| 
									
										
										
										
											2017-08-01 17:45:17 +02:00
										 |  |  | // This file originates from the SatoshiLabs Trezor `common` repository at:
 | 
					
						
							|  |  |  | //   https://github.com/trezor/trezor-common/blob/master/protob/messages.proto
 | 
					
						
							|  |  |  | // dated 28.07.2017, commit dd8ec3231fb5f7992360aff9bdfe30bb58130f4b.
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-08 13:15:57 +01:00
										 |  |  | syntax = "proto2";
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-08-01 17:45:17 +02:00
										 |  |  | /**
 | 
					
						
							|  |  |  |  * Messages for TREZOR communication
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Sugar for easier handling in Java
 | 
					
						
							|  |  |  | option java_package = "com.satoshilabs.trezor.lib.protobuf";
 | 
					
						
							|  |  |  | option java_outer_classname = "TrezorMessage";
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import "types.proto";
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Mapping between Trezor wire identifier (uint) and a protobuf message | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | enum MessageType {
 | 
					
						
							|  |  |  | 	MessageType_Initialize = 0 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_Ping = 1 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_Success = 2 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_Failure = 3 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_ChangePin = 4 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_WipeDevice = 5 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_FirmwareErase = 6 [(wire_in) = true, (wire_bootloader) = true];
 | 
					
						
							|  |  |  | 	MessageType_FirmwareUpload = 7 [(wire_in) = true, (wire_bootloader) = true];
 | 
					
						
							|  |  |  | 	MessageType_FirmwareRequest = 8 [(wire_out) = true, (wire_bootloader) = true];
 | 
					
						
							|  |  |  | 	MessageType_GetEntropy = 9 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_Entropy = 10 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_GetPublicKey = 11 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_PublicKey = 12 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_LoadDevice = 13 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_ResetDevice = 14 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_SignTx = 15 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_SimpleSignTx = 16 [(wire_in) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_Features = 17 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_PinMatrixRequest = 18 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_PinMatrixAck = 19 [(wire_in) = true, (wire_tiny) = true];
 | 
					
						
							|  |  |  | 	MessageType_Cancel = 20 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_TxRequest = 21 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_TxAck = 22 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_CipherKeyValue = 23 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_ClearSession = 24 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_ApplySettings = 25 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_ButtonRequest = 26 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_ButtonAck = 27 [(wire_in) = true, (wire_tiny) = true];
 | 
					
						
							|  |  |  | 	MessageType_ApplyFlags = 28 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_GetAddress = 29 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_Address = 30 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_SelfTest = 32 [(wire_in) = true, (wire_bootloader) = true];
 | 
					
						
							|  |  |  | 	MessageType_BackupDevice = 34 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EntropyRequest = 35 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_EntropyAck = 36 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_SignMessage = 38 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_VerifyMessage = 39 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_MessageSignature = 40 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_PassphraseRequest = 41 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_PassphraseAck = 42 [(wire_in) = true, (wire_tiny) = true];
 | 
					
						
							|  |  |  | 	MessageType_EstimateTxSize = 43 [(wire_in) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_TxSize = 44 [(wire_out) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_RecoveryDevice = 45 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_WordRequest = 46 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_WordAck = 47 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_CipheredKeyValue = 48 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_EncryptMessage = 49 [(wire_in) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_EncryptedMessage = 50 [(wire_out) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_DecryptMessage = 51 [(wire_in) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_DecryptedMessage = 52 [(wire_out) = true, deprecated = true];
 | 
					
						
							|  |  |  | 	MessageType_SignIdentity = 53 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_SignedIdentity = 54 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_GetFeatures = 55 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumGetAddress = 56 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumAddress = 57 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumSignTx = 58 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumTxRequest = 59 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumTxAck = 60 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_GetECDHSessionKey = 61 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_ECDHSessionKey = 62 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_SetU2FCounter = 63 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumSignMessage = 64 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumVerifyMessage = 65 [(wire_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_EthereumMessageSignature = 66 [(wire_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkDecision = 100 [(wire_debug_in) = true, (wire_tiny) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkGetState = 101 [(wire_debug_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkState = 102 [(wire_debug_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkStop = 103 [(wire_debug_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkLog = 104 [(wire_debug_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkMemoryRead = 110 [(wire_debug_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkMemory = 111 [(wire_debug_out) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkMemoryWrite = 112 [(wire_debug_in) = true];
 | 
					
						
							|  |  |  | 	MessageType_DebugLinkFlashErase = 113 [(wire_debug_in) = true];
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ////////////////////
 | 
					
						
							|  |  |  | // Basic messages //
 | 
					
						
							|  |  |  | ////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Reset device to default state and ask for device details
 | 
					
						
							|  |  |  |  * @next Features
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Initialize {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask for device details (no device reset)
 | 
					
						
							|  |  |  |  * @next Features
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message GetFeatures {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Reports various information about the device
 | 
					
						
							|  |  |  |  * @prev Initialize
 | 
					
						
							|  |  |  |  * @prev GetFeatures
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Features {
 | 
					
						
							|  |  |  | 	optional string vendor = 1;			// name of the manufacturer, e.g. "bitcointrezor.com"
 | 
					
						
							|  |  |  | 	optional uint32 major_version = 2;		// major version of the device, e.g. 1
 | 
					
						
							|  |  |  | 	optional uint32 minor_version = 3;		// minor version of the device, e.g. 0
 | 
					
						
							|  |  |  | 	optional uint32 patch_version = 4;		// patch version of the device, e.g. 0
 | 
					
						
							|  |  |  | 	optional bool bootloader_mode = 5;		// is device in bootloader mode?
 | 
					
						
							|  |  |  | 	optional string device_id = 6;			// device's unique identifier
 | 
					
						
							|  |  |  | 	optional bool pin_protection = 7;		// is device protected by PIN?
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 8;	// is node/mnemonic encrypted using passphrase?
 | 
					
						
							|  |  |  | 	optional string language = 9;			// device language
 | 
					
						
							|  |  |  | 	optional string label = 10;			// device description label
 | 
					
						
							|  |  |  | 	repeated CoinType coins = 11;			// supported coins
 | 
					
						
							|  |  |  | 	optional bool initialized = 12;			// does device contain seed?
 | 
					
						
							|  |  |  | 	optional bytes revision = 13;			// SCM revision of firmware
 | 
					
						
							|  |  |  | 	optional bytes bootloader_hash = 14;		// hash of the bootloader
 | 
					
						
							|  |  |  | 	optional bool imported = 15;			// was storage imported from an external source?
 | 
					
						
							|  |  |  | 	optional bool pin_cached = 16;			// is PIN already cached in session?
 | 
					
						
							|  |  |  | 	optional bool passphrase_cached = 17;		// is passphrase already cached in session?
 | 
					
						
							|  |  |  | 	optional bool firmware_present = 18;		// is valid firmware loaded?
 | 
					
						
							|  |  |  | 	optional bool needs_backup = 19;		// does storage need backup? (equals to Storage.needs_backup)
 | 
					
						
							|  |  |  | 	optional uint32 flags = 20;			// device flags (equals to Storage.flags)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: clear session (removes cached PIN, passphrase, etc).
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ClearSession {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: change language and/or label of the device
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  * @next PinMatrixRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ApplySettings {
 | 
					
						
							|  |  |  | 	optional string language = 1;
 | 
					
						
							|  |  |  | 	optional string label = 2;
 | 
					
						
							|  |  |  | 	optional bool use_passphrase = 3;
 | 
					
						
							|  |  |  | 	optional bytes homescreen = 4;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: set flags of the device
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ApplyFlags {
 | 
					
						
							|  |  |  | 	optional uint32 flags = 1;	// bitmask, can only set bits, not unset
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Starts workflow for setting/changing/removing the PIN
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  * @next PinMatrixRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ChangePin {
 | 
					
						
							|  |  |  | 	optional bool remove = 1;	// is PIN removal requested?
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Test if the device is alive, device sends back the message in Success response
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Ping {
 | 
					
						
							|  |  |  | 	optional string message = 1;			// message to send back in Success message
 | 
					
						
							|  |  |  | 	optional bool button_protection = 2;		// ask for button press
 | 
					
						
							|  |  |  | 	optional bool pin_protection = 3;		// ask for PIN if set in device
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 4;	// ask for passphrase if set in device
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Success of the previous request
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Success {
 | 
					
						
							|  |  |  | 	optional string message = 1;	// human readable description of action or request-specific payload
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Failure of the previous request
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Failure {
 | 
					
						
							|  |  |  | 	optional FailureType code = 1;	// computer-readable definition of the error state
 | 
					
						
							|  |  |  | 	optional string message = 2;	// human-readable message of the error state
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device is waiting for HW button press.
 | 
					
						
							|  |  |  |  * @next ButtonAck
 | 
					
						
							|  |  |  |  * @next Cancel
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ButtonRequest {
 | 
					
						
							|  |  |  | 	optional ButtonRequestType code = 1;
 | 
					
						
							|  |  |  | 	optional string data = 2;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Computer agrees to wait for HW button press
 | 
					
						
							|  |  |  |  * @prev ButtonRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ButtonAck {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device is asking computer to show PIN matrix and awaits PIN encoded using this matrix scheme
 | 
					
						
							|  |  |  |  * @next PinMatrixAck
 | 
					
						
							|  |  |  |  * @next Cancel
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message PinMatrixRequest {
 | 
					
						
							|  |  |  | 	optional PinMatrixRequestType type = 1;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Computer responds with encoded PIN
 | 
					
						
							|  |  |  |  * @prev PinMatrixRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message PinMatrixAck {
 | 
					
						
							|  |  |  | 	required string pin = 1;		// matrix encoded PIN entered by user
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Abort last operation that required user interaction
 | 
					
						
							|  |  |  |  * @prev ButtonRequest
 | 
					
						
							|  |  |  |  * @prev PinMatrixRequest
 | 
					
						
							|  |  |  |  * @prev PassphraseRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Cancel {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device awaits encryption passphrase
 | 
					
						
							|  |  |  |  * @next PassphraseAck
 | 
					
						
							|  |  |  |  * @next Cancel
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message PassphraseRequest {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Send passphrase back
 | 
					
						
							|  |  |  |  * @prev PassphraseRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message PassphraseAck {
 | 
					
						
							|  |  |  | 	required string passphrase = 1;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Request a sample of random data generated by hardware RNG. May be used for testing.
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  * @next Entropy
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message GetEntropy {
 | 
					
						
							|  |  |  | 	required uint32 size = 1;		// size of requested entropy
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Reply with random data generated by internal RNG
 | 
					
						
							|  |  |  |  * @prev GetEntropy
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Entropy {
 | 
					
						
							|  |  |  | 	required bytes entropy = 1;		// stream of random generated bytes
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device for public key corresponding to address_n path
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next PublicKey
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message GetPublicKey {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;		// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	optional string ecdsa_curve_name = 2;	// ECDSA curve name to use
 | 
					
						
							|  |  |  | 	optional bool show_display = 3;		// optionally show on display before sending the result
 | 
					
						
							|  |  |  | 	optional string coin_name = 4 [default='Bitcoin'];
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Contains public key derived from device private seed
 | 
					
						
							|  |  |  |  * @prev GetPublicKey
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message PublicKey {
 | 
					
						
							|  |  |  | 	required HDNodeType node = 1;		// BIP32 public node
 | 
					
						
							|  |  |  | 	optional string xpub = 2;		// serialized form of public node
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device for address corresponding to address_n path
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next Address
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message GetAddress {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;						// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	optional string coin_name = 2 [default='Bitcoin'];
 | 
					
						
							|  |  |  | 	optional bool show_display = 3			;			// optionally show on display before sending the result
 | 
					
						
							|  |  |  | 	optional MultisigRedeemScriptType multisig = 4;				// filled if we are showing a multisig address
 | 
					
						
							|  |  |  | 	optional InputScriptType script_type = 5 [default=SPENDADDRESS];	// used to distinguish between various address formats (non-segwit, segwit, etc.)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device for Ethereum address corresponding to address_n path
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next EthereumAddress
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumGetAddress {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;			// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	optional bool show_display = 2;			// optionally show on display before sending the result
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Contains address derived from device private seed
 | 
					
						
							|  |  |  |  * @prev GetAddress
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message Address {
 | 
					
						
							|  |  |  | 	required string address = 1;		// Coin address in Base58 encoding
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Contains an Ethereum address derived from device private seed
 | 
					
						
							|  |  |  |  * @prev EthereumGetAddress
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumAddress {
 | 
					
						
							|  |  |  | 	required bytes address = 1;		// Coin address as an Ethereum 160 bit hash
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Request device to wipe all sensitive data and settings
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message WipeDevice {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Load seed and related internal settings from the computer
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message LoadDevice {
 | 
					
						
							|  |  |  | 	optional string mnemonic = 1;				// seed encoded as BIP-39 mnemonic (12, 18 or 24 words)
 | 
					
						
							|  |  |  | 	optional HDNodeType node = 2;				// BIP-32 node
 | 
					
						
							|  |  |  | 	optional string pin = 3;				// set PIN protection
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 4;		// enable master node encryption using passphrase
 | 
					
						
							|  |  |  | 	optional string language = 5 [default='english'];	// device language
 | 
					
						
							|  |  |  | 	optional string label = 6;				// device label
 | 
					
						
							|  |  |  | 	optional bool skip_checksum = 7;			// do not test mnemonic for valid BIP-39 checksum
 | 
					
						
							|  |  |  | 	optional uint32 u2f_counter = 8;			// U2F counter
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to do initialization involving user interaction
 | 
					
						
							|  |  |  |  * @next EntropyRequest
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ResetDevice {
 | 
					
						
							|  |  |  | 	optional bool display_random = 1;			// display entropy generated by the device before asking for additional entropy
 | 
					
						
							|  |  |  | 	optional uint32 strength = 2 [default=256];		// strength of seed in bits
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 3;		// enable master node encryption using passphrase
 | 
					
						
							|  |  |  | 	optional bool pin_protection = 4;			// enable PIN protection
 | 
					
						
							|  |  |  | 	optional string language = 5 [default='english'];	// device language
 | 
					
						
							|  |  |  | 	optional string label = 6;				// device label
 | 
					
						
							|  |  |  | 	optional uint32 u2f_counter = 7;			// U2F counter
 | 
					
						
							|  |  |  | 	optional bool skip_backup = 8;				// postpone seed backup to BackupDevice workflow
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Perform backup of the device seed if not backed up using ResetDevice
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message BackupDevice {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Ask for additional entropy from host computer
 | 
					
						
							|  |  |  |  * @prev ResetDevice
 | 
					
						
							|  |  |  |  * @next EntropyAck
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EntropyRequest {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Provide additional entropy for seed generation function
 | 
					
						
							|  |  |  |  * @prev EntropyRequest
 | 
					
						
							|  |  |  |  * @next ButtonRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EntropyAck {
 | 
					
						
							|  |  |  | 	optional bytes entropy = 1;				// 256 bits (32 bytes) of random data
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Start recovery workflow asking user for specific words of mnemonic
 | 
					
						
							|  |  |  |  * Used to recovery device safely even on untrusted computer.
 | 
					
						
							|  |  |  |  * @next WordRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message RecoveryDevice {
 | 
					
						
							|  |  |  | 	optional uint32 word_count = 1;				// number of words in BIP-39 mnemonic
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 2;		// enable master node encryption using passphrase
 | 
					
						
							|  |  |  | 	optional bool pin_protection = 3;			// enable PIN protection
 | 
					
						
							|  |  |  | 	optional string language = 4 [default='english'];	// device language
 | 
					
						
							|  |  |  | 	optional string label = 5;				// device label
 | 
					
						
							|  |  |  | 	optional bool enforce_wordlist = 6;			// enforce BIP-39 wordlist during the process
 | 
					
						
							|  |  |  | 	// 7 reserved for unused recovery method
 | 
					
						
							|  |  |  | 	optional uint32 type = 8;				// supported recovery type (see RecoveryType)
 | 
					
						
							|  |  |  | 	optional uint32 u2f_counter = 9;			// U2F counter
 | 
					
						
							|  |  |  | 	optional bool dry_run = 10;				// perform dry-run recovery workflow (for safe mnemonic validation)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device is waiting for user to enter word of the mnemonic
 | 
					
						
							|  |  |  |  * Its position is shown only on device's internal display.
 | 
					
						
							|  |  |  |  * @prev RecoveryDevice
 | 
					
						
							|  |  |  |  * @prev WordAck
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message WordRequest {
 | 
					
						
							|  |  |  | 	optional WordRequestType type = 1;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Computer replies with word from the mnemonic
 | 
					
						
							|  |  |  |  * @prev WordRequest
 | 
					
						
							|  |  |  |  * @next WordRequest
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message WordAck {
 | 
					
						
							|  |  |  | 	required string word = 1;				// one word of mnemonic on asked position
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | //////////////////////////////
 | 
					
						
							|  |  |  | // Message signing messages //
 | 
					
						
							|  |  |  | //////////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to sign message | 
					
						
							|  |  |  |  * @next MessageSignature
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SignMessage {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;						// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	required bytes message = 2;						// message to be signed
 | 
					
						
							|  |  |  | 	optional string coin_name = 3 [default='Bitcoin'];			// coin to use for signing
 | 
					
						
							|  |  |  | 	optional InputScriptType script_type = 4 [default=SPENDADDRESS];	// used to distinguish between various address formats (non-segwit, segwit, etc.)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to verify message | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message VerifyMessage {
 | 
					
						
							|  |  |  | 	optional string address = 1;				// address to verify
 | 
					
						
							|  |  |  | 	optional bytes signature = 2;				// signature to verify
 | 
					
						
							|  |  |  | 	optional bytes message = 3;				// message to verify
 | 
					
						
							|  |  |  | 	optional string coin_name = 4 [default='Bitcoin'];	// coin to use for verifying
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Signed message | 
					
						
							|  |  |  |  * @prev SignMessage
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message MessageSignature {
 | 
					
						
							|  |  |  | 	optional string address = 1;				// address used to sign the message
 | 
					
						
							|  |  |  | 	optional bytes signature = 2;				// signature of the message
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ///////////////////////////
 | 
					
						
							|  |  |  | // Encryption/decryption //
 | 
					
						
							|  |  |  | ///////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to encrypt message | 
					
						
							|  |  |  |  * @next EncryptedMessage
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EncryptMessage {
 | 
					
						
							|  |  |  | 	optional bytes pubkey = 1;				// public key
 | 
					
						
							|  |  |  | 	optional bytes message = 2;				// message to encrypt
 | 
					
						
							|  |  |  | 	optional bool display_only = 3;				// show just on display? (don't send back via wire)
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 4;				// BIP-32 path to derive the signing key from master node
 | 
					
						
							|  |  |  | 	optional string coin_name = 5 [default='Bitcoin'];	// coin to use for signing
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Encrypted message | 
					
						
							|  |  |  |  * @prev EncryptMessage
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EncryptedMessage {
 | 
					
						
							|  |  |  | 	optional bytes nonce = 1;				// nonce used during encryption
 | 
					
						
							|  |  |  | 	optional bytes message = 2;				// encrypted message
 | 
					
						
							|  |  |  | 	optional bytes hmac = 3;				// message hmac
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to decrypt message | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DecryptMessage {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;				// BIP-32 path to derive the decryption key from master node
 | 
					
						
							|  |  |  | 	optional bytes nonce = 2;				// nonce used during encryption
 | 
					
						
							|  |  |  | 	optional bytes message = 3;				// message to decrypt
 | 
					
						
							|  |  |  | 	optional bytes hmac = 4;				// message hmac
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Decrypted message | 
					
						
							|  |  |  |  * @prev DecryptedMessage
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DecryptedMessage {
 | 
					
						
							|  |  |  | 	optional bytes message = 1;				// decrypted message
 | 
					
						
							|  |  |  | 	optional string address = 2;				// address used to sign the message (if used)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to encrypt or decrypt value of given key
 | 
					
						
							|  |  |  |  * @next CipheredKeyValue
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message CipherKeyValue {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;		// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	optional string key = 2;		// key component of key:value
 | 
					
						
							|  |  |  | 	optional bytes value = 3;		// value component of key:value
 | 
					
						
							|  |  |  | 	optional bool encrypt = 4;		// are we encrypting (True) or decrypting (False)?
 | 
					
						
							|  |  |  | 	optional bool ask_on_encrypt = 5;	// should we ask on encrypt operation?
 | 
					
						
							|  |  |  | 	optional bool ask_on_decrypt = 6;	// should we ask on decrypt operation?
 | 
					
						
							|  |  |  | 	optional bytes iv = 7;			// initialization vector (will be computed if not set)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Return ciphered/deciphered value
 | 
					
						
							|  |  |  |  * @prev CipherKeyValue
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message CipheredKeyValue {
 | 
					
						
							|  |  |  | 	optional bytes value = 1;		// ciphered/deciphered value
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | //////////////////////////////////
 | 
					
						
							|  |  |  | // Transaction signing messages //
 | 
					
						
							|  |  |  | //////////////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Estimated size of the transaction
 | 
					
						
							|  |  |  |  * This behaves exactly like SignTx, which means that it can ask using TxRequest
 | 
					
						
							|  |  |  |  * This call is non-blocking (except possible PassphraseRequest to unlock the seed)
 | 
					
						
							|  |  |  |  * @next TxSize
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EstimateTxSize {
 | 
					
						
							|  |  |  | 	required uint32 outputs_count = 1;			// number of transaction outputs
 | 
					
						
							|  |  |  | 	required uint32 inputs_count = 2;			// number of transaction inputs
 | 
					
						
							|  |  |  | 	optional string coin_name = 3 [default='Bitcoin'];	// coin to use
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Estimated size of the transaction
 | 
					
						
							|  |  |  |  * @prev EstimateTxSize
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message TxSize {
 | 
					
						
							|  |  |  | 	optional uint32 tx_size = 1;				// estimated size of transaction in bytes
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to sign transaction
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next PinMatrixRequest
 | 
					
						
							|  |  |  |  * @next TxRequest
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SignTx {
 | 
					
						
							|  |  |  | 	required uint32 outputs_count = 1;			// number of transaction outputs
 | 
					
						
							|  |  |  | 	required uint32 inputs_count = 2;			// number of transaction inputs
 | 
					
						
							|  |  |  | 	optional string coin_name = 3 [default='Bitcoin'];	// coin to use
 | 
					
						
							|  |  |  | 	optional uint32 version = 4 [default=1];		// transaction version
 | 
					
						
							|  |  |  | 	optional uint32 lock_time = 5 [default=0];		// transaction lock_time
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Simplified transaction signing
 | 
					
						
							|  |  |  |  * This method doesn't support streaming, so there are hardware limits in number of inputs and outputs.
 | 
					
						
							|  |  |  |  * In case of success, the result is returned using TxRequest message.
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next PinMatrixRequest
 | 
					
						
							|  |  |  |  * @next TxRequest
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SimpleSignTx {
 | 
					
						
							|  |  |  | 	repeated TxInputType inputs = 1;			// transaction inputs
 | 
					
						
							|  |  |  | 	repeated TxOutputType outputs = 2;			// transaction outputs
 | 
					
						
							|  |  |  | 	repeated TransactionType transactions = 3;		// transactions whose outputs are used to build current inputs
 | 
					
						
							|  |  |  | 	optional string coin_name = 4 [default='Bitcoin'];	// coin to use
 | 
					
						
							|  |  |  | 	optional uint32 version = 5 [default=1];		// transaction version
 | 
					
						
							|  |  |  | 	optional uint32 lock_time = 6 [default=0];		// transaction lock_time
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device asks for information for signing transaction or returns the last result
 | 
					
						
							|  |  |  |  * If request_index is set, device awaits TxAck message (with fields filled in according to request_type)
 | 
					
						
							|  |  |  |  * If signature_index is set, 'signature' contains signed input of signature_index's input
 | 
					
						
							|  |  |  |  * @prev SignTx
 | 
					
						
							|  |  |  |  * @prev SimpleSignTx
 | 
					
						
							|  |  |  |  * @prev TxAck
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message TxRequest {
 | 
					
						
							|  |  |  | 	optional RequestType request_type = 1;			// what should be filled in TxAck message?
 | 
					
						
							|  |  |  | 	optional TxRequestDetailsType details = 2;		// request for tx details
 | 
					
						
							|  |  |  | 	optional TxRequestSerializedType serialized = 3;	// serialized data and request for next
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Reported transaction data
 | 
					
						
							|  |  |  |  * @prev TxRequest
 | 
					
						
							|  |  |  |  * @next TxRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message TxAck {
 | 
					
						
							|  |  |  | 	optional TransactionType tx = 1;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to sign transaction
 | 
					
						
							|  |  |  |  * All fields are optional from the protocol's point of view. Each field defaults to value `0` if missing.
 | 
					
						
							|  |  |  |  * Note: the first at most 1024 bytes of data MUST be transmitted as part of this message.
 | 
					
						
							|  |  |  |  * @next PassphraseRequest
 | 
					
						
							|  |  |  |  * @next PinMatrixRequest
 | 
					
						
							|  |  |  |  * @next EthereumTxRequest
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumSignTx {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;			// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	optional bytes nonce = 2;			// <=256 bit unsigned big endian
 | 
					
						
							|  |  |  | 	optional bytes gas_price = 3;			// <=256 bit unsigned big endian (in wei)
 | 
					
						
							|  |  |  | 	optional bytes gas_limit = 4;			// <=256 bit unsigned big endian
 | 
					
						
							|  |  |  | 	optional bytes to = 5;				// 160 bit address hash
 | 
					
						
							|  |  |  | 	optional bytes value = 6;			// <=256 bit unsigned big endian (in wei)
 | 
					
						
							|  |  |  | 	optional bytes data_initial_chunk = 7;		// The initial data chunk (<= 1024 bytes)
 | 
					
						
							|  |  |  | 	optional uint32 data_length = 8;		// Length of transaction payload
 | 
					
						
							|  |  |  | 	optional uint32 chain_id = 9;			// Chain Id for EIP 155
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device asks for more data from transaction payload, or returns the signature.
 | 
					
						
							|  |  |  |  * If data_length is set, device awaits that many more bytes of payload.
 | 
					
						
							|  |  |  |  * Otherwise, the signature_* fields contain the computed transaction signature. All three fields will be present.
 | 
					
						
							|  |  |  |  * @prev EthereumSignTx
 | 
					
						
							|  |  |  |  * @next EthereumTxAck
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumTxRequest {
 | 
					
						
							|  |  |  | 	optional uint32 data_length = 1;		// Number of bytes being requested (<= 1024)
 | 
					
						
							|  |  |  | 	optional uint32 signature_v = 2;		// Computed signature (recovery parameter, limited to 27 or 28)
 | 
					
						
							|  |  |  | 	optional bytes signature_r = 3;			// Computed signature R component (256 bit)
 | 
					
						
							|  |  |  | 	optional bytes signature_s = 4;			// Computed signature S component (256 bit)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Transaction payload data.
 | 
					
						
							|  |  |  |  * @prev EthereumTxRequest
 | 
					
						
							|  |  |  |  * @next EthereumTxRequest
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumTxAck {
 | 
					
						
							|  |  |  | 	optional bytes data_chunk = 1;			// Bytes from transaction payload (<= 1024 bytes)
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ////////////////////////////////////////
 | 
					
						
							|  |  |  | // Ethereum: Message signing messages //
 | 
					
						
							|  |  |  | ////////////////////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to sign message | 
					
						
							|  |  |  |  * @next EthereumMessageSignature
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumSignMessage {
 | 
					
						
							|  |  |  | 	repeated uint32 address_n = 1;				// BIP-32 path to derive the key from master node
 | 
					
						
							|  |  |  | 	required bytes message = 2;				// message to be signed
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to verify message | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumVerifyMessage {
 | 
					
						
							|  |  |  | 	optional bytes address = 1;				// address to verify
 | 
					
						
							|  |  |  | 	optional bytes signature = 2;				// signature to verify
 | 
					
						
							|  |  |  | 	optional bytes message = 3;				// message to verify
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Signed message | 
					
						
							|  |  |  |  * @prev EthereumSignMessage
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message EthereumMessageSignature {
 | 
					
						
							|  |  |  | 	optional bytes address = 1;				// address used to sign the message
 | 
					
						
							|  |  |  | 	optional bytes signature = 2;				// signature of the message
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ///////////////////////
 | 
					
						
							|  |  |  | // Identity messages //
 | 
					
						
							|  |  |  | ///////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to sign identity
 | 
					
						
							|  |  |  |  * @next SignedIdentity
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SignIdentity {
 | 
					
						
							|  |  |  | 	optional IdentityType identity = 1;		// identity
 | 
					
						
							|  |  |  | 	optional bytes challenge_hidden = 2;		// non-visible challenge
 | 
					
						
							|  |  |  | 	optional string challenge_visual = 3;		// challenge shown on display (e.g. date+time)
 | 
					
						
							|  |  |  | 	optional string ecdsa_curve_name = 4;		// ECDSA curve name to use
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device provides signed identity
 | 
					
						
							|  |  |  |  * @prev SignIdentity
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SignedIdentity {
 | 
					
						
							|  |  |  | 	optional string address = 1;			// identity address
 | 
					
						
							|  |  |  | 	optional bytes public_key = 2;			// identity public key
 | 
					
						
							|  |  |  | 	optional bytes signature = 3;			// signature of the identity data
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ///////////////////
 | 
					
						
							|  |  |  | // ECDH messages //
 | 
					
						
							|  |  |  | ///////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to generate ECDH session key
 | 
					
						
							|  |  |  |  * @next ECDHSessionKey
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message GetECDHSessionKey {
 | 
					
						
							|  |  |  | 	optional IdentityType identity = 1;		// identity
 | 
					
						
							|  |  |  | 	optional bytes peer_public_key = 2;		// peer's public key
 | 
					
						
							|  |  |  | 	optional string ecdsa_curve_name = 3;		// ECDSA curve name to use
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device provides ECDH session key
 | 
					
						
							|  |  |  |  * @prev GetECDHSessionKey
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message ECDHSessionKey {
 | 
					
						
							|  |  |  | 	optional bytes session_key = 1;			// ECDH session key
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ///////////////////
 | 
					
						
							|  |  |  | // U2F messages //
 | 
					
						
							|  |  |  | ///////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Set U2F counter
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SetU2FCounter {
 | 
					
						
							|  |  |  | 	optional uint32 u2f_counter = 1;		// counter
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /////////////////////////
 | 
					
						
							|  |  |  | // Bootloader messages //
 | 
					
						
							|  |  |  | /////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to erase its firmware (so it can be replaced via FirmwareUpload)
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next FirmwareRequest
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message FirmwareErase {
 | 
					
						
							|  |  |  | 	optional uint32 length = 1;			// length of new firmware
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Ask for firmware chunk
 | 
					
						
							|  |  |  |  * @next FirmwareUpload
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message FirmwareRequest {
 | 
					
						
							|  |  |  | 	optional uint32 offset = 1;			// offset of requested firmware chunk
 | 
					
						
							|  |  |  | 	optional uint32 length = 2;			// length of requested firmware chunk
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Send firmware in binary form to the device
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message FirmwareUpload {
 | 
					
						
							|  |  |  | 	required bytes payload = 1;			// firmware to be loaded into device
 | 
					
						
							|  |  |  | 	optional bytes hash = 2;			// hash of the payload
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Perform a device self-test
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  * @next Failure
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message SelfTest {
 | 
					
						
							|  |  |  | 	optional bytes payload = 1;			// payload to be used in self-test
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /////////////////////////////////////////////////////////////
 | 
					
						
							|  |  |  | // Debug messages (only available if DebugLink is enabled) //
 | 
					
						
							|  |  |  | /////////////////////////////////////////////////////////////
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: "Press" the button on the device
 | 
					
						
							|  |  |  |  * @next Success
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkDecision {
 | 
					
						
							|  |  |  | 	required bool yes_no = 1;			// true for "Confirm", false for "Cancel"
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Computer asks for device state
 | 
					
						
							|  |  |  |  * @next DebugLinkState
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkGetState {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device current state
 | 
					
						
							|  |  |  |  * @prev DebugLinkGetState
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkState {
 | 
					
						
							|  |  |  | 	optional bytes layout = 1;			// raw buffer of display
 | 
					
						
							|  |  |  | 	optional string pin = 2;			// current PIN, blank if PIN is not set/enabled
 | 
					
						
							|  |  |  | 	optional string matrix = 3;			// current PIN matrix
 | 
					
						
							|  |  |  | 	optional string mnemonic = 4;			// current BIP-39 mnemonic
 | 
					
						
							|  |  |  | 	optional HDNodeType node = 5;			// current BIP-32 node
 | 
					
						
							|  |  |  | 	optional bool passphrase_protection = 6;	// is node/mnemonic encrypted using passphrase?
 | 
					
						
							|  |  |  | 	optional string reset_word = 7;			// word on device display during ResetDevice workflow
 | 
					
						
							|  |  |  | 	optional bytes reset_entropy = 8;		// current entropy during ResetDevice workflow
 | 
					
						
							|  |  |  | 	optional string recovery_fake_word = 9;		// (fake) word on display during RecoveryDevice workflow
 | 
					
						
							|  |  |  | 	optional uint32 recovery_word_pos = 10;		// index of mnemonic word the device is expecting during RecoveryDevice workflow
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Ask device to restart
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkStop {
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device wants host to log event
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkLog {
 | 
					
						
							|  |  |  | 	optional uint32 level = 1;
 | 
					
						
							|  |  |  | 	optional string bucket = 2;
 | 
					
						
							|  |  |  | 	optional string text = 3;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Read memory from device
 | 
					
						
							|  |  |  |  * @next DebugLinkMemory
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkMemoryRead {
 | 
					
						
							|  |  |  | 	optional uint32 address = 1;
 | 
					
						
							|  |  |  | 	optional uint32 length = 2;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Response: Device sends memory back
 | 
					
						
							|  |  |  |  * @prev DebugLinkMemoryRead
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkMemory {
 | 
					
						
							|  |  |  | 	optional bytes memory = 1;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Write memory to device.
 | 
					
						
							|  |  |  |  * WARNING: Writing to the wrong location can irreparably break the device.
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkMemoryWrite {
 | 
					
						
							|  |  |  | 	optional uint32 address = 1;
 | 
					
						
							|  |  |  | 	optional bytes memory = 2;
 | 
					
						
							|  |  |  | 	optional bool flash = 3;
 | 
					
						
							|  |  |  | }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Request: Erase block of flash on device
 | 
					
						
							|  |  |  |  * WARNING: Writing to the wrong location can irreparably break the device.
 | 
					
						
							|  |  |  |  */
 | 
					
						
							|  |  |  | message DebugLinkFlashErase {
 | 
					
						
							|  |  |  | 	optional uint32 sector = 1;
 | 
					
						
							|  |  |  | }
 |