I've been working on an implementation of the HAP Non-Commercial, so figured I'd share a few non-documented pitfalls that held me up to save everyone some Googling:
Salt: Pair-Setup-Encrypt-Salt
Info: Pair-Setup-Encrypt-Info
I'm still not done, so may have a few more coming...
In Pair Setup M5 verification the encrypted data from the iOS Device is encrypted with an HKDF-SHA-512 with these parameters:
Salt: Pair-Setup-Encrypt-Salt
Info: Pair-Setup-Encrypt-Info
When sending and receiving using an encrypted session the first 2 unecrypted bytes of the message indicating the length are the AAD used for calculating the auth tag.
The sample accessory dictionary includes a value in the Identify characteristic (type 14) includes a null value, which violates the schema (it's valid "if and only if" the parameter has a "pr" permission. If it's present it will trigger the iOS device to immediately request a Remove Pairing after it pairs.
I'm still not done, so may have a few more coming...