EffortlessMetrics
diff --git a/‎Cargo.lock‎
Lines changed: 3 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎crates/uselesskey-aws-lc-rs/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎crates/uselesskey-aws-lc-rs/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/uselesskey-aws-lc-rs/tests/aws_lc_rs_prop.rs‎
Lines changed: 52 additions & 0 deletions b/‎crates/uselesskey-aws-lc-rs/tests/aws_lc_rs_prop.rs‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎crates/uselesskey-core-cache/tests/cache_prop.rs‎
Lines changed: 94 additions & 0 deletions b/‎crates/uselesskey-core-cache/tests/cache_prop.rs‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎crates/uselesskey-core-hash/tests/hash_prop.rs‎
Lines changed: 50 additions & 0 deletions b/‎crates/uselesskey-core-hash/tests/hash_prop.rs‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎crates/uselesskey-core-id/tests/id_prop.rs‎
Lines changed: 75 additions & 0 deletions b/‎crates/uselesskey-core-id/tests/id_prop.rs‎
Lines changed: 75 additions & 0 deletions
@@ -41,3 +41,4 @@ uselesskey-core = { path = "../uselesskey-core", version = "0.3.0" }
 hex = "0.4"
 serde.workspace = true
 insta.workspace = true
+proptest.workspace = true
@@ -0,0 +1,52 @@
+use proptest::prelude::*;
+use uselesskey_core::{Factory, Seed};
+
+proptest! {
+    #![proptest_config(ProptestConfig { cases: 8, ..ProptestConfig::default() })]
+
+    /// Deterministic factory produces the same aws-lc-rs RSA public key for the same seed.
+    #[cfg(all(feature = "native", any(not(windows), has_nasm), feature = "rsa"))]
+    #[test]
+    fn rsa_aws_lc_rs_deterministic(seed in any::<[u8; 32]>()) {
+        use aws_lc_rs::signature::KeyPair;
+        use uselesskey_aws_lc_rs::AwsLcRsRsaKeyPairExt;
+        use uselesskey_rsa::{RsaFactoryExt, RsaSpec};
+
+        let fx = Factory::deterministic(Seed::new(seed));
+        let kp1 = fx.rsa("prop-test", RsaSpec::rs256()).rsa_key_pair_aws_lc_rs();
+        let kp2 = fx.rsa("prop-test", RsaSpec::rs256()).rsa_key_pair_aws_lc_rs();
+
+        prop_assert_eq!(kp1.public_key().as_ref(), kp2.public_key().as_ref());
+        prop_assert!(kp1.public_modulus_len() > 0);
+    }
+
+    /// Deterministic factory produces the same aws-lc-rs ECDSA public key for the same seed.
+    #[cfg(all(feature = "native", any(not(windows), has_nasm), feature = "ecdsa"))]
+    #[test]
+    fn ecdsa_aws_lc_rs_deterministic(seed in any::<[u8; 32]>()) {
+        use aws_lc_rs::signature::KeyPair;
+        use uselesskey_aws_lc_rs::AwsLcRsEcdsaKeyPairExt;
+        use uselesskey_ecdsa::{EcdsaFactoryExt, EcdsaSpec};
+
+        let fx = Factory::deterministic(Seed::new(seed));
+        let kp1 = fx.ecdsa("prop-test", EcdsaSpec::es256()).ecdsa_key_pair_aws_lc_rs();
+        let kp2 = fx.ecdsa("prop-test", EcdsaSpec::es256()).ecdsa_key_pair_aws_lc_rs();
+
+        prop_assert_eq!(kp1.public_key().as_ref(), kp2.public_key().as_ref());
+    }
+
+    /// Deterministic factory produces the same aws-lc-rs Ed25519 public key for the same seed.
+    #[cfg(all(feature = "native", any(not(windows), has_nasm), feature = "ed25519"))]
+    #[test]
+    fn ed25519_aws_lc_rs_deterministic(seed in any::<[u8; 32]>()) {
+        use aws_lc_rs::signature::KeyPair;
+        use uselesskey_aws_lc_rs::AwsLcRsEd25519KeyPairExt;
+        use uselesskey_ed25519::{Ed25519FactoryExt, Ed25519Spec};
+
+        let fx = Factory::deterministic(Seed::new(seed));
+        let kp1 = fx.ed25519("prop-test", Ed25519Spec::new()).ed25519_key_pair_aws_lc_rs();
+        let kp2 = fx.ed25519("prop-test", Ed25519Spec::new()).ed25519_key_pair_aws_lc_rs();
+
+        prop_assert_eq!(kp1.public_key().as_ref(), kp2.public_key().as_ref());
+    }
+}
@@ -0,0 +1,94 @@
+use std::sync::Arc;
+
+use proptest::prelude::*;
+use uselesskey_core_cache::ArtifactCache;
+use uselesskey_core_id::{ArtifactId, DerivationVersion};
+
+fn make_id(label: &str, variant: &str) -> ArtifactId {
+    ArtifactId::new(
+        "domain:prop",
+        label,
+        b"spec",
+        variant,
+        DerivationVersion::V1,
+    )
+}
+
+proptest! {
+    #![proptest_config(ProptestConfig { cases: 64, ..ProptestConfig::default() })]
+
+    /// Inserting and retrieving a typed value round-trips correctly.
+    #[test]
+    fn insert_and_get_round_trip(label in "[a-z]{1,16}", value in any::<u64>()) {
+        let cache = ArtifactCache::new();
+        let id = make_id(&label, "default");
+
+        let inserted = cache.insert_if_absent_typed(id.clone(), Arc::new(value));
+        let fetched = cache.get_typed::<u64>(&id).expect("value should be present");
+
+        prop_assert_eq!(*inserted, value);
+        prop_assert_eq!(*fetched, value);
+    }
+
+    /// insert_if_absent_typed always returns the first inserted value.
+    #[test]
+    fn first_value_wins(
+        label in "[a-z]{1,16}",
+        first in any::<u64>(),
+        second in any::<u64>(),
+    ) {
+        let cache = ArtifactCache::new();
+        let id = make_id(&label, "default");
+
+        let winner = cache.insert_if_absent_typed(id.clone(), Arc::new(first));
+        let again = cache.insert_if_absent_typed(id, Arc::new(second));
+
+        prop_assert_eq!(*winner, first);
+        prop_assert_eq!(*again, first);
+    }
+
+    /// Distinct labels produce distinct cache entries.
+    #[test]
+    fn distinct_labels_no_collision(
+        label_a in "[a-z]{1,8}",
+        label_b in "[a-z]{1,8}",
+    ) {
+        prop_assume!(label_a != label_b);
+        let cache = ArtifactCache::new();
+
+        let id_a = make_id(&label_a, "default");
+        let id_b = make_id(&label_b, "default");
+
+        cache.insert_if_absent_typed(id_a.clone(), Arc::new(1u32));
+        cache.insert_if_absent_typed(id_b.clone(), Arc::new(2u32));
+
+        prop_assert_eq!(*cache.get_typed::<u32>(&id_a).unwrap(), 1u32);
+        prop_assert_eq!(*cache.get_typed::<u32>(&id_b).unwrap(), 2u32);
+        prop_assert_eq!(cache.len(), 2);
+    }
+
+    /// Cache len tracks insertions correctly.
+    #[test]
+    fn len_tracks_insertions(count in 1usize..=20) {
+        let cache = ArtifactCache::new();
+        for i in 0..count {
+            let id = make_id(&format!("label-{i}"), "default");
+            cache.insert_if_absent_typed(id, Arc::new(i as u64));
+        }
+        prop_assert_eq!(cache.len(), count);
+        prop_assert!(!cache.is_empty());
+    }
+
+    /// clear() empties the cache.
+    #[test]
+    fn clear_empties(count in 1usize..=10) {
+        let cache = ArtifactCache::new();
+        for i in 0..count {
+            let id = make_id(&format!("label-{i}"), "default");
+            cache.insert_if_absent_typed(id, Arc::new(i as u64));
+        }
+        cache.clear();
+        prop_assert!(cache.is_empty());
+        prop_assert_eq!(cache.len(), 0);
+    }
+}
@@ -0,0 +1,50 @@
+use proptest::prelude::*;
+use uselesskey_core_hash::{Hasher, hash32, write_len_prefixed};
+
+proptest! {
+    #![proptest_config(ProptestConfig { cases: 64, ..ProptestConfig::default() })]
+
+    /// hash32 is deterministic for any input.
+    #[test]
+    fn hash32_deterministic(data in any::<Vec<u8>>()) {
+        prop_assert_eq!(hash32(&data), hash32(&data));
+    }
+
+    /// Different inputs produce different hashes (collision resistance).
+    #[test]
+    fn hash32_different_inputs_differ(a in any::<Vec<u8>>(), b in any::<Vec<u8>>()) {
+        prop_assume!(a != b);
+        prop_assert_ne!(hash32(&a), hash32(&b));
+    }
+
+    /// write_len_prefixed preserves tuple boundaries: [a][b] != [a+b].
+    #[test]
+    fn len_prefix_separates_fields(
+        a in prop::collection::vec(any::<u8>(), 1..32),
+        b in prop::collection::vec(any::<u8>(), 1..32),
+    ) {
+        let mut combined = a.clone();
+        combined.extend_from_slice(&b);
+
+        let mut h_two = Hasher::new();
+        write_len_prefixed(&mut h_two, &a);
+        write_len_prefixed(&mut h_two, &b);
+
+        let mut h_one = Hasher::new();
+        write_len_prefixed(&mut h_one, &combined);
+
+        prop_assert_ne!(h_two.finalize(), h_one.finalize());
+    }
+
+    /// write_len_prefixed is deterministic.
+    #[test]
+    fn write_len_prefixed_deterministic(data in any::<Vec<u8>>()) {
+        let mut h1 = Hasher::new();
+        write_len_prefixed(&mut h1, &data);
+
+        let mut h2 = Hasher::new();
+        write_len_prefixed(&mut h2, &data);
+
+        prop_assert_eq!(h1.finalize(), h2.finalize());
+    }
+}
@@ -0,0 +1,75 @@
+use proptest::prelude::*;
+use uselesskey_core_id::{ArtifactId, DerivationVersion, Seed, derive_seed};
+
+proptest! {
+    #![proptest_config(ProptestConfig { cases: 64, ..ProptestConfig::default() })]
+
+    /// Same master seed and ArtifactId always produce the same derived seed.
+    #[test]
+    fn derive_seed_is_deterministic(
+        master in any::<[u8; 32]>(),
+        label in ".*",
+        spec in any::<[u8; 8]>(),
+        variant in ".*",
+    ) {
+        let seed = Seed::new(master);
+        let id = ArtifactId::new("domain:prop", &label, &spec, &variant, DerivationVersion::V1);
+
+        let a = derive_seed(&seed, &id);
+        let b = derive_seed(&seed, &id);
+        prop_assert_eq!(a.bytes(), b.bytes());
+    }
+
+    /// Changing the label changes the derived seed.
+    #[test]
+    fn different_labels_produce_different_seeds(
+        master in any::<[u8; 32]>(),
+        label_a in "[a-z]{1,8}",
+        label_b in "[a-z]{1,8}",
+    ) {
+        prop_assume!(label_a != label_b);
+        let seed = Seed::new(master);
+        let id_a = ArtifactId::new("domain:prop", &label_a, b"spec", "v", DerivationVersion::V1);
+        let id_b = ArtifactId::new("domain:prop", &label_b, b"spec", "v", DerivationVersion::V1);
+
+        let sa = derive_seed(&seed, &id_a);
+        let sb = derive_seed(&seed, &id_b);
+        prop_assert_ne!(sa.bytes(), sb.bytes());
+    }
+
+    /// Changing the variant changes the derived seed.
+    #[test]
+    fn different_variants_produce_different_seeds(
+        master in any::<[u8; 32]>(),
+        variant_a in "[a-z]{1,8}",
+        variant_b in "[a-z]{1,8}",
+    ) {
+        prop_assume!(variant_a != variant_b);
+        let seed = Seed::new(master);
+        let id_a = ArtifactId::new("domain:prop", "label", b"spec", &variant_a, DerivationVersion::V1);
+        let id_b = ArtifactId::new("domain:prop", "label", b"spec", &variant_b, DerivationVersion::V1);
+
+        let sa = derive_seed(&seed, &id_a);
+        let sb = derive_seed(&seed, &id_b);
+        prop_assert_ne!(sa.bytes(), sb.bytes());
+    }
+
+    /// spec_fingerprint is always the BLAKE3 hash of the spec bytes.
+    #[test]
+    fn spec_fingerprint_matches_hash32(spec in any::<Vec<u8>>()) {
+        let id = ArtifactId::new("d", "l", &spec, "v", DerivationVersion::V1);
+        let expected = *uselesskey_core_id::hash32(&spec).as_bytes();
+        prop_assert_eq!(id.spec_fingerprint, expected);
+    }
+
+    /// ArtifactId construction never panics on arbitrary input.
+    #[test]
+    fn artifact_id_new_never_panics(
+        label in ".*",
+        spec in any::<Vec<u8>>(),
+        variant in ".*",
+        version in any::<u16>(),
+    ) {
+        let _ = ArtifactId::new("domain:prop", label, &spec, variant, DerivationVersion(version));
+    }
+}