BLE api s and k reversed in example

I am working on implementing the pairing process for an ESP32.

In the API chapter 4 I see:

The Diffie-Hellman key function dh1

The key derivation function kdf1

In the example in chapter 9 I see:

Both sides calculate DH Key k using function dh1

Both sides derive a long term shared secret key s from k using function kdf1

So k and s are switched, I assume chapter 4 is correct?

Hi @i-connect did you manage to understand how to calculate shared key using DH1? I would really appreciate it :frowning:

my code for calculating KDF1 in java using com.neilalexander.jnacl.crypto library (value from spec):

        byte[] outv = new byte[32];
        byte[] inv =  new byte[32];
        byte[] k =    NaCl.getBinary("0DE40B998E0E330376F2D2FC4892A6931E25055FD09F054F99E93FECD9BA611E");
        byte[] c =    "expand 32-byte k".getBytes();
        // GOOD
        hsalsa20.crypto_core(outv, inv, k, c);
        System.out.println("--------" );
        System.out.println(NaCl.asHex(outv).toUpperCase() );

I am still working on the library (had to put is aside as I have some other prio’s).
But I did managed to complete the connect phase.

I made the git repo temporarily public so you can take a look at the code (C++):

Hope it helps.

Pls let me know when you are done with the code, as it is far from complete I want to set it private again untill it is ready for use.


ps I found this lib which I used to figure out how the connect/encryption works.

It is in js, maybe it helps you:

Thank you very much @i-connect You made me recall how to do C++ :smiley: And actually your code was massive help - somehow I missed it is needed remote public key to calculate DH1. I only used client public + client private keys before (yeah - now when I think of it - I know it does not make any sense)

I created GIST in C++ that only does DH1

And my DH1 + KDF1 java code is like this:

public void dh1AndKdf() {

    // values from documentation
    byte[] binaryPublicRemote = NaCl.getBinary("2FE57DA347CD62431528DAAC5FBB290730FFF684AFC4CFC2ED90995F58CB3B74");
    byte[] binaryPrivateKey = NaCl.getBinary("8CAA54672307BFFDF5EA183FC607158D2011D008ECA6A1088614FF0853A5AA07");

    // DH1
    byte[] dh1 = new byte[32];
    curve25519.crypto_scalarmult(dh1, binaryPrivateKey, binaryPublicRemote);
    System.out.println("--------INTERIM KEY:" );
    System.out.println(NaCl.asHex(dh1).toUpperCase() );

    // KDF
    byte[] outv = new byte[32];
    byte[] inv =  new byte[32];
    byte[] k =    dh1;
    byte[] c =    "expand 32-byte k".getBytes();
    hsalsa20.crypto_core(outv, inv, k, c);
    System.out.println("--------SHARED KEY:" );
    System.out.println(NaCl.asHex(outv).toUpperCase() );

most welcome, glad you figured it out :slightly_smiling_face:
(gonna close the repo again untill I have all functionality working)