BLE api s and k reversed in example

i-connect · October 20, 2020, 10:22am

I am working on implementing the pairing process for an ESP32.

In the API chapter 4 I see:

The Diffie-Hellman key function dh1
crypto_scalarmult_curve25519(s,sk,pk)

The key derivation function kdf1
crypto_core_hsalsa20(k,_0,s,sigma)

In the example in chapter 9 I see:

Both sides calculate DH Key k using function dh1
…
Both sides derive a long term shared secret key s from k using function kdf1

So k and s are switched, I assume chapter 4 is correct?

jroman · November 30, 2020, 10:17pm

Hi @i-connect did you manage to understand how to calculate shared key using DH1? I would really appreciate it

my code for calculating KDF1 in java using com.neilalexander.jnacl.crypto library (value from spec):

        byte[] outv = new byte[32];
        byte[] inv =  new byte[32];
        byte[] k =    NaCl.getBinary("0DE40B998E0E330376F2D2FC4892A6931E25055FD09F054F99E93FECD9BA611E");
        byte[] c =    "expand 32-byte k".getBytes();
        // GOOD
        hsalsa20.crypto_core(outv, inv, k, c);
        System.out.println("--------" );
        System.out.println(NaCl.asHex(outv).toUpperCase() );

i-connect · December 1, 2020, 8:39am

Hi,
I am still working on the library (had to put is aside as I have some other prio’s).
But I did managed to complete the connect phase.

I made the git repo temporarily public so you can take a look at the code (C++):
https://github.com/I-Connect/nuki_ble.git

Hope it helps.

Pls let me know when you are done with the code, as it is far from complete I want to set it private again untill it is ready for use.

Regards,
Jeroen

i-connect · December 1, 2020, 8:45am

ps I found this lib which I used to figure out how the connect/encryption works.

It is in js, maybe it helps you:

jroman · December 1, 2020, 10:17pm

Thank you very much @i-connect You made me recall how to do C++ And actually your code was massive help - somehow I missed it is needed remote public key to calculate DH1. I only used client public + client private keys before (yeah - now when I think of it - I know it does not make any sense)

I created GIST in C++ that only does DH1 https://gist.github.com/jjromannet/bab5ce7f6d331d52904108f4a1076a8c

And my DH1 + KDF1 java code is like this:

@Test
public void dh1AndKdf() {
    // WORKING OK

    // values from documentation
    byte[] binaryPublicRemote = NaCl.getBinary("2FE57DA347CD62431528DAAC5FBB290730FFF684AFC4CFC2ED90995F58CB3B74");
    byte[] binaryPrivateKey = NaCl.getBinary("8CAA54672307BFFDF5EA183FC607158D2011D008ECA6A1088614FF0853A5AA07");

    // DH1
    byte[] dh1 = new byte[32];
    curve25519.crypto_scalarmult(dh1, binaryPrivateKey, binaryPublicRemote);
    System.out.println("--------INTERIM KEY:" );
    System.out.println(NaCl.asHex(dh1).toUpperCase() );

    // KDF
    byte[] outv = new byte[32];
    byte[] inv =  new byte[32];
    byte[] k =    dh1;
    byte[] c =    "expand 32-byte k".getBytes();
    hsalsa20.crypto_core(outv, inv, k, c);
    System.out.println("--------SHARED KEY:" );
    System.out.println(NaCl.asHex(outv).toUpperCase() );
}

i-connect · December 2, 2020, 8:28am

most welcome, glad you figured it out
(gonna close the repo again untill I have all functionality working)