syntax = "proto2"; package hw.trezor.messages.crypto; // Sugar for easier handling in Java option java_package = "com.satoshilabs.trezor.lib.protobuf"; option java_outer_classname = "TrezorMessageCrypto"; import "options.proto"; option (include_in_bitcoin_only) = true; /** * Request: Ask device to encrypt or decrypt value of given key * @start * @next CipheredKeyValue * @next Failure */ message CipherKeyValue { repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node required string key = 2; // key component of key:value required bytes value = 3; // value component of key:value optional bool encrypt = 4; // are we encrypting (True) or decrypting (False)? optional bool ask_on_encrypt = 5; // should we ask on encrypt operation? optional bool ask_on_decrypt = 6; // should we ask on decrypt operation? optional bytes iv = 7; // initialization vector (will be computed if not set) } /** * Response: Return ciphered/deciphered value * @end */ message CipheredKeyValue { required bytes value = 1; // ciphered/deciphered value } /** * Structure representing identity data * @embed */ message IdentityType { optional string proto = 1; // proto part of URI optional string user = 2; // user part of URI optional string host = 3; // host part of URI optional string port = 4; // port part of URI optional string path = 5; // path part of URI optional uint32 index = 6 [default=0]; // identity index } /** * Request: Ask device to sign identity * @start * @next SignedIdentity * @next Failure */ message SignIdentity { required IdentityType identity = 1; // identity optional bytes challenge_hidden = 2 [default=""]; // non-visible challenge optional string challenge_visual = 3 [default=""]; // challenge shown on display (e.g. date+time) optional string ecdsa_curve_name = 4; // ECDSA curve name to use } /** * Response: Device provides signed identity * @end */ message SignedIdentity { optional string address = 1; // identity address required bytes public_key = 2; // identity public key required bytes signature = 3; // signature of the identity data } /** * Request: Ask device to generate ECDH session key * @start * @next ECDHSessionKey * @next Failure */ message GetECDHSessionKey { required IdentityType identity = 1; // identity required bytes peer_public_key = 2; // peer's public key optional string ecdsa_curve_name = 3; // ECDSA curve name to use } /** * Response: Device provides ECDH session key * @end */ message ECDHSessionKey { required bytes session_key = 1; // ECDH session key optional bytes public_key = 2; // identity public key }