From edbc14b86505701d2907203b24a36e0838c0c0ba Mon Sep 17 00:00:00 2001
From: Sylvain Pelissier <sylvain.pelissier@gmail.com>
Date: Sun, 10 Nov 2024 21:23:34 +0100
Subject: [PATCH] Add ssl builds in the CI and add the SipHash SSL plugin
 ##crypto

---
 .github/workflows/build.yml |  9 ++++++-
 libr/crypto/hash/deps.mk    |  9 ++++---
 libr/crypto/hash/sip_ssl.c  | 50 +++++++++++++++++++++++++++++++++++++
 libr/crypto/hash/state.c    | 37 +++------------------------
 4 files changed, 68 insertions(+), 37 deletions(-)
 create mode 100644 libr/crypto/hash/sip_ssl.c

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 668e86932ee62..948af3a915350 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -43,7 +43,14 @@ jobs:
           cp -f dist/plugins-cfg/plugins.cs6.cfg plugins.cfg
           ./configure-plugins
           sys/install.sh --with-capstone-next
-
+  linux-ssl-crypto:
+    runs-on: ubuntu-24.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Installing with ssl crypto
+      run: |
+          sys/install.sh --with-ssl-crypto
   # Source Tarballs
   tarball:
     runs-on: ubuntu-20.04
diff --git a/libr/crypto/hash/deps.mk b/libr/crypto/hash/deps.mk
index e5986b17d52ce..0a723c924ab10 100644
--- a/libr/crypto/hash/deps.mk
+++ b/libr/crypto/hash/deps.mk
@@ -1,14 +1,17 @@
 
-OBJS+=hash/state.o hash/hash.o hash/hamdist.o hash/crca.o hash/fletcher.o hash/sip.o
+OBJS+=hash/state.o hash/hash.o hash/hamdist.o hash/crca.o hash/fletcher.o
 OBJS+=hash/entropy.o hash/hcalc.o hash/adler32.o hash/luhn.o hash/ssdeep.o
 
 ifeq ($(WANT_SSL_CRYPTO),1)
 CFLAGS+=${SSL_CFLAGS}
 LDFLAGS+=${SSL_LDFLAGS}
+LDFLAGS+=-lcrypto
 LINK+=${SSL_LDFLAGS}
-#else
-# OBJS+=hash/md4.o hash/md5.o hash/sha1.o hash/sha2.o
+OBJS+=hash/sip_ssl.o
+else
+OBJS+=hash/sip.o
 endif
+
 OBJS+=hash/md4.o hash/md5.o hash/sha1.o hash/sha2.o
 
 ifeq ($(USE_LIB_XXHASH),1)
diff --git a/libr/crypto/hash/sip_ssl.c b/libr/crypto/hash/sip_ssl.c
new file mode 100644
index 0000000000000..f77f35855e401
--- /dev/null
+++ b/libr/crypto/hash/sip_ssl.c
@@ -0,0 +1,50 @@
+/* radare2 - LGPL - Copyright 2024 - Sylvain Pelissier */
+
+#include <r_hash.h>
+#include <openssl/evp.h>
+
+#define SIPHASH_KEY_SIZE  16
+#define SIPHASH_HASH_SIZE 8
+
+R_API ut64 r_hash_sip(const ut8 *in, ut64 inlen) {
+	OSSL_PARAM params[2];
+
+	/* 	SipHash-2-4 using the key:
+		0xb5d4c9eb79104a796fec8b1b428781d4 (big-endian)
+	*/
+	unsigned char key[SIPHASH_KEY_SIZE] = { 0xb5, 0xd4, 0xc9, 0xeb, 0x79, 0x10, 0x4a, 0x79, 0x6f, 0xec, 0x8b, 0x1b, 0x42, 0x87, 0x81, 0xd4 };
+	unsigned char hash[SIPHASH_HASH_SIZE];
+	size_t hash_len;
+
+	// OpenSSL context initialization
+	EVP_MAC *md = EVP_MAC_fetch (NULL, "SIPHASH", NULL);
+	if (!md) {
+		R_LOG_ERROR ("EVP_MAC_fetch failed");
+	}
+	EVP_MAC_CTX *ctx = EVP_MAC_CTX_new (md);
+	if (!ctx) {
+		R_LOG_ERROR ("EVP_MAC_CTX_new failed");
+	}
+	// Parameters
+	size_t size = SIPHASH_HASH_SIZE;
+	params[0] = OSSL_PARAM_construct_size_t ("size", &size);
+	params[1] = OSSL_PARAM_construct_end ();
+
+	// Hash
+	if (!EVP_MAC_init (ctx, key, SIPHASH_KEY_SIZE, params)) {
+		R_LOG_ERROR ("EVP_MAC_init failed");
+	}
+
+	if (!EVP_MAC_update (ctx, in, inlen)) {
+		R_LOG_ERROR ("EVP_MAC_update failed");
+	}
+
+	if (!EVP_MAC_final (ctx, hash, &hash_len, SIPHASH_HASH_SIZE)) {
+		R_LOG_ERROR ("EVP_MAC_final failed");
+	}
+
+	// Cleanup
+	EVP_MAC_CTX_free (ctx);
+
+	return r_read_le64 (hash);
+}
diff --git a/libr/crypto/hash/state.c b/libr/crypto/hash/state.c
index 1c82fec410e14..ae11d1b9e0603 100644
--- a/libr/crypto/hash/state.c
+++ b/libr/crypto/hash/state.c
@@ -3,39 +3,10 @@
 #include <r_hash.h>
 #include <r_util.h>
 
-#  include "md4.h"
-
-#if WANT_SSL_CRYPTO
-#  include <openssl/md4.h>
-#  include <openssl/md5.h>
-#  include <openssl/sha.h>
-
-#  define R_SHA256_BLOCK_LENGTH SHA256_BLOCK_LENGTH
-
-#  define r_sha1_init           SHA1_Init
-#  define r_sha1_update         SHA1_Update
-#  define r_sha1_final          SHA1_Final
-
-#  define r_sha256_init         SHA256_Init
-#  define r_sha256_update       SHA256_Update
-#  define r_sha256_final        SHA256_Final
-
-#  define r_sha384_init         SHA384_Init
-#  define r_sha384_update       SHA384_Update
-#  define r_sha384_final        SHA384_Final
-
-#  define r_sha512_init         SHA512_Init
-#  define r_sha512_update       SHA512_Update
-#  define r_sha512_final        SHA512_Final
-
-#  define r_hash_md5_init       MD5_Init
-#  define r_hash_md5_update     MD5_Update
-#  define r_hash_md5_final      MD5_Final
-#else
-#  include "md5.h"
-#  include "sha1.h"
-#  include "sha2.h"
-#endif
+#include "md4.h"
+#include "md5.h"
+#include "sha1.h"
+#include "sha2.h"
 
 #define CHKFLAG(x) if (!flags || flags & (x))