giles
fce9e0c617
The kernel's sha2/cbor/cid/ed25519 modules were labelled 'WASM-safe' but assumed 63-bit native int. On the web targets — js_of_ocaml (32-bit int) and wasm_of_ocaml (31-bit int) — they truncated, producing wrong digests/CIDs and a Char.chr crash at kernel INIT (ed25519 precomputes sqrtm1 + base_point at module load, driving the base-2^26 bignum). This is why a freshly-built browser kernel crashed on boot while the stale committed artifact (older toolchain) still ran. Fixes (all verified bit-identical to the 63-bit native build, conformance 271/271): - sx_sha2: SHA-256 round words via Int32 (were native int + land 0xFFFFFFFF, which is a no-op on 31-bit and overflows the constants); both SHA-256/512 length-encoding via Int64 shifts (native "lsr 32" is shift-mod-32 on js, which leaked the length byte into a higher word). NIST vectors pass native/js/wasm. - sx_cbor: write_head width selection + byte emission via Int64 (the 0x100000000 literal truncated to 0 on js, sending small ints to the 8-byte branch; and "v lsr (8*i)" with i>=4 was shift-mod-32). - sx_cid: base32_lower keeps acc bounded to the unconsumed low bits (it grew 8 bits/byte and overflowed). cid_from_sx now matches native<->js exactly. - sx_ed25519: bignum mul accumulates in Int64 (26x26=52-bit products overflow); div_small running remainder in Int64 (rem<<26 ~= 2^34). This was the boot gate — the browser kernel now boots (SxKernel live, crypto-sha256 correct on js). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
9.3 KiB
9.3 KiB