nrfconnect
diff --git a/‎subsys/bluetooth/services/fast_pair/CMakeLists.txt‎
Lines changed: 11 additions & 10 deletions b/‎subsys/bluetooth/services/fast_pair/CMakeLists.txt‎
Lines changed: 11 additions & 10 deletions
diff --git a/‎subsys/bluetooth/services/fast_pair/Kconfig.fast_pair‎
Lines changed: 19 additions & 1 deletion b/‎subsys/bluetooth/services/fast_pair/Kconfig.fast_pair‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎subsys/bluetooth/services/fast_pair/fp_auth.c‎
Lines changed: 27 additions & 4 deletions b/‎subsys/bluetooth/services/fast_pair/fp_auth.c‎
Lines changed: 27 additions & 4 deletions
diff --git a/‎subsys/bluetooth/services/fast_pair/fp_bond_manager.c‎
Lines changed: 166 additions & 0 deletions b/‎subsys/bluetooth/services/fast_pair/fp_bond_manager.c‎
Lines changed: 166 additions & 0 deletions
diff --git a/‎subsys/bluetooth/services/fast_pair/fp_keys.c‎
Lines changed: 37 additions & 1 deletion b/‎subsys/bluetooth/services/fast_pair/fp_keys.c‎
Lines changed: 37 additions & 1 deletion
diff --git a/‎subsys/bluetooth/services/fast_pair/fp_storage/Kconfig.fp_storage‎
Lines changed: 18 additions & 0 deletions b/‎subsys/bluetooth/services/fast_pair/fp_storage/Kconfig.fp_storage‎
Lines changed: 18 additions & 0 deletions
@@ -12,16 +12,17 @@ zephyr_library_include_directories(include/common)
 # during Key-based Pairing write.
 zephyr_library_include_directories(${ZEPHYR_BASE}/subsys/bluetooth)
 
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_ADVERTISING	   fp_advertising.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_AUTH		   fp_auth.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_GATT_SERVICE	   fp_gatt_service.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_KEYS		   fp_keys.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_REGISTRATION_DATA fp_registration_data.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_BATTERY	   fp_battery.c)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_STORAGE_INTEGRATION fp_storage_integration.c)
-
-zephyr_linker_sources_ifdef(CONFIG_BT_FAST_PAIR_ACTIVATION SECTIONS fp_activation.ld)
-zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_ACTIVATION	    fp_activation.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_ADVERTISING		fp_advertising.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_AUTH			fp_auth.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_GATT_SERVICE		fp_gatt_service.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_KEYS			fp_keys.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_REGISTRATION_DATA	fp_registration_data.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_BATTERY		fp_battery.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_STORAGE_INTEGRATION	fp_storage_integration.c)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_BOND_MANAGER		fp_bond_manager.c)
+
+zephyr_linker_sources_ifdef(CONFIG_BT_FAST_PAIR_ACTIVATION SECTIONS	fp_activation.ld)
+zephyr_library_sources_ifdef(CONFIG_BT_FAST_PAIR_ACTIVATION		fp_activation.c)
 
 if(CONFIG_BT_FAST_PAIR_CRYPTO)
   add_subdirectory(fp_crypto)
 
@@ -140,10 +140,12 @@ if BT_FAST_PAIR_REGISTRATION_DATA
 config BT_FAST_PAIR_REGISTRATION_DATA_INIT_PRIORITY
 	int
 	range 0 9
-	default 3
+	default 0
 	help
 	  Fast Pair registration data module initialization priority.
 	  Used when registering initialization function to Fast Pair activation module.
+	  This module should be initialized before all other Fast Pair modules to avoid using
+	  Fast Pair subsystem when the Fast Pair provisioning data is not configured properly.
 
 endif # BT_FAST_PAIR_REGISTRATION_DATA
 
@@ -170,6 +172,22 @@ config BT_FAST_PAIR_STORAGE_INTEGRATION_INIT_PRIORITY
 
 endif # BT_FAST_PAIR_STORAGE_INTEGRATION
 
+config BT_FAST_PAIR_BOND_MANAGER
+	bool "Fast Pair bond management functionality [EXPERIMENTAL]"
+	select EXPERIMENTAL
+	select BT_FAST_PAIR_STORAGE_AK_BOND
+	help
+	  If this option is enabled, the Fast Pair subsystem tracks the Bluetooth bonds created
+	  through the Fast Pair Procedure and unpairs them if the Fast Pair Procedure is incomplete
+	  or the Account Key associated with the bonds is removed. It also unpairs the Fast Pair
+	  Bluetooth bonds on Fast Pair factory reset. Keep in mind that when the Fast Pair subsystem
+	  is disabled, the Bluetooth bonds are not tracked. Do not perform operations on the Fast
+	  Pair Bluetooth bonds apart from the Fast Pair factory reset when the Fast Pair subsystem
+	  is disabled. When this option is enabled, non-volatile storage is used to store the bond
+	  information. You can enable this option during DFU, but you cannot disable it during DFU
+	  if you used it earlier unless you erase whole Fast Pair non-volatile storage. Otherwise,
+	  the Fast Pair enable operation will fail.
+
 module = BT_FAST_PAIR
 module-str = Fast Pair Service
 source "${ZEPHYR_BASE}/subsys/logging/Kconfig.template.log_config"
 
@@ -15,6 +15,7 @@ LOG_MODULE_DECLARE(fast_pair, CONFIG_BT_FAST_PAIR_LOG_LEVEL);
 #include "fp_activation.h"
 #include "fp_auth.h"
 #include "fp_keys.h"
+#include "fp_storage_ak_bond.h"
 
 #define EMPTY_PASSKEY	0xffffffff
 #define USED_PASSKEY	0xfffffffe
@@ -68,15 +69,25 @@ static void clear_conn_context(const struct bt_conn *conn)
 
 static int send_auth_confirm(struct bt_conn *conn)
 {
-	int err = bt_conn_auth_passkey_confirm(conn);
+	int err;
+
+	if (IS_ENABLED(CONFIG_BT_FAST_PAIR_BOND_MANAGER)) {
+		/* Saving potential bond. */
+		err = fp_keys_bond_save(conn);
+		if (err) {
+			LOG_ERR("Failed to save potential bond %d", err);
+			return err;
+		}
+	}
 
+	err = bt_conn_auth_passkey_confirm(conn);
 	if (err) {
 		LOG_ERR("Failed to confirm passkey (err: %d)", err);
-	} else {
-		LOG_DBG("Confirmed passkey");
+		return err;
 	}
+	LOG_DBG("Confirmed passkey");
 
-	return err;
+	return 0;
 }
 
 static int send_auth_cancel(struct bt_conn *conn)
@@ -212,6 +223,18 @@ static void pairing_complete(struct bt_conn *conn, bool bonded)
 	}
 
 	if (bt_conn_get_security(conn) >= BT_SECURITY_L4) {
+		if (IS_ENABLED(CONFIG_BT_FAST_PAIR_BOND_MANAGER) && bonded) {
+			struct bt_conn_info conn_info;
+			int err;
+
+			err = bt_conn_get_info(conn, &conn_info);
+			if (err) {
+				LOG_ERR("Failed to get local conn info (err %d)", err);
+				return;
+			}
+
+			fp_storage_ak_bond_conn_confirm(conn, conn_info.le.dst);
+		}
 		fp_keys_bt_auth_progress(conn, true);
 	} else {
 		LOG_ERR("Invalid conn security level after pairing: %p", (void *)conn);
 
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <errno.h>
+#include <zephyr/bluetooth/conn.h>
+
+#include <bluetooth/services/fast_pair/fast_pair.h>
+
+#include <zephyr/logging/log.h>
+LOG_MODULE_DECLARE(fast_pair, CONFIG_BT_FAST_PAIR_LOG_LEVEL);
+
+#include "fp_activation.h"
+#include "fp_storage_ak_bond.h"
+
+struct bond_find_ctx {
+	bool bond_found;
+	const bt_addr_le_t *bond_addr;
+};
+
+static bool is_enabled;
+
+static void identity_resolved(struct bt_conn *conn, const bt_addr_le_t *rpa,
+			      const bt_addr_le_t *identity)
+{
+	if (!bt_fast_pair_is_ready()) {
+		return;
+	}
+
+	LOG_DBG("Identity resolved");
+
+	fp_storage_ak_bond_conn_addr_update(conn, identity);
+}
+
+static void disconnected(struct bt_conn *conn, uint8_t reason)
+{
+	if (!bt_fast_pair_is_ready()) {
+		return;
+	}
+
+	fp_storage_ak_bond_conn_finalize(conn);
+}
+
+BT_CONN_CB_DEFINE(conn_callbacks) = {
+	.disconnected = disconnected,
+	.identity_resolved = identity_resolved,
+};
+
+static void bond_deleted(uint8_t id, const bt_addr_le_t *peer)
+{
+	if (!bt_fast_pair_is_ready()) {
+		return;
+	}
+
+	fp_storage_ak_bond_delete(peer);
+}
+
+static struct bt_conn_auth_info_cb conn_auth_info_callbacks = {
+	.bond_deleted = bond_deleted,
+};
+
+static void bond_address_cmp(const struct bt_bond_info *info, void *user_data)
+{
+	struct bond_find_ctx *ctx = user_data;
+
+	if (bt_addr_le_eq(ctx->bond_addr, &info->addr)) {
+		__ASSERT_NO_MSG(!ctx->bond_found);
+		ctx->bond_found = true;
+	}
+}
+
+static int bond_identity_find(uint8_t *identity, const bt_addr_le_t *addr)
+{
+	struct bond_find_ctx ctx = {
+		.bond_found = false,
+		.bond_addr = addr,
+	};
+
+	for (uint8_t id = 0; id < CONFIG_BT_ID_MAX; id++) {
+		bt_foreach_bond(id, bond_address_cmp, &ctx);
+		if (ctx.bond_found) {
+			if (identity) {
+				*identity = id;
+			}
+		}
+	}
+
+	return ctx.bond_found ? 0 : -ESRCH;
+}
+
+static int bond_remove(const bt_addr_le_t *addr)
+{
+	uint8_t identity;
+	int err;
+
+	err = bond_identity_find(&identity, addr);
+	if (err) {
+		return err;
+	}
+
+	return bt_unpair(identity, addr);
+}
+
+static bool is_addr_bonded(const bt_addr_le_t *addr)
+{
+	return !bond_identity_find(NULL, addr);
+}
+
+static const struct fp_storage_ak_bond_bt_request_cb bt_request_cb = {
+	.bond_remove = bond_remove,
+	.is_addr_bonded = is_addr_bonded,
+};
+
+static int bt_request_cb_register(void)
+{
+	fp_storage_ak_bond_bt_request_cb_register(&bt_request_cb);
+	return 0;
+}
+
+static int bond_manager_init(void)
+{
+	if (is_enabled) {
+		LOG_WRN("fp_bond_manager module already initialized");
+		return 0;
+	}
+
+	int err;
+
+	err = bt_conn_auth_info_cb_register(&conn_auth_info_callbacks);
+	if (err) {
+		return err;
+	}
+
+	is_enabled = true;
+
+	return 0;
+}
+
+static int bond_manager_uninit(void)
+{
+	if (!is_enabled) {
+		LOG_WRN("fp_bond_manager module already uninitialized");
+		return 0;
+	}
+
+	int err;
+
+	is_enabled = false;
+
+	err = bt_conn_auth_info_cb_unregister(&conn_auth_info_callbacks);
+	if (err) {
+		return err;
+	}
+
+	return 0;
+}
+
+/* Register fp_storage_ak_bond_bt_request_cb callback structure to be able to remove Bluetooth
+ * bonds during Fast Pair storage factory reset even if the Fast Pair is not enabled.
+ */
+SYS_INIT(bt_request_cb_register, APPLICATION, CONFIG_APPLICATION_INIT_PRIORITY);
+
+FP_ACTIVATION_MODULE_REGISTER(fp_bond_manager, FP_ACTIVATION_INIT_PRIORITY_DEFAULT,
+			      bond_manager_init, bond_manager_uninit);
@@ -19,6 +19,7 @@ LOG_MODULE_DECLARE(fast_pair, CONFIG_BT_FAST_PAIR_LOG_LEVEL);
 #include "fp_crypto.h"
 #include "fp_common.h"
 #include "fp_storage_ak.h"
+#include "fp_storage_ak_bond.h"
 #include "fp_storage_pn.h"
 
 #define EMPTY_AES_KEY_BYTE	0xff
@@ -370,7 +371,7 @@ int fp_keys_store_account_key(const struct bt_conn *conn, const struct fp_accoun
 		LOG_WRN("Received invalid Account Key");
 		return -EINVAL;
 	}
-	err = fp_storage_ak_save(account_key);
+	err = fp_storage_ak_save(account_key, conn);
 	if (!err) {
 		LOG_DBG("Account Key stored");
 	} else {
@@ -533,5 +534,40 @@ static int fp_keys_uninit(void)
 	return 0;
 }
 
+int fp_keys_bond_save(const struct bt_conn *conn)
+{
+	if (!IS_ENABLED(CONFIG_BT_FAST_PAIR_BOND_MANAGER)) {
+		__ASSERT_NO_MSG(false);
+		return -ENOTSUP;
+	}
+	__ASSERT_NO_MSG(bt_fast_pair_is_ready());
+
+	struct fp_procedure *proc = &fp_procedures[bt_conn_index(conn)];
+	struct bt_conn_info conn_info;
+	int err;
+
+	err = bt_conn_get_info(conn, &conn_info);
+	if (err) {
+		LOG_ERR("Failed to get local conn info (err %d)", err);
+		return err;
+	}
+
+	if (proc->state == FP_STATE_USE_TEMP_KEY) {
+		/* Initial pairing - the Account Key is not written yet. */
+		err = fp_storage_ak_bond_conn_create(conn, conn_info.le.dst, NULL);
+	} else if (proc->state == FP_STATE_USE_TEMP_ACCOUNT_KEY) {
+		/* Subsequent pairing - the Account Key is already known. */
+		struct fp_account_key account_key;
+
+		memcpy(account_key.key, proc->aes_key, sizeof(account_key.key));
+		err = fp_storage_ak_bond_conn_create(conn, conn_info.le.dst, &account_key);
+	} else {
+		__ASSERT_NO_MSG(false);
+		err = -EACCES;
+	}
+
+	return err;
+}
+
 FP_ACTIVATION_MODULE_REGISTER(fp_keys, FP_ACTIVATION_INIT_PRIORITY_DEFAULT, fp_keys_init,
 			      fp_keys_uninit);
@@ -8,6 +8,7 @@ config BT_FAST_PAIR_STORAGE
 	bool
 	default y
 	select SETTINGS
+	select BT_FAST_PAIR_STORAGE_AK
 	help
 	  Add Fast Pair storage source files.
 
@@ -32,6 +33,22 @@ config BT_FAST_PAIR_STORAGE_OWNER_ACCOUNT_KEY
 	help
 	  Enable support for the Owner Account Key in the Storage module.
 
+config BT_FAST_PAIR_STORAGE_AK_BOND
+	bool
+	help
+	  Enable support for the bond management in the Storage module. If this options is enabled,
+	  the Storage module tracks the Bluetooth bonds created through the Fast Pair Procedure and
+	  requests to unpair them if the Fast Pair Procedure is incomplete or the Account Key
+	  associated with the bonds is removed. It also requests to unpair the Fast Pair Bluetooth
+	  bonds on Fast Pair factory reset.
+
+config BT_FAST_PAIR_STORAGE_AK
+	bool
+	depends on BT_FAST_PAIR_STORAGE_AK_BACKEND_STANDARD || \
+		   BT_FAST_PAIR_STORAGE_AK_BACKEND_MINIMAL
+	help
+	  Enable support for the Account Key in the Storage module.
+
 choice BT_FAST_PAIR_STORAGE_AK_BACKEND
 	prompt "Account Key storage backend selection"
 	help
@@ -48,6 +65,7 @@ config BT_FAST_PAIR_STORAGE_AK_BACKEND_STANDARD
 config BT_FAST_PAIR_STORAGE_AK_BACKEND_MINIMAL
 	bool "Account Key storage minimal backend"
 	depends on BT_FAST_PAIR_STORAGE_OWNER_ACCOUNT_KEY
+	depends on !BT_FAST_PAIR_STORAGE_AK_BOND
 	help
 	  Select Account Key storage minimal backend. It allows for storing only one Account Key,
 	  that is assumed to be an Owner Account Key.