Crate hap_crypto 

HomeKit Accessory Protocol pairing cryptography.

This crate covers Milestones 2 and 3 (M2, M3) of the hap-rust roadmap. It is currently an empty skeleton: the public API lands in the M2/M3 implementation plans.

Scope

• M2 — Pair Setup (SRP-6a). The controller proves knowledge of the accessory’s 8-digit setup code without sending it, using SRP-6a (RFC 5054, 3072-bit group, SHA-512), HKDF-SHA512 key derivation, ChaCha20-Poly1305 for the encrypted sub-TLVs, and an Ed25519 long-term keypair (LTPK).
• M3 — Pair Verify (X25519 + Ed25519). Establishes a fresh session from an existing pairing via X25519 ephemeral ECDH and Ed25519 signatures verified against the stored LTPK, deriving the directional session keys (Control-Read / Control-Write).

We never implement cryptographic primitives — AEAD, HKDF, SHA-512, Ed25519, and X25519 come from vetted crates; SRP big-integer math from a vetted bigint crate. We implement the protocols on top. The primitive provider is selected in the M2 plan and pinned in [workspace.dependencies] then.

Correctness is established by byte-for-byte cross-verification of every SRP-6a intermediate value and every pairing message against captured aiohomekit traces and the HAP spec’s SRP test vectors, plus interoperable pairing against real accessories and negative-path tests. See CLAUDE.md (“Crypto verification”) for why this project does not gate crypto publishes on external review.

Depends on hap_tlv8 (pairing messages are TLV8).

Re-exports

pub use broadcast::BroadcastKey;

Modules

aead

ChaCha20-Poly1305 authenticated encryption for Pair Setup.

broadcast

HAP-BLE broadcast-notification encryption key. The accessory broadcasts encrypted value changes in its advertisements while disconnected; the controller decrypts them with this key, derived once per broadcast-key generation and persisted as pairing material.

Structs

AccessoryPairing

The pairing material a successful Pair Setup yields about the accessory.

ControllerKeypair

A controller’s long-term Ed25519 identity used across pairings.

EphemeralKeypair

An ephemeral X25519 keypair for a single Pair Verify exchange.

PairSetupClient

A controller-side Pair Setup state machine over a single SRP-6a exchange.

PairVerifyClient

Drives the controller side of HomeKit Pair Verify (M1–M4).

SessionKeys

The two directional session keys produced by a successful Pair Verify.

Enums

CryptoError

All failure modes of hap-crypto.

PairSetupStep

The result of feeding one accessory response to PairSetupClient::handle.

PairVerifyStep

The result of feeding one accessory response to PairVerifyClient::handle.

Functions

verify_ed25519

Verify an Ed25519 sig over msg against a 32-byte public key ltpk.

x25519_shared

Compute an X25519 shared secret from a raw 32-byte secret scalar and a peer’s 32-byte public key.

Type Aliases

Result

Result<T, CryptoError> for the crate.