feat: CL Anoncreds tink primitives

[ashcherbakov]

Title:
CL Anoncreds tink primitives

Description:

• This is the first PR to support CL Anoncreds in Aries-framework-go #180.
• This PR addresses support of CL Anoncreds on the think crypto primitives level.
• Next PRs will add support for CL crypto to the pkg/crypto/api API interface and pkg/kms (separate PRs for each).
• CL Anoncreds support is based on the ursa-wrapper-go as an optional dependency (under the ursa build tag).
• Please note, that ursa-wrapper-go required libursa lib to be installed, that's why ursa build tag has been introduced.

Summary:

• Adds ursa-wrapper-go as an optional dependency (under the ursa build tag).
• Adds tink crypto primitives and keys for the Issuance flow
• Adds a separate make unit-test-ursa target
• Adds a separate job in the CI pipeline to run unit tests with the ursa build tag. As libursa is required, the CI job for the ursa tag is run in a container (ghcr.io/hyperledger/ursa-wrapper-go/uwg-build for now) where libursa is already installed.

[codecov]

Codecov Report

Merging #3271 (7c99059) into main (12e93a0) will increase coverage by 0.04%.
The diff coverage is n/a.

❗ Current head 7c99059 differs from pull request most recent head 343be87. Consider uploading reports for the commit 343be87 to get more accurate results

@@            Coverage Diff             @@
##             main    #3271      +/-   ##
==========================================
+ Coverage   88.28%   88.32%   +0.04%     
==========================================
  Files         315      311       -4     
  Lines       42658    42398     -260     
==========================================
- Hits        37659    37448     -211     
+ Misses       3674     3638      -36     
+ Partials     1325     1312      -13     

Impacted Files	Coverage Δ
pkg/wallet/wallet.go	98.32% <0.00%> (-0.38%)	⬇️
pkg/client/vcwallet/client.go	100.00% <0.00%> (ø)
pkg/wallet/didcomm.go
pkg/didcomm/packer/legacy/anoncrypt/anoncrypt.go
pkg/didcomm/packer/legacy/anoncrypt/pack.go
pkg/didcomm/packer/legacy/anoncrypt/unpack.go
pkg/controller/command/vcwallet/command.go	95.66% <0.00%> (+2.99%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 12e93a0...343be87. Read the comment docs.

[baha-ai]

it would be helpful to have a make target for Ursa build

[ashcherbakov]

Yes, that's in progress.

[ashcherbakov]

Added make unit-test-ursa target.

[baha-ai]

Suggested change

	#PKGS=$(go list -tags ursa github.com/hyperledger/aries-framework-go/pkg/... 2> /dev/null | grep -v /mocks | grep -v /aries-js-worker)
	#$GO_TEST_CMD -tags ursa $PKGS -count=1 -race -coverprofile=profile.out -covermode=atomic -timeout=10m
	#amend_coverage_file
	PKGS=$(go list -tags ursa github.com/hyperledger/aries-framework-go/pkg/... 2> /dev/null | grep -v /mocks | grep -v /aries-js-worker)
	$GO_TEST_CMD -tags ursa $PKGS -count=1 -race -coverprofile=profile.out -covermode=atomic -timeout=10m
	amend_coverage_file

I don't mind adding ursa unit tests in the build.

[ashcherbakov]

Added a separate make unit-test-ursa target and a separate job in the CI pipeline to run unit tests with the ursa build tag.
There is a reason why it's not easily possible to get rid of ursa build tag and just run ursa/CL test as other unit tests: ursa-wrapper-go requires libursa to be installed. Current development process and CI unit tests are not based on Docker, so that it may be challenging to require libursa library to be installed for every developer.
CI job for the ursa tag is run in a container (ghcr.io/hyperledger/ursa-wrapper-go/uwg-build for now) where libursa is already installed.

[baha-ai]

thanks for the explanation

[baha-ai]

also another suggestion:
add a new target build file api_ursa.go in https://github.com/hyperledger/aries-framework-go/blob/main/pkg/kms/ to include CLIssuer and CLProver key KMS key types.

Eventually, it would be great to not limit this PR to an ursa build tag and have it part of afgo core once it's stable, for the benefit of everyone. (the less build tags, the better)

[ashcherbakov]

add a new target build file api_ursa.go in https://github.com/hyperledger/aries-framework-go/blob/main/pkg/kms/ to include CLIssuer and CLProver key KMS key types.

Yes, we are planning to integrate CL crypto to the pkg/crypto/api API interface as well as pkg/kms. This PR is already not small, so our suggestion is to continue integration to the next layers in the next PRs (we've been already working on them).

Eventually, it would be great to not limit this PR to an ursa build tag and have it part of afgo core once it's stable, for the benefit of everyone. (the less build tags, the better)

The problem here is that libursa library needs to be installed for ursa-wrapper-go and CL anoncreds crypto. That's why we started with adding the ursa build tag to not break the current flows.
In the next PRs we are planning to have an interface for CL Anoncreds and two implementations: a real working one (with ursa tag on) and a stub one returning "Not Implemented" (with ursa tag off).
We can continue discussion and change the approach in the next PRs.

[ashcherbakov]

BTW it seems there are some intermittent test failures in places not related to the PR changes (noticed for other PRs as well)...

[baha-ai]

BTW it seems there are some intermittent test failures in places not related to the PR changes (noticed for other PRs as well)...

simply push an empty update to retrigger the build, the CI does this intermittently (we can't control GH Action runs)

[baha-ai]

it's bdd-tests that are now failing, you can push another empty update

[ashcherbakov]

@fqutishat can you please merge the PR?