OneKeyHQ · guowei0105 · Jul 9, 2025 · Jul 10, 2025 · Jul 11, 2025 · Jul 11, 2025
@@ -75,6 +75,7 @@ message ButtonRequest {
         ButtonRequest_Warning = 18;
         ButtonRequest_PassphraseEntry = 19;
         ButtonRequest_PinEntry = 20;
+        ButtonRequest_AttachPin = 8000;
     }
 }
 
@@ -119,6 +120,7 @@ message PinMatrixAck {
  */
 message PassphraseRequest {
     optional bool _on_device = 1 [deprecated=true];  // <2.3.0
+    optional bool exists_attach_pin_user = 8000;
 }
 
 /**
@@ -129,6 +131,7 @@ message PassphraseAck {
     optional string passphrase = 1;
     optional bytes _state = 2 [deprecated=true];  // <2.3.0
     optional bool on_device = 3;    // user wants to enter passphrase on the device
+    optional bool on_device_attach_pin = 8000;
 }
 
 /**

@@ -13,9 +13,12 @@ import "messages.proto";
  * Type of the mnemonic backup given/received by the device during reset/recovery.
  */
 enum BackupType {
-    Bip39 = 0;              // also called "Single Backup", see BIP-0039
-    Slip39_Basic = 1;       // also called "Shamir Backup", see SLIP-0039
-    Slip39_Advanced = 2;    // also called "Super Shamir" or "Shamir with Groups", see SLIP-0039#two-level-scheme
+    Bip39 = 0;                       // also called "Single Backup", see BIP-0039
+    Slip39_Basic = 1;                // also called "Shamir Backup", see SLIP-0039
+    Slip39_Advanced = 2;             // also called "Super Shamir" or "Shamir with Groups", see SLIP-0039#two-level-scheme
+    Slip39_Single_Extendable = 3;    // extendable single-share Shamir backup
+    Slip39_Basic_Extendable = 4;     // extendable multi-share Shamir backup
+    Slip39_Advanced_Extendable = 5;  // extendable multi-share Shamir backup with groups
 }
 
 /**
@@ -36,6 +39,8 @@ message Initialize {
     optional bytes session_id = 1;     // assumed device session id; Trezor clears caches if it is different or empty
     optional bool _skip_passphrase = 2 [deprecated=true]; // removed as part of passphrase redesign
     optional bool derive_cardano = 3;  // whether to derive Cardano Icarus root keys in this session
+    optional string passphrase_state = 8000;
+    optional bool is_contains_attach = 8001;   
 }
 
 /**
@@ -126,6 +131,7 @@ message Features {
         Capability_Shamir = 15 [(bitcoin_only) = true];
         Capability_ShamirGroups = 16 [(bitcoin_only) = true];
         Capability_PassphraseEntry = 17 [(bitcoin_only) = true];  // the device is capable of passphrase entry directly on the device
+        Capability_AttachToPin = 18 [(bitcoin_only) = true];  // OneKey: Attach passphrase to PIN feature
     }
     optional BackupType backup_type = 31;       // type of device backup (BIP-39 / SLIP-39 basic / SLIP-39 advanced)
     optional bool sd_card_present = 32;         // is SD card present
@@ -186,6 +192,8 @@ message Features {
     optional OneKeySEState onekey_se02_state = 622;
     optional OneKeySEState onekey_se03_state = 623;
     optional OneKeySEState onekey_se04_state = 624;
+    optional bool attach_to_pin_user = 625;     
+    optional bool unlocked_attach_pin = 626;
 }
 
 /**
@@ -805,5 +813,44 @@ message UnlockPath {
  * @next GetAddress
  */
 message UnlockedPathRequest {
-    optional bytes mac = 1;            // authentication code for future UnlockPath calls
+    optional bytes mac = 1;   
 }
+
+/**
+ * Request: Get current passphrase state
+ * @start
+ * @next PassphraseState
+ */
+message GetPassphraseState {
+    optional string passphrase_state = 1;
+    optional bool _only_main_pin = 2; 
+    optional bool allow_create_attach_pin = 3; 
+}
+
+/**
+ * Response: Current passphrase state
+ * @end
+ */
+message PassphraseState {
+    optional string passphrase_state  = 1;  
+    optional bytes session_id = 2;      
+    optional bool unlocked_attach_pin  = 3;                   
+}
+
+/**
+ * Request: Unlock device
+ * @start
+ * @next UnLockDeviceResponse
+ */
+message UnLockDevice {
+}
+
+/**
+ * Response: Device unlock status
+ * @end
+ */
+message UnLockDeviceResponse {
+    optional bool unlocked = 1;
+    optional bool unlocked_attach_pin = 2;
+    optional bool passphrase_protection = 3;
+}
@@ -99,6 +99,7 @@ message TronSignTx {
             optional uint64 balance = 3;
             optional string receiver_address = 4;
             optional bool  lock = 5;
+            optional uint64 lock_period = 6;
         }
         message TronUnDelegateResourceContract {
             optional TronResourceCode resource = 2;

@@ -77,7 +77,7 @@ enum MessageType {
     option (has_bitcoin_only_values) = true;
     option allow_alias = true;
     // Management
-    MessageType_Initialize = 0 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true];
+    MessageType_Initialize = 0 [(bitcoin_only) = true, (wire_in) = true];
     MessageType_Ping = 1 [(bitcoin_only) = true, (wire_in) = true];
     MessageType_Success = 2 [(bitcoin_only) = true, (wire_out) = true, (wire_debug_out) = true];
     MessageType_Failure = 3 [(bitcoin_only) = true, (wire_out) = true, (wire_debug_out) = true];
@@ -121,6 +121,7 @@ enum MessageType {
     MessageType_UnlockPath = 93 [(bitcoin_only) = true, (wire_in) = true];
     MessageType_UnlockedPathRequest = 94 [(bitcoin_only) = true, (wire_out) = true];
 
+
     MessageType_SetU2FCounter = 63 [(wire_in) = true];
     MessageType_GetNextU2FCounter = 80 [(wire_in) = true];
     MessageType_NextU2FCounter = 81 [(wire_out) = true];
@@ -605,4 +606,8 @@ enum MessageType {
     MessageType_OnekeyGetFeatures = 10025 [(bitcoin_only) = true,(wire_in) = true];
     MessageType_OnekeyFeatures = 10026 [(bitcoin_only) = true,(wire_out) = true];
     MessageType_WriteSEPrivateKey = 10027 [(wire_in) = true, (wire_bootloader) = true];
-}
+    MessageType_GetPassphraseState = 10028 [(wire_in) = true];
+    MessageType_PassphraseState = 10029 [(wire_out) = true];
+    MessageType_UnLockDevice = 10030 [(bitcoin_only) = true, (wire_in) = true];
+    MessageType_UnLockDeviceResponse = 10031 [(bitcoin_only) = true, (wire_out) = true];
+ }
@@ -110,58 +110,74 @@ STATIC mp_obj_t mod_trezorconfig_is_initialized(void) {
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_is_initialized_obj,
                                  mod_trezorconfig_is_initialized);
 
-/// def unlock(pin: str, ext_salt: bytes | None) -> bool:
+/// def unlock(pin: str, ext_salt: bytes | None, pin_use_type: int = 0)
+/// -> tuple[bool, int]:
 ///     """
 ///     Attempts to unlock the storage with the given PIN and external salt.
 ///     Returns True on success, False on failure.
 ///     """
-STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin, mp_obj_t ext_salt) {
+STATIC mp_obj_t mod_trezorconfig_unlock(size_t n_args, const mp_obj_t *args) {
   mp_buffer_info_t pin_b = {0};
-  mp_get_buffer_raise(pin, &pin_b, MP_BUFFER_READ);
+  mp_get_buffer_raise(args[0], &pin_b, MP_BUFFER_READ);
 
   mp_buffer_info_t ext_salt_b = {0};
   ext_salt_b.buf = NULL;
-  if (ext_salt != mp_const_none) {
-    mp_get_buffer_raise(ext_salt, &ext_salt_b, MP_BUFFER_READ);
+  if (n_args > 1 && args[1] != mp_const_none) {
+    mp_get_buffer_raise(args[1], &ext_salt_b, MP_BUFFER_READ);
     if (ext_salt_b.len != EXTERNAL_SALT_SIZE)
       mp_raise_msg(&mp_type_ValueError, "Invalid length of external salt.");
   }
 
+  pin_type_t pin_use_type = PIN_TYPE_USER;
+
+  if (n_args > 2) {
+    pin_use_type = mp_obj_get_int(args[2]);
+  }
+
   // display_clear();
   // display_loader_ex(0, false, 0, 0xFFFF, 0x0000, NULL, 0, 0);
   secbool ret = secfalse;
 
   // verify se pin first when not in emulator
-  ret = se_verifyPin(pin_b.buf);
+  ret = se_verifyPin(pin_b.buf, pin_use_type);
   if (ret != sectrue) {
     if (!pin_state.pin_unlocked_initialized) {
       pin_state.pin_unlocked = false;
       pin_state.pin_unlocked_initialized = true;
     }
-    return mp_const_false;
+    mp_obj_t tuple[2] = {mp_const_false, mp_obj_new_int(0)};
+    return mp_obj_new_tuple(2, tuple);
   }
 
+  pin_result_t pin_type = se_get_pin_result_type();
+
   // fpsensor_data_init();
   fpsensor_data_init_start();
   pin_state.pin_unlocked = true;
   pin_state.pin_unlocked_initialized = true;
   pin_state.fp_unlocked = true;
   pin_state.fp_unlocked_initialized = true;
-  return mp_const_true;
+
+  mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(2, NULL));
+  tuple->items[0] = mp_const_true;
+  tuple->items[1] = mp_obj_new_int(pin_type);
+  return MP_OBJ_FROM_PTR(tuple);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_unlock_obj,
-                                 mod_trezorconfig_unlock);
+STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_unlock_obj, 2, 3,
+                                           mod_trezorconfig_unlock);
 
-/// def check_pin(pin: str, ext_salt: bytes | None) -> bool:
+/// def check_pin(pin: str, ext_salt: bytes | None, pin_use_type: int = 0) ->
+/// bool:
 ///     """
 ///     Check the given PIN with the given external salt.
 ///     Returns True on success, False on failure.
 ///     """
-STATIC mp_obj_t mod_trezorconfig_check_pin(mp_obj_t pin, mp_obj_t ext_salt) {
-  return mod_trezorconfig_unlock(pin, ext_salt);
+STATIC mp_obj_t mod_trezorconfig_check_pin(size_t n_args,
+                                           const mp_obj_t *args) {
+  return mod_trezorconfig_unlock(n_args, args);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_check_pin_obj,
-                                 mod_trezorconfig_check_pin);
+STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_check_pin_obj, 2, 3,
+                                           mod_trezorconfig_check_pin);
 
 /// def lock() -> None:
 ///     """
@@ -578,6 +594,10 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_wipe_obj,
                                  mod_trezorconfig_wipe);
 
 #ifndef TREZOR_EMULATOR
+/// def se_import_mnemonic(mnemonic: bytes) -> bool:
+///     """
+///     Import mnemonic to SE.
+///     """
 STATIC mp_obj_t mod_trezorconfig_se_import_mnemonic(mp_obj_t mnemonic) {
   mp_buffer_info_t mnemo = {0};
   mp_get_buffer_raise(mnemonic, &mnemo, MP_BUFFER_READ);
@@ -592,6 +612,35 @@ STATIC mp_obj_t mod_trezorconfig_se_import_mnemonic(mp_obj_t mnemonic) {
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorconfig_se_import_mnemonic_obj,
                                  mod_trezorconfig_se_import_mnemonic);
 
+/// def se_import_slip39(mnemonic: bytes, backup_type: int, identifier: int |
+/// None, iteration_exponent: int | None) -> bool:
+///     """
+///     Import slip39 to SE.
+///     """
+STATIC mp_obj_t mod_trezorconfig_se_import_slip39(size_t n_args,
+                                                  const mp_obj_t *args) {
+  mp_buffer_info_t master_secret_info = {0};
+  mp_get_buffer_raise(args[0], &master_secret_info, MP_BUFFER_READ);
+
+  uint8_t backup_type = trezor_obj_get_uint8(args[1]);
+  uint16_t identifier = 0;
+  if (args[2] != mp_const_none) {
+    identifier = trezor_obj_get_uint(args[2]);
+  }
+  uint8_t iteration_exponent = trezor_obj_get_uint8(args[3]);
+
+  if (sectrue != se_import_slip39(master_secret_info.buf,
+                                  master_secret_info.len, backup_type,
+                                  identifier, iteration_exponent)) {
+    return mp_const_false;
+  }
+  return mp_const_true;
+}
+
+STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
+    mod_trezorconfig_se_import_slip39_obj, 4, 4,
+    mod_trezorconfig_se_import_slip39);
+
 /// def se_export_mnemonic() -> bytes:
 ///     """
 ///     Export mnemonic from SE.
@@ -777,6 +826,8 @@ STATIC const mp_rom_map_elem_t mp_module_trezorconfig_globals_table[] = {
 #ifndef TREZOR_EMULATOR
     {MP_ROM_QSTR(MP_QSTR_se_import_mnemonic),
      MP_ROM_PTR(&mod_trezorconfig_se_import_mnemonic_obj)},
+    {MP_ROM_QSTR(MP_QSTR_se_import_slip39),
+     MP_ROM_PTR(&mod_trezorconfig_se_import_slip39_obj)},
     {MP_ROM_QSTR(MP_QSTR_se_export_mnemonic),
      MP_ROM_PTR(&mod_trezorconfig_se_export_mnemonic_obj)},
     {MP_ROM_QSTR(MP_QSTR_get_serial),

@@ -35,7 +35,7 @@ STATIC mp_obj_t mod_trezorcrypto_bip39_complete_word(mp_obj_t prefix) {
   if (pfx.len == 0) {
     return mp_const_none;
   }
-  const char *word = mnemonic_complete_word(pfx.buf, pfx.len);
+  const char *word = mnemonic_complete_word(pfx.buf, pfx.len, false);
   if (word) {
     return mp_obj_new_str(word, strlen(word));
   } else {
@@ -54,7 +54,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_bip39_complete_word_obj,
 STATIC mp_obj_t mod_trezorcrypto_bip39_word_completion_mask(mp_obj_t prefix) {
   mp_buffer_info_t pfx = {0};
   mp_get_buffer_raise(prefix, &pfx, MP_BUFFER_READ);
-  return mp_obj_new_int(mnemonic_word_completion_mask(pfx.buf, pfx.len));
+  return mp_obj_new_int(mnemonic_word_completion_mask(pfx.buf, pfx.len, false));
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(
     mod_trezorcrypto_bip39_word_completion_mask_obj,