constantine/tests/t_hash_sha256_vs_openssl.nim

import
  # Internals
  ../constantine/hashes,
  ../constantine/platforms/codecs,
  # Helpers
  ../helpers/prng_unsafe

# Deal with platform mess
# --------------------------------------------------------------------
when defined(windows):
  when sizeof(int) == 8:
    const DLLSSLName* = "(libssl-1_1-x64|ssleay64|libssl64).dll"
  else:
    const DLLSSLName* = "(libssl-1_1|ssleay32|libssl32).dll"
else:
  when defined(macosx):
    const versions = "(.1.1|.38|.39|.41|.43|.44|.45|.46|.47|.48|.10|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|)"
  else:
    const versions = "(.1.1|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|.48|.47|.46|.45|.44|.43|.41|.39|.38|.10|)"

  when defined(macosx):
    const DLLSSLName* = "libssl" & versions & ".dylib"
  elif defined(genode):
    const DLLSSLName* = "libssl.lib.so"
  else:
    const DLLSSLName* = "libssl.so" & versions

# OpenSSL wrapper
# --------------------------------------------------------------------

# OpenSSL removed direct use of their SHA256 function. https://github.com/openssl/openssl/commit/4d49b68504cc494e552bce8e0b82ec8b501d5abe
# It isn't accessible anymore in Windows CI on Github Action.
# But the new API isn't expose on Linux :/

# TODO: fix Windows
when not defined(windows):
  proc SHA256[T: byte|char](
        msg: openarray[T],
        digest: ptr array[32, byte] = nil
      ): ptr array[32, byte] {.cdecl, dynlib: DLLSSLName, importc.}

  # proc EVP_Q_digest[T: byte| char](
  #                 ossl_libctx: pointer,
  #                 algoName: cstring,
  #                 propq: cstring,
  #                 data: openArray[T],
  #                 digest: var array[32, byte],
  #                 size: ptr uint): int32 {.cdecl, dynlib: DLLSSLName, importc.}

  proc SHA256_OpenSSL[T: byte|char](
        digest: var array[32, byte],
        s: openarray[T]) =
    discard SHA256(s, digest.addr)
    # discard EVP_Q_digest(nil, "SHA256", nil, s, digest, nil)

# Test
# --------------------------------------------------------------------

echo "\n------------------------------------------------------\n"
const SmallSizeIters = 64
const LargeSizeIters =  1

proc sanityABC =
  var bufCt: array[32, byte]
  let msg = "abc"

  let hashed = array[32, byte].fromHex(
    "BA7816BF8F01CFEA414140DE5DAE2223" &
    "B00361A396177A9CB410FF61F20015AD")

  sha256.hash(bufCt, msg)

  doAssert bufCt == hashed

proc sanityABC2 =
  var bufCt: array[32, byte]
  let msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"

  let hashed = array[32, byte].fromHex(
    "248D6A61D20638B8E5C026930C3E6039" &
    "A33CE45964FF2167F6ECEDD419DB06C1")

  sha256.hash(bufCt, msg)

  doAssert bufCt == hashed

when not defined(windows):
  proc innerTest(rng: var RngState, sizeRange: Slice[int]) =
    let size = rng.random_unsafe(sizeRange)
    let msg = rng.random_byte_seq(size)

    var bufCt, bufOssl: array[32, byte]

    sha256.hash(bufCt, msg)
    SHA256_OpenSSL(bufOssl, msg)
    doAssert bufCt == bufOssl, "Test failed with message of length " & $size

proc chunkTest(rng: var RngState, sizeRange: Slice[int]) =
  let size = rng.random_unsafe(sizeRange)
  let msg = rng.random_byte_seq(size)

  let chunkSize = rng.random_unsafe(2 ..< 20)

  var bufOnePass: array[32, byte]
  sha256.hash(bufOnePass, msg)

  var bufChunked: array[32, byte]
  let maxChunk = max(2, sizeRange.b div 10) # Consume up to 10% at once

  var ctx: Sha256Context
  ctx.init()
  var cur = 0
  while size - cur > 0:
    let chunkSize = rng.random_unsafe(0 ..< maxChunk)
    let stop = min(cur+chunkSize-1, size-1)
    let consumed = stop-cur+1
    ctx.update(msg.toOpenArray(cur, stop))
    cur += consumed

  ctx.finish(bufChunked)

  doAssert bufOnePass == bufChunked

proc main() =
  echo "SHA256 - sanity checks"
  sanityABC()
  sanityABC2()

  echo "SHA256 - Starting differential testing vs OpenSSL"

  var rng: RngState
  rng.seed(0xFACADE)

  when not defined(windows):
    echo "SHA256 - 0 <= size < 64 - exhaustive"
    for i in 0 ..< 64:
      rng.innerTest(i .. i)
  else:
    echo "SHA256 - 0 <= size < 64 - exhaustive [SKIPPED]"

  echo "SHA256 - 0 <= size < 64 - exhaustive chunked"
  for i in 0 ..< 64:
    rng.chunkTest(i .. i)

  echo "SHA256 - 64 <= size < 1024B - chunked"
  for _ in 0 ..< SmallSizeIters:
    rng.chunkTest(0 ..< 1024)

  when not defined(windows):
    echo "SHA256 - 64 <= size < 1024B"
    for _ in 0 ..< SmallSizeIters:
      rng.innerTest(0 ..< 1024)

    echo "SHA256 - 1MB <= size < 50MB"
    for _ in 0 ..< LargeSizeIters:
      rng.innerTest(1_000_000 ..< 50_000_000)

    echo "SHA256 - Differential testing vs OpenSSL - SUCCESS"

  else:
    echo "SHA256 - Differential testing vs OpenSSL - [SKIPPED]"

main()