diff --git a/protob/Makefile b/protob/Makefile index daff4266d..1ac2dd04e 100644 --- a/protob/Makefile +++ b/protob/Makefile @@ -1,4 +1,4 @@ -check: messages.pb +check: messages.pb messages-bitcoin.pb messages-bootloader.pb messages-cardano.pb messages-crypto.pb messages-debug.pb messages-ethereum.pb messages-lisk.pb messages-management.pb messages-nem.pb messages-stellar.pb messages-tezos.pb %.pb: %.proto protoc -I/usr/include -I. $< -o $@ diff --git a/protob/common.proto b/protob/common.proto new file mode 100644 index 000000000..31f2243a4 --- /dev/null +++ b/protob/common.proto @@ -0,0 +1,14 @@ +syntax = "proto2"; + +/** + * Structure representing BIP32 (hierarchical deterministic) node + * Used for imports of private key into the device and exporting public key out of device + */ +message HDNodeType { + required uint32 depth = 1; + required uint32 fingerprint = 2; + required uint32 child_num = 3; + required bytes chain_code = 4; + optional bytes private_key = 5; + optional bytes public_key = 6; +} diff --git a/protob/messages-bitcoin.proto b/protob/messages-bitcoin.proto new file mode 100644 index 000000000..fe99d3421 --- /dev/null +++ b/protob/messages-bitcoin.proto @@ -0,0 +1,240 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageBitcoin"; + +import "common.proto"; + +/** + * Type of script which will be used for transaction output + */ +enum InputScriptType { + SPENDADDRESS = 0; // standard P2PKH address + SPENDMULTISIG = 1; // P2SH multisig address + EXTERNAL = 2; // reserved for external inputs (coinjoin) + SPENDWITNESS = 3; // native SegWit + SPENDP2SHWITNESS = 4; // SegWit over P2SH (backward compatible) +} + +/** + * Type of redeem script used in input + */ +message MultisigRedeemScriptType { + repeated HDNodePathType pubkeys = 1; // pubkeys from multisig address (sorted lexicographically) + repeated bytes signatures = 2; // existing signatures for partially signed input + optional uint32 m = 3; // "m" from n, how many valid signatures is necessary for spending + /** + * Structure representing HDNode + Path + */ + message HDNodePathType { + required HDNodeType node = 1; // BIP-32 node in deserialized form + repeated uint32 address_n = 2; // BIP-32 path to derive the key from node + } +} + +/** + * Request: Ask device for public key corresponding to address_n path + * @next PassphraseRequest + * @next PublicKey + * @next Failure + */ +message GetPublicKey { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional string ecdsa_curve_name = 2; // ECDSA curve name to use + optional bool show_display = 3; // optionally show on display before sending the result + optional string coin_name = 4 [default='Bitcoin']; // coin to use for verifying +} + +/** + * Response: Contains public key derived from device private seed + * @prev GetPublicKey + */ +message PublicKey { + required HDNodeType node = 1; // BIP32 public node + optional string xpub = 2; // serialized form of public node +} + +/** + * Request: Ask device for address corresponding to address_n path + * @next PassphraseRequest + * @next Address + * @next Failure + */ +message GetAddress { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional string coin_name = 2 [default='Bitcoin']; // coin to use + optional bool show_display = 3; // optionally show on display before sending the result + optional MultisigRedeemScriptType multisig = 4; // filled if we are showing a multisig address + optional InputScriptType script_type = 5 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.) +} + +/** + * Response: Contains address derived from device private seed + * @prev GetAddress + */ +message Address { + required string address = 1; // Coin address in Base58 encoding +} + +/** + * Request: Ask device to sign message + * @next MessageSignature + * @next Failure + */ +message SignMessage { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + required bytes message = 2; // message to be signed + optional string coin_name = 3 [default='Bitcoin']; // coin to use for signing + optional InputScriptType script_type = 4 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.) +} + +/** + * Request: Ask device to verify message + * @next Success + * @next Failure + */ +message VerifyMessage { + optional string address = 1; // address to verify + optional bytes signature = 2; // signature to verify + optional bytes message = 3; // message to verify + optional string coin_name = 4 [default='Bitcoin']; // coin to use for verifying +} + +/** + * Response: Signed message + * @prev SignMessage + */ +message MessageSignature { + optional string address = 1; // address used to sign the message + optional bytes signature = 2; // signature of the message +} + +/** + * Request: Ask device to sign transaction + * @next PassphraseRequest + * @next PinMatrixRequest + * @next TxRequest + * @next Failure + */ +message SignTx { + required uint32 outputs_count = 1; // number of transaction outputs + required uint32 inputs_count = 2; // number of transaction inputs + optional string coin_name = 3 [default='Bitcoin']; // coin to use + optional uint32 version = 4 [default=1]; // transaction version + optional uint32 lock_time = 5 [default=0]; // transaction lock_time + optional uint32 expiry = 6; // only for Decred and Zcash + optional bool overwintered = 7; // only for Zcash +} + +/** + * Response: Device asks for information for signing transaction or returns the last result + * If request_index is set, device awaits TxAck message (with fields filled in according to request_type) + * If signature_index is set, 'signature' contains signed input of signature_index's input + * @prev SignTx + * @prev TxAck + */ +message TxRequest { + optional RequestType request_type = 1; // what should be filled in TxAck message? + optional TxRequestDetailsType details = 2; // request for tx details + optional TxRequestSerializedType serialized = 3; // serialized data and request for next + /** + * Type of information required by transaction signing process + */ + enum RequestType { + TXINPUT = 0; + TXOUTPUT = 1; + TXMETA = 2; + TXFINISHED = 3; + TXEXTRADATA = 4; + } + /** + * Structure representing request details + */ + message TxRequestDetailsType { + optional uint32 request_index = 1; // device expects TxAck message from the computer + optional bytes tx_hash = 2; // tx_hash of requested transaction + optional uint32 extra_data_len = 3; // length of requested extra data + optional uint32 extra_data_offset = 4; // offset of requested extra data + } + /** + * Structure representing serialized data + */ + message TxRequestSerializedType { + optional uint32 signature_index = 1; // 'signature' field contains signed input of this index + optional bytes signature = 2; // signature of the signature_index input + optional bytes serialized_tx = 3; // part of serialized and signed transaction + } +} + +/** + * Request: Reported transaction data + * @prev TxRequest + * @next TxRequest + */ +message TxAck { + optional TransactionType tx = 1; + /** + * Structure representing transaction + */ + message TransactionType { + optional uint32 version = 1; + repeated TxInputType inputs = 2; + repeated TxOutputBinType bin_outputs = 3; + optional uint32 lock_time = 4; + repeated TxOutputType outputs = 5; + optional uint32 inputs_cnt = 6; + optional uint32 outputs_cnt = 7; + optional bytes extra_data = 8; // only for Zcash + optional uint32 extra_data_len = 9; // only for Zcash + optional uint32 expiry = 10; // only for Decred and Zcash + optional bool overwintered = 11; // only for Zcash + /** + * Structure representing transaction input + */ + message TxInputType { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + required bytes prev_hash = 2; // hash of previous transaction output to spend by this input + required uint32 prev_index = 3; // index of previous output to spend + optional bytes script_sig = 4; // script signature, unset for tx to sign + optional uint32 sequence = 5 [default=4294967295]; // sequence (default=0xffffffff) + optional InputScriptType script_type = 6 [default=SPENDADDRESS]; // defines template of input script + optional MultisigRedeemScriptType multisig = 7; // Filled if input is going to spend multisig tx + optional uint64 amount = 8; // amount of previous transaction output (for segwit only) + optional uint32 decred_tree = 9; + optional uint32 decred_script_version = 10; + optional bytes prev_block_hash_bip115 = 11; // block hash of previous transaction output (for bip115 implementation) + optional bytes prev_block_height_bip115 = 12; // block height of previous transaction output (for bip115 implementation) + } + /** + * Structure representing compiled transaction output + */ + message TxOutputBinType { + required uint64 amount = 1; + required bytes script_pubkey = 2; + optional uint32 decred_script_version = 3; + } + /** + * Structure representing transaction output + */ + message TxOutputType { + optional string address = 1; // target coin address in Base58 encoding + repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address" + required uint64 amount = 3; // amount to spend in satoshis + required OutputScriptType script_type = 4; // output script type + optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG + optional bytes op_return_data = 6; // defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0 + optional uint32 decred_script_version = 7; + optional bytes block_hash_bip115 = 8; // block hash of existing block (recommended current_block - 300) (for bip115 implementation) + optional bytes block_height_bip115 = 9; // block height of existing block (recommended current_block - 300) (for bip115 implementation) + enum OutputScriptType { + PAYTOADDRESS = 0; // used for all addresses (bitcoin, p2sh, witness) + PAYTOSCRIPTHASH = 1; // p2sh address (deprecated; use PAYTOADDRESS) + PAYTOMULTISIG = 2; // only for change output + PAYTOOPRETURN = 3; // op_return + PAYTOWITNESS = 4; // only for change output + PAYTOP2SHWITNESS = 5; // only for change output + } + } + } +} diff --git a/protob/messages-bootloader.proto b/protob/messages-bootloader.proto new file mode 100644 index 000000000..8caa63c08 --- /dev/null +++ b/protob/messages-bootloader.proto @@ -0,0 +1,43 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageBootloader"; + +/** + * Request: Ask device to erase its firmware (so it can be replaced via FirmwareUpload) + * @next Success + * @next FirmwareRequest + * @next Failure + */ +message FirmwareErase { + optional uint32 length = 1; // length of new firmware +} + +/** + * Response: Ask for firmware chunk + * @next FirmwareUpload + */ +message FirmwareRequest { + optional uint32 offset = 1; // offset of requested firmware chunk + optional uint32 length = 2; // length of requested firmware chunk +} + +/** + * Request: Send firmware in binary form to the device + * @next Success + * @next Failure + */ +message FirmwareUpload { + required bytes payload = 1; // firmware to be loaded into device + optional bytes hash = 2; // hash of the payload +} + +/** + * Request: Perform a device self-test + * @next Success + * @next Failure + */ +message SelfTest { + optional bytes payload = 1; // payload to be used in self-test +} diff --git a/protob/messages-cardano.proto b/protob/messages-cardano.proto new file mode 100644 index 000000000..d0b245542 --- /dev/null +++ b/protob/messages-cardano.proto @@ -0,0 +1,134 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageCardano"; + +import "common.proto"; + +/** + * Request: Ask device for Cardano address + * @next CardanoAddress + * @next Failure + */ +message CardanoGetAddress { + repeated uint32 address_n = 1; // BIP-32-style path to derive the key from master node + optional bool show_display = 2; // optionally prompt for confirmation on trezor display +} + +/** + * Request: Ask device for Cardano address + * @next CardanoAddress + * @next Failure + */ +message CardanoAddress { + optional string address = 1; // Base58 cardano address +} + +/** + * Request: Ask device to sign Cardano message + * @next CardanoMessageSignature + * @next Failure + */ +message CardanoSignMessage { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bytes message = 2; // message to be signed +} + +/** + * Request: Ask device for public key corresponding to address_n path + * @next CardanoPublicKey + * @next Failure + */ +message CardanoGetPublicKey { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node +} + +/** + * Response: Contains public key derived from device private seed + * @prev CardanoGetPublicKey + */ +message CardanoPublicKey { + optional string xpub = 1; // Xpub key + optional HDNodeType node = 2; // BIP-32 public node + optional string root_hd_passphrase = 3; // HD passphrase for root in hex format +} + +/** + * Request: Ask device to verify Cardano message + * @next Success + * @next Failure + */ +message CardanoVerifyMessage { + optional bytes public_key = 1; // Public key which was used to sign message + optional bytes signature = 2; // signature to verify + optional bytes message = 3; // message to verify +} + +/** + * Response: Signed Cardano message + * @prev CardanoSignMessage + */ +message CardanoMessageSignature { + optional bytes public_key = 1; // public key which was used to sign mesage + optional bytes signature = 2; // signature of the message +} + +/** + * Request: Ask device to sign Cardano transaction + * @next CardanoSignedTransaction + * @next CardanoTxRequest + * @next Failure + */ +message CardanoSignTransaction { + repeated CardanoTxInputType inputs = 1; // inputs to be used in transaction + repeated CardanoTxOutputType outputs = 2; // outputs to be used in transaction + optional uint32 transactions_count = 3; // transactions count + /** + * Structure representing cardano transaction input + */ + message CardanoTxInputType { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bytes prev_hash = 2; // hash of previous transaction output to spend by this input + optional uint32 prev_index = 3; // index of previous output to spend + optional uint32 type = 4; // input type, defaults to 0 + } + /** + * Structure representing cardano transaction output + */ + message CardanoTxOutputType { + optional string address = 1; // target coin address in Base58 encoding + repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address" + optional uint64 amount = 3; // amount to spend + } +} + +/** + * Response: Serialised signed cardano transaction if tx_index is not specified. + * If tx_index is specified, trezor will wait for transaction + * @prev CardanoSignTransaction + * @next CardanoTxAck + */ +message CardanoTxRequest { + optional uint32 tx_index = 1; // index of requested transaction + optional bytes tx_hash = 2; // hash of the signed transaction + optional bytes tx_body = 3; // serialised body of the signed transaction +} + +/** + * Response: Serialised signed cardano transaction + * @prev CardanoSignTransaction + */ +message CardanoSignedTransaction { + optional bytes tx_hash = 1; // hash of the signed transaction + optional bytes tx_body = 2; // serialised body of the signed transaction +} + +/** + * Request: Reported transaction data + * @prev CardanoTxRequest + * @next CardanoTxRequest + */ +message CardanoTxAck { + optional bytes transaction = 1; +} diff --git a/protob/messages-crypto.proto b/protob/messages-crypto.proto new file mode 100644 index 000000000..ee706a7ce --- /dev/null +++ b/protob/messages-crypto.proto @@ -0,0 +1,120 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageCrypto"; + +/** + * Request: Ask device to encrypt or decrypt value of given key + * @next CipheredKeyValue + * @next Failure + */ +message CipherKeyValue { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional string key = 2; // key component of key:value + optional bytes value = 3; // value component of key:value + optional bool encrypt = 4; // are we encrypting (True) or decrypting (False)? + optional bool ask_on_encrypt = 5; // should we ask on encrypt operation? + optional bool ask_on_decrypt = 6; // should we ask on decrypt operation? + optional bytes iv = 7; // initialization vector (will be computed if not set) +} + +/** + * Response: Return ciphered/deciphered value + * @prev CipherKeyValue + */ +message CipheredKeyValue { + optional bytes value = 1; // ciphered/deciphered value +} + +/** +* Structure representing identity data +*/ +message IdentityType { + optional string proto = 1; // proto part of URI + optional string user = 2; // user part of URI + optional string host = 3; // host part of URI + optional string port = 4; // port part of URI + optional string path = 5; // path part of URI + optional uint32 index = 6 [default=0]; // identity index +} + +/** + * Request: Ask device to sign identity + * @next SignedIdentity + * @next Failure + */ +message SignIdentity { + optional IdentityType identity = 1; // identity + optional bytes challenge_hidden = 2; // non-visible challenge + optional string challenge_visual = 3; // challenge shown on display (e.g. date+time) + optional string ecdsa_curve_name = 4; // ECDSA curve name to use +} + +/** + * Response: Device provides signed identity + * @prev SignIdentity + */ +message SignedIdentity { + optional string address = 1; // identity address + optional bytes public_key = 2; // identity public key + optional bytes signature = 3; // signature of the identity data +} + +/** + * Request: Ask device to generate ECDH session key + * @next ECDHSessionKey + * @next Failure + */ +message GetECDHSessionKey { + optional IdentityType identity = 1; // identity + optional bytes peer_public_key = 2; // peer's public key + optional string ecdsa_curve_name = 3; // ECDSA curve name to use +} + +/** + * Response: Device provides ECDH session key + * @prev GetECDHSessionKey + */ +message ECDHSessionKey { + optional bytes session_key = 1; // ECDH session key +} + +/** + * Request: Ask device to commit to CoSi signing + * @next CosiCommitment + * @next Failure + */ +message CosiCommit { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bytes data = 2; // Data to be signed +} + +/** + * Response: Contains a CoSi commitment + * @prev CosiCommit + */ +message CosiCommitment { + optional bytes commitment = 1; // Commitment + optional bytes pubkey = 2; // Public key +} + +/** + * Request: Ask device to sign using CoSi + * @next CosiSignature + * @next Failure + */ +message CosiSign { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bytes data = 2; // Data to be signed + optional bytes global_commitment = 3; // Aggregated commitment + optional bytes global_pubkey = 4; // Aggregated public key +} + +/** + * Response: Contains a CoSi signature + * @prev CosiSign + */ +message CosiSignature { + optional bytes signature = 1; // Signature +} diff --git a/protob/messages-debug.proto b/protob/messages-debug.proto new file mode 100644 index 000000000..e34e6c346 --- /dev/null +++ b/protob/messages-debug.proto @@ -0,0 +1,92 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageDebug"; + +import "common.proto"; + +/** + * Request: "Press" the button on the device + * @next Success + */ +message DebugLinkDecision { + optional bool yes_no = 1; // true for "Confirm", false for "Cancel" + optional bool up_down = 2; // true for scroll up, false for scroll down + optional string input = 3; // keyboard input +} + +/** + * Request: Computer asks for device state + * @next DebugLinkState + */ +message DebugLinkGetState { +} + +/** + * Response: Device current state + * @prev DebugLinkGetState + */ +message DebugLinkState { + optional bytes layout = 1; // raw buffer of display + optional string pin = 2; // current PIN, blank if PIN is not set/enabled + optional string matrix = 3; // current PIN matrix + optional string mnemonic = 4; // current BIP-39 mnemonic + optional HDNodeType node = 5; // current BIP-32 node + optional bool passphrase_protection = 6; // is node/mnemonic encrypted using passphrase? + optional string reset_word = 7; // word on device display during ResetDevice workflow + optional bytes reset_entropy = 8; // current entropy during ResetDevice workflow + optional string recovery_fake_word = 9; // (fake) word on display during RecoveryDevice workflow + optional uint32 recovery_word_pos = 10; // index of mnemonic word the device is expecting during RecoveryDevice workflow + optional uint32 reset_word_pos = 11; // index of mnemonic word the device is expecting during ResetDevice workflow +} + +/** + * Request: Ask device to restart + */ +message DebugLinkStop { +} + +/** + * Response: Device wants host to log event + */ +message DebugLinkLog { + optional uint32 level = 1; + optional string bucket = 2; + optional string text = 3; +} + +/** + * Request: Read memory from device + * @next DebugLinkMemory + */ +message DebugLinkMemoryRead { + optional uint32 address = 1; + optional uint32 length = 2; +} + +/** + * Response: Device sends memory back + * @prev DebugLinkMemoryRead + */ +message DebugLinkMemory { + optional bytes memory = 1; +} + +/** + * Request: Write memory to device. + * WARNING: Writing to the wrong location can irreparably break the device. + */ +message DebugLinkMemoryWrite { + optional uint32 address = 1; + optional bytes memory = 2; + optional bool flash = 3; +} + +/** + * Request: Erase block of flash on device + * WARNING: Writing to the wrong location can irreparably break the device. + */ +message DebugLinkFlashErase { + optional uint32 sector = 1; +} diff --git a/protob/messages-ethereum.proto b/protob/messages-ethereum.proto new file mode 100644 index 000000000..6f604b31f --- /dev/null +++ b/protob/messages-ethereum.proto @@ -0,0 +1,99 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageEthereum"; + +/** + * Request: Ask device for Ethereum address corresponding to address_n path + * @next PassphraseRequest + * @next EthereumAddress + * @next Failure + */ +message EthereumGetAddress { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bool show_display = 2; // optionally show on display before sending the result +} + +/** + * Response: Contains an Ethereum address derived from device private seed + * @prev EthereumGetAddress + */ +message EthereumAddress { + required bytes address = 1; // Coin address as an Ethereum 160 bit hash +} + +/** + * Request: Ask device to sign transaction + * All fields are optional from the protocol's point of view. Each field defaults to value `0` if missing. + * Note: the first at most 1024 bytes of data MUST be transmitted as part of this message. + * @next PassphraseRequest + * @next PinMatrixRequest + * @next EthereumTxRequest + * @next Failure + */ +message EthereumSignTx { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bytes nonce = 2; // <=256 bit unsigned big endian + optional bytes gas_price = 3; // <=256 bit unsigned big endian (in wei) + optional bytes gas_limit = 4; // <=256 bit unsigned big endian + optional bytes to = 5; // 160 bit address hash + optional bytes value = 6; // <=256 bit unsigned big endian (in wei) + optional bytes data_initial_chunk = 7; // The initial data chunk (<= 1024 bytes) + optional uint32 data_length = 8; // Length of transaction payload + optional uint32 chain_id = 9; // Chain Id for EIP 155 + optional uint32 tx_type = 10; // (only for Wanchain) +} + +/** + * Response: Device asks for more data from transaction payload, or returns the signature. + * If data_length is set, device awaits that many more bytes of payload. + * Otherwise, the signature_* fields contain the computed transaction signature. All three fields will be present. + * @prev EthereumSignTx + * @next EthereumTxAck + */ +message EthereumTxRequest { + optional uint32 data_length = 1; // Number of bytes being requested (<= 1024) + optional uint32 signature_v = 2; // Computed signature (recovery parameter, limited to 27 or 28) + optional bytes signature_r = 3; // Computed signature R component (256 bit) + optional bytes signature_s = 4; // Computed signature S component (256 bit) +} + +/** + * Request: Transaction payload data. + * @prev EthereumTxRequest + * @next EthereumTxRequest + */ +message EthereumTxAck { + optional bytes data_chunk = 1; // Bytes from transaction payload (<= 1024 bytes) +} + +/** + * Request: Ask device to sign message + * @next EthereumMessageSignature + * @next Failure + */ +message EthereumSignMessage { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + required bytes message = 2; // message to be signed +} + +/** + * Request: Ask device to verify message + * @next Success + * @next Failure + */ +message EthereumVerifyMessage { + optional bytes address = 1; // address to verify + optional bytes signature = 2; // signature to verify + optional bytes message = 3; // message to verify +} + +/** + * Response: Signed message + * @prev EthereumSignMessage + */ +message EthereumMessageSignature { + optional bytes address = 1; // address used to sign the message + optional bytes signature = 2; // signature of the message +} diff --git a/protob/messages-lisk.proto b/protob/messages-lisk.proto new file mode 100644 index 000000000..386cf2e65 --- /dev/null +++ b/protob/messages-lisk.proto @@ -0,0 +1,145 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageLisk"; + +/** + * Request: Ask device for Lisk public key corresponding to address_n path + * @next LiskPublicKey +*/ +message LiskGetPublicKey { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bool show_display = 2; // Optionally show on display before sending the result +} + +/** + * Response: Contains Lisk public key derived from device private seed + * @prev LiskGetPublicKey +*/ +message LiskPublicKey { + optional bytes public_key = 1; // Lisk public key +} + +/** + * Request: Ask device for Lisk address corresponding to address_n path + * @next PassphraseRequest + * @next LiskAddress + * @next Failure + */ +message LiskGetAddress { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bool show_display = 2; // Optionally show on display before sending the result +} + +/** + * Response: Contains Lisk address derived from device private seed + * @prev LiskGetAddress + */ +message LiskAddress { + optional string address = 1; // Lisk address +} + +/** + * Request: Ask device to sign Lisk transaction + * @next LiskSignedTx + */ +message LiskSignTx { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional LiskTransactionCommon transaction = 2; // Lisk transaction structure + /** + * Structure representing the common part for Lisk transactions + */ + message LiskTransactionCommon { + optional LiskTransactionType type = 1; + optional uint64 amount = 2 [default=0]; + optional uint64 fee = 3; + optional string recipient_id = 4; + optional bytes sender_public_key = 5; + optional bytes requester_public_key = 6; + optional bytes signature = 7; + optional uint32 timestamp = 8; + optional LiskTransactionAsset asset = 9; + /** + * Type of Lisk transaction + */ + enum LiskTransactionType { + Transfer = 0; + RegisterSecondPassphrase = 1; + RegisterDelegate = 2; + CastVotes = 3; + RegisterMultisignatureAccount = 4; + CreateDapp = 5; + TransferIntoDapp = 6; + TransferOutOfDapp = 7; + } + /** + * Structure representing the asset field in the Lisk transaction + */ + message LiskTransactionAsset { + optional LiskSignatureType signature = 1; + optional LiskDelegateType delegate = 2; + repeated string votes = 3; + optional LiskMultisignatureType multisignature = 4; + optional string data = 5; + /** + * Structure representing the signature field in the Lisk transaction asset field + */ + message LiskSignatureType { + optional bytes public_key = 1; + } + /** + * Structure representing the delegate field in the Lisk transaction asset field + */ + message LiskDelegateType { + optional string username = 1; + } + /** + * Structure representing the multisignature field in the Lisk transaction asset field + */ + message LiskMultisignatureType { + optional uint32 min = 1; + optional uint32 life_time = 2; + repeated string keys_group = 3; + } + } + } +} + +/** +* Response: Contains Lisk transaction signature +* @prev LiskSignTx +*/ +message LiskSignedTx { + optional bytes signature = 1; +} + +/** +* Request: Ask device to sign message +* @next LiskMessageSignature +* @next Failure +*/ +message LiskSignMessage { + repeated uint32 address_n = 1; + optional bytes message = 2; +} + +/** +* Response: Signed message +* @prev LiskSignMessage +*/ +message LiskMessageSignature { + optional bytes public_key = 1; + optional bytes signature = 2; +} + +/** +* Request: Ask device to verify message +* @next Success +* @next Failure +*/ +message LiskVerifyMessage { + optional bytes public_key = 1; + optional bytes signature = 2; + optional bytes message = 3; +} diff --git a/protob/messages-management.proto b/protob/messages-management.proto new file mode 100644 index 000000000..d43bdfee8 --- /dev/null +++ b/protob/messages-management.proto @@ -0,0 +1,400 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageManagement"; + +import "common.proto"; + +/** + * Request: Reset device to default state and ask for device details + * @next Features + */ +message Initialize { + optional bytes state = 1; // assumed device state, clear session if set and different + optional bool skip_passphrase = 2; // this session should always assume empty passphrase +} + +/** + * Request: Ask for device details (no device reset) + * @next Features + */ +message GetFeatures { +} + +/** + * Response: Reports various information about the device + * @prev Initialize + * @prev GetFeatures + */ +message Features { + optional string vendor = 1; // name of the manufacturer, e.g. "trezor.io" + optional uint32 major_version = 2; // major version of the firmware/bootloader, e.g. 1 + optional uint32 minor_version = 3; // minor version of the firmware/bootloader, e.g. 0 + optional uint32 patch_version = 4; // patch version of the firmware/bootloader, e.g. 0 + optional bool bootloader_mode = 5; // is device in bootloader mode? + optional string device_id = 6; // device's unique identifier + optional bool pin_protection = 7; // is device protected by PIN? + optional bool passphrase_protection = 8; // is node/mnemonic encrypted using passphrase? + optional string language = 9; // device language + optional string label = 10; // device description label + optional bool initialized = 12; // does device contain seed? + optional bytes revision = 13; // SCM revision of firmware + optional bytes bootloader_hash = 14; // hash of the bootloader + optional bool imported = 15; // was storage imported from an external source? + optional bool pin_cached = 16; // is PIN already cached in session? + optional bool passphrase_cached = 17; // is passphrase already cached in session? + optional bool firmware_present = 18; // is valid firmware loaded? + optional bool needs_backup = 19; // does storage need backup? (equals to Storage.needs_backup) + optional uint32 flags = 20; // device flags (equals to Storage.flags) + optional string model = 21; // device hardware model + optional uint32 fw_major = 22; // reported firmware version if in bootloader mode + optional uint32 fw_minor = 23; // reported firmware version if in bootloader mode + optional uint32 fw_patch = 24; // reported firmware version if in bootloader mode + optional string fw_vendor = 25; // reported firmware vendor if in bootloader mode + optional bytes fw_vendor_keys = 26; // reported firmware vendor keys (their hash) + optional bool unfinished_backup = 27; // report unfinished backup (equals to Storage.unfinished_backup) +} + +/** + * Request: clear session (removes cached PIN, passphrase, etc). + * @next Success + */ +message ClearSession { +} + +/** + * Request: change language and/or label of the device + * @next Success + * @next Failure + * @next ButtonRequest + * @next PinMatrixRequest + */ +message ApplySettings { + optional string language = 1; + optional string label = 2; + optional bool use_passphrase = 3; + optional bytes homescreen = 4; + optional PassphraseSourceType passphrase_source = 5; + optional uint32 auto_lock_delay_ms = 6; + /** + * Structure representing passphrase source + */ + enum PassphraseSourceType { + ASK = 0; + DEVICE = 1; + HOST = 2; + } +} + +/** + * Request: set flags of the device + * @next Success + * @next Failure + */ +message ApplyFlags { + optional uint32 flags = 1; // bitmask, can only set bits, not unset +} + +/** + * Request: Starts workflow for setting/changing/removing the PIN + * @next ButtonRequest + * @next PinMatrixRequest + */ +message ChangePin { + optional bool remove = 1; // is PIN removal requested? +} + +/** + * Request: Test if the device is alive, device sends back the message in Success response + * @next Success + */ +message Ping { + optional string message = 1; // message to send back in Success message + optional bool button_protection = 2; // ask for button press + optional bool pin_protection = 3; // ask for PIN if set in device + optional bool passphrase_protection = 4; // ask for passphrase if set in device +} + +/** + * Response: Success of the previous request + */ +message Success { + optional string message = 1; // human readable description of action or request-specific payload +} + +/** +* Response: Failure of the previous request +*/ +message Failure { + optional FailureType code = 1; // computer-readable definition of the error state + optional string message = 2; // human-readable message of the error state + enum FailureType { + Failure_UnexpectedMessage = 1; + Failure_ButtonExpected = 2; + Failure_DataError = 3; + Failure_ActionCancelled = 4; + Failure_PinExpected = 5; + Failure_PinCancelled = 6; + Failure_PinInvalid = 7; + Failure_InvalidSignature = 8; + Failure_ProcessError = 9; + Failure_NotEnoughFunds = 10; + Failure_NotInitialized = 11; + Failure_PinMismatch = 12; + Failure_FirmwareError = 99; + } +} + +/** + * Response: Device is waiting for HW button press. + * @next ButtonAck + * @next Cancel + */ +message ButtonRequest { + optional ButtonRequestType code = 1; + optional string data = 2; + /** + * Type of button request + */ + enum ButtonRequestType { + ButtonRequest_Other = 1; + ButtonRequest_FeeOverThreshold = 2; + ButtonRequest_ConfirmOutput = 3; + ButtonRequest_ResetDevice = 4; + ButtonRequest_ConfirmWord = 5; + ButtonRequest_WipeDevice = 6; + ButtonRequest_ProtectCall = 7; + ButtonRequest_SignTx = 8; + ButtonRequest_FirmwareCheck = 9; + ButtonRequest_Address = 10; + ButtonRequest_PublicKey = 11; + ButtonRequest_MnemonicWordCount = 12; + ButtonRequest_MnemonicInput = 13; + ButtonRequest_PassphraseType = 14; + } +} + +/** + * Request: Computer agrees to wait for HW button press + * @prev ButtonRequest + */ +message ButtonAck { +} + +/** + * Response: Device is asking computer to show PIN matrix and awaits PIN encoded using this matrix scheme + * @next PinMatrixAck + * @next Cancel + */ +message PinMatrixRequest { + optional PinMatrixRequestType type = 1; + /** + * Type of PIN request + */ + enum PinMatrixRequestType { + PinMatrixRequestType_Current = 1; + PinMatrixRequestType_NewFirst = 2; + PinMatrixRequestType_NewSecond = 3; + } +} + +/** + * Request: Computer responds with encoded PIN + * @prev PinMatrixRequest + */ +message PinMatrixAck { + required string pin = 1; // matrix encoded PIN entered by user +} + +/** + * Request: Abort last operation that required user interaction + * @prev ButtonRequest + * @prev PinMatrixRequest + * @prev PassphraseRequest + */ +message Cancel { +} + +/** + * Response: Device awaits encryption passphrase + * @next PassphraseAck + * @next Cancel + */ +message PassphraseRequest { + optional bool on_device = 1; // passphrase is being entered on the device +} + +/** + * Request: Send passphrase back + * @prev PassphraseRequest + * @next PassphraseStateRequest + */ +message PassphraseAck { + optional string passphrase = 1; + optional bytes state = 2; // expected device state +} + +/** + * @prev PassphraseAck + * @next PassphraseStateAck + */ +message PassphraseStateRequest { + optional bytes state = 1; // actual device state +} + +/** + * @prev PassphraseStateRequest + */ +message PassphraseStateAck { +} + +/** + * Request: Request a sample of random data generated by hardware RNG. May be used for testing. + * @next ButtonRequest + * @next Entropy + * @next Failure + */ +message GetEntropy { + required uint32 size = 1; // size of requested entropy +} + +/** + * Response: Reply with random data generated by internal RNG + * @prev GetEntropy + */ +message Entropy { + required bytes entropy = 1; // chunk of random generated bytes +} + +/** + * Request: Request device to wipe all sensitive data and settings + * @next ButtonRequest + */ +message WipeDevice { +} + +/** + * Request: Load seed and related internal settings from the computer + * @next ButtonRequest + * @next Success + * @next Failure + */ +message LoadDevice { + optional string mnemonic = 1; // seed encoded as BIP-39 mnemonic (12, 18 or 24 words) + optional HDNodeType node = 2; // BIP-32 node + optional string pin = 3; // set PIN protection + optional bool passphrase_protection = 4; // enable master node encryption using passphrase + optional string language = 5 [default='english']; // device language + optional string label = 6; // device label + optional bool skip_checksum = 7; // do not test mnemonic for valid BIP-39 checksum + optional uint32 u2f_counter = 8; // U2F counter +} + +/** + * Request: Ask device to do initialization involving user interaction + * @next EntropyRequest + * @next Failure + */ +message ResetDevice { + optional bool display_random = 1; // display entropy generated by the device before asking for additional entropy + optional uint32 strength = 2 [default=256]; // strength of seed in bits + optional bool passphrase_protection = 3; // enable master node encryption using passphrase + optional bool pin_protection = 4; // enable PIN protection + optional string language = 5 [default='english']; // device language + optional string label = 6; // device label + optional uint32 u2f_counter = 7; // U2F counter + optional bool skip_backup = 8; // postpone seed backup to BackupDevice workflow +} + +/** + * Request: Perform backup of the device seed if not backed up using ResetDevice + * @next ButtonRequest + */ +message BackupDevice { +} + +/** + * Response: Ask for additional entropy from host computer + * @prev ResetDevice + * @next EntropyAck + */ +message EntropyRequest { +} + +/** + * Request: Provide additional entropy for seed generation function + * @prev EntropyRequest + * @next ButtonRequest + */ +message EntropyAck { + optional bytes entropy = 1; // 256 bits (32 bytes) of random data +} + +/** + * Request: Start recovery workflow asking user for specific words of mnemonic + * Used to recovery device safely even on untrusted computer. + * @next WordRequest + */ +message RecoveryDevice { + optional uint32 word_count = 1; // number of words in BIP-39 mnemonic + optional bool passphrase_protection = 2; // enable master node encryption using passphrase + optional bool pin_protection = 3; // enable PIN protection + optional string language = 4 [default='english']; // device language + optional string label = 5; // device label + optional bool enforce_wordlist = 6; // enforce BIP-39 wordlist during the process + // 7 reserved for unused recovery method + optional RecoveryDeviceType type = 8; // supported recovery type + optional uint32 u2f_counter = 9; // U2F counter + optional bool dry_run = 10; // perform dry-run recovery workflow (for safe mnemonic validation) + /** + * Type of recovery procedure. These should be used as bitmask, e.g., + * `RecoveryDeviceType_ScrambledWords | RecoveryDeviceType_Matrix` + * listing every method supported by the host computer. + * + * Note that ScrambledWords must be supported by every implementation + * for backward compatibility; there is no way to not support it. + */ + enum RecoveryDeviceType { + // use powers of two when extending this field + RecoveryDeviceType_ScrambledWords = 0; // words in scrambled order + RecoveryDeviceType_Matrix = 1; // matrix recovery type + } +} + +/** + * Response: Device is waiting for user to enter word of the mnemonic + * Its position is shown only on device's internal display. + * @prev RecoveryDevice + * @prev WordAck + */ +message WordRequest { + optional WordRequestType type = 1; + /** + * Type of Recovery Word request + */ + enum WordRequestType { + WordRequestType_Plain = 0; + WordRequestType_Matrix9 = 1; + WordRequestType_Matrix6 = 2; + } +} + +/** + * Request: Computer replies with word from the mnemonic + * @prev WordRequest + * @next WordRequest + * @next Success + * @next Failure + */ +message WordAck { + required string word = 1; // one word of mnemonic on asked position +} + +/** + * Request: Set U2F counter + * @next Success + */ +message SetU2FCounter { + optional uint32 u2f_counter = 1; // counter +} diff --git a/protob/messages-nem.proto b/protob/messages-nem.proto new file mode 100644 index 000000000..92002af03 --- /dev/null +++ b/protob/messages-nem.proto @@ -0,0 +1,195 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageNem"; + +/** + * Request: Ask device for NEM address corresponding to address_n path + * @next PassphraseRequest + * @next NEMAddress + * @next Failure + */ +message NEMGetAddress { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) + optional bool show_display = 3; // Optionally show on display before sending the result +} + +/** + * Response: Contains NEM address derived from device private seed + * @prev NEMGetAddress + */ +message NEMAddress { + required string address = 1; // NEM address in Base32 encoding +} + +/** + * Request: Ask device to sign transaction + * @next NEMSignedTx + * @next Failure + */ +message NEMSignTx { + optional NEMTransactionCommon transaction = 1; // Common part of transaction + optional NEMTransactionCommon multisig = 2; // Common part of inner transaction for multisig transactions + optional NEMTransfer transfer = 3; // Transfer transaction part + optional bool cosigning = 4; // Whether cosigning or initiating the multisig transaction + optional NEMProvisionNamespace provision_namespace = 5; // Provision namespace part + optional NEMMosaicCreation mosaic_creation = 6; // Mosaic definition creation part + optional NEMMosaicSupplyChange supply_change = 7; // Mosaic supply change part + optional NEMAggregateModification aggregate_modification = 8; // Aggregate modification part + optional NEMImportanceTransfer importance_transfer = 9; // Importance transfer part + /** + * Structure representing the common part for NEM transactions + */ + message NEMTransactionCommon { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) + optional uint32 timestamp = 3; // Number of seconds elapsed since the creation of the nemesis block + optional uint64 fee = 4; // Fee for the transaction + optional uint32 deadline = 5; // Deadline of the transaction + optional bytes signer = 6; // Public key of the account (for multisig transactions) + } + /** + * Structure representing the transfer transaction part for NEM transactions + */ + message NEMTransfer { + optional string recipient = 1; // Address of the recipient + optional uint64 amount = 2; // Amount of micro NEM that is transferred + optional bytes payload = 3; // Actual message data (unencrypted) + optional bytes public_key = 4; // Public key of the recipient (for encrypted payloads) + repeated NEMMosaic mosaics = 5; // Attached mosaics + /** + * Structure representing the mosaic attachment for NEM transfer transactions + */ + message NEMMosaic { + optional string namespace = 1; // Fully qualified name of the namespace + optional string mosaic = 2; // Name of the mosaic definition + optional uint64 quantity = 3; // Mosaic quantity, always given in smallest units + } + } + /** + * Structure representing the provision namespace part for NEM transactions + */ + message NEMProvisionNamespace { + optional string namespace = 1; // New part concatenated to the parent + optional string parent = 2; // Parent namespace (for child namespaces) + optional string sink = 3; // Rental fee sink address + optional uint64 fee = 4; // Rental fee + } + /** + * Structure representing the mosaic definition creation part for NEM transactions + */ + message NEMMosaicCreation { + optional NEMMosaicDefinition definition = 1; // Mosaic definition + optional string sink = 2; // Creation fee sink address + optional uint64 fee = 3; // Creation fee + /** + * Structure representing a mosaic definition + */ + message NEMMosaicDefinition { + optional string name = 1; // User-friendly name of the mosaic (for whitelisted mosaics) + optional string ticker = 2; // Ticker of the mosaic (for whitelisted mosaics) + optional string namespace = 3; // Fully qualified name of the namespace + optional string mosaic = 4; // Name of the mosaic definition + optional uint32 divisibility = 5; // Number of decimal places that a mosaic can be divided into + optional NEMMosaicLevy levy = 6; // Levy type + optional uint64 fee = 7; // Levy fee (interpretation depends on levy type) + optional string levy_address = 8; // Levy address + optional string levy_namespace = 9; // Fully qualified name of the namespace of the levy mosaic + optional string levy_mosaic = 10; // Name of the levy mosaic + optional uint64 supply = 11; // Initial supply to create, always given in entire units + optional bool mutable_supply = 12; // Mutable supply + optional bool transferable = 13; // Mosaic allows transfers among accounts other than the creator + optional string description = 14; // Mosaic description + repeated uint32 networks = 15; // Networks that the mosaic is valid on (for whitelisted mosaics) + /** + * Type of levy which will be used for mosaic + */ + enum NEMMosaicLevy { + MosaicLevy_Absolute = 1; + MosaicLevy_Percentile = 2; + } + } + } + /** + * Structure representing the mosaic supply change part for NEM transactions + */ + message NEMMosaicSupplyChange { + optional string namespace = 1; // Fully qualified name of the namespace + optional string mosaic = 2; // Name of the mosaic definition + optional NEMSupplyChangeType type = 3; // Type of supply change + optional uint64 delta = 4; // Supply delta + /** + * Type of supply change which will be applied to mosaic + */ + enum NEMSupplyChangeType { + SupplyChange_Increase = 1; + SupplyChange_Decrease = 2; + } + } + /** + * Structure representing the aggregate modification part for NEM transactions + */ + message NEMAggregateModification { + repeated NEMCosignatoryModification modifications = 1; // Cosignatory modifications + optional sint32 relative_change = 2; // Relative change of the minimum cosignatories + /** + * Structure representing the cosignatory modification for aggregate modification transactions + */ + message NEMCosignatoryModification { + optional NEMModificationType type = 1; // Type of cosignatory modification + optional bytes public_key = 2; // Public key of the cosignatory + /** + * Type of cosignatory modification + */ + enum NEMModificationType { + CosignatoryModification_Add = 1; + CosignatoryModification_Delete = 2; + } + } + } + /** + * Structure representing the importance transfer part for NEM transactions + */ + message NEMImportanceTransfer { + optional NEMImportanceTransferMode mode = 1; // Mode of importance transfer + optional bytes public_key = 2; // Public key of the remote account + /** + * Mode of importance transfer + */ + enum NEMImportanceTransferMode { + ImportanceTransfer_Activate = 1; + ImportanceTransfer_Deactivate = 2; + } + } +} + +/** + * Response: Contains NEM transaction data and signature + * @prev NEMSignTx + */ +message NEMSignedTx { + optional bytes data = 1; // Transaction data + optional bytes signature = 2; // Signature for the transaction +} + +/** + * Request: Ask device to decrypt NEM transaction payload + * @next NEMDecryptedMessage + * @next Failure + */ +message NEMDecryptMessage { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) + optional bytes public_key = 3; // Public key of the other party + optional bytes payload = 4; // Actual message data (encrypted) +} + +/** + * Response: Contains decrypted NEM transaction payload + * @prev NEMDecryptMessage + */ +message NEMDecryptedMessage { + optional bytes payload = 1; // Actual message data (unencrypted) +} diff --git a/protob/messages-stellar.proto b/protob/messages-stellar.proto new file mode 100644 index 000000000..3ec5635d4 --- /dev/null +++ b/protob/messages-stellar.proto @@ -0,0 +1,258 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageStellar"; + +/** + * Describes a Stellar asset + */ +message StellarAssetType { + optional uint32 type = 1; // 0 = native asset (XLM), 1 = alphanum 4, 2 = alphanum 12 + optional string code = 2; // for non-native assets, string describing the code + optional string issuer = 3; // issuing address +} + +/** + * Request: Public key at the specified index + * @next StellarPublicKey + */ +message StellarGetPublicKey { + repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' + optional bool show_display = 2; // optionally show on display before sending the result +} + +/** + * Response: Public key for the given index + * @prev StellarGetPublicKey + */ +message StellarPublicKey { + optional bytes public_key = 1; // Raw bytes of the public key (no version or checksum) +} + +/** + * Request: Address at the specified index + * @next StellarAddress + */ +message StellarGetAddress { + repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' + optional bool show_display = 2; // optionally show on display before sending the result +} + +/** + * Response: Address for the given index + * @prev StellarGetAddress + */ +message StellarAddress { + optional string address = 1; // Address in Stellar format (base32 of a pubkey with checksum) +} + +/** + * Request: ask device to sign Stellar transaction + * @next StellarTxOpRequest + */ +message StellarSignTx { + optional uint32 protocol_version = 1; // version of the protofbuf messaging protocol the client is using + repeated uint32 address_n = 2; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' + optional string network_passphrase = 3; // passphrase for signing messages on the destination network + optional string source_account = 4; // source account address + optional uint32 fee = 5; // Fee (in stroops) for the transaction + optional uint64 sequence_number = 6; // transaction sequence number + optional uint32 timebounds_start = 8; // unix timestamp (client must truncate this to 32 bytes) + optional uint32 timebounds_end = 9; // unix timestamp (client must truncate this to 32 bytes) + optional uint32 memo_type = 10; // 0 = none, 1 = text, 2 = id, 3 = hash, 4 = return + optional string memo_text = 11; // up to 28 characters (4 bytes are for length) + optional uint64 memo_id = 12; // 8-byte uint64 + optional bytes memo_hash = 13; // 32 bytes representing a hash + optional uint32 num_operations = 14; // number of operations in this transaction +} + +/** + * Response: device is ready for client to send the next operation + * @prev StellarSignTx + * @next StellarPaymentOp + * @next StellarCreateAccountOp + * @next StellarPathPaymentOp + * @next StellarManageOfferOp + * @next StellarCreatePassiveOfferOp + * @next StellarSetOptionsOp + * @next StellarChangeTrustOp + * @next StellarAllowTrustOp + * @next StellarAccountMergeOp + * @next StellarManageDataOp + * @next StellarBumpSequenceOp + */ +message StellarTxOpRequest { +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarPaymentOp { + optional string source_account = 1; // (optional) source account address + optional string destination_account = 2; // destination account address + optional StellarAssetType asset = 3; // asset involved in the operation + optional sint64 amount = 4; // amount of the given asset to pay +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarCreateAccountOp { + optional string source_account = 1; // (optional) source account address + optional string new_account = 2; // account address to create + optional sint64 starting_balance = 3; // initial starting balance for the new account +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarPathPaymentOp { + optional string source_account = 1; // (optional) source address + optional StellarAssetType send_asset = 2; + optional sint64 send_max = 3; + optional string destination_account = 4; + optional StellarAssetType destination_asset = 5; + optional sint64 destination_amount = 6; + repeated StellarAssetType paths = 7; +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarManageOfferOp { + optional string source_account = 1; // (optional) source account address + optional StellarAssetType selling_asset = 2; + optional StellarAssetType buying_asset = 3; + optional sint64 amount = 4; + optional uint32 price_n = 5; // Price numerator + optional uint32 price_d = 6; // Price denominator + optional uint64 offer_id = 7; // Offer ID for updating an existing offer +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarCreatePassiveOfferOp { + optional string source_account = 1; // (optional) source account address + optional StellarAssetType selling_asset = 2; + optional StellarAssetType buying_asset = 3; + optional sint64 amount = 4; + optional uint32 price_n = 5; // Price numerator + optional uint32 price_d = 6; // Price denominator +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarSetOptionsOp { + optional string source_account = 1; // (optional) source account address + optional string inflation_destination_account = 2; // (optional) inflation destination address + optional uint32 clear_flags = 3; + optional uint32 set_flags = 4; + optional uint32 master_weight = 5; + optional uint32 low_threshold = 6; + optional uint32 medium_threshold = 7; + optional uint32 high_threshold = 8; + optional string home_domain = 9; + optional uint32 signer_type = 10; + optional bytes signer_key = 11; + optional uint32 signer_weight = 12; +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarChangeTrustOp { + optional string source_account = 1; // (optional) source account address + optional StellarAssetType asset = 2; + optional uint64 limit = 3; +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarAllowTrustOp { + optional string source_account = 1; // (optional) source account address + optional string trusted_account = 2; // The account being allowed to hold the asset + optional uint32 asset_type = 3; // 1 = 4-character, 2 = 12-character + optional string asset_code = 4; // human-readable asset code + optional uint32 is_authorized = 5; +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarAccountMergeOp { + optional string source_account = 1; // (optional) source account address + optional string destination_account = 2; // destination account address +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarManageDataOp { + optional string source_account = 1; // (optional) source account address + optional string key = 2; + optional bytes value = 3; // 64 bytes of arbitrary data +} + +/** + * Request: ask device to confirm this operation type + * @prev StellarTxOpRequest + * @next StellarTxOpRequest + * @next StellarSignedTx + */ +message StellarBumpSequenceOp { + optional string source_account = 1; // (optional) source account address + optional uint64 bump_to = 2; // new sequence number +} + +/** + * Response: signature for transaction + * @prev StellarPaymentOp + * @prev StellarCreateAccountOp + * @prev StellarPathPaymentOp + * @prev StellarManageOfferOp + * @prev StellarCreatePassiveOfferOp + * @prev StellarSetOptionsOp + * @prev StellarChangeTrustOp + * @prev StellarAllowTrustOp + * @prev StellarAccountMergeOp + * @prev StellarManageDataOp + * @prev StellarBumpSequenceOp + */ +message StellarSignedTx { + optional bytes public_key = 1; // public key for the private key used to sign data + optional bytes signature = 2; // signature suitable for sending to the Stellar network +} diff --git a/protob/messages-tezos.proto b/protob/messages-tezos.proto new file mode 100644 index 000000000..ce66bff2e --- /dev/null +++ b/protob/messages-tezos.proto @@ -0,0 +1,122 @@ +syntax = "proto2"; + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorMessageTezos"; + +/** + * Request: Ask device for Tezos address corresponding to address_n path + * @next PassphraseRequest + * @next TezosAddress + * @next Failure + */ +message TezosGetAddress { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bool show_display = 2; // optionally show on display before sending the result +} + +/** + * Response: Contains Tezos address derived from device private seed + * @prev TezosGetAddress + */ +message TezosAddress { + optional string address = 1; // Coin address in Base58 encoding +} + +/** + * Request: Ask device to sign Tezos transaction + * @next TezosSignedTx + */ +message TezosSignTx { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional TezosOperationCommon operation = 2; // Tezos operation structure + optional TezosTransactionType transaction = 3; // Tezos transaction part + optional TezosOriginationType origination = 4; // Tezos origination part + optional TezosDelegationType delegation = 5; // Tezos delegation part + /* + * Tezos contract ID + */ + message TezosContractID { + optional TezosContractType tag = 1; + optional bytes hash = 2; // Implicit = 21B, originated = 20B + 1B padding + /* + * Type of Tezos Contract type + */ + enum TezosContractType { + Implicit = 0; + Originated = 1; + } + } + /* + * Structure representing the common part for Tezos operations + */ + message TezosOperationCommon { + optional bytes branch = 1; + optional TezosOperationType tag = 2; + optional TezosContractID source = 3; + optional uint64 fee = 4; + optional uint64 counter = 5; + optional uint64 gas_limit = 6; + optional uint64 storage_limit = 7; + /* + * Type of Tezos operation + */ + enum TezosOperationType { + Transaction = 8; + Origination = 9; + Delegation = 10; + } + } + /* + * Structure representing additional information for transaction + */ + message TezosTransactionType { + optional uint64 amount = 1; + optional TezosContractID destination = 2; + optional bytes parameters = 3; + } + /* + * Structure representing additional information for origination + */ + message TezosOriginationType { + optional bytes manager_pubkey = 1; + optional uint64 balance = 2; + optional bool spendable = 3; + optional bool delegatable = 4; + optional bytes delegate = 5; // 1B tag + 20B public key hash + optional bytes script = 6; + } + /* + * Structure representing additional information for delegation + */ + message TezosDelegationType { + optional bytes delegate = 1; // 1B tag + 20B public key hash + } +} + +/** +* Response: Contains Tezos transaction signature +* @prev TezosSignTx +*/ +message TezosSignedTx { + optional bytes signature = 1; // Tezos transaction signature + optional bytes sig_op_contents = 2; // Signed operation contents + optional string operation_hash = 3; // b58 check encoded blake2b hashed operation contents +} + +/** + * Request: Ask device for Tezos public key corresponding to address_n path + * @next TezosPublicKey + */ +message TezosGetPublicKey { + repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node + optional bool show_display = 2; // Optionally show on display before sending the result +} + +/** + * Response: Contains Tezos public key derived from device private seed + * @prev TezosGetPublicKey +*/ +message TezosPublicKey { + optional bytes public_key = 1; // Tezos public key +} diff --git a/protob/messages.proto b/protob/messages.proto index 627c81607..8f15182c3 100644 --- a/protob/messages.proto +++ b/protob/messages.proto @@ -14,2210 +14,162 @@ import "google/protobuf/descriptor.proto"; * Options for specifying message direction and type of wire (normal/debug) */ extend google.protobuf.EnumValueOptions { - optional bool wire_in = 50002; // message can be transmitted via wire from PC to TREZOR - optional bool wire_out = 50003; // message can be transmitted via wire from TREZOR to PC - optional bool wire_debug_in = 50004; // message can be transmitted via debug wire from PC to TREZOR - optional bool wire_debug_out = 50005; // message can be transmitted via debug wire from TREZOR to PC - optional bool wire_tiny = 50006; // message is handled by TREZOR when the USB stack is in tiny mode - optional bool wire_bootloader = 50007; // message is only handled by TREZOR Bootloader - optional bool wire_no_fsm = 50008; // message is not handled by TREZOR unless the USB stack is in tiny mode + optional bool wire_in = 50002; // message can be transmitted via wire from PC to TREZOR + optional bool wire_out = 50003; // message can be transmitted via wire from TREZOR to PC + optional bool wire_debug_in = 50004; // message can be transmitted via debug wire from PC to TREZOR + optional bool wire_debug_out = 50005; // message can be transmitted via debug wire from TREZOR to PC + optional bool wire_tiny = 50006; // message is handled by TREZOR when the USB stack is in tiny mode + optional bool wire_bootloader = 50007; // message is only handled by TREZOR Bootloader + optional bool wire_no_fsm = 50008; // message is not handled by TREZOR unless the USB stack is in tiny mode } /** - * Type of failures returned by Failure message - * @used_in Failure - */ -enum FailureType { - Failure_UnexpectedMessage = 1; - Failure_ButtonExpected = 2; - Failure_DataError = 3; - Failure_ActionCancelled = 4; - Failure_PinExpected = 5; - Failure_PinCancelled = 6; - Failure_PinInvalid = 7; - Failure_InvalidSignature = 8; - Failure_ProcessError = 9; - Failure_NotEnoughFunds = 10; - Failure_NotInitialized = 11; - Failure_PinMismatch = 12; - Failure_FirmwareError = 99; -} - -/** - * Type of script which will be used for transaction output - * @used_in TxOutputType - */ -enum OutputScriptType { - PAYTOADDRESS = 0; // used for all addresses (bitcoin, p2sh, witness) - PAYTOSCRIPTHASH = 1; // p2sh address (deprecated; use PAYTOADDRESS) - PAYTOMULTISIG = 2; // only for change output - PAYTOOPRETURN = 3; // op_return - PAYTOWITNESS = 4; // only for change output - PAYTOP2SHWITNESS = 5; // only for change output -} - -/** - * Type of script which will be used for transaction output - * @used_in TxInputType - */ -enum InputScriptType { - SPENDADDRESS = 0; // standard p2pkh address - SPENDMULTISIG = 1; // p2sh multisig address - EXTERNAL = 2; // reserved for external inputs (coinjoin) - SPENDWITNESS = 3; // native segwit - SPENDP2SHWITNESS = 4; // segwit over p2sh (backward compatible) -} - -/** - * Type of information required by transaction signing process - * @used_in TxRequest - */ -enum RequestType { - TXINPUT = 0; - TXOUTPUT = 1; - TXMETA = 2; - TXFINISHED = 3; - TXEXTRADATA = 4; -} - -/** - * Type of button request - * @used_in ButtonRequest - */ -enum ButtonRequestType { - ButtonRequest_Other = 1; - ButtonRequest_FeeOverThreshold = 2; - ButtonRequest_ConfirmOutput = 3; - ButtonRequest_ResetDevice = 4; - ButtonRequest_ConfirmWord = 5; - ButtonRequest_WipeDevice = 6; - ButtonRequest_ProtectCall = 7; - ButtonRequest_SignTx = 8; - ButtonRequest_FirmwareCheck = 9; - ButtonRequest_Address = 10; - ButtonRequest_PublicKey = 11; - ButtonRequest_MnemonicWordCount = 12; - ButtonRequest_MnemonicInput = 13; - ButtonRequest_PassphraseType = 14; -} - -/** - * Type of PIN request - * @used_in PinMatrixRequest - */ -enum PinMatrixRequestType { - PinMatrixRequestType_Current = 1; - PinMatrixRequestType_NewFirst = 2; - PinMatrixRequestType_NewSecond = 3; -} - -/** - * Type of recovery procedure. These should be used as bitmask, e.g., - * `RecoveryDeviceType_ScrambledWords | RecoveryDeviceType_Matrix` - * listing every method supported by the host computer. - * - * Note that ScrambledWords must be supported by every implementation - * for backward compatibility; there is no way to not support it. - * - * @used_in RecoveryDevice - */ -enum RecoveryDeviceType { - // use powers of two when extending this field - RecoveryDeviceType_ScrambledWords = 0; // words in scrambled order - RecoveryDeviceType_Matrix = 1; // matrix recovery type -} - -/** - * Type of Recovery Word request - * @used_in WordRequest - */ -enum WordRequestType { - WordRequestType_Plain = 0; - WordRequestType_Matrix9 = 1; - WordRequestType_Matrix6 = 2; -} - -/** - * Structure representing BIP32 (hierarchical deterministic) node - * Used for imports of private key into the device and exporting public key out of device - * @used_in PublicKey - * @used_in LoadDevice - * @used_in DebugLinkState - * @used_in Storage - */ -message HDNodeType { - required uint32 depth = 1; - required uint32 fingerprint = 2; - required uint32 child_num = 3; - required bytes chain_code = 4; - optional bytes private_key = 5; - optional bytes public_key = 6; -} - -message HDNodePathType { - required HDNodeType node = 1; // BIP-32 node in deserialized form - repeated uint32 address_n = 2; // BIP-32 path to derive the key from node -} - -/** - * Type of redeem script used in input - * @used_in TxInputType - */ -message MultisigRedeemScriptType { - repeated HDNodePathType pubkeys = 1; // pubkeys from multisig address (sorted lexicographically) - repeated bytes signatures = 2; // existing signatures for partially signed input - optional uint32 m = 3; // "m" from n, how many valid signatures is necessary for spending -} - -/** - * Structure representing transaction input - * @used_in SimpleSignTx - * @used_in TransactionType - */ -message TxInputType { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - required bytes prev_hash = 2; // hash of previous transaction output to spend by this input - required uint32 prev_index = 3; // index of previous output to spend - optional bytes script_sig = 4; // script signature, unset for tx to sign - optional uint32 sequence = 5 [default=4294967295]; // sequence (default=0xffffffff) - optional InputScriptType script_type = 6 [default=SPENDADDRESS]; // defines template of input script - optional MultisigRedeemScriptType multisig = 7; // Filled if input is going to spend multisig tx - optional uint64 amount = 8; // amount of previous transaction output (for segwit only) - optional uint32 decred_tree = 9; - optional uint32 decred_script_version = 10; - optional bytes prev_block_hash_bip115 = 11; // block hash of previous transaction output (for bip115 implementation) - optional bytes prev_block_height_bip115 = 12; // block height of previous transaction output (for bip115 implementation) -} - -/** - * Structure representing transaction output - * @used_in SimpleSignTx - * @used_in TransactionType - */ -message TxOutputType { - optional string address = 1; // target coin address in Base58 encoding - repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address" - required uint64 amount = 3; // amount to spend in satoshis - required OutputScriptType script_type = 4; // output script type - optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG - optional bytes op_return_data = 6; // defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0 - optional uint32 decred_script_version = 7; - optional bytes block_hash_bip115 = 8; // block hash of existing block (recommended current_block - 300) (for bip115 implementation) - optional bytes block_height_bip115 = 9; // block height of existing block (recommended current_block - 300) (for bip115 implementation) -} - -/** - * Structure representing compiled transaction output - * @used_in TransactionType - */ -message TxOutputBinType { - required uint64 amount = 1; - required bytes script_pubkey = 2; - optional uint32 decred_script_version = 3; -} - -/** - * Structure representing transaction - * @used_in TxAck - */ -message TransactionType { - optional uint32 version = 1; - repeated TxInputType inputs = 2; - repeated TxOutputBinType bin_outputs = 3; - repeated TxOutputType outputs = 5; - optional uint32 lock_time = 4; - optional uint32 inputs_cnt = 6; - optional uint32 outputs_cnt = 7; - optional bytes extra_data = 8; // only for Zcash - optional uint32 extra_data_len = 9; // only for Zcash - optional uint32 expiry = 10; // only for Decred and Zcash - optional bool overwintered = 11; // only for Zcash -} - -/** - * Structure representing request details - * @used_in TxRequest - */ -message TxRequestDetailsType { - optional uint32 request_index = 1; // device expects TxAck message from the computer - optional bytes tx_hash = 2; // tx_hash of requested transaction - optional uint32 extra_data_len = 3; // length of requested extra data - optional uint32 extra_data_offset = 4; // offset of requested extra data -} - -/** - * Structure representing serialized data - * @used_in TxRequest - */ -message TxRequestSerializedType { - optional uint32 signature_index = 1; // 'signature' field contains signed input of this index - optional bytes signature = 2; // signature of the signature_index input - optional bytes serialized_tx = 3; // part of serialized and signed transaction -} - -/** - * Structure representing identity data - * @used_in IdentityType - */ -message IdentityType { - optional string proto = 1; // proto part of URI - optional string user = 2; // user part of URI - optional string host = 3; // host part of URI - optional string port = 4; // port part of URI - optional string path = 5; // path part of URI - optional uint32 index = 6 [default=0]; // identity index -} - -/** - * Structure representing passphrase source - * @used_in ApplySettings - */ -enum PassphraseSourceType { - ASK = 0; - DEVICE = 1; - HOST = 2; -} - -/** - * Structure representing the common part for NEM transactions - * @used_in NEMSignTx - */ -message NEMTransactionCommon { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) - optional uint32 timestamp = 3; // Number of seconds elapsed since the creation of the nemesis block - optional uint64 fee = 4; // Fee for the transaction - optional uint32 deadline = 5; // Deadline of the transaction - optional bytes signer = 6; // Public key of the account (for multisig transactions) -} - -/** - * Structure representing the transfer transaction part for NEM transactions - * @used_in NEMSignTx - */ -message NEMTransfer { - optional string recipient = 1; // Address of the recipient - optional uint64 amount = 2; // Amount of micro NEM that is transferred - optional bytes payload = 3; // Actual message data (unencrypted) - optional bytes public_key = 4; // Public key of the recipient (for encrypted payloads) - repeated NEMMosaic mosaics = 5; // Attached mosaics -} - -/** - * Structure representing the mosaic attachment for NEM transfer transactions - * @used_in NEMTransfer - */ -message NEMMosaic { - optional string namespace = 1; // Fully qualified name of the namespace - optional string mosaic = 2; // Name of the mosaic definition - optional uint64 quantity = 3; // Mosaic quantity, always given in smallest units -} - -/** - * Structure representing the provision namespace part for NEM transactions - * @used_in NEMSignTx - */ -message NEMProvisionNamespace { - optional string namespace = 1; // New part concatenated to the parent - optional string parent = 2; // Parent namespace (for child namespaces) - optional string sink = 3; // Rental fee sink address - optional uint64 fee = 4; // Rental fee -} - -/** - * Type of levy which will be used for mosaic - * @used_in NEMMosaicDefinition - */ -enum NEMMosaicLevy { - MosaicLevy_Absolute = 1; - MosaicLevy_Percentile = 2; -} - -/** - * Structure representing the mosaic definition creation part for NEM transactions - * @used_in NEMSignTx - */ -message NEMMosaicCreation { - optional NEMMosaicDefinition definition = 1; // Mosaic definition - optional string sink = 2; // Creation fee sink address - optional uint64 fee = 3; // Creation fee -} - -/** - * Structure representing a mosaic definition - * @used_in NEMMosaicCreation - */ -message NEMMosaicDefinition { - optional string name = 1; // User-friendly name of the mosaic (for whitelisted mosaics) - optional string ticker = 2; // Ticker of the mosaic (for whitelisted mosaics) - optional string namespace = 3; // Fully qualified name of the namespace - optional string mosaic = 4; // Name of the mosaic definition - optional uint32 divisibility = 5; // Number of decimal places that a mosaic can be divided into - optional NEMMosaicLevy levy = 6; // Levy type - optional uint64 fee = 7; // Levy fee (interpretation depends on levy type) - optional string levy_address = 8; // Levy address - optional string levy_namespace = 9; // Fully qualified name of the namespace of the levy mosaic - optional string levy_mosaic = 10; // Name of the levy mosaic - optional uint64 supply = 11; // Initial supply to create, always given in entire units - optional bool mutable_supply = 12; // Mutable supply - optional bool transferable = 13; // Mosaic allows transfers among accounts other than the creator - optional string description = 14; // Mosaic description - repeated uint32 networks = 15; // Networks that the mosaic is valid on (for whitelisted mosaics) -} - -/** - * Structure representing the mosaic supply change part for NEM transactions - * @used_in NEMSignTx - */ -message NEMMosaicSupplyChange { - optional string namespace = 1; // Fully qualified name of the namespace - optional string mosaic = 2; // Name of the mosaic definition - optional NEMSupplyChangeType type = 3; // Type of supply change - optional uint64 delta = 4; // Supply delta -} - -/** - * Type of supply change which will be applied to mosaic - * @used_in NEMMosaicSupplyChange - */ -enum NEMSupplyChangeType { - SupplyChange_Increase = 1; - SupplyChange_Decrease = 2; -} - -/** - * Structure representing the aggregate modification part for NEM transactions - * @used_in NEMSignTx - */ -message NEMAggregateModification { - repeated NEMCosignatoryModification modifications = 1; // Cosignatory modifications - optional sint32 relative_change = 2; // Relative change of the minimum cosignatories -} - -/** - * Structure representing the cosignatory modification for aggregate modification transactions - * @used_in NEMAggregateMdofiication - */ -message NEMCosignatoryModification { - optional NEMModificationType type = 1; // Type of cosignatory modification - optional bytes public_key = 2; // Public key of the cosignatory -} - -/** - * Type of cosignatory modification - * @used_in NEMCosignatoryModification - */ -enum NEMModificationType { - CosignatoryModification_Add = 1; - CosignatoryModification_Delete = 2; -} - -/** - * Structure representing the importance transfer part for NEM transactions - * @used_in NEMSignTx - */ -message NEMImportanceTransfer { - optional NEMImportanceTransferMode mode = 1; // Mode of importance transfer - optional bytes public_key = 2; // Public key of the remote account -} - -/** - * Mode of importance transfer - * @used_in NEMModificationType - */ -enum NEMImportanceTransferMode { - ImportanceTransfer_Activate = 1; - ImportanceTransfer_Deactivate = 2; -} - -/** - * Describes a Stellar asset - * @used_in StellarTxOpAck - */ -message StellarAssetType { - optional uint32 type = 1; // 0 = native asset (XLM), 1 = alphanum 4, 2 = alphanum 12 - optional string code = 2; // for non-native assets, string describing the code - optional string issuer = 3; // issuing address -} - -/** -* Type of Lisk transaction -* @used_in LiskTransactionCommon -*/ -enum LiskTransactionType { - Transfer = 0; - RegisterSecondPassphrase = 1; - RegisterDelegate = 2; - CastVotes = 3; - RegisterMultisignatureAccount = 4; - CreateDapp = 5; - TransferIntoDapp = 6; - TransferOutOfDapp = 7; -} - -/** -* Structure representing the common part for Lisk transactions -* @used_in LiskSignTx -*/ -message LiskTransactionCommon { - optional LiskTransactionType type = 1; - optional uint64 amount = 2 [default=0]; - optional uint64 fee = 3; - optional string recipient_id = 4; - optional bytes sender_public_key = 5; - optional bytes requester_public_key = 6; - optional bytes signature = 7; - optional uint32 timestamp = 8; - optional LiskTransactionAsset asset = 9; -} - -/** -* Structure representing the asset field in the Lisk transaction -* @used_in LiskTransactionCommon -*/ -message LiskTransactionAsset { - optional LiskSignatureType signature = 1; - optional LiskDelegateType delegate = 2; - repeated string votes = 3; - optional LiskMultisignatureType multisignature = 4; - optional string data = 5; -} - -/** -* Structure representing the signature field in the Lisk transaction asset field -* @used_in LiskTransactionAsset -*/ -message LiskSignatureType { - optional bytes public_key = 1; -} - -/** -* Structure representing the delegate field in the Lisk transaction asset field -* @used_in LiskTransactionAsset -*/ -message LiskDelegateType { - optional string username = 1; -} - -/** -* Structure representing the multisignature field in the Lisk transaction asset field -* @used_in LiskTransactionAsset -*/ -message LiskMultisignatureType { - optional uint32 min = 1; - optional uint32 life_time = 2; - repeated string keys_group = 3; -} - -/* -* Type of Tezos operation -* @used_in TezosOperationCommon -*/ -enum TezosOperationType { - Transaction = 8; - Origination = 9; - Delegation = 10; -} - -/* -* Type of Tezos Contract type -* @used_in TezosContractID -*/ -enum TezosContractType { - Implicit = 0; - Originated = 1; -} - -/* -* Tezos contract ID -* @used_in TezosOperationCommon -* @used_in TezosTransactionType -*/ -message TezosContractID { - optional TezosContractType tag = 1; - optional bytes hash = 2; // Implicit = 21B, originated = 20B + 1B padding -} - -/* -* Structure representing the common part for Tezos operations -* @used_in TezosSignTx -*/ -message TezosOperationCommon { - optional bytes branch = 1; - optional TezosOperationType tag = 2; - optional TezosContractID source = 3; - optional uint64 fee = 4; - optional uint64 counter = 5; - optional uint64 gas_limit = 6; - optional uint64 storage_limit = 7; -} - -/* -* Structure representing additional information for transaction -* @used_in TezosSignTx -*/ -message TezosTransactionType { - optional uint64 amount = 1; - optional TezosContractID destination = 2; - optional bytes parameters = 3; -} - -/* -* Structure representing additional information for origination -* @used_in TezosSignTx -*/ -message TezosOriginationType { - optional bytes manager_pubkey = 1; - optional uint64 balance = 2; - optional bool spendable = 3; - optional bool delegatable = 4; - optional bytes delegate = 5; // 1B tag + 20B public key hash - optional bytes script = 6; -} - -/* -* Structure representing additional information for delegation -* @used_in TezosSignTx -*/ -message TezosDelegationType { - optional bytes delegate = 1; // 1B tag + 20B public key hash -} - -/** - * Structure representing cardano transaction input - * @used_in CardanoSignTransacion - */ -message CardanoTxInputType { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bytes prev_hash = 2; // hash of previous transaction output to spend by this input - optional uint32 prev_index = 3; // index of previous output to spend - optional uint32 type = 4; // input type, defaults to 0 -} - -/** - * Structure representing cardano transaction output - * @used_in CardanoSignTransacion - */ -message CardanoTxOutputType { - optional string address = 1; // target coin address in Base58 encoding - repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address" - optional uint64 amount = 3; // amount to spend -} - -/** - * Mapping between Trezor wire identifier (uint) and a protobuf message + * Mapping between TREZOR wire identifier (uint) and a protobuf message */ enum MessageType { - MessageType_Initialize = 0 [(wire_in) = true, (wire_tiny) = true]; - MessageType_Ping = 1 [(wire_in) = true]; - MessageType_Success = 2 [(wire_out) = true]; - MessageType_Failure = 3 [(wire_out) = true]; - MessageType_ChangePin = 4 [(wire_in) = true]; - MessageType_WipeDevice = 5 [(wire_in) = true]; - MessageType_FirmwareErase = 6 [(wire_in) = true, (wire_bootloader) = true]; - MessageType_FirmwareUpload = 7 [(wire_in) = true, (wire_bootloader) = true]; - MessageType_FirmwareRequest = 8 [(wire_out) = true, (wire_bootloader) = true]; - MessageType_GetEntropy = 9 [(wire_in) = true]; - MessageType_Entropy = 10 [(wire_out) = true]; - MessageType_GetPublicKey = 11 [(wire_in) = true]; - MessageType_PublicKey = 12 [(wire_out) = true]; - MessageType_LoadDevice = 13 [(wire_in) = true]; - MessageType_ResetDevice = 14 [(wire_in) = true]; - MessageType_SignTx = 15 [(wire_in) = true]; - MessageType_SimpleSignTx = 16 [(wire_in) = true, deprecated = true]; - MessageType_Features = 17 [(wire_out) = true]; - MessageType_PinMatrixRequest = 18 [(wire_out) = true]; - MessageType_PinMatrixAck = 19 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; - MessageType_Cancel = 20 [(wire_in) = true, (wire_tiny) = true]; - MessageType_TxRequest = 21 [(wire_out) = true]; - MessageType_TxAck = 22 [(wire_in) = true]; - MessageType_CipherKeyValue = 23 [(wire_in) = true]; - MessageType_ClearSession = 24 [(wire_in) = true]; - MessageType_ApplySettings = 25 [(wire_in) = true]; - MessageType_ButtonRequest = 26 [(wire_out) = true]; - MessageType_ButtonAck = 27 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; - MessageType_ApplyFlags = 28 [(wire_in) = true]; - MessageType_GetAddress = 29 [(wire_in) = true]; - MessageType_Address = 30 [(wire_out) = true]; - MessageType_SelfTest = 32 [(wire_in) = true, (wire_bootloader) = true]; - MessageType_BackupDevice = 34 [(wire_in) = true]; - MessageType_EntropyRequest = 35 [(wire_out) = true]; - MessageType_EntropyAck = 36 [(wire_in) = true]; - MessageType_SignMessage = 38 [(wire_in) = true]; - MessageType_VerifyMessage = 39 [(wire_in) = true]; - MessageType_MessageSignature = 40 [(wire_out) = true]; - MessageType_PassphraseRequest = 41 [(wire_out) = true]; - MessageType_PassphraseAck = 42 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; - MessageType_PassphraseStateRequest = 77 [(wire_out) = true]; - MessageType_PassphraseStateAck = 78 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; - MessageType_EstimateTxSize = 43 [(wire_in) = true, deprecated = true]; - MessageType_TxSize = 44 [(wire_out) = true, deprecated = true]; - MessageType_RecoveryDevice = 45 [(wire_in) = true]; - MessageType_WordRequest = 46 [(wire_out) = true]; - MessageType_WordAck = 47 [(wire_in) = true]; - MessageType_CipheredKeyValue = 48 [(wire_out) = true]; - MessageType_EncryptMessage = 49 [(wire_in) = true, deprecated = true]; - MessageType_EncryptedMessage = 50 [(wire_out) = true, deprecated = true]; - MessageType_DecryptMessage = 51 [(wire_in) = true, deprecated = true]; - MessageType_DecryptedMessage = 52 [(wire_out) = true, deprecated = true]; - MessageType_SignIdentity = 53 [(wire_in) = true]; - MessageType_SignedIdentity = 54 [(wire_out) = true]; - MessageType_GetFeatures = 55 [(wire_in) = true]; - MessageType_EthereumGetAddress = 56 [(wire_in) = true]; - MessageType_EthereumAddress = 57 [(wire_out) = true]; - MessageType_EthereumSignTx = 58 [(wire_in) = true]; - MessageType_EthereumTxRequest = 59 [(wire_out) = true]; - MessageType_EthereumTxAck = 60 [(wire_in) = true]; - MessageType_GetECDHSessionKey = 61 [(wire_in) = true]; - MessageType_ECDHSessionKey = 62 [(wire_out) = true]; - MessageType_SetU2FCounter = 63 [(wire_in) = true]; - MessageType_EthereumSignMessage = 64 [(wire_in) = true]; - MessageType_EthereumVerifyMessage = 65 [(wire_in) = true]; - MessageType_EthereumMessageSignature = 66 [(wire_out) = true]; - MessageType_NEMGetAddress = 67 [(wire_in) = true]; - MessageType_NEMAddress = 68 [(wire_out) = true]; - MessageType_NEMSignTx = 69 [(wire_in) = true]; - MessageType_NEMSignedTx = 70 [(wire_out) = true]; - MessageType_CosiCommit = 71 [(wire_in) = true]; - MessageType_CosiCommitment = 72 [(wire_out) = true]; - MessageType_CosiSign = 73 [(wire_in) = true]; - MessageType_CosiSignature = 74 [(wire_out) = true]; - MessageType_NEMDecryptMessage = 75 [(wire_in) = true]; - MessageType_NEMDecryptedMessage = 76 [(wire_out) = true]; - MessageType_DebugLinkDecision = 100 [(wire_debug_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; - MessageType_DebugLinkGetState = 101 [(wire_debug_in) = true, (wire_tiny) = true]; - MessageType_DebugLinkState = 102 [(wire_debug_out) = true]; - MessageType_DebugLinkStop = 103 [(wire_debug_in) = true]; - MessageType_DebugLinkLog = 104 [(wire_debug_out) = true]; - MessageType_DebugLinkMemoryRead = 110 [(wire_debug_in) = true]; - MessageType_DebugLinkMemory = 111 [(wire_debug_out) = true]; - MessageType_DebugLinkMemoryWrite = 112 [(wire_debug_in) = true]; - MessageType_DebugLinkFlashErase = 113 [(wire_debug_in) = true]; - - // Cardano - MessageType_CardanoSignMessage = 300 [(wire_in) = true]; - MessageType_CardanoMessageSignature = 301 [(wire_out) = true]; - MessageType_CardanoVerifyMessage = 302 [(wire_in) = true]; - MessageType_CardanoSignTransaction = 303 [(wire_in) = true]; - MessageType_CardanoTxRequest = 304 [(wire_out) = true]; - MessageType_CardanoGetPublicKey = 305 [(wire_in) = true]; - MessageType_CardanoPublicKey = 306 [(wire_out) = true]; - MessageType_CardanoGetAddress = 307 [(wire_in) = true]; - MessageType_CardanoAddress = 308 [(wire_out) = true]; - MessageType_CardanoTxAck = 309 [(wire_in) = true]; - MessageType_CardanoSignedTransaction = 310 [(wire_out) = true]; - - // Lisk - MessageType_LiskGetAddress = 114 [(wire_in) = true]; - MessageType_LiskAddress = 115 [(wire_out) = true]; - MessageType_LiskSignTx = 116 [(wire_in) = true]; - MessageType_LiskSignedTx = 117 [(wire_out) = true]; - MessageType_LiskSignMessage = 118 [(wire_in) = true]; - MessageType_LiskMessageSignature = 119 [(wire_out) = true]; - MessageType_LiskVerifyMessage = 120 [(wire_in) = true]; - MessageType_LiskGetPublicKey = 121 [(wire_in) = true]; - MessageType_LiskPublicKey = 122 [(wire_out) = true]; - - // Tezos - MessageType_TezosGetAddress = 150 [(wire_in) = true]; - MessageType_TezosAddress = 151 [(wire_out) = true]; - MessageType_TezosSignTx = 152 [(wire_in) = true]; - MessageType_TezosSignedTx = 153 [(wire_out) = true]; - MessageType_TezosGetPublicKey = 154 [(wire_in) = true]; - MessageType_TezosPublicKey = 155 [(wire_out) = true]; - - // Stellar - MessageType_StellarGetPublicKey = 200 [(wire_in) = true]; - MessageType_StellarPublicKey = 201 [(wire_out) = true]; - MessageType_StellarSignTx = 202 [(wire_in) = true]; - MessageType_StellarTxOpRequest = 203 [(wire_out) = true]; - MessageType_StellarGetAddress = 207 [(wire_in) = true]; - MessageType_StellarAddress = 208 [(wire_out) = true]; - MessageType_StellarCreateAccountOp = 210 [(wire_in) = true]; - MessageType_StellarPaymentOp = 211 [(wire_in) = true]; - MessageType_StellarPathPaymentOp = 212 [(wire_in) = true]; - MessageType_StellarManageOfferOp = 213 [(wire_in) = true]; - MessageType_StellarCreatePassiveOfferOp = 214 [(wire_in) = true]; - MessageType_StellarSetOptionsOp = 215 [(wire_in) = true]; - MessageType_StellarChangeTrustOp = 216 [(wire_in) = true]; - MessageType_StellarAllowTrustOp = 217 [(wire_in) = true]; - MessageType_StellarAccountMergeOp = 218 [(wire_in) = true]; - // Omitted: inflation is not a supported operation, would be 219 - MessageType_StellarManageDataOp = 220 [(wire_in) = true]; - MessageType_StellarBumpSequenceOp = 221 [(wire_in) = true]; - MessageType_StellarSignedTx = 230 [(wire_out) = true]; -} - -//////////////////// -// Basic messages // -//////////////////// - -/** - * Request: Reset device to default state and ask for device details - * @next Features - */ -message Initialize { - optional bytes state = 1; // assumed device state, clear session if set and different - optional bool skip_passphrase = 2; // this session should always assume empty passphrase -} - -/** - * Request: Ask for device details (no device reset) - * @next Features - */ -message GetFeatures { -} - -/** - * Response: Reports various information about the device - * @prev Initialize - * @prev GetFeatures - */ -message Features { - optional string vendor = 1; // name of the manufacturer, e.g. "trezor.io" - optional uint32 major_version = 2; // major version of the firmware/bootloader, e.g. 1 - optional uint32 minor_version = 3; // minor version of the firmware/bootloader, e.g. 0 - optional uint32 patch_version = 4; // patch version of the firmware/bootloader, e.g. 0 - optional bool bootloader_mode = 5; // is device in bootloader mode? - optional string device_id = 6; // device's unique identifier - optional bool pin_protection = 7; // is device protected by PIN? - optional bool passphrase_protection = 8; // is node/mnemonic encrypted using passphrase? - optional string language = 9; // device language - optional string label = 10; // device description label - optional bool initialized = 12; // does device contain seed? - optional bytes revision = 13; // SCM revision of firmware - optional bytes bootloader_hash = 14; // hash of the bootloader - optional bool imported = 15; // was storage imported from an external source? - optional bool pin_cached = 16; // is PIN already cached in session? - optional bool passphrase_cached = 17; // is passphrase already cached in session? - optional bool firmware_present = 18; // is valid firmware loaded? - optional bool needs_backup = 19; // does storage need backup? (equals to Storage.needs_backup) - optional uint32 flags = 20; // device flags (equals to Storage.flags) - optional string model = 21; // device hardware model - optional uint32 fw_major = 22; // reported firmware version if in bootloader mode - optional uint32 fw_minor = 23; // reported firmware version if in bootloader mode - optional uint32 fw_patch = 24; // reported firmware version if in bootloader mode - optional string fw_vendor = 25; // reported firmware vendor if in bootloader mode - optional bytes fw_vendor_keys = 26; // reported firmware vendor keys (their hash) - optional bool unfinished_backup = 27; // report unfinished backup (equals to Storage.unfinished_backup) -} - -/** - * Request: clear session (removes cached PIN, passphrase, etc). - * @next Success - */ -message ClearSession { -} - -/** - * Request: change language and/or label of the device - * @next Success - * @next Failure - * @next ButtonRequest - * @next PinMatrixRequest - */ -message ApplySettings { - optional string language = 1; - optional string label = 2; - optional bool use_passphrase = 3; - optional bytes homescreen = 4; - optional PassphraseSourceType passphrase_source = 5; - optional uint32 auto_lock_delay_ms = 6; -} - -/** - * Request: set flags of the device - * @next Success - * @next Failure - */ -message ApplyFlags { - optional uint32 flags = 1; // bitmask, can only set bits, not unset -} - -/** - * Request: Starts workflow for setting/changing/removing the PIN - * @next ButtonRequest - * @next PinMatrixRequest - */ -message ChangePin { - optional bool remove = 1; // is PIN removal requested? -} - -/** - * Request: Test if the device is alive, device sends back the message in Success response - * @next Success - */ -message Ping { - optional string message = 1; // message to send back in Success message - optional bool button_protection = 2; // ask for button press - optional bool pin_protection = 3; // ask for PIN if set in device - optional bool passphrase_protection = 4; // ask for passphrase if set in device -} - -/** - * Response: Success of the previous request - */ -message Success { - optional string message = 1; // human readable description of action or request-specific payload -} - -/** - * Response: Failure of the previous request - */ -message Failure { - optional FailureType code = 1; // computer-readable definition of the error state - optional string message = 2; // human-readable message of the error state -} - -/** - * Response: Device is waiting for HW button press. - * @next ButtonAck - * @next Cancel - */ -message ButtonRequest { - optional ButtonRequestType code = 1; - optional string data = 2; -} - -/** - * Request: Computer agrees to wait for HW button press - * @prev ButtonRequest - */ -message ButtonAck { -} - -/** - * Response: Device is asking computer to show PIN matrix and awaits PIN encoded using this matrix scheme - * @next PinMatrixAck - * @next Cancel - */ -message PinMatrixRequest { - optional PinMatrixRequestType type = 1; -} - -/** - * Request: Computer responds with encoded PIN - * @prev PinMatrixRequest - */ -message PinMatrixAck { - required string pin = 1; // matrix encoded PIN entered by user -} - -/** - * Request: Abort last operation that required user interaction - * @prev ButtonRequest - * @prev PinMatrixRequest - * @prev PassphraseRequest - */ -message Cancel { -} - -/** - * Response: Device awaits encryption passphrase - * @next PassphraseAck - * @next Cancel - */ -message PassphraseRequest { - optional bool on_device = 1; // passphrase is being entered on the device -} - -/** - * Request: Send passphrase back - * @prev PassphraseRequest - * @next PassphraseStateRequest - */ -message PassphraseAck { - optional string passphrase = 1; - optional bytes state = 2; // expected device state -} - -/** - * @prev PassphraseAck - * @next PassphraseStateAck - */ -message PassphraseStateRequest { - optional bytes state = 1; // actual device state -} - -/** - * @prev PassphraseStateRequest - */ -message PassphraseStateAck { -} -/** - * Request: Request a sample of random data generated by hardware RNG. May be used for testing. - * @next ButtonRequest - * @next Entropy - * @next Failure - */ -message GetEntropy { - required uint32 size = 1; // size of requested entropy -} - -/** - * Response: Reply with random data generated by internal RNG - * @prev GetEntropy - */ -message Entropy { - required bytes entropy = 1; // stream of random generated bytes -} - -/** - * Request: Ask device for public key corresponding to address_n path - * @next PassphraseRequest - * @next PublicKey - * @next Failure - */ -message GetPublicKey { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional string ecdsa_curve_name = 2; // ECDSA curve name to use - optional bool show_display = 3; // optionally show on display before sending the result - optional string coin_name = 4 [default='Bitcoin']; -} - -/** - * Response: Contains public key derived from device private seed - * @prev GetPublicKey - */ -message PublicKey { - required HDNodeType node = 1; // BIP32 public node - optional string xpub = 2; // serialized form of public node -} - -/** - * Request: Ask device for address corresponding to address_n path - * @next PassphraseRequest - * @next Address - * @next Failure - */ -message GetAddress { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional string coin_name = 2 [default='Bitcoin']; - optional bool show_display = 3; // optionally show on display before sending the result - optional MultisigRedeemScriptType multisig = 4; // filled if we are showing a multisig address - optional InputScriptType script_type = 5 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.) -} - -/** - * Request: Ask device for Ethereum address corresponding to address_n path - * @next PassphraseRequest - * @next EthereumAddress - * @next Failure - */ -message EthereumGetAddress { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bool show_display = 2; // optionally show on display before sending the result -} - -/** - * Response: Contains address derived from device private seed - * @prev GetAddress - */ -message Address { - required string address = 1; // Coin address in Base58 encoding -} - -/** - * Response: Contains an Ethereum address derived from device private seed - * @prev EthereumGetAddress - */ -message EthereumAddress { - required bytes address = 1; // Coin address as an Ethereum 160 bit hash -} - -/** - * Request: Request device to wipe all sensitive data and settings - * @next ButtonRequest - */ -message WipeDevice { -} - -/** - * Request: Load seed and related internal settings from the computer - * @next ButtonRequest - * @next Success - * @next Failure - */ -message LoadDevice { - optional string mnemonic = 1; // seed encoded as BIP-39 mnemonic (12, 18 or 24 words) - optional HDNodeType node = 2; // BIP-32 node - optional string pin = 3; // set PIN protection - optional bool passphrase_protection = 4; // enable master node encryption using passphrase - optional string language = 5 [default='english']; // device language - optional string label = 6; // device label - optional bool skip_checksum = 7; // do not test mnemonic for valid BIP-39 checksum - optional uint32 u2f_counter = 8; // U2F counter -} - -/** - * Request: Ask device to do initialization involving user interaction - * @next EntropyRequest - * @next Failure - */ -message ResetDevice { - optional bool display_random = 1; // display entropy generated by the device before asking for additional entropy - optional uint32 strength = 2 [default=256]; // strength of seed in bits - optional bool passphrase_protection = 3; // enable master node encryption using passphrase - optional bool pin_protection = 4; // enable PIN protection - optional string language = 5 [default='english']; // device language - optional string label = 6; // device label - optional uint32 u2f_counter = 7; // U2F counter - optional bool skip_backup = 8; // postpone seed backup to BackupDevice workflow -} - -/** - * Request: Perform backup of the device seed if not backed up using ResetDevice - * @next ButtonRequest - */ -message BackupDevice { -} - -/** - * Response: Ask for additional entropy from host computer - * @prev ResetDevice - * @next EntropyAck - */ -message EntropyRequest { -} - -/** - * Request: Provide additional entropy for seed generation function - * @prev EntropyRequest - * @next ButtonRequest - */ -message EntropyAck { - optional bytes entropy = 1; // 256 bits (32 bytes) of random data -} - -/** - * Request: Start recovery workflow asking user for specific words of mnemonic - * Used to recovery device safely even on untrusted computer. - * @next WordRequest - */ -message RecoveryDevice { - optional uint32 word_count = 1; // number of words in BIP-39 mnemonic - optional bool passphrase_protection = 2; // enable master node encryption using passphrase - optional bool pin_protection = 3; // enable PIN protection - optional string language = 4 [default='english']; // device language - optional string label = 5; // device label - optional bool enforce_wordlist = 6; // enforce BIP-39 wordlist during the process - // 7 reserved for unused recovery method - optional uint32 type = 8; // supported recovery type (see RecoveryType) - optional uint32 u2f_counter = 9; // U2F counter - optional bool dry_run = 10; // perform dry-run recovery workflow (for safe mnemonic validation) -} - -/** - * Response: Device is waiting for user to enter word of the mnemonic - * Its position is shown only on device's internal display. - * @prev RecoveryDevice - * @prev WordAck - */ -message WordRequest { - optional WordRequestType type = 1; -} - -/** - * Request: Computer replies with word from the mnemonic - * @prev WordRequest - * @next WordRequest - * @next Success - * @next Failure - */ -message WordAck { - required string word = 1; // one word of mnemonic on asked position -} - -////////////////////////////// -// Message signing messages // -////////////////////////////// - -/** - * Request: Ask device to sign message - * @next MessageSignature - * @next Failure - */ -message SignMessage { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - required bytes message = 2; // message to be signed - optional string coin_name = 3 [default='Bitcoin']; // coin to use for signing - optional InputScriptType script_type = 4 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.) -} - -/** - * Request: Ask device to verify message - * @next Success - * @next Failure - */ -message VerifyMessage { - optional string address = 1; // address to verify - optional bytes signature = 2; // signature to verify - optional bytes message = 3; // message to verify - optional string coin_name = 4 [default='Bitcoin']; // coin to use for verifying -} - -/** - * Response: Signed message - * @prev SignMessage - */ -message MessageSignature { - optional string address = 1; // address used to sign the message - optional bytes signature = 2; // signature of the message -} - -/////////////////////////// -// Encryption/decryption // -/////////////////////////// - -/** - * Request: Ask device to encrypt message - * @next EncryptedMessage - * @next Failure - */ -message EncryptMessage { - optional bytes pubkey = 1; // public key - optional bytes message = 2; // message to encrypt - optional bool display_only = 3; // show just on display? (don't send back via wire) - repeated uint32 address_n = 4; // BIP-32 path to derive the signing key from master node - optional string coin_name = 5 [default='Bitcoin']; // coin to use for signing -} - -/** - * Response: Encrypted message - * @prev EncryptMessage - */ -message EncryptedMessage { - optional bytes nonce = 1; // nonce used during encryption - optional bytes message = 2; // encrypted message - optional bytes hmac = 3; // message hmac -} - -/** - * Request: Ask device to decrypt message - * @next Success - * @next Failure - */ -message DecryptMessage { - repeated uint32 address_n = 1; // BIP-32 path to derive the decryption key from master node - optional bytes nonce = 2; // nonce used during encryption - optional bytes message = 3; // message to decrypt - optional bytes hmac = 4; // message hmac -} - -/** - * Response: Decrypted message - * @prev DecryptedMessage - */ -message DecryptedMessage { - optional bytes message = 1; // decrypted message - optional string address = 2; // address used to sign the message (if used) -} - -/** - * Request: Ask device to encrypt or decrypt value of given key - * @next CipheredKeyValue - * @next Failure - */ -message CipherKeyValue { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional string key = 2; // key component of key:value - optional bytes value = 3; // value component of key:value - optional bool encrypt = 4; // are we encrypting (True) or decrypting (False)? - optional bool ask_on_encrypt = 5; // should we ask on encrypt operation? - optional bool ask_on_decrypt = 6; // should we ask on decrypt operation? - optional bytes iv = 7; // initialization vector (will be computed if not set) -} - -/** - * Response: Return ciphered/deciphered value - * @prev CipherKeyValue - */ -message CipheredKeyValue { - optional bytes value = 1; // ciphered/deciphered value -} - -////////////////////////////////// -// Transaction signing messages // -////////////////////////////////// - -/** - * Request: Estimated size of the transaction - * This behaves exactly like SignTx, which means that it can ask using TxRequest - * This call is non-blocking (except possible PassphraseRequest to unlock the seed) - * @next TxSize - * @next Failure - */ -message EstimateTxSize { - required uint32 outputs_count = 1; // number of transaction outputs - required uint32 inputs_count = 2; // number of transaction inputs - optional string coin_name = 3 [default='Bitcoin']; // coin to use -} - -/** - * Response: Estimated size of the transaction - * @prev EstimateTxSize - */ -message TxSize { - optional uint32 tx_size = 1; // estimated size of transaction in bytes -} - -/** - * Request: Ask device to sign transaction - * @next PassphraseRequest - * @next PinMatrixRequest - * @next TxRequest - * @next Failure - */ -message SignTx { - required uint32 outputs_count = 1; // number of transaction outputs - required uint32 inputs_count = 2; // number of transaction inputs - optional string coin_name = 3 [default='Bitcoin']; // coin to use - optional uint32 version = 4 [default=1]; // transaction version - optional uint32 lock_time = 5 [default=0]; // transaction lock_time - optional uint32 expiry = 6; // only for Decred and Zcash - optional bool overwintered = 7; // only for Zcash -} - -/** - * Request: Simplified transaction signing - * This method doesn't support streaming, so there are hardware limits in number of inputs and outputs. - * In case of success, the result is returned using TxRequest message. - * @next PassphraseRequest - * @next PinMatrixRequest - * @next TxRequest - * @next Failure - */ -message SimpleSignTx { - repeated TxInputType inputs = 1; // transaction inputs - repeated TxOutputType outputs = 2; // transaction outputs - repeated TransactionType transactions = 3; // transactions whose outputs are used to build current inputs - optional string coin_name = 4 [default='Bitcoin']; // coin to use - optional uint32 version = 5 [default=1]; // transaction version - optional uint32 lock_time = 6 [default=0]; // transaction lock_time - optional uint32 expiry = 7; // only for Decred and Zcash - optional bool overwintered = 8; // only for Zcash -} - -/** - * Response: Device asks for information for signing transaction or returns the last result - * If request_index is set, device awaits TxAck message (with fields filled in according to request_type) - * If signature_index is set, 'signature' contains signed input of signature_index's input - * @prev SignTx - * @prev SimpleSignTx - * @prev TxAck - */ -message TxRequest { - optional RequestType request_type = 1; // what should be filled in TxAck message? - optional TxRequestDetailsType details = 2; // request for tx details - optional TxRequestSerializedType serialized = 3; // serialized data and request for next -} - -/** - * Request: Reported transaction data - * @prev TxRequest - * @next TxRequest - */ -message TxAck { - optional TransactionType tx = 1; -} - -/** - * Request: Ask device to sign transaction - * All fields are optional from the protocol's point of view. Each field defaults to value `0` if missing. - * Note: the first at most 1024 bytes of data MUST be transmitted as part of this message. - * @next PassphraseRequest - * @next PinMatrixRequest - * @next EthereumTxRequest - * @next Failure - */ -message EthereumSignTx { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bytes nonce = 2; // <=256 bit unsigned big endian - optional bytes gas_price = 3; // <=256 bit unsigned big endian (in wei) - optional bytes gas_limit = 4; // <=256 bit unsigned big endian - optional bytes to = 5; // 160 bit address hash - optional bytes value = 6; // <=256 bit unsigned big endian (in wei) - optional bytes data_initial_chunk = 7; // The initial data chunk (<= 1024 bytes) - optional uint32 data_length = 8; // Length of transaction payload - optional uint32 chain_id = 9; // Chain Id for EIP 155 - optional uint32 tx_type = 10; // (only for Wanchain) -} - -/** - * Response: Device asks for more data from transaction payload, or returns the signature. - * If data_length is set, device awaits that many more bytes of payload. - * Otherwise, the signature_* fields contain the computed transaction signature. All three fields will be present. - * @prev EthereumSignTx - * @next EthereumTxAck - */ -message EthereumTxRequest { - optional uint32 data_length = 1; // Number of bytes being requested (<= 1024) - optional uint32 signature_v = 2; // Computed signature (recovery parameter, limited to 27 or 28) - optional bytes signature_r = 3; // Computed signature R component (256 bit) - optional bytes signature_s = 4; // Computed signature S component (256 bit) -} - -/** - * Request: Transaction payload data. - * @prev EthereumTxRequest - * @next EthereumTxRequest - */ -message EthereumTxAck { - optional bytes data_chunk = 1; // Bytes from transaction payload (<= 1024 bytes) -} - -//////////////////////////////////////// -// Ethereum: Message signing messages // -//////////////////////////////////////// - -/** - * Request: Ask device to sign message - * @next EthereumMessageSignature - * @next Failure - */ -message EthereumSignMessage { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - required bytes message = 2; // message to be signed -} - -/** - * Request: Ask device to verify message - * @next Success - * @next Failure - */ -message EthereumVerifyMessage { - optional bytes address = 1; // address to verify - optional bytes signature = 2; // signature to verify - optional bytes message = 3; // message to verify -} - -/** - * Response: Signed message - * @prev EthereumSignMessage - */ -message EthereumMessageSignature { - optional bytes address = 1; // address used to sign the message - optional bytes signature = 2; // signature of the message -} - -/////////////////////// -// Identity messages // -/////////////////////// - -/** - * Request: Ask device to sign identity - * @next SignedIdentity - * @next Failure - */ -message SignIdentity { - optional IdentityType identity = 1; // identity - optional bytes challenge_hidden = 2; // non-visible challenge - optional string challenge_visual = 3; // challenge shown on display (e.g. date+time) - optional string ecdsa_curve_name = 4; // ECDSA curve name to use -} - -/** - * Response: Device provides signed identity - * @prev SignIdentity - */ -message SignedIdentity { - optional string address = 1; // identity address - optional bytes public_key = 2; // identity public key - optional bytes signature = 3; // signature of the identity data -} - -/////////////////// -// ECDH messages // -/////////////////// - -/** - * Request: Ask device to generate ECDH session key - * @next ECDHSessionKey - * @next Failure - */ -message GetECDHSessionKey { - optional IdentityType identity = 1; // identity - optional bytes peer_public_key = 2; // peer's public key - optional string ecdsa_curve_name = 3; // ECDSA curve name to use -} - -/** - * Response: Device provides ECDH session key - * @prev GetECDHSessionKey - */ -message ECDHSessionKey { - optional bytes session_key = 1; // ECDH session key -} - -/////////////////// -// U2F messages // -/////////////////// - -/** - * Request: Set U2F counter - * @next Success - */ -message SetU2FCounter { - optional uint32 u2f_counter = 1; // counter -} - -///////////////////////// -// Bootloader messages // -///////////////////////// - -/** - * Request: Ask device to erase its firmware (so it can be replaced via FirmwareUpload) - * @next Success - * @next FirmwareRequest - * @next Failure - */ -message FirmwareErase { - optional uint32 length = 1; // length of new firmware -} - -/** - * Response: Ask for firmware chunk - * @next FirmwareUpload - */ -message FirmwareRequest { - optional uint32 offset = 1; // offset of requested firmware chunk - optional uint32 length = 2; // length of requested firmware chunk -} - -/** - * Request: Send firmware in binary form to the device - * @next Success - * @next Failure - */ -message FirmwareUpload { - required bytes payload = 1; // firmware to be loaded into device - optional bytes hash = 2; // hash of the payload -} - - -/** - * Request: Perform a device self-test - * @next Success - * @next Failure - */ -message SelfTest { - optional bytes payload = 1; // payload to be used in self-test -} - -////////////////// -// NEM messages // -////////////////// - -/** - * Request: Ask device for NEM address corresponding to address_n path - * @next PassphraseRequest - * @next NEMAddress - * @next Failure - */ -message NEMGetAddress { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) - optional bool show_display = 3; // Optionally show on display before sending the result -} - -/** - * Response: Contains NEM address derived from device private seed - * @prev NEMGetAddress - */ -message NEMAddress { - required string address = 1; // NEM address in Base32 encoding -} - -/** - * Request: Ask device to sign transaction - * @next NEMSignedTx - * @next Failure - */ -message NEMSignTx { - optional NEMTransactionCommon transaction = 1; // Common part of transaction - optional NEMTransactionCommon multisig = 2; // Common part of inner transaction for multisig transactions - optional NEMTransfer transfer = 3; // Transfer transaction part - optional bool cosigning = 4; // Whether cosigning or initiating the multisig transaction - optional NEMProvisionNamespace provision_namespace = 5; // Provision namespace part - optional NEMMosaicCreation mosaic_creation = 6; // Mosaic definition creation part - optional NEMMosaicSupplyChange supply_change = 7; // Mosaic supply change part - optional NEMAggregateModification aggregate_modification = 8; // Aggregate modification part - optional NEMImportanceTransfer importance_transfer = 9; // Importance transfer part -} - -/** - * Response: Contains NEM transaction data and signature - * @prev NEMSignTx - */ -message NEMSignedTx { - optional bytes data = 1; // Transaction data - optional bytes signature = 2; // Signature for the transaction -} - -/** - * Request: Ask device to decrypt NEM transaction payload - * @next NEMDecryptedMessage - * @next Failure - */ -message NEMDecryptMessage { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin) - optional bytes public_key = 3; // Public key of the other party - optional bytes payload = 4; // Actual message data (encrypted) -} - -/** - * Response: Contains decrypted NEM transaction payload - * @prev NEMDecryptMessage - */ -message NEMDecryptedMessage { - optional bytes payload = 1; // Actual message data (unencrypted) -} - -/////////////////// -// CoSi messages // -/////////////////// - -/** - * Request: Ask device to commit to CoSi signing - * @next CosiCommitment - * @next Failure - */ -message CosiCommit { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bytes data = 2; // Data to be signed -} - -/** - * Response: Contains a CoSi commitment - * @prev CosiCommit - */ -message CosiCommitment { - optional bytes commitment = 1; // Commitment - optional bytes pubkey = 2; // Public key -} - -/** - * Request: Ask device to sign using CoSi - * @next CosiSignature - * @next Failure - */ -message CosiSign { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bytes data = 2; // Data to be signed - optional bytes global_commitment = 3; // Aggregated commitment - optional bytes global_pubkey = 4; // Aggregated public key -} - -/** - * Response: Contains a CoSi signature - * @prev CosiSign - */ -message CosiSignature { - optional bytes signature = 1; // Signature -} - -////////////////////// -// Stellar messages // -////////////////////// - -/** - * Request: Public key at the specified index - * @next StellarPublicKey - */ -message StellarGetPublicKey { - repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' - optional bool show_display = 2; // optionally show on display before sending the result -} - -/** - * Response: Public key for the given index - * @prev StellarGetPublicKey - */ -message StellarPublicKey { - optional bytes public_key = 1; // Raw bytes of the public key (no version or checksum) -} - -/** - * Request: Address at the specified index - * @next StellarAddress - */ -message StellarGetAddress { - repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' - optional bool show_display = 2; // optionally show on display before sending the result -} - -/** - * Response: Address for the given index - * @prev StellarGetAddress - */ -message StellarAddress { - optional string address = 1; // Address in Stellar format (base32 of a pubkey with checksum) -} - -/** - * Request: ask device to sign Stellar transaction - * @next StellarTxOpRequest - */ -message StellarSignTx { - optional uint32 protocol_version = 1; // version of the protofbuf messaging protocol the client is using - repeated uint32 address_n = 2; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index' - optional string network_passphrase = 3; // passphrase for signing messages on the destination network - optional string source_account = 4; // source account address - optional uint32 fee = 5; // Fee (in stroops) for the transaction - optional uint64 sequence_number = 6; // transaction sequence number - optional uint32 timebounds_start = 8; // unix timestamp (client must truncate this to 32 bytes) - optional uint32 timebounds_end = 9; // unix timestamp (client must truncate this to 32 bytes) - optional uint32 memo_type = 10; // 0 = none, 1 = text, 2 = id, 3 = hash, 4 = return - optional string memo_text = 11; // up to 28 characters (4 bytes are for length) - optional uint64 memo_id = 12; // 8-byte uint64 - optional bytes memo_hash = 13; // 32 bytes representing a hash - optional uint32 num_operations = 14; // number of operations in this transaction -} - -/** - * Response: device is ready for client to send the next operation - * @prev StellarSignTx - * @next StellarPaymentOp - * @next StellarCreateAccountOp - * @next StellarPathPaymentOp - * @next StellarManageOfferOp - * @next StellarCreatePassiveOfferOp - * @next StellarSetOptionsOp - * @next StellarChangeTrustOp - * @next StellarAllowTrustOp - * @next StellarAccountMergeOp - * @next StellarManageDataOp - * @next StellarBumpSequenceOp - */ -message StellarTxOpRequest { -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarPaymentOp { - optional string source_account = 1; // (optional) source account address - - optional string destination_account = 2; // destination account address - optional StellarAssetType asset = 3; // asset involved in the operation - optional sint64 amount = 4; // amount of the given asset to pay -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarCreateAccountOp { - optional string source_account = 1; // (optional) source account address - - optional string new_account = 2; // account address to create - optional sint64 starting_balance = 3; // initial starting balance for the new account -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarPathPaymentOp { - optional string source_account = 1; // (optional) source address - - optional StellarAssetType send_asset = 2; - optional sint64 send_max = 3; - optional string destination_account = 4; - optional StellarAssetType destination_asset = 5; - optional sint64 destination_amount = 6; - repeated StellarAssetType paths = 7; -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarManageOfferOp { - optional string source_account = 1; // (optional) source account address - - optional StellarAssetType selling_asset = 2; - optional StellarAssetType buying_asset = 3; - optional sint64 amount = 4; - optional uint32 price_n = 5; // Price numerator - optional uint32 price_d = 6; // Price denominator - optional uint64 offer_id = 7; // Offer ID for updating an existing offer -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarCreatePassiveOfferOp { - optional string source_account = 1; // (optional) source account address - - optional StellarAssetType selling_asset = 2; - optional StellarAssetType buying_asset = 3; - optional sint64 amount = 4; - optional uint32 price_n = 5; // Price numerator - optional uint32 price_d = 6; // Price denominator -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarSetOptionsOp { - optional string source_account = 1; // (optional) source account address - - optional string inflation_destination_account = 2; // (optional) inflation destination address - optional uint32 clear_flags = 3; - optional uint32 set_flags = 4; - optional uint32 master_weight = 5; - optional uint32 low_threshold = 6; - optional uint32 medium_threshold = 7; - optional uint32 high_threshold = 8; - optional string home_domain = 9; - optional uint32 signer_type = 10; - optional bytes signer_key = 11; - optional uint32 signer_weight = 12; -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarChangeTrustOp { - optional string source_account = 1; // (optional) source account address - - optional StellarAssetType asset = 2; - optional uint64 limit = 3; -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarAllowTrustOp { - optional string source_account = 1; // (optional) source account address - - optional string trusted_account = 2; // The account being allowed to hold the asset - optional uint32 asset_type = 3; // 1 = 4-character, 2 = 12-character - optional string asset_code = 4; // human-readable asset code - optional uint32 is_authorized = 5; -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarAccountMergeOp { - optional string source_account = 1; // (optional) source account address - optional string destination_account = 2; // destination account address -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarManageDataOp { - optional string source_account = 1; // (optional) source account address - - optional string key = 2; - optional bytes value = 3; // 64 bytes of arbitrary data -} - -/** - * Request: ask device to confirm this operation type - * @prev StellarTxOpRequest - * @next StellarTxOpRequest - * @next StellarSignedTx - */ -message StellarBumpSequenceOp { - optional string source_account = 1; // (optional) source account address - - optional uint64 bump_to = 2; // new sequence number -} - -/** - * Response: signature for transaction - * @prev StellarPaymentOp - * @prev StellarCreateAccountOp - * @prev StellarPathPaymentOp - * @prev StellarManageOfferOp - * @prev StellarCreatePassiveOfferOp - * @prev StellarSetOptionsOp - * @prev StellarChangeTrustOp - * @prev StellarAllowTrustOp - * @prev StellarAccountMergeOp - * @prev StellarManageDataOp - * @prev StellarBumpSequenceOp - */ -message StellarSignedTx { - optional bytes public_key = 1; // public key for the private key used to sign data - optional bytes signature = 2; // signature suitable for sending to the Stellar network -} - - -//////////////////// -// Lisk messages // -////////////////// - -/** - * Request: Ask device for Lisk public key corresponding to address_n path - * @next LiskPublicKey -*/ -message LiskGetPublicKey { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bool show_display = 2; // Optionally show on display before sending the result -} - -/** - * Response: Contains Lisk public key derived from device private seed - * @prev LiskGetPublicKey -*/ -message LiskPublicKey { - optional bytes public_key = 1; // Lisk public key -} - -/** - * Request: Ask device for Lisk address corresponding to address_n path - * @next PassphraseRequest - * @next LiskAddress - * @next Failure - */ -message LiskGetAddress { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bool show_display = 2; // Optionally show on display before sending the result -} - -/** - * Response: Contains Lisk address derived from device private seed - * @prev LiskGetAddress - */ -message LiskAddress { - optional string address = 1; // Lisk address -} - -/** - * Request: Ask device to sign Lisk transaction - * @next LiskSignedTx - */ -message LiskSignTx { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional LiskTransactionCommon transaction = 2; // Lisk transaction structure -} - -/** -* Response: Contains Lisk transaction signature -* @prev LiskSignTx -*/ -message LiskSignedTx { - optional bytes signature = 1; -} - -/** -* Request: Ask device to sign message -* @next LiskMessageSignature -* @next Failure -*/ -message LiskSignMessage { - repeated uint32 address_n = 1; - optional bytes message = 2; -} - -/** -* Response: Signed message -* @prev LiskSignMessage -*/ -message LiskMessageSignature { - optional bytes public_key = 1; - optional bytes signature = 2; -} - -/** -* Request: Ask device to verify message -* @next Success -* @next Failure -*/ -message LiskVerifyMessage { - optional bytes public_key = 1; - optional bytes signature = 2; - optional bytes message = 3; -} - - -/** - * Request: Ask device for Tezos address corresponding to address_n path - * @next PassphraseRequest - * @next TezosAddress - * @next Failure - */ -message TezosGetAddress { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bool show_display = 2; // optionally show on display before sending the result -} - -/** - * Response: Contains Tezos address derived from device private seed - * @prev TezosGetAddress - */ -message TezosAddress { - optional string address = 1; // Coin address in Base58 encoding -} - -/** - * Request: Ask device to sign Tezos transaction - * @next TezosSignedTx - */ -message TezosSignTx { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional TezosOperationCommon operation = 2; // Tezos operation structure - optional TezosTransactionType transaction = 3; // Tezos transaction part - optional TezosOriginationType origination = 4; // Tezos origination part - optional TezosDelegationType delegation = 5; // Tezos delegation part -} - -/** -* Response: Contains Tezos transaction signature -* @prev TezosSignTx -*/ -message TezosSignedTx { - optional bytes signature = 1; // Tezos transaction signature - optional bytes sig_op_contents = 2; // Signed operation contents - optional string operation_hash = 3; // b58 check encoded blake2b hashed operation contents -} - -/** - * Request: Ask device for Tezos public key corresponding to address_n path - * @next TezosPublicKey - */ -message TezosGetPublicKey { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bool show_display = 2; // Optionally show on display before sending the result -} - -/** - * Response: Contains Tezos public key derived from device private seed - * @prev TezosGetPublicKey -*/ -message TezosPublicKey { - optional bytes public_key = 1; // Tezos public key -} - -///////////////////////////////////////////////////////////// -// Debug messages (only available if DebugLink is enabled) // -///////////////////////////////////////////////////////////// - -/** - * Request: "Press" the button on the device - * @next Success - */ -message DebugLinkDecision { - optional bool yes_no = 1; // true for "Confirm", false for "Cancel" - optional bool up_down = 2; // true for scroll up, false for scroll down - optional string input = 3; // keyboard input -} - -/** - * Request: Computer asks for device state - * @next DebugLinkState - */ -message DebugLinkGetState { -} - -/** - * Response: Device current state - * @prev DebugLinkGetState - */ -message DebugLinkState { - optional bytes layout = 1; // raw buffer of display - optional string pin = 2; // current PIN, blank if PIN is not set/enabled - optional string matrix = 3; // current PIN matrix - optional string mnemonic = 4; // current BIP-39 mnemonic - optional HDNodeType node = 5; // current BIP-32 node - optional bool passphrase_protection = 6; // is node/mnemonic encrypted using passphrase? - optional string reset_word = 7; // word on device display during ResetDevice workflow - optional bytes reset_entropy = 8; // current entropy during ResetDevice workflow - optional string recovery_fake_word = 9; // (fake) word on display during RecoveryDevice workflow - optional uint32 recovery_word_pos = 10; // index of mnemonic word the device is expecting during RecoveryDevice workflow - optional uint32 reset_word_pos = 11; // index of mnemonic word the device is expecting during ResetDevice workflow -} - -/** - * Request: Ask device to restart - */ -message DebugLinkStop { -} - -/** - * Response: Device wants host to log event - */ -message DebugLinkLog { - optional uint32 level = 1; - optional string bucket = 2; - optional string text = 3; -} - -/** - * Request: Read memory from device - * @next DebugLinkMemory - */ -message DebugLinkMemoryRead { - optional uint32 address = 1; - optional uint32 length = 2; -} - -/** - * Response: Device sends memory back - * @prev DebugLinkMemoryRead - */ -message DebugLinkMemory { - optional bytes memory = 1; -} - -/** - * Request: Write memory to device. - * WARNING: Writing to the wrong location can irreparably break the device. - */ -message DebugLinkMemoryWrite { - optional uint32 address = 1; - optional bytes memory = 2; - optional bool flash = 3; -} - -/** - * Request: Erase block of flash on device - * WARNING: Writing to the wrong location can irreparably break the device. - */ -message DebugLinkFlashErase { - optional uint32 sector = 1; -} - -/** - * Request: Ask device for Cardano address - * @next CardanoAddress - * @next Failure - */ -message CardanoGetAddress { - repeated uint32 address_n = 1; // BIP-32-style path to derive the key from master node - optional bool show_display = 2; // optionally prompt for confirmation on trezor display -} - -/** - * Request: Ask device for Cardano address - * @next CardanoAddress - * @next Failure - */ -message CardanoAddress { - optional string address = 1; // Base58 cardano address -} - -/** - * Request: Ask device to sign Cardano message - * @next CardanoMessageSignature - * @next Failure - */ -message CardanoSignMessage { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node - optional bytes message = 2; // message to be signed -} - -/** - * Request: Ask device for public key corresponding to address_n path - * @next CardanoPublicKey - * @next Failure - */ -message CardanoGetPublicKey { - repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node -} - -/** - * Response: Contains public key derived from device private seed - * @prev CardanoGetPublicKey - */ -message CardanoPublicKey { - optional string xpub = 1; // Xpub key - optional HDNodeType node = 2; // BIP-32 public node - optional string root_hd_passphrase = 3; // Hd passphrase for root in hex format -} - -/** - * Request: Ask device to verify Cardano message - * @next Success - * @next Failure - */ -message CardanoVerifyMessage { - optional bytes public_key = 1; // Public key which was used to sign message - optional bytes signature = 2; // signature to verify - optional bytes message = 3; // message to verify -} - -/** - * Response: Signed Cardano message - * @prev CardanoSignMessage - */ -message CardanoMessageSignature { - optional bytes public_key = 1; // public key which was used to sign mesage - optional bytes signature = 2; // signature of the message -} - -/** - * Request: Ask device to sign Cardano transaction - * @next CardanoSignedTransaction - * @next CardanoTxRequest - * @next Failure - */ -message CardanoSignTransaction { - repeated CardanoTxInputType inputs = 1; // inputs to be used in transaction - repeated CardanoTxOutputType outputs = 2; // outputs to be used in transaction - optional uint32 transactions_count = 3; // transactions count -} - -/** - * Response: Serialised signed cardano transaction if tx_index is not specified. - * If tx_index is specified, trezor will wait for transaction - * @prev CardanoSignTransaction - * @next CardanoTxAck - */ -message CardanoTxRequest { - optional uint32 tx_index = 1; // index of requested transaction - optional bytes tx_hash = 2; // hash of the signed transaction - optional bytes tx_body = 3; // serialised body of the signed transaction -} - -/** - * Response: Serialised signed cardano transaction - * @prev CardanoSignTransaction - */ -message CardanoSignedTransaction { - optional bytes tx_hash = 1; // hash of the signed transaction - optional bytes tx_body = 2; // serialised body of the signed transaction -} - -/** - * Request: Reported transaction data - * @prev CardanoTxRequest - * @next CardanoTxRequest - */ -message CardanoTxAck { - optional bytes transaction = 1; + // Management + MessageType_Initialize = 0 [(wire_in) = true, (wire_tiny) = true]; + MessageType_Ping = 1 [(wire_in) = true]; + MessageType_Success = 2 [(wire_out) = true]; + MessageType_Failure = 3 [(wire_out) = true]; + MessageType_ChangePin = 4 [(wire_in) = true]; + MessageType_WipeDevice = 5 [(wire_in) = true]; + MessageType_GetEntropy = 9 [(wire_in) = true]; + MessageType_Entropy = 10 [(wire_out) = true]; + MessageType_LoadDevice = 13 [(wire_in) = true]; + MessageType_ResetDevice = 14 [(wire_in) = true]; + MessageType_Features = 17 [(wire_out) = true]; + MessageType_PinMatrixRequest = 18 [(wire_out) = true]; + MessageType_PinMatrixAck = 19 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; + MessageType_Cancel = 20 [(wire_in) = true, (wire_tiny) = true]; + MessageType_ClearSession = 24 [(wire_in) = true]; + MessageType_ApplySettings = 25 [(wire_in) = true]; + MessageType_ButtonRequest = 26 [(wire_out) = true]; + MessageType_ButtonAck = 27 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; + MessageType_ApplyFlags = 28 [(wire_in) = true]; + MessageType_BackupDevice = 34 [(wire_in) = true]; + MessageType_EntropyRequest = 35 [(wire_out) = true]; + MessageType_EntropyAck = 36 [(wire_in) = true]; + MessageType_PassphraseRequest = 41 [(wire_out) = true]; + MessageType_PassphraseAck = 42 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; + MessageType_PassphraseStateRequest = 77 [(wire_out) = true]; + MessageType_PassphraseStateAck = 78 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; + MessageType_RecoveryDevice = 45 [(wire_in) = true]; + MessageType_WordRequest = 46 [(wire_out) = true]; + MessageType_WordAck = 47 [(wire_in) = true]; + MessageType_GetFeatures = 55 [(wire_in) = true]; + MessageType_SetU2FCounter = 63 [(wire_in) = true]; + + // Bootloader + MessageType_FirmwareErase = 6 [(wire_in) = true, (wire_bootloader) = true]; + MessageType_FirmwareUpload = 7 [(wire_in) = true, (wire_bootloader) = true]; + MessageType_FirmwareRequest = 8 [(wire_out) = true, (wire_bootloader) = true]; + MessageType_SelfTest = 32 [(wire_in) = true, (wire_bootloader) = true]; + + // Bitcoin + MessageType_GetPublicKey = 11 [(wire_in) = true]; + MessageType_PublicKey = 12 [(wire_out) = true]; + MessageType_SignTx = 15 [(wire_in) = true]; + MessageType_TxRequest = 21 [(wire_out) = true]; + MessageType_TxAck = 22 [(wire_in) = true]; + MessageType_GetAddress = 29 [(wire_in) = true]; + MessageType_Address = 30 [(wire_out) = true]; + MessageType_SignMessage = 38 [(wire_in) = true]; + MessageType_VerifyMessage = 39 [(wire_in) = true]; + MessageType_MessageSignature = 40 [(wire_out) = true]; + + // Crypto + MessageType_CipherKeyValue = 23 [(wire_in) = true]; + MessageType_CipheredKeyValue = 48 [(wire_out) = true]; + MessageType_SignIdentity = 53 [(wire_in) = true]; + MessageType_SignedIdentity = 54 [(wire_out) = true]; + MessageType_GetECDHSessionKey = 61 [(wire_in) = true]; + MessageType_ECDHSessionKey = 62 [(wire_out) = true]; + MessageType_CosiCommit = 71 [(wire_in) = true]; + MessageType_CosiCommitment = 72 [(wire_out) = true]; + MessageType_CosiSign = 73 [(wire_in) = true]; + MessageType_CosiSignature = 74 [(wire_out) = true]; + + // Debug + MessageType_DebugLinkDecision = 100 [(wire_debug_in) = true, (wire_tiny) = true, (wire_no_fsm) = true]; + MessageType_DebugLinkGetState = 101 [(wire_debug_in) = true, (wire_tiny) = true]; + MessageType_DebugLinkState = 102 [(wire_debug_out) = true]; + MessageType_DebugLinkStop = 103 [(wire_debug_in) = true]; + MessageType_DebugLinkLog = 104 [(wire_debug_out) = true]; + MessageType_DebugLinkMemoryRead = 110 [(wire_debug_in) = true]; + MessageType_DebugLinkMemory = 111 [(wire_debug_out) = true]; + MessageType_DebugLinkMemoryWrite = 112 [(wire_debug_in) = true]; + MessageType_DebugLinkFlashErase = 113 [(wire_debug_in) = true]; + + // Ethereum + MessageType_EthereumGetAddress = 56 [(wire_in) = true]; + MessageType_EthereumAddress = 57 [(wire_out) = true]; + MessageType_EthereumSignTx = 58 [(wire_in) = true]; + MessageType_EthereumTxRequest = 59 [(wire_out) = true]; + MessageType_EthereumTxAck = 60 [(wire_in) = true]; + MessageType_EthereumSignMessage = 64 [(wire_in) = true]; + MessageType_EthereumVerifyMessage = 65 [(wire_in) = true]; + MessageType_EthereumMessageSignature = 66 [(wire_out) = true]; + + // NEM + MessageType_NEMGetAddress = 67 [(wire_in) = true]; + MessageType_NEMAddress = 68 [(wire_out) = true]; + MessageType_NEMSignTx = 69 [(wire_in) = true]; + MessageType_NEMSignedTx = 70 [(wire_out) = true]; + MessageType_NEMDecryptMessage = 75 [(wire_in) = true]; + MessageType_NEMDecryptedMessage = 76 [(wire_out) = true]; + + // Lisk + MessageType_LiskGetAddress = 114 [(wire_in) = true]; + MessageType_LiskAddress = 115 [(wire_out) = true]; + MessageType_LiskSignTx = 116 [(wire_in) = true]; + MessageType_LiskSignedTx = 117 [(wire_out) = true]; + MessageType_LiskSignMessage = 118 [(wire_in) = true]; + MessageType_LiskMessageSignature = 119 [(wire_out) = true]; + MessageType_LiskVerifyMessage = 120 [(wire_in) = true]; + MessageType_LiskGetPublicKey = 121 [(wire_in) = true]; + MessageType_LiskPublicKey = 122 [(wire_out) = true]; + + // Tezos + MessageType_TezosGetAddress = 150 [(wire_in) = true]; + MessageType_TezosAddress = 151 [(wire_out) = true]; + MessageType_TezosSignTx = 152 [(wire_in) = true]; + MessageType_TezosSignedTx = 153 [(wire_out) = true]; + MessageType_TezosGetPublicKey = 154 [(wire_in) = true]; + MessageType_TezosPublicKey = 155 [(wire_out) = true]; + + // Stellar + MessageType_StellarGetPublicKey = 200 [(wire_in) = true]; + MessageType_StellarPublicKey = 201 [(wire_out) = true]; + MessageType_StellarSignTx = 202 [(wire_in) = true]; + MessageType_StellarTxOpRequest = 203 [(wire_out) = true]; + MessageType_StellarGetAddress = 207 [(wire_in) = true]; + MessageType_StellarAddress = 208 [(wire_out) = true]; + MessageType_StellarCreateAccountOp = 210 [(wire_in) = true]; + MessageType_StellarPaymentOp = 211 [(wire_in) = true]; + MessageType_StellarPathPaymentOp = 212 [(wire_in) = true]; + MessageType_StellarManageOfferOp = 213 [(wire_in) = true]; + MessageType_StellarCreatePassiveOfferOp = 214 [(wire_in) = true]; + MessageType_StellarSetOptionsOp = 215 [(wire_in) = true]; + MessageType_StellarChangeTrustOp = 216 [(wire_in) = true]; + MessageType_StellarAllowTrustOp = 217 [(wire_in) = true]; + MessageType_StellarAccountMergeOp = 218 [(wire_in) = true]; + // Omitted: inflation is not a supported operation, would be 219 + MessageType_StellarManageDataOp = 220 [(wire_in) = true]; + MessageType_StellarBumpSequenceOp = 221 [(wire_in) = true]; + MessageType_StellarSignedTx = 230 [(wire_out) = true]; + + // Cardano + MessageType_CardanoSignMessage = 300 [(wire_in) = true]; + MessageType_CardanoMessageSignature = 301 [(wire_out) = true]; + MessageType_CardanoVerifyMessage = 302 [(wire_in) = true]; + MessageType_CardanoSignTransaction = 303 [(wire_in) = true]; + MessageType_CardanoTxRequest = 304 [(wire_out) = true]; + MessageType_CardanoGetPublicKey = 305 [(wire_in) = true]; + MessageType_CardanoPublicKey = 306 [(wire_out) = true]; + MessageType_CardanoGetAddress = 307 [(wire_in) = true]; + MessageType_CardanoAddress = 308 [(wire_out) = true]; + MessageType_CardanoTxAck = 309 [(wire_in) = true]; + MessageType_CardanoSignedTransaction = 310 [(wire_out) = true]; }