syntax = "proto2";
package hw.trezor.messages.bitcoin;

// Sugar for easier handling in Java
option java_package = "com.satoshilabs.trezor.lib.protobuf";
option java_outer_classname = "TrezorMessageBitcoin";

import "messages.proto";
import "messages-common.proto";

/**
 * Type of script which will be used for transaction input
 */
enum InputScriptType {
    SPENDADDRESS = 0;       // standard P2PKH address
    SPENDMULTISIG = 1;      // P2SH multisig address
    EXTERNAL = 2;           // reserved for external inputs (coinjoin)
    SPENDWITNESS = 3;       // native SegWit
    SPENDP2SHWITNESS = 4;   // SegWit over P2SH (backward compatible)
}

/**
 * Type of script which will be used for transaction output
 */
enum OutputScriptType {
    PAYTOADDRESS = 0;       // used for all addresses (bitcoin, p2sh, witness)
    PAYTOSCRIPTHASH = 1;    // p2sh address (deprecated; use PAYTOADDRESS)
    PAYTOMULTISIG = 2;      // only for change output
    PAYTOOPRETURN = 3;      // op_return
    PAYTOWITNESS = 4;       // only for change output
    PAYTOP2SHWITNESS = 5;   // only for change output
}

/**
 * Type of redeem script used in input
 * @embed
 */
message MultisigRedeemScriptType {
    repeated HDNodePathType pubkeys = 1;    // pubkeys from multisig address (sorted lexicographically)
    repeated bytes signatures = 2;          // existing signatures for partially signed input
    required uint32 m = 3;                  // "m" from n, how many valid signatures is necessary for spending
    repeated common.HDNodeType nodes = 4;    // simplified way how to specify pubkeys if they share the same address_n path
    repeated uint32 address_n = 5;                              // use only field 1 or fields 4+5, if fields 4+5 are used, field 1 is ignored
    /**
    * Structure representing HDNode + Path
    */
    message HDNodePathType {
        required common.HDNodeType node = 1; // BIP-32 node in deserialized form
        repeated uint32 address_n = 2;                          // BIP-32 path to derive the key from node
    }
}

/**
 * Request: Ask device for public key corresponding to address_n path
 * @start
 * @next PublicKey
 * @next Failure
 */
message GetPublicKey {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    optional string ecdsa_curve_name = 2;                               // ECDSA curve name to use
    optional bool show_display = 3;                                     // optionally show on display before sending the result
    optional string coin_name = 4 [default='Bitcoin'];                  // coin to use for verifying
    optional InputScriptType script_type = 5 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
}

/**
 * Response: Contains public key derived from device private seed
 * @end
 */
message PublicKey {
    optional common.HDNodeType node = 1;        // BIP32 public node
    optional string xpub = 2;        // serialized form of public node
}

/**
 * Request: Ask device for address corresponding to address_n path
 * @start
 * @next Address
 * @next Failure
 */
message GetAddress {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    optional string coin_name = 2 [default='Bitcoin'];                  // coin to use
    optional bool show_display = 3;                                     // optionally show on display before sending the result
    optional MultisigRedeemScriptType multisig = 4;                     // filled if we are showing a multisig address
    optional InputScriptType script_type = 5 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
}

/**
 * Response: Contains address derived from device private seed
 * @end
 */
message Address {
    required string address = 1;    // Coin address in Base58 encoding
}

/**
 * Request: Ask device for ownership identifier corresponding to scriptPubKey for address_n path
 * @start
 * @next OwnershipId
 * @next Failure
 */
message GetOwnershipId {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    optional string coin_name = 2 [default='Bitcoin'];                  // coin to use
    optional MultisigRedeemScriptType multisig = 3;                     // filled if we are dealing with a multisig scriptPubKey
    optional InputScriptType script_type = 4 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
}

/**
 * Response: Contains the ownership identifier for the scriptPubKey and device private seed
 * @end
 */
message OwnershipId {
    required bytes ownership_id = 1;    // ownership identifier
}

/**
 * Request: Ask device to sign message
 * @start
 * @next MessageSignature
 * @next Failure
 */
message SignMessage {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    required bytes message = 2;                                         // message to be signed
    optional string coin_name = 3 [default='Bitcoin'];                  // coin to use for signing
    optional InputScriptType script_type = 4 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
}

/**
 * Response: Signed message
 * @end
 */
message MessageSignature {
    optional string address = 1;    // address used to sign the message
    optional bytes signature = 2;   // signature of the message
}

/**
 * Request: Ask device to verify message
 * @start
 * @next Success
 * @next Failure
 */
message VerifyMessage {
    required string address = 1;                        // address to verify
    required bytes signature = 2;                       // signature to verify
    required bytes message = 3;                         // message to verify
    optional string coin_name = 4 [default='Bitcoin'];  // coin to use for verifying
}

/**
 * Request: Ask device to sign transaction
 * @start
 * @next TxRequest
 * @next Failure
 */
message SignTx {
    required uint32 outputs_count = 1;                  // number of transaction outputs
    required uint32 inputs_count = 2;                   // number of transaction inputs
    optional string coin_name = 3 [default='Bitcoin'];  // coin to use
    optional uint32 version = 4 [default=1];            // transaction version
    optional uint32 lock_time = 5 [default=0];          // transaction lock_time
    optional uint32 expiry = 6;                         // only for Decred and Zcash
    optional bool overwintered = 7 [deprecated=true];   // deprecated in 2.3.2, the field is not needed as it can be derived from `version`
    optional uint32 version_group_id = 8;               // only for Zcash, nVersionGroupId
    optional uint32 timestamp = 9;                      // only for Peercoin
    optional uint32 branch_id = 10;                     // only for Zcash, BRANCH_ID
}

/**
 * Response: Device asks for information for signing transaction or returns the last result
 * If request_index is set, device awaits TxAck<any> matching the request type.
 * If signature_index is set, 'signature' contains signed input of signature_index's input
 * @end
 * @next TxAckInput
 * @next TxAckOutput
 * @next TxAckPrevMeta
 * @next TxAckPrevInput
 * @next TxAckPrevOutput
 * @next TxAckPrevExtraData
 */
message TxRequest {
    optional RequestType request_type = 1;              // what should be filled in TxAck message?
    optional TxRequestDetailsType details = 2;          // request for tx details
    optional TxRequestSerializedType serialized = 3;    // serialized data and request for next
    /**
    * Type of information required by transaction signing process
    */
    enum RequestType {
        TXINPUT = 0;
        TXOUTPUT = 1;
        TXMETA = 2;
        TXFINISHED = 3;
        TXEXTRADATA = 4;
    }
    /**
    * Structure representing request details
    */
    message TxRequestDetailsType {
        optional uint32 request_index = 1;      // device expects TxAck message from the computer
        optional bytes tx_hash = 2;             // tx_hash of requested transaction
        optional uint32 extra_data_len = 3;     // length of requested extra data (only for Dash, Zcash)
        optional uint32 extra_data_offset = 4;  // offset of requested extra data (only for Dash, Zcash)
    }
    /**
    * Structure representing serialized data
    */
    message TxRequestSerializedType {
        optional uint32 signature_index = 1;    // 'signature' field contains signed input of this index
        optional bytes signature = 2;           // signature of the signature_index input
        optional bytes serialized_tx = 3;       // part of serialized and signed transaction
    }
}

/**
 * Request: Reported transaction data (legacy)
 *
 * This message contains all possible field that can be sent in response to a TxRequest.
 * Depending on the request_type, the host is supposed to fill some of these fields.
 *
 * The interface is wire-compatible with the new method of specialized TxAck subtypes,
 * so it can be used in the old way. However, it is now recommended to use more
 * specialized messages, which have better-configured constraints on field values.
 *
 * @next TxRequest
 */
message TxAck {
    option deprecated = true;

    optional TransactionType tx = 1;
    /**
    * Structure representing transaction
    */
    message TransactionType {
        optional uint32 version = 1;
        repeated TxInputType inputs = 2;
        repeated TxOutputBinType bin_outputs = 3;
        optional uint32 lock_time = 4;
        repeated TxOutputType outputs = 5;
        optional uint32 inputs_cnt = 6;
        optional uint32 outputs_cnt = 7;
        optional bytes extra_data = 8;          // only for Dash, Zcash
        optional uint32 extra_data_len = 9;     // only for Dash, Zcash
        optional uint32 expiry = 10;            // only for Decred and Zcash
        optional bool overwintered = 11 [deprecated=true];   // Zcash only; deprecated in 2.3.2, the field is not needed, it can be derived from `version`
        optional uint32 version_group_id = 12;  // only for Zcash, nVersionGroupId
        optional uint32 timestamp = 13;         // only for Peercoin
        optional uint32 branch_id = 14;         // only for Zcash, BRANCH_ID
        /**
        * Structure representing transaction input
        */
        message TxInputType {
            repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
            required bytes prev_hash = 2;                                       // hash of previous transaction output to spend by this input
            required uint32 prev_index = 3;                                     // index of previous output to spend
            optional bytes script_sig = 4;                                      // script signature, unset for tx to sign
            optional uint32 sequence = 5 [default=4294967295];                  // sequence (default=0xffffffff)
            optional InputScriptType script_type = 6 [default=SPENDADDRESS];    // defines template of input script
            optional MultisigRedeemScriptType multisig = 7;                     // Filled if input is going to spend multisig tx
            optional uint64 amount = 8;                                         // amount of previous transaction output (for segwit only)
            optional uint32 decred_tree = 9;                                    // only for Decred
            // optional uint32 decred_script_version = 10;                         // only for Decred  // deprecated -> only 0 is supported
            // optional bytes prev_block_hash_bip115 = 11;     // BIP-115 support dropped
            // optional uint32 prev_block_height_bip115 = 12;  // BIP-115 support dropped
            optional bytes witness = 13;                                        // witness data, only set for EXTERNAL inputs
            optional bytes ownership_proof = 14;                                // SLIP-0019 proof of ownership, only set for EXTERNAL inputs
            optional bytes commitment_data = 15;                                // optional commitment data for the SLIP-0019 proof of ownership

        }
        /**
        * Structure representing compiled transaction output
        */
        message TxOutputBinType {
            required uint64 amount = 1;
            required bytes script_pubkey = 2;
            optional uint32 decred_script_version = 3;      // only for Decred
        }
        /**
        * Structure representing transaction output
        */
        message TxOutputType {
            optional string address = 1;                    // target coin address in Base58 encoding
            repeated uint32 address_n = 2;                  // BIP-32 path to derive the key from master node; has higher priority than "address"
            required uint64 amount = 3;                     // amount to spend in satoshis
            optional OutputScriptType script_type = 4 [default=PAYTOADDRESS];      // output script type
            optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG
            optional bytes op_return_data = 6;              // defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0
            // optional uint32 decred_script_version = 7;      // only for Decred  // deprecated -> only 0 is supported
            // optional bytes block_hash_bip115 = 8;        // BIP-115 support dropped
            // optional uint32 block_height_bip115 = 9;     // BIP-115 support dropped
        }
    }
}

/** Data type for transaction input to be signed.
 *
 * When adding fields, take care to not conflict with PrevInput
 *
 * @embed
 */
message TxInput {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    required bytes prev_hash = 2;                                       // hash of previous transaction output to spend by this input
    required uint32 prev_index = 3;                                     // index of previous output to spend
    optional bytes script_sig = 4;                                      // script signature, only set for EXTERNAL inputs
    optional uint32 sequence = 5 [default=0xffffffff];                  // sequence
    optional InputScriptType script_type = 6 [default=SPENDADDRESS];    // defines template of input script
    optional MultisigRedeemScriptType multisig = 7;                     // Filled if input is going to spend multisig tx
    required uint64 amount = 8;                                         // amount of previous transaction output
    optional uint32 decred_tree = 9;                                    // only for Decred
    optional bytes witness = 13;                                        // witness data, only set for EXTERNAL inputs
    optional bytes ownership_proof = 14;                                // SLIP-0019 proof of ownership, only set for EXTERNAL inputs
    optional bytes commitment_data = 15;                                // optional commitment data for the SLIP-0019 proof of ownership

    // fields which are in use, or have been in the past, in TxInputType
    reserved 10, 11, 12;
}

/** Data type for transaction output to be signed.
 * @embed
 */
message TxOutput {
    optional string address = 1;                    // destination address in Base58 encoding; script_type must be PAYTOADDRESS
    repeated uint32 address_n = 2;                  // BIP-32 path to derive the destination (used for change addresses)
    required uint64 amount = 3;                     // amount to spend in satoshis
    optional OutputScriptType script_type = 4 [default=PAYTOADDRESS];      // output script type
    optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG
    optional bytes op_return_data = 6;              // defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0

    // fields which are in use, or have been in the past, in TxOutputType
    reserved 7, 8, 9;
}

/** Data type for metadata about previous transaction which contains the UTXO being spent.
 * @embed
 */
message PrevTx {
    required uint32 version = 1;
    required uint32 lock_time = 4;
    required uint32 inputs_count = 6;
    required uint32 outputs_count = 7;
    optional uint32 extra_data_len = 9 [default=0];     // only for Dash, Zcash
    optional uint32 expiry = 10;            // only for Decred and Zcash
    optional uint32 version_group_id = 12;  // only for Zcash, nVersionGroupId
    optional uint32 timestamp = 13;         // only for Peercoin
    optional uint32 branch_id = 14;         // only for Zcash, BRANCH_ID

    // fields which are in use, or have been in the past, in TransactionType
    reserved 2, 3, 5, 8, 11;
}

/** Data type for inputs of previous transactions.
 *
 * When adding fields, take care to not conflict with TxInput
 * @embed
 */
message PrevInput {
    required bytes prev_hash = 2;                                       // hash of previous transaction output to spend by this input
    required uint32 prev_index = 3;                                     // index of previous output to spend
    required bytes script_sig = 4;                                      // script signature
    required uint32 sequence = 5;                                       // sequence
    optional uint32 decred_tree = 9;                                    // only for Decred

    // fields that are in use, or have been in the past, in TxInputType
    reserved 1, 6, 7, 8, 10, 11, 12, 13, 14, 15;
}

/** Data type for outputs of previous transactions.
 * @embed
 */
message PrevOutput {
    required uint64 amount = 1;                     // amount sent to this output
    required bytes script_pubkey = 2;               // scriptPubkey of this output
    optional uint32 decred_script_version = 3;      // only for Decred
}

/**
 * Request: Data about input to be signed.
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 * Prefer to modify the inner TxInput type.
 *
 * @next TxRequest
 */
message TxAckInput {
    option (wire_type) = 22;

    required TxAckInputWrapper tx = 1;

    message TxAckInputWrapper {
        required TxInput input = 2;
    }
}

/**
 * Request: Data about output to be signed.
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 * Prefer to modify the inner TxOutput type.
 *
 * @next TxRequest
 */
message TxAckOutput {
    option (wire_type) = 22;

    required TxAckOutputWrapper tx = 1;

    message TxAckOutputWrapper {
        required TxOutput output = 5;
    }
}

/**
 * Request: Data about previous transaction metadata
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 * Prefer to modify the inner PrevTx type.
 *
 * @next TxRequest
 */
message TxAckPrevMeta {
    option (wire_type) = 22;

    required PrevTx tx = 1;
}

/**
 * Request: Data about previous transaction input
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 * Prefer to modify the inner PrevInput type.
 *
 * @next TxRequest
 */
message TxAckPrevInput {
    option (wire_type) = 22;

    required TxAckPrevInputWrapper tx = 1;

    message TxAckPrevInputWrapper {
        required PrevInput input = 2;

    }
}

/**
 * Request: Data about previous transaction output
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 * Prefer to modify the inner PrevOutput type.
 *
 * @next TxRequest
 */
message TxAckPrevOutput {
    option (wire_type) = 22;

    required TxAckPrevOutputWrapper tx = 1;

    message TxAckPrevOutputWrapper {
        required PrevOutput output = 3;
    }
}

/**
 * Request: Content of the extra data of a previous transaction
 * Wire-alias of TxAck.
 *
 * Do not edit this type without considering compatibility with TxAck.
 *
 * @next TxRequest
 */
 message TxAckPrevExtraData {
    option (wire_type) = 22;

    required TxAckPrevExtraDataWrapper tx = 1;

    message TxAckPrevExtraDataWrapper {
        required bytes extra_data_chunk = 8;
    }
}

/**
 * Request: Ask device for a proof of ownership corresponding to address_n path
 * @start
 * @next OwnershipProof
 * @next Failure
 */
message GetOwnershipProof {
    repeated uint32 address_n = 1;                                      // BIP-32 path to derive the key from master node
    optional string coin_name = 2 [default='Bitcoin'];                  // coin to use
    optional InputScriptType script_type = 3 [default=SPENDWITNESS];    // used to distinguish between various scriptPubKey types
    optional MultisigRedeemScriptType multisig = 4;                     // filled if proof is for a multisig address
    optional bool user_confirmation = 5 [default=false];                // show a confirmation dialog and set the "user confirmation" bit in the proof
    repeated bytes ownership_ids = 6;                                   // list of ownership identifiers in case of multisig
    optional bytes commitment_data = 7 [default=''];                    // additional data to which the proof should commit
}

/**
 * Response: Contains the proof of ownership
 * @end
 */
message OwnershipProof {
    required bytes ownership_proof = 1;     // SLIP-0019 proof of ownership
    required bytes signature = 2;           // signature of the proof
}

/**
 * Request: Ask device to prompt the user to authorize a CoinJoin transaction
 * @start
 * @next Success
 * @next Failure
 */
message AuthorizeCoinJoin {
    option (unstable) = true;

    required string coordinator = 1;                                    // coordinator identifier to approve as a prefix in commitment data (max. 18 ASCII characters)
    required uint64 max_total_fee = 2;                                  // maximum total fees
    optional uint32 fee_per_anonymity = 3;                              // fee per anonymity set in units of 10^-9 percent
    repeated uint32 address_n = 4;                                      // prefix of the BIP-32 path leading to the account (m / purpose' / coin_type' / account')
    optional string coin_name = 5 [default='Bitcoin'];                  // coin to use
    optional InputScriptType script_type = 6 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
}