Skip to content

chore: deterministic backward compatibility tests#591

Open
kc1212 wants to merge 3 commits into
mainfrom
kc1212/chore/3023/deterministic-backward-compatibility-tests
Open

chore: deterministic backward compatibility tests#591
kc1212 wants to merge 3 commits into
mainfrom
kc1212/chore/3023/deterministic-backward-compatibility-tests

Conversation

@kc1212
Copy link
Copy Markdown
Contributor

@kc1212 kc1212 commented May 13, 2026
edited
Loading

Description of changes

This is not exactly a complete fix because on main we don't have deterministic datatypes, it only introduces in this PR. There needs to be a follow up PR that changes the revision in kms/backward-compatibility/generate-v0.14.0/Cargo.toml after this PR is merged.

To test it locally, one can use this commit cea9f4e, but I didn't want to add it in this PR because it's not a commit on main.

Issue ticket number and link

Closes zama-ai/kms-internal#3023

PR Checklist

I attest that all checked items are satisfied. Any deviation is clearly justified above.

  • Title follows conventional commits (e.g. chore: ...).
  • Tests added for every new pub item and test coverage has not decreased.
  • Public APIs and non-obvious logic documented; unfinished work marked as TODO(#issue).
  • unwrap/expect/panic only in tests or for invariant bugs (documented if present).
  • No dependency version changes OR (if changed) only minimal required fixes.
  • No architectural protocol changes OR linked spec PR/issue provided.
  • No breaking deployment config changes OR devops label + infra notified + infra-team reviewer assigned.
  • No breaking gRPC / serialized data changes OR commit marked with ! and affected teams notified.
  • No modifications to existing versionized structs OR backward compatibility tests updated.
  • No critical business logic / crypto changes OR ≥2 reviewers assigned.
  • No new sensitive data fields added OR Zeroize + ZeroizeOnDrop implemented.
  • No new public storage data OR data is verifiable (signature / digest).
  • No unsafe; if unavoidable: minimal, justified, documented, and test/fuzz covered.
  • Strongly typed boundaries: typed inputs validated at the edge; no untyped values or errors cross modules.
  • Self-review completed.

Dependency Update Questionnaire (only if deps changed or added)

Answer in the Cargo.toml next to the dependency (or here if updating):

  1. Ownership changes or suspicious concentration?
  2. Low popularity?
  3. Unusual version jump?
  4. Lacking documentation?
  5. Missing CI?
  6. No security / disclosure policy?
  7. Significant size increase?

More details and explanations for the checklist and dependency updates can be found in CONTRIBUTING.md

@kc1212 kc1212 self-assigned this May 13, 2026
@kc1212 kc1212 requested a review from a team as a code owner May 13, 2026 14:22
@cla-bot cla-bot Bot added the cla-signed The CLA has been signed. label May 13, 2026
@kc1212 kc1212 marked this pull request as draft May 13, 2026 14:22
dvdplm
dvdplm previously approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dvdplm dvdplm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few nitpicks but otherwise it LGTM. I don't love the ALLOW_UNCOVERED stuff or the workspace scanning, but I also don't know of a better way to do this.

Comment thread core/service/src/engine/base.rs Outdated
Comment thread core/service/src/backup/custodian.rs
Comment on lines +383 to 395
) -> Result<InternalCustodianSetupMessage, BackupError> {
let timestamp = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs();
self.generate_setup_message_with_timestamp(rng, custodian_name, timestamp)
}

// The timestamp is taken as an explicit argument so that callers needing deterministic
// output (e.g. backward-compatibility data generators) can pass a fixed value.
pub fn generate_setup_message_with_timestamp<R: Rng + CryptoRng>(
&self,
rng: &mut R,
custodian_name: String,
timestamp: u64,
) -> Result<InternalCustodianSetupMessage, BackupError> {
Copy link
Copy Markdown
Contributor

@dvdplm dvdplm May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need both of these? Is generate_setup_message_with_timestamp really used separately from generate_setup_message? Maybe we can unify them into generate_setup_message and save ourselves some pub-API surface?

Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a bit tricky, generate_setup_message_with_timestampbecause I wanted a "new" function that's deterministic, for the backward compatibility tests. but generate_setup_message is used everywhere else

Comment thread core/service/tests/backward_compatibility_determinism.rs Outdated
//! `with_fixed_int_encoding()` on top of `Versionize::versionize()`), and
//! asserts every output is byte-identical.
//!
//! The N-repeats pattern is what catches HashMap regressions: each freshly
Copy link
Copy Markdown
Contributor

@dvdplm dvdplm May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, what is it that we're actually testing here? It reads a bit like we're checking that HashMap is indeed non-deterministic and that BTreeMap is indeed deterministic? That'd be the concern of Rust's stdlib to do, i.e. that the documented invariants stay in place.

I don't think we need this. Am I wrong?

Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's more of a sanity check. on one hand it's not super useful for BTreeMap, but we also have functions like generate_setup_message_with_timestamp which is suppose to make de-randomize the initialization

Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could be removed in the follow up - see the PR description

@kc1212 kc1212 force-pushed the kc1212/chore/3023/deterministic-backward-compatibility-tests branch from 734a02f to 6994051 Compare May 20, 2026 11:21
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 20, 2026
edited
Loading

Consolidated Tests Results 2026-05-21 - 13:17:24

Test Results

passed 631 passed

Details

tests 631 tests
clock not captured
tool junit-to-ctrf
build main arrow-right test-reporter link #4877
pull-request chore: deterministic backward compatibility tests link #591

test-reporter: Run #4877

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Pending ⏳ Other ❓ Flaky 🍂 Duration ⏱️
631 631 0 0 0 0 0 not captured

🎉 All tests passed!

Tests

View All Tests
Test Name Status Flaky Duration
config_conformance_client_local_threshold 6ms
test_threshold_abort_crs_gen 557ms
test_threshold_abort_key_gen 587ms
test_threshold_custodian_backup 683ms
test_threshold_insecure_default_keygen 978ms
test_threshold_mpc_context_switch 3.0s
test_threshold_concurrent_crs 21.5s
test_threshold_mpc_context_init 5m 15s
test_threshold_restore_from_backup 2.6s
test_threshold_concurrent_preproc_keygen 5m 34s
test_threshold_reshare 5m 19s
test_threshold_default_preproc_keygen 8m 24s
test_threshold_mpc_context_switch_6 13m 11s
test_threshold_insecure 17m 39s
test_backward_compatibility_kms_grpc 4ms
key_gen_metadata_inner_serialization_is_deterministic 6ms
internal_custodian_setup_message_serialization_is_deterministic 7ms
test_private_keyset_v2_upgrade_sets_missing_oprf_share_to_none 6ms
kms_gen_keys_binary_test::central_signing_address_format 22ms
kms_custodian_binary_tests::sunshine_generate 26ms
kms_custodian_binary_tests::sunshine_verify 26ms
kms_init_binary_test::help 10ms
kms_gen_keys_binary_test::central_s3 42ms
kms_gen_keys_binary_test::help 23ms
kms_server_binary_test::help 7ms
kms_gen_keys_binary_test::central_signing_keys_overwrite 38ms
kms_custodian_binary_tests::sunshine_decrypt_custodian 311ms
kms_init_binary_test::init 325ms
check_variant_contiguity_corner_cases 4ms
derives_versions_dispatch_corner_cases 4ms
versioned_enums_are_covered_by_ron_metadata 663ms
versioned_enums_have_contiguous_variants 663ms
test_backward_compatibility_kms 1.0s
backup::operator::tests::operator_new_fails_with_bad_n_t 6ms
backup::custodian::tests::invalid_threshold_should_fail 6ms
backup::custodian::tests::internal_custodian_context_role_greater_than_nodes_should_fail 6ms
backup::custodian::tests::internal_custodian_context_zero_role_should_fail 7ms
backup::operator::tests::operator_new_fails_with_duplicate_roles 7ms
backup::custodian::tests::internal_custodian_context_duplicate_role_should_fail 7ms
backup::operator::tests::operator_new_fails_with_insufficient_messages 6ms
backup::operator::tests::operator_new_fails_with_invalid_header 5ms
backup::operator::tests::operator_new_fails_with_invalid_role 5ms
backup::operator::tests::operator_new_fails_with_invalid_timestamp_future 6ms
backup::operator::tests::operator_new_fails_with_invalid_timestamp_past 6ms
backup::operator::tests::operator_new_fails_with_not_enough 6ms
backup::operator::tests::operator_new_fails_with_zero_n 5ms
backup::operator::tests::operator_new_fails_with_zero_t 5ms
backup::operator::tests::operator_timestamp_validation 5ms
backup::secretsharing::pkcs7::tests::padding_sunshine 6ms
backup::secretsharing::pkcs7::tests::padding_wrong_data 6ms
backup::operator::tests::validate_recovery_validation_material 7ms
backup::secretsharing::tests::sharing_wrong_params 5ms
backup::seed_phrase::tests::difference 5ms
backup::secretsharing::tests::sharing_too_many_missing_shares 12ms
backup::seed_phrase::tests::mnemonic_robustness 6ms
backup::seed_phrase::tests::sunshine 6ms
backup::tests::custodian_reencrypt 10ms
backup::secretsharing::tests::sharing_wrong_shares 129ms
backup::tests::full_flow::case_2 157ms
backup::tests::full_flow::case_1 173ms
backup::tests::full_flow_malicious_custodian_init 12ms
backup::secretsharing::tests::sharing_missing_shares 215ms
backup::secretsharing::tests::sharing_no_error 277ms
backup::tests::full_flow_malicious_custodian_not_enough 126ms
backup::tests::operator_setup 9ms
backup::tests::full_flow::case_3 211ms
backup::tests::full_flow_drop_msg 162ms
backup::tests::full_flow_malicious_custodian_second 186ms
backup::tests::full_flow_malicious_operator 154ms
client::tests::centralized::crs_gen_tests::test_crs_gen_manual 3.2s
client::tests::centralized::crs_gen_tests::test_crs_gen_centralized 9.2s
client::tests::centralized::crs_gen_tests::test_insecure_crs_gen_centralized 9.2s
client::crs_gen::tests::process_distributed_crs_result_invalid_signature_does_not_insert_key 14.6s
client::crs_gen::tests::verify_pp_with_tfhers 19.4s
backup::secretsharing::tests::sharing_randomness_test 21.3s
client::tests::centralized::custodian_backup_tests::test_mpc_context_backup_central 3m 48s
client::tests::centralized::custodian_backup_tests::test_keygen_backup_presence_central 3m 50s
client::tests::centralized::custodian_backup_tests::test_decrypt_after_recovery_central 4m 2s
client::tests::centralized::custodian_context_tests::test_new_custodian_context_central 3.3s
client::tests::centralized::key_gen_tests::test_compressed_key_gen_centralized 1.9s
client::tests::centralized::custodian_backup_tests::test_auto_update_backups_central 4m 12s
client::tests::centralized::custodian_backup_tests::test_decrypt_after_recovery_centralized_negative 4m 1s
client::tests::centralized::misc_tests::test_central_close_after_drop 384ms
client::tests::centralized::key_gen_tests::test_key_gen_centralized 2.2s
client::tests::centralized::misc_tests::test_central_health_endpoint_availability 731ms
client::tests::centralized::custodian_backup_tests::test_backup_after_crs_central 4m 11s
client::tests::centralized::public_decryption_tests::default_decryption_centralized::case_1 17.7s
client::tests::centralized::public_decryption_tests::test_decryption_central 1.9s
client::tests::centralized::public_decryption_tests::default_decryption_centralized_precompute_sns::case_1 18.0s
client::tests::centralized::public_decryption_tests::test_decryption_central_no_decompression 1.9s
client::tests::centralized::restore_from_backup_tests::test_insecure_central_autobackup_after_deletion 1.4s
client::tests::centralized::public_decryption_tests::test_decryption_central_precompute_sns 1.9s
client::tests::centralized::restore_from_backup_tests::test_insecure_central_dkg_backup 1.6s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized::secure_1_true 17.3s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized::secure_2_false 17.3s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_no_compression::secure_1_true 16.7s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_no_compression::secure_2_false 16.8s
client::tests::centralized::misc_tests::test_largecipher 1m 9s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_precompute_sns::secure_1_true::compression_1_true 18.1s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_precompute_sns::secure_1_true::compression_2_false 18.1s
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized::secure_1_true 1.9s
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized::secure_2_false 1.8s
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized_precompute_sns::secure_1_true::compression_1_true 1.8s
client::tests::centralized::key_gen_tests::default_key_gen_centralized 1m 29s
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized_precompute_sns::secure_1_true::compression_2_false 1.8s
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized_precompute_sns::secure_2_false::compression_1_true 1.8s
client::tests::common::num_blocks_sunshine 6ms
client::tests::make_extra_data_unknown_version_errors 6ms
client::tests::make_extra_data_v0_ignores_ids 5ms
client::tests::make_extra_data_v1_requires_context 6ms
client::tests::make_extra_data_v2_requires_both_ids 5ms
client::tests::testing_infra_tests::test_centralized_material_validation 6ms
client::tests::testing_infra_tests::test_threshold_material_validation 6ms
client::tests::testing_infra_tests::tests::test_material_spec_creation 5ms
client::tests::centralized::user_decryption_tests::test_user_decryption_centralized_precompute_sns::secure_2_false::compression_2_false 1.8s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_precompute_sns::secure_2_false::compression_1_true 19.0s
client::tests::centralized::user_decryption_tests::default_user_decryption_centralized_precompute_sns::secure_2_false::compression_2_false 25.4s
client::tests::threshold::custodian_backup_tests::test_auto_update_backups_threshold::case_1 5.6s
client::tests::threshold::custodian_backup_tests::test_auto_update_backups_threshold::case_2 6.0s
client::tests::threshold::crs_gen_tests::test_insecure_crs_gen_threshold 42.3s
client::tests::threshold::crs_gen_tests::test_crs_gen_threshold 52.3s
client::tests::threshold::crs_gen_tests::secure_threshold_crs 60.0s
client::tests::threshold::custodian_backup_tests::test_custodian_reencryption_with_existing_data_threshold 7.1s
client::tests::threshold::custodian_backup_tests::test_backup_after_crs_threshold::case_1 43.5s
client::tests::threshold::custodian_backup_tests::test_decrypt_after_recovery_threshold::case_1 11.8s
client::tests::threshold::custodian_backup_tests::test_decrypt_after_recovery_threshold::case_2 11.7s
client::tests::threshold::custodian_backup_tests::test_decrypt_after_recovery_threshold_negative 5.2s
client::tests::threshold::custodian_backup_tests::test_backup_after_crs_threshold::case_2 43.4s
client::tests::threshold::custodian_backup_tests::test_mpc_context_backup_threshold 5.1s
client::tests::threshold::custodian_backup_tests::test_keygen_backup_presence_threshold 7.0s
client::tests::threshold::custodian_backup_tests::test_prss_in_custodian_backup_threshold 4.3s
client::tests::threshold::custodian_context_tests::test_new_custodian_context_threshold::case_1 7.5s
client::tests::threshold::custodian_context_tests::test_new_custodian_context_threshold::case_2 7.4s
client::tests::threshold::custodian_backup_tests::test_backup_after_reshare_threshold 45.7s
client::tests::centralized::key_gen_tests::default_decompression_key_gen_centralized 3m 43s
client::tests::centralized::key_gen_tests::test_decompression_key_gen_centralized 3m 46s
client::tests::threshold::key_gen_tests::default_insecure_dkg 4m 23s
client::tests::threshold::key_gen_tests::secure_threshold_compressed_keygen_test 4m 49s
client::tests::threshold::key_gen_tests::test_insecure_compressed_dkg::case_1 1.9s
client::tests::threshold::key_gen_tests::test_insecure_dkg 5.5s
client::tests::threshold::key_gen_tests::secure_threshold_keygen_crash_online 4m 23s
client::tests::threshold::misc_tests::test_ratelimiter 437ms
client::tests::threshold::misc_tests::test_threshold_close_after_drop 1.4s
client::tests::threshold::key_gen_tests::secure_threshold_keygen 4m 34s
client::tests::threshold::misc_tests::test_threshold_shutdown 2.5s
client::tests::threshold::misc_tests::test_threshold_health_endpoint_availability 5.0s
client::tests::threshold::mpc_context_tests::test_context_switch_4p 3.9s
client::tests::threshold::public_decryption_tests::default_decryption_threshold::case_1 1m 3s
client::tests::threshold::key_gen_tests::test_insecure_threshold_decompression_keygen 1m 44s
client::tests::threshold::public_decryption_tests::default_decryption_threshold_precompute_sns::case_1::compression_1_true 41.7s
client::tests::threshold::public_decryption_tests::default_decryption_threshold_precompute_sns::case_1::compression_2_false 39.9s
client::tests::threshold::public_decryption_tests::test_decryption_threshold::case_1 7.0s
client::tests::threshold::public_decryption_tests::test_decryption_threshold::case_2 6.8s
client::tests::threshold::public_decryption_tests::default_decryption_threshold_with_crash::case_1 41.2s
client::tests::threshold::public_decryption_tests::test_decryption_threshold_no_decompression::case_1 3.7s
client::tests::threshold::public_decryption_tests::test_decryption_threshold_no_decompression::case_2 3.7s
client::tests::threshold::public_decryption_tests::test_decryption_threshold_precompute_sns::case_1::compression_1_true 7.0s
client::tests::threshold::public_decryption_tests::test_decryption_threshold_precompute_sns::case_1::compression_2_false 7.0s
client::tests::threshold::restore_from_backup_tests::test_insecure_threshold_crs_backup 29.6s
client::tests::threshold::key_gen_tests::secure_threshold_keygen_crash_preprocessing 4m 3s
client::tests::threshold::user_decryption_tests::default_user_decryption_threshold::case_1::secure_1_true 37.7s
client::tests::threshold::key_gen_tests::secure_threshold_compressed_keygen_from_existing_keeps_existing_oprf 8m 32s
client::tests::threshold::key_gen_tests::secure_threshold_compressed_keygen_from_existing_adds_missing_oprf 8m 43s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_1 386ms
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_2 1.1s
client::tests::threshold::user_decryption_tests::default_user_decryption_threshold::case_2::secure_1_true 28.7s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_3 3.5s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_4 3.5s
client::tests::threshold::user_decryption_tests::default_user_decryption_threshold_precompute_sns::case_1::secure_1_true 27.8s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_6 3.9s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_5 6.7s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold::case_7 4.0s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_all_malicious_failure 2.3s
client::tests::threshold::user_decryption_tests::default_user_decryption_threshold_with_crash::case_1::secure_1_true 28.9s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_malicious::case_1 3.6s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_malicious::case_2 3.6s
conf::tests::config_conformance_compose_1 7ms
conf::tests::config_conformance_compose_centralized 6ms
conf::tests::test_centralized_config 6ms
conf::tests::test_threshold_config 6ms
conf::tests::test_threshold_config_negative 6ms
conf::threshold::test_pem_serialization 6ms
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_malicious_failure 3.6s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_precompute_sns::case_1 3.6s
cryptography::decompression::test::test_128b 2.7s
client::tests::threshold::user_decryption_tests::test_user_decryption_threshold_precompute_sns::case_2 3.5s
client::tests::threshold::user_decryption_tests::default_user_decryption_threshold_with_crash::case_1::secure_2_false 30.5s
cryptography::decompression::test::test_1024b 4.6s
cryptography::decompression::test::test_16b 3.1s
cryptography::decompression::test::test_32b 3.3s
cryptography::decompression::test::test_256b 4.3s
cryptography::decompression::test::test_4b 3.8s
cryptography::decompression::test::test_2048b 9.0s
cryptography::decompression::test::test_8b 4.7s
cryptography::decompression::test::test_512b 6.9s
cryptography::decompression::test::test_bad_ciphertext 4.1s
cryptography::decompression::test::test_full_chain_client_copro_kms_uint8::case_1 43ms
cryptography::decompression::test::test_64b 5.2s
cryptography::encryption::tests::deserialize_and_validate_accepts_mlkem512 7ms
cryptography::encryption::tests::deserialize_and_validate_rejects_invalid_bytes 6ms
cryptography::encryption::tests::deserialize_and_validate_rejects_mlkem1024 6ms
cryptography::encryption::tests::nested_pke_sunshine 7ms
cryptography::encryption::tests::pke_wrong_ct_enc 6ms
cryptography::encryption::tests::pke_wrong_kem_key 6ms
cryptography::hybrid_ml_kem::tests::pke_sunshine 60ms
cryptography::hybrid_ml_kem::tests::pke_wrong_ct_hybrid 55ms
cryptography::hybrid_ml_kem::tests::pke_wrong_kem 72ms
cryptography::hybrid_ml_kem::tests::pke_wrong_key 88ms
cryptography::hybrid_ml_kem::tests::pke_wrong_nonce 59ms
cryptography::hybrid_ml_kem::tests::test_pke_serialize_size 7ms
cryptography::hybrid_ml_kem::tests::validate_consistent_cipher_encoding 6ms
cryptography::signatures::tests::bad_dsep 6ms
cryptography::signatures::tests::bad_signature 6ms
cryptography::signatures::tests::plain_signing 6ms
cryptography::signatures::tests::regression_consistent_enc 5ms
cryptography::signatures::tests::sunshine_verf_key_legacy_serialization 5ms
cryptography::signatures::tests::unnormalized_signature 8ms
cryptography::signatures::tests::validate_zeroize_signing_key 8ms
cryptography::signcryption::tests::bad_signcryption 11ms
cryptography::signcryption::tests::incorrect_server_verf_key 8ms
cryptography::signcryption::tests::signcryption_with_bad_link 10ms
cryptography::signcryption::tests::sunshine 8ms
cryptography::signcryption::tests::sunshine_encoding_decoding 7ms
cryptography::signcryption::tests::test_signcryption_payload_v0_serialization_locked 5ms
engine::backup_operator::tests::test_filter_custodian_data_invalid_custodian_role 8ms
engine::backup_operator::tests::test_filter_custodian_data_invalid_operator_role 7ms
engine::backup_operator::tests::test_filter_custodian_data_invalid_signature 25ms
cryptography::decompression::test::test_tolerate_non_compressed 759ms
engine::backup_operator::tests::test_filter_custodian_data_missing_verification_key 27ms
engine::backup_operator::tests::test_filter_custodian_missing_cus_output 20ms
engine::backup_operator::tests::test_update_backup_vault 20ms
engine::backup_operator::tests::test_update_backup_vault_with_overwrite 17ms
engine::backup_operator::tests::test_update_backup_vault_without_overwrite 9ms
engine::backup_operator::tests::test_update_epoch_backup_vault 8ms
engine::backup_operator::tests::test_update_epoch_backup_vault_with_overwrite 9ms
engine::backup_operator::tests::test_update_epoch_backup_vault_without_overwrite 10ms
engine::base::tests::crs_gen_metadata_q126_upgrade 11ms
engine::base::tests::keygen_metadata_q126_upgrade 10ms
engine::base::tests::sunshine_plaintext_as_u256 8ms
engine::base::tests::test_abi_encoding_fhevm_ebytes 7ms
engine::base::tests::test_compute_external_signature_preproc 8ms
engine::base::tests::test_compute_info_standard_keygen 432ms
engine::base::tests::test_compute_pt_message_hash 7ms
engine::base::tests::test_deserialize_ciphertext_missing_decompression_key 122ms
engine::base::tests::test_deserialize_ciphertext_wrong_ct_format 137ms
engine::base::tests::test_deserialize_ciphertext_wrong_type 192ms
cryptography::decompression::test::test_bad_fhe_type 2.4s
engine::base::tests::test_compute_info_crs 1.2s
engine::centralized::central_kms::tests::decrypt_with_bad_client_key 332ms
engine::centralized::central_kms::tests::multiple_test_keys_access 167ms
cryptography::decompression::test::test_bool 2.4s
engine::centralized::central_kms::tests::multiple_test_keys_decrypt 254ms
engine::centralized::central_kms::tests::sanity_check_sns_compression_test_params 62ms
cryptography::decompression::test::test_full_chain_client_copro_kms_uint8::case_2 2.6s
engine::centralized::central_kms::tests::multiple_test_keys_user_decrypt 248ms
engine::centralized::central_kms::tests::sunshine_test_decrypt 260ms
engine::centralized::central_kms::tests::sunshine_test_user_decrypt 336ms
engine::centralized::central_kms::tests::test_gen_keys 1m 10s
engine::centralized::central_kms::tests::test_generate_fhe_keys 155ms
engine::centralized::central_kms::tests::user_decrypt_with_bad_client_key 250ms
engine::centralized::central_kms::tests::user_decrypt_with_bad_ephemeral_key 295ms
engine::centralized::central_kms::tests::user_decrypt_with_bad_sig_key 244ms
engine::centralized::service::crs_gen::tests::abort_already_finished 862ms
engine::centralized::service::crs_gen::tests::abort_during_crs_gen 11ms
engine::centralized::service::crs_gen::tests::abort_not_found 8ms
engine::centralized::service::crs_gen::tests::already_exists 8ms
engine::centralized::central_kms::tests::multiple_default_keys_decrypt 1m 14s
engine::centralized::service::crs_gen::tests::invalid_argument 9ms
engine::centralized::service::crs_gen::tests::not_found 8ms
engine::centralized::service::crs_gen::tests::resource_exhausted 8ms
engine::centralized::central_kms::tests::multiple_default_keys_user_decrypt 1m 14s
engine::centralized::service::crs_gen::tests::default_epoch_id 957ms
engine::centralized::service::decryption::test_user_decryption::already_exists 401ms
engine::centralized::service::decryption::test_user_decryption::invalid_argument 415ms
engine::centralized::central_kms::tests::sunshine_default_decrypt 1m 14s
engine::centralized::service::decryption::test_user_decryption::not_found 229ms
engine::centralized::service::decryption::test_user_decryption::resource_exhausted 189ms
engine::centralized::service::decryption::test_user_decryption::sunshine 167ms
engine::centralized::service::crs_gen::tests::sunshine 914ms
engine::centralized::service::decryption::tests_public_decryption::already_exists 168ms
engine::centralized::service::decryption::tests_public_decryption::invalid_argument 177ms
engine::centralized::central_kms::tests::sunshine_default_user_decrypt 1m 14s
engine::centralized::service::initiator::tests::already_exists 9ms
engine::centralized::service::initiator::tests::invalid_argument 8ms
engine::centralized::service::initiator::tests::sunshine 7ms
engine::centralized::service::key_gen::tests::abort_during_key_gen 8ms
engine::centralized::service::decryption::tests_public_decryption::not_found 176ms
engine::centralized::service::key_gen::tests::abort_not_found 8ms
engine::centralized::service::key_gen::tests::abort_with_existing_preproc 8ms
engine::centralized::service::key_gen::tests::invalid_argument 8ms
engine::centralized::service::key_gen::tests::resource_exhausted 8ms
engine::centralized::service::decryption::tests_public_decryption::resource_exhausted 169ms
engine::centralized::service::preprocessing::tests::already_exists 9ms
engine::centralized::service::preprocessing::tests::invalid_argument 8ms
engine::centralized::service::preprocessing::tests::not_found 8ms
engine::centralized::service::decryption::tests_public_decryption::sunshine 171ms
engine::centralized::service::preprocessing::tests::resource_exhausted 8ms
engine::centralized::service::preprocessing::tests::sunshine 8ms
engine::context::tests::parse_software_semantic_version 6ms
engine::context::tests::test_context_info_duplicate_party_ids 6ms
engine::context::tests::test_software_version_display 5ms
engine::context::tests::test_software_version_equality 6ms
engine::context::tests::test_software_version_major_comparison 6ms
engine::context::tests::test_software_version_minor_comparison 5ms
engine::context::tests::test_software_version_no_tag 5ms
engine::context::tests::test_software_version_patch_comparison 5ms
engine::context::tests::test_software_version_unordered_tag 5ms
engine::context_manager::tests::test_centralized_context_exists_and_consistent 7ms
engine::context_manager::tests::test_centralized_context_cache 7ms
engine::centralized::service::key_gen::tests::already_exists 134ms
engine::context_manager::tests::test_centralized_multiple_contexts 7ms
engine::context_manager::tests::test_custodian_context 14ms
engine::context_manager::tests::test_custodian_context_fails_on_backup_update_failure 10ms
engine::context_manager::tests::test_gen_recovery_request_payloads 9ms
engine::context_manager::tests::test_kms_context 7ms
engine::centralized::service::key_gen::tests::not_found 143ms
engine::context_manager::tests::test_kms_context_load_from_storage 7ms
engine::centralized::service::key_gen::tests::sunshine 136ms
engine::context_manager::tests::test_kms_context_load_multiple_from_storage 8ms
engine::keyset_configuration::tests::test_internal_keyset_config_decompression_only_missing_added_info 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_decompression_only_with_added_info_missing_ids 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_decompression_only_with_added_info_with_ids 5ms
engine::context_manager::tests::test_load_mpc_context_without_signing_key 7ms
engine::context_manager::tests::test_kms_context_load_multiple_from_storage_with_error 8ms
engine::keyset_configuration::tests::test_internal_keyset_config_none_defaults_to_standard 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_standard_default 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_standard_use_existing_missing_added_info 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_standard_use_existing_with_added_info_with_ids 5ms
engine::keyset_configuration::tests::test_internal_keyset_config_standard_use_existing_with_added_info_missing_ids 6ms
engine::keyset_configuration::tests::test_new_decompression_only_unparseable_from_id 5ms
engine::keyset_configuration::tests::test_new_decompression_only_unparseable_to_id 5ms
engine::migration::tests::s3_tests::test_0_13_x_to_0_13_10_no_legacy_s3 13ms
engine::migration::tests::s3_tests::test_0_13_x_to_0_13_10_centralized_s3 38ms
engine::migration::tests::s3_tests::test_0_13_x_to_0_13_10_skips_existing_s3 40ms
engine::migration::tests::s3_tests::test_0_13_x_to_0_13_10_idempotent_s3 45ms
engine::migration::tests::s3_tests::test_after_0_13_x_centralized_s3 36ms
engine::migration::tests::s3_tests::test_after_0_13_x_no_legacy_s3 13ms
engine::migration::tests::s3_tests::test_after_0_13_x_idempotent_s3 32ms
engine::migration::tests::s3_tests::test_0_13_x_to_0_13_10_threshold_s3 70ms
engine::migration::tests::s3_tests::test_migrate_centralized_s3 32ms
engine::migration::tests::s3_tests::test_migrate_no_legacy_data_s3 13ms
engine::migration::tests::s3_tests::test_migrate_idempotent_s3 29ms
engine::migration::tests::s3_tests::test_after_0_13_x_threshold_s3 47ms
engine::migration::tests::s3_tests::test_remove_old_keys_no_legacy_s3 12ms
engine::migration::tests::s3_tests::test_migrate_skips_existing_s3 26ms
engine::migration::tests::test_0_13_x_to_0_13_10_centralized_file 6ms
engine::migration::tests::test_0_13_x_to_0_13_10_centralized_ram 5ms
engine::migration::tests::s3_tests::test_remove_old_keys_skips_without_new_epoch_s3 22ms
engine::migration::tests::s3_tests::test_remove_old_keys_centralized_s3 34ms
engine::migration::tests::test_0_13_x_to_0_13_10_idempotent_file 7ms
engine::migration::tests::test_0_13_x_to_0_13_10_idempotent_ram 5ms
engine::migration::tests::test_0_13_x_to_0_13_10_no_legacy_file 6ms
engine::migration::tests::test_0_13_x_to_0_13_10_no_legacy_ram 5ms
engine::migration::tests::test_0_13_x_to_0_13_10_skips_existing_file 7ms
engine::migration::tests::test_0_13_x_to_0_13_10_skips_existing_ram 5ms
engine::migration::tests::test_0_13_x_to_0_13_10_threshold_ram 5ms
engine::migration::tests::test_0_13_x_to_0_13_10_threshold_file 7ms
engine::migration::tests::test_after_0_13_x_centralized_file 6ms
engine::migration::tests::s3_tests::test_migrate_threshold_s3 53ms
engine::migration::tests::test_after_0_13_x_centralized_ram 5ms
engine::migration::tests::test_after_0_13_x_idempotent_file 6ms
engine::migration::tests::test_after_0_13_x_idempotent_ram 5ms
engine::migration::tests::test_after_0_13_x_no_legacy_file 6ms
engine::migration::tests::s3_tests::test_remove_old_keys_threshold_s3 43ms
engine::migration::tests::test_after_0_13_x_no_legacy_ram 5ms
engine::migration::tests::test_after_0_13_x_threshold_file 7ms
engine::migration::tests::test_after_0_13_x_threshold_ram 6ms
engine::migration::tests::test_migrate_centralized_file 6ms
engine::migration::tests::test_migrate_centralized_ram 5ms
engine::migration::tests::test_migrate_combined_prss_no_data_file 6ms
engine::migration::tests::test_migrate_combined_prss_no_data_ram 5ms
engine::migration::tests::test_migrate_combined_prss_sunshine 6ms
engine::migration::tests::test_migrate_context_no_legacy 5ms
engine::migration::tests::test_migrate_context_idempotent 6ms
engine::migration::tests::test_migrate_context_sunshine 5ms
engine::migration::tests::test_migrate_idempotent_ram 5ms
engine::migration::tests::test_migrate_idempotent_file 6ms
engine::migration::tests::test_migrate_legacy_prss_sunshine 5ms
engine::migration::tests::test_migrate_no_legacy_data_file 5ms
engine::migration::tests::test_migrate_no_legacy_data_ram 5ms
engine::migration::tests::test_migrate_prss_already_migrated_skips 5ms
engine::migration::tests::test_migrate_prss_missing_z128_errors 6ms
engine::migration::tests::test_migrate_prss_no_legacy_data_errors 5ms
engine::migration::tests::test_migrate_prss_missing_z64_errors 6ms
engine::migration::tests::test_migrate_skips_existing_file 6ms
engine::migration::tests::test_migrate_skips_existing_ram 6ms
engine::migration::tests::test_migrate_threshold_ram 5ms
engine::migration::tests::test_migrate_to_0_13_10_centralized 6ms
engine::migration::tests::test_migrate_threshold_file 7ms
engine::migration::tests::test_migrate_to_0_13_10_empty_storage 5ms
engine::migration::tests::test_migrate_to_0_13_10_threshold 6ms
engine::migration::tests::test_migrate_to_0_13_x_centralized 5ms
engine::migration::tests::test_migrate_to_0_13_x_empty_storage 5ms
engine::migration::tests::test_migrate_to_0_13_x_threshold 5ms
engine::migration::tests::test_remove_old_keys_centralized_file 6ms
engine::migration::tests::test_remove_old_keys_centralized_ram 5ms
engine::migration::tests::test_remove_old_keys_no_legacy_file 5ms
engine::migration::tests::test_remove_old_keys_no_legacy_ram 5ms
engine::migration::tests::test_remove_old_keys_skips_without_new_epoch_file 6ms
engine::migration::tests::test_remove_old_keys_skips_without_new_epoch_ram 5ms
engine::migration::tests::test_remove_old_keys_threshold_ram 5ms
engine::migration::tests::test_remove_old_keys_threshold_file 7ms
engine::threshold::service::crs_generator::tests::abort_during_crs_gen 7ms
engine::threshold::service::crs_generator::tests::abort_not_found 6ms
engine::threshold::service::crs_generator::tests::already_exists 7ms
engine::threshold::service::crs_generator::tests::internal_failure 6ms
engine::threshold::service::crs_generator::tests::invalid_argument 6ms
engine::threshold::service::crs_generator::tests::not_found 6ms
engine::threshold::service::crs_generator::tests::resource_exhausted 6ms
engine::threshold::service::epoch_manager::tests::already_exists 6ms
engine::threshold::service::epoch_manager::tests::invalid_argument 6ms
engine::threshold::service::epoch_manager::tests::load_all_prss 6ms
engine::threshold::service::epoch_manager::tests::not_found 6ms
engine::threshold::service::epoch_manager::tests::sunshine 6ms
engine::threshold::service::epoch_manager::tests::test_destroy_epoch_not_found 6ms
engine::threshold::service::epoch_manager::tests::test_destroy_epoch_success 6ms
engine::threshold::service::epoch_manager::tests::test_resource_exhausted 6ms
engine::threshold::service::epoch_manager::tests::test_verify_epoch_info 5ms
engine::threshold::service::key_generator::tests::abort_key_gen_not_found 6ms
engine::threshold::service::key_generator::tests::abort_during_key_gen 7ms
engine::threshold::service::key_generator::tests::aborted 5ms
engine::threshold::service::key_generator::tests::already_exists 7ms
engine::threshold::service::key_generator::tests::internal 7ms
engine::threshold::service::key_generator::tests::invalid_argument 6ms
engine::threshold::service::key_generator::tests::not_found 7ms
engine::threshold::service::key_generator::tests::resource_exhausted 6ms
engine::threshold::service::crs_generator::tests::sunshine 54ms
engine::threshold::service::key_generator::tests::use_existing_key_tag_with_wrong_keyset_id 7ms
engine::threshold::service::key_generator::tests::sunshine 159ms
engine::threshold::service::kms_impl::tests::deser_v2_compressed_upgrades_and_reserializes_smaller 192ms
engine::threshold::service::preprocessor::tests::abort_during_preproc 8ms
engine::threshold::service::preprocessor::tests::abort_preproc_not_found 7ms
engine::threshold::service::kms_impl::tests::roundtrip_v3_compressed_and_lazy_decompress 204ms
engine::threshold::service::preprocessor::tests::already_exists 7ms
engine::threshold::service::preprocessor::tests::internal 7ms
engine::threshold::service::preprocessor::tests::invalid_argument 6ms
engine::threshold::service::preprocessor::tests::not_found 7ms
engine::threshold::service::preprocessor::tests::resource_exhausted 6ms
engine::threshold::service::kms_impl::tests::upgrade_public_key_material_v0_compressed_drops_decompressed_keys 110ms
engine::threshold::service::public_decryptor::tests::already_exists 99ms
engine::threshold::service::public_decryptor::tests::invalid_argument 78ms
engine::threshold::service::public_decryptor::tests::not_found 246ms
engine::threshold::service::public_decryptor::tests::sunshine 89ms
engine::threshold::service::public_decryptor::tests::test_resource_exhausted 80ms
engine::threshold::service::reshare_utils::tests::bad_digests_get_verified_public_materials 174ms
engine::threshold::service::preprocessor::tests::cannot_start_same_preproc_id_after_completion 980ms
engine::threshold::service::preprocessor::tests::sunshine 983ms
engine::threshold::service::reshare_utils::tests::bad_digests_get_verified_public_materials_compressed 248ms
engine::threshold::service::reshare_utils::tests::sunshine_fetch_public_materials_from_peers_compressed 101ms
engine::threshold::service::reshare_utils::tests::empty_storage_fetch_public_materials_from_peers 201ms
engine::threshold::service::reshare_utils::tests::sunshine_get_verified_public_materials 12ms
engine::threshold::service::reshare_utils::tests::test_split_url 6ms
engine::threshold::service::reshare_utils::tests::sunshine_fetch_public_materials_from_peers 195ms
engine::threshold::service::reshare_utils::tests::wrong_digest_fetch_public_materials_from_peers 20ms
engine::threshold::service::reshare_utils::tests::sunshine_get_verified_public_materials_compressed 99ms
engine::threshold::service::user_decryptor::tests::already_exists 77ms
engine::threshold::service::reshare_utils::tests::wrong_digest_fetch_public_materials_from_peers_compressed 102ms
engine::threshold::service::user_decryptor::tests::invalid_argument 80ms
engine::threshold::service::user_decryptor::tests::resource_exhausted 80ms
engine::threshold::service::user_decryptor::tests::sunshine 150ms
engine::threshold::service::user_decryptor::tests::not_found 468ms
engine::utils::tests::sanity_check_crs_invalid_digest 993ms
engine::utils::tests::sanity_check_crs_legacy_readability_only 1.0s
engine::utils::tests::sanity_check_current_compressed_keys_invalid_compressed_keyset_digest 172ms
engine::utils::tests::sanity_check_crs_valid_digest 910ms
engine::utils::tests::sanity_check_current_compressed_keys_invalid_public_key_digest 132ms
engine::utils::tests::sanity_check_current_compressed_keys_missing_public_key_fails 131ms
engine::utils::tests::sanity_check_current_standard_keys_invalid_digest 11ms
engine::utils::tests::sanity_check_current_standard_keys_valid_digests 11ms
engine::utils::tests::sanity_check_extra_data_empty 6ms
engine::utils::tests::sanity_check_extra_data_unknown_version 6ms
engine::utils::tests::sanity_check_extra_data_version_0_valid 5ms
engine::utils::tests::sanity_check_extra_data_version_0_wrong_length 5ms
engine::utils::tests::sanity_check_extra_data_version_1_context_mismatch 5ms
engine::utils::tests::sanity_check_extra_data_version_1_valid 5ms
engine::utils::tests::sanity_check_extra_data_version_1_wrong_length 5ms
engine::utils::tests::sanity_check_extra_data_version_2_context_mismatch 5ms
engine::utils::tests::sanity_check_extra_data_version_2_epoch_mismatch 5ms
engine::utils::tests::sanity_check_extra_data_version_2_valid 5ms
engine::utils::tests::sanity_check_extra_data_version_2_wrong_length 5ms
engine::utils::tests::sanity_check_current_compressed_keys_valid_digests 129ms
engine::utils::tests::sanity_check_legacy_metadata_with_only_public_key_fails 11ms
engine::utils::tests::sanity_check_current_compressed_keyset_without_public_key_fails_as_inconsistent 122ms
engine::utils::tests::sanity_check_legacy_metadata_with_only_server_key_fails 11ms
engine::utils::tests::sanity_check_legacy_standard_metadata_readability_only 11ms
engine::utils::tests::test_metriced_error_drop_without_return 6ms
engine::utils::tests::test_metriced_error_creation 6ms
engine::validation_non_wasm::tests::test_max_num_bits_verification 6ms
engine::utils::tests::test_metriced_error_no_dropping 6ms
engine::validation_non_wasm::tests::test_select_most_common_dec 5ms
engine::validation_non_wasm::tests::test_validate_new_mpc_epoch_request 6ms
engine::validation_non_wasm::tests::test_validate_public_decrypt_meta_response 8ms
engine::validation_non_wasm::tests::test_validate_public_decrypt_meta_response_with_eip712 8ms
engine::validation_non_wasm::tests::test_validate_public_decrypt_req 5ms
engine::validation_non_wasm::tests::test_validate_public_decrypt_responses 10ms
engine::validation_non_wasm::tests::test_validate_request_id 5ms
engine::validation_non_wasm::tests::test_validate_public_decrypt_responses_against_request 12ms
engine::validation_non_wasm::tests::test_validate_user_decrypt_req 6ms
engine::validation_non_wasm::tests::test_verify_user_decrypt_eip712 6ms
engine::validation_wasm::tests::test_select_most_common_user_dec 5ms
engine::validation_wasm::tests::test_check_ext_user_decryption_signature 8ms
engine::validation_wasm::tests::test_validate_user_decrypt_meta_data_and_signature 7ms
engine::validation_wasm::tests::test_validate_user_decrypt_responses_against_request 8ms
engine::utils::tests::sanity_check_legacy_metadata_with_compressed_keyset_fails 122ms
grpc::tests::regression_tests::test_request_id_compile_time_interface_stability 5ms
engine::validation_wasm::tests::test_validate_user_decrypt_responses_with_5_responses 9ms
grpc::tests::regression_tests::test_request_id_core_structure_and_api_consistency 5ms
grpc::tests::regression_tests::test_request_id_validation_and_error_handling 5ms
grpc::tests::unit_tests::test_get_meta_store_info_with_real_stores 6ms
grpc::tests::unit_tests::test_get_meta_store_info_with_unavailable_stores 5ms
grpc::tests::unit_tests::test_list_requests_invalid_store_type 5ms
grpc::tests::unit_tests::test_list_requests_pagination 5ms
grpc::tests::unit_tests::test_list_requests_with_real_stores 5ms
grpc::tests::unit_tests::test_list_requests_with_unavailable_stores 5ms
grpc::tests::unit_tests::test_service_with_mixed_store_availability 5ms
testing::material::manager::tests::test_setup_centralized_material 7ms
testing::material::spec::tests::test_centralized_basic_spec 5ms
testing::material::manager::tests::test_setup_threshold_material 9ms
testing::material::spec::tests::test_comprehensive_spec 5ms
testing::material::spec::tests::test_key_type_covers_all_priv_data_types 5ms
testing::material::spec::tests::test_key_type_covers_all_pub_data_types 5ms
testing::material::spec::tests::test_serialization 5ms
testing::material::spec::tests::test_threshold_basic_spec 5ms
testing::material::spec::tests::test_threshold_default_no_prss_spec 5ms
testing::material::spec::tests::test_threshold_default_spec_requires_prss 5ms
testing::material::tests::threshold_id_names_match_legacy_constants 5ms
util::file_handling::tests::read_write_element 5ms
testing::utils::test_purge 8ms
util::file_handling::tests::read_write_text 6ms
util::meta_store::tests::auto_remove 5ms
util::meta_store::tests::delete 7ms
util::meta_store::tests::double_insert 7ms
util::meta_store::tests::sunshine 7ms
util::meta_store::tests::test_kickout_of_errors 7ms
engine::validation_wasm::tests::test_validate_user_decrypt_responses 180ms
util::meta_store::tests::too_many_elements 18ms
util::rate_limiter::tests::test_rate_limiting_1 20ms
util::rate_limiter::tests::test_rate_limiting_more 16ms
util::rate_limiter::tests::test_rate_limiting_refusal 14ms
util::retry::tests::fatal_loop_fails 65ms
util::retry::tests::retry_loop_fails 53ms
util::retry::tests::sunshine_fatal_loop 64ms
util::retry::tests::sunshine_retry_loop 75ms
vault::keychain::secretsharing::tests::test_encrypt_and_decrypt_roundtrip 22ms
vault::keychain::secretsharing::tests::test_new_keychain_without_pub_storage 19ms
vault::keychain::secretsharing::tests::test_operator_public_key_bytes_error 17ms
vault::keychain::secretsharing::tests::test_set_and_get_backup_enc_key 10ms
vault::keychain::secretsharing::tests::test_validate_recovery_material_invalid_signature 22ms
vault::keychain::secretsharing::tests::test_validate_recovery_material_no_material_is_ok 17ms
vault::keychain::secretsharing::tests::test_validate_recovery_material_valid_signature 23ms
vault::keychain::tests::test_verify_root_key_measurements 16ms
vault::storage::crypto_material::tests::compressed_fhe_keys_exist_requires_standalone_public_key 259ms
vault::storage::crypto_material::tests::data_exists_paths 7ms
vault::storage::crypto_material::tests::handle_fhe_keys_compressed_writes_and_caches 127ms
vault::storage::crypto_material::tests::inner_update_backup_vault_paths 7ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_legacy_metadata_fails 412ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_missing_source 270ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_overwrite 533ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_to_original_success 487ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_updates_backup_vault 427ms
vault::storage::crypto_material::tests::migration::test_copy_compressed_key_validation_failure_is_atomic 432ms
vault::storage::crypto_material::tests::purge_material_paths 9ms
vault::storage::crypto_material::tests::read_guarded_crypto_material_from_cache_not_found 8ms
vault::storage::crypto_material::tests::read_guarded_threshold_fhe_keys_not_found 7ms
vault::storage::crypto_material::tests::read_public_key 13ms
vault::storage::crypto_material::tests::refresh_fhe_private_material_paths 17ms
vault::storage::crypto_material::tests::update_meta_store_failure_paths 29ms
vault::storage::crypto_material::tests::update_meta_store_storage_outcomes 19ms
vault::storage::crypto_material::tests::write_all_no_overwrite_of_existing_data 12ms
vault::storage::crypto_material::tests::write_all_purges_on_write_failure 18ms
vault::storage::crypto_material::tests::write_all_updates_backup_vault 18ms
vault::storage::crypto_material::tests::write_backup_keys 15ms
vault::storage::crypto_material::tests::write_backup_keys_no_vault 16ms
vault::storage::crypto_material::tests::write_central_keys 74ms
vault::storage::crypto_material::tests::write_central_keys_failed_storage_sets_terminal_error 53ms
vault::storage::crypto_material::tests::write_crs 648ms
vault::storage::crypto_material::tests::write_pub_data_and_priv_data_paths 7ms
vault::storage::crypto_material::tests::write_threshold_compressed_empty_update_cleans_up 389ms
util::meta_store::tests::test_subscription 5.0s
vault::storage::crypto_material::tests::write_threshold_empty_update 293ms
vault::storage::crypto_material::tests::write_threshold_keys_failed_storage 272ms
vault::storage::file::tests::storage_helper_methods::threshold_1_true 32ms
vault::storage::file::tests::storage_helper_methods::threshold_2_false 33ms
vault::storage::file::tests::test_all_data_ids_from_all_epochs_file 26ms
vault::storage::crypto_material::tests::write_threshold_keys_meta_update 254ms
vault::storage::file::tests::test_data_ids_with_only_epoch_data_file 25ms
vault::storage::file::tests::test_delete_at_epoch_keeps_dir_when_not_empty 21ms
vault::storage::file::tests::test_delete_at_epoch_removes_empty_epoch_dir 19ms
vault::storage::file::tests::test_epoch_ids_with_only_non_epoch_data_file 19ms
vault::storage::file::tests::test_epoch_storage 17ms
vault::storage::file::tests::test_overwrite_logic_files 7ms
vault::storage::file::tests::test_mixed_epoch_and_non_epoch_data_file 11ms
vault::storage::file::tests::test_store_bytes_at_epoch_does_not_overwrite_file 7ms
vault::storage::file::tests::test_store_load_bytes_at_epoch_file 7ms
vault::storage::ram::tests::storage_helper_methods 6ms
vault::storage::ram::tests::test_all_data_ids_from_all_epochs_ram 6ms
vault::storage::ram::tests::test_data_ids_with_only_epoch_data_ram 5ms
vault::storage::ram::tests::test_epoch_ids_with_only_non_epoch_data_ram 6ms
vault::storage::ram::tests::test_mixed_epoch_and_non_epoch_data_ram 5ms
vault::storage::ram::tests::test_overwrite_logic_ram 5ms
vault::storage::ram::tests::test_overwrite_logic_ram_on_epoch 5ms
vault::storage::ram::tests::test_store_load_bytes_at_epoch_ram 5ms
vault::storage::s3::test_find_region 5ms
vault::storage::s3::tests::test_all_data_ids_from_all_epochs_s3 59ms
vault::storage::s3::tests::s3_storage_helper_methods 82ms
vault::storage::s3::tests::test_data_ids_with_only_epoch_data_s3 29ms
vault::storage::s3::tests::test_epoch_ids_with_only_non_epoch_data_s3 29ms
vault::storage::s3::tests::test_epoch_methods_in_s3 43ms
vault::storage::s3::tests::test_overwrite_logic_files 29ms
vault::storage::s3::tests::test_mixed_epoch_and_non_epoch_data_s3 57ms
vault::storage::s3::tests::test_s3_anon 20ms
vault::storage::s3::tests::test_store_bytes_at_epoch_does_not_overwrite_s3 22ms
vault::tests::regression_test_vault_data_type_serialization 5ms
vault::tests::test_custodian_backup_folder_hierarchy 7ms
vault::storage::s3::tests::test_store_load_bytes_at_epoch_s3 39ms
util::key_setup::tests::test_max_num_bits 5.9s
engine::threshold::service::epoch_manager::tests::prss_from_storage_test 10.1s
engine::threshold::service::crs_generator::tests::unavailable 1m
client::tests::threshold::mpc_epoch_tests::test_new_epoch_with_reshare 10m 15s
kms_gen_keys_binary_test::threshold_signing_key 48ms
kms_gen_keys_binary_test::threshold_wrong_num_parties 176ms
kms_gen_keys_binary_test::threshold_signing_key_wrong_party_id 176ms
test_backward_compatibility_threshold_fhe 111ms
config_conformance_client_local_centralized 5ms
test_centralized_abort_key_gen 663ms
test_centralized_abort_crs_gen 667ms
test_centralized_insecure_default_keygen 685ms
test_centralized_custodian_backup 703ms
test_centralized_crsgen_secure 914ms
test_centralized_restore_from_backup 892ms
test_centralized_insecure 41.7s

🍂 No flaky tests in this run.

Github Test Reporter by CTRF 💚

🔄 This comment has been updated

@kc1212 kc1212 force-pushed the kc1212/chore/3023/deterministic-backward-compatibility-tests branch 2 times, most recently from 1c4e1fc to 2d33cc5 Compare May 20, 2026 13:40
@kc1212 kc1212 marked this pull request as ready for review May 20, 2026 13:59
@kc1212 kc1212 force-pushed the kc1212/chore/3023/deterministic-backward-compatibility-tests branch from 2d33cc5 to cea9f4e Compare May 20, 2026 14:00
@kc1212
Copy link
Copy Markdown
Contributor Author

kc1212 commented May 21, 2026

A few nitpicks but otherwise it LGTM. I don't love the ALLOW_UNCOVERED stuff or the workspace scanning, but I also don't know of a better way to do this.

Actually ALLOW_UNCOVERED wasn't introduced in this PR, it's from another one that already got merged to main

@dd23 dd23 requested a review from Copilot May 21, 2026 11:52
Copilot AI reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves determinism and workflow safety for backward-compatibility fixtures by (1) making new fixture generation byte-stable (notably by removing HashMap-driven nondeterminism and timestamp nondeterminism) and (2) preventing routine regeneration from touching historically frozen/non-deterministic versions.

Changes:

  • Split backward-compatibility fixture versions into frozen vs deterministic, and restrict generate-backward-compatibility-all / cleaning to deterministic versions only.
  • Make KeyGenMetadataInner serialization deterministic by introducing a new version that uses BTreeMap (and updating call sites/tests accordingly).
  • Add a regression test suite that repeatedly builds/serializes representative fixtures to detect accidental nondeterminism.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
Makefile Introduces frozen vs deterministic version lists; updates clean-* and generate-*-all to only affect deterministic versions.
docs/developer/backward_compatibility.md Updates developer docs to explain frozen vs deterministic generation and new regeneration semantics.
core/service/tests/backward_compatibility_kms.rs Updates test construction to use deterministic BTreeMap digests for current metadata paths.
core/service/tests/backward_compatibility_determinism.rs Adds regression tests asserting byte-stable serialization across repeated fixture construction.
core/service/src/vault/storage/crypto_material/tests/migration.rs Updates test metadata creation for new KeyGenMetadata::new signature (BTreeMap).
core/service/src/vault/storage/crypto_material/tests.rs Updates helper metadata construction for new KeyGenMetadata::new signature (BTreeMap).
core/service/src/engine/utils.rs Adjusts digest verification helper APIs to accept BTreeMap for deterministic iteration/serialization behavior.
core/service/src/engine/threshold/service/kms_impl.rs Updates threshold engine tests to use new metadata constructor signature (BTreeMap).
core/service/src/engine/base.rs Introduces KeyGenMetadataInner V2 with BTreeMap; adds upgrade path V1→V2 to preserve compatibility while ensuring determinism going forward.
core/service/src/backup/custodian.rs Adds timestamp-injection API (generate_setup_message_with_timestamp) to support deterministic fixture creation.
backward-compatibility/generate-v0.14.0/src/generate.rs Prevents duplicate .ron rows by replacing existing entries for regenerated versions instead of always appending.
backward-compatibility/ADDING_NEW_VERSIONS.md Updates “adding versions” guide to reflect deterministic vs frozen approach and current generator baseline.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Makefile Outdated
Comment thread Makefile
Comment on lines +36 to +50
# Frozen — generators may be non-deterministic. Their data is committed and
# must NOT be deleted or regenerated by `generate-backward-compatibility-all`.
FROZEN_BWC_VERSIONS := 0.11.0 0.11.1 0.13.0 0.13.10 0.13.20

# Deterministic — re-running produces byte-identical output.
# `generate-backward-compatibility-all` cleans and regenerates these.
DETERMINISTIC_BWC_VERSIONS := 0.14.0

# Derived data-dir paths (e.g. 0.14.0 -> backward-compatibility/data/0_14_0)
DETERMINISTIC_BWC_DIRS := $(addprefix backward-compatibility/data/,$(subst .,_,$(DETERMINISTIC_BWC_VERSIONS)))

clean-backward-compatibility-data:
rm -f backward-compatibility/data/kms.ron
rm -f backward-compatibility/data/kms-grpc.ron
rm -f backward-compatibility/data/threshold-fhe.ron
rm -rf backward-compatibility/data/0_11_0
rm -rf backward-compatibility/data/0_11_1
rm -rf backward-compatibility/data/0_13_0
rm -rf backward-compatibility/data/0_13_10
rm -rf backward-compatibility/data/0_13_20
rm -rf backward-compatibility/data/0_14_0

generate-backward-compatibility-v0.11.0:
cd backward-compatibility/generate-v0.11.0 && cargo run --release

generate-backward-compatibility-v0.11.1:
cd backward-compatibility/generate-v0.11.1 && cargo run --release
@# Only deterministic-version dirs are removed. Frozen dirs and the shared
@# .ron files are preserved so committed frozen entries survive.
@if [ -n "$(DETERMINISTIC_BWC_DIRS)" ]; then rm -rf $(DETERMINISTIC_BWC_DIRS); fi
Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 904f248

Comment thread docs/developer/backward_compatibility.md
Comment on lines 46 to +49
make generate-backward-compatibility-all
```

Or generate for specific versions:
Or generate for a specific version with an existing Makefile target:
Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 904f248

Comment thread docs/developer/backward_compatibility.md
```

The `make generate-backward-compatibility-all` target cleans old data first, then runs all generators in sequence.
The `make generate-backward-compatibility-all` target only cleans and regenerates **deterministic** versions (listed in `DETERMINISTIC_BWC_VERSIONS` in the root `Makefile`). **Frozen** versions (`FROZEN_BWC_VERSIONS`, currently everything up to and including `0.13.20`) are left untouched — their data dirs are preserved and their generators are not invoked. The shared `.ron` files are never deleted by `-all`, so committed frozen entries survive across regenerations.
Copy link
Copy Markdown
Contributor Author

@kc1212 kc1212 May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 904f248

kc1212 and others added 2 commits May 21, 2026 14:10
@kc1212
Potential fix for pull request finding
a486c5d 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@kc1212
chore: make docs consistent
904f248
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dvdplm dvdplm dvdplm left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@kc1212 kc1212

Labels

cla-signed The CLA has been signed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kc1212 @dvdplm