OberonHAP is a fast, tiny and trustworthy implementation of Apple’s HomeKit Accessory Protocol (HAP) – the most important software component of any HomeKit device. It has been developed, and is continuously being further improved by our seasoned Swiss engineering team. Our goal is to make it as easy as possible for you to create excellent HomeKit products. We are one of the key partners of Apple in the HomeKit ecosystem, along with accessory and semiconductor vendors:
With HomeKit, Apple “wants to bring some sanity to home automation”. [What is HomeKit?]
With OberonHAP, Oberon microsystems sets the benchmark for HomeKit implementations. [Who is Oberon microsystems?]
We have developed, analyzed and optimized the cryptographic code of OberonHAP since 2013. We have leveraged advanced mathematical transformations, and have carefully written critical parts in assembly language for popular microcontroller cores. The result is typically more than three times as fast as a good implementation in C. OberonHAP thus makes HomeKit feasible even on low-power, low-cost 32-bit microcontrollers:
|Core||Cortex-M0||Cortex-M3||Cortus APS3RP||Cortex-M4F||microAptiv UP|
|Instruction set architecture||ARMv6-M||ARMv7-M||Cortus V2||ARMv7E-M with FPv4-SP extension||MIPS32 with DSP enhancements|
|Clock frequency||16 MHz||48 MHz||50 MHz||64 MHz||200 MHz|
|Set up accessory – first phase with static setup code (with dynamic setup code: 3 times as long)||3.9 s||1.1 s||0.6 s||0.4 s||0.1 s|
|Set up accessory – second phase with static or dynamic setup code||15.0 s||4.3 s||2.2 s||1.4 s||0.4 s|
|Open session||940 ms||260 ms||130 ms||60 ms||20 ms|
The above numbers refer to the current release OberonHAP 2.1. They only include the time for cryptographic processing. The communication protocol, accessory logic, and iOS at the other end will add to the experienced round-trip times. Note that accessory setup usually occurs only once in the lifetime of an accessory and happens in two phases (before the setup code is entered on the iOS device, and after the setup code has been entered).
RAM is often the most critical resource for a microcontroller implementation of HAP. A complete proof-of-concept as shown in the videos below, implementing both door lock and light bulb profiles, works with less than 14 KB of RAM and less than 50 KB of flash (for BLE), or less than 20 KB of RAM and less than 80 KB of flash (for IP). The chip vendor’s transport protocol stacks (BLE or TCP/IP stack) and their internal buffers are not included in these numbers. The numbers can differ for different platforms.
There are three build options for OberonHAP: small, medium and fast. They allow to choose the optimal trade-off between speed and memory consumption for a given system.
To develop a HomeKit accessory – door lock, light bulb, fan, switch, power outlet, thermostat, garage door opener, or other device – you need a software development kit (HomeKit SDK) for the microcontroller that you will use. OberonHAP is the key element of such an SDK. As Apple requires exceedingly strong cryptographic security for HAP, the protocol is highly challenging to implement. This is especially true for BLE microcontrollers, which tend to be extremely low-cost and low-power, but relatively slow and only providing small memories.
OberonHAP is implemented in portable C code. Optimized assembly language variants of the time-critical cryptographic operations are available for several cores: ARM Cortex-M0/M0+, ARM Cortex-M3, ARM Cortex-M4/M4F, MIPS32 microAptiv UP and Cortus APS3RP. For Linux hardware, a fully portable C implementation is used. For some of the mentioned platforms, we also provide optimized implementations of NIST P-256 (aka prime256v1 and secp256r1) as used in the HAP over iCloud protocol.
The performance of our cryptographic code is also due to a novel algorithmic approach to multiplication in a prime field including modular reduction. We have created formal correctness proofs and had them reviewed by independent experts (Prof. W. Meier & Prof. C. Nicola), which found our proofs “in all parts mathematically and formally correct” (proof and review documents are available to licensees).
For uncompromising security, the execution times of the relevant OberonHAP cryptographic operations do not depend on the secret data being processed. This mitigates the risk of common side-channel attacks such as timing attacks. This is even true for microcontrollers with data caches, e.g. products based on a Cortex-M7 core.
An extensive test suite is being used for validating the cryptographic code of OberonHAP, with standard test vectors, additional test vectors for border cases, negative tests and random tests.
OberonHAP is based on Apple’s official specification documents that are available to Apple MFi licensees. It supports any standard or custom HomeKit profile, including the new IP camera profile. It does not include or depend on any third-party libraries.
OberonHAP is used e.g. in Nordic Semiconductor’s HomeKit SDK for their Cortex-M0 and Cortex-M4F BLE chips – see also the Candy House demo video. The Nordic HomeKit SDK is among the very few “hostless” HomeKit implementations for SoCs on the market, i.e. no separate (and costly) high-performance microcontroller is needed for HomeKit processing. Thanks to its extreme optimizations, OberonHAP is the choice for such scenarios.
How to obtain OberonHAP
If you are a developer of HomeKit accessories based on microcontrollers, please ask your semiconductor vendor for a HomeKit SDK based on the “gold standard” of HAP implementations – OberonHAP. Then use this SDK for developing the firmware of your accessories. If there is no such HomeKit SDK, please contact us – we may already have a suitable HomeKit SDK for your hardware/software platform, or could develop a custom HomeKit SDK for your particular requirements.
If you are a developer of HomeKit accessories or HomeKit bridges based on Linux, or if you are a systems integrator, please contact us – we can provide a portable and professionally maintained OberonHAP implementation for Linux, with full access to its source code.
If you are a semiconductor vendor or module vendor, Oberon microsystems licenses the OberonHAP source code to you. If you use one of the supported ARM, MIPS or Cortus cores, the license includes the optimized assembly language parts, otherwise an implementation in portable C. Oberon microsystems helps you integrate OberonHAP with your hardware and protocol stack, and with Apple’s authentication coprocessor. The protocol stack may be a BLE stack, or an IP stack for WiFi or Ethernet accessories. Typically, Oberon microsystems first creates a proof-of-concept and demonstrator using your development kits, to determine any possible issues with your protocol stack or hardware. After signing the licensing deal, your team – supported by the engineers of Oberon microsystems – builds the HomeKit SDK for your development kits, culminating in a review by Apple and finally the market introduction of the SDK. If you don’t have the necessary internal resources, we may develop a complete HomeKit SDK for you, based on our OberonHAP library.
If you are interested in support for Apple’s HAP over iCloud, Secure Tunneling or Wireless Accessory Configuration (WAC) protocols, please contact us for more information.
These videos show various HomeKit accessory prototypes, remote control via iPhone and Siri, and the setup process (high-definition versions of the videos can be found here):
For more information, please see this background page or contact Cuno Pfister at firstname.lastname@example.org. Oberon microsystems, Inc. is a Swiss engineering firm located in Zurich. We have helped our customers develop unique, state-of-the-art connected products for more than 15 years: from huge Internet-connected hydro power plants to tiny Internet-connected hearing aids. Today, we are fully committed to providing the world’s best HomeKit implementations.
To receive news about OberonHAP, please register on our OberonHAP mailing list.
OberonHAP is only licensed to members of Apple’s MFi program. HomeKit is a trademark of Apple Inc. Cortex is a trademark of ARM Limited. microAptiv is a trademark of Imagination Technologies. Cortus is a trademark of Cortus S.A.S. Bluetooth Low Energy is a trademark of the Bluetooth SIG and also known as BLE.