Bluetooth API Encryption

The Nuki Smart Lock uses the NaCl Cryptography Toolbox (http://nacl.cr.yp.to/)
to encrypt the transferred data.

The following functions are needed to communicate with the Nuki Smart Lock:

The Diffie-Hellman key function dh1

crypto_scalarmult_curve25519(s,sk,pk)

Necessary for the initial key exchange between the Nuki Smart Lock and the client
device.

The key derivation function kdf1

static const unsigned char _0[16];
static const unsigned char sigma[16] = “expand 32-byte k”;

crypto_core_hsalsa20(k,_0,s,sigma)

Used to derive a long term secret key out of the shared key calculated by dh1

The authentication function h1

HMAC-SHA256

Used to calculate the authenticator during the authorization process between the
Nuki Smart Lock and the client device.

The encryption function e1

crypto_secretbox_xsalsa20poly1305 (c,m,mlen,n,k)

Used to encrypt any data once the authorization process has been completed