From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59873) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e63Xl-0004dQ-Fj for guix-patches@gnu.org; Sat, 21 Oct 2017 19:51:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e63Xi-0000L6-87 for guix-patches@gnu.org; Sat, 21 Oct 2017 19:51:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46083) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e63Xi-0000K7-2W for guix-patches@gnu.org; Sat, 21 Oct 2017 19:51:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e63Xh-0006RX-Nt for guix-patches@gnu.org; Sat, 21 Oct 2017 19:51:01 -0400 Subject: [bug#28934] ROCA detect Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59797) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e63X3-0004aW-DK for guix-patches@gnu.org; Sat, 21 Oct 2017 19:50:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e63X0-0006Oy-16 for guix-patches@gnu.org; Sat, 21 Oct 2017 19:50:21 -0400 Received: from aibo.runbox.com ([91.220.196.211]:39556) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e63Wz-00067l-18 for guix-patches@gnu.org; Sat, 21 Oct 2017 19:50:17 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1e63Wt-0005fk-R9 for guix-patches@gnu.org; Sun, 22 Oct 2017 01:50:11 +0200 Received: from 178-17-170-195.static.as43289.net ([178.17.170.195] helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1e63Wq-0002qW-5m for guix-patches@gnu.org; Sun, 22 Oct 2017 01:50:09 +0200 Date: Sat, 21 Oct 2017 23:49:01 +0000 From: ng0 Message-ID: <20171021234901.7bysdc2dx3jrours@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4q2pkdmuqq2hkdtu" Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 28934@debbugs.gnu.org --4q2pkdmuqq2hkdtu Content-Type: multipart/mixed; boundary="zrhpadrjuujo5lxx" Content-Disposition: inline --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Some python modules to add a tool to detect ROCA. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-Add-python-humanfriendly.patch" Content-Transfer-Encoding: quoted-printable =46rom 412e84ce5e2f03ab67c29d751667bfd7b53ef34a Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 22:46:06 +0000 Subject: [PATCH 1/6] gnu: Add python-humanfriendly. * gnu/packages/python.scm (python-humanfriendly): New variable. --- gnu/packages/python.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 0684090c3..b64bdeda6 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1099,6 +1099,33 @@ etc.). The package is structured to make adding new= modules easy.") "python" (package-inputs pycrypto))))))) =20 +(define-public python-humanfriendly + (package + (name "python-humanfriendly") + (version "4.4.1") + (source + (origin + (method url-fetch) + (uri (pypi-uri "humanfriendly" version)) + (sha256 + (base32 + "0pisgizjql86785jchfjv217g0lsgk114g2lja5j4y3lsc3b9szi")))) + (build-system python-build-system) + (arguments + `(; Tests depend on coloredlogs, which in turn depends on humanfriend= ly. + #:tests? #f)) + (propagated-inputs + `(("python-monotonic" ,python-monotonic))) + (home-page "https://humanfriendly.readthedocs.io") + (synopsis "Human friendly input and output in Python") + (description + "The functions and classes in the humanfriendly package can be used +to make text interfaces more user friendly.") + (license license:expat))) + +(define-public python2-humanfriendly + (package-with-python2 python-humanfriendly)) + (define-public python-eventlet (package (name "python-eventlet") --=20 2.14.2 --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-gnu-Add-python-capturer.patch" Content-Transfer-Encoding: quoted-printable =46rom 81e9157501ffa3e4f47498fe802702b3bf66004c Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 22:56:09 +0000 Subject: [PATCH 2/6] gnu: Add python-capturer. * gnu/packages/python.scm (python-capturer): New variable. --- gnu/packages/python.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index b64bdeda6..d6af5c0d6 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1126,6 +1126,34 @@ to make text interfaces more user friendly.") (define-public python2-humanfriendly (package-with-python2 python-humanfriendly)) =20 +(define-public python-capturer + (package + (name "python-capturer") + (version "2.4") + (source + (origin + (method url-fetch) + (uri (pypi-uri "capturer" version)) + (sha256 + (base32 + "05d6ji4j8ipiq0br7bwam38qc6hd9l1djmfxlzrxx19ziyjl4089")))) + (build-system python-build-system) + (arguments + `(#:tests? #f)) + (propagated-inputs + `(("python-humanfriendly" ,python-humanfriendly))) + (home-page "https://capturer.readthedocs.io") + (synopsis "Capture stdout and stderr streams of the current process") + (description + "The capturer package makes it easy to capture the stdout and stderr +streams of the current process and subprocesses. Output can be relayed +to the terminal in real time but is also available to the Python program +for additional processing.") + (license license:expat))) + +(define-public python2-capturer + (package-with-python2 python-capturer)) + (define-public python-eventlet (package (name "python-eventlet") --=20 2.14.2 --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-gnu-Add-python-verboselogs.patch" Content-Transfer-Encoding: quoted-printable =46rom 662d4fa2c40202cfeb2e1ce8918d23f3cc4469b2 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 23:12:17 +0000 Subject: [PATCH 3/6] gnu: Add python-verboselogs. * gnu/packages/python.scm (python-verboselogs): New variable. --- gnu/packages/python.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index d6af5c0d6..388d47d6d 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1154,6 +1154,32 @@ for additional processing.") (define-public python2-capturer (package-with-python2 python-capturer)) =20 +(define-public python-verboselogs + (package + (name "python-verboselogs") + (version "1.7") + (source + (origin + (method url-fetch) + (uri (pypi-uri "verboselogs" version)) + (sha256 + (base32 + "09z4d1jiasn7k1hs5af2ckmnrd0i1d1m04bhfjhv7z6svzfdwgg3")))) + (build-system python-build-system) + (native-inputs + `(("python-mock" ,python-mock) + ("python-astroid" ,python-astroid) + ("python-pylint" ,python-pylint))) + (home-page "https://verboselogs.readthedocs.io") + (synopsis "Verbose logging level for Python's logging module") + (description + "The verboselogs package extends Python's logging module to add the +log levels NOTICE, SPAM, SUCCESS and VERBOSE.") + (license license:expat))) + +(define-public python2-verboselogs + (package-with-python2 python-verboselogs)) + (define-public python-eventlet (package (name "python-eventlet") --=20 2.14.2 --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0004-gnu-Add-python-coloredlogs.patch" Content-Transfer-Encoding: quoted-printable =46rom 36170f8801dbb33d91626447ff3e69bf1ac31dca Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 23:29:17 +0000 Subject: [PATCH 4/6] gnu: Add python-coloredlogs. * gnu/packages/python.scm (python-coloredlogs): New variable. --- gnu/packages/python.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 388d47d6d..12b6f891f 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1180,6 +1180,35 @@ log levels NOTICE, SPAM, SUCCESS and VERBOSE.") (define-public python2-verboselogs (package-with-python2 python-verboselogs)) =20 +(define-public python-coloredlogs + (package + (name "python-coloredlogs") + (version "7.3") + (source + (origin + (method url-fetch) + (uri (pypi-uri "coloredlogs" version)) + (sha256 + (base32 + "1blcann6dyg5dhps9pg12rn0q0rjrlajpmmil0gy0j4cbvnl2il9")))) + (build-system python-build-system) + (arguments + `(;Tests require some updated modules + #:tests? #f)) + (propagated-inputs + `(("python-capturer" ,python-capturer))) + (home-page "https://coloredlogs.readthedocs.io") + (synopsis "Colored stream handler for Python's logging module") + (description + "The coloredlogs package enables colored terminal output for Python's +logging module. The ColoredFormatter class inherits from +logging.Formatter and uses ANSI escape sequences to render your logging +messages in color. It uses only standard colors.") + (license license:expat))) + +(define-public python2-coloredlogs + (package-with-python2 python-coloredlogs)) + (define-public python-eventlet (package (name "python-eventlet") --=20 2.14.2 --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0005-gnu-Add-python-pgpdump.patch" Content-Transfer-Encoding: quoted-printable =46rom 8ff7e30582a6d84b6c9bf56cd985ef9c04af9eaa Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 23:41:26 +0000 Subject: [PATCH 5/6] gnu: Add python-pgpdump. * gnu/packages/gnupg.scm (python-pgpdump): New variable. --- gnu/packages/gnupg.scm | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index ffad57ef5..9a6ff68f8 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -850,3 +850,34 @@ them to transform your existing public key into a secr= et key.") @uref{https://gnupg.org, GnuPG}. It can be used to encrypt, decrypt, and = sign files, to verify signatures, and to manage the private and public keys.") (license license:gpl3+))) + +(define-public python-pgpdump + (package + (name "python-pgpdump") + (version "1.5") + (source + (origin + (method url-fetch) + (uri (pypi-uri "pgpdump" version)) + (sha256 + (base32 + "0s4nh8h7qsdj2yf29bspjs1zvxd4lcd11r6g11dp7fppgf2h0iqw")))) + (build-system python-build-system) + (home-page "https://github.com/toofishes/python-pgpdump") + (synopsis "Python library for parsing PGP packets") + (description + "Python-pgpdump is based on the pgpdump +(http://www.mew.org/~kazu/proj/pgpdump/). Currently supported things +include: + +@enumerate +@item Signature packets +@item Public key packets +@item Secret key packets +@item Trust, user ID, and user attribute packets +@item ASCII-armor decoding and CRC check +@end enumerate\n") + (license license:bsd-3))) + +(define-public python2-pgpdump + (package-with-python2 python-pgpdump)) --=20 2.14.2 --zrhpadrjuujo5lxx Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0006-gnu-Add-python-roca-detect.patch" Content-Transfer-Encoding: quoted-printable =46rom ed8ec89c1bd898aa927ddca9c453bc6e950e61a3 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Sat, 21 Oct 2017 23:45:51 +0000 Subject: [PATCH 6/6] gnu: Add python-roca-detect. * gnu/packages/crypto.scm (python-roca-detect): New variable. --- gnu/packages/crypto.scm | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 549955d7b..bb0aa8063 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -632,3 +632,40 @@ data on your platform, so the seed itself will be as r= andom as possible. Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed.") (license license:asl2.0))) + +(define-public python-roca-detect + (package + (name "python-roca-detect") + (version "1.0.8") + (source + (origin + (method url-fetch) + (uri (pypi-uri "roca-detect" version)) + (sha256 + (base32 + "1di4akyw2lf5r8zfwvyhkilz8jv8g4b66rgaqwfabmjwma6gnw27")))) + (build-system python-build-system) + (native-inputs + ;; TODO: apk_parse_ph4, pyjks + `(("python2-dateutil" ,python2-dateutil) + ("python2-six" ,python2-six) + ("python2-cryptography" ,python2-cryptography) + ("python2-future" ,python2-future) + ("python2-coloredlogs" ,python2-coloredlogs) + ("python2-pgpdump" ,python2-pgpdump))) + (arguments + `(; Basic testing routine is quite simple and works with Py3 + ;; but the rest of the code that processes the different + ;; key formats and extracts the modulus for inspection is + ;; not yet fully py3 ready. + #:python ,python-2)) + (home-page "https://github.com/crocs-muni/roca") + (synopsis "ROCA detection tool") + (description + "This tool is related to the \"Return of the Coppersmith=E2=80=99s At= tack: Practical +Factorization of Widely Used RSA Moduli.\" paper. It enables you to test = public +RSA keys for a presence of the described vulnerability. Currently the tool +supports the following key formats: X509 Certificate (DER encoded, PEM enc= oded), +RSA PEM (encoded private key, public key), SSH public key, ASC encoded PGP= key, +APK android application, LDIFF file, and more.") + (license license:gpl3))) --=20 2.14.2 --zrhpadrjuujo5lxx-- --4q2pkdmuqq2hkdtu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlnr3O0ACgkQ4i+bv+40 hYipOg/+N6HcCoq0PUbl6/nG79Hwp5VSSnNsHedka2CTI0JgIgb/FjE89zExqKEj YociWjKDpI0EY5GNRTXo9Ri3OwTW9RRUYL7xR0yJb2W/XPyHnfrZwnaP5OLUOLjo EfTrofY5K/bNuKd4sUKz5guNqLTZpftES8Th+ClgQqHj4h5DvplhwMseR4Oq/0RW wUjRd516ibCLe5Em1O/gcxbKe2DHhz41SZuK6B1UzetcE3M5j/aFslNprayd+cA0 dzd1afgeiEnFCAaJRKQ0WbD0LiLJvf8rAMMi8GuAfYjXswjQ4TbxljfjWCCLwYW2 +rO3ObEaF/uiEIEZ8eGj0QbfKiEXt1vrYgyyyHvwMpI/+o+xwLb7mTq4PO7tYH3g i581337UlGf6+5DaLpuFxy4YV0FNzxSugCSCiKMt3AjF/DQ1MCmX8E5mq5m3L61f b66KWjTeT0QKd330GNXY6gEsx3YEjjzHRXw8Ftnxvp2ySXZF+PfBlH/KIG6okbbl U+/CM5g1JU5QJknooG3un8Co3psBNZNZ3GlK0bj6GnvpITmGe+FhbRN+CEps8xRu kQ+Q3qlb3E5BsLNZq3zAOPv4bqLS6t+lHimdv5ufoO79uEmD4Bwt78k3y94tOb67 xmGj/EaQNgl9Siwzd9skq5tGCXJo1uVNy5nRsoa3wkYSFmsGvs8= =I8Pm -----END PGP SIGNATURE----- --4q2pkdmuqq2hkdtu--