Tests combining reveal and equality, and fixes to issues they demonstrate

[mark-moir]

This PR first adds some tests that exercise interactions between Selective Disclosure and Equality requirements. It also includes some testing machinery that may be of independent value. Some of the tests currently fail (in some cases relative to what we think the desired behaviour is). This PR then adds two small changes that make the tests pass.

Here is a summary of how the tests illustrate the issues and the outcome of the fix:

1. Test t03_reveal_ssn_a_eq_names_equal requests equality of two equal attributes and disclosure of one attribute that is not subject to the equality constraint. Verification should succeed, but it currently fails with InvalidPresentationData.
2. Test t04_reveal_ssn_b_eq_ssns_equal requests an attribute to be revealed which is also subject to an equality constraint. In our opinion, EITHER presentation creation should fail with an informative error message that this scenario is not allowed (it doesn't make sense to prove equality in zero knowledge if revealing the attribute anyway) OR creation and verification of the presentation should succeed, and the requested attribute should be revealed. The current behaviour is that creation and verification succeed, but no attributes are revealed. We prefer the first option, as expressed in the expectations for t05_reveal_ssn_a_eq_ssns_equal and t06_reveal_ssn_b_eq_ssns_equal, described next.
3. Tests t05_reveal_ssn_a_eq_ssns_equal and t06_reveal_ssn_b_eq_ssns_equal test variations on revealing an attribute that is subject to an equality constraint, expecting failure of presentation creation with an informative error message. They currently both fail, but in different ways: t05_reveal_ssn_a_eq_ssns_equal fails with InvalidPresentationData and t06_reveal_ssn_b_eq_ssns_equal appears to succeed, but (as shown by test t04_reveal_ssn_b_eq_ssns_equal, which has the same test setup but different expectations) does not reveal the requested attribute.

Details of tests follow.

---

It's best to run the tests single-threaded for consistent readability of output:

cargo test reveal_and_equality_tests -- --test-threads=1

Overview of tests

We create a simple schema with name and social security claims (in addition to a revocation claim that is required, but not used or relevant to these tests). The tests exercise various combinations of equality and reveal requirements. Each test creates two credentials (using the same Issuer). The name of the first is always Alice, the name of the second is provided by each test to enable testing equal and non-equal examples.

Test setup

Each test specifies:

• the name for the second credential (the name for the first is always Alice)
• a set of attributes to reveal from the first credential (REV_NONE requests no attributes to be revealed, and REV_SSN) requests the social-security-number attribute to be revealed)
• similarly for attributes to be revealed for the second credential
• an optional index for attributes to be subject to equality constraints

Expected outcome

Each test specifies one of

• Expected success, with a set of attribute values expected to be revealed
• Expected failure, with an Error specifying a pattern for expected failure. For example, an error matches Error::InvalidClaimData("XYZ") if it is an Error::InvalidClaimData with a string containing XYZ.

Full test output before fixes

$ cargo test reveal_and_equality_tests -- --test-threads=1
    Finished test [unoptimized + debuginfo] target(s) in 0.06s
     Running unittests src/lib.rs (target/debug/deps/credx-0d867c53b39d4fed)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 19 filtered out; finished in 0.00s

     Running tests/equality-and-reveal.rs (target/debug/deps/equality_and_reveal-cd78ea2fc82a23fb)

running 7 tests
test reveal_and_equality_tests::t00_reveal_ssn_a_no_equality ... ok
test reveal_and_equality_tests::t01_reveal_ssn_a_eq_names_unequal ... ok
test reveal_and_equality_tests::t02_no_reveal_eq_names_equal ... ok
test reveal_and_equality_tests::t03_reveal_ssn_a_eq_names_equal ... FAILED
test reveal_and_equality_tests::t04_reveal_ssn_b_eq_ssns_equal - should panic ... FAILED
test reveal_and_equality_tests::t05_reveal_ssn_a_eq_ssns_equal ... FAILED
test reveal_and_equality_tests::t06_reveal_ssn_b_eq_ssns_equal ... FAILED

failures:

---- reveal_and_equality_tests::t03_reveal_ssn_a_eq_names_equal stdout ----
thread 'reveal_and_equality_tests::t03_reveal_ssn_a_eq_names_equal' panicked at 'Expected successful verification, but received error: InvalidPresentationData', tests/equality-and-reveal.rs:298:23
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- reveal_and_equality_tests::t04_reveal_ssn_b_eq_ssns_equal stdout ----
note: test did not panic as expected
---- reveal_and_equality_tests::t05_reveal_ssn_a_eq_ssns_equal stdout ----
thread 'reveal_and_equality_tests::t05_reveal_ssn_a_eq_ssns_equal' panicked at 'error InvalidPresentationData does not match expected InvalidClaimData("revealed claim cannot be used with equality proof")', tests/equality-and-reveal.rs:338:21

---- reveal_and_equality_tests::t06_reveal_ssn_b_eq_ssns_equal stdout ----
thread 'reveal_and_equality_tests::t06_reveal_ssn_b_eq_ssns_equal' panicked at 'succeeded but expected error matching InvalidClaimData("revealed claim cannot be used with equality proof")', tests/equality-and-reveal.rs:346:22

failures:
    reveal_and_equality_tests::t03_reveal_ssn_a_eq_names_equal
    reveal_and_equality_tests::t04_reveal_ssn_b_eq_ssns_equal
    reveal_and_equality_tests::t05_reveal_ssn_a_eq_ssns_equal
    reveal_and_equality_tests::t06_reveal_ssn_b_eq_ssns_equal

test result: FAILED. 3 passed; 4 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.34s

error: test failed, to rerun pass `--test equality-and-reveal`

Full test output after fixes

$ cargo test reveal_and_equality_tests -- --test-threads=1
    Finished test [unoptimized + debuginfo] target(s) in 0.06s
     Running unittests src/lib.rs (target/debug/deps/credx-0d867c53b39d4fed)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 19 filtered out; finished in 0.00s

     Running tests/equality-and-reveal.rs (target/debug/deps/equality_and_reveal-cd78ea2fc82a23fb)

running 7 tests
test reveal_and_equality_tests::t00_reveal_ssn_a_no_equality ... ok
test reveal_and_equality_tests::t01_reveal_ssn_a_eq_names_unequal ... ok
test reveal_and_equality_tests::t02_no_reveal_eq_names_equal ... ok
test reveal_and_equality_tests::t03_reveal_ssn_a_eq_names_equal ... ok
test reveal_and_equality_tests::t04_reveal_ssn_b_eq_ssns_equal - should panic ... ok
test reveal_and_equality_tests::t05_reveal_ssn_a_eq_ssns_equal ... ok
test reveal_and_equality_tests::t06_reveal_ssn_b_eq_ssns_equal ... ok

test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.21s

     Running tests/flow.rs (target/debug/deps/flow-a8a858c47eefcd38)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 3 filtered out; finished in 0.00s

[swcurran]

Some lint cleanup needed. Will the new tests run automatically for PRs?

[mikelodder7]

Is it necessary to put in the NOTICE.md? This is a contribution to LF which means all licensing is considered APL-2

[swcurran]

I reviewed that file with Hyperledger staff and it is fine/appropriate. It does not change the license. Lots of open source projects have such files.

[mark-moir]

I reviewed that file with Hyperledger staff and it is fine/appropriate. It does not change the license. Lots of open source projects have such files.

Thanks @swcurran, right. Apache 2 specifically mentions NOTICE here. This was required for our approval to contribute.

[mark-moir]

Some lint cleanup needed.

I pushed some changes yesterday that I hope will satisfy both GitHub and you :smile:. It seems that it needs you to approve the workflow to check. Thanks.