github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/key_wrapper_test.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package tinkcrypto 8 9 import ( 10 "crypto/aes" 11 "crypto/cipher" 12 "crypto/ecdsa" 13 "crypto/elliptic" 14 "crypto/rand" 15 "encoding/hex" 16 "errors" 17 "fmt" 18 "testing" 19 20 "github.com/golang/protobuf/proto" 21 "github.com/google/tink/go/aead" 22 "github.com/google/tink/go/keyset" 23 commonpb "github.com/google/tink/go/proto/common_go_proto" 24 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 25 "github.com/google/tink/go/subtle/random" 26 "github.com/google/tink/go/testkeyset" 27 "github.com/google/tink/go/testutil" 28 "github.com/stretchr/testify/require" 29 "golang.org/x/crypto/curve25519" 30 31 "github.com/trustbloc/kms-go/spi/crypto" 32 33 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite/ecdh" 34 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite/keyio" 35 ecdhpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/ecdh_aead_go_proto" 36 ) 37 38 type mockKeyWrapperSupport struct { 39 getCurveVal elliptic.Curve 40 getCurveErr error 41 generateKeyVal interface{} 42 generateKeyErr error 43 createCipherVal cipher.Block 44 createCipherErr error 45 wrapVal []byte 46 wrapErr error 47 unwrapVal []byte 48 unwrapErr error 49 deriveSen1PuVal []byte 50 deriveSen1PuErr error 51 deriveRec1PuVal []byte 52 deriveRec1PuErr error 53 } 54 55 func (w *mockKeyWrapperSupport) getCurve(curve string) (elliptic.Curve, error) { 56 return w.getCurveVal, w.getCurveErr 57 } 58 59 func (w *mockKeyWrapperSupport) generateKey(curve elliptic.Curve) (interface{}, error) { 60 return w.generateKeyVal, w.generateKeyErr 61 } 62 63 func (w *mockKeyWrapperSupport) createPrimitive(kek []byte) (interface{}, error) { 64 return w.createCipherVal, w.createCipherErr 65 } 66 67 func (w *mockKeyWrapperSupport) wrap(block interface{}, cek []byte) ([]byte, error) { 68 return w.wrapVal, w.wrapErr 69 } 70 71 func (w *mockKeyWrapperSupport) unwrap(block interface{}, wrappedKey []byte) ([]byte, error) { 72 return w.unwrapVal, w.unwrapErr 73 } 74 75 func (w *mockKeyWrapperSupport) deriveSender1Pu(kwAlg string, apu, apv, tag []byte, epPriv, sePrivKey, 76 recPubKey interface{}, keySize int) ([]byte, error) { 77 return w.deriveSen1PuVal, w.deriveSen1PuErr 78 } 79 80 func (w *mockKeyWrapperSupport) deriveRecipient1Pu(kwAlg string, apu, apv, tag []byte, epPub, sePubKey, 81 rPrivKey interface{}, keySize int) ([]byte, error) { 82 return w.deriveRec1PuVal, w.deriveRec1PuErr 83 } 84 85 func TestWrapKey_Failure(t *testing.T) { 86 recipientKeyHandle, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 87 require.NoError(t, err) 88 89 recipientKey, err := keyio.ExtractPrimaryPublicKey(recipientKeyHandle) 90 require.NoError(t, err) 91 92 cek := random.GetRandomBytes(uint32(defKeySize)) 93 apu := []byte("sender") 94 apv := []byte("recipient") 95 96 // test WrapKey with mocked getCurve error 97 c := Crypto{ecKW: &mockKeyWrapperSupport{getCurveErr: errors.New("bad Curve")}} 98 99 _, err = c.WrapKey(cek, apu, apv, recipientKey) 100 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: error ECDH-ES kek derivation: deriveESKEK: error "+ 101 "deriveESWithECKey: failed to generate ephemeral key: convertRecKeyAndGenOrGetEPKEC: failed to get curve of "+ 102 "recipient key: bad Curve") 103 104 // test WrapKey with mocked generateKey error 105 c = Crypto{ecKW: &mockKeyWrapperSupport{generateKeyErr: errors.New("genKey failed")}} 106 107 _, err = c.WrapKey(cek, apu, apv, recipientKey) 108 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: error ECDH-ES kek derivation: deriveESKEK: error "+ 109 "deriveESWithECKey: failed to generate ephemeral key: convertRecKeyAndGenOrGetEPKEC: failed to generate EPK: "+ 110 "genKey failed") 111 112 epk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 113 require.NoError(t, err) 114 115 // test WrapKey with mocked createPrimitive error 116 c = Crypto{ 117 ecKW: &mockKeyWrapperSupport{ 118 createCipherErr: errors.New("createPrimitive failed"), 119 generateKeyVal: epk, 120 }, 121 } 122 123 _, err = c.WrapKey(cek, apu, apv, recipientKey) 124 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: failed to create new AES Cipher: createPrimitive "+ 125 "failed") 126 127 badRecipientKey := &crypto.PublicKey{ 128 Type: ecdhpb.KeyType_UNKNOWN_KEY_TYPE.String(), 129 } 130 131 _, err = c.WrapKey(cek, apu, apv, badRecipientKey, crypto.WithSender(recipientKey)) 132 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: error ECDH-1PU kek derivation: derive1PUKEK: invalid"+ 133 " recipient key type for ECDH-1PU") 134 135 badRecipientKey.Type = ecdhpb.KeyType_OKP.String() 136 137 _, err = c.WrapKey(cek, apu, apv, badRecipientKey, crypto.WithSender(recipientKey)) 138 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: error ECDH-1PU kek derivation: derive1PUKEK: OKP key"+ 139 " derivation error derive1PUWithOKPKey: failed to retrieve sender key: ksToPrivateX25519Key: bad key handle "+ 140 "format") 141 142 aesCipher, err := aes.NewCipher(random.GetRandomBytes(uint32(defKeySize))) 143 require.NoError(t, err) 144 145 // test WrapKey with mocked Wrap call error 146 c = Crypto{ 147 ecKW: &mockKeyWrapperSupport{ 148 createCipherVal: aesCipher, 149 generateKeyVal: epk, 150 wrapErr: errors.New("wrap error"), 151 }, 152 } 153 154 _, err = c.WrapKey(cek, apu, apv, recipientKey) 155 require.EqualError(t, err, "wrapKey: deriveKEKAndWrap: failed to AES wrap key: wrap error") 156 } 157 158 func TestUnwrapKey_Failure(t *testing.T) { 159 recipientKeyHandle, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 160 require.NoError(t, err) 161 162 recipientKey, err := keyio.ExtractPrimaryPublicKey(recipientKeyHandle) 163 require.NoError(t, err) 164 165 cek := random.GetRandomBytes(uint32(defKeySize)) 166 apu := []byte("sender") 167 apv := []byte("recipient") 168 169 validCrypter, err := New() 170 require.NoError(t, err) 171 172 wpKey, err := validCrypter.WrapKey(cek, apu, apv, recipientKey) 173 require.NoError(t, err) 174 175 // test UnwrapKey with mocked getCurve error 176 c := Crypto{ecKW: &mockKeyWrapperSupport{getCurveErr: errors.New("bad Curve")}} 177 178 _, err = c.UnwrapKey(wpKey, recipientKeyHandle) 179 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: error ECDH-ES kek derivation: deriveESKEKForUnwrap:"+ 180 " error: deriveESWithECKeyForUnwrap: failed to GetCurve: bad Curve") 181 182 // test UnwrapKey with mocked createPrimitive error 183 c = Crypto{ 184 ecKW: &mockKeyWrapperSupport{ 185 createCipherErr: errors.New("createPrimitive failed"), 186 getCurveVal: elliptic.P256(), 187 }, 188 } 189 190 _, err = c.UnwrapKey(wpKey, recipientKeyHandle) 191 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: failed to create new AES Cipher: createPrimitive failed") 192 193 // test UnwrapKey with mocked unwrap error 194 aesCipher, err := aes.NewCipher(random.GetRandomBytes(uint32(defKeySize))) 195 require.NoError(t, err) 196 197 c = Crypto{ 198 ecKW: &mockKeyWrapperSupport{ 199 createCipherVal: aesCipher, 200 getCurveVal: elliptic.P256(), 201 unwrapErr: errors.New("unwrap error"), 202 }, 203 } 204 205 _, err = c.UnwrapKey(wpKey, recipientKeyHandle) 206 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: failed to AES unwrap key: unwrap error") 207 208 // create a valid wrapped key with sender to test unwrap 209 okpRecipientKH, err := keyset.NewHandle(ecdh.X25519ECDHKWKeyTemplate()) 210 require.NoError(t, err) 211 212 okpRecipientKey, err := keyio.ExtractPrimaryPublicKey(okpRecipientKH) 213 require.NoError(t, err) 214 215 okpSenderKH, err := keyset.NewHandle(ecdh.X25519ECDHKWKeyTemplate()) 216 require.NoError(t, err) 217 218 wk, err := validCrypter.WrapKey(cek, apu, apv, okpRecipientKey, crypto.WithSender(okpSenderKH), 219 crypto.WithXC20PKW()) 220 require.NoError(t, err) 221 222 badWK := &crypto.RecipientWrappedKey{ 223 KID: wk.KID, 224 EncryptedCEK: wk.EncryptedCEK, 225 EPK: crypto.PublicKey{Type: ecdhpb.KeyType_UNKNOWN_KEY_TYPE.String()}, 226 Alg: wk.Alg, 227 APU: wk.APU, 228 APV: wk.APV, 229 } 230 231 okpSenderKey, err := keyio.ExtractPrimaryPublicKey(okpSenderKH) 232 require.NoError(t, err) 233 234 _, err = validCrypter.UnwrapKey(badWK, okpRecipientKH, crypto.WithSender(okpSenderKey)) 235 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap:"+ 236 " invalid EPK key type for ECDH-1PU") 237 238 // unwrap valid wk with invalid sender key should fail 239 _, err = validCrypter.UnwrapKey(wk, okpRecipientKH, crypto.WithSender([]byte("badSenderKey"))) 240 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap:"+ 241 " OKP key derivation error derive1PUWithOKPKeyForUnwrap: failed to retrieve sender key: ksToPublicX25519Key: "+ 242 "unsupported keyset type [98 97 100 83 101 110 100 101 114 75 101 121]") 243 244 okpSenderPublicKH, err := okpSenderKH.Public() 245 require.NoError(t, err) 246 247 // unwrap with valid Sender key as *cryptoapi.Public key should pass 248 k, err := validCrypter.UnwrapKey(wk, okpRecipientKH, crypto.WithSender(okpSenderKey)) 249 require.NoError(t, err) 250 require.EqualValues(t, cek, k) 251 252 // unwrap with valid Sender key as *keyset.Handle should pass 253 k, err = validCrypter.UnwrapKey(wk, okpRecipientKH, crypto.WithSender(okpSenderPublicKH)) 254 require.NoError(t, err) 255 require.EqualValues(t, cek, k) 256 257 // unwrap with invalid sender key as keyset.Handle should fail 258 badPrivateKeyProto := generateECDHAEADPrivateKey(t, commonpb.EllipticCurveType_CURVE25519, 259 ecdhpb.KeyType_EC, aead.AES128GCMKeyTemplate(), random.GetRandomBytes(32)) 260 261 badPrivMarshalledProto, err := proto.Marshal(badPrivateKeyProto) 262 require.NoError(t, err) 263 264 badPrivKey := testutil.NewKey( 265 testutil.NewKeyData(nistPECDHKWPrivateKeyTypeURL, badPrivMarshalledProto, tinkpb.KeyData_ASYMMETRIC_PRIVATE), 266 tinkpb.KeyStatusType_ENABLED, 15, tinkpb.OutputPrefixType_RAW) 267 268 privKeys := []*tinkpb.Keyset_Key{badPrivKey} 269 privKeyset := testutil.NewKeyset(privKeys[0].KeyId, privKeys) 270 badPrivHK, err := testkeyset.NewHandle(privKeyset) 271 require.NoError(t, err) 272 273 _, err = validCrypter.UnwrapKey(wk, okpRecipientKH, crypto.WithSender(badPrivHK)) 274 require.EqualError(t, err, "unwrapKey: deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap:"+ 275 " OKP key derivation error derive1PUWithOKPKeyForUnwrap: failed to retrieve sender key: ksToPublicX25519Key: "+ 276 "failed to extract public key from keyset handle: extractPrimaryPublicKey: failed to get public key content: "+ 277 "undefined EC curve: unsupported curve") 278 } 279 280 func Test_ksToPrivateECDSAKey_Failure(t *testing.T) { 281 recipientKey, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 282 require.NoError(t, err) 283 284 recipientKeyPub, err := recipientKey.Public() 285 require.NoError(t, err) 286 287 _, err = ksToPrivateECDSAKey(recipientKeyPub) 288 require.EqualError(t, err, "ksToPrivateECDSAKey: failed to extract sender key: extractPrivKey: "+ 289 "can't extract unsupported private key 'type.hyperledger.org/hyperledger.aries.crypto.tink"+ 290 ".NistPEcdhKwPublicKey'") 291 } 292 293 func Test_ksToPublicECDSAKey_Failure(t *testing.T) { 294 _, err := ksToPublicECDSAKey(nil, nil) 295 require.EqualError(t, err, "ksToPublicECDSAKey: unsupported keyset type <nil>") 296 297 symKey, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 298 require.NoError(t, err) 299 300 _, err = ksToPublicECDSAKey(symKey, nil) 301 require.EqualError(t, err, "ksToPublicECDSAKey: failed to extract public key from keyset handle: "+ 302 "extractPrimaryPublicKey: failed to get public key content: exporting unencrypted secret key material "+ 303 "is forbidden") 304 305 recipientKey, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 306 require.NoError(t, err) 307 308 kw := &mockKeyWrapperSupport{ 309 getCurveErr: errors.New("getCurve error"), 310 } 311 312 _, err = ksToPublicECDSAKey(recipientKey, kw) 313 require.EqualError(t, err, "ksToPublicECDSAKey: failed to GetCurve: getCurve error") 314 } 315 316 func Test_deriveKEKAndUnwrap_Failure(t *testing.T) { 317 c := Crypto{ 318 ecKW: &mockKeyWrapperSupport{}, 319 } 320 321 recKH, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 322 require.NoError(t, err) 323 324 _, err = c.deriveKEKAndUnwrap(ECDH1PUA256KWAlg, nil, nil, nil, nil, nil, nil, nil) 325 require.EqualError(t, err, "deriveKEKAndUnwrap: bad key handle format") 326 327 _, err = c.deriveKEKAndUnwrap(ECDH1PUA256KWAlg, nil, nil, nil, nil, nil, nil, recKH) 328 require.EqualError(t, err, "deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap: sender's"+ 329 " public keyset handle option is required for 'ECDH-1PU+A256KW'") 330 331 c.ecKW = &mockKeyWrapperSupport{ 332 getCurveErr: errors.New("getCurve error"), 333 } 334 335 senderKH, err := keyset.NewHandle(ecdh.NISTP256ECDHKWKeyTemplate()) 336 require.NoError(t, err) 337 338 epk := &crypto.PublicKey{ 339 Type: ecdhpb.KeyType_EC.String(), 340 } 341 342 _, err = c.deriveKEKAndUnwrap(ECDH1PUA256KWAlg, nil, nil, nil, nil, epk, senderKH, recKH) 343 require.EqualError(t, err, "deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap: EC key"+ 344 " derivation error derive1PUWithECKeyForUnwrap: failed to retrieve sender key: ksToPublicECDSAKey: failed to"+ 345 " GetCurve: getCurve error") 346 347 c.ecKW = &mockKeyWrapperSupport{ 348 deriveRec1PuErr: errors.New("derive recipient 1pu error"), 349 } 350 351 epk.Curve = commonpb.EllipticCurveType_NIST_P256.String() 352 _, err = c.deriveKEKAndUnwrap(ECDH1PUA256KWAlg, nil, nil, nil, nil, epk, senderKH, recKH) 353 require.EqualError(t, err, "deriveKEKAndUnwrap: error ECDH-1PU kek derivation: derive1PUKEKForUnwrap: EC key"+ 354 " derivation error derive1PUWithECKeyForUnwrap: failed to derive kek: derive recipient 1pu error") 355 } 356 357 func Test_wrapRaw_Failure(t *testing.T) { 358 c := Crypto{ 359 ecKW: &mockKeyWrapperSupport{}, 360 okpKW: &mockKeyWrapperSupport{ 361 createCipherErr: errors.New("bad primitive"), 362 }, 363 } 364 365 _, err := c.wrapRaw(nil, nil, nil, nil, "", "", nil, true) 366 require.EqualError(t, err, "deriveKEKAndWrap: failed to create new XC20P primitive: bad primitive") 367 368 c.okpKW = &mockKeyWrapperSupport{ 369 wrapErr: errors.New("wrap failed"), 370 } 371 372 _, err = c.wrapRaw(nil, nil, nil, nil, "", "", nil, true) 373 require.EqualError(t, err, "deriveKEKAndWrap: failed to XC20P wrap key: wrap failed") 374 } 375 376 func Test_unwrapRaw_Failure(t *testing.T) { 377 c := Crypto{} 378 379 _, err := c.unwrapRaw("badAlg", nil, nil) 380 require.EqualError(t, err, "deriveKEKAndUnwrap: cannot unwrap with bad kw alg: 'badAlg'") 381 382 c.okpKW = &mockKeyWrapperSupport{ 383 createCipherErr: errors.New("bad primitive"), 384 } 385 386 _, err = c.unwrapRaw(ECDHESXC20PKWAlg, nil, nil) 387 require.EqualError(t, err, "deriveKEKAndUnwrap: failed to create new XC20P primitive: bad primitive") 388 389 c.okpKW = &mockKeyWrapperSupport{ 390 unwrapErr: errors.New("unwrap failed"), 391 } 392 393 _, err = c.unwrapRaw(ECDHESXC20PKWAlg, nil, nil) 394 require.EqualError(t, err, "deriveKEKAndUnwrap: failed to XC20P unwrap key: unwrap failed") 395 } 396 397 func Test_deriveKEKUnwrapFailureDueToExtractPrivKeyError(t *testing.T) { 398 badPrivateKeyProto := generateECDHAEADPrivateKey(t, commonpb.EllipticCurveType_CURVE25519, // <-- invalid EC curve 399 ecdhpb.KeyType_EC, aead.AES128GCMKeyTemplate(), random.GetRandomBytes(32)) 400 401 badPrivMarshalledProto, err := proto.Marshal(badPrivateKeyProto) 402 require.NoError(t, err) 403 404 badPrivKey := testutil.NewKey( 405 testutil.NewKeyData(nistPECDHKWPrivateKeyTypeURL, badPrivMarshalledProto, tinkpb.KeyData_ASYMMETRIC_PRIVATE), 406 tinkpb.KeyStatusType_ENABLED, 15, tinkpb.OutputPrefixType_RAW) 407 408 privKeys := []*tinkpb.Keyset_Key{badPrivKey} 409 privKeyset := testutil.NewKeyset(privKeys[0].KeyId, privKeys) 410 badPrivHK, err := testkeyset.NewHandle(privKeyset) 411 require.NoError(t, err) 412 413 c := Crypto{} 414 _, err = c.deriveKEKAndUnwrap("", nil, nil, nil, nil, nil, nil, badPrivHK) 415 require.EqualError(t, err, "deriveKEKAndUnwrap: extractPrivKey: invalid key: unsupported curve") 416 } 417 418 func Test_generateEphemeralOKPKey_Failure(t *testing.T) { 419 c := Crypto{ 420 okpKW: &mockKeyWrapperSupport{ 421 generateKeyErr: errors.New("generate failure"), 422 }, 423 } 424 425 _, _, err := c.generateOrGetEphemeralOKPKey(nil) 426 require.EqualError(t, err, "generate failure") 427 428 c.okpKW = &mockKeyWrapperSupport{ 429 generateKeyVal: &ecdsa.PrivateKey{}, 430 } 431 432 _, _, err = c.generateOrGetEphemeralOKPKey(nil) 433 require.EqualError(t, err, "invalid ephemeral key type, not OKP, want []byte for OKP") 434 } 435 436 func TestX25519ECDHVector(t *testing.T) { 437 // keys from test vector found on https://tools.ietf.org/html/rfc7748#section-6.1 438 alicePrivKeyHex := "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a" 439 alicePrivKey, err := hex.DecodeString(alicePrivKeyHex) 440 require.NoError(t, err) 441 442 alicePubKey, err := curve25519.X25519(alicePrivKey, curve25519.Basepoint) 443 require.NoError(t, err) 444 445 alicePubKeyVectorHex := "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" 446 alicePubKeyVector, err := hex.DecodeString(alicePubKeyVectorHex) 447 require.NoError(t, err) 448 449 require.EqualValues(t, alicePubKeyVector, alicePubKey) 450 require.Equal(t, alicePubKeyVectorHex, fmt.Sprintf("%x", alicePubKey)) 451 452 bobPrivKeyHex := "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb" 453 bobPrivKey, err := hex.DecodeString(bobPrivKeyHex) 454 require.NoError(t, err) 455 456 bobPubKey, err := curve25519.X25519(bobPrivKey, curve25519.Basepoint) 457 require.NoError(t, err) 458 459 bobPubKeyVectorHex := "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f" 460 bobPubKeyVector, err := hex.DecodeString(bobPubKeyVectorHex) 461 require.NoError(t, err) 462 463 require.EqualValues(t, bobPubKeyVector, bobPubKey) 464 require.Equal(t, bobPubKeyVectorHex, fmt.Sprintf("%x", bobPubKey)) 465 466 sharedSecretFromAlice, err := curve25519.X25519(alicePrivKey, bobPubKey) 467 require.NoError(t, err) 468 469 sharedSecretFromBob, err := curve25519.X25519(bobPrivKey, alicePubKey) 470 require.NoError(t, err) 471 472 require.EqualValues(t, sharedSecretFromAlice, sharedSecretFromBob) 473 474 sharedSecretVectorHex := "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" // nolint: gosec // test 475 sharedSecretVector, err := hex.DecodeString(sharedSecretVectorHex) 476 require.NoError(t, err) 477 478 require.EqualValues(t, sharedSecretVector, sharedSecretFromAlice) 479 require.EqualValues(t, sharedSecretVector, sharedSecretFromBob) 480 }