X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/e9997e471d71415790f57dd1337a1586d62f53aa..dddf975ffb95368b9561fe8e9ab582366dddc8f7:/gnu/packages/crypto.scm diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 3cdee2e07e..2c63e53191 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 David Thompson -;;; Copyright © 2015, 2017 Ricardo Wurmus +;;; Copyright © 2015, 2017, 2018 Ricardo Wurmus ;;; Copyright © 2016, 2017, 2018 Leo Famulari ;;; Copyright © 2016 Lukas Gradl ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice @@ -10,6 +10,9 @@ ;;; Copyright © 2018 Efraim Flashner ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2018 Nicolas Goaziou +;;; Copyright © 2018 Nicolò Balzarotti +;;; Copyright © 2018 Tim Gesthuizen +;;; Copyright © 2019 Pierre Neidhardt ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,10 +39,10 @@ #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages cryptsetup) - #:use-module (gnu packages databases) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages image) + #:use-module (gnu packages kerberos) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages linux) @@ -49,10 +52,12 @@ #:use-module (gnu packages perl-check) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) #:use-module (gnu packages readline) #:use-module (gnu packages search) #:use-module (gnu packages serialization) #:use-module (gnu packages shells) + #:use-module (gnu packages sqlite) #:use-module (gnu packages tcl) #:use-module (gnu packages tls) #:use-module (gnu packages xml) @@ -69,7 +74,7 @@ (define-public libsodium (package (name "libsodium") - (version "1.0.16") + (version "1.0.17") (source (origin (method url-fetch) (uri (list (string-append @@ -80,7 +85,7 @@ "releases/old/libsodium-" version ".tar.gz"))) (sha256 (base32 - "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf")))) + "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc")))) (build-system gnu-build-system) (synopsis "Portable NaCl-based crypto library") (description @@ -92,7 +97,7 @@ communication, encryption, decryption, signatures, etc.") (define-public libmd (package (name "libmd") - (version "1.0.0") + (version "1.0.1") (source (origin (method url-fetch) (uri @@ -103,7 +108,7 @@ communication, encryption, decryption, signatures, etc.") version ".tar.xz"))) (sha256 (base32 - "1iv45npzv0gncjgcpx5m081861zdqxw667ysghqb8721yrlyl6pj")))) + "0waclg2d5qin3r26gy5jvy4584ik60njc8pqbzwk0lzq3j9ynkp1")))) (build-system gnu-build-system) (synopsis "Message Digest functions from BSD systems") (description @@ -125,7 +130,7 @@ communication, encryption, decryption, signatures, etc.") (define-public signify (package (name "signify") - (version "23") + (version "24") (source (origin (method url-fetch) (uri (string-append "https://github.com/aperezdc/signify/" @@ -133,7 +138,7 @@ communication, encryption, decryption, signatures, etc.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0c70mzawgahsvmsv4xdrass4pgyynd67ipd9lij0fgi8wkq0ns8w")))) + "0594vyvkq176xxzaz9xbq8qs0xdnr8s9gkd1prblwpdvnzmw0xvc")))) (build-system gnu-build-system) ;; TODO Build with libwaive (described in README.md), to implement something ;; like OpenBSD's pledge(). @@ -162,60 +167,6 @@ OpenBSD tool of the same name.") "See base64.c in the distribution for the license from IBM."))))) - -(define-public opendht - (package - (name "opendht") - (version "0.6.1") - (source - (origin - (method url-fetch) - (uri - (string-append - "https://github.com/savoirfairelinux/" name - "/archive/" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (modules '((guix build utils))) - (snippet - '(begin - (delete-file-recursively "src/argon2") - (substitute* "src/Makefile.am" - (("./argon2/libargon2.la") "") - (("SUBDIRS = argon2") "")) - (substitute* "src/crypto.cpp" - (("argon2/argon2.h") "argon2.h")) - (substitute* "configure.ac" - (("src/argon2/Makefile") "")) - #t)) - (sha256 - (base32 - "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x")))) - (build-system gnu-build-system) - (inputs - `(("gnutls" ,gnutls) - ("nettle" ,nettle) - ("readline" ,readline) - ("argon2" ,argon2))) - (propagated-inputs - `(("msgpack" ,msgpack))) ;included in several installed headers - (native-inputs - `(("autoconf" ,autoconf) - ("pkg-config" ,pkg-config) - ("automake" ,automake) - ("libtool" ,libtool))) - (arguments - `(#:configure-flags '("--disable-tools" "--disable-python") - #:phases (modify-phases %standard-phases - (add-after 'unpack 'autoconf - (lambda _ - (zero? (system* "autoreconf" "-vfi"))))))) - (home-page "https://github.com/savoirfairelinux/opendht/") - (synopsis "Distributed Hash Table (DHT) library") - (description "OpenDHT is a Distributed Hash Table (DHT) library. It may -be used to manage peer-to-peer network connections as needed for real time -communication.") - (license license:gpl3))) - (define-public encfs (package (name "encfs") @@ -277,7 +228,7 @@ the wrong hands.") (define-public keyutils (package (name "keyutils") - (version "1.5.10") + (version "1.5.11") (source (origin (method url-fetch) @@ -286,9 +237,9 @@ the wrong hands.") version ".tar.bz2")) (sha256 (base32 - "1dmgjcf7mnwc6h72xkvpaqpzxw8vmlnsmzz0s27pg0giwzm3sp0i")) + "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i")) (modules '((guix build utils))) - ;; Create relative symbolic links instead of absolute ones to /lib/* + ;; Create relative symbolic links instead of absolute ones to /lib/*. (snippet '(begin (substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/") "$(LNS) ")) @@ -306,6 +257,8 @@ the wrong hands.") "MANDIR=/share/man" "SHAREDIR=/share/keyutils") #:test-target "test")) + (inputs + `(("mit-krb5" ,mit-krb5))) (home-page "https://people.redhat.com/dhowells/keyutils/") (synopsis "Linux key management utilities") (description @@ -523,7 +476,7 @@ attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") (native-inputs `(("perl-module-build" ,perl-module-build) ("perl-test-nowarnings" ,perl-test-nowarnings))) - (home-page "http://search.cpan.org/dist/Math-Random-ISAAC-XS") + (home-page "https://metacpan.org/release/Math-Random-ISAAC-XS") (synopsis "C implementation of the ISAAC PRNG algorithm") (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a fast pseudo-random number generator. It is suitable for applications where a @@ -551,7 +504,7 @@ This package implements the same interface as @code{Math::Random::ISAAC}.") `(("perl-test-nowarnings" ,perl-test-nowarnings))) (propagated-inputs `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs))) - (home-page "http://search.cpan.org/dist/Math-Random-ISAAC") + (home-page "https://metacpan.org/release/Math-Random-ISAAC") (synopsis "Perl interface to the ISAAC PRNG algorithm") (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a fast pseudo-random number generator. It is suitable for applications where a @@ -587,7 +540,7 @@ generator.") ("perl-namespace-clean" ,perl-namespace-clean) ("perl-sub-exporter" ,perl-sub-exporter) ("perl-type-tiny" ,perl-type-tiny))) - (home-page "http://search.cpan.org/dist/Crypt-Random-Source") + (home-page "https://metacpan.org/release/Crypt-Random-Source") (synopsis "Get weak or strong random data from pluggable sources") (description "This module provides implementations for a number of byte-oriented sources of random data.") @@ -616,7 +569,7 @@ byte-oriented sources of random data.") ("perl-math-random-isaac" ,perl-math-random-isaac) ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs) ("perl-moo" ,perl-moo))) - (home-page "http://search.cpan.org/dist/Math-Random-Secure") + (home-page "https://metacpan.org/release/Math-Random-Secure") (synopsis "Cryptographically secure replacement for rand()") (description "This module is intended to provide a cryptographically-secure replacement for Perl's built-in @code{rand} function. @@ -635,7 +588,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public crypto++ (package (name "crypto++") - (version "6.0.0") + (version "8.0.0") (source (origin (method url-fetch/zipbomb) (uri (string-append "https://cryptopp.com/cryptopp" @@ -643,11 +596,14 @@ data on your platform, so the seed itself will be as random as possible. ".zip")) (sha256 (base32 - "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34")))) + "0b5qrsm4jhy4nzxgrm13nixhvbswr242plx1jw6r4sw492rqkzdv")))) (build-system gnu-build-system) (arguments `(#:make-flags - (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) + (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + ;; Override "/sbin/ldconfig" with simply "echo" since + ;; we don't need ldconfig(8). + "LDCONF=echo") #:phases (modify-phases %standard-phases (add-after 'unpack 'disable-native-optimisation @@ -657,7 +613,28 @@ data on your platform, so the seed itself will be as random as possible. (substitute* "GNUmakefile" ((" -march=native") "")) #t)) - (delete 'configure)))) + (delete 'configure) + (add-after 'build 'build-shared + (lambda _ + ;; By default, only the static library is built. + (invoke "make" "shared"))) + (add-after 'install 'install-pkg-config + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (pkg-dir (string-append out "/lib/pkgconfig"))) + (mkdir-p pkg-dir) + (with-output-to-file (string-append pkg-dir "/libcrypto++.pc") + (lambda _ + (display + (string-append + "prefix=" out "\n" + "libdir=" out "/lib\n" + "includedir=" out "/include\n\n" + "Name: libcrypto++-" ,version "\n" + "Description: Class library of cryptographic schemes" + "Version: " ,version "\n" + "Libs: -L${libdir} -lcryptopp\n" + "Cflags: -I${includedir}\n")))))))))) (native-inputs `(("unzip" ,unzip))) (home-page "https://cryptopp.com/") @@ -790,3 +767,138 @@ specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.") (home-page "https://botan.randombit.net") (license license:bsd-2))) + +(define-public ccrypt + (package + (name "ccrypt") + (version "1.11") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/ccrypt/" + version "/ccrypt-" version ".tar.gz")) + (sha256 + (base32 + "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i")))) + (build-system gnu-build-system) + (home-page "http://ccrypt.sourceforge.net") + (synopsis "Command-line utility for encrypting and decrypting files and streams") + (description "@command{ccrypt} is a utility for encrypting and decrypting +files and streams. It was designed as a replacement for the standard unix +@command{crypt} utility, which is notorious for using a very weak encryption +algorithm. @command{ccrypt} is based on the Rijndael block cipher, a version of +which is also used in the Advanced Encryption Standard (AES, see +@url{http://www.nist.gov/aes}). This cipher is believed to provide very strong +security.") + (license license:gpl2))) + +(define-public asignify + (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5") + (revision "0")) + (package + (name "asignify") + (version (git-version "1.1" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/vstakhov/asignify.git") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--enable-openssl" + (string-append "--with-openssl=" + (assoc-ref %build-inputs "openssl"))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool))) + (inputs + `(("openssl" ,openssl-next))) + (home-page "https://github.com/vstakhov/asignify") + (synopsis "Cryptographic authentication and encryption tool and library") + (description "Asignify offers public cryptographic signatures and +encryption with a library or a command-line tool. The tool is heavily inspired +by signify as used in OpenBSD. The main goal of this project is to define a +high level API for signing files, validating signatures and encrypting using +public-key cryptography. Asignify is designed to be portable and self-contained +with zero external dependencies. Asignify can verify OpenBSD signatures, but it +cannot sign messages in OpenBSD format yet.") + (license license:bsd-2)))) + +(define-public enchive + (package + (name "enchive") + (version "3.4") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/skeeto/" name "/archive/" + version ".tar.gz")) + (sha256 + (base32 + "17hrxpp4cpn10bk48sfvfjc8hghky34agsnypam1v9f36kbalqfk")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no check target ' + #:make-flags (list "CC=gcc" "PREFIX=$(out)") + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after 'install 'post-install + (lambda _ + (let* ((out (assoc-ref %outputs "out")) + (lisp (string-append out "/share/emacs/site-lisp"))) + (install-file "enchive-mode.el" lisp) + #t)))))) + (synopsis "Encrypted personal archives") + (description + "Enchive is a tool to encrypt files to yourself for long-term +archival. It's a focused, simple alternative to more complex solutions such as +GnuPG or encrypted filesystems. Enchive has no external dependencies and is +trivial to build for local use. Portability is emphasized over performance.") + (home-page "https://github.com/skeeto/enchive") + (license license:unlicense))) + +(define-public libsecp256k1 + (let ((commit "e34ceb333b1c0e6f4115ecbb80c632ac1042fa49")) + (package + (name "libsecp256k1") + (version (git-version "20181126" "1" commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/bitcoin-core/secp256k1") + (commit commit))) + (sha256 + (base32 + "0as78s179hcr3ysk3fw98k5wzabgnwri7vkkc17wg31lyz6ids6c")) + (file-name (git-file-name name version)))) + (build-system gnu-build-system) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool))) + ;; WARNING: This package might need additional configure flags to run properly. + ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/libsecp256k1. + (synopsis "C library for EC operations on curve secp256k1") + (description + "Optimized C library for EC operations on curve secp256k1. + +This library is a work in progress and is being used to research best +practices. Use at your own risk. + +Features: + +@itemize +@item secp256k1 ECDSA signing/verification and key generation. +@item Adding/multiplying private/public keys. +@item Serialization/parsing of private keys, public keys, signatures. +@item Constant time, constant memory access signing and pubkey generation. +@item Derandomized DSA (via RFC6979 or with a caller provided function.) +@item Very efficient implementation. +@end itemize\n") + (home-page "https://github.com/bitcoin-core/secp256k1") + (license license:unlicense))))