CL Anoncreds Crypto API

* added kh unit tests
* added negative test cases for CL tinkcrypto

pkg/crypto/tinkcrypto/cl_crypto_test.go

@@ -23,7 +23,9 @@ func TestCL(t *testing.T) {
 	c := Crypto{}
 
 	values := map[string]interface{}{"attr1": 5, "attr2": "aaa"}
-	item := cl.PresentationRequestItem{
+	values2 := map[string]interface{}{"attr3": 5, "attr4": "aaa"}
+
+	presentaionItems := []*cl.PresentationRequestItem{{
 		RevealedAttrs: []string{"attr2"},
 		Predicates: []*cl.Predicate{
 			{
@@ -32,14 +34,22 @@ func TestCL(t *testing.T) {
 				Value: 4,
 			},
 		},
-	}
-	presentaionItems := []*cl.PresentationRequestItem{&item}
+	}}
 
 	var (
-		issKh         *keyset.Handle
-		prvKh         *keyset.Handle
+		issKh *keyset.Handle
+		prvKh *keyset.Handle
+
 		credDef       *cl.CredentialDefinition
+		offer         *cl.CredentialOffer
+		request       *cl.CredentialRequest
+		credential    *cl.Credential
 		processedCred *cl.Credential
+		presentation  *cl.PresentationRequest
+		proof         *cl.Proof
+
+		issKh2   *keyset.Handle
+		credDef2 *cl.CredentialDefinition
 	)
 
 	t.Run("test CL keys creation", func(t *testing.T) {
@@ -56,41 +66,127 @@ func TestCL(t *testing.T) {
 
 		credDef, err = c.CLGetCredentialDefinition(issKh)
 		require.NoError(t, err)
+
+		// Another issuer
+		issKh2, err = keyset.NewHandle(iss.CredDefKeyTemplate([]string{"attr3", "attr4"}))
+		require.NoError(t, err)
+		credDef2, err = c.CLGetCredentialDefinition(issKh2)
+		require.NoError(t, err)
 	})
 
 	require.NotEmpty(t, credDef)
+	require.NotEmpty(t, credDef2)
+
+	t.Run("test CL invalid inputs", func(t *testing.T) {
+		var err error
+
+		// Invalid key handles
+
+		// Issuer
+		_, err = c.CLGetCredentialDefinition(nil)
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+		_, err = c.CLOfferCredential("not a handle")
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+		_, err = c.CLIssueCredential([]string{"not a handle"}, nil, nil, nil)
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+
+		_, err = c.CLGetCredentialDefinition(prvKh)
+		require.Error(t, err)
+		_, err = c.CLOfferCredential(prvKh)
+		require.Error(t, err)
+		_, err = c.CLIssueCredential(prvKh, nil, nil, nil)
+		require.Error(t, err)
+
+		// Prover
+		_, err = c.CLRequestCredential(nil, nil, nil, "")
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+		_, err = c.CLProcessCredential("not a handle", nil, nil, nil)
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+		_, err = c.CLCreateProof([]string{"not a handle"}, nil, nil, nil)
+		require.EqualError(t, err, errBadKeyHandleFormat.Error())
+
+		_, err = c.CLRequestCredential(issKh, nil, nil, "")
+		require.Error(t, err)
+		_, err = c.CLProcessCredential(issKh, nil, nil, nil)
+		require.Error(t, err)
+		_, err = c.CLCreateProof(issKh, nil, nil, nil)
+		require.Error(t, err)
+	})
 
 	t.Run("test CL issue credential", func(t *testing.T) {
-		// 1. Issues offers credential
-		offer, err := c.CLOfferCredential(issKh)
+		var err error
+
+		// 1. Issuer offers credential
+		offer, err = c.CLOfferCredential(issKh)
 		require.NoError(t, err)
+		require.NotEmpty(t, offer.Nonce)
 
 		// 2. Prover requests credential
-		request, err := c.CLRequestCredential(prvKh, offer, credDef, "proverDID")
+		request, err = c.CLRequestCredential(prvKh, offer, credDef, "proverDID")
 		require.NoError(t, err)
+		require.NotEmpty(t, request.Nonce)
+		require.NotEmpty(t, request.ProverId)
+		require.NotEmpty(t, request.BlindedCredentialSecrets)
 
 		// 3. Issuer issues credential
-		credential, err := c.CLIssueCredential(issKh, values, request, offer)
+		credential, err = c.CLIssueCredential(issKh, values, request, offer)
 		require.NoError(t, err)
+		require.NotEmpty(t, credential.Signature)
+		require.NotEmpty(t, credential.SigProof)
+		require.NotEmpty(t, credential.Values)
 
 		// 4. Prover verifies credential
 		processedCred, err = c.CLProcessCredential(prvKh, credential, request, credDef)
 		require.NoError(t, err)
+		require.NotEmpty(t, processedCred.Signature)
+		require.NotEmpty(t, processedCred.SigProof)
+		require.NotEmpty(t, processedCred.Values)
 	})
 
-	require.NotEmpty(t, processedCred)
-
 	t.Run("test CL present proof", func(t *testing.T) {
+		var err error
+
 		// 1. Verifier makes presentation request
-		presentation, err := c.CLRequestPresentation(presentaionItems)
+		presentation, err = c.CLRequestPresentation(presentaionItems)
 		require.NoError(t, err)
+		require.NotEmpty(t, presentation.Items)
+		require.NotEmpty(t, presentation.Nonce)
 
 		// 2. Prover creates proof accordingly
-		proof, err := c.CLCreateProof(prvKh, presentation, []*cl.Credential{processedCred}, []*cl.CredentialDefinition{credDef})
+		proof, err = c.CLCreateProof(prvKh, presentation, []*cl.Credential{processedCred}, []*cl.CredentialDefinition{credDef})
 		require.NoError(t, err)
+		require.NotEmpty(t, proof.Proof)
 
 		// 3. Verifier verifies resulting proof
 		err = c.CLVerifyProof(proof, presentation, []*cl.CredentialDefinition{credDef})
 		require.NoError(t, err)
 	})
+
+	t.Run("test CL issue credential failures", func(t *testing.T) {
+		var err error
+
+		// Issuer fails to issue credential for unknown credDef
+		_, err = c.CLIssueCredential(issKh2, values, request, offer)
+		require.Error(t, err)
+
+		// Issuer fails to issue credential for invalid values
+		_, err = c.CLIssueCredential(issKh, values2, request, offer)
+		require.Error(t, err)
+
+		// Prover fails to process credential with unmatched credDef
+		_, err = c.CLProcessCredential(prvKh, credential, request, credDef2)
+		require.Error(t, err)
+	})
+
+	t.Run("test CL present proof failures", func(t *testing.T) {
+		var err error
+
+		// Prover fails to create proof with unmatched credDefs
+		_, err = c.CLCreateProof(prvKh, presentation, []*cl.Credential{processedCred}, []*cl.CredentialDefinition{credDef2})
+		require.Error(t, err)
+
+		//  Verifier fails to verify proof for other credDef
+		err = c.CLVerifyProof(proof, presentation, []*cl.CredentialDefinition{credDef2})
+		require.Error(t, err)
+	})
 }