# Hardware Hash & API Key Tests

**Task**: AZ-160_test_hardware_hash
**Name**: Hardware Hash & API Key Tests
**Description**: Implement 7 tests for hardware fingerprinting — determinism, uniqueness, base64 format, API key derivation from credentials and hardware
**Complexity**: 2 points
**Dependencies**: AZ-152_test_infrastructure
**Component**: Blackbox Tests
**Jira**: AZ-160
**Epic**: AZ-151

## Problem

Hardware hashing provides machine-bound security for model encryption and API authentication. Tests must verify determinism, uniqueness, format, and credential/hardware dependency.

## Outcome

- 7 passing pytest tests in `tests/test_hardware_hash.py`

## Scope

### Included
- BT-HSH-01: Deterministic output (same input → same hash)
- BT-HSH-02: Different inputs → different hashes
- BT-HSH-03: Output is valid base64
- ST-HSH-01: Hardware hash deterministic (duplicate of BT-HSH-01 for security coverage)
- ST-HSH-02: Different hardware → different hash
- ST-HSH-03: API encryption key depends on credentials + hardware
- ST-HSH-04: API encryption key depends on credentials

### Excluded
- Actual hardware info collection (may need mocking)

## Acceptance Criteria

**AC-1: Determinism**
Given "test-hardware-info"
When get_hw_hash() called twice
Then both calls return identical string

**AC-2: Uniqueness**
Given "hw-a" and "hw-b"
When get_hw_hash() called on each
Then results differ

**AC-3: Base64 format**
Given "test-hardware-info"
When get_hw_hash() called
Then result matches `^[A-Za-z0-9+/]+=*$`

**AC-4: API key depends on hardware**
Given same credentials, different hardware hashes
When get_api_encryption_key() called
Then different keys returned

**AC-5: API key depends on credentials**
Given different credentials, same hardware hash
When get_api_encryption_key() called
Then different keys returned

## Constraints

- Security tests marked: `@pytest.mark.security`
- May require mocking hardware info collection functions
- All inputs are generated strings (no external fixtures)