[jackhill/guix/guix.git] / gnu / packages / crypto.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 David Thompson <davet@gnu.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages crypto)
  #:use-module (gnu packages)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages aidc)
  #:use-module (gnu packages attr)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages boost)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages image)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages libbsd)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages password-utils)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages readline)
  #:use-module (gnu packages search)
  #:use-module (gnu packages serialization)
  #:use-module (gnu packages shells)
  #:use-module (gnu packages tcl)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system cmake)
  #:use-module (guix build-system gnu))

(define-public libsodium
  (package
    (name "libsodium")
    (version "1.0.11")
    (source (origin
            (method url-fetch)
            (uri (list (string-append
                        "http://download.libsodium.org/libsodium/"
                        "releases/libsodium-" version ".tar.gz")
                       (string-append
                        "https://download.libsodium.org/libsodium/"
                        "releases/old/libsodium-" version ".tar.gz")))
            (sha256
             (base32
              "0rf7z6bgpnf8lyz8sph4h43fbb28pmj4dgybf0hsxxj97kdljid1"))))
    (build-system gnu-build-system)
    (synopsis "Portable NaCl-based crypto library")
    (description
     "Sodium is a new easy-to-use high-speed software library for network
communication, encryption, decryption, signatures, etc.")
    (license license:isc)
    (home-page "http://libsodium.org")))

(define-public signify
  (package
    (name "signify")
    (version "20")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/aperezdc/signify/"
                                  "archive/v" version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "08my2kbbjdal9z6c1fykgr9zpixh694fw42lyiaci01a7i50zp4r"))))
    (build-system gnu-build-system)
    ;; TODO Build with libwaive (described in README.md), to implement something
    ;; like OpenBSD's pledge().
    (arguments
     `(#:tests? #f ; no test suite
       #:make-flags
       (list "CC=gcc"
             (string-append "PREFIX=" (assoc-ref %outputs "out")))
       #:phases
       (modify-phases %standard-phases
         (delete 'configure))))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("libbsd" ,libbsd)))
    (synopsis "Create and verify cryptographic signatures")
    (description "The signify utility creates and verifies cryptographic
signatures using the elliptic curve Ed25519.  This is a Linux port of the
OpenBSD tool of the same name.")
    (home-page "https://github.com/aperezdc/signify")
    ;; This package includes third-party code that was originally released under
    ;; various non-copyleft licenses. See the source files for clarification.
    (license (list license:bsd-3 license:bsd-4 license:expat license:isc
                   license:public-domain (license:non-copyleft
                                          "file://base64.c"
                                          "See base64.c in the distribution for
                                           the license from IBM.")))))


(define-public opendht
  (package
    (name "opendht")
    (version "0.6.1")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append
         "https://github.com/savoirfairelinux/" name
         "/archive/" version ".tar.gz"))
       (file-name (string-append name "-" version ".tar.gz"))
       (modules '((guix build utils)))
       (snippet
        '(begin
           (delete-file-recursively "src/argon2")
           (substitute* "src/Makefile.am"
             (("./argon2/libargon2.la") "")
             (("SUBDIRS = argon2") ""))
           (substitute* "src/crypto.cpp"
             (("argon2/argon2.h") "argon2.h"))
           (substitute* "configure.ac"
             (("src/argon2/Makefile") ""))))
       (sha256
        (base32
         "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
    (build-system gnu-build-system)
    (inputs
     `(("gnutls" ,gnutls)
       ("nettle" ,nettle)
       ("readline" ,readline)
       ("argon2" ,argon2)))
    (propagated-inputs
     `(("msgpack" ,msgpack)))           ;included in several installed headers
    (native-inputs
     `(("autoconf" ,autoconf)
       ("pkg-config" ,pkg-config)
       ("automake" ,automake)
       ("libtool" ,libtool)))
    (arguments
     `(#:configure-flags '("--disable-tools" "--disable-python")
       #:phases (modify-phases %standard-phases
                  (add-before 'configure 'autoconf
                    (lambda _
                      (zero? (system* "autoreconf" "-vfi")))))))
    (home-page "https://github.com/savoirfairelinux/opendht/")
    (synopsis "Distributed Hash Table (DHT) library")
    (description "OpenDHT is a Distributed Hash Table (DHT) library.  It may
be used to manage peer-to-peer network connections as needed for real time
communication.")
    (license license:gpl3)))

(define-public encfs
  (package
    (name "encfs")
    (version "1.9.1")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append "https://github.com/vgough/encfs/releases/download/v"
                       version "/encfs-" version ".tar.gz"))
       (sha256
        (base32
         "1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837"))
       (modules '((guix build utils)))
       ;; Remove bundled dependencies in favour of proper inputs.
       (snippet '(for-each delete-file-recursively
                           (find-files "internal" "^tinyxml2-[0-9]"
                                       #:directories? #t)))))
    (build-system cmake-build-system)
    (native-inputs
     `(("gettext" ,gettext-minimal)

       ;; Test dependencies.
       ("expect" ,expect)
       ("perl" ,perl)))
    (inputs
     `(("attr" ,attr)
       ("fuse" ,fuse)
       ("openssl" ,openssl)
       ("tinyxml2" ,tinyxml2)))
    (arguments
     `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")))
    (home-page "https://vgough.github.io/encfs")
    (synopsis "Encrypted virtual file system")
    (description
     "EncFS creates a virtual encrypted file system in user-space.  Each file
created under an EncFS mount point is stored as a separate encrypted file on
the underlying file system.  Like most encrypted file systems, EncFS is meant
to provide security against off-line attacks, such as a drive falling into
the wrong hands.")
    (license (list license:expat                  ; internal/easylogging++.h
                   license:lgpl3+                 ; encfs library
                   license:gpl3+))))              ; command-line tools

(define-public keyutils
  (package
    (name "keyutils")
    (version "1.5.9")
    (source
     (origin
       (method url-fetch)
       (uri
        (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
                       version ".tar.bz2"))
       (sha256
        (base32
         "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"))
       (modules '((guix build utils)))
       ;; Create relative symbolic links instead of absolute ones to /lib/*
       (snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
                                          "$(LNS) ")))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases (modify-phases %standard-phases
                  (delete 'configure))          ; no configure script
       #:make-flags (list "CC=gcc"
                          "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
                          (string-append "DESTDIR="
                                         (assoc-ref %outputs "out"))
                          "INCLUDEDIR=/include"
                          "LIBDIR=/lib"
                          "MANDIR=/share/man"
                          "SHAREDIR=/share/keyutils")
       #:test-target "test"))
    (home-page "https://people.redhat.com/dhowells/keyutils/")
    (synopsis "Linux key management utilities")
    (description
     "Keyutils is a set of utilities for managing the key retention facility in
the Linux kernel, which can be used by file systems, block devices, and more to
gain and retain the authorization and encryption keys required to perform
secure operations. ")
    (license (list license:lgpl2.1+             ; the files keyutils.*
                   license:gpl2+))))            ; the rest

;; There is no release candidate but commits point out a version number,
;; furthermore no tarball exists.
(define-public eschalot
  (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
        (revision "1"))
    (package
      (name "eschalot")
      (version (string-append "1.2.0-" revision "." (string-take commit 7)))
      (source
       (origin
         (method git-fetch)
         (uri (git-reference
               (url "https://github.com/schnabear/eschalot")
               (commit commit)))
         (file-name (string-append name "-" version))
         (sha256
          (base32
           "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
      (inputs
       `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
      (build-system gnu-build-system)
      (arguments
       `(#:make-flags (list "CC=gcc"
                            (string-append "PREFIX=" (assoc-ref %outputs "out"))
                            (string-append "INSTALL=" "install"))
         ;; XXX: make test would run a !VERY! long hashing of names with the use
         ;; of a wordlist, the amount of computing time this would waste on build
         ;; servers is in no relation to the size or importance of this small
         ;; application, therefore we run our own tests on eschalot and worgen.
         #:phases
         (modify-phases %standard-phases
           (delete 'configure)
           (replace 'check
             (lambda _
               (and
                 (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
                                 "3-6" "top150adjectives.txt" "3-6"))
                 (zero? (system* "./eschalot" "-r" "^guix|^guixsd"))
                 (zero? (system* "./eschalot" "-r" "^gnu|^free"))
                 (zero? (system* "./eschalot" "-r" "^cyber|^hack"))
                 (zero? (system* "./eschalot" "-r" "^troll")))))
           ;; Make install can not create the bin dir, create it.
           (add-before 'install 'create-bin-dir
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (bin (string-append out "/bin")))
                 (mkdir-p bin)
                 #t))))))
      (home-page "https://github.com/schnabear/eschalot")
      (synopsis "Tor hidden service name generator")
      (description
       "Eschalot is a tor hidden service name generator, it allows one to
produce customized vanity .onion addresses using a brute-force method.  Searches
for valid names can be run with regular expressions and wordlists.  For the
generation of wordlists the included tool @code{worgen} can be used.  There is
no man page, refer to the home page for usage details.")
      (license (list license:isc license:expat)))))

(define-public tomb
  (package
    (name "tomb")
    (version "2.3")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://files.dyne.org/tomb/"
                                  "Tomb-" version ".tar.gz"))
              (sha256
               (base32
                "1j90ab8x4cf10167yw4cs4frz694gb0qwkhgqiz1ly7mnr8ysmby"))))
    (build-system gnu-build-system)
    (inputs
     `(("zsh" ,zsh)
       ("sudo" ,sudo)
       ("gnupg" ,gnupg)
       ("cryptsetup" ,cryptsetup)
       ("e2fsprogs" ,e2fsprogs)         ;for mkfs.ext4
       ("gettext" ,gettext-minimal)     ;used at runtime
       ("mlocate" ,mlocate)
       ("pinentry" ,pinentry)
       ("qrencode" ,qrencode)
       ("steghide" ,steghide)
       ("swish-e" ,swish-e)))
    (arguments
     `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
       ;; TODO: Build and install gtk and qt trays
       #:phases
       (modify-phases %standard-phases
         (delete 'configure)   ;no configuration to be done
         (add-after 'install 'i18n
           (lambda* (#:key make-flags #:allow-other-keys)
             (zero? (apply system*
                           "make" "-C" "extras/translations"
                           "install" make-flags))))
         (add-after 'install 'wrap
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (wrap-program (string-append out "/bin/tomb")
                 `("PATH" ":" prefix
                   (,(string-append (assoc-ref inputs "mlocate") "/bin")
                    ,@(map (lambda (program)
                             (or (and=> (which program) dirname)
                                 (error "program not found:" program)))
                           '("seq" "mkfs.ext4" "pinentry" "sudo"
                             "gpg" "cryptsetup" "gettext"
                             "qrencode" "steghide" "swish-e")))))
               #t)))
         (delete 'check)
         (add-after 'wrap 'check
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Running the full tests requires sudo/root access for
             ;; cryptsetup, which is not available in the build environment.
             ;; But we can run `tomb dig` without root, so make sure that
             ;; works.  TODO: It Would Be Nice to check the expected "index",
             ;; "search", "bury", and "exhume" features are available by
             ;; querying `tomb -h`.
             (let ((tomb (string-append (assoc-ref outputs "out")
                                        "/bin/tomb")))
               (zero? (system* tomb "dig" "-s" "10" "secrets.tomb"))))))))
    (home-page "http://www.dyne.org/software/tomb")
    (synopsis "File encryption for secret data")
    (description
     "Tomb is an application to manage the creation and access of encrypted
storage files: it can be operated from commandline and it can integrate with a
user's graphical desktop.")
    (license license:gpl3+)))

(define-public scrypt
  (package
    (name "scrypt")
    (version "1.2.1")
    (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
                            version ".tgz"))
        (sha256
         (base32
          "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases (modify-phases %standard-phases
        (add-after 'unpack 'patch-command-invocations
          (lambda _
            (substitute* "Makefile.in"
              (("command -p") ""))
            #t))
        (add-after 'install 'install-docs
          (lambda* (#:key outputs #:allow-other-keys)
            (let* ((out (assoc-ref %outputs "out"))
                   (misc (string-append out "/share/doc/scrypt")))
              (install-file "FORMAT" misc)
              #t))))))
    (inputs
     `(("openssl" ,openssl)))
    (home-page "https://www.tarsnap.com/scrypt.html")
    (synopsis "Memory-hard encryption tool based on scrypt")
    (description "This packages provides a simple password-based encryption
utility as a demonstration of the @code{scrypt} key derivation function.
@code{Scrypt} is designed to be far more resistant against hardware brute-force
attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
    (license license:bsd-2)))
Commit	Line	Data
80b77646 DT	1	;;; GNU Guix --- Functional package management for GNU
80b77646 DT	2	;;; Copyright © 2014 David Thompson <davet@gnu.org>
b0cf606f	3	;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
9381a02a	4	;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
893d963a	5	;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
fb8a5d63	6	;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
6fabb196	7	;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
2e3f1851	8	;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
80b77646 DT	9	;;;
	10	;;; This file is part of GNU Guix.
	11	;;;
	12	;;; GNU Guix is free software; you can redistribute it and/or modify it
	13	;;; under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 3 of the License, or (at
	15	;;; your option) any later version.
	16	;;;
	17	;;; GNU Guix is distributed in the hope that it will be useful, but
	18	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	24
	25	(define-module (gnu packages crypto)
	26	#:use-module (gnu packages)
2e3f1851 EB	27	#:use-module (gnu packages admin)
2e3f1851 EB	28	#:use-module (gnu packages aidc)
b6f87ec0	29	#:use-module (gnu packages attr)
893d963a	30	#:use-module (gnu packages autotools)
fb8a5d63	31	#:use-module (gnu packages boost)
2e3f1851	32	#:use-module (gnu packages cryptsetup)
fb8a5d63	33	#:use-module (gnu packages gettext)
2e3f1851 EB	34	#:use-module (gnu packages gnupg)
2e3f1851 EB	35	#:use-module (gnu packages image)
f1876bfc LF	36	#:use-module (gnu packages pkg-config)
f1876bfc LF	37	#:use-module (gnu packages libbsd)
fb8a5d63	38	#:use-module (gnu packages linux)
893d963a LG	39	#:use-module (gnu packages nettle)
893d963a LG	40	#:use-module (gnu packages password-utils)
fb8a5d63	41	#:use-module (gnu packages perl)
893d963a	42	#:use-module (gnu packages readline)
2e3f1851	43	#:use-module (gnu packages search)
893d963a	44	#:use-module (gnu packages serialization)
19b2ea1b	45	#:use-module (gnu packages shells)
b6f87ec0	46	#:use-module (gnu packages tcl)
893d963a	47	#:use-module (gnu packages tls)
b6f87ec0	48	#:use-module (gnu packages xml)
7fb18f57	49	#:use-module ((guix licenses) #:prefix license:)
80b77646 DT	50	#:use-module (guix packages)
80b77646 DT	51	#:use-module (guix download)
6fabb196	52	#:use-module (guix git-download)
b6f87ec0	53	#:use-module (guix build-system cmake)
80b77646 DT	54	#:use-module (guix build-system gnu))
	55
	56	(define-public libsodium
	57	(package
	58	(name "libsodium")
b46cefc9	59	(version "1.0.11")
80b77646 DT	60	(source (origin
80b77646 DT	61	(method url-fetch)
4150ac88 LF	62	(uri (list (string-append
	63	"http://download.libsodium.org/libsodium/"
	64	"releases/libsodium-" version ".tar.gz")
	65	(string-append
	66	"https://download.libsodium.org/libsodium/"
	67	"releases/old/libsodium-" version ".tar.gz")))
80b77646 DT	68	(sha256
80b77646 DT	69	(base32
b46cefc9	70	"0rf7z6bgpnf8lyz8sph4h43fbb28pmj4dgybf0hsxxj97kdljid1"))))
80b77646 DT	71	(build-system gnu-build-system)
	72	(synopsis "Portable NaCl-based crypto library")
	73	(description
35b9e423	74	"Sodium is a new easy-to-use high-speed software library for network
80b77646	75	communication, encryption, decryption, signatures, etc.")
7fb18f57	76	(license license:isc)
fddb6409	77	(home-page "http://libsodium.org")))
f1876bfc LF	78
	79	(define-public signify
	80	(package
	81	(name "signify")
27d7c4e9	82	(version "20")
f1876bfc LF	83	(source (origin
	84	(method url-fetch)
	85	(uri (string-append "https://github.com/aperezdc/signify/"
	86	"archive/v" version ".tar.gz"))
	87	(file-name (string-append name "-" version ".tar.gz"))
	88	(sha256
	89	(base32
27d7c4e9	90	"08my2kbbjdal9z6c1fykgr9zpixh694fw42lyiaci01a7i50zp4r"))))
f1876bfc LF	91	(build-system gnu-build-system)
	92	;; TODO Build with libwaive (described in README.md), to implement something
	93	;; like OpenBSD's pledge().
	94	(arguments
	95	`(#:tests? #f ; no test suite
	96	#:make-flags
	97	(list "CC=gcc"
	98	(string-append "PREFIX=" (assoc-ref %outputs "out")))
	99	#:phases
	100	(modify-phases %standard-phases
	101	(delete 'configure))))
	102	(native-inputs
	103	`(("pkg-config" ,pkg-config)))
	104	(inputs
	105	`(("libbsd" ,libbsd)))
	106	(synopsis "Create and verify cryptographic signatures")
	107	(description "The signify utility creates and verifies cryptographic
	108	signatures using the elliptic curve Ed25519. This is a Linux port of the
	109	OpenBSD tool of the same name.")
	110	(home-page "https://github.com/aperezdc/signify")
	111	;; This package includes third-party code that was originally released under
	112	;; various non-copyleft licenses. See the source files for clarification.
7fb18f57 TGR	113	(license (list license:bsd-3 license:bsd-4 license:expat license:isc
	114	license:public-domain (license:non-copyleft
	115	"file://base64.c"
	116	"See base64.c in the distribution for
	117	the license from IBM.")))))
893d963a LG	118
	119
	120	(define-public opendht
	121	(package
	122	(name "opendht")
	123	(version "0.6.1")
	124	(source
	125	(origin
	126	(method url-fetch)
	127	(uri
	128	(string-append
	129	"https://github.com/savoirfairelinux/" name
	130	"/archive/" version ".tar.gz"))
	131	(file-name (string-append name "-" version ".tar.gz"))
	132	(modules '((guix build utils)))
	133	(snippet
	134	'(begin
	135	(delete-file-recursively "src/argon2")
	136	(substitute* "src/Makefile.am"
	137	(("./argon2/libargon2.la") "")
	138	(("SUBDIRS = argon2") ""))
	139	(substitute* "src/crypto.cpp"
	140	(("argon2/argon2.h") "argon2.h"))
	141	(substitute* "configure.ac"
	142	(("src/argon2/Makefile") ""))))
	143	(sha256
	144	(base32
	145	"09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
	146	(build-system gnu-build-system)
	147	(inputs
	148	`(("gnutls" ,gnutls)
	149	("nettle" ,nettle)
893d963a LG	150	("readline" ,readline)
893d963a LG	151	("argon2" ,argon2)))
615c9990 LG	152	(propagated-inputs
615c9990 LG	153	`(("msgpack" ,msgpack))) ;included in several installed headers
893d963a LG	154	(native-inputs
	155	`(("autoconf" ,autoconf)
	156	("pkg-config" ,pkg-config)
	157	("automake" ,automake)
	158	("libtool" ,libtool)))
	159	(arguments
	160	`(#:configure-flags '("--disable-tools" "--disable-python")
	161	#:phases (modify-phases %standard-phases
	162	(add-before 'configure 'autoconf
	163	(lambda _
	164	(zero? (system* "autoreconf" "-vfi")))))))
	165	(home-page "https://github.com/savoirfairelinux/opendht/")
	166	(synopsis "Distributed Hash Table (DHT) library")
	167	(description "OpenDHT is a Distributed Hash Table (DHT) library. It may
	168	be used to manage peer-to-peer network connections as needed for real time
	169	communication.")
7fb18f57	170	(license license:gpl3)))
fb8a5d63	171
fb8a5d63 TGR	172	(define-public encfs
	173	(package
	174	(name "encfs")
ffabdc18	175	(version "1.9.1")
fb8a5d63 TGR	176	(source
	177	(origin
	178	(method url-fetch)
	179	(uri
	180	(string-append "https://github.com/vgough/encfs/releases/download/v"
	181	version "/encfs-" version ".tar.gz"))
	182	(sha256
	183	(base32
ffabdc18	184	"1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837"))
b6f87ec0 TGR	185	(modules '((guix build utils)))
	186	;; Remove bundled dependencies in favour of proper inputs.
	187	(snippet '(for-each delete-file-recursively
	188	(find-files "internal" "^tinyxml2-[0-9]"
	189	#:directories? #t)))))
	190	(build-system cmake-build-system)
fb8a5d63	191	(native-inputs
79355ae3	192	`(("gettext" ,gettext-minimal)
b6f87ec0 TGR	193
	194	;; Test dependencies.
	195	("expect" ,expect)
	196	("perl" ,perl)))
fb8a5d63	197	(inputs
b6f87ec0	198	`(("attr" ,attr)
fb8a5d63 TGR	199	("fuse" ,fuse)
fb8a5d63 TGR	200	("openssl" ,openssl)
b6f87ec0 TGR	201	("tinyxml2" ,tinyxml2)))
	202	(arguments
	203	`(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")))
fb8a5d63 TGR	204	(home-page "https://vgough.github.io/encfs")
	205	(synopsis "Encrypted virtual file system")
	206	(description
	207	"EncFS creates a virtual encrypted file system in user-space. Each file
	208	created under an EncFS mount point is stored as a separate encrypted file on
	209	the underlying file system. Like most encrypted file systems, EncFS is meant
	210	to provide security against off-line attacks, such as a drive falling into
	211	the wrong hands.")
b6f87ec0 TGR	212	(license (list license:expat ; internal/easylogging++.h
	213	license:lgpl3+ ; encfs library
	214	license:gpl3+)))) ; command-line tools
279d902b TGR	215
	216	(define-public keyutils
	217	(package
	218	(name "keyutils")
	219	(version "1.5.9")
	220	(source
	221	(origin
	222	(method url-fetch)
	223	(uri
	224	(string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
	225	version ".tar.bz2"))
	226	(sha256
	227	(base32
	228	"1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"))
	229	(modules '((guix build utils)))
	230	;; Create relative symbolic links instead of absolute ones to /lib/*
	231	(snippet '(substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
	232	"$(LNS) ")))))
	233	(build-system gnu-build-system)
	234	(arguments
	235	`(#:phases (modify-phases %standard-phases
	236	(delete 'configure)) ; no configure script
	237	#:make-flags (list "CC=gcc"
	238	"RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
	239	(string-append "DESTDIR="
	240	(assoc-ref %outputs "out"))
	241	"INCLUDEDIR=/include"
	242	"LIBDIR=/lib"
	243	"MANDIR=/share/man"
	244	"SHAREDIR=/share/keyutils")
	245	#:test-target "test"))
	246	(home-page "https://people.redhat.com/dhowells/keyutils/")
5b63a856	247	(synopsis "Linux key management utilities")
279d902b TGR	248	(description
	249	"Keyutils is a set of utilities for managing the key retention facility in
	250	the Linux kernel, which can be used by file systems, block devices, and more to
	251	gain and retain the authorization and encryption keys required to perform
	252	secure operations. ")
	253	(license (list license:lgpl2.1+ ; the files keyutils.*
	254	license:gpl2+)))) ; the rest
6fabb196	255
	256	;; There is no release candidate but commits point out a version number,
	257	;; furthermore no tarball exists.
	258	(define-public eschalot
	259	(let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
	260	(revision "1"))
	261	(package
	262	(name "eschalot")
	263	(version (string-append "1.2.0-" revision "." (string-take commit 7)))
	264	(source
	265	(origin
	266	(method git-fetch)
	267	(uri (git-reference
	268	(url "https://github.com/schnabear/eschalot")
	269	(commit commit)))
	270	(file-name (string-append name "-" version))
	271	(sha256
	272	(base32
	273	"0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
	274	(inputs
	275	`(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
	276	(build-system gnu-build-system)
	277	(arguments
	278	`(#:make-flags (list "CC=gcc"
	279	(string-append "PREFIX=" (assoc-ref %outputs "out"))
	280	(string-append "INSTALL=" "install"))
	281	;; XXX: make test would run a !VERY! long hashing of names with the use
	282	;; of a wordlist, the amount of computing time this would waste on build
	283	;; servers is in no relation to the size or importance of this small
	284	;; application, therefore we run our own tests on eschalot and worgen.
	285	#:phases
	286	(modify-phases %standard-phases
	287	(delete 'configure)
	288	(replace 'check
	289	(lambda _
	290	(and
	291	(zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
	292	"3-6" "top150adjectives.txt" "3-6"))
	293	(zero? (system* "./eschalot" "-r" "^guix\|^guixsd"))
	294	(zero? (system* "./eschalot" "-r" "^gnu\|^free"))
	295	(zero? (system* "./eschalot" "-r" "^cyber\|^hack"))
	296	(zero? (system* "./eschalot" "-r" "^troll")))))
	297	;; Make install can not create the bin dir, create it.
	298	(add-before 'install 'create-bin-dir
	299	(lambda* (#:key outputs #:allow-other-keys)
	300	(let* ((out (assoc-ref outputs "out"))
	301	(bin (string-append out "/bin")))
	302	(mkdir-p bin)
	303	#t))))))
	304	(home-page "https://github.com/schnabear/eschalot")
	305	(synopsis "Tor hidden service name generator")
	306	(description
	307	"Eschalot is a tor hidden service name generator, it allows one to
	308	produce customized vanity .onion addresses using a brute-force method. Searches
	309	for valid names can be run with regular expressions and wordlists. For the
	310	generation of wordlists the included tool @code{worgen} can be used. There is
	311	no man page, refer to the home page for usage details.")
	312	(license (list license:isc license:expat)))))
2e3f1851 EB	313
	314	(define-public tomb
	315	(package
	316	(name "tomb")
8ca2cb58	317	(version "2.3")
2e3f1851 EB	318	(source (origin
	319	(method url-fetch)
	320	(uri (string-append "https://files.dyne.org/tomb/"
8ca2cb58	321	"Tomb-" version ".tar.gz"))
2e3f1851 EB	322	(sha256
2e3f1851 EB	323	(base32
8ca2cb58	324	"1j90ab8x4cf10167yw4cs4frz694gb0qwkhgqiz1ly7mnr8ysmby"))))
2e3f1851 EB	325	(build-system gnu-build-system)
	326	(inputs
	327	`(("zsh" ,zsh)
	328	("sudo" ,sudo)
	329	("gnupg" ,gnupg)
	330	("cryptsetup" ,cryptsetup)
	331	("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
7c90d0f4	332	("gettext" ,gettext-minimal) ;used at runtime
2e3f1851 EB	333	("mlocate" ,mlocate)
	334	("pinentry" ,pinentry)
	335	("qrencode" ,qrencode)
	336	("steghide" ,steghide)
	337	("swish-e" ,swish-e)))
	338	(arguments
	339	`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
	340	;; TODO: Build and install gtk and qt trays
	341	#:phases
	342	(modify-phases %standard-phases
	343	(delete 'configure) ;no configuration to be done
	344	(add-after 'install 'i18n
	345	(lambda* (#:key make-flags #:allow-other-keys)
	346	(zero? (apply system*
	347	"make" "-C" "extras/translations"
	348	"install" make-flags))))
	349	(add-after 'install 'wrap
	350	(lambda* (#:key inputs outputs #:allow-other-keys)
	351	(let ((out (assoc-ref outputs "out")))
	352	(wrap-program (string-append out "/bin/tomb")
	353	`("PATH" ":" prefix
	354	(,(string-append (assoc-ref inputs "mlocate") "/bin")
	355	,@(map (lambda (program)
	356	(or (and=> (which program) dirname)
	357	(error "program not found:" program)))
	358	'("seq" "mkfs.ext4" "pinentry" "sudo"
	359	"gpg" "cryptsetup" "gettext"
	360	"qrencode" "steghide" "swish-e")))))
	361	#t)))
	362	(delete 'check)
	363	(add-after 'wrap 'check
	364	(lambda* (#:key outputs #:allow-other-keys)
	365	;; Running the full tests requires sudo/root access for
	366	;; cryptsetup, which is not available in the build environment.
	367	;; But we can run `tomb dig` without root, so make sure that
	368	;; works. TODO: It Would Be Nice to check the expected "index",
	369	;; "search", "bury", and "exhume" features are available by
	370	;; querying `tomb -h`.
	371	(let ((tomb (string-append (assoc-ref outputs "out")
	372	"/bin/tomb")))
	373	(zero? (system* tomb "dig" "-s" "10" "secrets.tomb"))))))))
	374	(home-page "http://www.dyne.org/software/tomb")
	375	(synopsis "File encryption for secret data")
	376	(description
	377	"Tomb is an application to manage the creation and access of encrypted
	378	storage files: it can be operated from commandline and it can integrate with a
	379	user's graphical desktop.")
	380	(license license:gpl3+)))
9381a02a LF	381
	382	(define-public scrypt
	383	(package
	384	(name "scrypt")
6c067a3f	385	(version "1.2.1")
9381a02a LF	386	(source
	387	(origin
	388	(method url-fetch)
	389	(uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
	390	version ".tgz"))
	391	(sha256
	392	(base32
6c067a3f	393	"0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
9381a02a LF	394	(build-system gnu-build-system)
	395	(arguments
	396	`(#:phases (modify-phases %standard-phases
	397	(add-after 'unpack 'patch-command-invocations
	398	(lambda _
	399	(substitute* "Makefile.in"
	400	(("command -p") ""))
	401	#t))
	402	(add-after 'install 'install-docs
	403	(lambda* (#:key outputs #:allow-other-keys)
	404	(let* ((out (assoc-ref %outputs "out"))
	405	(misc (string-append out "/share/doc/scrypt")))
	406	(install-file "FORMAT" misc)
	407	#t))))))
	408	(inputs
	409	`(("openssl" ,openssl)))
	410	(home-page "https://www.tarsnap.com/scrypt.html")
	411	(synopsis "Memory-hard encryption tool based on scrypt")
	412	(description "This packages provides a simple password-based encryption
	413	utility as a demonstration of the @code{scrypt} key derivation function.
	414	@code{Scrypt} is designed to be far more resistant against hardware brute-force
	415	attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
	416	(license license:bsd-2)))