HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into staging
[jackhill/guix/guix.git] / gnu / packages / crypto.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
3 ;;; Copyright © 2015, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
4 ;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
5 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
6 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
7 ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
8 ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
9 ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
10 ;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
11 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
12 ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
13 ;;; Copyright © 2018 Nicolò Balzarotti <nicolo@nixo.xyz>
14 ;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
15 ;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
16 ;;;
17 ;;; This file is part of GNU Guix.
18 ;;;
19 ;;; GNU Guix is free software; you can redistribute it and/or modify it
20 ;;; under the terms of the GNU General Public License as published by
21 ;;; the Free Software Foundation; either version 3 of the License, or (at
22 ;;; your option) any later version.
23 ;;;
24 ;;; GNU Guix is distributed in the hope that it will be useful, but
25 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
26 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 ;;; GNU General Public License for more details.
28 ;;;
29 ;;; You should have received a copy of the GNU General Public License
30 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
31
32 (define-module (gnu packages crypto)
33 #:use-module (gnu packages)
34 #:use-module (gnu packages admin)
35 #:use-module (gnu packages aidc)
36 #:use-module (gnu packages attr)
37 #:use-module (gnu packages autotools)
38 #:use-module (gnu packages boost)
39 #:use-module (gnu packages check)
40 #:use-module (gnu packages compression)
41 #:use-module (gnu packages cryptsetup)
42 #:use-module (gnu packages gettext)
43 #:use-module (gnu packages gnupg)
44 #:use-module (gnu packages image)
45 #:use-module (gnu packages kerberos)
46 #:use-module (gnu packages libbsd)
47 #:use-module (gnu packages libffi)
48 #:use-module (gnu packages linux)
49 #:use-module (gnu packages nettle)
50 #:use-module (gnu packages password-utils)
51 #:use-module (gnu packages perl)
52 #:use-module (gnu packages perl-check)
53 #:use-module (gnu packages pkg-config)
54 #:use-module (gnu packages python)
55 #:use-module (gnu packages python-xyz)
56 #:use-module (gnu packages readline)
57 #:use-module (gnu packages search)
58 #:use-module (gnu packages serialization)
59 #:use-module (gnu packages shells)
60 #:use-module (gnu packages sqlite)
61 #:use-module (gnu packages tcl)
62 #:use-module (gnu packages tls)
63 #:use-module (gnu packages xml)
64 #:use-module ((guix licenses) #:prefix license:)
65 #:use-module (guix packages)
66 #:use-module (guix download)
67 #:use-module (guix git-download)
68 #:use-module (guix build-system cmake)
69 #:use-module (guix build-system gnu)
70 #:use-module (guix build-system perl)
71 #:use-module (srfi srfi-1)
72 #:use-module (srfi srfi-26))
73
74 (define-public libsodium
75 (package
76 (name "libsodium")
77 (version "1.0.17")
78 (source (origin
79 (method url-fetch)
80 (uri (list (string-append
81 "https://download.libsodium.org/libsodium/"
82 "releases/libsodium-" version ".tar.gz")
83 (string-append
84 "https://download.libsodium.org/libsodium/"
85 "releases/old/libsodium-" version ".tar.gz")))
86 (sha256
87 (base32
88 "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc"))))
89 (build-system gnu-build-system)
90 (synopsis "Portable NaCl-based crypto library")
91 (description
92 "Sodium is a new easy-to-use high-speed software library for network
93 communication, encryption, decryption, signatures, etc.")
94 (license license:isc)
95 (home-page "https://libsodium.org")))
96
97 (define-public libmd
98 (package
99 (name "libmd")
100 (version "1.0.1")
101 (source (origin
102 (method url-fetch)
103 (uri
104 (list
105 (string-append "https://archive.hadrons.org/software/libmd/libmd-"
106 version ".tar.xz")
107 (string-append "https://libbsd.freedesktop.org/releases/libmd-"
108 version ".tar.xz")))
109 (sha256
110 (base32
111 "0waclg2d5qin3r26gy5jvy4584ik60njc8pqbzwk0lzq3j9ynkp1"))))
112 (build-system gnu-build-system)
113 (synopsis "Message Digest functions from BSD systems")
114 (description
115 "The currently provided message digest algorithms are:
116 @itemize
117 @item MD2
118 @item MD4
119 @item MD5
120 @item RIPEMD-160
121 @item SHA-1
122 @item SHA-2 (SHA-256, SHA-384 and SHA-512)
123 @end itemize")
124 (license (list license:bsd-3
125 license:bsd-2
126 license:isc
127 license:public-domain))
128 (home-page "https://www.hadrons.org/software/libmd/")))
129
130 (define-public signify
131 (package
132 (name "signify")
133 (version "24")
134 (source (origin
135 (method url-fetch)
136 (uri (string-append "https://github.com/aperezdc/signify/"
137 "archive/v" version ".tar.gz"))
138 (file-name (string-append name "-" version ".tar.gz"))
139 (sha256
140 (base32
141 "0594vyvkq176xxzaz9xbq8qs0xdnr8s9gkd1prblwpdvnzmw0xvc"))))
142 (build-system gnu-build-system)
143 ;; TODO Build with libwaive (described in README.md), to implement something
144 ;; like OpenBSD's pledge().
145 (arguments
146 `(#:tests? #f ; no test suite
147 #:make-flags
148 (list "CC=gcc"
149 (string-append "PREFIX=" (assoc-ref %outputs "out")))
150 #:phases
151 (modify-phases %standard-phases
152 (delete 'configure))))
153 (native-inputs
154 `(("pkg-config" ,pkg-config)))
155 (inputs
156 `(("libbsd" ,libbsd)))
157 (synopsis "Create and verify cryptographic signatures")
158 (description "The signify utility creates and verifies cryptographic
159 signatures using the elliptic curve Ed25519. This is a Linux port of the
160 OpenBSD tool of the same name.")
161 (home-page "https://github.com/aperezdc/signify")
162 ;; This package includes third-party code that was originally released under
163 ;; various non-copyleft licenses. See the source files for clarification.
164 (license (list license:bsd-3 license:bsd-4 license:expat license:isc
165 license:public-domain (license:non-copyleft
166 "file://base64.c"
167 "See base64.c in the distribution for
168 the license from IBM.")))))
169
170 (define-public encfs
171 (package
172 (name "encfs")
173 (version "1.9.5")
174 (source
175 (origin
176 (method url-fetch)
177 (uri
178 (string-append "https://github.com/vgough/encfs/releases/download/v"
179 version "/encfs-" version ".tar.gz"))
180 (sha256
181 (base32
182 "0qzxavvv20577bxvly8s7d3y7bqasqclc2mllp0ddfncjm9z02a7"))
183 (modules '((guix build utils)))
184 ;; Remove bundled dependencies in favour of proper inputs.
185 (snippet '(begin
186 (for-each delete-file-recursively
187 '("vendor/github.com/leethomason/tinyxml2"
188 "vendor/github.com/google/googletest"))
189 #t))))
190 (build-system cmake-build-system)
191 (native-inputs
192 `(("gettext" ,gettext-minimal)
193
194 ;; Test dependencies.
195 ("expect" ,expect)
196 ("googletest-source" ,(package-source googletest))
197 ("perl" ,perl)))
198 (inputs
199 `(("attr" ,attr)
200 ("fuse" ,fuse)
201 ("openssl" ,openssl)
202 ("tinyxml2" ,tinyxml2)))
203 (arguments
204 `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")
205 #:phases
206 (modify-phases %standard-phases
207 (add-after 'unpack 'unpack-googletest
208 (lambda* (#:key inputs #:allow-other-keys)
209 (mkdir-p "vendor/github.com/google/googletest")
210 (invoke "tar" "xvf" (assoc-ref inputs "googletest-source")
211 "-C" "vendor/github.com/google/googletest"
212 "--strip-components=1")))
213 (add-before 'check 'make-unittests
214 (lambda _
215 (invoke "make" "unittests"))))))
216 (home-page "https://vgough.github.io/encfs")
217 (synopsis "Encrypted virtual file system")
218 (description
219 "EncFS creates a virtual encrypted file system in user-space. Each file
220 created under an EncFS mount point is stored as a separate encrypted file on
221 the underlying file system. Like most encrypted file systems, EncFS is meant
222 to provide security against off-line attacks, such as a drive falling into
223 the wrong hands.")
224 (license (list license:expat ; internal/easylogging++.h
225 license:lgpl3+ ; encfs library
226 license:gpl3+)))) ; command-line tools
227
228 (define-public keyutils
229 (package
230 (name "keyutils")
231 (version "1.5.11")
232 (source
233 (origin
234 (method url-fetch)
235 (uri
236 (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
237 version ".tar.bz2"))
238 (sha256
239 (base32
240 "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i"))
241 (modules '((guix build utils)))
242 ;; Create relative symbolic links instead of absolute ones to /lib/*.
243 (snippet '(begin
244 (substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
245 "$(LNS) "))
246 #t))))
247 (build-system gnu-build-system)
248 (arguments
249 `(#:phases (modify-phases %standard-phases
250 (delete 'configure)) ; no configure script
251 #:make-flags (list "CC=gcc"
252 "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
253 (string-append "DESTDIR="
254 (assoc-ref %outputs "out"))
255 "INCLUDEDIR=/include"
256 "LIBDIR=/lib"
257 "MANDIR=/share/man"
258 "SHAREDIR=/share/keyutils")
259 #:test-target "test"))
260 (inputs
261 `(("mit-krb5" ,mit-krb5)))
262 (home-page "https://people.redhat.com/dhowells/keyutils/")
263 (synopsis "Linux key management utilities")
264 (description
265 "Keyutils is a set of utilities for managing the key retention facility in
266 the Linux kernel, which can be used by file systems, block devices, and more to
267 gain and retain the authorization and encryption keys required to perform
268 secure operations. ")
269 (license (list license:lgpl2.1+ ; the files keyutils.*
270 license:gpl2+)))) ; the rest
271
272 ;; There is no release candidate but commits point out a version number,
273 ;; furthermore no tarball exists.
274 (define-public eschalot
275 (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
276 (revision "1"))
277 (package
278 (name "eschalot")
279 (version (string-append "1.2.0-" revision "." (string-take commit 7)))
280 (source
281 (origin
282 (method git-fetch)
283 (uri (git-reference
284 (url "https://github.com/schnabear/eschalot")
285 (commit commit)))
286 (file-name (string-append name "-" version))
287 (sha256
288 (base32
289 "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
290 (inputs
291 `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
292 (build-system gnu-build-system)
293 (arguments
294 `(#:make-flags (list "CC=gcc"
295 (string-append "PREFIX=" (assoc-ref %outputs "out"))
296 (string-append "INSTALL=" "install"))
297 ;; XXX: make test would run a !VERY! long hashing of names with the use
298 ;; of a wordlist, the amount of computing time this would waste on build
299 ;; servers is in no relation to the size or importance of this small
300 ;; application, therefore we run our own tests on eschalot and worgen.
301 #:phases
302 (modify-phases %standard-phases
303 (delete 'configure)
304 (replace 'check
305 (lambda _
306 (and
307 (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
308 "3-6" "top150adjectives.txt" "3-6"))
309 (zero? (system* "./eschalot" "-r" "^guix|^guixsd"))
310 (zero? (system* "./eschalot" "-r" "^gnu|^free"))
311 (zero? (system* "./eschalot" "-r" "^cyber|^hack"))
312 (zero? (system* "./eschalot" "-r" "^troll")))))
313 ;; Make install can not create the bin dir, create it.
314 (add-before 'install 'create-bin-dir
315 (lambda* (#:key outputs #:allow-other-keys)
316 (let* ((out (assoc-ref outputs "out"))
317 (bin (string-append out "/bin")))
318 (mkdir-p bin)
319 #t))))))
320 (home-page "https://github.com/schnabear/eschalot")
321 (synopsis "Tor hidden service name generator")
322 (description
323 "Eschalot is a tor hidden service name generator, it allows one to
324 produce customized vanity .onion addresses using a brute-force method. Searches
325 for valid names can be run with regular expressions and wordlists. For the
326 generation of wordlists the included tool @code{worgen} can be used. There is
327 no man page, refer to the home page for usage details.")
328 (license (list license:isc license:expat)))))
329
330 (define-public tomb
331 (package
332 (name "tomb")
333 (version "2.5")
334 (source (origin
335 (method url-fetch)
336 (uri (string-append "https://files.dyne.org/tomb/"
337 "Tomb-" version ".tar.gz"))
338 (sha256
339 (base32
340 "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc"))))
341 (build-system gnu-build-system)
342 (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
343 (inputs
344 `(("zsh" ,zsh)
345 ("gnupg" ,gnupg)
346 ("cryptsetup" ,cryptsetup)
347 ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
348 ("gettext" ,gettext-minimal) ;used at runtime
349 ("mlocate" ,mlocate)
350 ("pinentry" ,pinentry)
351 ("qrencode" ,qrencode)
352 ("steghide" ,steghide)
353 ("util-linux" ,util-linux)))
354 (arguments
355 `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
356 ;; TODO: Build and install gtk and qt trays
357 #:phases
358 (modify-phases %standard-phases
359 (delete 'configure) ;no configuration to be done
360 (add-after 'install 'i18n
361 (lambda* (#:key make-flags #:allow-other-keys)
362 (apply invoke "make" "-C" "extras/translations"
363 "install" make-flags)
364 #t))
365 (add-after 'install 'wrap
366 (lambda* (#:key inputs outputs #:allow-other-keys)
367 (let ((out (assoc-ref outputs "out")))
368 (wrap-program (string-append out "/bin/tomb")
369 `("PATH" ":" prefix
370 (,(string-append (assoc-ref inputs "mlocate") "/bin")
371 ,@(map (lambda (program)
372 (or (and=> (which program) dirname)
373 (error "program not found:" program)))
374 '("seq" "mkfs.ext4" "pinentry" "sudo"
375 "gpg" "cryptsetup" "gettext"
376 "qrencode" "steghide" "findmnt")))))
377 #t)))
378 (delete 'check)
379 (add-after 'wrap 'check
380 (lambda* (#:key outputs #:allow-other-keys)
381 ;; Running the full tests requires sudo/root access for
382 ;; cryptsetup, which is not available in the build environment.
383 ;; But we can run `tomb dig` without root, so make sure that
384 ;; works. TODO: It Would Be Nice to check the expected "index",
385 ;; "search", "bury", and "exhume" features are available by
386 ;; querying `tomb -h`.
387 (let ((tomb (string-append (assoc-ref outputs "out")
388 "/bin/tomb")))
389 (invoke tomb "dig" "-s" "10" "secrets.tomb")
390 #t))))))
391 (home-page "https://www.dyne.org/software/tomb")
392 (synopsis "File encryption for secret data")
393 (description
394 "Tomb is an application to manage the creation and access of encrypted
395 storage files: it can be operated from commandline and it can integrate with a
396 user's graphical desktop.")
397 (license license:gpl3+)))
398
399 (define-public scrypt
400 (package
401 (name "scrypt")
402 (version "1.2.1")
403 (source
404 (origin
405 (method url-fetch)
406 (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
407 version ".tgz"))
408 (sha256
409 (base32
410 "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
411 (build-system gnu-build-system)
412 (arguments
413 `(#:phases (modify-phases %standard-phases
414 (add-after 'unpack 'patch-command-invocations
415 (lambda _
416 (substitute* "Makefile.in"
417 (("command -p") ""))
418 #t))
419 (add-after 'install 'install-docs
420 (lambda* (#:key outputs #:allow-other-keys)
421 (let* ((out (assoc-ref %outputs "out"))
422 (misc (string-append out "/share/doc/scrypt")))
423 (install-file "FORMAT" misc)
424 #t))))))
425 (inputs
426 `(("openssl" ,openssl)))
427 (home-page "https://www.tarsnap.com/scrypt.html")
428 (synopsis "Memory-hard encryption tool based on scrypt")
429 (description "This packages provides a simple password-based encryption
430 utility as a demonstration of the @code{scrypt} key derivation function.
431 @code{Scrypt} is designed to be far more resistant against hardware brute-force
432 attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
433 (license license:bsd-2)))
434
435 (define-public libscrypt
436 (package
437 (name "libscrypt")
438 (version "1.21")
439 (source
440 (origin
441 (method git-fetch)
442 (uri (git-reference
443 (url "https://github.com/technion/libscrypt.git")
444 (commit (string-append "v" version))))
445 (file-name (git-file-name name version))
446 (sha256
447 (base32
448 "1d76ys6cp7fi4ng1w3mz2l0p9dbr7ljbk33dcywyimzjz8bahdng"))))
449 (build-system gnu-build-system)
450 (arguments
451 `(#:make-flags (list (string-append "PREFIX=" %output)
452 "CC=gcc")
453 #:phases
454 (modify-phases %standard-phases
455 (delete 'configure))))
456 (home-page "https://lolware.net/libscrypt.html")
457 (synopsis "Password hashing library")
458 (description "@code{libscrypt} implements @code{scrypt} key derivation
459 function. It is designed to be far more secure against hardware brute-force
460 attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
461 (license license:bsd-3)))
462
463 (define-public perl-math-random-isaac-xs
464 (package
465 (name "perl-math-random-isaac-xs")
466 (version "1.004")
467 (source
468 (origin
469 (method url-fetch)
470 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
471 "Math-Random-ISAAC-XS-" version ".tar.gz"))
472 (sha256
473 (base32
474 "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws"))))
475 (build-system perl-build-system)
476 (native-inputs
477 `(("perl-module-build" ,perl-module-build)
478 ("perl-test-nowarnings" ,perl-test-nowarnings)))
479 (home-page "https://metacpan.org/release/Math-Random-ISAAC-XS")
480 (synopsis "C implementation of the ISAAC PRNG algorithm")
481 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
482 fast pseudo-random number generator. It is suitable for applications where a
483 significant amount of random data needs to be produced quickly, such as
484 solving using the Monte Carlo method or for games. The results are uniformly
485 distributed, unbiased, and unpredictable unless you know the seed.
486
487 This package implements the same interface as @code{Math::Random::ISAAC}.")
488 (license license:public-domain)))
489
490 (define-public perl-math-random-isaac
491 (package
492 (name "perl-math-random-isaac")
493 (version "1.004")
494 (source
495 (origin
496 (method url-fetch)
497 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
498 "Math-Random-ISAAC-" version ".tar.gz"))
499 (sha256
500 (base32
501 "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7"))))
502 (build-system perl-build-system)
503 (native-inputs
504 `(("perl-test-nowarnings" ,perl-test-nowarnings)))
505 (propagated-inputs
506 `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)))
507 (home-page "https://metacpan.org/release/Math-Random-ISAAC")
508 (synopsis "Perl interface to the ISAAC PRNG algorithm")
509 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
510 fast pseudo-random number generator. It is suitable for applications where a
511 significant amount of random data needs to be produced quickly, such as
512 solving using the Monte Carlo method or for games. The results are uniformly
513 distributed, unbiased, and unpredictable unless you know the seed.
514
515 This package provides a Perl interface to the ISAAC pseudo random number
516 generator.")
517 (license license:public-domain)))
518
519 (define-public perl-crypt-random-source
520 (package
521 (name "perl-crypt-random-source")
522 (version "0.12")
523 (source
524 (origin
525 (method url-fetch)
526 (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
527 "Crypt-Random-Source-" version ".tar.gz"))
528 (sha256
529 (base32
530 "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
531 (build-system perl-build-system)
532 (native-inputs
533 `(("perl-module-build-tiny" ,perl-module-build-tiny)
534 ("perl-test-exception" ,perl-test-exception)))
535 (propagated-inputs
536 `(("perl-capture-tiny" ,perl-capture-tiny)
537 ("perl-module-find" ,perl-module-find)
538 ("perl-module-runtime" ,perl-module-runtime)
539 ("perl-moo" ,perl-moo)
540 ("perl-namespace-clean" ,perl-namespace-clean)
541 ("perl-sub-exporter" ,perl-sub-exporter)
542 ("perl-type-tiny" ,perl-type-tiny)))
543 (home-page "https://metacpan.org/release/Crypt-Random-Source")
544 (synopsis "Get weak or strong random data from pluggable sources")
545 (description "This module provides implementations for a number of
546 byte-oriented sources of random data.")
547 (license license:perl-license)))
548
549 (define-public perl-math-random-secure
550 (package
551 (name "perl-math-random-secure")
552 (version "0.080001")
553 (source
554 (origin
555 (method url-fetch)
556 (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
557 "Math-Random-Secure-" version ".tar.gz"))
558 (sha256
559 (base32
560 "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z"))))
561 (build-system perl-build-system)
562 (native-inputs
563 `(("perl-list-moreutils" ,perl-list-moreutils)
564 ("perl-test-leaktrace" ,perl-test-leaktrace)
565 ("perl-test-sharedfork" ,perl-test-sharedfork)
566 ("perl-test-warn" ,perl-test-warn)))
567 (inputs
568 `(("perl-crypt-random-source" ,perl-crypt-random-source)
569 ("perl-math-random-isaac" ,perl-math-random-isaac)
570 ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)
571 ("perl-moo" ,perl-moo)))
572 (home-page "https://metacpan.org/release/Math-Random-Secure")
573 (synopsis "Cryptographically secure replacement for rand()")
574 (description "This module is intended to provide a
575 cryptographically-secure replacement for Perl's built-in @code{rand} function.
576 \"Crytographically secure\", in this case, means:
577
578 @enumerate
579 @item No matter how many numbers you see generated by the random number
580 generator, you cannot guess the future numbers, and you cannot guess the seed.
581 @item There are so many possible seeds that it would take decades, centuries,
582 or millennia for an attacker to try them all.
583 @item The seed comes from a source that generates relatively strong random
584 data on your platform, so the seed itself will be as random as possible.
585 @end enumerate\n")
586 (license license:artistic2.0)))
587
588 (define-public crypto++
589 (package
590 (name "crypto++")
591 (version "8.0.0")
592 (source (origin
593 (method url-fetch/zipbomb)
594 (uri (string-append "https://cryptopp.com/cryptopp"
595 (string-join (string-split version #\.) "")
596 ".zip"))
597 (sha256
598 (base32
599 "0b5qrsm4jhy4nzxgrm13nixhvbswr242plx1jw6r4sw492rqkzdv"))))
600 (build-system gnu-build-system)
601 (arguments
602 `(#:make-flags
603 (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
604 ;; Override "/sbin/ldconfig" with simply "echo" since
605 ;; we don't need ldconfig(8).
606 "LDCONF=echo")
607 #:phases
608 (modify-phases %standard-phases
609 (add-after 'unpack 'disable-native-optimisation
610 ;; This package installs more than just headers. Ensure that the
611 ;; cryptest.exe binary & static library aren't CPU model specific.
612 (lambda _
613 (substitute* "GNUmakefile"
614 ((" -march=native") ""))
615 #t))
616 (delete 'configure)
617 (add-after 'build 'build-shared
618 (lambda _
619 ;; By default, only the static library is built.
620 (invoke "make" "shared")))
621 (add-after 'install 'install-pkg-config
622 (lambda* (#:key outputs #:allow-other-keys)
623 (let* ((out (assoc-ref outputs "out"))
624 (pkg-dir (string-append out "/lib/pkgconfig")))
625 (mkdir-p pkg-dir)
626 (with-output-to-file (string-append pkg-dir "/libcrypto++.pc")
627 (lambda _
628 (display
629 (string-append
630 "prefix=" out "\n"
631 "libdir=" out "/lib\n"
632 "includedir=" out "/include\n\n"
633 "Name: libcrypto++-" ,version "\n"
634 "Description: Class library of cryptographic schemes"
635 "Version: " ,version "\n"
636 "Libs: -L${libdir} -lcryptopp\n"
637 "Cflags: -I${includedir}\n"))))))))))
638 (native-inputs
639 `(("unzip" ,unzip)))
640 (home-page "https://cryptopp.com/")
641 (synopsis "C++ class library of cryptographic schemes")
642 (description "Crypto++ is a C++ class library of cryptographic schemes.")
643 ;; The compilation is distributed under the Boost license; the individual
644 ;; files in the compilation are in the public domain.
645 (license (list license:boost1.0 license:public-domain))))
646
647 (define-public libb2
648 (package
649 (name "libb2")
650 (version "0.98")
651 (source (origin
652 (method url-fetch)
653 (uri (string-append
654 "https://github.com/BLAKE2/libb2/releases/download/v"
655 version "/libb2-" version ".tar.gz"))
656 (sha256
657 (base32
658 "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8"))))
659 (build-system gnu-build-system)
660 (arguments
661 `(#:configure-flags
662 (list
663 ,@(if (any (cute string-prefix? <> (or (%current-system)
664 (%current-target-system)))
665 '("x86_64" "i686"))
666 ;; fat only checks for Intel optimisations
667 '("--enable-fat")
668 '())
669 "--disable-native"))) ;don't optimise at build time
670 (home-page "https://blake2.net/")
671 (synopsis "Library implementing the BLAKE2 family of hash functions")
672 (description
673 "libb2 is a portable implementation of the BLAKE2 family of cryptographic
674 hash functions. It includes optimised implementations for IA-32 and AMD64
675 processors, and an interface layer that automatically selects the best
676 implementation for the processor it is run on.
677
678 @dfn{BLAKE2} (RFC 7693) is a family of high-speed cryptographic hash functions
679 that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure
680 as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist
681 BLAKE.")
682 (license license:public-domain)))
683
684 (define-public rhash
685 (package
686 (name "rhash")
687 (version "1.3.6")
688 (source
689 (origin
690 (method url-fetch)
691 (uri (string-append "https://github.com/rhash/RHash/archive/v"
692 version ".tar.gz"))
693 (file-name (string-append name "-" version ".tar.gz"))
694 (sha256
695 (base32
696 "14ngzfgmd1lfp7m78sn49x8ymf2s37nrr67c6p5vas85nrrgjkcn"))))
697 (build-system gnu-build-system)
698 (arguments
699 `(#:make-flags
700 ;; The binaries in /bin need some help finding librhash.so.0.
701 (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
702 #:test-target "test" ; ‘make check’ just checks the sources
703 #:phases
704 (modify-phases %standard-phases
705 (replace 'configure
706 ;; ./configure is not GNU autotools' and doesn't gracefully handle
707 ;; unrecognized options, so we must call it manually.
708 (lambda* (#:key outputs #:allow-other-keys)
709 (invoke "./configure"
710 (string-append "--prefix=" (assoc-ref outputs "out")))))
711 (add-after 'install 'install-library-extras
712 (lambda* (#:key make-flags #:allow-other-keys)
713 (apply invoke
714 "make" "-C" "librhash"
715 "install-headers" "install-so-link"
716 make-flags))))))
717 (home-page "https://sourceforge.net/projects/rhash/")
718 (synopsis "Utility for computing hash sums")
719 (description "RHash is a console utility for calculation and verification
720 of magnet links and a wide range of hash sums like CRC32, MD4, MD5, SHA1,
721 SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R
722 34.11-94, RIPEMD-160, HAS-160, EDON-R, Whirlpool and Snefru.")
723 (license (license:non-copyleft "file://COPYING"))))
724
725 (define-public botan
726 (package
727 (name "botan")
728 (version "2.7.0")
729 (source (origin
730 (method url-fetch)
731 (uri (string-append "https://botan.randombit.net/releases/"
732 "Botan-" version ".tgz"))
733 (sha256
734 (base32
735 "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4"))))
736 (build-system gnu-build-system)
737 (arguments
738 '(#:phases
739 (modify-phases %standard-phases
740 (replace 'configure
741 (lambda* (#:key inputs outputs #:allow-other-keys)
742 (let* ((out (assoc-ref %outputs "out"))
743 (lib (string-append out "/lib")))
744 (invoke "python" "./configure.py"
745 (string-append "--prefix=" out)
746 ;; Otherwise, the `botan` executable cannot find
747 ;; libbotan.
748 (string-append "--ldflags=-Wl,-rpath=" lib)
749 "--with-rst2man"
750 ;; Recommended by upstream
751 "--with-zlib" "--with-bzip2" "--with-sqlite3"))))
752 (replace 'check
753 (lambda _ (invoke "./botan-test"))))))
754 (native-inputs
755 `(("python" ,python-minimal-wrapper)
756 ("python-docutils" ,python-docutils)))
757 (inputs
758 `(("sqlite" ,sqlite)
759 ("bzip2" ,bzip2)
760 ("zlib" ,zlib)))
761 (synopsis "Cryptographic library in C++11")
762 (description "Botan is a cryptography library, written in C++11, offering
763 the tools necessary to implement a range of practical systems, such as TLS/DTLS,
764 PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing,
765 and post-quantum crypto schemes. In addition to the C++, botan has a C89 API
766 specifically designed to be easy to call from other languages. A Python binding
767 using ctypes is included, and several other language bindings are available.")
768 (home-page "https://botan.randombit.net")
769 (license license:bsd-2)))
770
771 (define-public ccrypt
772 (package
773 (name "ccrypt")
774 (version "1.11")
775 (source (origin
776 (method url-fetch)
777 (uri (string-append "mirror://sourceforge/ccrypt/"
778 version "/ccrypt-" version ".tar.gz"))
779 (sha256
780 (base32
781 "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i"))))
782 (build-system gnu-build-system)
783 (home-page "http://ccrypt.sourceforge.net")
784 (synopsis "Command-line utility for encrypting and decrypting files and streams")
785 (description "@command{ccrypt} is a utility for encrypting and decrypting
786 files and streams. It was designed as a replacement for the standard unix
787 @command{crypt} utility, which is notorious for using a very weak encryption
788 algorithm. @command{ccrypt} is based on the Rijndael block cipher, a version of
789 which is also used in the Advanced Encryption Standard (AES, see
790 @url{http://www.nist.gov/aes}). This cipher is believed to provide very strong
791 security.")
792 (license license:gpl2)))
793
794 (define-public asignify
795 (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5")
796 (revision "0"))
797 (package
798 (name "asignify")
799 (version (git-version "1.1" revision commit))
800 (source (origin
801 (method git-fetch)
802 (uri (git-reference
803 (url "https://github.com/vstakhov/asignify.git")
804 (commit commit)))
805 (file-name (git-file-name name version))
806 (sha256
807 (base32
808 "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw"))))
809 (build-system gnu-build-system)
810 (arguments
811 `(#:configure-flags
812 (list "--enable-openssl"
813 (string-append "--with-openssl="
814 (assoc-ref %build-inputs "openssl")))))
815 (native-inputs
816 `(("autoconf" ,autoconf)
817 ("automake" ,automake)
818 ("libtool" ,libtool)))
819 (inputs
820 `(("openssl" ,openssl-next)))
821 (home-page "https://github.com/vstakhov/asignify")
822 (synopsis "Cryptographic authentication and encryption tool and library")
823 (description "Asignify offers public cryptographic signatures and
824 encryption with a library or a command-line tool. The tool is heavily inspired
825 by signify as used in OpenBSD. The main goal of this project is to define a
826 high level API for signing files, validating signatures and encrypting using
827 public-key cryptography. Asignify is designed to be portable and self-contained
828 with zero external dependencies. Asignify can verify OpenBSD signatures, but it
829 cannot sign messages in OpenBSD format yet.")
830 (license license:bsd-2))))
831
832 (define-public enchive
833 (package
834 (name "enchive")
835 (version "3.4")
836 (source (origin
837 (method url-fetch)
838 (uri (string-append "https://github.com/skeeto/" name "/archive/"
839 version ".tar.gz"))
840 (sha256
841 (base32
842 "17hrxpp4cpn10bk48sfvfjc8hghky34agsnypam1v9f36kbalqfk"))
843 (file-name (string-append name "-" version ".tar.gz"))))
844 (build-system gnu-build-system)
845 (arguments
846 '(#:tests? #f ; no check target '
847 #:make-flags (list "CC=gcc" "PREFIX=$(out)")
848 #:phases (modify-phases %standard-phases
849 (delete 'configure)
850 (add-after 'install 'post-install
851 (lambda _
852 (let* ((out (assoc-ref %outputs "out"))
853 (lisp (string-append out "/share/emacs/site-lisp")))
854 (install-file "enchive-mode.el" lisp)
855 #t))))))
856 (synopsis "Encrypted personal archives")
857 (description
858 "Enchive is a tool to encrypt files to yourself for long-term
859 archival. It's a focused, simple alternative to more complex solutions such as
860 GnuPG or encrypted filesystems. Enchive has no external dependencies and is
861 trivial to build for local use. Portability is emphasized over performance.")
862 (home-page "https://github.com/skeeto/enchive")
863 (license license:unlicense)))
864
865 (define-public libsecp256k1
866 (let ((commit "e34ceb333b1c0e6f4115ecbb80c632ac1042fa49"))
867 (package
868 (name "libsecp256k1")
869 (version (git-version "20181126" "1" commit))
870 (source (origin
871 (method git-fetch)
872 (uri (git-reference
873 (url "https://github.com/bitcoin-core/secp256k1")
874 (commit commit)))
875 (sha256
876 (base32
877 "0as78s179hcr3ysk3fw98k5wzabgnwri7vkkc17wg31lyz6ids6c"))
878 (file-name (git-file-name name version))))
879 (build-system gnu-build-system)
880 (native-inputs
881 `(("autoconf" ,autoconf)
882 ("automake" ,automake)
883 ("libtool" ,libtool)))
884 ;; WARNING: This package might need additional configure flags to run properly.
885 ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/libsecp256k1.
886 (synopsis "C library for EC operations on curve secp256k1")
887 (description
888 "Optimized C library for EC operations on curve secp256k1.
889
890 This library is a work in progress and is being used to research best
891 practices. Use at your own risk.
892
893 Features:
894
895 @itemize
896 @item secp256k1 ECDSA signing/verification and key generation.
897 @item Adding/multiplying private/public keys.
898 @item Serialization/parsing of private keys, public keys, signatures.
899 @item Constant time, constant memory access signing and pubkey generation.
900 @item Derandomized DSA (via RFC6979 or with a caller provided function.)
901 @item Very efficient implementation.
902 @end itemize\n")
903 (home-page "https://github.com/bitcoin-core/secp256k1")
904 (license license:unlicense))))
jackhill's copy of GNU Guix: https://guix.gnu.org/