Skip to content

chore: handle backup security findings#590

Merged
jot2re merged 38 commits into
mainfrom
tore/chore/3025/backup-sec-findings
May 21, 2026
Merged

chore: handle backup security findings#590
jot2re merged 38 commits into
mainfrom
tore/chore/3025/backup-sec-findings

Conversation

@jot2re
Copy link
Copy Markdown
Collaborator

@jot2re jot2re commented May 12, 2026
edited
Loading

Description of changes

  • Added MPC context ID to signcrypted elements
  • Moved things around to minimize unauthenticated or redundant data
  • Added a new backwards compatibility for 0.14.0
  • Removed custodian backup tests from the 0.13.20 backwards compatibility test (since they are not in use yet)
  • Added a check and tests on IV's for encryption and decryption

Note that almost all line additions are from the new backwards compatibility test.

Issue ticket number and link

This closes [https://github.com/zama-ai/kms-internal/issues/3025]

PR Checklist

I attest that all checked items are satisfied. Any deviation is clearly justified above.

  • Title follows conventional commits (e.g. chore: ...).
  • Tests added for every new pub item and test coverage has not decreased.
  • Public APIs and non-obvious logic documented; unfinished work marked as TODO(#issue).
  • unwrap/expect/panic only in tests or for invariant bugs (documented if present).
  • No dependency version changes OR (if changed) only minimal required fixes.
  • No architectural protocol changes OR linked spec PR/issue provided.
  • No breaking deployment config changes OR devops label + infra notified + infra-team reviewer assigned.
  • No breaking gRPC / serialized data changes OR commit marked with ! and affected teams notified.
  • No modifications to existing versionized structs OR backward compatibility tests updated.
  • No critical business logic / crypto changes OR ≥2 reviewers assigned.
  • No new sensitive data fields added OR Zeroize + ZeroizeOnDrop implemented.
  • No new public storage data OR data is verifiable (signature / digest).
  • No unsafe; if unavoidable: minimal, justified, documented, and test/fuzz covered.
  • Strongly typed boundaries: typed inputs validated at the edge; no untyped values or errors cross modules.
  • Self-review completed.

Dependency Update Questionnaire (only if deps changed or added)

Answer in the Cargo.toml next to the dependency (or here if updating):

  1. Ownership changes or suspicious concentration?
  2. Low popularity?
  3. Unusual version jump?
  4. Lacking documentation?
  5. Missing CI?
  6. No security / disclosure policy?
  7. Significant size increase?

More details and explanations for the checklist and dependency updates can be found in CONTRIBUTING.md

@cla-bot cla-bot Bot added the cla-signed The CLA has been signed. label May 12, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 12, 2026
edited
Loading

Consolidated Tests Results 2026-05-21 - 13:12:17

Test Results

passed 7 passed

Details

tests 7 tests
clock not captured
tool junit-to-ctrf
build build-and-test arrow-right test-reporter link #2327
pull-request chore: handle backup security findings link #590

test-reporter: Run #2327

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Pending ⏳ Other ❓ Flaky 🍂 Duration ⏱️
7 7 0 0 0 0 0 not captured

🎉 All tests passed!

Tests

View All Tests
Test Name Status Flaky Duration
k8s_test_crs_uniqueness 44.2s
k8s_test_insecure_keygen_encrypt_and_public_decrypt 2m 6s
k8s_test_insecure_keygen_encrypt_multiple_types 2m 21s
k8s_test_keygen_and_crs 2m 7s
k8s_test_keygen_uniqueness 5m 15s
k8s_test_centralized_insecure 55.3s
nightly_full_gen_tests_default_k8s_centralized_sequential_crs 1.6s

🍂 No flaky tests in this run.

Github Test Reporter by CTRF 💚

🔄 This comment has been updated

jot2re
jot2re commented May 12, 2026
View reviewed changes
Comment thread backward-compatibility/generate-v0.13.20/src/data_0_13.rs Outdated
jot2re
jot2re commented May 12, 2026
View reviewed changes
Comment thread core-client/src/backup.rs
@jot2re jot2re marked this pull request as ready for review May 13, 2026 08:20
@jot2re jot2re requested a review from a team as a code owner May 13, 2026 08:20
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/core_client.md
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread docs/guides/backup.md Outdated
dd23
dd23 reviewed May 13, 2026
View reviewed changes
Comment thread core/service/src/vault/keychain/mod.rs
Base automatically changed from tore/chore/new-backwards-tests to main May 20, 2026 07:36
dvdplm
dvdplm previously approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dvdplm dvdplm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did not go too deep into the specifics but overall I think it looks good.

Comment thread docs/guides/backup.md
Comment thread docs/guides/backup.md
Comment thread docs/guides/backup.md Outdated
Comment thread docs/guides/backup.md Outdated
Comment thread core/service/src/vault/keychain/mod.rs
Comment thread core/service/src/engine/backup_operator.rs
Comment thread core/grpc/proto/kms.v1.proto
@jot2re jot2re requested review from dd23 and dvdplm May 20, 2026 12:59
dvdplm
dvdplm previously approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dvdplm dvdplm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo "OUT OF BOUNDS" typo.

dd23
dd23 reviewed May 21, 2026
View reviewed changes
Comment thread core/service/src/client/tests/threshold/custodian_backup_tests.rs Outdated
dd23
dd23 reviewed May 21, 2026
View reviewed changes
Comment thread core/service/src/client/tests/threshold/custodian_backup_tests.rs Outdated
dd23
dd23 previously approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dd23 dd23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! LGTM

@jot2re jot2re requested a review from dd23 May 21, 2026 12:15
@jot2re jot2re merged commit 5d29373 into main May 21, 2026
58 checks passed
@jot2re jot2re deleted the tore/chore/3025/backup-sec-findings branch May 21, 2026 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dd23 dd23 dd23 approved these changes

@dvdplm dvdplm dvdplm left review comments

Assignees

No one assigned

Labels

cla-signed The CLA has been signed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jot2re @dd23 @dvdplm