Expand description
HomeKit Accessory Protocol pairing cryptography.
This crate covers Milestones 2 and 3 (M2, M3) of the hap-rust roadmap. It
is currently an empty skeleton: the public API lands in the M2/M3
implementation plans.
§Scope
- M2 — Pair Setup (SRP-6a). The controller proves knowledge of the
accessory’s 8-digit setup code without sending it, using SRP-6a (RFC 5054,
3072-bit group, SHA-512), HKDF-SHA512 key derivation, ChaCha20-Poly1305
for the encrypted sub-TLVs, and an Ed25519 long-term keypair (
LTPK). - M3 — Pair Verify (X25519 + Ed25519). Establishes a fresh session from
an existing pairing via X25519 ephemeral ECDH and Ed25519 signatures
verified against the stored
LTPK, deriving the directional session keys (Control-Read/Control-Write).
We never implement cryptographic primitives — AEAD, HKDF, SHA-512, Ed25519,
and X25519 come from vetted crates; SRP big-integer math from a vetted
bigint crate. We implement the protocols on top. The primitive provider is
selected in the M2 plan and pinned in [workspace.dependencies] then.
Correctness is established by byte-for-byte cross-verification of every
SRP-6a intermediate value and every pairing message against captured
aiohomekit traces and the HAP spec’s SRP test vectors, plus interoperable
pairing against real accessories and negative-path tests. See CLAUDE.md
(“Crypto verification”) for why this project does not gate crypto
publishes on external review.
Depends on hap_tlv8 (pairing messages are TLV8).
Modules§
- aead
- ChaCha20-Poly1305 authenticated encryption for Pair Setup.
Structs§
- Accessory
Pairing - The pairing material a successful Pair Setup yields about the accessory.
- Controller
Keypair - A controller’s long-term Ed25519 identity used across pairings.
- Ephemeral
Keypair - An ephemeral X25519 keypair for a single Pair Verify exchange.
- Pair
Setup Client - A controller-side Pair Setup state machine over a single SRP-6a exchange.
- Pair
Verify Client - Drives the controller side of HomeKit Pair Verify (M1–M4).
- Session
Keys - The two directional session keys produced by a successful Pair Verify.
Enums§
- Crypto
Error - All failure modes of
hap-crypto. - Pair
Setup Step - The result of feeding one accessory response to
PairSetupClient::handle. - Pair
Verify Step - The result of feeding one accessory response to
PairVerifyClient::handle.
Functions§
- verify_
ed25519 - Verify an Ed25519
sigovermsgagainst a 32-byte public keyltpk. - x25519_
shared - Compute an X25519 shared secret from a raw 32-byte secret scalar and a peer’s 32-byte public key.
Type Aliases§
- Result
Result<T, CryptoError>for the crate.