The Nuki Smart Lock uses the NaCl Cryptography Toolbox (http://nacl.cr.yp.to/)
to encrypt the transferred data.
The following functions are needed to communicate with the Nuki Smart Lock:
The Diffie-Hellman key function dh1
crypto_scalarmult_curve25519(s,sk,pk)
Necessary for the initial key exchange between the Nuki Smart Lock and the client
device.
The key derivation function kdf1
static const unsigned char _0[16];
static const unsigned char sigma[16] = “expand 32-byte k”;
crypto_core_hsalsa20(k,_0,s,sigma)
Used to derive a long term secret key out of the shared key calculated by dh1
The authentication function h1
HMAC-SHA256
Used to calculate the authenticator during the authorization process between the
Nuki Smart Lock and the client device.
The encryption function e1
crypto_secretbox_xsalsa20poly1305 (c,m,mlen,n,k)
Used to encrypt any data once the authorization process has been completed