Merge loops/fed-prims into architecture: fed-sx host primitives (Phases A-I)

Pure-OCaml WASM-safe crypto/CID surface + native HTTP server: - crypto-sha256/sha512 (FIPS 180-4), crypto-sha3-256 (FIPS 202) - cbor-encode/decode (deterministic dag-cbor), cid-from-bytes/from-sx (CIDv1) - ed25519-verify (RFC 8032), rsa-sha256-verify (PKCS#1 v1.5, RFC 8017) - file-list-dir (native-safe), http-listen (native-only, bin/sx_server.ml) Unblocks Erlang Phase 8 BIFs (erlang-on-sx.md blocker -> RESOLVED). Merged: build green, 63 crypto tests pass, WASM boot OK, http test 6/6, Erlang conformance 715/715, no regression. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 21:33:01 +00:00
parent 77f17cc796 4548461bfc
commit 380bc69f94
13 changed files with 1926 additions and 2 deletions
--- a/hosts/ocaml/bin/run_tests.ml
+++ b/hosts/ocaml/bin/run_tests.ml
@@ -1292,6 +1292,227 @@ let run_foundation_tests () =
  ignore (Sx_types.set_lambda_name (Lambda l) "my-fn");
  assert_eq "lambda name mutated" (String "my-fn") (lambda_name (Lambda l));

+  Printf.printf "\nSuite: crypto-sha2\n";
+  (* NIST FIPS 180-4 published vectors. *)
+  assert_eq "sha256 empty"
+    (String "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
+    (call "crypto-sha256" [String ""]);
+  assert_eq "sha256 abc"
+    (String "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")
+    (call "crypto-sha256" [String "abc"]);
+  assert_eq "sha256 896-bit"
+    (String "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1")
+    (call "crypto-sha256"
+       [String "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"]);
+  assert_eq "sha256 1M 'a'"
+    (String "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0")
+    (call "crypto-sha256" [String (String.make 1000000 'a')]);
+  assert_eq "sha512 empty"
+    (String "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e")
+    (call "crypto-sha512" [String ""]);
+  assert_eq "sha512 abc"
+    (String "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f")
+    (call "crypto-sha512" [String "abc"]);
+  assert_eq "sha512 896-bit"
+    (String "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909")
+    (call "crypto-sha512"
+       [String ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+                ^ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")]);
+
+  Printf.printf "\nSuite: crypto-sha3\n";
+  (* NIST FIPS 202 published vectors. *)
+  assert_eq "sha3-256 empty"
+    (String "a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a")
+    (call "crypto-sha3-256" [String ""]);
+  assert_eq "sha3-256 abc"
+    (String "3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532")
+    (call "crypto-sha3-256" [String "abc"]);
+  assert_eq "sha3-256 896-bit"
+    (String "41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376")
+    (call "crypto-sha3-256"
+       [String "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"]);
+  (* 1600-bit message: 0xa3 * 200 — exercises multi-block absorb (>136B). *)
+  assert_eq "sha3-256 1600-bit 0xa3"
+    (String "79f38adec5c20307a98ef76e8324afbfd46cfd81b22e3973c65fa1bd9de31787")
+    (call "crypto-sha3-256" [String (String.make 200 '\xa3')]);
+
+  Printf.printf "\nSuite: dag-cbor\n";
+  let mkdict pairs =
+    let d = Sx_types.make_dict () in
+    List.iter (fun (k, v) -> Hashtbl.replace d k v) pairs;
+    Dict d
+  in
+  let enc v = call "cbor-encode" [v] in
+  (* RFC 8949 Appendix A — minimal-length deterministic encoding. *)
+  assert_eq "cbor 0"        (String "\x00") (enc (Integer 0));
+  assert_eq "cbor 23"       (String "\x17") (enc (Integer 23));
+  assert_eq "cbor 24"       (String "\x18\x18") (enc (Integer 24));
+  assert_eq "cbor 100"      (String "\x18\x64") (enc (Integer 100));
+  assert_eq "cbor 1000"     (String "\x19\x03\xe8") (enc (Integer 1000));
+  assert_eq "cbor 1000000"
+    (String "\x1a\x00\x0f\x42\x40") (enc (Integer 1000000));
+  assert_eq "cbor -1"       (String "\x20") (enc (Integer (-1)));
+  assert_eq "cbor -100"     (String "\x38\x63") (enc (Integer (-100)));
+  assert_eq "cbor -1000"    (String "\x39\x03\xe7") (enc (Integer (-1000)));
+  assert_eq "cbor false"    (String "\xf4") (enc (Bool false));
+  assert_eq "cbor true"     (String "\xf5") (enc (Bool true));
+  assert_eq "cbor null"     (String "\xf6") (enc Nil);
+  assert_eq "cbor \"\""     (String "\x60") (enc (String ""));
+  assert_eq "cbor \"a\""    (String "\x61\x61") (enc (String "a"));
+  assert_eq "cbor \"IETF\"" (String "\x64IETF") (enc (String "IETF"));
+  assert_eq "cbor []"       (String "\x80") (enc (List []));
+  assert_eq "cbor [1,2,3]"
+    (String "\x83\x01\x02\x03")
+    (enc (List [Integer 1; Integer 2; Integer 3]));
+  assert_eq "cbor [1,[2,3],[4,5]]"
+    (String "\x83\x01\x82\x02\x03\x82\x04\x05")
+    (enc (List [Integer 1;
+                List [Integer 2; Integer 3];
+                List [Integer 4; Integer 5]]));
+  assert_eq "cbor {}" (String "\xa0") (enc (mkdict []));
+  assert_eq "cbor {a:1,b:[2,3]}"
+    (String "\xa2\x61\x61\x01\x61\x62\x82\x02\x03")
+    (enc (mkdict ["a", Integer 1; "b", List [Integer 2; Integer 3]]));
+  assert_eq "cbor {a..e:A..E}"
+    (String "\xa5\x61\x61\x61\x41\x61\x62\x61\x42\x61\x63\x61\x43\x61\x64\x61\x44\x61\x65\x61\x45")
+    (enc (mkdict ["a", String "A"; "b", String "B"; "c", String "C";
+                  "d", String "D"; "e", String "E"]));
+  (* Determinism: insertion order + key length must not change bytes.
+     Sort is length-then-bytewise → a, c, bb. *)
+  let d1 = mkdict ["bb", Integer 2; "a", Integer 1; "c", Integer 3] in
+  let d2 = mkdict ["c", Integer 3; "bb", Integer 2; "a", Integer 1] in
+  assert_eq "cbor det order-invariant" (enc d1) (enc d2);
+  assert_eq "cbor det length-then-bytewise"
+    (String "\xa3\x61\x61\x01\x61\x63\x03\x62\x62\x62\x02")
+    (enc d1);
+  (* Round-trip: decode . encode = identity (structural). *)
+  let roundtrip name v =
+    assert_eq ("cbor rt " ^ name) v (call "cbor-decode" [enc v])
+  in
+  roundtrip "int" (Integer 42);
+  roundtrip "neg" (Integer (-99999));
+  roundtrip "str" (String "hello world");
+  roundtrip "bool" (Bool true);
+  roundtrip "nil" Nil;
+  roundtrip "nested"
+    (List [Integer 1; String "x"; List [Bool false; Nil]]);
+  roundtrip "dict"
+    (mkdict ["k", List [Integer 7]; "name", String "z"]);
+
+  Printf.printf "\nSuite: cid\n";
+  let mh_sha256 s = Sx_cid.multihash 0x12 (Sx_cid.unhex (Sx_sha2.sha256_hex s)) in
+  (* Authoritative vectors (independently derived; match well-known
+     IPFS CIDs). raw "abc" and raw "" — codec 0x55. *)
+  assert_eq "cid raw abc"
+    (String "bafkreif2pall7dybz7vecqka3zo24irdwabwdi4wc55jznaq75q7eaavvu")
+    (call "cid-from-bytes" [Integer 0x55; String (mh_sha256 "abc")]);
+  assert_eq "cid raw empty"
+    (String "bafkreihdwdcefgh4dqkjv67uzcmw7ojee6xedzdetojuzjevtenxquvyku")
+    (call "cid-from-bytes" [Integer 0x55; String (mh_sha256 "")]);
+  (* dag-cbor {} — canonical empty-map CID (sha2-256, codec 0x71). *)
+  assert_eq "cid dag-cbor {}"
+    (String "bafyreigbtj4x7ip5legnfznufuopl4sg4knzc2cof6duas4b3q2fy6swua")
+    (call "cid-from-sx" [mkdict []]);
+  (* Determinism: dict key insertion order must not change the CID. *)
+  let cda = call "cid-from-sx" [mkdict ["b", Integer 2; "a", Integer 1]] in
+  let cdb = call "cid-from-sx" [mkdict ["a", Integer 1; "b", Integer 2]] in
+  assert_eq "cid det order-invariant" cda cdb;
+  assert_true "cid multibase 'b' prefix"
+    (Bool (match call "cid-from-sx" [mkdict []] with
+           | String s -> String.length s > 1 && s.[0] = 'b'
+           | _ -> false));
+
+  Printf.printf "\nSuite: ed25519\n";
+  let hx = Sx_ed25519.unhex in
+  let edv pk msg sg = call "ed25519-verify"
+      [String (hx pk); String (hx msg); String (hx sg)] in
+  (* RFC 8032 §7.1 TEST 1-3 (deterministic; re-derived independently). *)
+  assert_eq "ed25519 RFC T1"
+    (Bool true)
+    (edv "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"
+         ""
+         "e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+  assert_eq "ed25519 RFC T2"
+    (Bool true)
+    (edv "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c"
+         "72"
+         "92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00");
+  assert_eq "ed25519 RFC T3"
+    (Bool true)
+    (edv "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025"
+         "af82"
+         "6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a");
+  (* Tampered message -> false. *)
+  assert_eq "ed25519 tampered msg"
+    (Bool false)
+    (edv "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025"
+         "af83"
+         "6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a");
+  (* Tampered signature -> false. *)
+  assert_eq "ed25519 tampered sig"
+    (Bool false)
+    (edv "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"
+         ""
+         "f5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+  (* Total: wrong-length pubkey / sig -> false, no exception. *)
+  assert_eq "ed25519 short pubkey"
+    (Bool false)
+    (call "ed25519-verify" [String "abc"; String ""; String (String.make 64 '\000')]);
+  assert_eq "ed25519 short sig"
+    (Bool false)
+    (call "ed25519-verify"
+       [String (hx "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
+        String ""; String "short"]);
+  assert_eq "ed25519 non-string args"
+    (Bool false)
+    (call "ed25519-verify" [Integer 1; Integer 2; Integer 3]);
+
+  Printf.printf "\nSuite: rsa-sha256\n";
+  (* Fixed RSA-2048 vector: one-off python-cryptography keygen +
+     PKCS1v15/SHA-256 sign of "fed-sx phase F rsa test". *)
+  let rhx = Sx_rsa.unhex in
+  let spki = rhx "30820122300d06092a864886f70d01010105000382010f003082010a0282010100a117b573480bce5a08b54a98384001df26d062e9173caaee2e3a2d0045c6d16f99b2a1e7fb60763f65f95f8c39ff82c18b8590338042914331db3440a06d2dbe65a2f82c82f37d293f67a8b57a1f9014b55150a093cfee90257ef3b4a215d5ab002579bd92b6fcb3536777d51b639347d01e307ddafb209073dd9b8d6a507157c44c624a19b3b9275931472462870ae02132630159132a85c1c889adfb358b6bbd3760ce3fffe6285964833a10ee436d5bc33dfab7f9ed630a74e9a32e5688f5a7797f7cc839ad2494dd1c4c4a8fab844cd26208794bf2602c16b9d12bde434066d8c0dd2d20489f4070f883bae2b4508ead4a1b80b44c576e9e37bdb5df69f10203010001" in
+  let rmsg = rhx "6665642d73782070686173652046207273612074657374" in
+  let rsig = rhx "5e1593d674ed15c0172546d38efdf1aebd252f4b0c0dfbe1f7996fd569d0bfd9f3e8689ea2b14aa45b5fc3f0a05d4f23c6b02b8820d71f6998ea3b5b0d071bb33142236e388b1226ece3ec447d33b38999f189c37564cf052cf038de94c67b2ddf9a97d5a73554bb88818f615824517209a4083258965adace55658f344104eaa0d5f2f44ea00cfac8754674aade87b40d955cccd1ccd9b7649a08b66ce3bc5dba2de96b3e859488ded3ef9fb3744a1e3495fd14841d8319b3cc08054c729d1c02739ee314eba2b20fac46e463f47eb67183d8455583eca73ba37448164612dd9cd77877135d30d12084c2843f986a5b8ad59c6600f9855b91d7cbdf7c6c4b0e" in
+  let rsav s m g = call "rsa-sha256-verify" [String s; String m; String g] in
+  assert_eq "rsa valid" (Bool true) (rsav spki rmsg rsig);
+  assert_eq "rsa tampered msg" (Bool false)
+    (rsav spki (rmsg ^ "x") rsig);
+  assert_eq "rsa tampered sig" (Bool false)
+    (rsav spki rmsg
+       (rhx "5f1593d674ed15c0172546d38efdf1aebd252f4b0c0dfbe1f7996fd569d0bfd9f3e8689ea2b14aa45b5fc3f0a05d4f23c6b02b8820d71f6998ea3b5b0d071bb33142236e388b1226ece3ec447d33b38999f189c37564cf052cf038de94c67b2ddf9a97d5a73554bb88818f615824517209a4083258965adace55658f344104eaa0d5f2f44ea00cfac8754674aade87b40d955cccd1ccd9b7649a08b66ce3bc5dba2de96b3e859488ded3ef9fb3744a1e3495fd14841d8319b3cc08054c729d1c02739ee314eba2b20fac46e463f47eb67183d8455583eca73ba37448164612dd9cd77877135d30d12084c2843f986a5b8ad59c6600f9855b91d7cbdf7c6c4b0e"));
+  assert_eq "rsa garbage spki" (Bool false)
+    (rsav "not der" rmsg rsig);
+  assert_eq "rsa non-string args" (Bool false)
+    (call "rsa-sha256-verify" [Integer 1; Integer 2; Integer 3]);
+
+  Printf.printf "\nSuite: file-list-dir\n";
+  let expect_err nm f =
+    (try ignore (f ());
+       incr fail_count; Printf.printf "  FAIL: %s — no error\n" nm
+     with Eval_error _ ->
+       incr pass_count; Printf.printf "  PASS: %s\n" nm
+        | _ ->
+       incr fail_count; Printf.printf "  FAIL: %s — wrong exn\n" nm)
+  in
+  let tmp = Filename.temp_file "fld" "" in
+  Sys.remove tmp; Unix.mkdir tmp 0o755;
+  let touch n = let oc = open_out (Filename.concat tmp n) in close_out oc in
+  touch "b.txt"; touch "a.txt"; touch "c.txt";
+  assert_eq "file-list-dir sorted"
+    (List [String "a.txt"; String "b.txt"; String "c.txt"])
+    (call "file-list-dir" [String tmp]);
+  expect_err "file-list-dir missing"
+    (fun () -> call "file-list-dir" [String (Filename.concat tmp "nope")]);
+  expect_err "file-list-dir not-a-dir"
+    (fun () -> call "file-list-dir" [String (Filename.concat tmp "a.txt")]);
+  expect_err "file-list-dir arity"
+    (fun () -> call "file-list-dir" []);
+  (* best-effort cleanup *)
+  (try List.iter (fun n -> Sys.remove (Filename.concat tmp n))
+         ["a.txt"; "b.txt"; "c.txt"]; Unix.rmdir tmp
+   with _ -> ());
+
  Printf.printf "\nSuite: vm-extension-dispatch\n";
  let make_bc op = ({
    vc_arity = 0; vc_rest_arity = -1; vc_locals = 0;