PTLS server verification

The client side is an external device that is connected to the lock and wants to establish a PTLS session. The server side is a Tedee lock.

1. Client challenge server verification

1. Prepare Auth data as a current datetime in ms (8bytes),

2. Calculate hash from:

   Auth_data_len	Auth_data (DT in ms)
   2 bytes	8 bytes

3. Send a message called Server verify to get a signature generated by a server side.

PTLS_SRV_VERIFY	Auth_data (DT in ms)
(0x05) 1 byte	8 bytes

2. Server response

The response is encrypted using the AEAD algorithm (AES GCM 128bit) with header PTLS_SRV_VERIFY. Message before encryption:

Auth_data_len	Auth data (DT in ms)	0x00	Signature_len	Signature	0x00	Hello_hash_len 0x20	Hello_hash
2 bytes	8 bytes	1 byte	1 byte	signature_len	1 byte	1 byte	32 bytes

3. Client server verification

1. Calculate HMAC from a shared secret, ptlss hs traffic and last hash from hello handshake (3. Client hello final).

2. The first 16 bytes of HMAC are used as the decryption key.

3. The next 12 bytes of HMAC are used as iv vector.

4. Decrypt a message using the AEAD algorithm (AES GCM 128bit).

5. Check if the hash in the decrypted message is the same as after the last hello message (3. Client hello final).

6. Verify compliance of the verification data (auth data).

7. Verify signature from hash in 2. point of 1. Client challenge server verification using server public key (got from (Tedee API)).

8. Calculate hash from:

0x00	Signature_len	Signature	0x00	Hello_hash_len 0x20	Hello_hash
1 byte	1 byte	signature_len	1 byte	1 byte	32 bytes