HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: rng-tools: Update to 6.3.1.
[jackhill/guix/guix.git] / gnu / packages / crypto.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
3 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
4 ;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
5 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
6 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
7 ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
8 ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
9 ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
10 ;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
11 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
12 ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
13 ;;;
14 ;;; This file is part of GNU Guix.
15 ;;;
16 ;;; GNU Guix is free software; you can redistribute it and/or modify it
17 ;;; under the terms of the GNU General Public License as published by
18 ;;; the Free Software Foundation; either version 3 of the License, or (at
19 ;;; your option) any later version.
20 ;;;
21 ;;; GNU Guix is distributed in the hope that it will be useful, but
22 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
23 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 ;;; GNU General Public License for more details.
25 ;;;
26 ;;; You should have received a copy of the GNU General Public License
27 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
28
29 (define-module (gnu packages crypto)
30 #:use-module (gnu packages)
31 #:use-module (gnu packages admin)
32 #:use-module (gnu packages aidc)
33 #:use-module (gnu packages attr)
34 #:use-module (gnu packages autotools)
35 #:use-module (gnu packages boost)
36 #:use-module (gnu packages check)
37 #:use-module (gnu packages compression)
38 #:use-module (gnu packages cryptsetup)
39 #:use-module (gnu packages databases)
40 #:use-module (gnu packages gettext)
41 #:use-module (gnu packages gnupg)
42 #:use-module (gnu packages image)
43 #:use-module (gnu packages libbsd)
44 #:use-module (gnu packages libffi)
45 #:use-module (gnu packages linux)
46 #:use-module (gnu packages nettle)
47 #:use-module (gnu packages password-utils)
48 #:use-module (gnu packages perl)
49 #:use-module (gnu packages perl-check)
50 #:use-module (gnu packages pkg-config)
51 #:use-module (gnu packages python)
52 #:use-module (gnu packages readline)
53 #:use-module (gnu packages search)
54 #:use-module (gnu packages serialization)
55 #:use-module (gnu packages shells)
56 #:use-module (gnu packages tcl)
57 #:use-module (gnu packages tls)
58 #:use-module (gnu packages xml)
59 #:use-module ((guix licenses) #:prefix license:)
60 #:use-module (guix packages)
61 #:use-module (guix download)
62 #:use-module (guix git-download)
63 #:use-module (guix build-system cmake)
64 #:use-module (guix build-system gnu)
65 #:use-module (guix build-system perl)
66 #:use-module (srfi srfi-1)
67 #:use-module (srfi srfi-26))
68
69 (define-public libsodium
70 (package
71 (name "libsodium")
72 (version "1.0.16")
73 (source (origin
74 (method url-fetch)
75 (uri (list (string-append
76 "https://download.libsodium.org/libsodium/"
77 "releases/libsodium-" version ".tar.gz")
78 (string-append
79 "https://download.libsodium.org/libsodium/"
80 "releases/old/libsodium-" version ".tar.gz")))
81 (sha256
82 (base32
83 "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf"))))
84 (build-system gnu-build-system)
85 (synopsis "Portable NaCl-based crypto library")
86 (description
87 "Sodium is a new easy-to-use high-speed software library for network
88 communication, encryption, decryption, signatures, etc.")
89 (license license:isc)
90 (home-page "https://libsodium.org")))
91
92 (define-public libmd
93 (package
94 (name "libmd")
95 (version "1.0.0")
96 (source (origin
97 (method url-fetch)
98 (uri
99 (list
100 (string-append "https://archive.hadrons.org/software/libmd/libmd-"
101 version ".tar.xz")
102 (string-append "https://libbsd.freedesktop.org/releases/libmd-"
103 version ".tar.xz")))
104 (sha256
105 (base32
106 "1iv45npzv0gncjgcpx5m081861zdqxw667ysghqb8721yrlyl6pj"))))
107 (build-system gnu-build-system)
108 (synopsis "Message Digest functions from BSD systems")
109 (description
110 "The currently provided message digest algorithms are:
111 @itemize
112 @item MD2
113 @item MD4
114 @item MD5
115 @item RIPEMD-160
116 @item SHA-1
117 @item SHA-2 (SHA-256, SHA-384 and SHA-512)
118 @end itemize")
119 (license (list license:bsd-3
120 license:bsd-2
121 license:isc
122 license:public-domain))
123 (home-page "https://www.hadrons.org/software/libmd/")))
124
125 (define-public signify
126 (package
127 (name "signify")
128 (version "23")
129 (source (origin
130 (method url-fetch)
131 (uri (string-append "https://github.com/aperezdc/signify/"
132 "archive/v" version ".tar.gz"))
133 (file-name (string-append name "-" version ".tar.gz"))
134 (sha256
135 (base32
136 "0c70mzawgahsvmsv4xdrass4pgyynd67ipd9lij0fgi8wkq0ns8w"))))
137 (build-system gnu-build-system)
138 ;; TODO Build with libwaive (described in README.md), to implement something
139 ;; like OpenBSD's pledge().
140 (arguments
141 `(#:tests? #f ; no test suite
142 #:make-flags
143 (list "CC=gcc"
144 (string-append "PREFIX=" (assoc-ref %outputs "out")))
145 #:phases
146 (modify-phases %standard-phases
147 (delete 'configure))))
148 (native-inputs
149 `(("pkg-config" ,pkg-config)))
150 (inputs
151 `(("libbsd" ,libbsd)))
152 (synopsis "Create and verify cryptographic signatures")
153 (description "The signify utility creates and verifies cryptographic
154 signatures using the elliptic curve Ed25519. This is a Linux port of the
155 OpenBSD tool of the same name.")
156 (home-page "https://github.com/aperezdc/signify")
157 ;; This package includes third-party code that was originally released under
158 ;; various non-copyleft licenses. See the source files for clarification.
159 (license (list license:bsd-3 license:bsd-4 license:expat license:isc
160 license:public-domain (license:non-copyleft
161 "file://base64.c"
162 "See base64.c in the distribution for
163 the license from IBM.")))))
164
165
166 (define-public opendht
167 (package
168 (name "opendht")
169 (version "0.6.1")
170 (source
171 (origin
172 (method url-fetch)
173 (uri
174 (string-append
175 "https://github.com/savoirfairelinux/" name
176 "/archive/" version ".tar.gz"))
177 (file-name (string-append name "-" version ".tar.gz"))
178 (modules '((guix build utils)))
179 (snippet
180 '(begin
181 (delete-file-recursively "src/argon2")
182 (substitute* "src/Makefile.am"
183 (("./argon2/libargon2.la") "")
184 (("SUBDIRS = argon2") ""))
185 (substitute* "src/crypto.cpp"
186 (("argon2/argon2.h") "argon2.h"))
187 (substitute* "configure.ac"
188 (("src/argon2/Makefile") ""))
189 #t))
190 (sha256
191 (base32
192 "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
193 (build-system gnu-build-system)
194 (inputs
195 `(("gnutls" ,gnutls)
196 ("nettle" ,nettle)
197 ("readline" ,readline)
198 ("argon2" ,argon2)))
199 (propagated-inputs
200 `(("msgpack" ,msgpack))) ;included in several installed headers
201 (native-inputs
202 `(("autoconf" ,autoconf)
203 ("pkg-config" ,pkg-config)
204 ("automake" ,automake)
205 ("libtool" ,libtool)))
206 (arguments
207 `(#:configure-flags '("--disable-tools" "--disable-python")
208 #:phases (modify-phases %standard-phases
209 (add-after 'unpack 'autoconf
210 (lambda _
211 (zero? (system* "autoreconf" "-vfi")))))))
212 (home-page "https://github.com/savoirfairelinux/opendht/")
213 (synopsis "Distributed Hash Table (DHT) library")
214 (description "OpenDHT is a Distributed Hash Table (DHT) library. It may
215 be used to manage peer-to-peer network connections as needed for real time
216 communication.")
217 (license license:gpl3)))
218
219 (define-public encfs
220 (package
221 (name "encfs")
222 (version "1.9.5")
223 (source
224 (origin
225 (method url-fetch)
226 (uri
227 (string-append "https://github.com/vgough/encfs/releases/download/v"
228 version "/encfs-" version ".tar.gz"))
229 (sha256
230 (base32
231 "0qzxavvv20577bxvly8s7d3y7bqasqclc2mllp0ddfncjm9z02a7"))
232 (modules '((guix build utils)))
233 ;; Remove bundled dependencies in favour of proper inputs.
234 (snippet '(begin
235 (for-each delete-file-recursively
236 '("vendor/github.com/leethomason/tinyxml2"
237 "vendor/github.com/google/googletest"))
238 #t))))
239 (build-system cmake-build-system)
240 (native-inputs
241 `(("gettext" ,gettext-minimal)
242
243 ;; Test dependencies.
244 ("expect" ,expect)
245 ("googletest-source" ,(package-source googletest))
246 ("perl" ,perl)))
247 (inputs
248 `(("attr" ,attr)
249 ("fuse" ,fuse)
250 ("openssl" ,openssl)
251 ("tinyxml2" ,tinyxml2)))
252 (arguments
253 `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")
254 #:phases
255 (modify-phases %standard-phases
256 (add-after 'unpack 'unpack-googletest
257 (lambda* (#:key inputs #:allow-other-keys)
258 (mkdir-p "vendor/github.com/google/googletest")
259 (invoke "tar" "xvf" (assoc-ref inputs "googletest-source")
260 "-C" "vendor/github.com/google/googletest"
261 "--strip-components=1")))
262 (add-before 'check 'make-unittests
263 (lambda _
264 (invoke "make" "unittests"))))))
265 (home-page "https://vgough.github.io/encfs")
266 (synopsis "Encrypted virtual file system")
267 (description
268 "EncFS creates a virtual encrypted file system in user-space. Each file
269 created under an EncFS mount point is stored as a separate encrypted file on
270 the underlying file system. Like most encrypted file systems, EncFS is meant
271 to provide security against off-line attacks, such as a drive falling into
272 the wrong hands.")
273 (license (list license:expat ; internal/easylogging++.h
274 license:lgpl3+ ; encfs library
275 license:gpl3+)))) ; command-line tools
276
277 (define-public keyutils
278 (package
279 (name "keyutils")
280 (version "1.5.10")
281 (source
282 (origin
283 (method url-fetch)
284 (uri
285 (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
286 version ".tar.bz2"))
287 (sha256
288 (base32
289 "1dmgjcf7mnwc6h72xkvpaqpzxw8vmlnsmzz0s27pg0giwzm3sp0i"))
290 (modules '((guix build utils)))
291 ;; Create relative symbolic links instead of absolute ones to /lib/*
292 (snippet '(begin
293 (substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
294 "$(LNS) "))
295 #t))))
296 (build-system gnu-build-system)
297 (arguments
298 `(#:phases (modify-phases %standard-phases
299 (delete 'configure)) ; no configure script
300 #:make-flags (list "CC=gcc"
301 "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
302 (string-append "DESTDIR="
303 (assoc-ref %outputs "out"))
304 "INCLUDEDIR=/include"
305 "LIBDIR=/lib"
306 "MANDIR=/share/man"
307 "SHAREDIR=/share/keyutils")
308 #:test-target "test"))
309 (home-page "https://people.redhat.com/dhowells/keyutils/")
310 (synopsis "Linux key management utilities")
311 (description
312 "Keyutils is a set of utilities for managing the key retention facility in
313 the Linux kernel, which can be used by file systems, block devices, and more to
314 gain and retain the authorization and encryption keys required to perform
315 secure operations. ")
316 (license (list license:lgpl2.1+ ; the files keyutils.*
317 license:gpl2+)))) ; the rest
318
319 ;; There is no release candidate but commits point out a version number,
320 ;; furthermore no tarball exists.
321 (define-public eschalot
322 (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
323 (revision "1"))
324 (package
325 (name "eschalot")
326 (version (string-append "1.2.0-" revision "." (string-take commit 7)))
327 (source
328 (origin
329 (method git-fetch)
330 (uri (git-reference
331 (url "https://github.com/schnabear/eschalot")
332 (commit commit)))
333 (file-name (string-append name "-" version))
334 (sha256
335 (base32
336 "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
337 (inputs
338 `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
339 (build-system gnu-build-system)
340 (arguments
341 `(#:make-flags (list "CC=gcc"
342 (string-append "PREFIX=" (assoc-ref %outputs "out"))
343 (string-append "INSTALL=" "install"))
344 ;; XXX: make test would run a !VERY! long hashing of names with the use
345 ;; of a wordlist, the amount of computing time this would waste on build
346 ;; servers is in no relation to the size or importance of this small
347 ;; application, therefore we run our own tests on eschalot and worgen.
348 #:phases
349 (modify-phases %standard-phases
350 (delete 'configure)
351 (replace 'check
352 (lambda _
353 (and
354 (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
355 "3-6" "top150adjectives.txt" "3-6"))
356 (zero? (system* "./eschalot" "-r" "^guix|^guixsd"))
357 (zero? (system* "./eschalot" "-r" "^gnu|^free"))
358 (zero? (system* "./eschalot" "-r" "^cyber|^hack"))
359 (zero? (system* "./eschalot" "-r" "^troll")))))
360 ;; Make install can not create the bin dir, create it.
361 (add-before 'install 'create-bin-dir
362 (lambda* (#:key outputs #:allow-other-keys)
363 (let* ((out (assoc-ref outputs "out"))
364 (bin (string-append out "/bin")))
365 (mkdir-p bin)
366 #t))))))
367 (home-page "https://github.com/schnabear/eschalot")
368 (synopsis "Tor hidden service name generator")
369 (description
370 "Eschalot is a tor hidden service name generator, it allows one to
371 produce customized vanity .onion addresses using a brute-force method. Searches
372 for valid names can be run with regular expressions and wordlists. For the
373 generation of wordlists the included tool @code{worgen} can be used. There is
374 no man page, refer to the home page for usage details.")
375 (license (list license:isc license:expat)))))
376
377 (define-public tomb
378 (package
379 (name "tomb")
380 (version "2.5")
381 (source (origin
382 (method url-fetch)
383 (uri (string-append "https://files.dyne.org/tomb/"
384 "Tomb-" version ".tar.gz"))
385 (sha256
386 (base32
387 "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc"))))
388 (build-system gnu-build-system)
389 (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
390 (inputs
391 `(("zsh" ,zsh)
392 ("gnupg" ,gnupg)
393 ("cryptsetup" ,cryptsetup)
394 ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
395 ("gettext" ,gettext-minimal) ;used at runtime
396 ("mlocate" ,mlocate)
397 ("pinentry" ,pinentry)
398 ("qrencode" ,qrencode)
399 ("steghide" ,steghide)
400 ("util-linux" ,util-linux)))
401 (arguments
402 `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
403 ;; TODO: Build and install gtk and qt trays
404 #:phases
405 (modify-phases %standard-phases
406 (delete 'configure) ;no configuration to be done
407 (add-after 'install 'i18n
408 (lambda* (#:key make-flags #:allow-other-keys)
409 (apply invoke "make" "-C" "extras/translations"
410 "install" make-flags)
411 #t))
412 (add-after 'install 'wrap
413 (lambda* (#:key inputs outputs #:allow-other-keys)
414 (let ((out (assoc-ref outputs "out")))
415 (wrap-program (string-append out "/bin/tomb")
416 `("PATH" ":" prefix
417 (,(string-append (assoc-ref inputs "mlocate") "/bin")
418 ,@(map (lambda (program)
419 (or (and=> (which program) dirname)
420 (error "program not found:" program)))
421 '("seq" "mkfs.ext4" "pinentry" "sudo"
422 "gpg" "cryptsetup" "gettext"
423 "qrencode" "steghide" "findmnt")))))
424 #t)))
425 (delete 'check)
426 (add-after 'wrap 'check
427 (lambda* (#:key outputs #:allow-other-keys)
428 ;; Running the full tests requires sudo/root access for
429 ;; cryptsetup, which is not available in the build environment.
430 ;; But we can run `tomb dig` without root, so make sure that
431 ;; works. TODO: It Would Be Nice to check the expected "index",
432 ;; "search", "bury", and "exhume" features are available by
433 ;; querying `tomb -h`.
434 (let ((tomb (string-append (assoc-ref outputs "out")
435 "/bin/tomb")))
436 (invoke tomb "dig" "-s" "10" "secrets.tomb")
437 #t))))))
438 (home-page "https://www.dyne.org/software/tomb")
439 (synopsis "File encryption for secret data")
440 (description
441 "Tomb is an application to manage the creation and access of encrypted
442 storage files: it can be operated from commandline and it can integrate with a
443 user's graphical desktop.")
444 (license license:gpl3+)))
445
446 (define-public scrypt
447 (package
448 (name "scrypt")
449 (version "1.2.1")
450 (source
451 (origin
452 (method url-fetch)
453 (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
454 version ".tgz"))
455 (sha256
456 (base32
457 "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
458 (build-system gnu-build-system)
459 (arguments
460 `(#:phases (modify-phases %standard-phases
461 (add-after 'unpack 'patch-command-invocations
462 (lambda _
463 (substitute* "Makefile.in"
464 (("command -p") ""))
465 #t))
466 (add-after 'install 'install-docs
467 (lambda* (#:key outputs #:allow-other-keys)
468 (let* ((out (assoc-ref %outputs "out"))
469 (misc (string-append out "/share/doc/scrypt")))
470 (install-file "FORMAT" misc)
471 #t))))))
472 (inputs
473 `(("openssl" ,openssl)))
474 (home-page "https://www.tarsnap.com/scrypt.html")
475 (synopsis "Memory-hard encryption tool based on scrypt")
476 (description "This packages provides a simple password-based encryption
477 utility as a demonstration of the @code{scrypt} key derivation function.
478 @code{Scrypt} is designed to be far more resistant against hardware brute-force
479 attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
480 (license license:bsd-2)))
481
482 (define-public libscrypt
483 (package
484 (name "libscrypt")
485 (version "1.21")
486 (source
487 (origin
488 (method git-fetch)
489 (uri (git-reference
490 (url "https://github.com/technion/libscrypt.git")
491 (commit (string-append "v" version))))
492 (file-name (git-file-name name version))
493 (sha256
494 (base32
495 "1d76ys6cp7fi4ng1w3mz2l0p9dbr7ljbk33dcywyimzjz8bahdng"))))
496 (build-system gnu-build-system)
497 (arguments
498 `(#:make-flags (list (string-append "PREFIX=" %output)
499 "CC=gcc")
500 #:phases
501 (modify-phases %standard-phases
502 (delete 'configure))))
503 (home-page "https://lolware.net/libscrypt.html")
504 (synopsis "Password hashing library")
505 (description "@code{libscrypt} implements @code{scrypt} key derivation
506 function. It is designed to be far more secure against hardware brute-force
507 attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
508 (license license:bsd-3)))
509
510 (define-public perl-math-random-isaac-xs
511 (package
512 (name "perl-math-random-isaac-xs")
513 (version "1.004")
514 (source
515 (origin
516 (method url-fetch)
517 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
518 "Math-Random-ISAAC-XS-" version ".tar.gz"))
519 (sha256
520 (base32
521 "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws"))))
522 (build-system perl-build-system)
523 (native-inputs
524 `(("perl-module-build" ,perl-module-build)
525 ("perl-test-nowarnings" ,perl-test-nowarnings)))
526 (home-page "http://search.cpan.org/dist/Math-Random-ISAAC-XS")
527 (synopsis "C implementation of the ISAAC PRNG algorithm")
528 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
529 fast pseudo-random number generator. It is suitable for applications where a
530 significant amount of random data needs to be produced quickly, such as
531 solving using the Monte Carlo method or for games. The results are uniformly
532 distributed, unbiased, and unpredictable unless you know the seed.
533
534 This package implements the same interface as @code{Math::Random::ISAAC}.")
535 (license license:public-domain)))
536
537 (define-public perl-math-random-isaac
538 (package
539 (name "perl-math-random-isaac")
540 (version "1.004")
541 (source
542 (origin
543 (method url-fetch)
544 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
545 "Math-Random-ISAAC-" version ".tar.gz"))
546 (sha256
547 (base32
548 "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7"))))
549 (build-system perl-build-system)
550 (native-inputs
551 `(("perl-test-nowarnings" ,perl-test-nowarnings)))
552 (propagated-inputs
553 `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)))
554 (home-page "http://search.cpan.org/dist/Math-Random-ISAAC")
555 (synopsis "Perl interface to the ISAAC PRNG algorithm")
556 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
557 fast pseudo-random number generator. It is suitable for applications where a
558 significant amount of random data needs to be produced quickly, such as
559 solving using the Monte Carlo method or for games. The results are uniformly
560 distributed, unbiased, and unpredictable unless you know the seed.
561
562 This package provides a Perl interface to the ISAAC pseudo random number
563 generator.")
564 (license license:public-domain)))
565
566 (define-public perl-crypt-random-source
567 (package
568 (name "perl-crypt-random-source")
569 (version "0.12")
570 (source
571 (origin
572 (method url-fetch)
573 (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
574 "Crypt-Random-Source-" version ".tar.gz"))
575 (sha256
576 (base32
577 "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
578 (build-system perl-build-system)
579 (native-inputs
580 `(("perl-module-build-tiny" ,perl-module-build-tiny)
581 ("perl-test-exception" ,perl-test-exception)))
582 (propagated-inputs
583 `(("perl-capture-tiny" ,perl-capture-tiny)
584 ("perl-module-find" ,perl-module-find)
585 ("perl-module-runtime" ,perl-module-runtime)
586 ("perl-moo" ,perl-moo)
587 ("perl-namespace-clean" ,perl-namespace-clean)
588 ("perl-sub-exporter" ,perl-sub-exporter)
589 ("perl-type-tiny" ,perl-type-tiny)))
590 (home-page "http://search.cpan.org/dist/Crypt-Random-Source")
591 (synopsis "Get weak or strong random data from pluggable sources")
592 (description "This module provides implementations for a number of
593 byte-oriented sources of random data.")
594 (license license:perl-license)))
595
596 (define-public perl-math-random-secure
597 (package
598 (name "perl-math-random-secure")
599 (version "0.080001")
600 (source
601 (origin
602 (method url-fetch)
603 (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
604 "Math-Random-Secure-" version ".tar.gz"))
605 (sha256
606 (base32
607 "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z"))))
608 (build-system perl-build-system)
609 (native-inputs
610 `(("perl-list-moreutils" ,perl-list-moreutils)
611 ("perl-test-leaktrace" ,perl-test-leaktrace)
612 ("perl-test-sharedfork" ,perl-test-sharedfork)
613 ("perl-test-warn" ,perl-test-warn)))
614 (inputs
615 `(("perl-crypt-random-source" ,perl-crypt-random-source)
616 ("perl-math-random-isaac" ,perl-math-random-isaac)
617 ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)
618 ("perl-moo" ,perl-moo)))
619 (home-page "http://search.cpan.org/dist/Math-Random-Secure")
620 (synopsis "Cryptographically secure replacement for rand()")
621 (description "This module is intended to provide a
622 cryptographically-secure replacement for Perl's built-in @code{rand} function.
623 \"Crytographically secure\", in this case, means:
624
625 @enumerate
626 @item No matter how many numbers you see generated by the random number
627 generator, you cannot guess the future numbers, and you cannot guess the seed.
628 @item There are so many possible seeds that it would take decades, centuries,
629 or millennia for an attacker to try them all.
630 @item The seed comes from a source that generates relatively strong random
631 data on your platform, so the seed itself will be as random as possible.
632 @end enumerate\n")
633 (license license:artistic2.0)))
634
635 (define-public crypto++
636 (package
637 (name "crypto++")
638 (version "6.0.0")
639 (source (origin
640 (method url-fetch/zipbomb)
641 (uri (string-append "https://cryptopp.com/cryptopp"
642 (string-join (string-split version #\.) "")
643 ".zip"))
644 (sha256
645 (base32
646 "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34"))))
647 (build-system gnu-build-system)
648 (arguments
649 `(#:make-flags
650 (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
651 #:phases
652 (modify-phases %standard-phases
653 (add-after 'unpack 'disable-native-optimisation
654 ;; This package installs more than just headers. Ensure that the
655 ;; cryptest.exe binary & static library aren't CPU model specific.
656 (lambda _
657 (substitute* "GNUmakefile"
658 ((" -march=native") ""))
659 #t))
660 (delete 'configure))))
661 (native-inputs
662 `(("unzip" ,unzip)))
663 (home-page "https://cryptopp.com/")
664 (synopsis "C++ class library of cryptographic schemes")
665 (description "Crypto++ is a C++ class library of cryptographic schemes.")
666 ;; The compilation is distributed under the Boost license; the individual
667 ;; files in the compilation are in the public domain.
668 (license (list license:boost1.0 license:public-domain))))
669
670 (define-public libb2
671 (package
672 (name "libb2")
673 (version "0.98")
674 (source (origin
675 (method url-fetch)
676 (uri (string-append
677 "https://github.com/BLAKE2/libb2/releases/download/v"
678 version "/libb2-" version ".tar.gz"))
679 (sha256
680 (base32
681 "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8"))))
682 (build-system gnu-build-system)
683 (arguments
684 `(#:configure-flags
685 (list
686 ,@(if (any (cute string-prefix? <> (or (%current-system)
687 (%current-target-system)))
688 '("x86_64" "i686"))
689 ;; fat only checks for Intel optimisations
690 '("--enable-fat")
691 '())
692 "--disable-native"))) ;don't optimise at build time
693 (home-page "https://blake2.net/")
694 (synopsis "Library implementing the BLAKE2 family of hash functions")
695 (description
696 "libb2 is a portable implementation of the BLAKE2 family of cryptographic
697 hash functions. It includes optimised implementations for IA-32 and AMD64
698 processors, and an interface layer that automatically selects the best
699 implementation for the processor it is run on.
700
701 @dfn{BLAKE2} (RFC 7693) is a family of high-speed cryptographic hash functions
702 that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure
703 as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist
704 BLAKE.")
705 (license license:public-domain)))
706
707 (define-public rhash
708 (package
709 (name "rhash")
710 (version "1.3.6")
711 (source
712 (origin
713 (method url-fetch)
714 (uri (string-append "https://github.com/rhash/RHash/archive/v"
715 version ".tar.gz"))
716 (file-name (string-append name "-" version ".tar.gz"))
717 (sha256
718 (base32
719 "14ngzfgmd1lfp7m78sn49x8ymf2s37nrr67c6p5vas85nrrgjkcn"))))
720 (build-system gnu-build-system)
721 (arguments
722 `(#:make-flags
723 ;; The binaries in /bin need some help finding librhash.so.0.
724 (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
725 #:test-target "test" ; ‘make check’ just checks the sources
726 #:phases
727 (modify-phases %standard-phases
728 (replace 'configure
729 ;; ./configure is not GNU autotools' and doesn't gracefully handle
730 ;; unrecognized options, so we must call it manually.
731 (lambda* (#:key outputs #:allow-other-keys)
732 (invoke "./configure"
733 (string-append "--prefix=" (assoc-ref outputs "out")))))
734 (add-after 'install 'install-library-extras
735 (lambda* (#:key make-flags #:allow-other-keys)
736 (apply invoke
737 "make" "-C" "librhash"
738 "install-headers" "install-so-link"
739 make-flags))))))
740 (home-page "https://sourceforge.net/projects/rhash/")
741 (synopsis "Utility for computing hash sums")
742 (description "RHash is a console utility for calculation and verification
743 of magnet links and a wide range of hash sums like CRC32, MD4, MD5, SHA1,
744 SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R
745 34.11-94, RIPEMD-160, HAS-160, EDON-R, Whirlpool and Snefru.")
746 (license (license:non-copyleft "file://COPYING"))))
747
748 (define-public botan
749 (package
750 (name "botan")
751 (version "2.7.0")
752 (source (origin
753 (method url-fetch)
754 (uri (string-append "https://botan.randombit.net/releases/"
755 "Botan-" version ".tgz"))
756 (sha256
757 (base32
758 "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4"))))
759 (build-system gnu-build-system)
760 (arguments
761 '(#:phases
762 (modify-phases %standard-phases
763 (replace 'configure
764 (lambda* (#:key inputs outputs #:allow-other-keys)
765 (let* ((out (assoc-ref %outputs "out"))
766 (lib (string-append out "/lib")))
767 (invoke "python" "./configure.py"
768 (string-append "--prefix=" out)
769 ;; Otherwise, the `botan` executable cannot find
770 ;; libbotan.
771 (string-append "--ldflags=-Wl,-rpath=" lib)
772 "--with-rst2man"
773 ;; Recommended by upstream
774 "--with-zlib" "--with-bzip2" "--with-sqlite3"))))
775 (replace 'check
776 (lambda _ (invoke "./botan-test"))))))
777 (native-inputs
778 `(("python" ,python-minimal-wrapper)
779 ("python-docutils" ,python-docutils)))
780 (inputs
781 `(("sqlite" ,sqlite)
782 ("bzip2" ,bzip2)
783 ("zlib" ,zlib)))
784 (synopsis "Cryptographic library in C++11")
785 (description "Botan is a cryptography library, written in C++11, offering
786 the tools necessary to implement a range of practical systems, such as TLS/DTLS,
787 PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing,
788 and post-quantum crypto schemes. In addition to the C++, botan has a C89 API
789 specifically designed to be easy to call from other languages. A Python binding
790 using ctypes is included, and several other language bindings are available.")
791 (home-page "https://botan.randombit.net")
792 (license license:bsd-2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/