feat: support attach to pin (#357)

* support attach to pin

Author: guowei0105

common/protob/messages-common.proto

@@ -75,6 +75,7 @@ message ButtonRequest {
         ButtonRequest_Warning = 18;
         ButtonRequest_PassphraseEntry = 19;
         ButtonRequest_PinEntry = 20;
+        ButtonRequest_AttachPin = 8000;
     }
 }
 
@@ -119,6 +120,7 @@ message PinMatrixAck {
  */
 message PassphraseRequest {
     optional bool _on_device = 1 [deprecated=true];  // <2.3.0
+    optional bool exists_attach_pin_user = 8000;
 }
 
 /**
@@ -129,6 +131,7 @@ message PassphraseAck {
     optional string passphrase = 1;
     optional bytes _state = 2 [deprecated=true];  // <2.3.0
     optional bool on_device = 3;    // user wants to enter passphrase on the device
+    optional bool on_device_attach_pin = 8000;
 }
 
 /**

common/protob/messages-management.proto

@@ -39,6 +39,8 @@ message Initialize {
     optional bytes session_id = 1;     // assumed device session id; Trezor clears caches if it is different or empty
     optional bool _skip_passphrase = 2 [deprecated=true]; // removed as part of passphrase redesign
     optional bool derive_cardano = 3;  // whether to derive Cardano Icarus root keys in this session
+    optional string passphrase_state = 8000;
+    optional bool is_contains_attach = 8001;   
 }
 
 /**
@@ -129,6 +131,7 @@ message Features {
         Capability_Shamir = 15 [(bitcoin_only) = true];
         Capability_ShamirGroups = 16 [(bitcoin_only) = true];
         Capability_PassphraseEntry = 17 [(bitcoin_only) = true];  // the device is capable of passphrase entry directly on the device
+        Capability_AttachToPin = 18 [(bitcoin_only) = true];  // OneKey: Attach passphrase to PIN feature
     }
     optional BackupType backup_type = 31;       // type of device backup (BIP-39 / SLIP-39 basic / SLIP-39 advanced)
     optional bool sd_card_present = 32;         // is SD card present
@@ -189,6 +192,8 @@ message Features {
     optional OneKeySEState onekey_se02_state = 622;
     optional OneKeySEState onekey_se03_state = 623;
     optional OneKeySEState onekey_se04_state = 624;
+    optional bool attach_to_pin_user = 625;     
+    optional bool unlocked_attach_pin = 626;
 }
 
 /**
@@ -808,5 +813,44 @@ message UnlockPath {
  * @next GetAddress
  */
 message UnlockedPathRequest {
-    optional bytes mac = 1;            // authentication code for future UnlockPath calls
+    optional bytes mac = 1;   
 }
+
+/**
+ * Request: Get current passphrase state
+ * @start
+ * @next PassphraseState
+ */
+message GetPassphraseState {
+    optional string passphrase_state = 1;
+    optional bool _only_main_pin = 2; 
+    optional bool allow_create_attach_pin = 3; 
+}
+
+/**
+ * Response: Current passphrase state
+ * @end
+ */
+message PassphraseState {
+    optional string passphrase_state  = 1;  
+    optional bytes session_id = 2;      
+    optional bool unlocked_attach_pin  = 3;                   
+}
+
+/**
+ * Request: Unlock device
+ * @start
+ * @next UnLockDeviceResponse
+ */
+message UnLockDevice {
+}
+
+/**
+ * Response: Device unlock status
+ * @end
+ */
+message UnLockDeviceResponse {
+    optional bool unlocked = 1;
+    optional bool unlocked_attach_pin = 2;
+    optional bool passphrase_protection = 3;
+}

common/protob/messages.proto

@@ -77,7 +77,7 @@ enum MessageType {
     option (has_bitcoin_only_values) = true;
     option allow_alias = true;
     // Management
-    MessageType_Initialize = 0 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true];
+    MessageType_Initialize = 0 [(bitcoin_only) = true, (wire_in) = true,(wire_tiny) = true];
     MessageType_Ping = 1 [(bitcoin_only) = true, (wire_in) = true];
     MessageType_Success = 2 [(bitcoin_only) = true, (wire_out) = true, (wire_debug_out) = true];
     MessageType_Failure = 3 [(bitcoin_only) = true, (wire_out) = true, (wire_debug_out) = true];
@@ -121,6 +121,7 @@ enum MessageType {
     MessageType_UnlockPath = 93 [(bitcoin_only) = true, (wire_in) = true];
     MessageType_UnlockedPathRequest = 94 [(bitcoin_only) = true, (wire_out) = true];
 
+    
     MessageType_SetU2FCounter = 63 [(wire_in) = true];
     MessageType_GetNextU2FCounter = 80 [(wire_in) = true];
     MessageType_NextU2FCounter = 81 [(wire_out) = true];
@@ -605,4 +606,8 @@ enum MessageType {
     MessageType_OnekeyGetFeatures = 10025 [(bitcoin_only) = true,(wire_in) = true];
     MessageType_OnekeyFeatures = 10026 [(bitcoin_only) = true,(wire_out) = true];
     MessageType_WriteSEPrivateKey = 10027 [(wire_in) = true, (wire_bootloader) = true];
-}
+    MessageType_GetPassphraseState = 10028 [(wire_in) = true];
+    MessageType_PassphraseState = 10029 [(wire_out) = true];
+    MessageType_UnLockDevice = 10030 [(bitcoin_only) = true, (wire_in) = true];
+    MessageType_UnLockDeviceResponse = 10031 [(bitcoin_only) = true, (wire_out) = true];
+ }

core/embed/extmod/modtrezorconfig/modtrezorconfig.c

@@ -110,58 +110,74 @@ STATIC mp_obj_t mod_trezorconfig_is_initialized(void) {
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_is_initialized_obj,
                                  mod_trezorconfig_is_initialized);
 
-/// def unlock(pin: str, ext_salt: bytes | None) -> bool:
+/// def unlock(pin: str, ext_salt: bytes | None, pin_use_type: int = 0)
+/// -> tuple[bool, int]:
 ///     """
 ///     Attempts to unlock the storage with the given PIN and external salt.
 ///     Returns True on success, False on failure.
 ///     """
-STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin, mp_obj_t ext_salt) {
+STATIC mp_obj_t mod_trezorconfig_unlock(size_t n_args, const mp_obj_t *args) {
   mp_buffer_info_t pin_b = {0};
-  mp_get_buffer_raise(pin, &pin_b, MP_BUFFER_READ);
+  mp_get_buffer_raise(args[0], &pin_b, MP_BUFFER_READ);
 
   mp_buffer_info_t ext_salt_b = {0};
   ext_salt_b.buf = NULL;
-  if (ext_salt != mp_const_none) {
-    mp_get_buffer_raise(ext_salt, &ext_salt_b, MP_BUFFER_READ);
+  if (n_args > 1 && args[1] != mp_const_none) {
+    mp_get_buffer_raise(args[1], &ext_salt_b, MP_BUFFER_READ);
     if (ext_salt_b.len != EXTERNAL_SALT_SIZE)
       mp_raise_msg(&mp_type_ValueError, "Invalid length of external salt.");
   }
 
+  pin_type_t pin_use_type = PIN_TYPE_USER;
+
+  if (n_args > 2) {
+    pin_use_type = mp_obj_get_int(args[2]);
+  }
+
   // display_clear();
   // display_loader_ex(0, false, 0, 0xFFFF, 0x0000, NULL, 0, 0);
   secbool ret = secfalse;
 
   // verify se pin first when not in emulator
-  ret = se_verifyPin(pin_b.buf);
+  ret = se_verifyPin(pin_b.buf, pin_use_type);
   if (ret != sectrue) {
     if (!pin_state.pin_unlocked_initialized) {
       pin_state.pin_unlocked = false;
       pin_state.pin_unlocked_initialized = true;
     }
-    return mp_const_false;
+    mp_obj_t tuple[2] = {mp_const_false, mp_obj_new_int(0)};
+    return mp_obj_new_tuple(2, tuple);
   }
 
+  pin_result_t pin_type = se_get_pin_result_type();
+
   // fpsensor_data_init();
   fpsensor_data_init_start();
   pin_state.pin_unlocked = true;
   pin_state.pin_unlocked_initialized = true;
   pin_state.fp_unlocked = true;
   pin_state.fp_unlocked_initialized = true;
-  return mp_const_true;
+
+  mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(2, NULL));
+  tuple->items[0] = mp_const_true;
+  tuple->items[1] = mp_obj_new_int(pin_type);
+  return MP_OBJ_FROM_PTR(tuple);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_unlock_obj,
-                                 mod_trezorconfig_unlock);
+STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_unlock_obj, 2, 3,
+                                           mod_trezorconfig_unlock);
 
-/// def check_pin(pin: str, ext_salt: bytes | None) -> bool:
+/// def check_pin(pin: str, ext_salt: bytes | None, pin_use_type: int = 0) ->
+/// bool:
 ///     """
 ///     Check the given PIN with the given external salt.
 ///     Returns True on success, False on failure.
 ///     """
-STATIC mp_obj_t mod_trezorconfig_check_pin(mp_obj_t pin, mp_obj_t ext_salt) {
-  return mod_trezorconfig_unlock(pin, ext_salt);
+STATIC mp_obj_t mod_trezorconfig_check_pin(size_t n_args,
+                                           const mp_obj_t *args) {
+  return mod_trezorconfig_unlock(n_args, args);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_check_pin_obj,
-                                 mod_trezorconfig_check_pin);
+STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_check_pin_obj, 2, 3,
+                                           mod_trezorconfig_check_pin);
 
 /// def lock() -> None:
 ///     """