trezor-firmware/common/protob/messages.proto

syntax = "proto2";
package hw.trezor.messages;

/**
 * Messages for Trezor communication
 */

// Sugar for easier handling in Java
option java_package = "com.satoshilabs.trezor.lib.protobuf";
option java_outer_classname = "TrezorMessage";

option (include_in_bitcoin_only) = true;

import "google/protobuf/descriptor.proto";

/************************* WARNING ***********************
Due to the way extensions are accessed in pb2py, there needs to be a globally unique
name-ID mapping for extensions. That means that two different extensions, e.g. for
EnumValueOptions and FieldOptions, MUST NOT have the same ID.

Using the same ID indicates the same purpose (protobuf does not allow multiple
extensions with the same name), such as EnumValueOptions.bitcoin_only and
FileOptions.include_in_bitcoin_only. pb2py can then find the extension under
either name.

The convention to achieve this is as follows:
 - extensions specific to a type have the same prefix:
   * 50xxx for EnumValueOptions
   * 51xxx for EnumOptions
   * 52xxx for MessageOptions
   * 53xxx for FieldOptions
 - extensions that might be used across types have the same "global" prefix 60xxx
*/
/**
 * Options for specifying message direction and type of wire (normal/debug)
 */
extend google.protobuf.EnumValueOptions {
    optional bool wire_in = 50002;              // message can be transmitted via wire from PC to Trezor
    optional bool wire_out = 50003;             // message can be transmitted via wire from Trezor to PC
    optional bool wire_debug_in = 50004;        // message can be transmitted via debug wire from PC to Trezor
    optional bool wire_debug_out = 50005;       // message can be transmitted via debug wire from Trezor to PC
    optional bool wire_tiny = 50006;            // message is handled by Trezor when the USB stack is in tiny mode
    optional bool wire_bootloader = 50007;      // message is only handled by Trezor Bootloader
    optional bool wire_no_fsm = 50008;          // message is not handled by Trezor unless the USB stack is in tiny mode

    optional bool bitcoin_only = 60000;         // enum value is available on BITCOIN_ONLY build
                                                // (messages not marked bitcoin_only will be EXCLUDED)
}

/** Options for tagging enum types */
extend google.protobuf.EnumOptions {
    optional bool has_bitcoin_only_values = 51001;  // indicate that some values should be excluded on BITCOIN_ONLY builds
}

/** Options for tagging message types */
extend google.protobuf.MessageOptions {
    optional bool unstable = 52001;   // indicate that a message definition might change at any time
    optional uint32 wire_type = 52002;   // override wire type specified in the MessageType enum
}

/** Options for tagging field types */
extend google.protobuf.FieldOptions {
    optional bool experimental = 53001;   // indicate that a field is intended for development and beta testing only
}

/** Options for tagging files with protobuf definitions */
extend google.protobuf.FileOptions {
    optional bool include_in_bitcoin_only = 60000;  // definitions are available on BITCOIN_ONLY build
                                                    // intentionally identical to `bitcoin_only` from enum
}


/**
 * Mapping between Trezor wire identifier (uint) and a protobuf message
 */
enum MessageType {
    option (has_bitcoin_only_values) = true;

    // Management
    MessageType_Initialize = 0 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true];
    MessageType_Ping = 1 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_Success = 2 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_Failure = 3 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_ChangePin = 4 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_WipeDevice = 5 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_GetEntropy = 9 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_Entropy = 10 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_LoadDevice = 13 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ResetDevice = 14 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_Features = 17 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_PinMatrixRequest = 18 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_PinMatrixAck = 19 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
    MessageType_Cancel = 20 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true];
    MessageType_LockDevice = 24 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ApplySettings = 25 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ButtonRequest = 26 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_ButtonAck = 27 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
    MessageType_ApplyFlags = 28 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_BackupDevice = 34 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_EntropyRequest = 35 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_EntropyAck = 36 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_PassphraseRequest = 41 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_PassphraseAck = 42 [(bitcoin_only) = true, (wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
    MessageType_RecoveryDevice = 45 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_WordRequest = 46 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_WordAck = 47 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_GetFeatures = 55 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_SdProtect = 79 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ChangeWipeCode = 82 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_EndSession = 83 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_DoPreauthorized = 84 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_PreauthorizedRequest = 85 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_CancelAuthorization = 86 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_RebootToBootloader = 87 [(bitcoin_only) = true, (wire_in) = true];

    MessageType_SetU2FCounter = 63 [(wire_in) = true];
    MessageType_GetNextU2FCounter = 80 [(wire_in) = true];
    MessageType_NextU2FCounter = 81 [(wire_out) = true];

    // Deprecated messages, kept for protobuf compatibility.
    // Both are marked wire_out so that we don't need to implement incoming handler for legacy
    MessageType_Deprecated_PassphraseStateRequest = 77 [deprecated = true];
    MessageType_Deprecated_PassphraseStateAck = 78 [deprecated = true];

    // Bootloader
    MessageType_FirmwareErase = 6 [(bitcoin_only) = true, (wire_in) = true, (wire_bootloader) = true];
    MessageType_FirmwareUpload = 7 [(bitcoin_only) = true, (wire_in) = true, (wire_bootloader) = true];
    MessageType_FirmwareRequest = 8 [(bitcoin_only) = true, (wire_out) = true, (wire_bootloader) = true];
    MessageType_SelfTest = 32 [(bitcoin_only) = true, (wire_in) = true, (wire_bootloader) = true];

    // Bitcoin
    MessageType_GetPublicKey = 11 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_PublicKey = 12 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_SignTx = 15 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_TxRequest = 21 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_TxAck = 22 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_GetAddress = 29 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_Address = 30 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_SignMessage = 38 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_VerifyMessage = 39 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_MessageSignature = 40 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_GetOwnershipId = 43 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_OwnershipId = 44 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_GetOwnershipProof = 49 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_OwnershipProof = 50 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_AuthorizeCoinJoin = 51 [(bitcoin_only) = true, (wire_in) = true];

    // Crypto
    MessageType_CipherKeyValue = 23 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_CipheredKeyValue = 48 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_SignIdentity = 53 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_SignedIdentity = 54 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_GetECDHSessionKey = 61 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ECDHSessionKey = 62 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_CosiCommit = 71 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_CosiCommitment = 72 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_CosiSign = 73 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_CosiSignature = 74 [(bitcoin_only) = true, (wire_out) = true];

    // Debug
    MessageType_DebugLinkDecision = 100 [(bitcoin_only) = true, (wire_debug_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
    MessageType_DebugLinkGetState = 101 [(bitcoin_only) = true, (wire_debug_in) = true, (wire_tiny) = true];
    MessageType_DebugLinkState = 102 [(bitcoin_only) = true, (wire_debug_out) = true];
    MessageType_DebugLinkStop = 103 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkLog = 104 [(bitcoin_only) = true, (wire_debug_out) = true];
    MessageType_DebugLinkMemoryRead = 110 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkMemory = 111 [(bitcoin_only) = true, (wire_debug_out) = true];
    MessageType_DebugLinkMemoryWrite = 112 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkFlashErase = 113 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkLayout = 9001 [(bitcoin_only) = true, (wire_debug_out) = true];
    MessageType_DebugLinkReseedRandom = 9002 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkRecordScreen = 9003 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkEraseSdCard = 9005 [(bitcoin_only) = true, (wire_debug_in) = true];
    MessageType_DebugLinkWatchLayout = 9006 [(bitcoin_only) = true, (wire_debug_in) = true];

    // Ethereum
    MessageType_EthereumGetPublicKey = 450 [(wire_in) = true];
    MessageType_EthereumPublicKey = 451 [(wire_out) = true];
    MessageType_EthereumGetAddress = 56 [(wire_in) = true];
    MessageType_EthereumAddress = 57 [(wire_out) = true];
    MessageType_EthereumSignTx = 58 [(wire_in) = true];
    MessageType_EthereumSignTxEIP1559 = 452 [(wire_in) = true];
    MessageType_EthereumTxRequest = 59 [(wire_out) = true];
    MessageType_EthereumTxAck = 60 [(wire_in) = true];
    MessageType_EthereumSignMessage = 64 [(wire_in) = true];
    MessageType_EthereumVerifyMessage = 65 [(wire_in) = true];
    MessageType_EthereumMessageSignature = 66 [(wire_out) = true];
    MessageType_EthereumSignTypedData = 464 [(wire_in) = true];
    MessageType_EthereumTypedDataStructRequest = 465 [(wire_out) = true];
    MessageType_EthereumTypedDataStructAck = 466 [(wire_in) = true];
    MessageType_EthereumTypedDataValueRequest = 467 [(wire_out) = true];
    MessageType_EthereumTypedDataValueAck = 468 [(wire_in) = true];
    MessageType_EthereumTypedDataSignature = 469 [(wire_out) = true];

    // NEM
    MessageType_NEMGetAddress = 67 [(wire_in) = true];
    MessageType_NEMAddress = 68 [(wire_out) = true];
    MessageType_NEMSignTx = 69 [(wire_in) = true];
    MessageType_NEMSignedTx = 70 [(wire_out) = true];
    MessageType_NEMDecryptMessage = 75 [(wire_in) = true];
    MessageType_NEMDecryptedMessage = 76 [(wire_out) = true];

    // Lisk
    /*
    MessageType_LiskGetAddress = 114 [(wire_in) = true];
    MessageType_LiskAddress = 115 [(wire_out) = true];
    MessageType_LiskSignTx = 116 [(wire_in) = true];
    MessageType_LiskSignedTx = 117 [(wire_out) = true];
    MessageType_LiskSignMessage = 118 [(wire_in) = true];
    MessageType_LiskMessageSignature = 119 [(wire_out) = true];
    MessageType_LiskVerifyMessage = 120 [(wire_in) = true];
    MessageType_LiskGetPublicKey = 121 [(wire_in) = true];
    MessageType_LiskPublicKey = 122 [(wire_out) = true];
    */
    reserved 114 to 122;

    // Tezos
    MessageType_TezosGetAddress = 150 [(wire_in) = true];
    MessageType_TezosAddress = 151 [(wire_out) = true];
    MessageType_TezosSignTx = 152 [(wire_in) = true];
    MessageType_TezosSignedTx = 153 [(wire_out) = true];
    MessageType_TezosGetPublicKey = 154 [(wire_in) = true];
    MessageType_TezosPublicKey = 155 [(wire_out) = true];

    // Stellar
    MessageType_StellarSignTx = 202 [(wire_in) = true];
    MessageType_StellarTxOpRequest = 203 [(wire_out) = true];
    MessageType_StellarGetAddress = 207 [(wire_in) = true];
    MessageType_StellarAddress = 208 [(wire_out) = true];
    MessageType_StellarCreateAccountOp = 210 [(wire_in) = true];
    MessageType_StellarPaymentOp = 211 [(wire_in) = true];
    MessageType_StellarPathPaymentOp = 212 [(wire_in) = true];
    MessageType_StellarManageOfferOp = 213 [(wire_in) = true];
    MessageType_StellarCreatePassiveOfferOp = 214 [(wire_in) = true];
    MessageType_StellarSetOptionsOp = 215 [(wire_in) = true];
    MessageType_StellarChangeTrustOp = 216 [(wire_in) = true];
    MessageType_StellarAllowTrustOp = 217 [(wire_in) = true];
    MessageType_StellarAccountMergeOp = 218 [(wire_in) = true];
    // omitted: StellarInflationOp is not a supported operation, would be 219
    MessageType_StellarManageDataOp = 220 [(wire_in) = true];
    MessageType_StellarBumpSequenceOp = 221 [(wire_in) = true];
    MessageType_StellarSignedTx = 230 [(wire_out) = true];

    // Cardano
    // dropped Sign/VerifyMessage ids 300-302
    // dropped TxRequest/TxAck ids 304 and 309 (shelley update)
    MessageType_CardanoSignTx = 303 [(wire_in) = true];
    MessageType_CardanoGetPublicKey = 305 [(wire_in) = true];
    MessageType_CardanoPublicKey = 306 [(wire_out) = true];
    MessageType_CardanoGetAddress = 307 [(wire_in) = true];
    MessageType_CardanoAddress = 308 [(wire_out) = true];
    MessageType_CardanoSignedTx = 310 [(wire_out) = true];
    MessageType_CardanoSignedTxChunk = 311 [(wire_out) = true];
    MessageType_CardanoSignedTxChunkAck = 312 [(wire_in) = true];
    MessageType_CardanoTxItemAck = 313 [(wire_out) = true];
    MessageType_CardanoTxAuxiliaryDataSupplement = 314 [(wire_out) = true];
    MessageType_CardanoTxWitnessRequest = 315 [(wire_in) = true];
    MessageType_CardanoTxWitnessResponse = 316 [(wire_out) = true];
    MessageType_CardanoTxHostAck = 317 [(wire_in) = true];
    MessageType_CardanoTxBodyHash = 318 [(wire_out) = true];
    MessageType_CardanoSignTxFinished = 319 [(wire_out) = true];
    MessageType_CardanoSignTxInit = 320 [(wire_in) = true];
    MessageType_CardanoTxInput = 321 [(wire_in) = true];
    MessageType_CardanoTxOutput = 322 [(wire_in) = true];
    MessageType_CardanoAssetGroup = 323 [(wire_in) = true];
    MessageType_CardanoToken = 324 [(wire_in) = true];
    MessageType_CardanoTxCertificate = 325 [(wire_in) = true];
    MessageType_CardanoTxWithdrawal = 326 [(wire_in) = true];
    MessageType_CardanoTxAuxiliaryData = 327 [(wire_in) = true];
    MessageType_CardanoPoolOwner = 328 [(wire_in) = true];
    MessageType_CardanoPoolRelayParameters = 329 [(wire_in) = true];
    MessageType_CardanoGetNativeScriptHash = 330 [(wire_in) = true];
    MessageType_CardanoNativeScriptHash = 331 [(wire_out) = true];
    MessageType_CardanoTxMint = 332 [(wire_in) = true];

    // Ripple
    MessageType_RippleGetAddress = 400 [(wire_in) = true];
    MessageType_RippleAddress = 401 [(wire_out) = true];
    MessageType_RippleSignTx = 402 [(wire_in) = true];
    MessageType_RippleSignedTx = 403 [(wire_in) = true];

    // Monero
    MessageType_MoneroTransactionInitRequest = 501 [(wire_out) = true];
    MessageType_MoneroTransactionInitAck = 502 [(wire_out) = true];
    MessageType_MoneroTransactionSetInputRequest = 503 [(wire_out) = true];
    MessageType_MoneroTransactionSetInputAck = 504 [(wire_out) = true];
    MessageType_MoneroTransactionInputsPermutationRequest = 505 [(wire_out) = true];
    MessageType_MoneroTransactionInputsPermutationAck = 506 [(wire_out) = true];
    MessageType_MoneroTransactionInputViniRequest = 507 [(wire_out) = true];
    MessageType_MoneroTransactionInputViniAck = 508 [(wire_out) = true];
    MessageType_MoneroTransactionAllInputsSetRequest = 509 [(wire_out) = true];
    MessageType_MoneroTransactionAllInputsSetAck = 510 [(wire_out) = true];
    MessageType_MoneroTransactionSetOutputRequest = 511 [(wire_out) = true];
    MessageType_MoneroTransactionSetOutputAck = 512 [(wire_out) = true];
    MessageType_MoneroTransactionAllOutSetRequest = 513 [(wire_out) = true];
    MessageType_MoneroTransactionAllOutSetAck = 514 [(wire_out) = true];
    MessageType_MoneroTransactionSignInputRequest = 515 [(wire_out) = true];
    MessageType_MoneroTransactionSignInputAck = 516 [(wire_out) = true];
    MessageType_MoneroTransactionFinalRequest = 517 [(wire_out) = true];
    MessageType_MoneroTransactionFinalAck = 518 [(wire_out) = true];
    MessageType_MoneroKeyImageExportInitRequest = 530 [(wire_out) = true];
    MessageType_MoneroKeyImageExportInitAck = 531 [(wire_out) = true];
    MessageType_MoneroKeyImageSyncStepRequest = 532 [(wire_out) = true];
    MessageType_MoneroKeyImageSyncStepAck = 533 [(wire_out) = true];
    MessageType_MoneroKeyImageSyncFinalRequest = 534 [(wire_out) = true];
    MessageType_MoneroKeyImageSyncFinalAck = 535 [(wire_out) = true];
    MessageType_MoneroGetAddress = 540 [(wire_in) = true];
    MessageType_MoneroAddress = 541 [(wire_out) = true];
    MessageType_MoneroGetWatchKey = 542 [(wire_in) = true];
    MessageType_MoneroWatchKey = 543 [(wire_out) = true];
    MessageType_DebugMoneroDiagRequest = 546 [(wire_in) = true];
    MessageType_DebugMoneroDiagAck = 547 [(wire_out) = true];
    MessageType_MoneroGetTxKeyRequest = 550 [(wire_in) = true];
    MessageType_MoneroGetTxKeyAck = 551 [(wire_out) = true];
    MessageType_MoneroLiveRefreshStartRequest = 552 [(wire_in) = true];
    MessageType_MoneroLiveRefreshStartAck = 553 [(wire_out) = true];
    MessageType_MoneroLiveRefreshStepRequest = 554 [(wire_in) = true];
    MessageType_MoneroLiveRefreshStepAck = 555 [(wire_out) = true];
    MessageType_MoneroLiveRefreshFinalRequest = 556 [(wire_in) = true];
    MessageType_MoneroLiveRefreshFinalAck = 557 [(wire_out) = true];

    // EOS
    MessageType_EosGetPublicKey = 600 [(wire_in) = true];
    MessageType_EosPublicKey = 601 [(wire_out) = true];
    MessageType_EosSignTx = 602 [(wire_in) = true];
    MessageType_EosTxActionRequest = 603 [(wire_out) = true];
    MessageType_EosTxActionAck = 604 [(wire_in) = true];
    MessageType_EosSignedTx = 605 [(wire_out) = true];

    // Binance
    MessageType_BinanceGetAddress = 700 [(wire_in) = true];
    MessageType_BinanceAddress = 701 [(wire_out) = true];
    MessageType_BinanceGetPublicKey = 702 [(wire_in) = true];
    MessageType_BinancePublicKey = 703 [(wire_out) = true];
    MessageType_BinanceSignTx = 704 [(wire_in) = true];
    MessageType_BinanceTxRequest = 705 [(wire_out) = true];
    MessageType_BinanceTransferMsg = 706 [(wire_in) = true];
    MessageType_BinanceOrderMsg = 707 [(wire_in) = true];
    MessageType_BinanceCancelMsg = 708 [(wire_in) = true];
    MessageType_BinanceSignedTx = 709 [(wire_out) = true];

    // WebAuthn
    MessageType_WebAuthnListResidentCredentials = 800 [(wire_in) = true];
    MessageType_WebAuthnCredentials = 801 [(wire_out) = true];
    MessageType_WebAuthnAddResidentCredential = 802 [(wire_in) = true];
    MessageType_WebAuthnRemoveResidentCredential = 803 [(wire_in) = true];
}