard-phases | |
343 | (delete 'configure) ;no configuration to be done | |
344 | (add-after 'install 'i18n | |
345 | (lambda* (#:key make-flags #:allow-other-keys) | |
346 | (zero? (apply system* | |
347 | "make" "-C" "extras/translations" | |
348 | "install" make-flags)))) | |
349 | (add-after 'install 'wrap | |
350 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
351 | (let ((out (assoc-ref outputs "out"))) | |
352 | (wrap-program (string-append out "/bin/tomb") | |
353 | `("PATH" ":" prefix | |
354 | (,(string-append (assoc-ref inputs "mlocate") "/bin") | |
355 | ,@(map (lambda (program) | |
356 | (or (and=> (which program) dirname) | |
357 | (error "program not found:" program))) | |
358 | '("seq" "mkfs.ext4" "pinentry" "sudo" | |
359 | "gpg" "cryptsetup" "gettext" | |
360 | "qrencode" "steghide" "swish-e"))))) | |
361 | #t))) | |
362 | (delete 'check) | |
363 | (add-after 'wrap 'check | |
364 | (lambda* (#:key outputs #:allow-other-keys) | |
365 | ;; Running the full tests requires sudo/root access for | |
366 | ;; cryptsetup, which is not available in the build environment. | |
367 | ;; But we can run `tomb dig` without root, so make sure that | |
368 | ;; works. TODO: It Would Be Nice to check the expected "index", | |
369 | ;; "search", "bury", and "exhume" features are available by | |
370 | ;; querying `tomb -h`. | |
371 | (let ((tomb (string-append (assoc-ref outputs "out") | |
372 | "/bin/tomb"))) | |
373 | (zero? (system* tomb "dig" "-s" "10" "secrets.tomb")))))))) | |
374 | (home-page "http://www.dyne.org/software/tomb") | |
375 | (synopsis "File encryption for secret data") | |
376 | (description | |
377 | "Tomb is an application to manage the creation and access of encrypted | |
378 | storage files: it can be operated from commandline and it can integrate with a | |
379 | user's graphical desktop.") | |
380 | (license license:gpl3+))) | |
9381a02a LF |
381 | |
382 | (define-public scrypt | |
383 | (package | |
384 | (name "scrypt") | |
6c067a3f | 385 | (version "1.2.1") |
9381a02a LF |
386 | (source |
387 | (origin | |
388 | (method url-fetch) | |
389 | (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-" | |
390 | version ".tgz")) | |
391 | (sha256 | |
392 | (base32 | |
6c067a3f | 393 | "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6")))) |
9381a02a LF |
394 | (build-system gnu-build-system) |
395 | (arguments | |
396 | `(#:phases (modify-phases %standard-phases | |
397 | (add-after 'unpack 'patch-command-invocations | |
398 | (lambda _ | |
399 | (substitute* "Makefile.in" | |
400 | (("command -p") "")) | |
401 | #t)) | |
402 | (add-after 'install 'install-docs | |
403 | (lambda* (#:key outputs #:allow-other-keys) | |
404 | (let* ((out (assoc-ref %outputs "out")) | |
405 | (misc (string-append out "/share/doc/scrypt"))) | |
406 | (install-file "FORMAT" misc) | |
407 | #t)))))) | |
408 | (inputs | |
409 | `(("openssl" ,openssl))) | |
410 | (home-page "https://www.tarsnap.com/scrypt.html") | |
411 | (synopsis "Memory-hard encryption tool based on scrypt") | |
412 | (description "This packages provides a simple password-based encryption | |
413 | utility as a demonstration of the @code{scrypt} key derivation function. | |
414 | @code{Scrypt} is designed to be far more resistant against hardware brute-force | |
415 | attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") | |
416 | (license license:bsd-2))) |