Skip to content

test(ecdsa): pin DOMAIN constant and EcdsaSpec derive invariants#735

Closed
EffortlessSteven wants to merge 1 commit into
mainfrom
claude/coverage-ecdsa-extra-coverage-E47b2
Closed

test(ecdsa): pin DOMAIN constant and EcdsaSpec derive invariants#735
EffortlessSteven wants to merge 1 commit into
mainfrom
claude/coverage-ecdsa-extra-coverage-E47b2

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

uselesskey-ecdsa already has a tests/mutant_killers.rs pinning the alg/curve/stable-byte tables, but DOMAIN_ECDSA_KEYPAIR was not pinned anywhere in the workspace and EcdsaSpec's Copy/Hash derives were only exercised through call-site convenience, never asserted.

Adds tests/ecdsa_extra_coverage.rs matching the established <crate>_extra_coverage.rs pattern from uselesskey-hmac, uselesskey-ed25519, uselesskey-entropy, and uselesskey-jwk. Tests-only — no production code changes.

Pins

  • domain_constant_is_stableDOMAIN_ECDSA_KEYPAIR == "uselesskey:ecdsa:keypair".
  • spec_is_copy_and_usable_after_move — pins Copy semantics so a future field addition that drops Copy fails compilation in tests rather than silently breaking call sites.
  • spec_participates_in_hash_collections — pins Hash/Eq integration with HashSet so deduplication continues to work.
  • constructor_and_variant_compare_equal — pins PartialEq round-trip between EcdsaSpec::es256()EcdsaSpec::Es256, etc.
  • coordinate_lengths_match_curve_bit_sizes_div_eight — pins the curve-size invariant the existing coordinate_len_exact only spot-checks as raw bytes.

Adds uselesskey-test-support as a dev-dep for consistency with the other extra_coverage files (no panic-family debt).

Test plan

  • cargo test -p uselesskey-ecdsa --test ecdsa_extra_coverage — all 5 new tests pass
  • cargo clippy -p uselesskey-ecdsa --all-targets --all-features -- -D warnings clean
  • cargo fmt -p uselesskey-ecdsa clean
  • CI green on PR

Generated by Claude Code

`uselesskey-ecdsa` already has a `tests/mutant_killers.rs` pinning the
alg/curve/stable-byte tables, but `DOMAIN_ECDSA_KEYPAIR` was not pinned
anywhere in the workspace and `EcdsaSpec`'s `Copy`/`Hash` derives were
only exercised through call-site convenience, not asserted.

Adds `tests/ecdsa_extra_coverage.rs` (tests-only) matching the existing
pattern in `uselesskey-hmac`, `uselesskey-ed25519`, `uselesskey-entropy`,
and `uselesskey-jwk`:

- `domain_constant_is_stable` — pins `DOMAIN_ECDSA_KEYPAIR` value.
- `spec_is_copy_and_usable_after_move` — pins `Copy` semantics so a
  future field addition that drops `Copy` fails compilation in tests
  rather than silently breaking call sites.
- `spec_participates_in_hash_collections` — pins `Hash`/`Eq` integration
  with `HashSet` so deduplication continues to work.
- `constructor_and_variant_compare_equal` — pins `PartialEq` round-trip
  between constructors and variants.
- `coordinate_lengths_match_curve_bit_sizes_div_eight` — pins the
  curve-size invariant the existing `coordinate_len_exact` only spot-
  checks as raw bytes.

Adds `uselesskey-test-support` as a dev-dep for consistency with the
other extra_coverage files (no `TestResult` returns required for these
small synchronous tests).
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 16, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 55 minutes and 36 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 01878b71-12e0-4d31-b077-197f5676e56c

📥 Commits

Reviewing files that changed from the base of the PR and between ac9aba2 and e812ff4.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • crates/uselesskey-ecdsa/Cargo.toml
  • crates/uselesskey-ecdsa/tests/ecdsa_extra_coverage.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/coverage-ecdsa-extra-coverage-E47b2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@EffortlessSteven

Copy link
Copy Markdown
Member Author

Closing as parked for this adoption-confidence pass. The useful ECDSA fixture-confidence surface is better covered by #738, while this draft mostly adds lower-value derive/domain-shape assertions that overlap existing coverage. Bring back a smaller focused slice if a specific ECDSA contract gap remains.

EffortlessSteven pushed a commit that referenced this pull request May 16, 2026
Replaces the derive/shape pins flagged in #735 with behavioural tests
focused on fixture invariants, mirroring the structure that landed in
#738 for ECDSA:

- Mismatched public key is deterministic across separate factories
  (not just stable within one factory's cache).
- Repeated mismatch calls return identical bytes — pins that the
  `"mismatch"` variant is cached, not regenerated per call.
- Distinct labels produce distinct mismatched keys — variant entropy
  flows through `label`, the variant string itself is shared.
- Mismatched key differs from the keypair's own public key.
- Mismatched SPKI parses as an RSA public key — kills a hypothetical
  "swap key type" mutant on the variant load path.
- JWK `n`/`e`/`d` are emitted with base64url no-padding.
- JWKS-embedded `kid` matches the standalone `kid()` accessor.
- JWKS public entry preserves `kty`/`use`/`alg` and omits `d`.
- `DOMAIN_RSA_KEYPAIR` pin is retained (also pinned in #738) since
  changing it silently re-keys every cached and deterministic RSA
  fixture downstream.

`rsa` 0.10 RC is already in the dep tree via the existing
`uselesskey-rsa` crate, so the new `RsaPublicKey::from_public_key_der`
import does not add any island.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants