You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2224 lines
70 KiB
2224 lines
70 KiB
syntax = "proto2";
|
|
|
|
/**
|
|
* Messages for TREZOR communication
|
|
*/
|
|
|
|
// Sugar for easier handling in Java
|
|
option java_package = "com.satoshilabs.trezor.lib.protobuf";
|
|
option java_outer_classname = "TrezorMessage";
|
|
|
|
import "google/protobuf/descriptor.proto";
|
|
|
|
/**
|
|
* Options for specifying message direction and type of wire (normal/debug)
|
|
*/
|
|
extend google.protobuf.EnumValueOptions {
|
|
optional bool wire_in = 50002; // message can be transmitted via wire from PC to TREZOR
|
|
optional bool wire_out = 50003; // message can be transmitted via wire from TREZOR to PC
|
|
optional bool wire_debug_in = 50004; // message can be transmitted via debug wire from PC to TREZOR
|
|
optional bool wire_debug_out = 50005; // message can be transmitted via debug wire from TREZOR to PC
|
|
optional bool wire_tiny = 50006; // message is handled by TREZOR when the USB stack is in tiny mode
|
|
optional bool wire_bootloader = 50007; // message is only handled by TREZOR Bootloader
|
|
optional bool wire_no_fsm = 50008; // message is not handled by TREZOR unless the USB stack is in tiny mode
|
|
}
|
|
|
|
/**
|
|
* Type of failures returned by Failure message
|
|
* @used_in Failure
|
|
*/
|
|
enum FailureType {
|
|
Failure_UnexpectedMessage = 1;
|
|
Failure_ButtonExpected = 2;
|
|
Failure_DataError = 3;
|
|
Failure_ActionCancelled = 4;
|
|
Failure_PinExpected = 5;
|
|
Failure_PinCancelled = 6;
|
|
Failure_PinInvalid = 7;
|
|
Failure_InvalidSignature = 8;
|
|
Failure_ProcessError = 9;
|
|
Failure_NotEnoughFunds = 10;
|
|
Failure_NotInitialized = 11;
|
|
Failure_PinMismatch = 12;
|
|
Failure_FirmwareError = 99;
|
|
}
|
|
|
|
/**
|
|
* Type of script which will be used for transaction output
|
|
* @used_in TxOutputType
|
|
*/
|
|
enum OutputScriptType {
|
|
PAYTOADDRESS = 0; // used for all addresses (bitcoin, p2sh, witness)
|
|
PAYTOSCRIPTHASH = 1; // p2sh address (deprecated; use PAYTOADDRESS)
|
|
PAYTOMULTISIG = 2; // only for change output
|
|
PAYTOOPRETURN = 3; // op_return
|
|
PAYTOWITNESS = 4; // only for change output
|
|
PAYTOP2SHWITNESS = 5; // only for change output
|
|
}
|
|
|
|
/**
|
|
* Type of script which will be used for transaction output
|
|
* @used_in TxInputType
|
|
*/
|
|
enum InputScriptType {
|
|
SPENDADDRESS = 0; // standard p2pkh address
|
|
SPENDMULTISIG = 1; // p2sh multisig address
|
|
EXTERNAL = 2; // reserved for external inputs (coinjoin)
|
|
SPENDWITNESS = 3; // native segwit
|
|
SPENDP2SHWITNESS = 4; // segwit over p2sh (backward compatible)
|
|
}
|
|
|
|
/**
|
|
* Type of information required by transaction signing process
|
|
* @used_in TxRequest
|
|
*/
|
|
enum RequestType {
|
|
TXINPUT = 0;
|
|
TXOUTPUT = 1;
|
|
TXMETA = 2;
|
|
TXFINISHED = 3;
|
|
TXEXTRADATA = 4;
|
|
}
|
|
|
|
/**
|
|
* Type of button request
|
|
* @used_in ButtonRequest
|
|
*/
|
|
enum ButtonRequestType {
|
|
ButtonRequest_Other = 1;
|
|
ButtonRequest_FeeOverThreshold = 2;
|
|
ButtonRequest_ConfirmOutput = 3;
|
|
ButtonRequest_ResetDevice = 4;
|
|
ButtonRequest_ConfirmWord = 5;
|
|
ButtonRequest_WipeDevice = 6;
|
|
ButtonRequest_ProtectCall = 7;
|
|
ButtonRequest_SignTx = 8;
|
|
ButtonRequest_FirmwareCheck = 9;
|
|
ButtonRequest_Address = 10;
|
|
ButtonRequest_PublicKey = 11;
|
|
ButtonRequest_MnemonicWordCount = 12;
|
|
ButtonRequest_MnemonicInput = 13;
|
|
ButtonRequest_PassphraseType = 14;
|
|
}
|
|
|
|
/**
|
|
* Type of PIN request
|
|
* @used_in PinMatrixRequest
|
|
*/
|
|
enum PinMatrixRequestType {
|
|
PinMatrixRequestType_Current = 1;
|
|
PinMatrixRequestType_NewFirst = 2;
|
|
PinMatrixRequestType_NewSecond = 3;
|
|
}
|
|
|
|
/**
|
|
* Type of recovery procedure. These should be used as bitmask, e.g.,
|
|
* `RecoveryDeviceType_ScrambledWords | RecoveryDeviceType_Matrix`
|
|
* listing every method supported by the host computer.
|
|
*
|
|
* Note that ScrambledWords must be supported by every implementation
|
|
* for backward compatibility; there is no way to not support it.
|
|
*
|
|
* @used_in RecoveryDevice
|
|
*/
|
|
enum RecoveryDeviceType {
|
|
// use powers of two when extending this field
|
|
RecoveryDeviceType_ScrambledWords = 0; // words in scrambled order
|
|
RecoveryDeviceType_Matrix = 1; // matrix recovery type
|
|
}
|
|
|
|
/**
|
|
* Type of Recovery Word request
|
|
* @used_in WordRequest
|
|
*/
|
|
enum WordRequestType {
|
|
WordRequestType_Plain = 0;
|
|
WordRequestType_Matrix9 = 1;
|
|
WordRequestType_Matrix6 = 2;
|
|
}
|
|
|
|
/**
|
|
* Structure representing BIP32 (hierarchical deterministic) node
|
|
* Used for imports of private key into the device and exporting public key out of device
|
|
* @used_in PublicKey
|
|
* @used_in LoadDevice
|
|
* @used_in DebugLinkState
|
|
* @used_in Storage
|
|
*/
|
|
message HDNodeType {
|
|
required uint32 depth = 1;
|
|
required uint32 fingerprint = 2;
|
|
required uint32 child_num = 3;
|
|
required bytes chain_code = 4;
|
|
optional bytes private_key = 5;
|
|
optional bytes public_key = 6;
|
|
}
|
|
|
|
message HDNodePathType {
|
|
required HDNodeType node = 1; // BIP-32 node in deserialized form
|
|
repeated uint32 address_n = 2; // BIP-32 path to derive the key from node
|
|
}
|
|
|
|
/**
|
|
* Type of redeem script used in input
|
|
* @used_in TxInputType
|
|
*/
|
|
message MultisigRedeemScriptType {
|
|
repeated HDNodePathType pubkeys = 1; // pubkeys from multisig address (sorted lexicographically)
|
|
repeated bytes signatures = 2; // existing signatures for partially signed input
|
|
optional uint32 m = 3; // "m" from n, how many valid signatures is necessary for spending
|
|
}
|
|
|
|
/**
|
|
* Structure representing transaction input
|
|
* @used_in SimpleSignTx
|
|
* @used_in TransactionType
|
|
*/
|
|
message TxInputType {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
required bytes prev_hash = 2; // hash of previous transaction output to spend by this input
|
|
required uint32 prev_index = 3; // index of previous output to spend
|
|
optional bytes script_sig = 4; // script signature, unset for tx to sign
|
|
optional uint32 sequence = 5 [default=4294967295]; // sequence (default=0xffffffff)
|
|
optional InputScriptType script_type = 6 [default=SPENDADDRESS]; // defines template of input script
|
|
optional MultisigRedeemScriptType multisig = 7; // Filled if input is going to spend multisig tx
|
|
optional uint64 amount = 8; // amount of previous transaction output (for segwit only)
|
|
optional uint32 decred_tree = 9;
|
|
optional uint32 decred_script_version = 10;
|
|
optional bytes prev_block_hash_bip115 = 11; // block hash of previous transaction output (for bip115 implementation)
|
|
optional bytes prev_block_height_bip115 = 12; // block height of previous transaction output (for bip115 implementation)
|
|
}
|
|
|
|
/**
|
|
* Structure representing transaction output
|
|
* @used_in SimpleSignTx
|
|
* @used_in TransactionType
|
|
*/
|
|
message TxOutputType {
|
|
optional string address = 1; // target coin address in Base58 encoding
|
|
repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address"
|
|
required uint64 amount = 3; // amount to spend in satoshis
|
|
required OutputScriptType script_type = 4; // output script type
|
|
optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG
|
|
optional bytes op_return_data = 6; // defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0
|
|
optional uint32 decred_script_version = 7;
|
|
optional bytes block_hash_bip115 = 8; // block hash of existing block (recommended current_block - 300) (for bip115 implementation)
|
|
optional bytes block_height_bip115 = 9; // block height of existing block (recommended current_block - 300) (for bip115 implementation)
|
|
}
|
|
|
|
/**
|
|
* Structure representing compiled transaction output
|
|
* @used_in TransactionType
|
|
*/
|
|
message TxOutputBinType {
|
|
required uint64 amount = 1;
|
|
required bytes script_pubkey = 2;
|
|
optional uint32 decred_script_version = 3;
|
|
}
|
|
|
|
/**
|
|
* Structure representing transaction
|
|
* @used_in TxAck
|
|
*/
|
|
message TransactionType {
|
|
optional uint32 version = 1;
|
|
repeated TxInputType inputs = 2;
|
|
repeated TxOutputBinType bin_outputs = 3;
|
|
repeated TxOutputType outputs = 5;
|
|
optional uint32 lock_time = 4;
|
|
optional uint32 inputs_cnt = 6;
|
|
optional uint32 outputs_cnt = 7;
|
|
optional bytes extra_data = 8; // only for Zcash
|
|
optional uint32 extra_data_len = 9; // only for Zcash
|
|
optional uint32 expiry = 10; // only for Decred and Zcash
|
|
optional bool overwintered = 11; // only for Zcash
|
|
}
|
|
|
|
/**
|
|
* Structure representing request details
|
|
* @used_in TxRequest
|
|
*/
|
|
message TxRequestDetailsType {
|
|
optional uint32 request_index = 1; // device expects TxAck message from the computer
|
|
optional bytes tx_hash = 2; // tx_hash of requested transaction
|
|
optional uint32 extra_data_len = 3; // length of requested extra data
|
|
optional uint32 extra_data_offset = 4; // offset of requested extra data
|
|
}
|
|
|
|
/**
|
|
* Structure representing serialized data
|
|
* @used_in TxRequest
|
|
*/
|
|
message TxRequestSerializedType {
|
|
optional uint32 signature_index = 1; // 'signature' field contains signed input of this index
|
|
optional bytes signature = 2; // signature of the signature_index input
|
|
optional bytes serialized_tx = 3; // part of serialized and signed transaction
|
|
}
|
|
|
|
/**
|
|
* Structure representing identity data
|
|
* @used_in IdentityType
|
|
*/
|
|
message IdentityType {
|
|
optional string proto = 1; // proto part of URI
|
|
optional string user = 2; // user part of URI
|
|
optional string host = 3; // host part of URI
|
|
optional string port = 4; // port part of URI
|
|
optional string path = 5; // path part of URI
|
|
optional uint32 index = 6 [default=0]; // identity index
|
|
}
|
|
|
|
/**
|
|
* Structure representing passphrase source
|
|
* @used_in ApplySettings
|
|
*/
|
|
enum PassphraseSourceType {
|
|
ASK = 0;
|
|
DEVICE = 1;
|
|
HOST = 2;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the common part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMTransactionCommon {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin)
|
|
optional uint32 timestamp = 3; // Number of seconds elapsed since the creation of the nemesis block
|
|
optional uint64 fee = 4; // Fee for the transaction
|
|
optional uint32 deadline = 5; // Deadline of the transaction
|
|
optional bytes signer = 6; // Public key of the account (for multisig transactions)
|
|
}
|
|
|
|
/**
|
|
* Structure representing the transfer transaction part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMTransfer {
|
|
optional string recipient = 1; // Address of the recipient
|
|
optional uint64 amount = 2; // Amount of micro NEM that is transferred
|
|
optional bytes payload = 3; // Actual message data (unencrypted)
|
|
optional bytes public_key = 4; // Public key of the recipient (for encrypted payloads)
|
|
repeated NEMMosaic mosaics = 5; // Attached mosaics
|
|
}
|
|
|
|
/**
|
|
* Structure representing the mosaic attachment for NEM transfer transactions
|
|
* @used_in NEMTransfer
|
|
*/
|
|
message NEMMosaic {
|
|
optional string namespace = 1; // Fully qualified name of the namespace
|
|
optional string mosaic = 2; // Name of the mosaic definition
|
|
optional uint64 quantity = 3; // Mosaic quantity, always given in smallest units
|
|
}
|
|
|
|
/**
|
|
* Structure representing the provision namespace part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMProvisionNamespace {
|
|
optional string namespace = 1; // New part concatenated to the parent
|
|
optional string parent = 2; // Parent namespace (for child namespaces)
|
|
optional string sink = 3; // Rental fee sink address
|
|
optional uint64 fee = 4; // Rental fee
|
|
}
|
|
|
|
/**
|
|
* Type of levy which will be used for mosaic
|
|
* @used_in NEMMosaicDefinition
|
|
*/
|
|
enum NEMMosaicLevy {
|
|
MosaicLevy_Absolute = 1;
|
|
MosaicLevy_Percentile = 2;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the mosaic definition creation part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMMosaicCreation {
|
|
optional NEMMosaicDefinition definition = 1; // Mosaic definition
|
|
optional string sink = 2; // Creation fee sink address
|
|
optional uint64 fee = 3; // Creation fee
|
|
}
|
|
|
|
/**
|
|
* Structure representing a mosaic definition
|
|
* @used_in NEMMosaicCreation
|
|
*/
|
|
message NEMMosaicDefinition {
|
|
optional string name = 1; // User-friendly name of the mosaic (for whitelisted mosaics)
|
|
optional string ticker = 2; // Ticker of the mosaic (for whitelisted mosaics)
|
|
optional string namespace = 3; // Fully qualified name of the namespace
|
|
optional string mosaic = 4; // Name of the mosaic definition
|
|
optional uint32 divisibility = 5; // Number of decimal places that a mosaic can be divided into
|
|
optional NEMMosaicLevy levy = 6; // Levy type
|
|
optional uint64 fee = 7; // Levy fee (interpretation depends on levy type)
|
|
optional string levy_address = 8; // Levy address
|
|
optional string levy_namespace = 9; // Fully qualified name of the namespace of the levy mosaic
|
|
optional string levy_mosaic = 10; // Name of the levy mosaic
|
|
optional uint64 supply = 11; // Initial supply to create, always given in entire units
|
|
optional bool mutable_supply = 12; // Mutable supply
|
|
optional bool transferable = 13; // Mosaic allows transfers among accounts other than the creator
|
|
optional string description = 14; // Mosaic description
|
|
repeated uint32 networks = 15; // Networks that the mosaic is valid on (for whitelisted mosaics)
|
|
}
|
|
|
|
/**
|
|
* Structure representing the mosaic supply change part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMMosaicSupplyChange {
|
|
optional string namespace = 1; // Fully qualified name of the namespace
|
|
optional string mosaic = 2; // Name of the mosaic definition
|
|
optional NEMSupplyChangeType type = 3; // Type of supply change
|
|
optional uint64 delta = 4; // Supply delta
|
|
}
|
|
|
|
/**
|
|
* Type of supply change which will be applied to mosaic
|
|
* @used_in NEMMosaicSupplyChange
|
|
*/
|
|
enum NEMSupplyChangeType {
|
|
SupplyChange_Increase = 1;
|
|
SupplyChange_Decrease = 2;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the aggregate modification part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMAggregateModification {
|
|
repeated NEMCosignatoryModification modifications = 1; // Cosignatory modifications
|
|
optional sint32 relative_change = 2; // Relative change of the minimum cosignatories
|
|
}
|
|
|
|
/**
|
|
* Structure representing the cosignatory modification for aggregate modification transactions
|
|
* @used_in NEMAggregateMdofiication
|
|
*/
|
|
message NEMCosignatoryModification {
|
|
optional NEMModificationType type = 1; // Type of cosignatory modification
|
|
optional bytes public_key = 2; // Public key of the cosignatory
|
|
}
|
|
|
|
/**
|
|
* Type of cosignatory modification
|
|
* @used_in NEMCosignatoryModification
|
|
*/
|
|
enum NEMModificationType {
|
|
CosignatoryModification_Add = 1;
|
|
CosignatoryModification_Delete = 2;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the importance transfer part for NEM transactions
|
|
* @used_in NEMSignTx
|
|
*/
|
|
message NEMImportanceTransfer {
|
|
optional NEMImportanceTransferMode mode = 1; // Mode of importance transfer
|
|
optional bytes public_key = 2; // Public key of the remote account
|
|
}
|
|
|
|
/**
|
|
* Mode of importance transfer
|
|
* @used_in NEMModificationType
|
|
*/
|
|
enum NEMImportanceTransferMode {
|
|
ImportanceTransfer_Activate = 1;
|
|
ImportanceTransfer_Deactivate = 2;
|
|
}
|
|
|
|
/**
|
|
* Describes a Stellar asset
|
|
* @used_in StellarTxOpAck
|
|
*/
|
|
message StellarAssetType {
|
|
optional uint32 type = 1; // 0 = native asset (XLM), 1 = alphanum 4, 2 = alphanum 12
|
|
optional string code = 2; // for non-native assets, string describing the code
|
|
optional string issuer = 3; // issuing address
|
|
}
|
|
|
|
/**
|
|
* Type of Lisk transaction
|
|
* @used_in LiskTransactionCommon
|
|
*/
|
|
enum LiskTransactionType {
|
|
Transfer = 0;
|
|
RegisterSecondPassphrase = 1;
|
|
RegisterDelegate = 2;
|
|
CastVotes = 3;
|
|
RegisterMultisignatureAccount = 4;
|
|
CreateDapp = 5;
|
|
TransferIntoDapp = 6;
|
|
TransferOutOfDapp = 7;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the common part for Lisk transactions
|
|
* @used_in LiskSignTx
|
|
*/
|
|
message LiskTransactionCommon {
|
|
optional LiskTransactionType type = 1;
|
|
optional uint64 amount = 2 [default=0];
|
|
optional uint64 fee = 3;
|
|
optional string recipient_id = 4;
|
|
optional bytes sender_public_key = 5;
|
|
optional bytes requester_public_key = 6;
|
|
optional bytes signature = 7;
|
|
optional uint32 timestamp = 8;
|
|
optional LiskTransactionAsset asset = 9;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the asset field in the Lisk transaction
|
|
* @used_in LiskTransactionCommon
|
|
*/
|
|
message LiskTransactionAsset {
|
|
optional LiskSignatureType signature = 1;
|
|
optional LiskDelegateType delegate = 2;
|
|
repeated string votes = 3;
|
|
optional LiskMultisignatureType multisignature = 4;
|
|
optional string data = 5;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the signature field in the Lisk transaction asset field
|
|
* @used_in LiskTransactionAsset
|
|
*/
|
|
message LiskSignatureType {
|
|
optional bytes public_key = 1;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the delegate field in the Lisk transaction asset field
|
|
* @used_in LiskTransactionAsset
|
|
*/
|
|
message LiskDelegateType {
|
|
optional string username = 1;
|
|
}
|
|
|
|
/**
|
|
* Structure representing the multisignature field in the Lisk transaction asset field
|
|
* @used_in LiskTransactionAsset
|
|
*/
|
|
message LiskMultisignatureType {
|
|
optional uint32 min = 1;
|
|
optional uint32 life_time = 2;
|
|
repeated string keys_group = 3;
|
|
}
|
|
|
|
/*
|
|
* Type of Tezos operation
|
|
* @used_in TezosOperationCommon
|
|
*/
|
|
enum TezosOperationType {
|
|
Transaction = 8;
|
|
Origination = 9;
|
|
Delegation = 10;
|
|
}
|
|
|
|
/*
|
|
* Type of Tezos Contract type
|
|
* @used_in TezosContractID
|
|
*/
|
|
enum TezosContractType {
|
|
Implicit = 0;
|
|
Originated = 1;
|
|
}
|
|
|
|
/*
|
|
* Tezos contract ID
|
|
* @used_in TezosOperationCommon
|
|
* @used_in TezosTransactionType
|
|
*/
|
|
message TezosContractID {
|
|
optional TezosContractType tag = 1;
|
|
optional bytes hash = 2; // Implicit = 21B, originated = 20B + 1B padding
|
|
}
|
|
|
|
/*
|
|
* Structure representing the common part for Tezos operations
|
|
* @used_in TezosSignTx
|
|
*/
|
|
message TezosOperationCommon {
|
|
optional bytes branch = 1;
|
|
optional TezosOperationType tag = 2;
|
|
optional TezosContractID source = 3;
|
|
optional uint64 fee = 4;
|
|
optional uint64 counter = 5;
|
|
optional uint64 gas_limit = 6;
|
|
optional uint64 storage_limit = 7;
|
|
}
|
|
|
|
/*
|
|
* Structure representing additional information for transaction
|
|
* @used_in TezosSignTx
|
|
*/
|
|
message TezosTransactionType {
|
|
optional uint64 amount = 1;
|
|
optional TezosContractID destination = 2;
|
|
optional bytes parameters = 3;
|
|
}
|
|
|
|
/*
|
|
* Structure representing additional information for origination
|
|
* @used_in TezosSignTx
|
|
*/
|
|
message TezosOriginationType {
|
|
optional bytes manager_pubkey = 1;
|
|
optional uint64 balance = 2;
|
|
optional bool spendable = 3;
|
|
optional bool delegatable = 4;
|
|
optional bytes delegate = 5; // 1B tag + 20B public key hash
|
|
optional bytes script = 6;
|
|
}
|
|
|
|
/*
|
|
* Structure representing additional information for delegation
|
|
* @used_in TezosSignTx
|
|
*/
|
|
message TezosDelegationType {
|
|
optional bytes delegate = 1; // 1B tag + 20B public key hash
|
|
}
|
|
|
|
/**
|
|
* Structure representing cardano transaction input
|
|
* @used_in CardanoSignTransacion
|
|
*/
|
|
message CardanoTxInputType {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bytes prev_hash = 2; // hash of previous transaction output to spend by this input
|
|
optional uint32 prev_index = 3; // index of previous output to spend
|
|
optional uint32 type = 4; // input type, defaults to 0
|
|
}
|
|
|
|
/**
|
|
* Structure representing cardano transaction output
|
|
* @used_in CardanoSignTransacion
|
|
*/
|
|
message CardanoTxOutputType {
|
|
optional string address = 1; // target coin address in Base58 encoding
|
|
repeated uint32 address_n = 2; // BIP-32 path to derive the key from master node; has higher priority than "address"
|
|
optional uint64 amount = 3; // amount to spend
|
|
}
|
|
|
|
/**
|
|
* Mapping between Trezor wire identifier (uint) and a protobuf message
|
|
*/
|
|
enum MessageType {
|
|
MessageType_Initialize = 0 [(wire_in) = true, (wire_tiny) = true];
|
|
MessageType_Ping = 1 [(wire_in) = true];
|
|
MessageType_Success = 2 [(wire_out) = true];
|
|
MessageType_Failure = 3 [(wire_out) = true];
|
|
MessageType_ChangePin = 4 [(wire_in) = true];
|
|
MessageType_WipeDevice = 5 [(wire_in) = true];
|
|
MessageType_FirmwareErase = 6 [(wire_in) = true, (wire_bootloader) = true];
|
|
MessageType_FirmwareUpload = 7 [(wire_in) = true, (wire_bootloader) = true];
|
|
MessageType_FirmwareRequest = 8 [(wire_out) = true, (wire_bootloader) = true];
|
|
MessageType_GetEntropy = 9 [(wire_in) = true];
|
|
MessageType_Entropy = 10 [(wire_out) = true];
|
|
MessageType_GetPublicKey = 11 [(wire_in) = true];
|
|
MessageType_PublicKey = 12 [(wire_out) = true];
|
|
MessageType_LoadDevice = 13 [(wire_in) = true];
|
|
MessageType_ResetDevice = 14 [(wire_in) = true];
|
|
MessageType_SignTx = 15 [(wire_in) = true];
|
|
MessageType_SimpleSignTx = 16 [(wire_in) = true, deprecated = true];
|
|
MessageType_Features = 17 [(wire_out) = true];
|
|
MessageType_PinMatrixRequest = 18 [(wire_out) = true];
|
|
MessageType_PinMatrixAck = 19 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
|
|
MessageType_Cancel = 20 [(wire_in) = true, (wire_tiny) = true];
|
|
MessageType_TxRequest = 21 [(wire_out) = true];
|
|
MessageType_TxAck = 22 [(wire_in) = true];
|
|
MessageType_CipherKeyValue = 23 [(wire_in) = true];
|
|
MessageType_ClearSession = 24 [(wire_in) = true];
|
|
MessageType_ApplySettings = 25 [(wire_in) = true];
|
|
MessageType_ButtonRequest = 26 [(wire_out) = true];
|
|
MessageType_ButtonAck = 27 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
|
|
MessageType_ApplyFlags = 28 [(wire_in) = true];
|
|
MessageType_GetAddress = 29 [(wire_in) = true];
|
|
MessageType_Address = 30 [(wire_out) = true];
|
|
MessageType_SelfTest = 32 [(wire_in) = true, (wire_bootloader) = true];
|
|
MessageType_BackupDevice = 34 [(wire_in) = true];
|
|
MessageType_EntropyRequest = 35 [(wire_out) = true];
|
|
MessageType_EntropyAck = 36 [(wire_in) = true];
|
|
MessageType_SignMessage = 38 [(wire_in) = true];
|
|
MessageType_VerifyMessage = 39 [(wire_in) = true];
|
|
MessageType_MessageSignature = 40 [(wire_out) = true];
|
|
MessageType_PassphraseRequest = 41 [(wire_out) = true];
|
|
MessageType_PassphraseAck = 42 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
|
|
MessageType_PassphraseStateRequest = 77 [(wire_out) = true];
|
|
MessageType_PassphraseStateAck = 78 [(wire_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
|
|
MessageType_EstimateTxSize = 43 [(wire_in) = true, deprecated = true];
|
|
MessageType_TxSize = 44 [(wire_out) = true, deprecated = true];
|
|
MessageType_RecoveryDevice = 45 [(wire_in) = true];
|
|
MessageType_WordRequest = 46 [(wire_out) = true];
|
|
MessageType_WordAck = 47 [(wire_in) = true];
|
|
MessageType_CipheredKeyValue = 48 [(wire_out) = true];
|
|
MessageType_EncryptMessage = 49 [(wire_in) = true, deprecated = true];
|
|
MessageType_EncryptedMessage = 50 [(wire_out) = true, deprecated = true];
|
|
MessageType_DecryptMessage = 51 [(wire_in) = true, deprecated = true];
|
|
MessageType_DecryptedMessage = 52 [(wire_out) = true, deprecated = true];
|
|
MessageType_SignIdentity = 53 [(wire_in) = true];
|
|
MessageType_SignedIdentity = 54 [(wire_out) = true];
|
|
MessageType_GetFeatures = 55 [(wire_in) = true];
|
|
MessageType_EthereumGetAddress = 56 [(wire_in) = true];
|
|
MessageType_EthereumAddress = 57 [(wire_out) = true];
|
|
MessageType_EthereumSignTx = 58 [(wire_in) = true];
|
|
MessageType_EthereumTxRequest = 59 [(wire_out) = true];
|
|
MessageType_EthereumTxAck = 60 [(wire_in) = true];
|
|
MessageType_GetECDHSessionKey = 61 [(wire_in) = true];
|
|
MessageType_ECDHSessionKey = 62 [(wire_out) = true];
|
|
MessageType_SetU2FCounter = 63 [(wire_in) = true];
|
|
MessageType_EthereumSignMessage = 64 [(wire_in) = true];
|
|
MessageType_EthereumVerifyMessage = 65 [(wire_in) = true];
|
|
MessageType_EthereumMessageSignature = 66 [(wire_out) = true];
|
|
MessageType_NEMGetAddress = 67 [(wire_in) = true];
|
|
MessageType_NEMAddress = 68 [(wire_out) = true];
|
|
MessageType_NEMSignTx = 69 [(wire_in) = true];
|
|
MessageType_NEMSignedTx = 70 [(wire_out) = true];
|
|
MessageType_CosiCommit = 71 [(wire_in) = true];
|
|
MessageType_CosiCommitment = 72 [(wire_out) = true];
|
|
MessageType_CosiSign = 73 [(wire_in) = true];
|
|
MessageType_CosiSignature = 74 [(wire_out) = true];
|
|
MessageType_NEMDecryptMessage = 75 [(wire_in) = true];
|
|
MessageType_NEMDecryptedMessage = 76 [(wire_out) = true];
|
|
MessageType_DebugLinkDecision = 100 [(wire_debug_in) = true, (wire_tiny) = true, (wire_no_fsm) = true];
|
|
MessageType_DebugLinkGetState = 101 [(wire_debug_in) = true, (wire_tiny) = true];
|
|
MessageType_DebugLinkState = 102 [(wire_debug_out) = true];
|
|
MessageType_DebugLinkStop = 103 [(wire_debug_in) = true];
|
|
MessageType_DebugLinkLog = 104 [(wire_debug_out) = true];
|
|
MessageType_DebugLinkMemoryRead = 110 [(wire_debug_in) = true];
|
|
MessageType_DebugLinkMemory = 111 [(wire_debug_out) = true];
|
|
MessageType_DebugLinkMemoryWrite = 112 [(wire_debug_in) = true];
|
|
MessageType_DebugLinkFlashErase = 113 [(wire_debug_in) = true];
|
|
|
|
// Cardano
|
|
MessageType_CardanoSignMessage = 300 [(wire_in) = true];
|
|
MessageType_CardanoMessageSignature = 301 [(wire_out) = true];
|
|
MessageType_CardanoVerifyMessage = 302 [(wire_in) = true];
|
|
MessageType_CardanoSignTransaction = 303 [(wire_in) = true];
|
|
MessageType_CardanoTxRequest = 304 [(wire_out) = true];
|
|
MessageType_CardanoGetPublicKey = 305 [(wire_in) = true];
|
|
MessageType_CardanoPublicKey = 306 [(wire_out) = true];
|
|
MessageType_CardanoGetAddress = 307 [(wire_in) = true];
|
|
MessageType_CardanoAddress = 308 [(wire_out) = true];
|
|
MessageType_CardanoTxAck = 309 [(wire_in) = true];
|
|
MessageType_CardanoSignedTransaction = 310 [(wire_out) = true];
|
|
|
|
// Lisk
|
|
MessageType_LiskGetAddress = 114 [(wire_in) = true];
|
|
MessageType_LiskAddress = 115 [(wire_out) = true];
|
|
MessageType_LiskSignTx = 116 [(wire_in) = true];
|
|
MessageType_LiskSignedTx = 117 [(wire_out) = true];
|
|
MessageType_LiskSignMessage = 118 [(wire_in) = true];
|
|
MessageType_LiskMessageSignature = 119 [(wire_out) = true];
|
|
MessageType_LiskVerifyMessage = 120 [(wire_in) = true];
|
|
MessageType_LiskGetPublicKey = 121 [(wire_in) = true];
|
|
MessageType_LiskPublicKey = 122 [(wire_out) = true];
|
|
|
|
// Tezos
|
|
MessageType_TezosGetAddress = 150 [(wire_in) = true];
|
|
MessageType_TezosAddress = 151 [(wire_out) = true];
|
|
MessageType_TezosSignTx = 152 [(wire_in) = true];
|
|
MessageType_TezosSignedTx = 153 [(wire_out) = true];
|
|
MessageType_TezosGetPublicKey = 154 [(wire_in) = true];
|
|
MessageType_TezosPublicKey = 155 [(wire_out) = true];
|
|
|
|
// Stellar
|
|
MessageType_StellarGetPublicKey = 200 [(wire_in) = true];
|
|
MessageType_StellarPublicKey = 201 [(wire_out) = true];
|
|
MessageType_StellarSignTx = 202 [(wire_in) = true];
|
|
MessageType_StellarTxOpRequest = 203 [(wire_out) = true];
|
|
MessageType_StellarGetAddress = 207 [(wire_in) = true];
|
|
MessageType_StellarAddress = 208 [(wire_out) = true];
|
|
MessageType_StellarCreateAccountOp = 210 [(wire_in) = true];
|
|
MessageType_StellarPaymentOp = 211 [(wire_in) = true];
|
|
MessageType_StellarPathPaymentOp = 212 [(wire_in) = true];
|
|
MessageType_StellarManageOfferOp = 213 [(wire_in) = true];
|
|
MessageType_StellarCreatePassiveOfferOp = 214 [(wire_in) = true];
|
|
MessageType_StellarSetOptionsOp = 215 [(wire_in) = true];
|
|
MessageType_StellarChangeTrustOp = 216 [(wire_in) = true];
|
|
MessageType_StellarAllowTrustOp = 217 [(wire_in) = true];
|
|
MessageType_StellarAccountMergeOp = 218 [(wire_in) = true];
|
|
// Omitted: inflation is not a supported operation, would be 219
|
|
MessageType_StellarManageDataOp = 220 [(wire_in) = true];
|
|
MessageType_StellarBumpSequenceOp = 221 [(wire_in) = true];
|
|
MessageType_StellarSignedTx = 230 [(wire_out) = true];
|
|
}
|
|
|
|
////////////////////
|
|
// Basic messages //
|
|
////////////////////
|
|
|
|
/**
|
|
* Request: Reset device to default state and ask for device details
|
|
* @next Features
|
|
*/
|
|
message Initialize {
|
|
optional bytes state = 1; // assumed device state, clear session if set and different
|
|
optional bool skip_passphrase = 2; // this session should always assume empty passphrase
|
|
}
|
|
|
|
/**
|
|
* Request: Ask for device details (no device reset)
|
|
* @next Features
|
|
*/
|
|
message GetFeatures {
|
|
}
|
|
|
|
/**
|
|
* Response: Reports various information about the device
|
|
* @prev Initialize
|
|
* @prev GetFeatures
|
|
*/
|
|
message Features {
|
|
optional string vendor = 1; // name of the manufacturer, e.g. "trezor.io"
|
|
optional uint32 major_version = 2; // major version of the firmware/bootloader, e.g. 1
|
|
optional uint32 minor_version = 3; // minor version of the firmware/bootloader, e.g. 0
|
|
optional uint32 patch_version = 4; // patch version of the firmware/bootloader, e.g. 0
|
|
optional bool bootloader_mode = 5; // is device in bootloader mode?
|
|
optional string device_id = 6; // device's unique identifier
|
|
optional bool pin_protection = 7; // is device protected by PIN?
|
|
optional bool passphrase_protection = 8; // is node/mnemonic encrypted using passphrase?
|
|
optional string language = 9; // device language
|
|
optional string label = 10; // device description label
|
|
optional bool initialized = 12; // does device contain seed?
|
|
optional bytes revision = 13; // SCM revision of firmware
|
|
optional bytes bootloader_hash = 14; // hash of the bootloader
|
|
optional bool imported = 15; // was storage imported from an external source?
|
|
optional bool pin_cached = 16; // is PIN already cached in session?
|
|
optional bool passphrase_cached = 17; // is passphrase already cached in session?
|
|
optional bool firmware_present = 18; // is valid firmware loaded?
|
|
optional bool needs_backup = 19; // does storage need backup? (equals to Storage.needs_backup)
|
|
optional uint32 flags = 20; // device flags (equals to Storage.flags)
|
|
optional string model = 21; // device hardware model
|
|
optional uint32 fw_major = 22; // reported firmware version if in bootloader mode
|
|
optional uint32 fw_minor = 23; // reported firmware version if in bootloader mode
|
|
optional uint32 fw_patch = 24; // reported firmware version if in bootloader mode
|
|
optional string fw_vendor = 25; // reported firmware vendor if in bootloader mode
|
|
optional bytes fw_vendor_keys = 26; // reported firmware vendor keys (their hash)
|
|
optional bool unfinished_backup = 27; // report unfinished backup (equals to Storage.unfinished_backup)
|
|
}
|
|
|
|
/**
|
|
* Request: clear session (removes cached PIN, passphrase, etc).
|
|
* @next Success
|
|
*/
|
|
message ClearSession {
|
|
}
|
|
|
|
/**
|
|
* Request: change language and/or label of the device
|
|
* @next Success
|
|
* @next Failure
|
|
* @next ButtonRequest
|
|
* @next PinMatrixRequest
|
|
*/
|
|
message ApplySettings {
|
|
optional string language = 1;
|
|
optional string label = 2;
|
|
optional bool use_passphrase = 3;
|
|
optional bytes homescreen = 4;
|
|
optional PassphraseSourceType passphrase_source = 5;
|
|
optional uint32 auto_lock_delay_ms = 6;
|
|
}
|
|
|
|
/**
|
|
* Request: set flags of the device
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message ApplyFlags {
|
|
optional uint32 flags = 1; // bitmask, can only set bits, not unset
|
|
}
|
|
|
|
/**
|
|
* Request: Starts workflow for setting/changing/removing the PIN
|
|
* @next ButtonRequest
|
|
* @next PinMatrixRequest
|
|
*/
|
|
message ChangePin {
|
|
optional bool remove = 1; // is PIN removal requested?
|
|
}
|
|
|
|
/**
|
|
* Request: Test if the device is alive, device sends back the message in Success response
|
|
* @next Success
|
|
*/
|
|
message Ping {
|
|
optional string message = 1; // message to send back in Success message
|
|
optional bool button_protection = 2; // ask for button press
|
|
optional bool pin_protection = 3; // ask for PIN if set in device
|
|
optional bool passphrase_protection = 4; // ask for passphrase if set in device
|
|
}
|
|
|
|
/**
|
|
* Response: Success of the previous request
|
|
*/
|
|
message Success {
|
|
optional string message = 1; // human readable description of action or request-specific payload
|
|
}
|
|
|
|
/**
|
|
* Response: Failure of the previous request
|
|
*/
|
|
message Failure {
|
|
optional FailureType code = 1; // computer-readable definition of the error state
|
|
optional string message = 2; // human-readable message of the error state
|
|
}
|
|
|
|
/**
|
|
* Response: Device is waiting for HW button press.
|
|
* @next ButtonAck
|
|
* @next Cancel
|
|
*/
|
|
message ButtonRequest {
|
|
optional ButtonRequestType code = 1;
|
|
optional string data = 2;
|
|
}
|
|
|
|
/**
|
|
* Request: Computer agrees to wait for HW button press
|
|
* @prev ButtonRequest
|
|
*/
|
|
message ButtonAck {
|
|
}
|
|
|
|
/**
|
|
* Response: Device is asking computer to show PIN matrix and awaits PIN encoded using this matrix scheme
|
|
* @next PinMatrixAck
|
|
* @next Cancel
|
|
*/
|
|
message PinMatrixRequest {
|
|
optional PinMatrixRequestType type = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Computer responds with encoded PIN
|
|
* @prev PinMatrixRequest
|
|
*/
|
|
message PinMatrixAck {
|
|
required string pin = 1; // matrix encoded PIN entered by user
|
|
}
|
|
|
|
/**
|
|
* Request: Abort last operation that required user interaction
|
|
* @prev ButtonRequest
|
|
* @prev PinMatrixRequest
|
|
* @prev PassphraseRequest
|
|
*/
|
|
message Cancel {
|
|
}
|
|
|
|
/**
|
|
* Response: Device awaits encryption passphrase
|
|
* @next PassphraseAck
|
|
* @next Cancel
|
|
*/
|
|
message PassphraseRequest {
|
|
optional bool on_device = 1; // passphrase is being entered on the device
|
|
}
|
|
|
|
/**
|
|
* Request: Send passphrase back
|
|
* @prev PassphraseRequest
|
|
* @next PassphraseStateRequest
|
|
*/
|
|
message PassphraseAck {
|
|
optional string passphrase = 1;
|
|
optional bytes state = 2; // expected device state
|
|
}
|
|
|
|
/**
|
|
* @prev PassphraseAck
|
|
* @next PassphraseStateAck
|
|
*/
|
|
message PassphraseStateRequest {
|
|
optional bytes state = 1; // actual device state
|
|
}
|
|
|
|
/**
|
|
* @prev PassphraseStateRequest
|
|
*/
|
|
message PassphraseStateAck {
|
|
}
|
|
|
|
/**
|
|
* Request: Request a sample of random data generated by hardware RNG. May be used for testing.
|
|
* @next ButtonRequest
|
|
* @next Entropy
|
|
* @next Failure
|
|
*/
|
|
message GetEntropy {
|
|
required uint32 size = 1; // size of requested entropy
|
|
}
|
|
|
|
/**
|
|
* Response: Reply with random data generated by internal RNG
|
|
* @prev GetEntropy
|
|
*/
|
|
message Entropy {
|
|
required bytes entropy = 1; // stream of random generated bytes
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for public key corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next PublicKey
|
|
* @next Failure
|
|
*/
|
|
message GetPublicKey {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional string ecdsa_curve_name = 2; // ECDSA curve name to use
|
|
optional bool show_display = 3; // optionally show on display before sending the result
|
|
optional string coin_name = 4 [default='Bitcoin'];
|
|
}
|
|
|
|
/**
|
|
* Response: Contains public key derived from device private seed
|
|
* @prev GetPublicKey
|
|
*/
|
|
message PublicKey {
|
|
required HDNodeType node = 1; // BIP32 public node
|
|
optional string xpub = 2; // serialized form of public node
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for address corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next Address
|
|
* @next Failure
|
|
*/
|
|
message GetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional string coin_name = 2 [default='Bitcoin'];
|
|
optional bool show_display = 3; // optionally show on display before sending the result
|
|
optional MultisigRedeemScriptType multisig = 4; // filled if we are showing a multisig address
|
|
optional InputScriptType script_type = 5 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.)
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for Ethereum address corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next EthereumAddress
|
|
* @next Failure
|
|
*/
|
|
message EthereumGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bool show_display = 2; // optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains address derived from device private seed
|
|
* @prev GetAddress
|
|
*/
|
|
message Address {
|
|
required string address = 1; // Coin address in Base58 encoding
|
|
}
|
|
|
|
/**
|
|
* Response: Contains an Ethereum address derived from device private seed
|
|
* @prev EthereumGetAddress
|
|
*/
|
|
message EthereumAddress {
|
|
required bytes address = 1; // Coin address as an Ethereum 160 bit hash
|
|
}
|
|
|
|
/**
|
|
* Request: Request device to wipe all sensitive data and settings
|
|
* @next ButtonRequest
|
|
*/
|
|
message WipeDevice {
|
|
}
|
|
|
|
/**
|
|
* Request: Load seed and related internal settings from the computer
|
|
* @next ButtonRequest
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message LoadDevice {
|
|
optional string mnemonic = 1; // seed encoded as BIP-39 mnemonic (12, 18 or 24 words)
|
|
optional HDNodeType node = 2; // BIP-32 node
|
|
optional string pin = 3; // set PIN protection
|
|
optional bool passphrase_protection = 4; // enable master node encryption using passphrase
|
|
optional string language = 5 [default='english']; // device language
|
|
optional string label = 6; // device label
|
|
optional bool skip_checksum = 7; // do not test mnemonic for valid BIP-39 checksum
|
|
optional uint32 u2f_counter = 8; // U2F counter
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to do initialization involving user interaction
|
|
* @next EntropyRequest
|
|
* @next Failure
|
|
*/
|
|
message ResetDevice {
|
|
optional bool display_random = 1; // display entropy generated by the device before asking for additional entropy
|
|
optional uint32 strength = 2 [default=256]; // strength of seed in bits
|
|
optional bool passphrase_protection = 3; // enable master node encryption using passphrase
|
|
optional bool pin_protection = 4; // enable PIN protection
|
|
optional string language = 5 [default='english']; // device language
|
|
optional string label = 6; // device label
|
|
optional uint32 u2f_counter = 7; // U2F counter
|
|
optional bool skip_backup = 8; // postpone seed backup to BackupDevice workflow
|
|
}
|
|
|
|
/**
|
|
* Request: Perform backup of the device seed if not backed up using ResetDevice
|
|
* @next ButtonRequest
|
|
*/
|
|
message BackupDevice {
|
|
}
|
|
|
|
/**
|
|
* Response: Ask for additional entropy from host computer
|
|
* @prev ResetDevice
|
|
* @next EntropyAck
|
|
*/
|
|
message EntropyRequest {
|
|
}
|
|
|
|
/**
|
|
* Request: Provide additional entropy for seed generation function
|
|
* @prev EntropyRequest
|
|
* @next ButtonRequest
|
|
*/
|
|
message EntropyAck {
|
|
optional bytes entropy = 1; // 256 bits (32 bytes) of random data
|
|
}
|
|
|
|
/**
|
|
* Request: Start recovery workflow asking user for specific words of mnemonic
|
|
* Used to recovery device safely even on untrusted computer.
|
|
* @next WordRequest
|
|
*/
|
|
message RecoveryDevice {
|
|
optional uint32 word_count = 1; // number of words in BIP-39 mnemonic
|
|
optional bool passphrase_protection = 2; // enable master node encryption using passphrase
|
|
optional bool pin_protection = 3; // enable PIN protection
|
|
optional string language = 4 [default='english']; // device language
|
|
optional string label = 5; // device label
|
|
optional bool enforce_wordlist = 6; // enforce BIP-39 wordlist during the process
|
|
// 7 reserved for unused recovery method
|
|
optional uint32 type = 8; // supported recovery type (see RecoveryType)
|
|
optional uint32 u2f_counter = 9; // U2F counter
|
|
optional bool dry_run = 10; // perform dry-run recovery workflow (for safe mnemonic validation)
|
|
}
|
|
|
|
/**
|
|
* Response: Device is waiting for user to enter word of the mnemonic
|
|
* Its position is shown only on device's internal display.
|
|
* @prev RecoveryDevice
|
|
* @prev WordAck
|
|
*/
|
|
message WordRequest {
|
|
optional WordRequestType type = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Computer replies with word from the mnemonic
|
|
* @prev WordRequest
|
|
* @next WordRequest
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message WordAck {
|
|
required string word = 1; // one word of mnemonic on asked position
|
|
}
|
|
|
|
//////////////////////////////
|
|
// Message signing messages //
|
|
//////////////////////////////
|
|
|
|
/**
|
|
* Request: Ask device to sign message
|
|
* @next MessageSignature
|
|
* @next Failure
|
|
*/
|
|
message SignMessage {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
required bytes message = 2; // message to be signed
|
|
optional string coin_name = 3 [default='Bitcoin']; // coin to use for signing
|
|
optional InputScriptType script_type = 4 [default=SPENDADDRESS]; // used to distinguish between various address formats (non-segwit, segwit, etc.)
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to verify message
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message VerifyMessage {
|
|
optional string address = 1; // address to verify
|
|
optional bytes signature = 2; // signature to verify
|
|
optional bytes message = 3; // message to verify
|
|
optional string coin_name = 4 [default='Bitcoin']; // coin to use for verifying
|
|
}
|
|
|
|
/**
|
|
* Response: Signed message
|
|
* @prev SignMessage
|
|
*/
|
|
message MessageSignature {
|
|
optional string address = 1; // address used to sign the message
|
|
optional bytes signature = 2; // signature of the message
|
|
}
|
|
|
|
///////////////////////////
|
|
// Encryption/decryption //
|
|
///////////////////////////
|
|
|
|
/**
|
|
* Request: Ask device to encrypt message
|
|
* @next EncryptedMessage
|
|
* @next Failure
|
|
*/
|
|
message EncryptMessage {
|
|
optional bytes pubkey = 1; // public key
|
|
optional bytes message = 2; // message to encrypt
|
|
optional bool display_only = 3; // show just on display? (don't send back via wire)
|
|
repeated uint32 address_n = 4; // BIP-32 path to derive the signing key from master node
|
|
optional string coin_name = 5 [default='Bitcoin']; // coin to use for signing
|
|
}
|
|
|
|
/**
|
|
* Response: Encrypted message
|
|
* @prev EncryptMessage
|
|
*/
|
|
message EncryptedMessage {
|
|
optional bytes nonce = 1; // nonce used during encryption
|
|
optional bytes message = 2; // encrypted message
|
|
optional bytes hmac = 3; // message hmac
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to decrypt message
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message DecryptMessage {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the decryption key from master node
|
|
optional bytes nonce = 2; // nonce used during encryption
|
|
optional bytes message = 3; // message to decrypt
|
|
optional bytes hmac = 4; // message hmac
|
|
}
|
|
|
|
/**
|
|
* Response: Decrypted message
|
|
* @prev DecryptedMessage
|
|
*/
|
|
message DecryptedMessage {
|
|
optional bytes message = 1; // decrypted message
|
|
optional string address = 2; // address used to sign the message (if used)
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to encrypt or decrypt value of given key
|
|
* @next CipheredKeyValue
|
|
* @next Failure
|
|
*/
|
|
message CipherKeyValue {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional string key = 2; // key component of key:value
|
|
optional bytes value = 3; // value component of key:value
|
|
optional bool encrypt = 4; // are we encrypting (True) or decrypting (False)?
|
|
optional bool ask_on_encrypt = 5; // should we ask on encrypt operation?
|
|
optional bool ask_on_decrypt = 6; // should we ask on decrypt operation?
|
|
optional bytes iv = 7; // initialization vector (will be computed if not set)
|
|
}
|
|
|
|
/**
|
|
* Response: Return ciphered/deciphered value
|
|
* @prev CipherKeyValue
|
|
*/
|
|
message CipheredKeyValue {
|
|
optional bytes value = 1; // ciphered/deciphered value
|
|
}
|
|
|
|
//////////////////////////////////
|
|
// Transaction signing messages //
|
|
//////////////////////////////////
|
|
|
|
/**
|
|
* Request: Estimated size of the transaction
|
|
* This behaves exactly like SignTx, which means that it can ask using TxRequest
|
|
* This call is non-blocking (except possible PassphraseRequest to unlock the seed)
|
|
* @next TxSize
|
|
* @next Failure
|
|
*/
|
|
message EstimateTxSize {
|
|
required uint32 outputs_count = 1; // number of transaction outputs
|
|
required uint32 inputs_count = 2; // number of transaction inputs
|
|
optional string coin_name = 3 [default='Bitcoin']; // coin to use
|
|
}
|
|
|
|
/**
|
|
* Response: Estimated size of the transaction
|
|
* @prev EstimateTxSize
|
|
*/
|
|
message TxSize {
|
|
optional uint32 tx_size = 1; // estimated size of transaction in bytes
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign transaction
|
|
* @next PassphraseRequest
|
|
* @next PinMatrixRequest
|
|
* @next TxRequest
|
|
* @next Failure
|
|
*/
|
|
message SignTx {
|
|
required uint32 outputs_count = 1; // number of transaction outputs
|
|
required uint32 inputs_count = 2; // number of transaction inputs
|
|
optional string coin_name = 3 [default='Bitcoin']; // coin to use
|
|
optional uint32 version = 4 [default=1]; // transaction version
|
|
optional uint32 lock_time = 5 [default=0]; // transaction lock_time
|
|
optional uint32 expiry = 6; // only for Decred and Zcash
|
|
optional bool overwintered = 7; // only for Zcash
|
|
}
|
|
|
|
/**
|
|
* Request: Simplified transaction signing
|
|
* This method doesn't support streaming, so there are hardware limits in number of inputs and outputs.
|
|
* In case of success, the result is returned using TxRequest message.
|
|
* @next PassphraseRequest
|
|
* @next PinMatrixRequest
|
|
* @next TxRequest
|
|
* @next Failure
|
|
*/
|
|
message SimpleSignTx {
|
|
repeated TxInputType inputs = 1; // transaction inputs
|
|
repeated TxOutputType outputs = 2; // transaction outputs
|
|
repeated TransactionType transactions = 3; // transactions whose outputs are used to build current inputs
|
|
optional string coin_name = 4 [default='Bitcoin']; // coin to use
|
|
optional uint32 version = 5 [default=1]; // transaction version
|
|
optional uint32 lock_time = 6 [default=0]; // transaction lock_time
|
|
optional uint32 expiry = 7; // only for Decred and Zcash
|
|
optional bool overwintered = 8; // only for Zcash
|
|
}
|
|
|
|
/**
|
|
* Response: Device asks for information for signing transaction or returns the last result
|
|
* If request_index is set, device awaits TxAck message (with fields filled in according to request_type)
|
|
* If signature_index is set, 'signature' contains signed input of signature_index's input
|
|
* @prev SignTx
|
|
* @prev SimpleSignTx
|
|
* @prev TxAck
|
|
*/
|
|
message TxRequest {
|
|
optional RequestType request_type = 1; // what should be filled in TxAck message?
|
|
optional TxRequestDetailsType details = 2; // request for tx details
|
|
optional TxRequestSerializedType serialized = 3; // serialized data and request for next
|
|
}
|
|
|
|
/**
|
|
* Request: Reported transaction data
|
|
* @prev TxRequest
|
|
* @next TxRequest
|
|
*/
|
|
message TxAck {
|
|
optional TransactionType tx = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign transaction
|
|
* All fields are optional from the protocol's point of view. Each field defaults to value `0` if missing.
|
|
* Note: the first at most 1024 bytes of data MUST be transmitted as part of this message.
|
|
* @next PassphraseRequest
|
|
* @next PinMatrixRequest
|
|
* @next EthereumTxRequest
|
|
* @next Failure
|
|
*/
|
|
message EthereumSignTx {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bytes nonce = 2; // <=256 bit unsigned big endian
|
|
optional bytes gas_price = 3; // <=256 bit unsigned big endian (in wei)
|
|
optional bytes gas_limit = 4; // <=256 bit unsigned big endian
|
|
optional bytes to = 5; // 160 bit address hash
|
|
optional bytes value = 6; // <=256 bit unsigned big endian (in wei)
|
|
optional bytes data_initial_chunk = 7; // The initial data chunk (<= 1024 bytes)
|
|
optional uint32 data_length = 8; // Length of transaction payload
|
|
optional uint32 chain_id = 9; // Chain Id for EIP 155
|
|
optional uint32 tx_type = 10; // (only for Wanchain)
|
|
}
|
|
|
|
/**
|
|
* Response: Device asks for more data from transaction payload, or returns the signature.
|
|
* If data_length is set, device awaits that many more bytes of payload.
|
|
* Otherwise, the signature_* fields contain the computed transaction signature. All three fields will be present.
|
|
* @prev EthereumSignTx
|
|
* @next EthereumTxAck
|
|
*/
|
|
message EthereumTxRequest {
|
|
optional uint32 data_length = 1; // Number of bytes being requested (<= 1024)
|
|
optional uint32 signature_v = 2; // Computed signature (recovery parameter, limited to 27 or 28)
|
|
optional bytes signature_r = 3; // Computed signature R component (256 bit)
|
|
optional bytes signature_s = 4; // Computed signature S component (256 bit)
|
|
}
|
|
|
|
/**
|
|
* Request: Transaction payload data.
|
|
* @prev EthereumTxRequest
|
|
* @next EthereumTxRequest
|
|
*/
|
|
message EthereumTxAck {
|
|
optional bytes data_chunk = 1; // Bytes from transaction payload (<= 1024 bytes)
|
|
}
|
|
|
|
////////////////////////////////////////
|
|
// Ethereum: Message signing messages //
|
|
////////////////////////////////////////
|
|
|
|
/**
|
|
* Request: Ask device to sign message
|
|
* @next EthereumMessageSignature
|
|
* @next Failure
|
|
*/
|
|
message EthereumSignMessage {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
required bytes message = 2; // message to be signed
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to verify message
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message EthereumVerifyMessage {
|
|
optional bytes address = 1; // address to verify
|
|
optional bytes signature = 2; // signature to verify
|
|
optional bytes message = 3; // message to verify
|
|
}
|
|
|
|
/**
|
|
* Response: Signed message
|
|
* @prev EthereumSignMessage
|
|
*/
|
|
message EthereumMessageSignature {
|
|
optional bytes address = 1; // address used to sign the message
|
|
optional bytes signature = 2; // signature of the message
|
|
}
|
|
|
|
///////////////////////
|
|
// Identity messages //
|
|
///////////////////////
|
|
|
|
/**
|
|
* Request: Ask device to sign identity
|
|
* @next SignedIdentity
|
|
* @next Failure
|
|
*/
|
|
message SignIdentity {
|
|
optional IdentityType identity = 1; // identity
|
|
optional bytes challenge_hidden = 2; // non-visible challenge
|
|
optional string challenge_visual = 3; // challenge shown on display (e.g. date+time)
|
|
optional string ecdsa_curve_name = 4; // ECDSA curve name to use
|
|
}
|
|
|
|
/**
|
|
* Response: Device provides signed identity
|
|
* @prev SignIdentity
|
|
*/
|
|
message SignedIdentity {
|
|
optional string address = 1; // identity address
|
|
optional bytes public_key = 2; // identity public key
|
|
optional bytes signature = 3; // signature of the identity data
|
|
}
|
|
|
|
///////////////////
|
|
// ECDH messages //
|
|
///////////////////
|
|
|
|
/**
|
|
* Request: Ask device to generate ECDH session key
|
|
* @next ECDHSessionKey
|
|
* @next Failure
|
|
*/
|
|
message GetECDHSessionKey {
|
|
optional IdentityType identity = 1; // identity
|
|
optional bytes peer_public_key = 2; // peer's public key
|
|
optional string ecdsa_curve_name = 3; // ECDSA curve name to use
|
|
}
|
|
|
|
/**
|
|
* Response: Device provides ECDH session key
|
|
* @prev GetECDHSessionKey
|
|
*/
|
|
message ECDHSessionKey {
|
|
optional bytes session_key = 1; // ECDH session key
|
|
}
|
|
|
|
///////////////////
|
|
// U2F messages //
|
|
///////////////////
|
|
|
|
/**
|
|
* Request: Set U2F counter
|
|
* @next Success
|
|
*/
|
|
message SetU2FCounter {
|
|
optional uint32 u2f_counter = 1; // counter
|
|
}
|
|
|
|
/////////////////////////
|
|
// Bootloader messages //
|
|
/////////////////////////
|
|
|
|
/**
|
|
* Request: Ask device to erase its firmware (so it can be replaced via FirmwareUpload)
|
|
* @next Success
|
|
* @next FirmwareRequest
|
|
* @next Failure
|
|
*/
|
|
message FirmwareErase {
|
|
optional uint32 length = 1; // length of new firmware
|
|
}
|
|
|
|
/**
|
|
* Response: Ask for firmware chunk
|
|
* @next FirmwareUpload
|
|
*/
|
|
message FirmwareRequest {
|
|
optional uint32 offset = 1; // offset of requested firmware chunk
|
|
optional uint32 length = 2; // length of requested firmware chunk
|
|
}
|
|
|
|
/**
|
|
* Request: Send firmware in binary form to the device
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message FirmwareUpload {
|
|
required bytes payload = 1; // firmware to be loaded into device
|
|
optional bytes hash = 2; // hash of the payload
|
|
}
|
|
|
|
|
|
/**
|
|
* Request: Perform a device self-test
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message SelfTest {
|
|
optional bytes payload = 1; // payload to be used in self-test
|
|
}
|
|
|
|
//////////////////
|
|
// NEM messages //
|
|
//////////////////
|
|
|
|
/**
|
|
* Request: Ask device for NEM address corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next NEMAddress
|
|
* @next Failure
|
|
*/
|
|
message NEMGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin)
|
|
optional bool show_display = 3; // Optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains NEM address derived from device private seed
|
|
* @prev NEMGetAddress
|
|
*/
|
|
message NEMAddress {
|
|
required string address = 1; // NEM address in Base32 encoding
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign transaction
|
|
* @next NEMSignedTx
|
|
* @next Failure
|
|
*/
|
|
message NEMSignTx {
|
|
optional NEMTransactionCommon transaction = 1; // Common part of transaction
|
|
optional NEMTransactionCommon multisig = 2; // Common part of inner transaction for multisig transactions
|
|
optional NEMTransfer transfer = 3; // Transfer transaction part
|
|
optional bool cosigning = 4; // Whether cosigning or initiating the multisig transaction
|
|
optional NEMProvisionNamespace provision_namespace = 5; // Provision namespace part
|
|
optional NEMMosaicCreation mosaic_creation = 6; // Mosaic definition creation part
|
|
optional NEMMosaicSupplyChange supply_change = 7; // Mosaic supply change part
|
|
optional NEMAggregateModification aggregate_modification = 8; // Aggregate modification part
|
|
optional NEMImportanceTransfer importance_transfer = 9; // Importance transfer part
|
|
}
|
|
|
|
/**
|
|
* Response: Contains NEM transaction data and signature
|
|
* @prev NEMSignTx
|
|
*/
|
|
message NEMSignedTx {
|
|
optional bytes data = 1; // Transaction data
|
|
optional bytes signature = 2; // Signature for the transaction
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to decrypt NEM transaction payload
|
|
* @next NEMDecryptedMessage
|
|
* @next Failure
|
|
*/
|
|
message NEMDecryptMessage {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional uint32 network = 2; // Network ID (0x68 = Mainnet, 0x98 = Testnet, 0x60 = Mijin)
|
|
optional bytes public_key = 3; // Public key of the other party
|
|
optional bytes payload = 4; // Actual message data (encrypted)
|
|
}
|
|
|
|
/**
|
|
* Response: Contains decrypted NEM transaction payload
|
|
* @prev NEMDecryptMessage
|
|
*/
|
|
message NEMDecryptedMessage {
|
|
optional bytes payload = 1; // Actual message data (unencrypted)
|
|
}
|
|
|
|
///////////////////
|
|
// CoSi messages //
|
|
///////////////////
|
|
|
|
/**
|
|
* Request: Ask device to commit to CoSi signing
|
|
* @next CosiCommitment
|
|
* @next Failure
|
|
*/
|
|
message CosiCommit {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bytes data = 2; // Data to be signed
|
|
}
|
|
|
|
/**
|
|
* Response: Contains a CoSi commitment
|
|
* @prev CosiCommit
|
|
*/
|
|
message CosiCommitment {
|
|
optional bytes commitment = 1; // Commitment
|
|
optional bytes pubkey = 2; // Public key
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign using CoSi
|
|
* @next CosiSignature
|
|
* @next Failure
|
|
*/
|
|
message CosiSign {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bytes data = 2; // Data to be signed
|
|
optional bytes global_commitment = 3; // Aggregated commitment
|
|
optional bytes global_pubkey = 4; // Aggregated public key
|
|
}
|
|
|
|
/**
|
|
* Response: Contains a CoSi signature
|
|
* @prev CosiSign
|
|
*/
|
|
message CosiSignature {
|
|
optional bytes signature = 1; // Signature
|
|
}
|
|
|
|
//////////////////////
|
|
// Stellar messages //
|
|
//////////////////////
|
|
|
|
/**
|
|
* Request: Public key at the specified index
|
|
* @next StellarPublicKey
|
|
*/
|
|
message StellarGetPublicKey {
|
|
repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index'
|
|
optional bool show_display = 2; // optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Public key for the given index
|
|
* @prev StellarGetPublicKey
|
|
*/
|
|
message StellarPublicKey {
|
|
optional bytes public_key = 1; // Raw bytes of the public key (no version or checksum)
|
|
}
|
|
|
|
/**
|
|
* Request: Address at the specified index
|
|
* @next StellarAddress
|
|
*/
|
|
message StellarGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index'
|
|
optional bool show_display = 2; // optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Address for the given index
|
|
* @prev StellarGetAddress
|
|
*/
|
|
message StellarAddress {
|
|
optional string address = 1; // Address in Stellar format (base32 of a pubkey with checksum)
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to sign Stellar transaction
|
|
* @next StellarTxOpRequest
|
|
*/
|
|
message StellarSignTx {
|
|
optional uint32 protocol_version = 1; // version of the protofbuf messaging protocol the client is using
|
|
repeated uint32 address_n = 2; // BIP-32 path. For compatibility with other wallets, must be m/44'/148'/index'
|
|
optional string network_passphrase = 3; // passphrase for signing messages on the destination network
|
|
optional string source_account = 4; // source account address
|
|
optional uint32 fee = 5; // Fee (in stroops) for the transaction
|
|
optional uint64 sequence_number = 6; // transaction sequence number
|
|
optional uint32 timebounds_start = 8; // unix timestamp (client must truncate this to 32 bytes)
|
|
optional uint32 timebounds_end = 9; // unix timestamp (client must truncate this to 32 bytes)
|
|
optional uint32 memo_type = 10; // 0 = none, 1 = text, 2 = id, 3 = hash, 4 = return
|
|
optional string memo_text = 11; // up to 28 characters (4 bytes are for length)
|
|
optional uint64 memo_id = 12; // 8-byte uint64
|
|
optional bytes memo_hash = 13; // 32 bytes representing a hash
|
|
optional uint32 num_operations = 14; // number of operations in this transaction
|
|
}
|
|
|
|
/**
|
|
* Response: device is ready for client to send the next operation
|
|
* @prev StellarSignTx
|
|
* @next StellarPaymentOp
|
|
* @next StellarCreateAccountOp
|
|
* @next StellarPathPaymentOp
|
|
* @next StellarManageOfferOp
|
|
* @next StellarCreatePassiveOfferOp
|
|
* @next StellarSetOptionsOp
|
|
* @next StellarChangeTrustOp
|
|
* @next StellarAllowTrustOp
|
|
* @next StellarAccountMergeOp
|
|
* @next StellarManageDataOp
|
|
* @next StellarBumpSequenceOp
|
|
*/
|
|
message StellarTxOpRequest {
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarPaymentOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional string destination_account = 2; // destination account address
|
|
optional StellarAssetType asset = 3; // asset involved in the operation
|
|
optional sint64 amount = 4; // amount of the given asset to pay
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarCreateAccountOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional string new_account = 2; // account address to create
|
|
optional sint64 starting_balance = 3; // initial starting balance for the new account
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarPathPaymentOp {
|
|
optional string source_account = 1; // (optional) source address
|
|
|
|
optional StellarAssetType send_asset = 2;
|
|
optional sint64 send_max = 3;
|
|
optional string destination_account = 4;
|
|
optional StellarAssetType destination_asset = 5;
|
|
optional sint64 destination_amount = 6;
|
|
repeated StellarAssetType paths = 7;
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarManageOfferOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional StellarAssetType selling_asset = 2;
|
|
optional StellarAssetType buying_asset = 3;
|
|
optional sint64 amount = 4;
|
|
optional uint32 price_n = 5; // Price numerator
|
|
optional uint32 price_d = 6; // Price denominator
|
|
optional uint64 offer_id = 7; // Offer ID for updating an existing offer
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarCreatePassiveOfferOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional StellarAssetType selling_asset = 2;
|
|
optional StellarAssetType buying_asset = 3;
|
|
optional sint64 amount = 4;
|
|
optional uint32 price_n = 5; // Price numerator
|
|
optional uint32 price_d = 6; // Price denominator
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarSetOptionsOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional string inflation_destination_account = 2; // (optional) inflation destination address
|
|
optional uint32 clear_flags = 3;
|
|
optional uint32 set_flags = 4;
|
|
optional uint32 master_weight = 5;
|
|
optional uint32 low_threshold = 6;
|
|
optional uint32 medium_threshold = 7;
|
|
optional uint32 high_threshold = 8;
|
|
optional string home_domain = 9;
|
|
optional uint32 signer_type = 10;
|
|
optional bytes signer_key = 11;
|
|
optional uint32 signer_weight = 12;
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarChangeTrustOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional StellarAssetType asset = 2;
|
|
optional uint64 limit = 3;
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarAllowTrustOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional string trusted_account = 2; // The account being allowed to hold the asset
|
|
optional uint32 asset_type = 3; // 1 = 4-character, 2 = 12-character
|
|
optional string asset_code = 4; // human-readable asset code
|
|
optional uint32 is_authorized = 5;
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarAccountMergeOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
optional string destination_account = 2; // destination account address
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarManageDataOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional string key = 2;
|
|
optional bytes value = 3; // 64 bytes of arbitrary data
|
|
}
|
|
|
|
/**
|
|
* Request: ask device to confirm this operation type
|
|
* @prev StellarTxOpRequest
|
|
* @next StellarTxOpRequest
|
|
* @next StellarSignedTx
|
|
*/
|
|
message StellarBumpSequenceOp {
|
|
optional string source_account = 1; // (optional) source account address
|
|
|
|
optional uint64 bump_to = 2; // new sequence number
|
|
}
|
|
|
|
/**
|
|
* Response: signature for transaction
|
|
* @prev StellarPaymentOp
|
|
* @prev StellarCreateAccountOp
|
|
* @prev StellarPathPaymentOp
|
|
* @prev StellarManageOfferOp
|
|
* @prev StellarCreatePassiveOfferOp
|
|
* @prev StellarSetOptionsOp
|
|
* @prev StellarChangeTrustOp
|
|
* @prev StellarAllowTrustOp
|
|
* @prev StellarAccountMergeOp
|
|
* @prev StellarManageDataOp
|
|
* @prev StellarBumpSequenceOp
|
|
*/
|
|
message StellarSignedTx {
|
|
optional bytes public_key = 1; // public key for the private key used to sign data
|
|
optional bytes signature = 2; // signature suitable for sending to the Stellar network
|
|
}
|
|
|
|
|
|
////////////////////
|
|
// Lisk messages //
|
|
//////////////////
|
|
|
|
/**
|
|
* Request: Ask device for Lisk public key corresponding to address_n path
|
|
* @next LiskPublicKey
|
|
*/
|
|
message LiskGetPublicKey {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bool show_display = 2; // Optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Lisk public key derived from device private seed
|
|
* @prev LiskGetPublicKey
|
|
*/
|
|
message LiskPublicKey {
|
|
optional bytes public_key = 1; // Lisk public key
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for Lisk address corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next LiskAddress
|
|
* @next Failure
|
|
*/
|
|
message LiskGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bool show_display = 2; // Optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Lisk address derived from device private seed
|
|
* @prev LiskGetAddress
|
|
*/
|
|
message LiskAddress {
|
|
optional string address = 1; // Lisk address
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign Lisk transaction
|
|
* @next LiskSignedTx
|
|
*/
|
|
message LiskSignTx {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional LiskTransactionCommon transaction = 2; // Lisk transaction structure
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Lisk transaction signature
|
|
* @prev LiskSignTx
|
|
*/
|
|
message LiskSignedTx {
|
|
optional bytes signature = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign message
|
|
* @next LiskMessageSignature
|
|
* @next Failure
|
|
*/
|
|
message LiskSignMessage {
|
|
repeated uint32 address_n = 1;
|
|
optional bytes message = 2;
|
|
}
|
|
|
|
/**
|
|
* Response: Signed message
|
|
* @prev LiskSignMessage
|
|
*/
|
|
message LiskMessageSignature {
|
|
optional bytes public_key = 1;
|
|
optional bytes signature = 2;
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to verify message
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message LiskVerifyMessage {
|
|
optional bytes public_key = 1;
|
|
optional bytes signature = 2;
|
|
optional bytes message = 3;
|
|
}
|
|
|
|
|
|
/**
|
|
* Request: Ask device for Tezos address corresponding to address_n path
|
|
* @next PassphraseRequest
|
|
* @next TezosAddress
|
|
* @next Failure
|
|
*/
|
|
message TezosGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bool show_display = 2; // optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Tezos address derived from device private seed
|
|
* @prev TezosGetAddress
|
|
*/
|
|
message TezosAddress {
|
|
optional string address = 1; // Coin address in Base58 encoding
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign Tezos transaction
|
|
* @next TezosSignedTx
|
|
*/
|
|
message TezosSignTx {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional TezosOperationCommon operation = 2; // Tezos operation structure
|
|
optional TezosTransactionType transaction = 3; // Tezos transaction part
|
|
optional TezosOriginationType origination = 4; // Tezos origination part
|
|
optional TezosDelegationType delegation = 5; // Tezos delegation part
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Tezos transaction signature
|
|
* @prev TezosSignTx
|
|
*/
|
|
message TezosSignedTx {
|
|
optional bytes signature = 1; // Tezos transaction signature
|
|
optional bytes sig_op_contents = 2; // Signed operation contents
|
|
optional string operation_hash = 3; // b58 check encoded blake2b hashed operation contents
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for Tezos public key corresponding to address_n path
|
|
* @next TezosPublicKey
|
|
*/
|
|
message TezosGetPublicKey {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bool show_display = 2; // Optionally show on display before sending the result
|
|
}
|
|
|
|
/**
|
|
* Response: Contains Tezos public key derived from device private seed
|
|
* @prev TezosGetPublicKey
|
|
*/
|
|
message TezosPublicKey {
|
|
optional bytes public_key = 1; // Tezos public key
|
|
}
|
|
|
|
/////////////////////////////////////////////////////////////
|
|
// Debug messages (only available if DebugLink is enabled) //
|
|
/////////////////////////////////////////////////////////////
|
|
|
|
/**
|
|
* Request: "Press" the button on the device
|
|
* @next Success
|
|
*/
|
|
message DebugLinkDecision {
|
|
optional bool yes_no = 1; // true for "Confirm", false for "Cancel"
|
|
optional bool up_down = 2; // true for scroll up, false for scroll down
|
|
optional string input = 3; // keyboard input
|
|
}
|
|
|
|
/**
|
|
* Request: Computer asks for device state
|
|
* @next DebugLinkState
|
|
*/
|
|
message DebugLinkGetState {
|
|
}
|
|
|
|
/**
|
|
* Response: Device current state
|
|
* @prev DebugLinkGetState
|
|
*/
|
|
message DebugLinkState {
|
|
optional bytes layout = 1; // raw buffer of display
|
|
optional string pin = 2; // current PIN, blank if PIN is not set/enabled
|
|
optional string matrix = 3; // current PIN matrix
|
|
optional string mnemonic = 4; // current BIP-39 mnemonic
|
|
optional HDNodeType node = 5; // current BIP-32 node
|
|
optional bool passphrase_protection = 6; // is node/mnemonic encrypted using passphrase?
|
|
optional string reset_word = 7; // word on device display during ResetDevice workflow
|
|
optional bytes reset_entropy = 8; // current entropy during ResetDevice workflow
|
|
optional string recovery_fake_word = 9; // (fake) word on display during RecoveryDevice workflow
|
|
optional uint32 recovery_word_pos = 10; // index of mnemonic word the device is expecting during RecoveryDevice workflow
|
|
optional uint32 reset_word_pos = 11; // index of mnemonic word the device is expecting during ResetDevice workflow
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to restart
|
|
*/
|
|
message DebugLinkStop {
|
|
}
|
|
|
|
/**
|
|
* Response: Device wants host to log event
|
|
*/
|
|
message DebugLinkLog {
|
|
optional uint32 level = 1;
|
|
optional string bucket = 2;
|
|
optional string text = 3;
|
|
}
|
|
|
|
/**
|
|
* Request: Read memory from device
|
|
* @next DebugLinkMemory
|
|
*/
|
|
message DebugLinkMemoryRead {
|
|
optional uint32 address = 1;
|
|
optional uint32 length = 2;
|
|
}
|
|
|
|
/**
|
|
* Response: Device sends memory back
|
|
* @prev DebugLinkMemoryRead
|
|
*/
|
|
message DebugLinkMemory {
|
|
optional bytes memory = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Write memory to device.
|
|
* WARNING: Writing to the wrong location can irreparably break the device.
|
|
*/
|
|
message DebugLinkMemoryWrite {
|
|
optional uint32 address = 1;
|
|
optional bytes memory = 2;
|
|
optional bool flash = 3;
|
|
}
|
|
|
|
/**
|
|
* Request: Erase block of flash on device
|
|
* WARNING: Writing to the wrong location can irreparably break the device.
|
|
*/
|
|
message DebugLinkFlashErase {
|
|
optional uint32 sector = 1;
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for Cardano address
|
|
* @next CardanoAddress
|
|
* @next Failure
|
|
*/
|
|
message CardanoGetAddress {
|
|
repeated uint32 address_n = 1; // BIP-32-style path to derive the key from master node
|
|
optional bool show_display = 2; // optionally prompt for confirmation on trezor display
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for Cardano address
|
|
* @next CardanoAddress
|
|
* @next Failure
|
|
*/
|
|
message CardanoAddress {
|
|
optional string address = 1; // Base58 cardano address
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign Cardano message
|
|
* @next CardanoMessageSignature
|
|
* @next Failure
|
|
*/
|
|
message CardanoSignMessage {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
optional bytes message = 2; // message to be signed
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device for public key corresponding to address_n path
|
|
* @next CardanoPublicKey
|
|
* @next Failure
|
|
*/
|
|
message CardanoGetPublicKey {
|
|
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
|
|
}
|
|
|
|
/**
|
|
* Response: Contains public key derived from device private seed
|
|
* @prev CardanoGetPublicKey
|
|
*/
|
|
message CardanoPublicKey {
|
|
optional string xpub = 1; // Xpub key
|
|
optional HDNodeType node = 2; // BIP-32 public node
|
|
optional string root_hd_passphrase = 3; // Hd passphrase for root in hex format
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to verify Cardano message
|
|
* @next Success
|
|
* @next Failure
|
|
*/
|
|
message CardanoVerifyMessage {
|
|
optional bytes public_key = 1; // Public key which was used to sign message
|
|
optional bytes signature = 2; // signature to verify
|
|
optional bytes message = 3; // message to verify
|
|
}
|
|
|
|
/**
|
|
* Response: Signed Cardano message
|
|
* @prev CardanoSignMessage
|
|
*/
|
|
message CardanoMessageSignature {
|
|
optional bytes public_key = 1; // public key which was used to sign mesage
|
|
optional bytes signature = 2; // signature of the message
|
|
}
|
|
|
|
/**
|
|
* Request: Ask device to sign Cardano transaction
|
|
* @next CardanoSignedTransaction
|
|
* @next CardanoTxRequest
|
|
* @next Failure
|
|
*/
|
|
message CardanoSignTransaction {
|
|
repeated CardanoTxInputType inputs = 1; // inputs to be used in transaction
|
|
repeated CardanoTxOutputType outputs = 2; // outputs to be used in transaction
|
|
optional uint32 transactions_count = 3; // transactions count
|
|
}
|
|
|
|
/**
|
|
* Response: Serialised signed cardano transaction if tx_index is not specified.
|
|
* If tx_index is specified, trezor will wait for transaction
|
|
* @prev CardanoSignTransaction
|
|
* @next CardanoTxAck
|
|
*/
|
|
message CardanoTxRequest {
|
|
optional uint32 tx_index = 1; // index of requested transaction
|
|
optional bytes tx_hash = 2; // hash of the signed transaction
|
|
optional bytes tx_body = 3; // serialised body of the signed transaction
|
|
}
|
|
|
|
/**
|
|
* Response: Serialised signed cardano transaction
|
|
* @prev CardanoSignTransaction
|
|
*/
|
|
message CardanoSignedTransaction {
|
|
optional bytes tx_hash = 1; // hash of the signed transaction
|
|
optional bytes tx_body = 2; // serialised body of the signed transaction
|
|
}
|
|
|
|
/**
|
|
* Request: Reported transaction data
|
|
* @prev CardanoTxRequest
|
|
* @next CardanoTxRequest
|
|
*/
|
|
message CardanoTxAck {
|
|
optional bytes transaction = 1;
|
|
}
|