Add additional backup and restore logging

pete-signal · web-flow · commit 631e2693a8ef · 2026-02-11T16:03:18.000-06:00
diff --git a/Signal/Registration/RegistrationCoordinatorImpl.swift b/Signal/Registration/RegistrationCoordinatorImpl.swift
@@ -1526,6 +1526,7 @@ public class RegistrationCoordinatorImpl: RegistrationCoordinator {
         accountIdentity: AccountIdentity,
     ) async throws -> BackupServiceAuth {
         let backupKey = try MessageRootBackupKey(accountEntropyPool: accountEntropyPool, aci: accountIdentity.aci)
+        Logger.info("Fetching backup auth [\(accountEntropyPool.getLoggingKey())]")
 
         func fetchBackupServiceAuth() async throws -> BackupServiceAuth {
             return try await self.deps.backupRequestManager.fetchBackupServiceAuthForRegistration(
diff --git a/SignalServiceKit/Backups/BackupExportJob/BackupExportJob.swift b/SignalServiceKit/Backups/BackupExportJob/BackupExportJob.swift
@@ -128,9 +128,6 @@ class BackupExportJobImpl: BackupExportJob {
     private func _exportAndUploadBackup(
         mode: BackupExportJobMode,
     ) async throws {
-        let logger = logger.suffixed(with: "[\(mode)]")
-        logger.info("Starting...")
-
         await db.awaitableWrite {
             self.backupSettingsStore.setIsBackupUploadQueueSuspended(false, tx: $0)
         }
@@ -140,9 +137,11 @@ class BackupExportJobImpl: BackupExportJob {
             backupKey,
             shouldAllowBackupUploadsOnCellular,
             currentBackupPlan,
+            logger,
         ) = try db.read { tx throws in
             guard
                 tsAccountManager.registrationState(tx: tx).isRegisteredPrimaryDevice,
+                let aep = accountKeyStore.getAccountEntropyPool(tx: tx),
                 let localIdentifiers = tsAccountManager.localIdentifiers(tx: tx)
             else {
                 throw NotRegisteredError()
@@ -152,11 +151,15 @@ class BackupExportJobImpl: BackupExportJob {
                 throw OWSAssertionError("Missing or invalid message root backup key.")
             }
 
+            let logger = self.logger.suffixed(with: "[\(mode)][\(aep.getLoggingKey())]")
+            logger.info("Starting...")
+
             return (
                 localIdentifiers,
                 backupKey,
                 backupSettingsStore.shouldAllowBackupUploadsOnCellular(tx: tx),
                 backupSettingsStore.backupPlan(tx: tx),
+                logger,
             )
         }
 
diff --git a/SignalServiceKit/SecureValueRecovery/AccountEntropyPool/AccountEntropyPool.swift b/SignalServiceKit/SecureValueRecovery/AccountEntropyPool/AccountEntropyPool.swift
@@ -51,4 +51,8 @@ public struct AccountEntropyPool: Codable, Equatable {
     public func getBackupKey() -> BackupKey {
         return try! LibSignalClient.AccountEntropyPool.deriveBackupKey(rawString)
     }
+
+    public func getLoggingKey() -> String {
+        return String(getMasterKey().data(for: .loggingKey).canonicalStringRepresentation.suffix(4))
+    }
 }
diff --git a/SignalServiceKit/SecureValueRecovery/MasterKey.swift b/SignalServiceKit/SecureValueRecovery/MasterKey.swift
@@ -38,6 +38,8 @@ public struct MasterKey: Codable {
         }
 
         switch key {
+        case .loggingKey:
+            return SVR.DerivedKeyData(keyType: .loggingKey, dataToDeriveFrom: masterKey)
         case .registrationLock:
             return SVR.DerivedKeyData(keyType: .registrationLock, dataToDeriveFrom: masterKey)
         case .registrationRecoveryPassword:
@@ -94,6 +96,8 @@ private extension SVR.DerivedKeyData {
 private extension SVR.DerivedKey {
     private var infoString: String {
         switch self {
+        case .loggingKey:
+            return "Logging Key"
         case .registrationLock:
             return "Registration Lock"
         case .registrationRecoveryPassword:
@@ -111,6 +115,7 @@ private extension SVR.DerivedKey {
         let infoData = Data(infoString.utf8)
         switch self {
         case
+            .loggingKey,
             .registrationLock,
             .registrationRecoveryPassword,
             .storageService,
diff --git a/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift b/SignalServiceKit/SecureValueRecovery/SecureValueRecovery.swift
@@ -50,6 +50,9 @@ public enum SVR {
         /// used to locate and decrypt Storage Service records.
         case storageServiceManifest(version: UInt64)
 
+        /// A key used to hash values used for logging.
+        case loggingKey
+
         /// Today, Storage Service records are encrypted using a key stored in
         /// the manifest. However, in the past they were encrypted using an
         /// SVR-derived key. This case represents the key formerly used to
@@ -101,7 +104,7 @@ public enum SVR {
             switch type {
             case .storageService, .storageServiceManifest, .legacy_storageServiceRecord, .registrationRecoveryPassword:
                 return rawData.base64EncodedString()
-            case .registrationLock:
+            case .registrationLock, .loggingKey:
                 return rawData.hexadecimalString
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -51,4 +51,8 @@ public struct AccountEntropyPool: Codable, Equatable {`
`51`	`51`	`public func getBackupKey() -> BackupKey {`
`52`	`52`	`return try! LibSignalClient.AccountEntropyPool.deriveBackupKey(rawString)`
`53`	`53`	`}`
	`54`	`+`
	`55`	`+ public func getLoggingKey() -> String {`
	`56`	`+ return String(getMasterKey().data(for: .loggingKey).canonicalStringRepresentation.suffix(4))`
	`57`	`+ }`
`54`	`58`	`}`