Ble pairing strategy

[kvaellning]

Though not the best solution, this implements an "pairing strategy" which, depending on the user preferences, tries to pair automatically (standard), pairs only when an Apple authentication coprocessor is available, or only via software.

Note that the supported pairing mehtod can only be found out after stage M4, that means that at this point a restart of the process is necessary anyway.

Improvement: directly raise an error on verification of M4, but I am not familiar with the implementation, so I'll do it in a brute force way (retry if anything fails).

[Jc2k]

Some thoughts:

• This PR creates an asymmetry between the IP and BLE code paths (to be more clear, IP has the same bug)
• In this comment Unable to Pair Level Bolt #211 (comment), @los93sol says they are able to read the supported pairing modes without being paired. Maybe they can help you do this without needing a retry at all.
• If they can't, I think the retry logic needs to be better. We should handle the error that is returned at M4 and raise an exception that you can handle. Whitelisting some exceptions and then retrying for everything else seems the wrong way round. This would retry for all sorts of random cases where the retrying wouldn't help.

[kvaellning]

I also don't like the solution, it's just a "the best I can do for now" ;)

• asymmetry I can cope for,
• @los93sol, you'll have any idea how I can access the ff without having IP enabled?
• Whitelisting was just an afterthought. The problem lies specifically that I have not enough insight in the code on how to proper implement all the steps stated in the spec. However, the error will result in an empty TLV on M5, which causes an attribute error. My first idea was to handle it there, then threw it out, then added the whitelisting and totally forget about it. I will add the specific exception and invite everyone to fix the verifciation of M4.

[Jc2k]

If you don't like it either, maybe we leave out auto for now? And just have a yes/no boolean for start_pairing. But at it to both IP and BLE.

[kvaellning]

Good point. Will remove the Auto option for now.

For the sake of convenience, I made it symmetrical for IP accessories, though this can be simplified by evaluating the FF flag. Since I don't have an IP accessory to check against, that's something I wouldn't do.

[kvaellning]

@jlusiardi If you are okay with the solution for now, I would consider it finished. The improvements with the FeatureFlag may be part of another request. I will now take more time on #223

[los93sol]

I’ll check on the feature stuff tonight or tomorrow morning in my app. The HAP permissions on the characteristic definitely allow unpaired read to it, but I have not yet verified you can actually do that

[jlusiardi]

read the supported pairing modes without being paired. Maybe they can help you do this without needing a retry at all.

From an Apple User's point of view I would also expect that we can read all information to pair an unpaired accessory before pairing. Hence there should be no need for a retry.

But since you introduce a new parameter (with a default value though) to start_pairing and start_pairing_ble I would prefer those new parameters exposed in homekit/pair.py and homekit/pair_ble.py as well. Could you @kvaellning add this please?

At best @los93sol finds out, which piece of information from the discover replies indicates which authenication method. I think I could have gotten the feature flag from discover wrong from the beginning...

[kvaellning]

I will change it asap, but this may take until Monday.
Currently, I only found the feature flag on the IP implementation. For BLE, flags maps the status flag. I‘ll take a look if I find some more information regarding this.

[los93sol]

Good news, I actually did confirm this previously and confirmed again just now. You can read the value out from the characteristic unpaired.

You want the Pairing service (00000055-0000-1000-8000-0026BB765291) and Pairing Feature Flags characteristic (0000004F-0000-1000-8000-0026BB765291).

What I did is write a HAP Read request to it and my device gave me back

CTRL, TID, STATUS, LEN (2), TLV (3)
0x02, 0x69, 0x00, 0x03, 0x00, 0x01, 0x01, 0x02

So once you strip off the PDU, the TLV value is 0x01, 0x01, 0x02 which translates to...
AdditionalParameterTypes.Value = 1, Length = 1, Value = 2 (SupportsSoftwareAuthentication)

Also want to give a big thanks to everyone who's contributed code to understanding this protocol, it has been extremely helpful for me!

[kvaellning]

Nice! Will update the stuff on Monday! Thanks guys, and have a nice weekend!

[jlusiardi]

This is great news! Thanks @los93sol and i look forward to the updates!

[kvaellning]

I'll added the service and the characteristic, as well as the CLI implementation (currently only local).
I currently try to get the readout running, but somehow I get a None returned when I use read_value on the characteristic.

[kvaellning]

@jlusiardi @Jc2k I finally got it to run. BLE is working fine, IP I cannot check here. Would be nice if someone could comment on this.

Note that I discovered by checking that no set "HwAuth" and "SwAuth" feature flags mean that the accessory is not certified. I left this to be treated as software based authentication, since that appears to be the strategy of Apples Home App.

[jlusiardi]

Did you run the tests? find_device_ip_and_port was tested before but no tests were changed. I just updated my Master Branch to make sure the tests run ok (which they do now).

[kvaellning]

Good point, forgot about the tests since I only added the implementation folder to my workspace. D'Oh!

[jlusiardi]

I am already also looking into them

[kvaellning]

I've got the feature flag and BLE test to run again, but currently it's not checking against authentication method errors.