Skip to main content

PairVerifyClient

hap_crypto

Struct PairVerifyClient 

Source 
pub struct PairVerifyClient { /* private fields */ }
Expand description

Drives the controller side of HomeKit Pair Verify (M1–M4).

Construct with new, call start to obtain the M1 payload, then feed each accessory response to handle and transmit the PairVerifyStep::Send payload it yields, until PairVerifyStep::Done returns the SessionKeys.

Implementations§

Source§

impl PairVerifyClient

Source

pub fn new(controller: &ControllerKeypair, accessory: &AccessoryPairing) -> Self

Create a client that verifies against accessory using controller’s long-term identity. A fresh random ephemeral X25519 keypair is generated.

Source

pub fn new_with_ephemeral( controller: &ControllerKeypair, accessory: &AccessoryPairing, ephemeral_secret: [u8; 32], ) -> Self

Test/replay constructor that injects a fixed ephemeral X25519 secret so a captured trace can be reproduced deterministically.

Production code calls PairVerifyClient::new, which generates a fresh random ephemeral keypair. Mirrors PairSetupClient::new_with_private.

Source

pub fn start(&mut self) -> Vec<u8>

Produce the M1 payload (State=1, PublicKey) and advance the state machine to await M2.

Source

pub fn handle(&mut self, response: &[u8]) -> Result<PairVerifyStep>

Feed the accessory’s next response. Returns PairVerifyStep::Send with the M3 payload after consuming M2, then PairVerifyStep::Done with the SessionKeys after consuming M4.

§Errors

Returns a CryptoError if handle is called before start or after completion, if the accessory response is malformed or carries an error code, if M2 decryption or the accessory’s Ed25519 signature fails to verify, or if the accessory’s identifier does not match the stored pairing.

Source

pub fn broadcast_key(&self, controller_ltpk: &[u8]) -> Result<BroadcastKey>

Derive the HAP-BLE broadcast-notification key after Pair Verify completes: HKDF-SHA512 over the Pair-Verify shared secret (ikm), salted with the controller’s long-term public key (LTPK), info "Broadcast-Encryption-Key". Call after PairVerifyStep::Done.

§Errors

CryptoError if called before the shared secret is established (i.e. before Pair Verify reached M2), or on HKDF failure.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.