test(rsa): cover mismatch variant identity and JWKS embed#734
Conversation
`uselesskey-rsa` had a `tests/mutant_killers.rs` pinning the `rs256()` case of `stable_bytes()` but not the bit-size axis itself, and the cache domain `DOMAIN_RSA_KEYPAIR` was not pinned anywhere. Both feed into deterministic cache identity, so a silent change would invalidate every cached and deterministic RSA fixture downstream without warning. Adds `tests/rsa_extra_coverage.rs` (tests-only) matching the existing pattern in `uselesskey-hmac`, `uselesskey-ed25519`, `uselesskey-entropy`, and `uselesskey-jwk`: - `domain_constant_is_stable` — pins `DOMAIN_RSA_KEYPAIR` value. - `stable_bytes_encodes_each_bit_size_as_be_u32` — pins the big-endian-u32 encoding across 2048/3072/4096. - `stable_bytes_clamps_oversized_bit_count_to_u32_max` — pins the `u32::try_from(...).unwrap_or(u32::MAX)` clamp behaviour. - `new_preserves_supplied_bits_without_clamping_in_struct` — pins that the clamp lives at encoding time, not at construction time. - `rs256_and_new_2048_agree_on_stable_bytes` / `rs256_and_new_2048_compare_equal` — pins the rs256/new(2048) equivalence. Adds `uselesskey-test-support` as a dev-dep so the file can use `TestResult`/`ensure_eq!` and route loop assertions through panic-free helpers.
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Replaces the derive/shape pins flagged in #735 with behavioural tests focused on fixture invariants, mirroring the structure that landed in #738 for ECDSA: - Mismatched public key is deterministic across separate factories (not just stable within one factory's cache). - Repeated mismatch calls return identical bytes — pins that the `"mismatch"` variant is cached, not regenerated per call. - Distinct labels produce distinct mismatched keys — variant entropy flows through `label`, the variant string itself is shared. - Mismatched key differs from the keypair's own public key. - Mismatched SPKI parses as an RSA public key — kills a hypothetical "swap key type" mutant on the variant load path. - JWK `n`/`e`/`d` are emitted with base64url no-padding. - JWKS-embedded `kid` matches the standalone `kid()` accessor. - JWKS public entry preserves `kty`/`use`/`alg` and omits `d`. - `DOMAIN_RSA_KEYPAIR` pin is retained (also pinned in #738) since changing it silently re-keys every cached and deterministic RSA fixture downstream. `rsa` 0.10 RC is already in the dep tree via the existing `uselesskey-rsa` crate, so the new `RsaPublicKey::from_public_key_der` import does not add any island.
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Summary
Pivots this PR away from derive/shape pins (the pattern the maintainer flagged on the parallel ECDSA PR #735) toward behavioural fixture contracts, mirroring what landed in #738.
Tests-only — no production code changes.
Behavioural pins
mismatched_public_key_is_deterministic_across_factories— bytes are stable across separate factories, not just within one factory's cache.repeated_mismatch_calls_return_identical_bytes— pins that the"mismatch"variant is cached, not regenerated per call.distinct_labels_produce_distinct_mismatched_keys— variant entropy flows throughlabel; the variant string itself is shared.mismatched_key_is_different_from_original_public_key— pins the negative-fixture contract on the keypair's own SPKI.mismatched_key_parses_as_rsa_spki— kills a hypothetical "swap key type" mutant on the variant load path by parsing the mismatched SPKI through thersacrate.jwk_components_have_no_base64_padding—n/e/duse base64url no-pad.jwks_embedded_kid_matches_standalone_kid— kid stays consistent between the standalonekid()accessor and the JWKS-wrapped form.jwks_public_entry_preserves_metadata_and_omits_private_d—kty/use/algsurvive,dis absent.domain_rsa_keypair_constant_is_pinned— retained because the same pin landed in test(ecdsa): cover mismatch variant identity and JWKS embed #738 for ECDSA.The
rsa0.10 RC is already inuselesskey-rsa's dep tree, so the newRsaPublicKey::from_public_key_derimport does not introduce a new island.Test plan
cargo test -p uselesskey-rsa --test rsa_extra_coverage --features=jwk --release— all 9 tests passcargo clippy -p uselesskey-rsa --all-targets --all-features -- -D warningscleancargo clippy -p uselesskey-rsa --all-targets -- -D warningsclean (no jwk)cargo fmt -p uselesskey-rsacleanGenerated by Claude Code