1 files changed, 74 insertions, 16 deletions

diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index b294613a5b..ca9d24b24f 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -74,7 +74,7 @@
        (method git-fetch)
        (uri
         (git-reference
-         (url "https://github.com/python-otr/pure-python-otr.git")
+         (url "https://github.com/python-otr/pure-python-otr")
          (commit version)))
        (file-name
         (git-file-name name version))
@@ -989,26 +989,34 @@ protocol (Javascript Object Signing and Encryption).")
 (define-public python-pycryptodome
   (package
     (name "python-pycryptodome")
-    (version "3.7.3")
+    (version "3.9.9")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pycryptodome" version))
        (sha256
         (base32
-         "0dh6ky5ngxayyn5f6n7gdamjl49g3khz6pdx9sdnag1zwi8248hs"))))
+         "1i4m74f88qj9ci8rpyzrbk2slmsdj5ipmwdkq6qk24byalm203li"))))
     (build-system python-build-system)
     (home-page "https://www.pycryptodome.org")
-    (synopsis "Cryptographic library for Python")
-    (description "This package provides a cryptographic library for Python.
+    (synopsis "Low-level cryptographic Python library")
+    (description
+     "PyCryptodome is a self-contained Python package of low-level
+cryptographic primitives.  It's not a wrapper to a separate C library like
+OpenSSL.  To the largest possible extent, algorithms are implemented in pure
+Python.  Only the pieces that are extremely critical to performance (e.g.,
+block ciphers) are implemented as C extensions.
+
+You are expected to have a solid understanding of cryptography and security
+engineering to successfully use these primitives.  You must also be able to
+recognize that some are obsolete (e.g., TDES) or even insecure (RC4).
 
-It brings the following enhancements with respect to the last official version
-of PyCrypto:
+It provides many enhancements over the last release of PyCrypto (2.6.1):
 
 @itemize
 @item Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
 @item Accelerated AES on Intel platforms via AES-NI
-@item First class support for PyPy
+@item First-class support for PyPy
 @item Elliptic curves cryptography (NIST P-256 curve only)
 @item Better and more compact API (nonce and iv attributes for ciphers,
 automatic generation of random nonces and IVs, simplified CTR cipher mode, and
@@ -1022,13 +1030,63 @@ more)
 @item Random numbers get sourced directly from the OS (and not from a CSPRNG
 in userspace)
 @item Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
-@item Major clean ups and simplification of the code base
-@end itemize\n")
-    (license license:bsd-2)))
+@item Major clean-ups and simplification of the code base
+@end itemize
+
+This package provides drop-in compatibility with PyCrypto.  It is one of two
+PyCryptodome variants, the other being python-pycryptodomex.")
+    (license (list license:bsd-2
+                   license:public-domain)))) ; code inherited from PyCrypto
 
 (define-public python2-pycryptodome
   (package-with-python2 python-pycryptodome))
 
+(define-public python-pycryptodomex
+  (package (inherit python-pycryptodome)
+    (name "python-pycryptodomex")
+    (version (package-version python-pycryptodome))
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pycryptodomex" version))
+       (sha256
+        (base32 "0lbx4qk3xmwqiidhmkj8qa7bh2lf8bwzg0xjpsh2w5zqjrc7qnvv"))))
+    (description
+     "PyCryptodome is a self-contained Python package of low-level
+cryptographic primitives.  It's not a wrapper to a separate C library like
+OpenSSL.  To the largest possible extent, algorithms are implemented in pure
+Python.  Only the pieces that are extremely critical to performance (e.g.,
+block ciphers) are implemented as C extensions.
+
+You are expected to have a solid understanding of cryptography and security
+engineering to successfully use these primitives.  You must also be able to
+recognize that some are obsolete (e.g., TDES) or even insecure (RC4).
+
+It provides many enhancements over the last release of PyCrypto (2.6.1):
+
+@itemize
+@item Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
+@item Accelerated AES on Intel platforms via AES-NI
+@item First-class support for PyPy
+@item Elliptic curves cryptography (NIST P-256 curve only)
+@item Better and more compact API (nonce and iv attributes for ciphers,
+automatic generation of random nonces and IVs, simplified CTR cipher mode, and
+more)
+@item SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
+@item Salsa20 and ChaCha20 stream ciphers
+@item scrypt and HKDF
+@item Deterministic (EC)DSA
+@item Password-protected PKCS#8 key containers
+@item Shamir’s Secret Sharing scheme
+@item Random numbers get sourced directly from the OS (and not from a CSPRNG
+in userspace)
+@item Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
+@item Major clean-ups and simplification of the code base
+@end itemize
+
+PyCryptodomex is the stand-alone version of PyCryptodome that no longer
+provides drop-in compatibility with PyCrypto.")))
+
 (define-public python-m2crypto
   (package
     (name "python-m2crypto")
@@ -1064,7 +1122,7 @@ through the Engine interface.")
 (define-public python-pykeepass
   (package
     (name "python-pykeepass")
-    (version "3.2.0")
+    (version "3.2.1")
     (source
      (origin
        (method git-fetch)
@@ -1074,7 +1132,7 @@ through the Engine interface.")
              (commit version)))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1wxbfpy7467mlnfsvmh685fhfnq4fki9y7yc9cylp30r5n3hisaj"))))
+        (base32 "1symxf4ahylynihnp9z4z3lh2vy65ipvg8s4hjrnn936hcaaxghk"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -1098,7 +1156,7 @@ through the Engine interface.")
        ("python-dateutil" ,python-dateutil)
        ("python-future" ,python-future)
        ("python-lxml" ,python-lxml)
-       ("python-pycryptodome" ,python-pycryptodome)))
+       ("python-pycryptodomex" ,python-pycryptodomex)))
     (home-page "https://github.com/libkeepass/pykeepass")
     (synopsis "Python library to interact with keepass databases")
     (description
@@ -1184,13 +1242,13 @@ been constructed to maintain extensive documentation on how to use
 (define-public python-pyotp
   (package
     (name "python-pyotp")
-    (version "2.4.0")
+    (version "2.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyotp" version))
        (sha256
-        (base32 "0a1dx07y785xyl70h0vj6vssg13qfx11w04d0gz8h48qffsymv01"))))
+        (base32 "0jsqfmx9i7j8z81r4zazv76xzy1fcq8v9s2r4kvx7ajfndq3z2h3"))))
     (build-system python-build-system)
     (home-page "https://github.com/pyauth/pyotp")
     (synopsis "Python One Time Password Library")