chore: deterministic backward compatibility tests

[kc1212]

Description of changes

This is not exactly a complete fix because on main we don't have deterministic datatypes, it only introduces in this PR. There needs to be a follow up PR that changes the revision in kms/backward-compatibility/generate-v0.14.0/Cargo.toml after this PR is merged.

To test it locally, one can use this commit cea9f4e, but I didn't want to add it in this PR because it's not a commit on main.

Issue ticket number and link

Closes zama-ai/kms-internal#3023

PR Checklist

I attest that all checked items are satisfied. Any deviation is clearly justified above.

• Title follows conventional commits (e.g. chore: ...).
• Tests added for every new pub item and test coverage has not decreased.
• Public APIs and non-obvious logic documented; unfinished work marked as TODO(#issue).
• unwrap/expect/panic only in tests or for invariant bugs (documented if present).
• No dependency version changes OR (if changed) only minimal required fixes.
• No architectural protocol changes OR linked spec PR/issue provided.
• No breaking deployment config changes OR devops label + infra notified + infra-team reviewer assigned.
• No breaking gRPC / serialized data changes OR commit marked with ! and affected teams notified.
• No modifications to existing versionized structs OR backward compatibility tests updated.
• No critical business logic / crypto changes OR ≥2 reviewers assigned.
• No new sensitive data fields added OR Zeroize + ZeroizeOnDrop implemented.
• No new public storage data OR data is verifiable (signature / digest).
• No unsafe; if unavoidable: minimal, justified, documented, and test/fuzz covered.
• Strongly typed boundaries: typed inputs validated at the edge; no untyped values or errors cross modules.
• Self-review completed.

Dependency Update Questionnaire (only if deps changed or added)

Answer in the Cargo.toml next to the dependency (or here if updating):

1. Ownership changes or suspicious concentration?
2. Low popularity?
3. Unusual version jump?
4. Lacking documentation?
5. Missing CI?
6. No security / disclosure policy?
7. Significant size increase?

More details and explanations for the checklist and dependency updates can be found in CONTRIBUTING.md

[dvdplm]

A few nitpicks but otherwise it LGTM. I don't love the ALLOW_UNCOVERED stuff or the workspace scanning, but I also don't know of a better way to do this.

[dvdplm]

I think this comment is superfluous. Or could be shorter "BTreeMaps are deterministically serialized"

[kc1212]

removed

[dvdplm]

Do we really need both of these? Is generate_setup_message_with_timestamp really used separately from generate_setup_message? Maybe we can unify them into generate_setup_message and save ourselves some pub-API surface?

[kc1212]

it's a bit tricky, generate_setup_message_with_timestampbecause I wanted a "new" function that's deterministic, for the backward compatibility tests. but generate_setup_message is used everywhere else

[dvdplm]

Hmm, what is it that we're actually testing here? It reads a bit like we're checking that HashMap is indeed non-deterministic and that BTreeMap is indeed deterministic? That'd be the concern of Rust's stdlib to do, i.e. that the documented invariants stay in place.

I don't think we need this. Am I wrong?

[kc1212]

it's more of a sanity check. on one hand it's not super useful for BTreeMap, but we also have functions like generate_setup_message_with_timestamp which is suppose to make de-randomize the initialization

[github-actions]

Consolidated Tests Results 2026-05-20 - 15:00:54

Test Results

7 passed

Details

7 tests
not captured
junit-to-ctrf
build-and-test test-reporter #2282
chore: deterministic backward compatibility tests #591

test-reporter: Run #2282

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
7	7	0	0	0	0	0	not captured

🎉 All tests passed!

Tests

View All Tests

Test Name	Status	Flaky	Duration
k8s_test_crs_uniqueness	✅		44.4s
k8s_test_insecure_keygen_encrypt_and_public_decrypt	✅		2m 5s
k8s_test_insecure_keygen_encrypt_multiple_types	✅		2m 23s
k8s_test_keygen_and_crs	✅		2m 9s
k8s_test_keygen_uniqueness	✅		5m 18s
k8s_test_centralized_insecure	✅		55.2s
nightly_full_gen_tests_default_k8s_centralized_sequential_crs	✅		1.8s

_{🍂 No flaky tests in this run.}

Github Test Reporter by CTRF 💚

🔄 This comment has been updated