Import spiped-1.3.1 as security/spiped.

spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
encrypted and authenticated pipes between socket addresses, so that one may
connect to one address (e.g., a UNIX socket on localhost) and transparently
have a connection established to another address (e.g., a UNIX socket on a
different system).  This is similar to 'ssh -L' functionality, but does not
use SSH and requires a pre-shared symmetric key.

Note that spiped:
1. Requires a strong key file: The file specified via the -k option should
have at least 256 bits of entropy.  ('dd if=/dev/urandom bs=32 count=1' is
your friend.)
2. Does not provide any protection against information leakage via packet
timing: Running telnet over spiped will protect a password from being directly
read from the network, but will not obscure the typing rhythm.
3. Can significantly increase bandwidth usage for interactive sessions: It
sends data in packets of 1024 bytes, and pads smaller messages up to this
length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
coalesced with adjacent bytes.
4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
also able to impersonate it.

4 files changed, 49 insertions, 0 deletions

diff --git a/security/spiped/DESCR b/security/spiped/DESCR
new file mode 100644
index 00000000000..edfcae81a7c
--- /dev/null
+++ b/security/spiped/DESCR
@@ -0,0 +1,20 @@
+spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
+encrypted and authenticated pipes between socket addresses, so that one may
+connect to one address (e.g., a UNIX socket on localhost) and transparently
+have a connection established to another address (e.g., a UNIX socket on a
+different system).  This is similar to 'ssh -L' functionality, but does not
+use SSH and requires a pre-shared symmetric key.
+
+Note that spiped:
+1. Requires a strong key file: The file specified via the -k option should
+have at least 256 bits of entropy.  ('dd if=/dev/urandom bs=32 count=1' is
+your friend.)
+2. Does not provide any protection against information leakage via packet
+timing: Running telnet over spiped will protect a password from being directly
+read from the network, but will not obscure the typing rhythm.
+3. Can significantly increase bandwidth usage for interactive sessions: It
+sends data in packets of 1024 bytes, and pads smaller messages up to this
+length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
+coalesced with adjacent bytes.
+4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
+also able to impersonate it.
diff --git a/security/spiped/Makefile b/security/spiped/Makefile
new file mode 100644
index 00000000000..5f8001cedc4
--- /dev/null
+++ b/security/spiped/Makefile
@@ -0,0 +1,20 @@
+# $NetBSD: Makefile,v 1.1 2014/04/18 21:31:26 wiz Exp $
+
+DISTNAME=	spiped-1.3.1
+CATEGORIES=	net security
+MASTER_SITES=	http://www.tarsnap.com/spiped/
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	http://www.tarsnap.com/spiped/
+COMMENT=	Tool for creating symmetrically encrypted and authenticated pipes
+LICENSE=	2-clause-bsd
+
+MAKE_FLAGS+=	BINDIR=${DESTDIR}${PREFIX}/bin
+
+INSTALLATION_DIRS=	share/doc/spiped
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/share/doc/spiped
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/spiped/PLIST b/security/spiped/PLIST
new file mode 100644
index 00000000000..c0ca1adcf7e
--- /dev/null
+++ b/security/spiped/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1 2014/04/18 21:31:26 wiz Exp $
+bin/spipe
+bin/spiped
+share/doc/spiped/README
diff --git a/security/spiped/distinfo b/security/spiped/distinfo
new file mode 100644
index 00000000000..eda1304da3c
--- /dev/null
+++ b/security/spiped/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2014/04/18 21:31:26 wiz Exp $
+
+SHA1 (spiped-1.3.1.tgz) = 3151caaad24a48c0a1b22e6000ece5b74942859f
+RMD160 (spiped-1.3.1.tgz) = 4748c60c1d7d82ee5cd7004faf0a9bfb75410fcb
+Size (spiped-1.3.1.tgz) = 59362 bytes