From c4ffc72894c73d032169d8981f70c5eaca1e51f1 Mon Sep 17 00:00:00 2001 From: Tore Frederiksen Date: Fri, 15 May 2026 12:15:28 +0200 Subject: [PATCH 1/4] chore: setup new backwards compatibility tests --- Cargo.lock | 38 +- Cargo.toml | 5 +- Makefile | 6 +- ai-docs/COMMANDS.md | 1 + backward-compatibility/ADDING_NEW_VERSIONS.md | 5 +- backward-compatibility/Cargo.lock | 154 -- backward-compatibility/Cargo.toml | 2 +- .../data/0_11_0/kms/kms_fhe_key_handles.bcode | 2 +- .../data/0_11_1/kms/kms_fhe_key_handles.bcode | 2 +- .../legacy_key_gen_metadata.bcode | 2 +- .../data/0_13_0/kms/kms_fhe_key_handles.bcode | 2 +- .../legacy_key_gen_metadata.bcode | 2 +- .../data/0_13_10/kms/key_gen_metadata.bcode | 2 +- .../0_13_10/kms/kms_fhe_key_handles.bcode | 2 +- .../0_13_20/kms/signcryption_payload.bincode | Bin 29 -> 0 bytes .../data/0_13_20/kms/typed_plaintext.bincode | Bin 17 -> 0 bytes backward-compatibility/data/kms-grpc.ron | 6 +- backward-compatibility/data/kms.ron | 54 +- backward-compatibility/data/threshold-fhe.ron | 16 +- .../generate-v0.11.0/Cargo.lock | 2 +- .../generate-v0.11.1/Cargo.lock | 2 +- .../generate-v0.13.0/Cargo.lock | 2 +- .../generate-v0.13.10/Cargo.lock | 2 +- .../generate-v0.13.20/Cargo.lock | 1429 ++++++++++------- .../generate-v0.13.20/src/data_0_13.rs | 267 +-- docs/developer/backward_compatibility.md | 4 + 26 files changed, 926 insertions(+), 1083 deletions(-) delete mode 100644 backward-compatibility/Cargo.lock delete mode 100644 backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode delete mode 100644 backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode diff --git a/Cargo.lock b/Cargo.lock index 12aa83646d..5e948fd64e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1763,7 +1763,7 @@ dependencies = [ [[package]] name = "backward-compatibility" -version = "0.13.20" +version = "0.14.0" dependencies = [ "bincode 1.3.3", "ron 0.10.1", @@ -3030,7 +3030,7 @@ dependencies = [ [[package]] name = "error-utils" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "tracing", @@ -3065,7 +3065,7 @@ dependencies = [ [[package]] name = "experiments" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes-prng", "anyhow", @@ -3386,7 +3386,7 @@ checksum = "312d2295c7302019c395cfb90dacd00a82a2eabd700429bba9c7a3f38dbbe11b" [[package]] name = "generate-test-material" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "clap", @@ -4217,7 +4217,7 @@ dependencies = [ [[package]] name = "kms" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes", "aes-gcm", @@ -4313,7 +4313,7 @@ dependencies = [ [[package]] name = "kms-core-client" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes-prng", "alloy-primitives", @@ -4359,7 +4359,7 @@ dependencies = [ [[package]] name = "kms-grpc" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "alloy-dyn-abi", "alloy-primitives", @@ -4387,7 +4387,7 @@ dependencies = [ [[package]] name = "kms-health-check" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "clap", @@ -4912,7 +4912,7 @@ dependencies = [ [[package]] name = "observability" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "axum", @@ -7358,7 +7358,7 @@ dependencies = [ [[package]] name = "test-utils" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "bc2wrap", @@ -7369,11 +7369,11 @@ dependencies = [ [[package]] name = "test-utils-cc" -version = "0.13.20-0" +version = "0.14.0-0" [[package]] name = "test-utils-service" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "quote", "syn 2.0.114", @@ -7544,7 +7544,7 @@ dependencies = [ [[package]] name = "thread-handles" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "error-utils", @@ -7574,7 +7574,7 @@ dependencies = [ [[package]] name = "threshold-algebra" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes-prng", "anyhow", @@ -7601,7 +7601,7 @@ dependencies = [ [[package]] name = "threshold-bgv" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes-prng", "anyhow", @@ -7629,7 +7629,7 @@ dependencies = [ [[package]] name = "threshold-execution" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "aes", "aes-prng", @@ -7677,7 +7677,7 @@ dependencies = [ [[package]] name = "threshold-hashing" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "bc2wrap", @@ -7687,7 +7687,7 @@ dependencies = [ [[package]] name = "threshold-networking" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "async-trait", @@ -7724,7 +7724,7 @@ dependencies = [ [[package]] name = "threshold-types" -version = "0.13.20-0" +version = "0.14.0-0" dependencies = [ "anyhow", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index 00e4acae49..79da97c000 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,6 +29,7 @@ members = [ # backward-compatibility/generate-v0.13.0 - Data generation for v0.13.0 with old KMS version dependencies # backward-compatibility/generate-v0.13.10 - Data generation for v0.13.10 with old KMS version dependencies # backward-compatibility/generate-v0.13.20 - Data generation for v0.13.20 with old KMS version dependencies +# backward-compatibility/generate-v0.14.0 - Data generation for v0.14.0 with old KMS version dependencies # # The generate crates need to import old KMS versions (e.g., v0.11.0, v0.11.1) which conflict with the # current workspace dependencies, creating name conflicts as described in: @@ -37,14 +38,14 @@ members = [ # Note: It's not possible to only generate the lock file using specific features as the resolver # builds the graph as if all features are enabled: # https://doc.rust-lang.org/cargo/reference/resolver.html#features -exclude = ["backward-compatibility", "backward-compatibility/generate-v0.11.0", "backward-compatibility/generate-v0.11.1", "backward-compatibility/generate-v0.13.0", "backward-compatibility/generate-v0.13.10", "backward-compatibility/generate-v0.13.20"] +exclude = ["backward-compatibility", "backward-compatibility/generate-v0.11.0", "backward-compatibility/generate-v0.11.1", "backward-compatibility/generate-v0.13.0", "backward-compatibility/generate-v0.13.10", "backward-compatibility/generate-v0.13.20", "backward-compatibility/generate-v0.14.0"] [workspace.package] authors = ["Zama"] publish = true edition = "2024" license = "BSD-3-Clause-Clear" -version = "0.13.20-0" +version = "0.14.0-0" repository = "https://github.com/zama-ai/kms" description = "Key Management System for the Zama Protocol." diff --git a/Makefile b/Makefile index 7993c565a4..44f92eadf7 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,7 @@ clean-backward-compatibility-data: rm -rf backward-compatibility/data/0_13_0 rm -rf backward-compatibility/data/0_13_10 rm -rf backward-compatibility/data/0_13_20 + rm -rf backward-compatibility/data/0_14_0 generate-backward-compatibility-v0.11.0: cd backward-compatibility/generate-v0.11.0 && cargo run --release @@ -58,7 +59,10 @@ generate-backward-compatibility-v0.13.10: generate-backward-compatibility-v0.13.20: cd backward-compatibility/generate-v0.13.20 && cargo run --release -generate-backward-compatibility-all: clean-backward-compatibility-data generate-backward-compatibility-v0.11.0 generate-backward-compatibility-v0.11.1 generate-backward-compatibility-v0.13.0 generate-backward-compatibility-v0.13.10 generate-backward-compatibility-v0.13.20 +generate-backward-compatibility-v0.14.0: + cd backward-compatibility/generate-v0.14.0 && cargo run --release + +generate-backward-compatibility-all: clean-backward-compatibility-data generate-backward-compatibility-v0.11.0 generate-backward-compatibility-v0.11.1 generate-backward-compatibility-v0.13.0 generate-backward-compatibility-v0.13.10 generate-backward-compatibility-v0.13.20 generate-backward-compatibility-v0.14.0 @echo "Generated backward compatibility data for all versions" # Test material generation targets diff --git a/ai-docs/COMMANDS.md b/ai-docs/COMMANDS.md index 2206faa4e2..9a66e4d9ed 100644 --- a/ai-docs/COMMANDS.md +++ b/ai-docs/COMMANDS.md @@ -94,6 +94,7 @@ make generate-backward-compatibility-v0.11.1 make generate-backward-compatibility-v0.13.0 make generate-backward-compatibility-v0.13.10 make generate-backward-compatibility-v0.13.20 +make generate-backward-compatibility-v0.14.0 ``` Clean all generated BC data: diff --git a/backward-compatibility/ADDING_NEW_VERSIONS.md b/backward-compatibility/ADDING_NEW_VERSIONS.md index 36e14ed1e6..6452f8c9df 100644 --- a/backward-compatibility/ADDING_NEW_VERSIONS.md +++ b/backward-compatibility/ADDING_NEW_VERSIONS.md @@ -117,7 +117,10 @@ make test-backward-compatibility-local |----------------|--------------|--------------|------------------|--------| | `generate-v0.11.0` | `backward-compatibility-generate-v0-11-0` | v0.11.0 | serde 1.0.219, alloy 1.1.2, tfhe 1.3.2 | ✅ Active | | `generate-v0.11.1` | `backward-compatibility-generate-v0-11-1` | v0.11.1 | serde 1.0.226, alloy 1.3.1, tfhe 1.3.3 | ✅ Active | -| `generate-v0.12.0` | `backward-compatibility-generate-v0-12-0` | v0.12.0+ | TBD | 🚧 Future (when needed) | +| `generate-v0.13.0` | `backward-compatibility-generate-v0-13-0` | v0.13.0 | — | ✅ Active | +| `generate-v0.13.10` | `backward-compatibility-generate-v0-13-10` | v0.13.10 | — | ✅ Active | +| `generate-v0.13.20` | `backward-compatibility-generate-v0-13-20` | v0.13.20 | — | ✅ Active | +| `generate-v0.14.0` | `backward-compatibility-generate-v0-14-0` | v0.14.0 | tfhe-versionable 0.7.0, tfhe 1.6.1, alloy 1.4.1, serde 1.0.228 | ✅ Active | **Note**: v0.11.0 and v0.11.1 require separate generators due to incompatible alloy and tfhe versions. diff --git a/backward-compatibility/Cargo.lock b/backward-compatibility/Cargo.lock deleted file mode 100644 index 072fdd863d..0000000000 --- a/backward-compatibility/Cargo.lock +++ /dev/null @@ -1,154 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 4 - -[[package]] -name = "backward-compatibility" -version = "0.13.1" -dependencies = [ - "bincode", - "ron", - "semver", - "serde", - "strum", -] - -[[package]] -name = "base64" -version = "0.22.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" - -[[package]] -name = "bincode" -version = "1.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" -dependencies = [ - "serde", -] - -[[package]] -name = "bitflags" -version = "2.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3" -dependencies = [ - "serde_core", -] - -[[package]] -name = "heck" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" - -[[package]] -name = "proc-macro2" -version = "1.0.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.41" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "ron" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "beceb6f7bf81c73e73aeef6dd1356d9a1b2b4909e1f0fc3e59b034f9572d7b7f" -dependencies = [ - "base64", - "bitflags", - "serde", - "serde_derive", - "unicode-ident", -] - -[[package]] -name = "semver" -version = "1.0.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" - -[[package]] -name = "serde" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" -dependencies = [ - "serde_core", - "serde_derive", -] - -[[package]] -name = "serde_core" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "strum" -version = "0.27.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" -dependencies = [ - "strum_macros", -] - -[[package]] -name = "strum_macros" -version = "0.27.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" -dependencies = [ - "heck", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "syn" -version = "2.0.107" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a26dbd934e5451d21ef060c018dae56fc073894c5a7896f882928a76e6d081b" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" - -[[patch.unused]] -name = "rcgen" -version = "0.14.0" -source = "git+https://github.com/mkmks/rcgen.git?branch=k256#d3239ab9a4e632c75bea0b09da1389d44b411e13" diff --git a/backward-compatibility/Cargo.toml b/backward-compatibility/Cargo.toml index f3cef7fa42..d8ecb45971 100644 --- a/backward-compatibility/Cargo.toml +++ b/backward-compatibility/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "backward-compatibility" -version = "0.13.20" +version = "0.14.0" publish = false authors = ["Zama"] edition = "2021" diff --git a/backward-compatibility/data/0_11_0/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_11_0/kms/kms_fhe_key_handles.bcode index c1ba2d0934..5d41e2eafc 100644 --- a/backward-compatibility/data/0_11_0/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_11_0/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8db11b1373de6d643aea6dc9117eb41ddb3f24671290b58e7a38368ec6d202bf +oid sha256:e8d74ed16cbbb34018f8cc03b234818f7d2fd0b6255b47fb09db0d9af8845343 size 11428 diff --git a/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode index 2859334bb1..e30c1ff159 100644 --- a/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:78dcf61f269be47abe065d2f0b249ad076adf613284f90b9f1163f075133b6fb +oid sha256:5ab1ea78f19d679845dbea16d39dc5d02311736a66efc7dc86284eddfec94180 size 11199 diff --git a/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode b/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode index d761bf957d..3e915b7200 100644 --- a/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:28e48be8b487d1008bb0c3231e1c04b7632516cefb43209050f354d08e557531 +oid sha256:dcaa5ec92d837668257440f038409da4cfbab18d2f2f700f553386ae7b1802e5 size 468 diff --git a/backward-compatibility/data/0_13_0/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_13_0/kms/kms_fhe_key_handles.bcode index 501fb29423..01f8f8a85c 100644 --- a/backward-compatibility/data/0_13_0/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_13_0/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56a6f47fe169b963fdc1b33bc3a74245d66832b22f62261679bee85a0dc5013e +oid sha256:2190f3e6afd35d3c1da4fe9e058d90c4b6e25febe03de181343db0170465d2b0 size 11208 diff --git a/backward-compatibility/data/0_13_10/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode b/backward-compatibility/data/0_13_10/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode index d761bf957d..3e915b7200 100644 --- a/backward-compatibility/data/0_13_10/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_10/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:28e48be8b487d1008bb0c3231e1c04b7632516cefb43209050f354d08e557531 +oid sha256:dcaa5ec92d837668257440f038409da4cfbab18d2f2f700f553386ae7b1802e5 size 468 diff --git a/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode b/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode index c08bd87f6f..aff78c52fe 100644 --- a/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:62f8b355d53250052ce835b22a04b5911c2b196013e00fb446baf87927584134 +oid sha256:d11d0c555157f483446fd64c71c694019f4ffff92c8604ace43b8a828d952a43 size 245 diff --git a/backward-compatibility/data/0_13_10/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_13_10/kms/kms_fhe_key_handles.bcode index 01f8f8a85c..501fb29423 100644 --- a/backward-compatibility/data/0_13_10/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_13_10/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2190f3e6afd35d3c1da4fe9e058d90c4b6e25febe03de181343db0170465d2b0 +oid sha256:56a6f47fe169b963fdc1b33bc3a74245d66832b22f62261679bee85a0dc5013e size 11208 diff --git a/backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode b/backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode deleted file mode 100644 index 3d998f4d15a2f7c391836229df41f62d71d7732a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29 ZcmZQ&fB;4&W)@ZsAe#j$aBuCt_W%l816cq7 diff --git a/backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode b/backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode deleted file mode 100644 index 50b7c47b79702e4dc18ab4ba027ddb3cfe249b4e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 ScmZQ&fB;4&W)@ZsAR7Px alloy_sol_types_1_4_1::Eip712Domain { alloy_sol_types_1_4_1::eip712_domain!( name: "Authorization token", @@ -1022,119 +973,6 @@ impl KmsV0_13_20 { TestMetadataKMS::SoftwareVersion(SOFTWARE_VERSION_TEST) } - fn gen_recovery_material(dir: &PathBuf) -> TestMetadataKMS { - let mut rng = AesRng::seed_from_u64(RECOVERY_MATERIAL_TEST.state); - let backup_id: RequestId = RequestId::new_random(&mut rng); - let (operator_pk, operator_sk) = gen_sig_keys(&mut rng); - let mut commitments = BTreeMap::new(); - let mut cts = BTreeMap::new(); - for role_j in 1..=RECOVERY_MATERIAL_TEST.custodian_count { - let cus_role = Role::indexed_from_one(role_j); - let (custodian_pk, _) = gen_sig_keys(&mut rng); - let backup_material = BackupMaterial { - backup_id, - custodian_pk, - custodian_role: cus_role, - operator_pk: operator_pk.clone(), - shares: Vec::new(), - }; - let msg_digest = - safe_serialize_hash_element_versioned(&DSEP_BACKUP_COMMITMENT, &backup_material) - .unwrap(); - commitments.insert(cus_role, msg_digest); - let mut payload = [0_u8; 32]; - rng.fill_bytes(&mut payload); - let cts_out = InnerOperatorBackupOutput { - signcryption: UnifiedSigncryption { - payload: payload.to_vec(), - pke_type: PkeSchemeType::MlKem512, - signing_type: SigningSchemeType::Ecdsa256k1, - }, - }; - cts.insert(cus_role, cts_out); - } - - // Dummy payload; but needs to be a properly serialized payload - // This must be generated after the commitment stuff, since the test will regenerate the commitment stuff, - // but read the custodian context from disk - let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); - let (_dec_key, enc_key) = encryption.keygen().unwrap(); - let (cus_pk, _) = gen_sig_keys(&mut rng); - let payload = CustodianSetupMessagePayload { - header: "header".to_string(), - random_value: [4_u8; 32], - timestamp: 0, - public_enc_key: enc_key.clone(), - verification_key: cus_pk.clone(), - }; - let mut payload_serial = Vec::new(); - safe_serialize(&payload, &mut payload_serial, SAFE_SER_SIZE_LIMIT).unwrap(); - let mut custodian_nodes = Vec::new(); - for role_j in 1..=RECOVERY_MATERIAL_TEST.custodian_count { - let setup_msg = CustodianSetupMessage { - custodian_role: role_j as u64, - name: format!("Custodian-{role_j}"), - payload: payload_serial.clone(), - }; - custodian_nodes.push(setup_msg); - } - let custodian_context = CustodianContext { - custodian_nodes, - custodian_context_id: Some(backup_id.into()), - threshold: 1, - }; - let internal_custodian_context = - InternalCustodianContext::new(custodian_context, enc_key).unwrap(); - store_versioned_auxiliary!( - &internal_custodian_context, - dir, - &RECOVERY_MATERIAL_TEST.test_filename, - &RECOVERY_MATERIAL_TEST.internal_cus_context_filename, - ); - let recovery_material = RecoveryValidationMaterial::new( - cts, - commitments, - internal_custodian_context, - &operator_sk, - kms_grpc_0_13_20::ContextId::from_bytes(RECOVERY_MATERIAL_TEST.mpc_context_id), - ) - .unwrap(); - store_versioned_test!( - &recovery_material, - dir, - &RECOVERY_MATERIAL_TEST.test_filename - ); - TestMetadataKMS::RecoveryValidationMaterial(RECOVERY_MATERIAL_TEST) - } - - fn gen_internal_recovery_request(dir: &PathBuf) -> TestMetadataKMS { - let mut rng = AesRng::seed_from_u64(INTERNAL_RECOVERY_REQUEST_TEST.state); - let backup_id: RequestId = RequestId::new_random(&mut rng); - let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); - let (_dec_key, enc_key) = encryption.keygen().unwrap(); - let (verf_key, _) = gen_sig_keys(&mut rng); - let mut cts = BTreeMap::new(); - for role_j in 1..=INTERNAL_RECOVERY_REQUEST_TEST.amount { - let cur_role = Role::indexed_from_one(role_j as usize); - let mut payload = [0_u8; 32]; - rng.fill_bytes(&mut payload); - let signcryption = UnifiedSigncryption { - payload: payload.to_vec(), - pke_type: PkeSchemeType::MlKem512, - signing_type: SigningSchemeType::Ecdsa256k1, - }; - cts.insert(cur_role, InnerOperatorBackupOutput { signcryption }); - } - let recovery_material = - InternalRecoveryRequest::new(enc_key, cts, backup_id, verf_key).unwrap(); - store_versioned_test!( - &recovery_material, - dir, - &INTERNAL_RECOVERY_REQUEST_TEST.test_filename - ); - TestMetadataKMS::InternalRecoveryRequest(INTERNAL_RECOVERY_REQUEST_TEST) - } - fn gen_internal_cus_context_handles(dir: &PathBuf) -> TestMetadataKMS { let mut rng = AesRng::seed_from_u64(INTERNAL_CUS_CONTEXT_TEST.state); let context_id: RequestId = RequestId::new_random(&mut rng); @@ -1377,81 +1215,6 @@ impl KmsV0_13_20 { ); TestMetadataKMS::InternalCustodianSetupMessage(INTERNAL_CUS_SETUP_MSG_TEST) } - - fn gen_internal_cus_rec_out(dir: &PathBuf) -> TestMetadataKMS { - let mut rng = AesRng::seed_from_u64(INTERNAL_CUS_REC_OUT_TEST.state); - let (operator_verification_key, _) = gen_sig_keys(&mut rng); - let mut buf = [0u8; 100]; - rng.fill_bytes(&mut buf); - let signcryption = UnifiedSigncryption { - payload: buf.to_vec(), - pke_type: PkeSchemeType::MlKem512, - signing_type: SigningSchemeType::Ecdsa256k1, - }; - let icro = InternalCustodianRecoveryOutput { - signcryption, - custodian_role: Role::indexed_from_one(2), - operator_verification_key, - mpc_context_id: kms_grpc_0_13_20::RequestId::from_bytes( - INTERNAL_CUS_REC_OUT_TEST.mpc_context_id, - ), - }; - store_versioned_test!(&icro, dir, &INTERNAL_CUS_REC_OUT_TEST.test_filename); - TestMetadataKMS::InternalCustodianRecoveryOutput(INTERNAL_CUS_REC_OUT_TEST) - } - - fn gen_operator_backup_output(dir: &PathBuf) -> TestMetadataKMS { - let mut rng = AesRng::seed_from_u64(OPERATOR_BACKUP_OUTPUT_TEST.seed); - - let custodians: Vec<_> = (1..=OPERATOR_BACKUP_OUTPUT_TEST.custodian_count) - .map(|i| { - let (_verification_key, signing_key) = gen_sig_keys(&mut rng); - let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); - let (private_key, public_key) = encryption.keygen().unwrap(); - Custodian::new( - Role::indexed_from_one(i), - signing_key, - public_key, - private_key, - ) - .unwrap() - }) - .collect(); - let custodian_messages: Vec<_> = custodians - .iter() - .enumerate() - .map(|(i, c)| { - c.generate_setup_message(&mut rng, format!("Custodian-{i}")) - .unwrap() - }) - .collect(); - - let operator = { - let (_verification_key, signing_key) = gen_sig_keys(&mut rng); - Operator::new_for_sharing( - custodian_messages, - signing_key, - OPERATOR_BACKUP_OUTPUT_TEST.custodian_threshold, - custodians.len(), - ) - .unwrap() - }; - let operator_backup_output = &operator - .secret_share_and_signcrypt( - &mut rng, - &OPERATOR_BACKUP_OUTPUT_TEST.plaintext, - RequestId::from_bytes(OPERATOR_BACKUP_OUTPUT_TEST.backup_id), - ) - .unwrap() - .ct_shares[&Role::indexed_from_one(1)]; - - store_versioned_test!( - operator_backup_output, - dir, - &OPERATOR_BACKUP_OUTPUT_TEST.test_filename - ); - TestMetadataKMS::OperatorBackupOutput(OPERATOR_BACKUP_OUTPUT_TEST) - } } struct DistributedDecryptionV0_13_20; @@ -1686,14 +1449,10 @@ impl KMSCoreVersion for V0_13_20 { KmsV0_13_20::gen_context_info(&dir), KmsV0_13_20::gen_node_info(&dir), KmsV0_13_20::gen_software_version(&dir), - KmsV0_13_20::gen_recovery_material(&dir), - KmsV0_13_20::gen_internal_recovery_request(&dir), KmsV0_13_20::gen_internal_cus_context_handles(&dir), KmsV0_13_20::gen_internal_cus_setup_msg(&dir), KmsV0_13_20::gen_kms_fhe_key_handles(&dir), KmsV0_13_20::gen_threshold_fhe_keys(&dir), - KmsV0_13_20::gen_internal_cus_rec_out(&dir), - KmsV0_13_20::gen_operator_backup_output(&dir), ] } diff --git a/docs/developer/backward_compatibility.md b/docs/developer/backward_compatibility.md index 0de00ecf41..cc0516913e 100644 --- a/docs/developer/backward_compatibility.md +++ b/docs/developer/backward_compatibility.md @@ -36,6 +36,7 @@ However, this does not allow changes to be made to the test metadata scheme itse - `backward-compatibility/generate-v0.13.0` - For KMS v0.13.0 - `backward-compatibility/generate-v0.13.10` - For KMS v0.13.10 - `backward-compatibility/generate-v0.13.20` - For KMS v0.13.20 +- `backward-compatibility/generate-v0.14.0` - For KMS v0.14.0 Each generator uses the exact dependencies from its target KMS version. @@ -63,6 +64,9 @@ make generate-backward-compatibility-v0.13.10 # Generate only v0.13.20 data make generate-backward-compatibility-v0.13.20 +# Generate only v0.14.0 data +make generate-backward-compatibility-v0.14.0 + ``` WARNING: Generating for specific versions removes previously generated data from the `.ron` files, effectively ignoring other versions in the tests! Thus, changes based on generating a specific version should NEVER be committed to the repo. From 45c9197cef36c3b01782f37fe59f18b336c770da Mon Sep 17 00:00:00 2001 From: Tore Frederiksen Date: Fri, 15 May 2026 12:21:58 +0200 Subject: [PATCH 2/4] chore: added missing files --- .../data/0_14_0/kms-grpc/priv_data_type.bcode | 3 + .../data/0_14_0/kms-grpc/pub_data_type.bcode | 3 + .../signed_pub_data_handle_internal.bcode | 3 + .../data/0_14_0/kms/app_key_blob.bcode | 3 + .../unified_ciphertext_handle.bcode | 3 + .../legacy_crs_gen_metadata.bcode | 3 + .../unified_enc_key_handle.bcode | 3 + .../legacy_key_gen_metadata.bcode | 3 + .../client_key_handle.bcode | 3 + .../decompression_key.bcode | 3 + .../public_key_handle.bcode | 3 + .../server_key_handle.bcode | 3 + .../sig_key_handle.bcode | 3 + .../prss_setup_128.bcode | 3 + .../prss_setup_64.bcode | 3 + .../internal_cus_context_handle.bcode | 3 + .../decompression_key.bcode | 3 + .../auxiliary_threshold_fhe_keys/info.bcode | 3 + .../integer_server_key.bcode | 3 + .../private_key_set.bcode | 3 + .../sns_key.bcode | 3 + .../hybrid_kem_ct_handle.bcode | 3 + .../data/0_14_0/kms/backup_ciphertext.bcode | 3 + .../data/0_14_0/kms/context_info.bcode | 3 + .../data/0_14_0/kms/crs_gen_metadata.bcode | 3 + .../crs_gen_metadata_with_extra_data.bcode | 3 + .../data/0_14_0/kms/designcryption_key.bcode | 3 + .../data/0_14_0/kms/hybrid_kem_ct.bcode | 3 + .../0_14_0/kms/internal_cus_context.bcode | 3 + .../internal_custodian_recovery_output.bcode | 3 + .../internal_custodian_setup_message.bcode | 3 + .../kms/internal_recovery_request.bcode | 3 + .../data/0_14_0/kms/key_gen_metadata.bcode | 3 + .../key_gen_metadata_with_extra_data.bcode | 3 + .../data/0_14_0/kms/kms_fhe_key_handles.bcode | 3 + .../data/0_14_0/kms/node_info.bcode | 3 + .../0_14_0/kms/operator_backup_output.bcode | 3 + .../data/0_14_0/kms/private_sig_key.bcode | 3 + .../data/0_14_0/kms/prss_setup_combined.bcode | 3 + .../data/0_14_0/kms/public_sig_key.bcode | 3 + .../data/0_14_0/kms/recovery_material.bcode | 3 + .../data/0_14_0/kms/signcryption_key.bcode | 3 + .../0_14_0/kms/signcryption_payload.bincode | Bin 0 -> 29 bytes .../data/0_14_0/kms/software_version.bcode | 3 + .../data/0_14_0/kms/threshold_fhe_keys.bcode | 3 + .../data/0_14_0/kms/typed_plaintext.bincode | Bin 0 -> 17 bytes .../data/0_14_0/kms/unified_ciphertext.bcode | 3 + .../0_14_0/kms/unified_signcryption.bcode | 3 + .../legacy_prss_set_128.bcode | 3 + .../legacy_prss_set_64.bcode | 3 + .../data/0_14_0/threshold-fhe/prf_key.bcode | 3 + .../0_14_0/threshold-fhe/prss_set_128.bcode | 3 + .../0_14_0/threshold-fhe/prss_set_64.bcode | 3 + .../threshold-fhe/prss_setup_rpoly_128.bcode | 3 + .../threshold-fhe/prss_setup_rpoly_64.bcode | 3 + .../threshold-fhe/release_pcr_values.bcode | 3 + .../data/0_14_0/threshold-fhe/share_128.bcode | 3 + .../data/0_14_0/threshold-fhe/share_64.bcode | 3 + .../generate-v0.14.0/Cargo.lock | 8090 +++++++++++++++++ .../generate-v0.14.0/Cargo.toml | 63 + .../generate-v0.14.0/src/data_0_14.rs | 1724 ++++ .../generate-v0.14.0/src/generate.rs | 174 + .../generate-v0.14.0/src/lib.rs | 7 + .../generate-v0.14.0/src/main.rs | 64 + 64 files changed, 10290 insertions(+) create mode 100644 backward-compatibility/data/0_14_0/kms-grpc/priv_data_type.bcode create mode 100644 backward-compatibility/data/0_14_0/kms-grpc/pub_data_type.bcode create mode 100644 backward-compatibility/data/0_14_0/kms-grpc/signed_pub_data_handle_internal.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/app_key_blob.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_backup_ciphertext/unified_ciphertext_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_crs_gen_metadata/legacy_crs_gen_metadata.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_internal_cus_context/unified_enc_key_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/client_key_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/decompression_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/public_key_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/server_key_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/sig_key_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_128.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_64.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/decompression_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/info.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/integer_server_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/private_key_set.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/sns_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/auxiliary_unified_ciphertext/hybrid_kem_ct_handle.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/backup_ciphertext.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/context_info.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/crs_gen_metadata.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/crs_gen_metadata_with_extra_data.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/designcryption_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/hybrid_kem_ct.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/internal_cus_context.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/internal_custodian_recovery_output.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/internal_custodian_setup_message.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/internal_recovery_request.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/key_gen_metadata.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/key_gen_metadata_with_extra_data.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/kms_fhe_key_handles.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/node_info.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/operator_backup_output.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/private_sig_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/prss_setup_combined.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/public_sig_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/recovery_material.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/signcryption_key.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/signcryption_payload.bincode create mode 100644 backward-compatibility/data/0_14_0/kms/software_version.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/threshold_fhe_keys.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/typed_plaintext.bincode create mode 100644 backward-compatibility/data/0_14_0/kms/unified_ciphertext.bcode create mode 100644 backward-compatibility/data/0_14_0/kms/unified_signcryption.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/auxiliary_prss_set_128/legacy_prss_set_128.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/auxiliary_prss_set_64/legacy_prss_set_64.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/prf_key.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/prss_set_128.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/prss_set_64.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/prss_setup_rpoly_128.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/prss_setup_rpoly_64.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/release_pcr_values.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/share_128.bcode create mode 100644 backward-compatibility/data/0_14_0/threshold-fhe/share_64.bcode create mode 100644 backward-compatibility/generate-v0.14.0/Cargo.lock create mode 100644 backward-compatibility/generate-v0.14.0/Cargo.toml create mode 100644 backward-compatibility/generate-v0.14.0/src/data_0_14.rs create mode 100644 backward-compatibility/generate-v0.14.0/src/generate.rs create mode 100644 backward-compatibility/generate-v0.14.0/src/lib.rs create mode 100644 backward-compatibility/generate-v0.14.0/src/main.rs diff --git a/backward-compatibility/data/0_14_0/kms-grpc/priv_data_type.bcode b/backward-compatibility/data/0_14_0/kms-grpc/priv_data_type.bcode new file mode 100644 index 0000000000..b2e9f64332 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms-grpc/priv_data_type.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:971e061b731ff27510e9b78027b92e5b3a22b1516c53019c14ae9e74d5d7a7c4 +size 8 diff --git a/backward-compatibility/data/0_14_0/kms-grpc/pub_data_type.bcode b/backward-compatibility/data/0_14_0/kms-grpc/pub_data_type.bcode new file mode 100644 index 0000000000..b62995ce4f --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms-grpc/pub_data_type.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:20aef0af2bb62267e2f5c157abdc51d1ce6506e42478ae204f1fab5494907df1 +size 8 diff --git a/backward-compatibility/data/0_14_0/kms-grpc/signed_pub_data_handle_internal.bcode b/backward-compatibility/data/0_14_0/kms-grpc/signed_pub_data_handle_internal.bcode new file mode 100644 index 0000000000..439029a680 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms-grpc/signed_pub_data_handle_internal.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d76555cde90e2b212e529fa05e5c428ea200ba637dd53f485817595423299ce0 +size 44 diff --git a/backward-compatibility/data/0_14_0/kms/app_key_blob.bcode b/backward-compatibility/data/0_14_0/kms/app_key_blob.bcode new file mode 100644 index 0000000000..fdb0e7f1cf --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/app_key_blob.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7411ad8b97e02c52a39389c59d226ae7023b645602abdfca152896fc94d7cb5b +size 88 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_backup_ciphertext/unified_ciphertext_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_backup_ciphertext/unified_ciphertext_handle.bcode new file mode 100644 index 0000000000..a4ac29fe9d --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_backup_ciphertext/unified_ciphertext_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7baef0c10c9546e08c07e7e10b9ac5c8ef5438193a993aa1e50b0f1b4d0ce730 +size 116 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_crs_gen_metadata/legacy_crs_gen_metadata.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_crs_gen_metadata/legacy_crs_gen_metadata.bcode new file mode 100644 index 0000000000..5b6ad3bd60 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_crs_gen_metadata/legacy_crs_gen_metadata.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7e8d2cda4e6186846e6c81b978d8646d99805908fcada7fb1e4d69bc2ea4a50a +size 222 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_internal_cus_context/unified_enc_key_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_internal_cus_context/unified_enc_key_handle.bcode new file mode 100644 index 0000000000..80a9fd8578 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_internal_cus_context/unified_enc_key_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e9ad274fccc8176b8ca752b0775d7e5204ef04977f3110e03a967d5625463e8 +size 816 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode new file mode 100644 index 0000000000..3e915b7200 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dcaa5ec92d837668257440f038409da4cfbab18d2f2f700f553386ae7b1802e5 +size 468 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/client_key_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/client_key_handle.bcode new file mode 100644 index 0000000000..992e387d7d --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/client_key_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f47cd611b9ba112924afc627df465f83d64ff34266bb74b84f551350c84661d3 +size 11059 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/decompression_key.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/decompression_key.bcode new file mode 100644 index 0000000000..32c4a8b118 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/decompression_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d +size 1 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/public_key_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/public_key_handle.bcode new file mode 100644 index 0000000000..daef644183 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/public_key_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a6baad25bd21e9d66fa8f0dbade36139963ed943bddf0d17301baa7bfed7b17 +size 4296 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/server_key_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/server_key_handle.bcode new file mode 100644 index 0000000000..65aa9880cb --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/server_key_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b705dbae3823bd53f081785cc16fd5c8882972cf1c4aef072805855e150153e7 +size 2612531 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/sig_key_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/sig_key_handle.bcode new file mode 100644 index 0000000000..46be201c75 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_kms_fhe_key_handles/sig_key_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4a70af30268a5a16d1e92329ff520c86ed3de334ce84c223cf0dc722f8b747d +size 44 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_128.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_128.bcode new file mode 100644 index 0000000000..add992a846 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_128.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ca00fd2c83f16696111d5b1664a7c01e5280e0797e34a7914f4ff4d3d9d83371 +size 571344 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_64.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_64.bcode new file mode 100644 index 0000000000..54e23ac21b --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_prss_setup_combined/prss_setup_64.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f636676db5e96976a8f40d0997fc194dd60f95597ef95a40e1f0105537054447 +size 363344 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode new file mode 100644 index 0000000000..3720877b3a --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83edb0410c16b0df4692bc269140625188b9168cec607eaabafbec2e3d27f068 +size 5714 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/decompression_key.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/decompression_key.bcode new file mode 100644 index 0000000000..32c4a8b118 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/decompression_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d +size 1 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/info.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/info.bcode new file mode 100644 index 0000000000..a2b71017a4 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/info.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc +size 8 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/integer_server_key.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/integer_server_key.bcode new file mode 100644 index 0000000000..0b14506e98 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/integer_server_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:24d4c40af16d1e88b3f487377e58650f1d00ba83190aaf79951d1cf9649ffd33 +size 105044 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/private_key_set.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/private_key_set.bcode new file mode 100644 index 0000000000..78f5a76f23 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/private_key_set.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37d2a7d8179d03b407285a89155ceacf1b93632cb85cdddd97438502e089106a +size 72788 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/sns_key.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/sns_key.bcode new file mode 100644 index 0000000000..7d5dd827cc --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_threshold_fhe_keys/sns_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:92fcc1622e46fb575229a76e189587b92af92ca6a1a40f25f4e0e36dbaa0d693 +size 327865 diff --git a/backward-compatibility/data/0_14_0/kms/auxiliary_unified_ciphertext/hybrid_kem_ct_handle.bcode b/backward-compatibility/data/0_14_0/kms/auxiliary_unified_ciphertext/hybrid_kem_ct_handle.bcode new file mode 100644 index 0000000000..c9022a3505 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/auxiliary_unified_ciphertext/hybrid_kem_ct_handle.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5c507182c9fc8e903f237672321ea88b12dae401bfdaa54edb64c1058d023e0b +size 104 diff --git a/backward-compatibility/data/0_14_0/kms/backup_ciphertext.bcode b/backward-compatibility/data/0_14_0/kms/backup_ciphertext.bcode new file mode 100644 index 0000000000..60f47859b4 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/backup_ciphertext.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58839ef61ee16b3dc704c7a9f0e2198d8b63e5447ad56ce44ea30b84bac54afe +size 160 diff --git a/backward-compatibility/data/0_14_0/kms/context_info.bcode b/backward-compatibility/data/0_14_0/kms/context_info.bcode new file mode 100644 index 0000000000..c184704cde --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/context_info.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bc09fa4d730965ed9a3e566b71eab8c3386ec34f75cd9a0faf7d38f2caa2b29d +size 773 diff --git a/backward-compatibility/data/0_14_0/kms/crs_gen_metadata.bcode b/backward-compatibility/data/0_14_0/kms/crs_gen_metadata.bcode new file mode 100644 index 0000000000..8a31fb1c98 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/crs_gen_metadata.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b75ed84a1486d89c47d446d5987105037d5f12714a8298a77bc3d15f701178fa +size 162 diff --git a/backward-compatibility/data/0_14_0/kms/crs_gen_metadata_with_extra_data.bcode b/backward-compatibility/data/0_14_0/kms/crs_gen_metadata_with_extra_data.bcode new file mode 100644 index 0000000000..e2dcfa0875 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/crs_gen_metadata_with_extra_data.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b79dafcc51162efedd41d3cfe3d5d5ce906d0122b89b8cca65a5f43741361e19 +size 174 diff --git a/backward-compatibility/data/0_14_0/kms/designcryption_key.bcode b/backward-compatibility/data/0_14_0/kms/designcryption_key.bcode new file mode 100644 index 0000000000..ccb5d6080a --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/designcryption_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b10c5bf4b215b2204709f5c7ee3f567a7072b321b514f2364ebaf5d3f1ba15ac +size 2541 diff --git a/backward-compatibility/data/0_14_0/kms/hybrid_kem_ct.bcode b/backward-compatibility/data/0_14_0/kms/hybrid_kem_ct.bcode new file mode 100644 index 0000000000..900bba1ed7 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/hybrid_kem_ct.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a4144bc45b0e0793bbdd028b76c8c8cd7eb8e3929b46d5b9e34fea316b2b6cac +size 50 diff --git a/backward-compatibility/data/0_14_0/kms/internal_cus_context.bcode b/backward-compatibility/data/0_14_0/kms/internal_cus_context.bcode new file mode 100644 index 0000000000..bed5902f24 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/internal_cus_context.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:588e8e4a618b8f85e340f9fb7a8e070808789514645e115a4418bcc7594e5b9a +size 5684 diff --git a/backward-compatibility/data/0_14_0/kms/internal_custodian_recovery_output.bcode b/backward-compatibility/data/0_14_0/kms/internal_custodian_recovery_output.bcode new file mode 100644 index 0000000000..38cdf921d8 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/internal_custodian_recovery_output.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c5a79b59689143dadc62d606abd3fe5921a14fc7971d620dd246645d8368374f +size 221 diff --git a/backward-compatibility/data/0_14_0/kms/internal_custodian_setup_message.bcode b/backward-compatibility/data/0_14_0/kms/internal_custodian_setup_message.bcode new file mode 100644 index 0000000000..5211d9920d --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/internal_custodian_setup_message.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a9ab09b84a90d3da3098160d0f4b12240daa900965bb71a3de9368130091187 +size 992 diff --git a/backward-compatibility/data/0_14_0/kms/internal_recovery_request.bcode b/backward-compatibility/data/0_14_0/kms/internal_recovery_request.bcode new file mode 100644 index 0000000000..d3e042756e --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/internal_recovery_request.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:131b45495e950de30f57d751f78f662d939fb50fa91265d5aaca4365b92b9bef +size 1665 diff --git a/backward-compatibility/data/0_14_0/kms/key_gen_metadata.bcode b/backward-compatibility/data/0_14_0/kms/key_gen_metadata.bcode new file mode 100644 index 0000000000..5d440827de --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/key_gen_metadata.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:66e3bc33dbc047674bf0163868f3d73ad86962c6fb07c4bf1db7c704ea4722b0 +size 246 diff --git a/backward-compatibility/data/0_14_0/kms/key_gen_metadata_with_extra_data.bcode b/backward-compatibility/data/0_14_0/kms/key_gen_metadata_with_extra_data.bcode new file mode 100644 index 0000000000..0a44396d4c --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/key_gen_metadata_with_extra_data.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ac0ded3ade3242ce472ecb8ff691834667b04d6c648f0535ff1028e627449ee2 +size 258 diff --git a/backward-compatibility/data/0_14_0/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_14_0/kms/kms_fhe_key_handles.bcode new file mode 100644 index 0000000000..397b91584f --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/kms_fhe_key_handles.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:556168b309d817cbcdd0a10554916546a09b59847b250d1d4b56c52a882db7c4 +size 11318 diff --git a/backward-compatibility/data/0_14_0/kms/node_info.bcode b/backward-compatibility/data/0_14_0/kms/node_info.bcode new file mode 100644 index 0000000000..363f0a5f6d --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/node_info.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b753468d6ebf5f11b5fea788187f88f6857df52a7b89539c59c549d57e54237a +size 259 diff --git a/backward-compatibility/data/0_14_0/kms/operator_backup_output.bcode b/backward-compatibility/data/0_14_0/kms/operator_backup_output.bcode new file mode 100644 index 0000000000..7c24373275 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/operator_backup_output.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b9622e8a05c3c04d5f8d74a5a9f9460b6be883f061ef3e9e49252553f2e50b7b +size 1260 diff --git a/backward-compatibility/data/0_14_0/kms/private_sig_key.bcode b/backward-compatibility/data/0_14_0/kms/private_sig_key.bcode new file mode 100644 index 0000000000..46be201c75 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/private_sig_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4a70af30268a5a16d1e92329ff520c86ed3de334ce84c223cf0dc722f8b747d +size 44 diff --git a/backward-compatibility/data/0_14_0/kms/prss_setup_combined.bcode b/backward-compatibility/data/0_14_0/kms/prss_setup_combined.bcode new file mode 100644 index 0000000000..9d49ac004f --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/prss_setup_combined.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5aeb8e5ae63b5cb1c7b102c88afe14f1610b94de45262c89f288d62c2905c84d +size 934694 diff --git a/backward-compatibility/data/0_14_0/kms/public_sig_key.bcode b/backward-compatibility/data/0_14_0/kms/public_sig_key.bcode new file mode 100644 index 0000000000..803309c729 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/public_sig_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ca62947f91974015736ebb245f3e3e74416f6d54c130a4c733f3a8cbde20f20a +size 45 diff --git a/backward-compatibility/data/0_14_0/kms/recovery_material.bcode b/backward-compatibility/data/0_14_0/kms/recovery_material.bcode new file mode 100644 index 0000000000..6365f46725 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/recovery_material.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7c3a25b30266ea83f46f55e42aa155f7216e069f9cf79613c4a06163770c1b24 +size 6482 diff --git a/backward-compatibility/data/0_14_0/kms/signcryption_key.bcode b/backward-compatibility/data/0_14_0/kms/signcryption_key.bcode new file mode 100644 index 0000000000..1bc463d85d --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/signcryption_key.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef6450d800773acdaed4163734882a117889436fa0738b63609fa36bdc5fcf19 +size 892 diff --git a/backward-compatibility/data/0_14_0/kms/signcryption_payload.bincode b/backward-compatibility/data/0_14_0/kms/signcryption_payload.bincode new file mode 100644 index 0000000000000000000000000000000000000000..3d998f4d15a2f7c391836229df41f62d71d7732a GIT binary patch literal 29 ZcmZQ&fB;4&W)@ZsAe#j$aBuCt_W%l816cq7 literal 0 HcmV?d00001 diff --git a/backward-compatibility/data/0_14_0/kms/software_version.bcode b/backward-compatibility/data/0_14_0/kms/software_version.bcode new file mode 100644 index 0000000000..b13a02364a --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/software_version.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0caaec795d048118c15c3462ec76e1d0ca0244f24b2fe3cbe6880fe33b7702e2 +size 42 diff --git a/backward-compatibility/data/0_14_0/kms/threshold_fhe_keys.bcode b/backward-compatibility/data/0_14_0/kms/threshold_fhe_keys.bcode new file mode 100644 index 0000000000..d8da2e2905 --- /dev/null +++ b/backward-compatibility/data/0_14_0/kms/threshold_fhe_keys.bcode @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5427a4bd62738a4d91b92e050526b3e2eee0e3a892835ab046607b37f2fac1cd +size 505726 diff --git a/backward-compatibility/data/0_14_0/kms/typed_plaintext.bincode b/backward-compatibility/data/0_14_0/kms/typed_plaintext.bincode new file mode 100644 index 0000000000000000000000000000000000000000..50b7c47b79702e4dc18ab4ba027ddb3cfe249b4e GIT binary patch literal 17 ScmZQ&fB;4&W)@ZsAR7Px { + store_versioned_test_05($msg, $dir, $test_filename) + }; +} + +// Macro to store a versioned auxiliary data associated to a test +macro_rules! store_versioned_auxiliary { + ($msg:expr, $dir:expr, $test_name:expr, $filename:expr $(,)? ) => { + store_versioned_auxiliary_05($msg, $dir, $test_name, $filename) + }; +} + +fn convert_dkg_params_sns(value: DKGParamsSnSTest) -> DKGParamsSnS { + DKGParamsSnS { + regular_params: convert_dkg_params_regular(value.regular_params), + sns_params: convert_sns_parameters(value.sns_params), + sns_compression_params: Some(convert_sns_compression_parameters( + value.sns_compression_parameters, + )), + } +} + +// Parameters `dedicated_compact_public_key_parameters` and `compression_decompression_parameters` +// are set to None because they are optional tfhe-rs types, which means their backward compatibility +// is already tested. +fn convert_dkg_params_regular(value: DKGParamsRegularTest) -> DKGParamsRegular { + DKGParamsRegular { + dkg_mode: DkgMode::Z128, + sec: value.sec, + ciphertext_parameters: convert_classic_pbs_parameters(value.ciphertext_parameters), + dedicated_compact_public_key_parameters: None, + compression_decompression_parameters: None, + secret_key_deviations: None, + cpk_re_randomization_ksk_params: None, + } +} + +fn convert_classic_pbs_parameters(value: ClassicPBSParametersTest) -> ClassicPBSParameters { + ClassicPBSParameters { + lwe_dimension: LweDimension(value.lwe_dimension), + glwe_dimension: GlweDimension(value.glwe_dimension), + polynomial_size: PolynomialSize(value.polynomial_size), + lwe_noise_distribution: DynamicDistribution::TUniform(TUniform::new( + value.lwe_noise_gaussian, + )), + glwe_noise_distribution: DynamicDistribution::TUniform(TUniform::new(0)), + pbs_base_log: DecompositionBaseLog(value.pbs_base_log), + pbs_level: DecompositionLevelCount(value.pbs_level), + ks_base_log: DecompositionBaseLog(value.ks_base_log), + ks_level: DecompositionLevelCount(value.ks_level), + message_modulus: MessageModulus(value.message_modulus), + carry_modulus: CarryModulus(value.carry_modulus), + max_noise_level: MaxNoiseLevel::new(value.max_noise_level), + log2_p_fail: value.log2_p_fail, + ciphertext_modulus: CiphertextModulus::new_native(), + encryption_key_choice: { + match &*value.encryption_key_choice { + "big" => EncryptionKeyChoice::Big, + "small" => EncryptionKeyChoice::Small, + _ => panic!("Invalid encryption key choice"), + } + }, + // no need to test this as it's from tfhe-rs + modulus_switch_noise_reduction_params: + tfhe_1_6_1::shortint::prelude::ModulusSwitchType::Standard, + } +} + +fn convert_sns_parameters(value: SwitchAndSquashParametersTest) -> NoiseSquashingParameters { + NoiseSquashingParameters::Classic(NoiseSquashingClassicParameters { + glwe_dimension: GlweDimension(value.glwe_dimension), + glwe_noise_distribution: DynamicDistribution::new_t_uniform(value.glwe_noise_distribution), + polynomial_size: PolynomialSize(value.polynomial_size), + decomp_base_log: DecompositionBaseLog(value.pbs_base_log), + decomp_level_count: DecompositionLevelCount(value.pbs_level), + ciphertext_modulus: CiphertextModulus::::new_native(), + modulus_switch_noise_reduction_params: + tfhe_1_6_1::shortint::prelude::ModulusSwitchType::Standard, + message_modulus: MessageModulus(value.message_modulus), + carry_modulus: CarryModulus(value.carry_modulus), + }) +} + +fn convert_sns_compression_parameters( + value: SwitchAndSquashCompressionParametersTest, +) -> NoiseSquashingCompressionParameters { + NoiseSquashingCompressionParameters { + packing_ks_level: DecompositionLevelCount(value.packing_ks_level), + packing_ks_base_log: DecompositionBaseLog(value.packing_ks_base_log), + packing_ks_polynomial_size: PolynomialSize(value.packing_ks_polynomial_size), + packing_ks_glwe_dimension: GlweDimension(value.packing_ks_glwe_dimension), + lwe_per_glwe: LweCiphertextCount(value.lwe_per_glwe), + packing_ks_key_noise_distribution: DynamicDistribution::new_t_uniform( + value.packing_ks_key_noise_distribution, + ), + ciphertext_modulus: CiphertextModulus::::new_native(), + message_modulus: MessageModulus(value.message_modulus), + carry_modulus: CarryModulus(value.carry_modulus), + } +} + +// Distributed Decryption test +const PRSS_SETUP_RPOLY_64_TEST: PRSSSetupTest = PRSSSetupTest { + test_filename: Cow::Borrowed("prss_setup_rpoly_64"), + amount: 10, + threshold: 3, + role_i: 1, + residue_poly_size: 64, +}; + +// Distributed Decryption test +const PRSS_SETUP_RPOLY_128_TEST: PRSSSetupTest = PRSSSetupTest { + test_filename: Cow::Borrowed("prss_setup_rpoly_128"), + amount: 10, + threshold: 3, + role_i: 1, + residue_poly_size: 128, +}; + +// Distributed Decryption test +const PRF_KEY_TEST: PrfKeyTest = PrfKeyTest { + test_filename: Cow::Borrowed("prf_key"), + seed: 100, +}; + +// Distributed Decryption test +const PRSS_SET_64_TEST: PrssSetTest = PrssSetTest { + test_filename: Cow::Borrowed("prss_set_64"), + legacy_filename: Cow::Borrowed("legacy_prss_set_64"), + amount_parties: 7, + amount_points: 7, + residue_poly_size: 64, + state: 11111, +}; + +// Distributed Decryption test +const PRSS_SET_128_TEST: PrssSetTest = PrssSetTest { + test_filename: Cow::Borrowed("prss_set_128"), + legacy_filename: Cow::Borrowed("legacy_prss_set_128"), + amount_parties: 13, + amount_points: 3, + residue_poly_size: 128, + state: 2222, +}; + +// Distributed Decryption test +const SHARE_64_TEST: ShareTest = ShareTest { + test_filename: Cow::Borrowed("share_64"), + value: 34653246, + owner: 1, + residue_poly_size: 64, +}; + +// Distributed Decryption test +const SHARE_128_TEST: ShareTest = ShareTest { + test_filename: Cow::Borrowed("share_128"), + value: 934565743256423875434534434, + owner: 1, + residue_poly_size: 128, +}; + +// Distributed Decryption test +const RELEASE_PCR_VALUES_TEST: ReleasePCRValuesTest = ReleasePCRValuesTest { + test_filename: Cow::Borrowed("release_pcr_values"), + state: 64, +}; + +// KMS test +const PRIVATE_SIG_KEY_TEST: PrivateSigKeyTest = PrivateSigKeyTest { + test_filename: Cow::Borrowed("private_sig_key"), + state: 100, +}; + +// KMS-grpc test +const SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST: SignedPubDataHandleInternalTest = + SignedPubDataHandleInternalTest { + test_filename: Cow::Borrowed("signed_pub_data_handle_internal"), + state: 100, + key_handle: Cow::Borrowed("key_handle"), + signature: [1, 2, 3], + external_signature: [4, 5, 6], + }; + +const PUB_DATA_TYPE: PubDataTypeTest = PubDataTypeTest { + test_filename: Cow::Borrowed("pub_data_type"), +}; + +const PRIV_DATA_TYPE: PrivDataTypeTest = PrivDataTypeTest { + test_filename: Cow::Borrowed("priv_data_type"), +}; + +// KMS test +const PUBLIC_SIG_KEY_TEST: PublicSigKeyTest = PublicSigKeyTest { + test_filename: Cow::Borrowed("public_sig_key"), + state: 100, +}; + +// KMS test +// TODO: include eip712_domain parameter +const KMS_FHE_KEY_HANDLES_TEST: KmsFheKeyHandlesTest = KmsFheKeyHandlesTest { + test_filename: Cow::Borrowed("kms_fhe_key_handles"), + client_key_filename: Cow::Borrowed("client_key_handle"), + public_key_filename: Cow::Borrowed("public_key_handle"), + server_key_filename: Cow::Borrowed("server_key_handle"), + sig_key_filename: Cow::Borrowed("sig_key_handle"), + decompression_key_filename: Cow::Borrowed("decompression_key"), + state: 100, + seed: 100, + element: Cow::Borrowed("element"), + dkg_parameters_sns: TEST_DKG_PARAMS_SNS, +}; + +// KMS test +const THRESHOLD_FHE_KEYS_TEST: ThresholdFheKeysTest = ThresholdFheKeysTest { + test_filename: Cow::Borrowed("threshold_fhe_keys"), + private_key_set_filename: Cow::Borrowed("private_key_set"), + integer_server_key_filename: Cow::Borrowed("integer_server_key"), + sns_key_filename: Cow::Borrowed("sns_key"), + info_filename: Cow::Borrowed("info"), + decompression_key_filename: Cow::Borrowed("decompression_key"), + state: 100, + amount: 2, + threshold: 1, + role_i: 1, + element: Cow::Borrowed("element"), + dkg_parameters_sns: TEST_DKG_PARAMS_SNS, +}; + +// KMS test +const KEY_GEN_METADATA_TEST: KeyGenMetadataTest = KeyGenMetadataTest { + test_filename: Cow::Borrowed("key_gen_metadata"), + legacy_filename: Cow::Borrowed("legacy_key_gen_metadata"), + state: 100, +}; + +// KMS test +const CRS_GEN_METADATA_TEST: CrsGenMetadataTest = CrsGenMetadataTest { + test_filename: Cow::Borrowed("crs_gen_metadata"), + legacy_filename: Cow::Borrowed("legacy_crs_gen_metadata"), + state: 100, + max_num_bits: 2048, +}; + +// KMS test — for key generation metadata with the 14.0 format (including extra data). +const KEY_GEN_METADATA_WITH_EXTRA_DATA_TEST: KeyGenMetadataWithExtraDataTest = + KeyGenMetadataWithExtraDataTest { + test_filename: Cow::Borrowed("key_gen_metadata_with_extra_data"), + state: 101, + extra_data: Cow::Borrowed(&[0x02, 0xAA, 0xBB, 0xCC]), + }; + +const CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST: CrsGenMetadataWithExtraDataTest = + CrsGenMetadataWithExtraDataTest { + test_filename: Cow::Borrowed("crs_gen_metadata_with_extra_data"), + state: 101, + max_num_bits: 2048, + extra_data: Cow::Borrowed(&[0x02, 0xDD, 0xEE, 0xFF]), + }; + +// KMS test +const APP_KEY_BLOB_TEST: AppKeyBlobTest = AppKeyBlobTest { + test_filename: Cow::Borrowed("app_key_blob"), + root_key_id: Cow::Borrowed("root_key_id"), + data_key_blob: Cow::Borrowed("data_key_blob"), + ciphertext: Cow::Borrowed("ciphertext"), + iv: Cow::Borrowed("iv"), + auth_tag: Cow::Borrowed("auth_tag"), +}; + +// KMS test +fn typed_plaintext_test() -> TypedPlaintextTest { + TypedPlaintextTest { + test_filename: Cow::Borrowed("typed_plaintext"), + plaintext_bytes: vec![1, 2, 3, 4, 5], + fhe_type: 8, // FheTypes::Uint8 + } +} + +// KMS test +fn signcryption_payload_test() -> SigncryptionPayloadTest { + SigncryptionPayloadTest { + test_filename: Cow::Borrowed("signcryption_payload"), + plaintext_bytes: vec![1, 2, 3, 4, 5], + fhe_type: 8, // FheTypes::Uint8 + link: vec![222, 173, 190, 239], + } +} + +// KMS test +const SIGNCRYPTION_KEY_TEST: UnifiedSigncryptionKeyTest = UnifiedSigncryptionKeyTest { + test_filename: Cow::Borrowed("signcryption_key"), + state: 100, +}; + +// KMS test +const UNSIGNCRYPTION_KEY_TEST: UnifiedUnsigncryptionKeyTest = UnifiedUnsigncryptionKeyTest { + test_filename: Cow::Borrowed("designcryption_key"), + state: 200, +}; + +// KMS test +const UNIFIED_SIGNCRYPTION_TEST: UnifiedSigncryptionTest = UnifiedSigncryptionTest { + test_filename: Cow::Borrowed("unified_signcryption"), + state: 202, +}; + +// KMS test +const BACKUP_CIPHERTEXT_TEST: BackupCiphertextTest = BackupCiphertextTest { + test_filename: Cow::Borrowed("backup_ciphertext"), + unified_cipher_filename: Cow::Borrowed("unified_ciphertext_handle"), + state: 200, +}; + +// KMS test +const UNIFIED_CIPHER_TEST: UnifiedCipherTest = UnifiedCipherTest { + test_filename: Cow::Borrowed("unified_ciphertext"), + hybrid_kem_filename: Cow::Borrowed("hybrid_kem_ct_handle"), + state: 123, +}; + +// KMS test +const PRSS_SETUP_COMBINED_TEST: PrssSetupCombinedTest = PrssSetupCombinedTest { + test_filename: Cow::Borrowed("prss_setup_combined"), + prss_setup_64: Cow::Borrowed("prss_setup_64"), + prss_setup_128: Cow::Borrowed("prss_setup_128"), + role_i: 3, + amount: 13, + threshold: 4, +}; + +// KMS test +fn hybrid_kem_ct_test() -> HybridKemCtTest { + HybridKemCtTest { + test_filename: Cow::Borrowed("hybrid_kem_ct"), + nonce: [2u8; 12], + kem_ct: vec![1, 2, 3, 4, 5], + payload_ct: vec![6, 7, 8, 9, 10], + } +} + +// KMS test +fn context_info_test() -> ContextInfoTest { + ContextInfoTest { + test_filename: Cow::Borrowed("context_info"), + threshold: 3, + state: 234, + } +} + +// KMS test +fn node_info_test() -> NodeInfoTest { + NodeInfoTest { + test_filename: Cow::Borrowed("node_info"), + mpc_identity: Cow::Borrowed("node_mpc_identity"), + party_id: 4, + external_url: Cow::Borrowed("https://node4.example.com/mpc/something-something"), + public_storage_url: Cow::Borrowed("https://storage.example.com/node4"), + public_storage_prefix: Cow::Borrowed("PUB"), + ca_cert: Some(vec![1, 2, 3, 4, 6, 7, 8, 9]), + state: 500, + } +} + +// KMS test +const SOFTWARE_VERSION_TEST: SoftwareVersionTest = SoftwareVersionTest { + test_filename: Cow::Borrowed("software_version"), + major: 0, + minor: 13, + patch: 4, + tag: Cow::Borrowed("super fun version"), +}; + +// KMS test +const RECOVERY_MATERIAL_TEST: RecoveryValidationMaterialTest = RecoveryValidationMaterialTest { + test_filename: Cow::Borrowed("recovery_material"), + internal_cus_context_filename: Cow::Borrowed("internal_cus_context_handle"), + state: 300, + custodian_count: 5, + mpc_context_id: [7u8; 32], +}; + +// KMS test +const INTERNAL_RECOVERY_REQUEST_TEST: InternalRecoveryRequestTest = InternalRecoveryRequestTest { + test_filename: Cow::Borrowed("internal_recovery_request"), + amount: 10, + state: 300, +}; + +// KMS test +const INTERNAL_CUS_CONTEXT_TEST: InternalCustodianContextTest = InternalCustodianContextTest { + test_filename: Cow::Borrowed("internal_cus_context"), + internal_cus_setup_filename: Cow::Borrowed("internal_cus_setup_handle"), + unified_enc_key_filename: Cow::Borrowed("unified_enc_key_handle"), + state: 300, + custodian_count: 5, +}; + +// KMS test +const INTERNAL_CUS_SETUP_MSG_TEST: InternalCustodianSetupMessageTest = + InternalCustodianSetupMessageTest { + test_filename: Cow::Borrowed("internal_custodian_setup_message"), + state: 42, + }; + +// KMS test +const INTERNAL_CUS_REC_OUT_TEST: InternalCustodianRecoveryOutputTest = + InternalCustodianRecoveryOutputTest { + test_filename: Cow::Borrowed("internal_custodian_recovery_output"), + state: 43, + mpc_context_id: [7u8; 32], + }; + +// KMS test +const OPERATOR_BACKUP_OUTPUT_TEST: OperatorBackupOutputTest = OperatorBackupOutputTest { + test_filename: Cow::Borrowed("operator_backup_output"), + custodian_count: 3, + custodian_threshold: 1, + plaintext: [0u8; 32], + backup_id: [1u8; 32], + seed: 42, +}; + +fn dummy_domain() -> alloy_sol_types_1_4_1::Eip712Domain { + alloy_sol_types_1_4_1::eip712_domain!( + name: "Authorization token", + version: "1", + chain_id: 8006, + verifying_contract: alloy_primitives_1_4_1::address!("66f9664f97F2b50F62D13eA064982f936dE76657"), + ) +} + +pub struct V0_14_0; + +struct KmsV0_14_0; + +impl KmsV0_14_0 { + fn gen_private_sig_key(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(PRIVATE_SIG_KEY_TEST.state); + let (_, private_sig_key) = gen_sig_keys(&mut rng); + + store_versioned_test!(&private_sig_key, dir, &PRIVATE_SIG_KEY_TEST.test_filename); + + TestMetadataKMS::PrivateSigKey(PRIVATE_SIG_KEY_TEST) + } + + fn gen_public_sig_key(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(PUBLIC_SIG_KEY_TEST.state); + let (public_sig_key, _) = gen_sig_keys(&mut rng); + + store_versioned_test!(&public_sig_key, dir, &PUBLIC_SIG_KEY_TEST.test_filename); + + TestMetadataKMS::PublicSigKey(PUBLIC_SIG_KEY_TEST) + } + + fn gen_typed_plaintext(dir: &PathBuf) -> TestMetadataKMS { + let test = typed_plaintext_test(); + + let plaintext = TypedPlaintext { + bytes: test.plaintext_bytes.clone(), + fhe_type: test.fhe_type, + }; + + // TypedPlaintext doesn't use tfhe-versionable, serialize directly with bincode + let serialized = bc2wrap::serialize(&plaintext).unwrap(); + let filename = format!("{}.bincode", test.test_filename); + std::fs::write(dir.join(&filename), serialized).unwrap(); + + TestMetadataKMS::TypedPlaintext(test) + } + + fn gen_app_key_blob(dir: &PathBuf) -> TestMetadataKMS { + let app_key_blob = AppKeyBlob { + root_key_id: APP_KEY_BLOB_TEST.root_key_id.to_string(), + data_key_blob: APP_KEY_BLOB_TEST.data_key_blob.into_owned().into(), + ciphertext: APP_KEY_BLOB_TEST.ciphertext.into_owned().into(), + iv: APP_KEY_BLOB_TEST.iv.into_owned().into(), + auth_tag: APP_KEY_BLOB_TEST.auth_tag.into_owned().into(), + }; + + store_versioned_test!(&app_key_blob, dir, &APP_KEY_BLOB_TEST.test_filename); + + TestMetadataKMS::AppKeyBlob(APP_KEY_BLOB_TEST) + } + + fn gen_key_gen_metadata(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(KEY_GEN_METADATA_TEST.state); + let (_verf_key, sig_key) = gen_sig_keys(&mut rng); + // We need to serialize something that is versioned, so let us just use signing keys for the test + let (pretend_server_key, pretend_public_key) = gen_sig_keys(&mut rng); + let preprocessing_id: RequestId = RequestId::new_random(&mut rng); + let key_id: RequestId = RequestId::new_random(&mut rng); + + let mut key_digest_map: HashMap> = HashMap::new(); + let mut legacy: HashMap = HashMap::new(); + let server_key_digest = + safe_serialize_hash_element_versioned(b"TESTTEST", &pretend_server_key).unwrap(); + let pub_key_digest = + safe_serialize_hash_element_versioned(b"TESTTEST", &pretend_public_key).unwrap(); + let sol_type = KeygenVerificationQ126::new_standard( + &preprocessing_id, + &key_id, + server_key_digest.clone(), + pub_key_digest.clone(), + ); + key_digest_map.insert(PubDataType::ServerKey, server_key_digest); + key_digest_map.insert(PubDataType::PublicKey, pub_key_digest); + let external_signature = + compute_eip712_signature(&sig_key, &sol_type, &dummy_domain()).unwrap(); + + legacy.insert( + PubDataType::ServerKey, + SignedPubDataHandleInternal { + key_handle: key_id.to_string(), + signature: vec![1_u8; 65], + external_signature: external_signature.clone(), + }, + ); + legacy.insert( + PubDataType::PublicKey, + SignedPubDataHandleInternal { + key_handle: key_id.to_string(), + signature: vec![2_u8; 65], + external_signature: external_signature.clone(), + }, + ); + + let current = KeyGenMetadataInner { + key_id, + preprocessing_id, + key_digest_map, + external_signature, + extra_data: None, + }; + store_versioned_auxiliary!( + &legacy, + dir, + &KEY_GEN_METADATA_TEST.test_filename, + &KEY_GEN_METADATA_TEST.legacy_filename, + ); + store_versioned_test!(¤t, dir, &KEY_GEN_METADATA_TEST.test_filename); + + TestMetadataKMS::KeyGenMetadata(KEY_GEN_METADATA_TEST) + } + + fn gen_crs_metadata(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(CRS_GEN_METADATA_TEST.state); + let (_verf_key, sig_key) = gen_sig_keys(&mut rng); + let crs_id: RequestId = RequestId::new_random(&mut rng); + let digest = [12u8; 32].to_vec(); + let max_num_bits = CRS_GEN_METADATA_TEST.max_num_bits; + let sol_type = CrsgenVerificationQ126::new(&crs_id, max_num_bits as usize, digest.clone()); + let external_signature = + compute_eip712_signature(&sig_key, &sol_type, &dummy_domain()).unwrap(); + let current_crs_meta_data = CrsGenMetadata::new( + crs_id, + digest, + max_num_bits, + external_signature.clone(), + vec![], // Empty extra data to signal legacy + ); + + let legacy_crs_meta_data = SignedPubDataHandleInternal::new( + crs_id.to_string(), + [3u8; 65].to_vec(), + external_signature.clone(), + ); + + store_versioned_auxiliary!( + &legacy_crs_meta_data, + dir, + &CRS_GEN_METADATA_TEST.test_filename, + &CRS_GEN_METADATA_TEST.legacy_filename, + ); + store_versioned_test!( + ¤t_crs_meta_data, + dir, + &CRS_GEN_METADATA_TEST.test_filename + ); + + TestMetadataKMS::CrsGenMetadata(CRS_GEN_METADATA_TEST) + } + + /// Twin of `gen_key_gen_metadata` for version 14.0 (with extra_data). + fn gen_key_gen_metadata_with_extra_data(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(KEY_GEN_METADATA_WITH_EXTRA_DATA_TEST.state); + let (_verf_key, sig_key) = gen_sig_keys(&mut rng); + let (pretend_server_key, pretend_public_key) = gen_sig_keys(&mut rng); + let preprocessing_id: RequestId = RequestId::new_random(&mut rng); + let key_id: RequestId = RequestId::new_random(&mut rng); + + let extra_data = KEY_GEN_METADATA_WITH_EXTRA_DATA_TEST.extra_data.to_vec(); + let mut key_digest_map: HashMap> = HashMap::new(); + let server_key_digest = + safe_serialize_hash_element_versioned(b"TESTTEST", &pretend_server_key).unwrap(); + let pub_key_digest = + safe_serialize_hash_element_versioned(b"TESTTEST", &pretend_public_key).unwrap(); + let sol_type = KeygenVerification::new_uncompressed( + &preprocessing_id, + &key_id, + server_key_digest.clone(), + pub_key_digest.clone(), + extra_data.clone(), + ); + key_digest_map.insert(PubDataType::ServerKey, server_key_digest); + key_digest_map.insert(PubDataType::PublicKey, pub_key_digest); + let external_signature = + compute_eip712_signature(&sig_key, &sol_type, &dummy_domain()).unwrap(); + + let current = KeyGenMetadataInner { + key_id, + preprocessing_id, + key_digest_map, + external_signature, + extra_data: Some(extra_data), + }; + store_versioned_test!( + ¤t, + dir, + &KEY_GEN_METADATA_WITH_EXTRA_DATA_TEST.test_filename, + ); + + TestMetadataKMS::KeyGenMetadataWithExtraData(KEY_GEN_METADATA_WITH_EXTRA_DATA_TEST) + } + + /// Twin of `gen_crs_metadata` for version 14.0 (with extra_data). + fn gen_crs_metadata_with_extra_data(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST.state); + let (_verf_key, sig_key) = gen_sig_keys(&mut rng); + let crs_id: RequestId = RequestId::new_random(&mut rng); + let digest = [12u8; 32].to_vec(); + let max_num_bits = CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST.max_num_bits; + let extra_data = CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST.extra_data.to_vec(); + let sol_type = CrsgenVerification::new( + &crs_id, + max_num_bits as usize, + digest.clone(), + extra_data.clone(), + ); + let external_signature = + compute_eip712_signature(&sig_key, &sol_type, &dummy_domain()).unwrap(); + let current_crs_meta_data = CrsGenMetadata::new( + crs_id, + digest, + max_num_bits, + external_signature.clone(), + extra_data, + ); + + store_versioned_test!( + ¤t_crs_meta_data, + dir, + &CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST.test_filename + ); + + TestMetadataKMS::CrsGenMetadataWithExtraData(CRS_GEN_METADATA_WITH_EXTRA_DATA_TEST) + } + + #[allow(clippy::ptr_arg)] + fn gen_signcryption_payload(dir: &PathBuf) -> TestMetadataKMS { + let test = signcryption_payload_test(); + + let payload = SigncryptionPayload { + plaintext: TypedPlaintext { + bytes: test.plaintext_bytes.clone(), + fhe_type: test.fhe_type, + }, + link: test.link.clone(), + }; + + // SigncryptionPayload doesn't use tfhe-versionable, serialize with bc2wrap from v0.11.1 + // This uses the exact bc2wrap implementation and bincode version from v0.11.1 + let serialized = bc2wrap::serialize(&payload).unwrap(); + let filename = format!("{}.bincode", test.test_filename); + std::fs::write(dir.join(&filename), serialized).unwrap(); + + TestMetadataKMS::SigncryptionPayload(test) + } + + fn gen_signcryption_key(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(SIGNCRYPTION_KEY_TEST.state); + let (_verf_key, server_sig_key) = gen_sig_keys(&mut rng); + let (client_verf_key, _server_sig_key) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_dec_key, enc_key) = encryption.keygen().unwrap(); + let signcrypt_key = UnifiedSigncryptionKeyOwned::new( + server_sig_key, + enc_key, + client_verf_key.verf_key_id(), + ); + store_versioned_test!(&signcrypt_key, dir, &SIGNCRYPTION_KEY_TEST.test_filename); + TestMetadataKMS::UnifiedSigncryptionKeyOwned(SIGNCRYPTION_KEY_TEST) + } + + fn gen_designcryption_key(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(UNSIGNCRYPTION_KEY_TEST.state); + let (sender_verf_key, _sender_sig_key) = gen_sig_keys(&mut rng); + let (receiver_verf_key, _receiver_sig_key) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (dec_key, enc_key) = encryption.keygen().unwrap(); + let signcrypt_key = UnifiedUnsigncryptionKeyOwned::new( + dec_key, + enc_key, + sender_verf_key, + receiver_verf_key.verf_key_id().to_vec(), + ); + store_versioned_test!(&signcrypt_key, dir, &UNSIGNCRYPTION_KEY_TEST.test_filename); + TestMetadataKMS::UnifiedUnsigncryptionKeyOwned(UNSIGNCRYPTION_KEY_TEST) + } + + fn gen_backup_ciphertext(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(BACKUP_CIPHERTEXT_TEST.state); + let backup_id: RequestId = RequestId::new_random(&mut rng); + // Generate the unified ciphertext after using the RNG for generating backup ID since backup ID + // will also be generated as part of the test + let mut kem_ct = [0_u8; 32]; + rng.fill_bytes(&mut kem_ct); + let mut payload_ct = [0_u8; 32]; + rng.fill_bytes(&mut payload_ct); + let ciphertext: UnifiedCipher = UnifiedCipher { + cipher: HybridKemCt { + nonce: [0_u8; 12], + kem_ct: kem_ct.to_vec(), + payload_ct: payload_ct.to_vec(), + }, + pke_type: PkeSchemeType::MlKem512, + }; + store_versioned_auxiliary!( + &ciphertext, + dir, + &BACKUP_CIPHERTEXT_TEST.test_filename, + &BACKUP_CIPHERTEXT_TEST.unified_cipher_filename, + ); + + let backup_ct = BackupCiphertext { + ciphertext, + priv_data_type: PrivDataType::SigningKey, + backup_id, + }; + + store_versioned_test!(&backup_ct, dir, &BACKUP_CIPHERTEXT_TEST.test_filename); + TestMetadataKMS::BackupCiphertext(BACKUP_CIPHERTEXT_TEST) + } + + fn gen_unified_signcryption(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(UNIFIED_SIGNCRYPTION_TEST.state); + let (verf_key, server_sig_key) = gen_sig_keys(&mut rng); + let (client_verf_key, _server_sig_key) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_dec_key, enc_key) = encryption.keygen().unwrap(); + let signcrypt_key = UnifiedSigncryptionKeyOwned::new( + server_sig_key, + enc_key, + client_verf_key.verf_key_id(), + ); + let signcryption = signcrypt_key + .signcrypt(&mut rng, b"TESTTEST", &verf_key) + .unwrap(); + + store_versioned_test!(&signcryption, dir, &UNIFIED_SIGNCRYPTION_TEST.test_filename); + TestMetadataKMS::UnifiedSigncryption(UNIFIED_SIGNCRYPTION_TEST) + } + + fn gen_unified_cipher(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(UNIFIED_CIPHER_TEST.state); + let mut kem_ct = [0_u8; 32]; + rng.fill_bytes(&mut kem_ct); + let mut payload_ct = [0_u8; 32]; + rng.fill_bytes(&mut payload_ct); + let kem = HybridKemCt { + nonce: [0_u8; 12], + kem_ct: kem_ct.to_vec(), + payload_ct: payload_ct.to_vec(), + }; + store_versioned_auxiliary!( + &kem, + dir, + &UNIFIED_CIPHER_TEST.test_filename, + &UNIFIED_CIPHER_TEST.hybrid_kem_filename, + ); + let cipher = UnifiedCipher { + cipher: kem, + pke_type: PkeSchemeType::MlKem512, + }; + + store_versioned_test!(&cipher, dir, &UNIFIED_CIPHER_TEST.test_filename); + + TestMetadataKMS::UnifiedCipher(UNIFIED_CIPHER_TEST) + } + + fn gen_hybrid_kem_ct(dir: &PathBuf) -> TestMetadataKMS { + let test = hybrid_kem_ct_test(); + let cipher = HybridKemCt { + nonce: test.nonce, + kem_ct: test.kem_ct.clone(), + payload_ct: test.payload_ct.clone(), + }; + + store_versioned_test!(&cipher, dir, &test.test_filename); + + TestMetadataKMS::HybridKemCt(test) + } + + fn gen_prss_setup_combined(dir: &PathBuf) -> TestMetadataKMS { + let role = Role::indexed_from_one(PRSS_SETUP_COMBINED_TEST.role_i); + let base_session_64 = get_networkless_base_session_for_parties( + PRSS_SETUP_COMBINED_TEST.amount as usize, + PRSS_SETUP_COMBINED_TEST.threshold, + role, + ); + let base_session_128 = get_networkless_base_session_for_parties( + PRSS_SETUP_COMBINED_TEST.amount as usize, + PRSS_SETUP_COMBINED_TEST.threshold, + role, + ); + let prss_setup_z64 = get_dummy_prss_setup::(base_session_64); + let prss_setup_z128 = get_dummy_prss_setup::(base_session_128); + let prss = PRSSSetupCombined { + prss_setup_z64: prss_setup_z64.clone(), + prss_setup_z128: prss_setup_z128.clone(), + num_parties: PRSS_SETUP_COMBINED_TEST.amount, + threshold: PRSS_SETUP_COMBINED_TEST.threshold, + }; + store_versioned_auxiliary!( + &prss_setup_z64, + dir, + &PRSS_SETUP_COMBINED_TEST.test_filename, + &PRSS_SETUP_COMBINED_TEST.prss_setup_64, + ); + store_versioned_auxiliary!( + &prss_setup_z128, + dir, + &PRSS_SETUP_COMBINED_TEST.test_filename, + &PRSS_SETUP_COMBINED_TEST.prss_setup_128, + ); + + store_versioned_test!(&prss, dir, &PRSS_SETUP_COMBINED_TEST.test_filename); + TestMetadataKMS::PrssSetupCombined(PRSS_SETUP_COMBINED_TEST) + } + + fn gen_context_info(dir: &PathBuf) -> TestMetadataKMS { + let test = context_info_test(); + let mut rng = AesRng::seed_from_u64(test.state); + // Note that `NodeInfo`, `SoftwareVersion` and `ReleasePCRValues` are tested separately so we just do a simple static construction here + let node_info = NodeInfo { + mpc_identity: "Staoshi Nakamoto".to_string(), + party_id: 42, + verification_key: None, + external_url: "https://node42.example.com".to_string(), + ca_cert: None, + public_storage_url: "https://storage.example.com/node42".to_string(), + public_storage_prefix: Some("PUB".to_string()), + extra_verification_keys: vec![], + }; + let software_version = SoftwareVersion { + major: 2, + minor: 11, + patch: 12, + tag: None, + }; + let pcr_values = ReleasePCRValues { + pcr0: vec![0_u8; 32], + pcr1: vec![1_u8; 32], + pcr2: vec![2_u8; 32], + }; + let context_info = ContextInfo { + mpc_nodes: vec![node_info.clone(), node_info.clone()], + software_version, + context_id: RequestId::new_random(&mut rng).into(), + threshold: test.threshold, + pcr_values: vec![pcr_values.clone(), pcr_values.clone()], + }; + + store_versioned_test!(&context_info, dir, &test.test_filename); + + TestMetadataKMS::ContextInfo(test) + } + + fn gen_node_info(dir: &PathBuf) -> TestMetadataKMS { + let node_info_test = node_info_test(); + let mut rng = AesRng::seed_from_u64(node_info_test.state); + let (verf_key, _sig_key) = gen_sig_keys(&mut rng); + let (verf_key2, _sig_key) = gen_sig_keys(&mut rng); + let node_info = NodeInfo { + mpc_identity: node_info_test.mpc_identity.to_string(), + party_id: node_info_test.party_id, + verification_key: Some(verf_key), + external_url: node_info_test.external_url.to_string(), + ca_cert: node_info_test.ca_cert.clone(), // We currently don't have simple code for generating certificates + public_storage_url: node_info_test.public_storage_url.to_string(), + public_storage_prefix: Some(node_info_test.public_storage_prefix.to_string()), + extra_verification_keys: vec![verf_key2], + }; + + store_versioned_test!(&node_info, dir, &node_info_test.test_filename); + + TestMetadataKMS::NodeInfo(node_info_test) + } + + fn gen_software_version(dir: &PathBuf) -> TestMetadataKMS { + let software_version = SoftwareVersion { + major: SOFTWARE_VERSION_TEST.major, + minor: SOFTWARE_VERSION_TEST.minor, + patch: SOFTWARE_VERSION_TEST.patch, + tag: Some(SOFTWARE_VERSION_TEST.tag.to_string()), + }; + + store_versioned_test!(&software_version, dir, &SOFTWARE_VERSION_TEST.test_filename); + + TestMetadataKMS::SoftwareVersion(SOFTWARE_VERSION_TEST) + } + + fn gen_recovery_material(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(RECOVERY_MATERIAL_TEST.state); + let backup_id: RequestId = RequestId::new_random(&mut rng); + let (operator_pk, operator_sk) = gen_sig_keys(&mut rng); + let mut commitments = BTreeMap::new(); + let mut cts = BTreeMap::new(); + for role_j in 1..=RECOVERY_MATERIAL_TEST.custodian_count { + let cus_role = Role::indexed_from_one(role_j); + let (custodian_pk, _) = gen_sig_keys(&mut rng); + let backup_material = BackupMaterial { + backup_id, + custodian_pk, + custodian_role: cus_role, + operator_pk: operator_pk.clone(), + shares: Vec::new(), + }; + let msg_digest = + safe_serialize_hash_element_versioned(&DSEP_BACKUP_COMMITMENT, &backup_material) + .unwrap(); + commitments.insert(cus_role, msg_digest); + let mut payload = [0_u8; 32]; + rng.fill_bytes(&mut payload); + let cts_out = InnerOperatorBackupOutput { + signcryption: UnifiedSigncryption { + payload: payload.to_vec(), + pke_type: PkeSchemeType::MlKem512, + signing_type: SigningSchemeType::Ecdsa256k1, + }, + }; + cts.insert(cus_role, cts_out); + } + + // Dummy payload; but needs to be a properly serialized payload + // This must be generated after the commitment stuff, since the test will regenerate the commitment stuff, + // but read the custodian context from disk + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_dec_key, enc_key) = encryption.keygen().unwrap(); + let (cus_pk, _) = gen_sig_keys(&mut rng); + let payload = CustodianSetupMessagePayload { + header: "header".to_string(), + random_value: [4_u8; 32], + timestamp: 0, + public_enc_key: enc_key.clone(), + verification_key: cus_pk.clone(), + }; + let mut payload_serial = Vec::new(); + safe_serialize(&payload, &mut payload_serial, SAFE_SER_SIZE_LIMIT).unwrap(); + let mut custodian_nodes = Vec::new(); + for role_j in 1..=RECOVERY_MATERIAL_TEST.custodian_count { + let setup_msg = CustodianSetupMessage { + custodian_role: role_j as u64, + name: format!("Custodian-{role_j}"), + payload: payload_serial.clone(), + }; + custodian_nodes.push(setup_msg); + } + let custodian_context = CustodianContext { + custodian_nodes, + custodian_context_id: Some(backup_id.into()), + threshold: 1, + }; + let internal_custodian_context = + InternalCustodianContext::new(custodian_context, enc_key).unwrap(); + store_versioned_auxiliary!( + &internal_custodian_context, + dir, + &RECOVERY_MATERIAL_TEST.test_filename, + &RECOVERY_MATERIAL_TEST.internal_cus_context_filename, + ); + let recovery_material = RecoveryValidationMaterial::new( + cts, + commitments, + internal_custodian_context, + &operator_sk, + kms_grpc_0_14_0::ContextId::from_bytes(RECOVERY_MATERIAL_TEST.mpc_context_id), + ) + .unwrap(); + store_versioned_test!( + &recovery_material, + dir, + &RECOVERY_MATERIAL_TEST.test_filename + ); + TestMetadataKMS::RecoveryValidationMaterial(RECOVERY_MATERIAL_TEST) + } + + fn gen_internal_recovery_request(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(INTERNAL_RECOVERY_REQUEST_TEST.state); + let backup_id: RequestId = RequestId::new_random(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_dec_key, enc_key) = encryption.keygen().unwrap(); + let (verf_key, _) = gen_sig_keys(&mut rng); + let mut cts = BTreeMap::new(); + for role_j in 1..=INTERNAL_RECOVERY_REQUEST_TEST.amount { + let cur_role = Role::indexed_from_one(role_j as usize); + let mut payload = [0_u8; 32]; + rng.fill_bytes(&mut payload); + let signcryption = UnifiedSigncryption { + payload: payload.to_vec(), + pke_type: PkeSchemeType::MlKem512, + signing_type: SigningSchemeType::Ecdsa256k1, + }; + cts.insert(cur_role, InnerOperatorBackupOutput { signcryption }); + } + let recovery_material = + InternalRecoveryRequest::new(enc_key, cts, backup_id, verf_key).unwrap(); + store_versioned_test!( + &recovery_material, + dir, + &INTERNAL_RECOVERY_REQUEST_TEST.test_filename + ); + TestMetadataKMS::InternalRecoveryRequest(INTERNAL_RECOVERY_REQUEST_TEST) + } + + fn gen_internal_cus_context_handles(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(INTERNAL_CUS_CONTEXT_TEST.state); + let context_id: RequestId = RequestId::new_random(&mut rng); + let mut cus_nodes = BTreeMap::new(); + for role_j in 1..=INTERNAL_CUS_CONTEXT_TEST.custodian_count { + let cus_role = Role::indexed_from_one(role_j); + let (custodian_verf_key, _) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_, cus_enc_key) = encryption.keygen().unwrap(); + let mut rnd = [0_u8; 32]; + rng.fill_bytes(&mut rnd); + let setup_msg = InternalCustodianSetupMessage { + header: "header".to_string(), + custodian_role: cus_role, + name: format!("role{role_j}"), + random_value: rnd, + timestamp: 42, + public_enc_key: cus_enc_key, + public_verf_key: custodian_verf_key, + }; + cus_nodes.insert(cus_role, setup_msg); + } + // Generate the extra encryption key last since it will be loaded from file and + // thus we should avoid using the RNG for the things that it will be used to generate in the test + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (_, cus_enc_key) = encryption.keygen().unwrap(); + let internal_cus_context = InternalCustodianContext { + threshold: 1, + context_id, + custodian_nodes: cus_nodes, + backup_enc_key: cus_enc_key.clone(), + }; + store_versioned_auxiliary!( + &cus_enc_key, + dir, + &INTERNAL_CUS_CONTEXT_TEST.test_filename, + &INTERNAL_CUS_CONTEXT_TEST.unified_enc_key_filename, + ); + + store_versioned_test!( + &internal_cus_context, + dir, + &INTERNAL_CUS_CONTEXT_TEST.test_filename + ); + + TestMetadataKMS::InternalCustodianContext(INTERNAL_CUS_CONTEXT_TEST) + } + + fn gen_kms_fhe_key_handles(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(KMS_FHE_KEY_HANDLES_TEST.state); + let (_, private_sig_key) = gen_sig_keys(&mut rng); + store_versioned_auxiliary!( + &private_sig_key, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename, + &KMS_FHE_KEY_HANDLES_TEST.sig_key_filename, + ); + + let dkg_params: DKGParams = DKGParams::WithSnS(convert_dkg_params_sns( + KMS_FHE_KEY_HANDLES_TEST.dkg_parameters_sns, + )); + let seed = Some(Seed(KMS_FHE_KEY_HANDLES_TEST.seed)); + + let client_key = generate_client_fhe_key(dkg_params, Tag::default(), seed); + store_versioned_auxiliary!( + &client_key, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename, + &KMS_FHE_KEY_HANDLES_TEST.client_key_filename, + ); + + // The following code is basically the same as in `generate_fhe_keys` in + // `service/src/cryptography/central_kms.rs`, because we need to retrieve and save some of + // its intermediate values in order to be able to re-build a KmsFheKeyHandles in tests + let server_key = client_key.generate_server_key(); + let server_key = server_key.into_raw_parts(); + let decompression_key = server_key.3.clone(); + + store_versioned_auxiliary!( + &decompression_key, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename, + &KMS_FHE_KEY_HANDLES_TEST.decompression_key_filename, + ); + + let server_key = ServerKey::from_raw_parts( + server_key.0, + server_key.1, + server_key.2, + server_key.3, + server_key.4, + server_key.5, + server_key.6, + server_key.7, + Tag::default(), + ); + + store_versioned_auxiliary!( + &server_key, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename, + &KMS_FHE_KEY_HANDLES_TEST.server_key_filename, + ); + + let public_key = FhePublicKey::new(&client_key); + store_versioned_auxiliary!( + &public_key, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename, + &KMS_FHE_KEY_HANDLES_TEST.public_key_filename, + ); + + let public_key_set = FhePubKeySet { + public_key, + server_key, + }; + + // NOTE: kms_fhe_key_handles.public_key_info is a HashMap + // so generation is not deterministic + let key_id = kms_grpc_0_14_0::RequestId::zeros(); + let preproc_id = kms_grpc_0_14_0::RequestId::zeros(); + let kms_fhe_key_handles = KmsFheKeyHandles::new( + &private_sig_key, + client_key, + &key_id, + &preproc_id, + &public_key_set, + decompression_key, + &dummy_domain(), + Vec::new(), // empty extra_data + ) + .unwrap(); + + store_versioned_test!( + &kms_fhe_key_handles, + dir, + &KMS_FHE_KEY_HANDLES_TEST.test_filename + ); + + TestMetadataKMS::KmsFheKeyHandles(KMS_FHE_KEY_HANDLES_TEST) + } + + fn gen_threshold_fhe_keys(dir: &PathBuf) -> TestMetadataKMS { + let role = Role::indexed_from_one(THRESHOLD_FHE_KEYS_TEST.role_i); + let mut base_session = get_networkless_base_session_for_parties( + THRESHOLD_FHE_KEYS_TEST.amount, + THRESHOLD_FHE_KEYS_TEST.threshold, + role, + ); + let dkg_params: DKGParams = DKGParams::WithSnS(convert_dkg_params_sns( + THRESHOLD_FHE_KEYS_TEST.dkg_parameters_sns, + )); + + let rt = Runtime::new().unwrap(); + let (fhe_pub_key_set, private_key_set) = rt.block_on(async { + insecure_initialize_key_material(&mut base_session, dkg_params, Tag::default()) + .await + .unwrap() + }); + store_versioned_auxiliary!( + &private_key_set, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename, + &THRESHOLD_FHE_KEYS_TEST.private_key_set_filename, + ); + + let (integer_server_key, _, _, _, sns_key, _, _, _, _) = + fhe_pub_key_set.server_key.clone().into_raw_parts(); + store_versioned_auxiliary!( + &sns_key, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename, + &THRESHOLD_FHE_KEYS_TEST.sns_key_filename, + ); + store_versioned_auxiliary!( + &integer_server_key, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename, + &THRESHOLD_FHE_KEYS_TEST.integer_server_key_filename, + ); + + // NOTE: this is not deterministic since the result is a HashMap + // compute_all_info doesn't exist in v0.11.1, so we create the metadata manually + let info: HashMap = HashMap::new(); + store_versioned_auxiliary!( + &info, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename, + &THRESHOLD_FHE_KEYS_TEST.info_filename, + ); + + let decompression_key = fhe_pub_key_set.server_key.to_owned().into_raw_parts().3; + store_versioned_auxiliary!( + &decompression_key, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename, + &THRESHOLD_FHE_KEYS_TEST.decompression_key_filename, + ); + + let public_material = PublicKeyMaterial::Uncompressed { + integer_server_key: std::sync::Arc::new(integer_server_key), + sns_key: sns_key.map(std::sync::Arc::new), + decompression_key: decompression_key.map(std::sync::Arc::new), + }; + let threshold_fhe_keys = ThresholdFheKeys::new( + std::sync::Arc::new(private_key_set), + public_material, + kms_0_14_0::engine::base::KeyGenMetadata::LegacyV0(info), + ); + + store_versioned_test!( + &threshold_fhe_keys, + dir, + &THRESHOLD_FHE_KEYS_TEST.test_filename + ); + + TestMetadataKMS::ThresholdFheKeys(THRESHOLD_FHE_KEYS_TEST) + } + + /// Generates the _internal_ custodian setup message + fn gen_internal_cus_setup_msg(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(INTERNAL_CUS_SETUP_MSG_TEST.state); + let (_verification_key, signing_key) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (private_key, public_key) = encryption.keygen().unwrap(); + let custodian = Custodian::new( + Role::indexed_from_one(1), + signing_key, + public_key, + private_key, + ) + .unwrap(); + let custodian_setup_message = custodian + .generate_setup_message(&mut rng, "custodian-1".to_string()) + .unwrap(); + store_versioned_test!( + &custodian_setup_message, + dir, + &INTERNAL_CUS_SETUP_MSG_TEST.test_filename + ); + TestMetadataKMS::InternalCustodianSetupMessage(INTERNAL_CUS_SETUP_MSG_TEST) + } + + fn gen_internal_cus_rec_out(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(INTERNAL_CUS_REC_OUT_TEST.state); + let (operator_verification_key, _) = gen_sig_keys(&mut rng); + let mut buf = [0u8; 100]; + rng.fill_bytes(&mut buf); + let signcryption = UnifiedSigncryption { + payload: buf.to_vec(), + pke_type: PkeSchemeType::MlKem512, + signing_type: SigningSchemeType::Ecdsa256k1, + }; + let icro = InternalCustodianRecoveryOutput { + signcryption, + custodian_role: Role::indexed_from_one(2), + operator_verification_key, + mpc_context_id: RequestId::from_bytes(INTERNAL_CUS_REC_OUT_TEST.mpc_context_id), + }; + store_versioned_test!(&icro, dir, &INTERNAL_CUS_REC_OUT_TEST.test_filename); + TestMetadataKMS::InternalCustodianRecoveryOutput(INTERNAL_CUS_REC_OUT_TEST) + } + + fn gen_operator_backup_output(dir: &PathBuf) -> TestMetadataKMS { + let mut rng = AesRng::seed_from_u64(OPERATOR_BACKUP_OUTPUT_TEST.seed); + + let custodians: Vec<_> = (1..=OPERATOR_BACKUP_OUTPUT_TEST.custodian_count) + .map(|i| { + let (_verification_key, signing_key) = gen_sig_keys(&mut rng); + let mut encryption = Encryption::new(PkeSchemeType::MlKem512, &mut rng); + let (private_key, public_key) = encryption.keygen().unwrap(); + Custodian::new( + Role::indexed_from_one(i), + signing_key, + public_key, + private_key, + ) + .unwrap() + }) + .collect(); + let custodian_messages: Vec<_> = custodians + .iter() + .enumerate() + .map(|(i, c)| { + c.generate_setup_message(&mut rng, format!("Custodian-{i}")) + .unwrap() + }) + .collect(); + + let operator = { + let (_verification_key, signing_key) = gen_sig_keys(&mut rng); + Operator::new_for_sharing( + custodian_messages, + signing_key, + OPERATOR_BACKUP_OUTPUT_TEST.custodian_threshold, + custodians.len(), + ) + .unwrap() + }; + let operator_backup_output = &operator + .secret_share_and_signcrypt( + &mut rng, + &OPERATOR_BACKUP_OUTPUT_TEST.plaintext, + RequestId::from_bytes(OPERATOR_BACKUP_OUTPUT_TEST.backup_id), + ) + .unwrap() + .ct_shares[&Role::indexed_from_one(1)]; + + store_versioned_test!( + operator_backup_output, + dir, + &OPERATOR_BACKUP_OUTPUT_TEST.test_filename + ); + TestMetadataKMS::OperatorBackupOutput(OPERATOR_BACKUP_OUTPUT_TEST) + } +} + +struct DistributedDecryptionV0_14_0; + +impl DistributedDecryptionV0_14_0 { + fn gen_prss_setup_rpoly_64(dir: &PathBuf) -> TestMetadataDD { + let role = Role::indexed_from_one(PRSS_SETUP_RPOLY_64_TEST.role_i); + let base_session = get_networkless_base_session_for_parties( + PRSS_SETUP_RPOLY_64_TEST.amount, + PRSS_SETUP_RPOLY_64_TEST.threshold, + role, + ); + let prss_setup = get_dummy_prss_setup::(base_session); + + store_versioned_test!(&prss_setup, dir, &PRSS_SETUP_RPOLY_64_TEST.test_filename); + + TestMetadataDD::PRSSSetup(PRSS_SETUP_RPOLY_64_TEST) + } + + fn gen_prss_setup_rpoly_128(dir: &PathBuf) -> TestMetadataDD { + let role = Role::indexed_from_one(PRSS_SETUP_RPOLY_128_TEST.role_i); + let base_session = get_networkless_base_session_for_parties( + PRSS_SETUP_RPOLY_128_TEST.amount, + PRSS_SETUP_RPOLY_128_TEST.threshold, + role, + ); + let prss_setup = get_dummy_prss_setup::(base_session); + + store_versioned_test!(&prss_setup, dir, &PRSS_SETUP_RPOLY_128_TEST.test_filename); + + TestMetadataDD::PRSSSetup(PRSS_SETUP_RPOLY_128_TEST) + } + + fn gen_prss_set_64(dir: &PathBuf) -> TestMetadataDD { + let mut rng = AesRng::seed_from_u64(PRSS_SET_64_TEST.state); + + let mut party_set = Vec::new(); + for i in 1..=PRSS_SET_64_TEST.amount_parties { + party_set.push(Role::indexed_from_one(i)); + } + + let mut set_key = [0u8; 16]; + rng.fill_bytes(&mut set_key); + + let mut f_a_points = Vec::new(); + for _ in 0..PRSS_SET_64_TEST.amount_points { + f_a_points.push(ResiduePolyF4Z64::from_scalar(Wrapping(rng.next_u64()))); + } + + let current_set = PrssSet::::new( + party_set.clone(), + PrfKey(set_key.clone()), + f_a_points.clone(), + ); + let legacy_set = PrssSetV0::::new( + party_set.iter().map(|r| r.one_based()).collect(), + PrfKey(set_key.clone()), + f_a_points.clone(), + ); + store_versioned_auxiliary!( + &legacy_set.upgrade().unwrap(), + dir, + &PRSS_SET_64_TEST.test_filename, + &PRSS_SET_64_TEST.legacy_filename, + ); + store_versioned_test!(¤t_set, dir, &PRSS_SET_64_TEST.test_filename); + + TestMetadataDD::PrssSet(PRSS_SET_64_TEST) + } + + fn gen_prss_set_128(dir: &PathBuf) -> TestMetadataDD { + let mut rng = AesRng::seed_from_u64(PRSS_SET_128_TEST.state); + + let mut party_set = Vec::new(); + for i in 1..=PRSS_SET_128_TEST.amount_parties { + party_set.push(Role::indexed_from_one(i)); + } + + let mut set_key = [0u8; 16]; + rng.fill_bytes(&mut set_key); + + let mut f_a_points = Vec::new(); + for _ in 0..PRSS_SET_128_TEST.amount_points { + f_a_points.push(ResiduePolyF4Z128::from_scalar(Wrapping( + rng.next_u64() as u128 + ))); + } + + let current_set = PrssSet::::new( + party_set.clone(), + PrfKey(set_key.clone()), + f_a_points.clone(), + ); + let legacy_set = PrssSetV0::::new( + party_set.iter().map(|r| r.one_based()).collect(), + PrfKey(set_key.clone()), + f_a_points.clone(), + ); + store_versioned_auxiliary!( + &legacy_set.upgrade().unwrap(), + dir, + &PRSS_SET_128_TEST.test_filename, + &PRSS_SET_128_TEST.legacy_filename, + ); + store_versioned_test!(¤t_set, dir, &PRSS_SET_128_TEST.test_filename); + + TestMetadataDD::PrssSet(PRSS_SET_128_TEST) + } + + fn gen_share_64(dir: &PathBuf) -> TestMetadataDD { + let role = Role::indexed_from_one(SHARE_64_TEST.owner); + let val = ResiduePolyF4Z64::from_scalar(Wrapping(SHARE_64_TEST.value as u64)); + let share = Share::::new(role, val); + + store_versioned_test!(&share, dir, &SHARE_64_TEST.test_filename); + + TestMetadataDD::Share(SHARE_64_TEST) + } + + fn gen_share_128(dir: &PathBuf) -> TestMetadataDD { + let role = Role::indexed_from_one(SHARE_128_TEST.owner); + let val = ResiduePolyF4Z128::from_scalar(Wrapping(SHARE_128_TEST.value)); + let share = Share::::new(role, val); + + store_versioned_test!(&share, dir, &SHARE_128_TEST.test_filename); + + TestMetadataDD::Share(SHARE_128_TEST) + } + + fn gen_prf_key(dir: &PathBuf) -> TestMetadataDD { + let mut buf = [0u8; 16]; + let mut rng = AesRng::from_seed(PRF_KEY_TEST.seed.to_le_bytes()); + rng.fill_bytes(&mut buf); + + let prf_key = PrfKey(buf); + + store_versioned_test!(&prf_key, dir, &PRF_KEY_TEST.test_filename); + + TestMetadataDD::PrfKey(PRF_KEY_TEST) + } + + fn gen_release_pcr_values(dir: &PathBuf) -> TestMetadataDD { + let mut rng = AesRng::seed_from_u64(RELEASE_PCR_VALUES_TEST.state); + let mut pcr0 = [0u8; 64]; + rng.fill_bytes(&mut pcr0); + let mut pcr1 = [0u8; 33]; + rng.fill_bytes(&mut pcr1); + let mut pcr2 = [0u8; 73]; + rng.fill_bytes(&mut pcr2); + + let pcr_values = ReleasePCRValues { + pcr0: pcr0.to_vec(), + pcr1: pcr1.to_vec(), + pcr2: pcr2.to_vec(), + }; + + store_versioned_test!(&pcr_values, dir, &RELEASE_PCR_VALUES_TEST.test_filename); + + TestMetadataDD::ReleasePCRValues(RELEASE_PCR_VALUES_TEST) + } +} + +struct KmsGrpcV0_14_0; + +impl KmsGrpcV0_14_0 { + fn gen_signed_pub_data_handle_internal(dir: &PathBuf) -> TestMetadataKmsGrpc { + let signed_pub_data_handle_internal = SignedPubDataHandleInternal::new( + SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST.key_handle.to_string(), + SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST.signature.to_vec(), + SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST + .external_signature + .to_vec(), + ); + + store_versioned_test!( + &signed_pub_data_handle_internal, + dir, + &SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST.test_filename + ); + + TestMetadataKmsGrpc::SignedPubDataHandleInternal(SIGNED_PUB_DATA_HANDLE_INTERNAL_TEST) + } + + fn gen_pub_data_type(dir: &PathBuf) -> TestMetadataKmsGrpc { + let pub_data_type = PubDataType::DecompressionKey; + store_versioned_test!(&pub_data_type, dir, &PUB_DATA_TYPE.test_filename); + + TestMetadataKmsGrpc::PubDataType(PUB_DATA_TYPE) + } + + fn gen_priv_data_type(dir: &PathBuf) -> TestMetadataKmsGrpc { + let priv_data_type = PrivDataType::ContextInfo; + store_versioned_test!(&priv_data_type, dir, &PRIV_DATA_TYPE.test_filename); + + TestMetadataKmsGrpc::PrivDataType(PRIV_DATA_TYPE) + } +} + +impl KMSCoreVersion for V0_14_0 { + const VERSION_NUMBER: &'static str = "0.14.0"; + + // Without this, some keys will be generated differently every time we run the script + fn seed_prng(seed: u128) { + let mut seeder = DeterministicSeeder::::new(Seed(seed)); + let shortint_engine = ShortintEngine::new_from_seeder(&mut seeder); + ShortintEngine::with_thread_local_mut(|local_engine| { + let _ = std::mem::replace(local_engine, shortint_engine); + }); + } + + fn gen_kms_data() -> Vec { + let dir = Self::data_dir().join(KMS_MODULE_NAME); + create_dir_all(&dir).unwrap(); + + vec![ + KmsV0_14_0::gen_private_sig_key(&dir), + KmsV0_14_0::gen_public_sig_key(&dir), + KmsV0_14_0::gen_app_key_blob(&dir), + KmsV0_14_0::gen_key_gen_metadata(&dir), + KmsV0_14_0::gen_crs_metadata(&dir), + KmsV0_14_0::gen_key_gen_metadata_with_extra_data(&dir), + KmsV0_14_0::gen_crs_metadata_with_extra_data(&dir), + KmsV0_14_0::gen_typed_plaintext(&dir), + KmsV0_14_0::gen_signcryption_payload(&dir), + KmsV0_14_0::gen_signcryption_key(&dir), + KmsV0_14_0::gen_designcryption_key(&dir), + KmsV0_14_0::gen_unified_signcryption(&dir), + KmsV0_14_0::gen_backup_ciphertext(&dir), + KmsV0_14_0::gen_unified_cipher(&dir), + KmsV0_14_0::gen_hybrid_kem_ct(&dir), + KmsV0_14_0::gen_prss_setup_combined(&dir), + KmsV0_14_0::gen_context_info(&dir), + KmsV0_14_0::gen_node_info(&dir), + KmsV0_14_0::gen_software_version(&dir), + KmsV0_14_0::gen_recovery_material(&dir), + KmsV0_14_0::gen_internal_recovery_request(&dir), + KmsV0_14_0::gen_internal_cus_context_handles(&dir), + KmsV0_14_0::gen_internal_cus_setup_msg(&dir), + KmsV0_14_0::gen_kms_fhe_key_handles(&dir), + KmsV0_14_0::gen_threshold_fhe_keys(&dir), + KmsV0_14_0::gen_internal_cus_rec_out(&dir), + KmsV0_14_0::gen_operator_backup_output(&dir), + ] + } + + fn gen_threshold_fhe_data() -> Vec { + let dir = Self::data_dir().join(DISTRIBUTED_DECRYPTION_MODULE_NAME); + create_dir_all(&dir).unwrap(); + + vec![ + DistributedDecryptionV0_14_0::gen_prss_setup_rpoly_64(&dir), + DistributedDecryptionV0_14_0::gen_prss_setup_rpoly_128(&dir), + DistributedDecryptionV0_14_0::gen_prss_set_64(&dir), + DistributedDecryptionV0_14_0::gen_prss_set_128(&dir), + DistributedDecryptionV0_14_0::gen_share_64(&dir), + DistributedDecryptionV0_14_0::gen_share_128(&dir), + DistributedDecryptionV0_14_0::gen_prf_key(&dir), + DistributedDecryptionV0_14_0::gen_release_pcr_values(&dir), + ] + } + + fn gen_kms_grpc_data() -> Vec { + let dir = Self::data_dir().join(KMS_GRPC_MODULE_NAME); + create_dir_all(&dir).unwrap(); + + vec![ + KmsGrpcV0_14_0::gen_signed_pub_data_handle_internal(&dir), + KmsGrpcV0_14_0::gen_pub_data_type(&dir), + KmsGrpcV0_14_0::gen_priv_data_type(&dir), + ] + } +} diff --git a/backward-compatibility/generate-v0.14.0/src/generate.rs b/backward-compatibility/generate-v0.14.0/src/generate.rs new file mode 100644 index 0000000000..398b485da3 --- /dev/null +++ b/backward-compatibility/generate-v0.14.0/src/generate.rs @@ -0,0 +1,174 @@ +//! Utility functions, traits and macros to generate and store versioned data for any kms-core version. + +use std::{ + borrow::Cow, + fs, + path::{Path, PathBuf}, +}; + +use serde::Serialize; +use tfhe_versionable_0_7::Versionize as Versionize_0_7; + +use backward_compatibility::{ + data_dir, dir_for_version, + parameters::{ + ClassicPBSParametersTest, DKGParamsRegularTest, DKGParamsSnSTest, + SwitchAndSquashCompressionParametersTest, SwitchAndSquashParametersTest, + }, + TestMetadataDD, TestMetadataKMS, TestMetadataKmsGrpc, +}; + +// Parameters set for tests in kms-core 0.9, found in `PARAMS_TEST_BK_SNS`. However, for stability +// reasons, these should never change. +// For `DKGParamsRegularTest`, parameters `dedicated_compact_public_key_parameters` and +// `compression_decompression_parameters` are not included because they are optional tfhe-rs types, +// which means their backward compatibility is already tested. +pub const TEST_DKG_PARAMS_SNS: DKGParamsSnSTest = DKGParamsSnSTest { + regular_params: DKGParamsRegularTest { + sec: 128, + ciphertext_parameters: ClassicPBSParametersTest { + lwe_dimension: 10, + glwe_dimension: 1, + polynomial_size: 256, + lwe_noise_gaussian: 0, + glwe_noise_gaussian: 0, + pbs_base_log: 16, + pbs_level: 1, + ks_base_log: 14, + ks_level: 1, + message_modulus: 4, + carry_modulus: 4, + max_noise_level: 5, + log2_p_fail: -49.5137, // dummy parameter + encryption_key_choice: Cow::Borrowed("big"), + }, + flag: true, + }, + sns_params: SwitchAndSquashParametersTest { + glwe_dimension: 1, + glwe_noise_distribution: 0, + polynomial_size: 256, + pbs_base_log: 32, + pbs_level: 2, + message_modulus: 4, + carry_modulus: 4, + }, + sns_compression_parameters: SwitchAndSquashCompressionParametersTest { + packing_ks_level: 1, + packing_ks_base_log: 16, + packing_ks_polynomial_size: 256, + packing_ks_glwe_dimension: 1, + lwe_per_glwe: 10, + packing_ks_key_noise_distribution: 0, + message_modulus: 4, + carry_modulus: 4, + }, +}; + +pub fn save_bcode>(msg: &Data, path: P) { + // Use bincode 2.x API with legacy config to match bc2wrap behavior + let config = bincode::config::legacy().with_fixed_int_encoding(); + let encoded = bincode::serde::encode_to_vec(msg, config).unwrap(); + fs::write(path, encoded).unwrap(); +} + +/// Stores the test data in `dir`, encoded in bincode, using the right tfhe-versionable version +macro_rules! define_store_versioned_test_fn { + ($fn_name:ident, $versionize_trait:ident) => { + pub fn $fn_name>( + msg: &Data, + dir: P, + test_filename: &str, + ) { + let versioned = msg.versionize(); + + // Store in bincode + let filename_bincode = format!("{}.bcode", test_filename); + save_bcode(&versioned, dir.as_ref().join(filename_bincode)); + } + }; +} +define_store_versioned_test_fn!(store_versioned_test_05, Versionize_0_7); + +/// Stores the auxiliary data in `dir`, encoded in bincode, using the right tfhe-versionable version +macro_rules! define_store_versioned_auxiliary_fn { + ($fn_name:ident, $versionize_trait:ident) => { + pub fn $fn_name>( + msg: &Data, + dir: P, + test_name: &str, + filename: &str, + ) { + let versioned = msg.versionize(); + + // Store in bincode + let filename_bincode = format!("{}.bcode", filename); + let sub_dir_name = format!("auxiliary_{}", test_name); + let sub_dir = dir.as_ref().join(&sub_dir_name); + fs::create_dir_all(&sub_dir).unwrap(); + save_bcode( + &versioned, + dir.as_ref().join(sub_dir_name).join(filename_bincode), + ); + } + }; +} +define_store_versioned_auxiliary_fn!(store_versioned_auxiliary_05, Versionize_0_7); + +pub fn store_metadata(new_data: &Vec, path: P) +where + Meta: Serialize + serde::de::DeserializeOwned + Clone, + P: AsRef, +{ + let path = path.as_ref(); + + // If file doesn't exist, just write the new data + if !path.exists() { + let serialized = + ron::ser::to_string_pretty(new_data, ron::ser::PrettyConfig::default()).unwrap(); + fs::write(path, serialized).unwrap(); + return; + } + + // Load existing metadata + let existing_content = fs::read_to_string(path).unwrap(); + let mut combined_data: Vec = + ron::from_str(&existing_content).expect("Failed to deserialize existing metadata"); + + // Append new entries + combined_data.extend_from_slice(new_data); + + // Write combined data + let serialized = + ron::ser::to_string_pretty(&combined_data, ron::ser::PrettyConfig::default()).unwrap(); + fs::write(path, serialized).unwrap(); +} + +pub trait KMSCoreVersion { + const VERSION_NUMBER: &'static str; + + fn data_dir() -> PathBuf { + let base_data_dir = data_dir(); + dir_for_version(base_data_dir, Self::VERSION_NUMBER) + } + + /// How to fix the prng seed for this version to make sure the generated (public) keys do not change every time we run the script + fn seed_prng(seed: u128); + + /// Generates data for the KMS module for this version. + /// This should create KMS-core types, versionize them and store them into the version specific directory. + /// The metadata for the generated tests should be returned in the same order that the tests will be run. + fn gen_kms_data() -> Vec; + + /// Generates data for the KMG grpc module for this version. + /// This should create types from kms-grpc, + /// versionize them and store them into the version specific directory. + /// The metadata for the generated tests should be returned in the same order that the tests will be run. + fn gen_kms_grpc_data() -> Vec; + + /// Generates data for the distributed decryption module for this version. + /// This should create types from distributed decryption, + /// versionize them and store them into the version specific directory. + /// The metadata for the generated tests should be returned in the same order that the tests will be run. + fn gen_threshold_fhe_data() -> Vec; +} diff --git a/backward-compatibility/generate-v0.14.0/src/lib.rs b/backward-compatibility/generate-v0.14.0/src/lib.rs new file mode 100644 index 0000000000..a07a7d51b1 --- /dev/null +++ b/backward-compatibility/generate-v0.14.0/src/lib.rs @@ -0,0 +1,7 @@ +//! Data generation utilities for backward compatibility tests. +//! +//! This crate is separate from `backward-compatibility` to isolate version-specific +//! dependencies (like old KMS versions) from the test loading and execution logic. + +pub mod data_0_14; +pub mod generate; diff --git a/backward-compatibility/generate-v0.14.0/src/main.rs b/backward-compatibility/generate-v0.14.0/src/main.rs new file mode 100644 index 0000000000..64d5de52d2 --- /dev/null +++ b/backward-compatibility/generate-v0.14.0/src/main.rs @@ -0,0 +1,64 @@ +//! Main file to run for generating all the versioned data for all kms-core versions. + +use backward_compatibility::{ + data_dir, TestMetadataDD, TestMetadataKMS, TestMetadataKmsGrpc, Testcase, + DISTRIBUTED_DECRYPTION_MODULE_NAME, KMS_GRPC_MODULE_NAME, KMS_MODULE_NAME, PRNG_SEED, +}; +use backward_compatibility_generate_v0_14_0::{ + data_0_14::V0_14_0, + generate::{store_metadata, KMSCoreVersion}, +}; + +// Type aliases +type KmsTestcases = Vec>; +type KmsGrpcTestcases = Vec>; +type DdTestcases = Vec>; + +fn gen_testcases( + gen_data_fn: F, + module_name: &str, +) -> Vec> +where + F: Fn() -> Vec, + Metadata: Clone, +{ + let tests = gen_data_fn(); + + tests + .iter() + .map(|metadata| Testcase { + kms_core_version_min: Vers::VERSION_NUMBER.to_string(), + kms_core_module: module_name.to_string(), + metadata: metadata.clone(), + }) + .collect() +} + +fn gen_all_data() -> (KmsTestcases, KmsGrpcTestcases, DdTestcases) { + // Seed TFHE-rs' key generation PRNG + Vers::seed_prng(PRNG_SEED); + + let kms_testcases = + gen_testcases::(Vers::gen_kms_data, KMS_MODULE_NAME); + + let kms_grpc_testcases = gen_testcases::( + Vers::gen_kms_grpc_data, + KMS_GRPC_MODULE_NAME, + ); + + let dd_testcases = gen_testcases::( + Vers::gen_threshold_fhe_data, + DISTRIBUTED_DECRYPTION_MODULE_NAME, + ); + + (kms_testcases, kms_grpc_testcases, dd_testcases) +} + +fn main() { + let (kms_testcases, kms_grpc_testcases, dd_testcases) = gen_all_data::(); + + // Use module name as the filename prefix + store_metadata(&kms_testcases, data_dir().join("kms.ron")); + store_metadata(&kms_grpc_testcases, data_dir().join("kms-grpc.ron")); + store_metadata(&dd_testcases, data_dir().join("threshold-fhe.ron")); +} From c535aa7e16f493ce110226c17bb62e4ebbf5a54f Mon Sep 17 00:00:00 2001 From: Tore Frederiksen Date: Tue, 19 May 2026 16:04:06 +0200 Subject: [PATCH 3/4] chore: handle copilot comments --- backward-compatibility/generate-v0.14.0/Cargo.toml | 2 +- backward-compatibility/generate-v0.14.0/src/generate.rs | 2 +- core/service/tests/backward_compatibility_kms.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/backward-compatibility/generate-v0.14.0/Cargo.toml b/backward-compatibility/generate-v0.14.0/Cargo.toml index f412757da7..f5ffe73dd1 100644 --- a/backward-compatibility/generate-v0.14.0/Cargo.toml +++ b/backward-compatibility/generate-v0.14.0/Cargo.toml @@ -15,7 +15,7 @@ bc2wrap = { git = "https://github.com/zama-ai/kms.git", package = "bc2wrap", rev # This is intentional - these crates are excluded from the workspace for isolation. # Each generator may need different versions to match its target KMS version. -# All dependencies below target tag v0.14.0-0. +# All dependencies below target tag v0.14.0-0 (for now just using a commit from main until tag is made). kms_0_14_0 = { git = "https://github.com/zama-ai/kms.git", package = "kms", rev = "3eb3862"} kms_grpc_0_14_0 = { git = "https://github.com/zama-ai/kms.git", package = "kms-grpc", rev = "3eb3862"} algebra_0_14_0 = { git = "https://github.com/zama-ai/kms.git", package = "threshold-algebra", default-features = false, rev = "3eb3862" } diff --git a/backward-compatibility/generate-v0.14.0/src/generate.rs b/backward-compatibility/generate-v0.14.0/src/generate.rs index 398b485da3..492e83fd80 100644 --- a/backward-compatibility/generate-v0.14.0/src/generate.rs +++ b/backward-compatibility/generate-v0.14.0/src/generate.rs @@ -160,7 +160,7 @@ pub trait KMSCoreVersion { /// The metadata for the generated tests should be returned in the same order that the tests will be run. fn gen_kms_data() -> Vec; - /// Generates data for the KMG grpc module for this version. + /// Generates data for the KMS grpc module for this version. /// This should create types from kms-grpc, /// versionize them and store them into the version specific directory. /// The metadata for the generated tests should be returned in the same order that the tests will be run. diff --git a/core/service/tests/backward_compatibility_kms.rs b/core/service/tests/backward_compatibility_kms.rs index 6c011f539e..4bac3f9b87 100644 --- a/core/service/tests/backward_compatibility_kms.rs +++ b/core/service/tests/backward_compatibility_kms.rs @@ -723,7 +723,7 @@ fn test_context_info( let original_versionized: ContextInfo = load_and_unversionize(dir, test, format)?; let mut rng = AesRng::seed_from_u64(test.state); let node_info = NodeInfo { - mpc_identity: "Staoshi Nakamoto".to_string(), + mpc_identity: "Satoshi Nakamoto".to_string(), party_id: 42, verification_key: None, external_url: "https://node42.example.com".to_string(), From 4cb7f174805c197ec7a4f1654d4f2a065d00a319 Mon Sep 17 00:00:00 2001 From: Tore Frederiksen Date: Tue, 19 May 2026 16:31:07 +0200 Subject: [PATCH 4/4] chore: regenerate --- backward-compatibility/Cargo.lock | 154 ++ .../data/0_11_1/kms/kms_fhe_key_handles.bcode | 2 +- .../legacy_key_gen_metadata.bcode | 2 +- .../data/0_13_0/kms/key_gen_metadata.bcode | 2 +- .../data/0_13_10/kms/key_gen_metadata.bcode | 2 +- .../internal_cus_context_handle.bcode | 3 - .../internal_custodian_recovery_output.bcode | 3 - .../internal_custodian_setup_message.bcode | 2 +- .../kms/internal_recovery_request.bcode | 3 - .../0_13_20/kms/kms_fhe_key_handles.bcode | 2 +- .../0_13_20/kms/operator_backup_output.bcode | 3 - .../data/0_13_20/kms/recovery_material.bcode | 3 - .../0_13_20/kms/signcryption_payload.bincode | Bin 0 -> 29 bytes .../data/0_13_20/kms/typed_plaintext.bincode | Bin 0 -> 17 bytes .../internal_custodian_setup_message.bcode | 2 +- backward-compatibility/data/kms-grpc.ron | 25 + backward-compatibility/data/kms.ron | 364 +++++ backward-compatibility/data/threshold-fhe.ron | 82 + .../generate-v0.13.20/Cargo.lock | 1427 +++++++---------- .../tests/backward_compatibility_kms.rs | 2 +- 20 files changed, 1234 insertions(+), 849 deletions(-) create mode 100644 backward-compatibility/Cargo.lock delete mode 100644 backward-compatibility/data/0_13_20/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode delete mode 100644 backward-compatibility/data/0_13_20/kms/internal_custodian_recovery_output.bcode delete mode 100644 backward-compatibility/data/0_13_20/kms/internal_recovery_request.bcode delete mode 100644 backward-compatibility/data/0_13_20/kms/operator_backup_output.bcode delete mode 100644 backward-compatibility/data/0_13_20/kms/recovery_material.bcode create mode 100644 backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode create mode 100644 backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode diff --git a/backward-compatibility/Cargo.lock b/backward-compatibility/Cargo.lock new file mode 100644 index 0000000000..3beb73e9fd --- /dev/null +++ b/backward-compatibility/Cargo.lock @@ -0,0 +1,154 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "backward-compatibility" +version = "0.14.0" +dependencies = [ + "bincode", + "ron", + "semver", + "serde", + "strum", +] + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "bincode" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +dependencies = [ + "serde", +] + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" +dependencies = [ + "serde_core", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "ron" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "beceb6f7bf81c73e73aeef6dd1356d9a1b2b4909e1f0fc3e59b034f9572d7b7f" +dependencies = [ + "base64", + "bitflags", + "serde", + "serde_derive", + "unicode-ident", +] + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "strum" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9628de9b8791db39ceda2b119bbe13134770b56c138ec1d3af810d045c04f9bd" +dependencies = [ + "strum_macros", +] + +[[package]] +name = "strum_macros" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab85eea0270ee17587ed4156089e10b9e6880ee688791d45a905f5b1ca36f664" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[patch.unused]] +name = "rcgen" +version = "0.14.7" +source = "git+https://github.com/mkmks/rcgen.git?branch=k256#f8582f243899a7eff1a6524b42da60faaec73f15" diff --git a/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode index e30c1ff159..2859334bb1 100644 --- a/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_11_1/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5ab1ea78f19d679845dbea16d39dc5d02311736a66efc7dc86284eddfec94180 +oid sha256:78dcf61f269be47abe065d2f0b249ad076adf613284f90b9f1163f075133b6fb size 11199 diff --git a/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode b/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode index 3e915b7200..d761bf957d 100644 --- a/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_0/kms/auxiliary_key_gen_metadata/legacy_key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:dcaa5ec92d837668257440f038409da4cfbab18d2f2f700f553386ae7b1802e5 +oid sha256:28e48be8b487d1008bb0c3231e1c04b7632516cefb43209050f354d08e557531 size 468 diff --git a/backward-compatibility/data/0_13_0/kms/key_gen_metadata.bcode b/backward-compatibility/data/0_13_0/kms/key_gen_metadata.bcode index aff78c52fe..c08bd87f6f 100644 --- a/backward-compatibility/data/0_13_0/kms/key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_0/kms/key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d11d0c555157f483446fd64c71c694019f4ffff92c8604ace43b8a828d952a43 +oid sha256:62f8b355d53250052ce835b22a04b5911c2b196013e00fb446baf87927584134 size 245 diff --git a/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode b/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode index aff78c52fe..c08bd87f6f 100644 --- a/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode +++ b/backward-compatibility/data/0_13_10/kms/key_gen_metadata.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d11d0c555157f483446fd64c71c694019f4ffff92c8604ace43b8a828d952a43 +oid sha256:62f8b355d53250052ce835b22a04b5911c2b196013e00fb446baf87927584134 size 245 diff --git a/backward-compatibility/data/0_13_20/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode b/backward-compatibility/data/0_13_20/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode deleted file mode 100644 index 3720877b3a..0000000000 --- a/backward-compatibility/data/0_13_20/kms/auxiliary_recovery_material/internal_cus_context_handle.bcode +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:83edb0410c16b0df4692bc269140625188b9168cec607eaabafbec2e3d27f068 -size 5714 diff --git a/backward-compatibility/data/0_13_20/kms/internal_custodian_recovery_output.bcode b/backward-compatibility/data/0_13_20/kms/internal_custodian_recovery_output.bcode deleted file mode 100644 index 38cdf921d8..0000000000 --- a/backward-compatibility/data/0_13_20/kms/internal_custodian_recovery_output.bcode +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5a79b59689143dadc62d606abd3fe5921a14fc7971d620dd246645d8368374f -size 221 diff --git a/backward-compatibility/data/0_13_20/kms/internal_custodian_setup_message.bcode b/backward-compatibility/data/0_13_20/kms/internal_custodian_setup_message.bcode index c0670eafbe..ac04027395 100644 --- a/backward-compatibility/data/0_13_20/kms/internal_custodian_setup_message.bcode +++ b/backward-compatibility/data/0_13_20/kms/internal_custodian_setup_message.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d17f1327cf70ca328c34ea554861058aad9dc723d4801405a1273fbd9af6645b +oid sha256:0bd33249da40b616bbbc1f43cfb777c37b33ba755ad0c7906c29149ad18b8507 size 992 diff --git a/backward-compatibility/data/0_13_20/kms/internal_recovery_request.bcode b/backward-compatibility/data/0_13_20/kms/internal_recovery_request.bcode deleted file mode 100644 index d3e042756e..0000000000 --- a/backward-compatibility/data/0_13_20/kms/internal_recovery_request.bcode +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:131b45495e950de30f57d751f78f662d939fb50fa91265d5aaca4365b92b9bef -size 1665 diff --git a/backward-compatibility/data/0_13_20/kms/kms_fhe_key_handles.bcode b/backward-compatibility/data/0_13_20/kms/kms_fhe_key_handles.bcode index 397b91584f..a509ba13bc 100644 --- a/backward-compatibility/data/0_13_20/kms/kms_fhe_key_handles.bcode +++ b/backward-compatibility/data/0_13_20/kms/kms_fhe_key_handles.bcode @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:556168b309d817cbcdd0a10554916546a09b59847b250d1d4b56c52a882db7c4 +oid sha256:66109cc83c96100d35c06229016feaa517d71f30a2764d03fc1cd95c5abe7866 size 11318 diff --git a/backward-compatibility/data/0_13_20/kms/operator_backup_output.bcode b/backward-compatibility/data/0_13_20/kms/operator_backup_output.bcode deleted file mode 100644 index 7c24373275..0000000000 --- a/backward-compatibility/data/0_13_20/kms/operator_backup_output.bcode +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b9622e8a05c3c04d5f8d74a5a9f9460b6be883f061ef3e9e49252553f2e50b7b -size 1260 diff --git a/backward-compatibility/data/0_13_20/kms/recovery_material.bcode b/backward-compatibility/data/0_13_20/kms/recovery_material.bcode deleted file mode 100644 index 6365f46725..0000000000 --- a/backward-compatibility/data/0_13_20/kms/recovery_material.bcode +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7c3a25b30266ea83f46f55e42aa155f7216e069f9cf79613c4a06163770c1b24 -size 6482 diff --git a/backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode b/backward-compatibility/data/0_13_20/kms/signcryption_payload.bincode new file mode 100644 index 0000000000000000000000000000000000000000..3d998f4d15a2f7c391836229df41f62d71d7732a GIT binary patch literal 29 ZcmZQ&fB;4&W)@ZsAe#j$aBuCt_W%l816cq7 literal 0 HcmV?d00001 diff --git a/backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode b/backward-compatibility/data/0_13_20/kms/typed_plaintext.bincode new file mode 100644 index 0000000000000000000000000000000000000000..50b7c47b79702e4dc18ab4ba027ddb3cfe249b4e GIT binary patch literal 17 ScmZQ&fB;4&W)@ZsAR7Px