accounts/usbwallet/trezor: expose protobuf package (#17980)

When some of the same messages are redefined anywhere in a Go project, the protobuf package panics (see https://github.com/golang/protobuf/issues/178). Since this package is internal, there is no way to work around it, as one cannot use it directly, but also cannot define the same messages. There is no downside in making the package accessible.
2019-01-26 14:30:47 +01:00
parent 2209fede4e
commit dddd6ef006
6 changed files with 1 additions and 1 deletions
--- a/accounts/usbwallet/trezor/messages.pb.go
+++ b/accounts/usbwallet/trezor/messages.pb.go
--- a/accounts/usbwallet/trezor/messages.proto
+++ b/accounts/usbwallet/trezor/messages.proto
@ -0,0 +1,905 @@
+// This file originates from the SatoshiLabs Trezor `common` repository at:
+//   https://github.com/trezor/trezor-common/blob/master/protob/messages.proto
+// dated 28.07.2017, commit dd8ec3231fb5f7992360aff9bdfe30bb58130f4b.
+
+syntax = "proto2";
+
+/**
+ * Messages for TREZOR communication
+ */
+
+// Sugar for easier handling in Java
+option java_package = "com.satoshilabs.trezor.lib.protobuf";
+option java_outer_classname = "TrezorMessage";
+
+import "types.proto";
+
+/**
+ * Mapping between Trezor wire identifier (uint) and a protobuf message
+ */
+enum MessageType {
+	MessageType_Initialize = 0 [(wire_in) = true];
+	MessageType_Ping = 1 [(wire_in) = true];
+	MessageType_Success = 2 [(wire_out) = true];
+	MessageType_Failure = 3 [(wire_out) = true];
+	MessageType_ChangePin = 4 [(wire_in) = true];
+	MessageType_WipeDevice = 5 [(wire_in) = true];
+	MessageType_FirmwareErase = 6 [(wire_in) = true, (wire_bootloader) = true];
+	MessageType_FirmwareUpload = 7 [(wire_in) = true, (wire_bootloader) = true];
+	MessageType_FirmwareRequest = 8 [(wire_out) = true, (wire_bootloader) = true];
+	MessageType_GetEntropy = 9 [(wire_in) = true];
+	MessageType_Entropy = 10 [(wire_out) = true];
+	MessageType_GetPublicKey = 11 [(wire_in) = true];
+	MessageType_PublicKey = 12 [(wire_out) = true];
+	MessageType_LoadDevice = 13 [(wire_in) = true];
+	MessageType_ResetDevice = 14 [(wire_in) = true];
+	MessageType_SignTx = 15 [(wire_in) = true];
+	MessageType_SimpleSignTx = 16 [(wire_in) = true, deprecated = true];
+	MessageType_Features = 17 [(wire_out) = true];
+	MessageType_PinMatrixRequest = 18 [(wire_out) = true];
+	MessageType_PinMatrixAck = 19 [(wire_in) = true, (wire_tiny) = true];
+	MessageType_Cancel = 20 [(wire_in) = true];
+	MessageType_TxRequest = 21 [(wire_out) = true];
+	MessageType_TxAck = 22 [(wire_in) = true];
+	MessageType_CipherKeyValue = 23 [(wire_in) = true];
+	MessageType_ClearSession = 24 [(wire_in) = true];
+	MessageType_ApplySettings = 25 [(wire_in) = true];
+	MessageType_ButtonRequest = 26 [(wire_out) = true];
+	MessageType_ButtonAck = 27 [(wire_in) = true, (wire_tiny) = true];
+	MessageType_ApplyFlags = 28 [(wire_in) = true];
+	MessageType_GetAddress = 29 [(wire_in) = true];
+	MessageType_Address = 30 [(wire_out) = true];
+	MessageType_SelfTest = 32 [(wire_in) = true, (wire_bootloader) = true];
+	MessageType_BackupDevice = 34 [(wire_in) = true];
+	MessageType_EntropyRequest = 35 [(wire_out) = true];
+	MessageType_EntropyAck = 36 [(wire_in) = true];
+	MessageType_SignMessage = 38 [(wire_in) = true];
+	MessageType_VerifyMessage = 39 [(wire_in) = true];
+	MessageType_MessageSignature = 40 [(wire_out) = true];
+	MessageType_PassphraseRequest = 41 [(wire_out) = true];
+	MessageType_PassphraseAck = 42 [(wire_in) = true, (wire_tiny) = true];
+	MessageType_EstimateTxSize = 43 [(wire_in) = true, deprecated = true];
+	MessageType_TxSize = 44 [(wire_out) = true, deprecated = true];
+	MessageType_RecoveryDevice = 45 [(wire_in) = true];
+	MessageType_WordRequest = 46 [(wire_out) = true];
+	MessageType_WordAck = 47 [(wire_in) = true];
+	MessageType_CipheredKeyValue = 48 [(wire_out) = true];
+	MessageType_EncryptMessage = 49 [(wire_in) = true, deprecated = true];
+	MessageType_EncryptedMessage = 50 [(wire_out) = true, deprecated = true];
+	MessageType_DecryptMessage = 51 [(wire_in) = true, deprecated = true];
+	MessageType_DecryptedMessage = 52 [(wire_out) = true, deprecated = true];
+	MessageType_SignIdentity = 53 [(wire_in) = true];
+	MessageType_SignedIdentity = 54 [(wire_out) = true];
+	MessageType_GetFeatures = 55 [(wire_in) = true];
+	MessageType_EthereumGetAddress = 56 [(wire_in) = true];
+	MessageType_EthereumAddress = 57 [(wire_out) = true];
+	MessageType_EthereumSignTx = 58 [(wire_in) = true];
+	MessageType_EthereumTxRequest = 59 [(wire_out) = true];
+	MessageType_EthereumTxAck = 60 [(wire_in) = true];
+	MessageType_GetECDHSessionKey = 61 [(wire_in) = true];
+	MessageType_ECDHSessionKey = 62 [(wire_out) = true];
+	MessageType_SetU2FCounter = 63 [(wire_in) = true];
+	MessageType_EthereumSignMessage = 64 [(wire_in) = true];
+	MessageType_EthereumVerifyMessage = 65 [(wire_in) = true];
+	MessageType_EthereumMessageSignature = 66 [(wire_out) = true];
+	MessageType_DebugLinkDecision = 100 [(wire_debug_in) = true, (wire_tiny) = true];
+	MessageType_DebugLinkGetState = 101 [(wire_debug_in) = true];
+	MessageType_DebugLinkState = 102 [(wire_debug_out) = true];
+	MessageType_DebugLinkStop = 103 [(wire_debug_in) = true];
+	MessageType_DebugLinkLog = 104 [(wire_debug_out) = true];
+	MessageType_DebugLinkMemoryRead = 110 [(wire_debug_in) = true];
+	MessageType_DebugLinkMemory = 111 [(wire_debug_out) = true];
+	MessageType_DebugLinkMemoryWrite = 112 [(wire_debug_in) = true];
+	MessageType_DebugLinkFlashErase = 113 [(wire_debug_in) = true];
+}
+
+////////////////////
+// Basic messages //
+////////////////////
+
+/**
+ * Request: Reset device to default state and ask for device details
+ * @next Features
+ */
+message Initialize {
+}
+
+/**
+ * Request: Ask for device details (no device reset)
+ * @next Features
+ */
+message GetFeatures {
+}
+
+/**
+ * Response: Reports various information about the device
+ * @prev Initialize
+ * @prev GetFeatures
+ */
+message Features {
+	optional string vendor = 1;			// name of the manufacturer, e.g. "bitcointrezor.com"
+	optional uint32 major_version = 2;		// major version of the device, e.g. 1
+	optional uint32 minor_version = 3;		// minor version of the device, e.g. 0
+	optional uint32 patch_version = 4;		// patch version of the device, e.g. 0
+	optional bool bootloader_mode = 5;		// is device in bootloader mode?
+	optional string device_id = 6;			// device's unique identifier
+	optional bool pin_protection = 7;		// is device protected by PIN?
+	optional bool passphrase_protection = 8;	// is node/mnemonic encrypted using passphrase?
+	optional string language = 9;			// device language
+	optional string label = 10;			// device description label
+	repeated CoinType coins = 11;			// supported coins
+	optional bool initialized = 12;			// does device contain seed?
+	optional bytes revision = 13;			// SCM revision of firmware
+	optional bytes bootloader_hash = 14;		// hash of the bootloader
+	optional bool imported = 15;			// was storage imported from an external source?
+	optional bool pin_cached = 16;			// is PIN already cached in session?
+	optional bool passphrase_cached = 17;		// is passphrase already cached in session?
+	optional bool firmware_present = 18;		// is valid firmware loaded?
+	optional bool needs_backup = 19;		// does storage need backup? (equals to Storage.needs_backup)
+	optional uint32 flags = 20;			// device flags (equals to Storage.flags)
+}
+
+/**
+ * Request: clear session (removes cached PIN, passphrase, etc).
+ * @next Success
+ */
+message ClearSession {
+}
+
+/**
+ * Request: change language and/or label of the device
+ * @next Success
+ * @next Failure
+ * @next ButtonRequest
+ * @next PinMatrixRequest
+ */
+message ApplySettings {
+	optional string language = 1;
+	optional string label = 2;
+	optional bool use_passphrase = 3;
+	optional bytes homescreen = 4;
+}
+
+/**
+ * Request: set flags of the device
+ * @next Success
+ * @next Failure
+ */
+message ApplyFlags {
+	optional uint32 flags = 1;	// bitmask, can only set bits, not unset
+}
+
+/**
+ * Request: Starts workflow for setting/changing/removing the PIN
+ * @next ButtonRequest
+ * @next PinMatrixRequest
+ */
+message ChangePin {
+	optional bool remove = 1;	// is PIN removal requested?
+}
+
+/**
+ * Request: Test if the device is alive, device sends back the message in Success response
+ * @next Success
+ */
+message Ping {
+	optional string message = 1;			// message to send back in Success message
+	optional bool button_protection = 2;		// ask for button press
+	optional bool pin_protection = 3;		// ask for PIN if set in device
+	optional bool passphrase_protection = 4;	// ask for passphrase if set in device
+}
+
+/**
+ * Response: Success of the previous request
+ */
+message Success {
+	optional string message = 1;	// human readable description of action or request-specific payload
+}
+
+/**
+ * Response: Failure of the previous request
+ */
+message Failure {
+	optional FailureType code = 1;	// computer-readable definition of the error state
+	optional string message = 2;	// human-readable message of the error state
+}
+
+/**
+ * Response: Device is waiting for HW button press.
+ * @next ButtonAck
+ * @next Cancel
+ */
+message ButtonRequest {
+	optional ButtonRequestType code = 1;
+	optional string data = 2;
+}
+
+/**
+ * Request: Computer agrees to wait for HW button press
+ * @prev ButtonRequest
+ */
+message ButtonAck {
+}
+
+/**
+ * Response: Device is asking computer to show PIN matrix and awaits PIN encoded using this matrix scheme
+ * @next PinMatrixAck
+ * @next Cancel
+ */
+message PinMatrixRequest {
+	optional PinMatrixRequestType type = 1;
+}
+
+/**
+ * Request: Computer responds with encoded PIN
+ * @prev PinMatrixRequest
+ */
+message PinMatrixAck {
+	required string pin = 1;		// matrix encoded PIN entered by user
+}
+
+/**
+ * Request: Abort last operation that required user interaction
+ * @prev ButtonRequest
+ * @prev PinMatrixRequest
+ * @prev PassphraseRequest
+ */
+message Cancel {
+}
+
+/**
+ * Response: Device awaits encryption passphrase
+ * @next PassphraseAck
+ * @next Cancel
+ */
+message PassphraseRequest {
+}
+
+/**
+ * Request: Send passphrase back
+ * @prev PassphraseRequest
+ */
+message PassphraseAck {
+	required string passphrase = 1;
+}
+
+/**
+ * Request: Request a sample of random data generated by hardware RNG. May be used for testing.
+ * @next ButtonRequest
+ * @next Entropy
+ * @next Failure
+ */
+message GetEntropy {
+	required uint32 size = 1;		// size of requested entropy
+}
+
+/**
+ * Response: Reply with random data generated by internal RNG
+ * @prev GetEntropy
+ */
+message Entropy {
+	required bytes entropy = 1;		// stream of random generated bytes
+}
+
+/**
+ * Request: Ask device for public key corresponding to address_n path
+ * @next PassphraseRequest
+ * @next PublicKey
+ * @next Failure
+ */
+message GetPublicKey {
+	repeated uint32 address_n = 1;		// BIP-32 path to derive the key from master node
+	optional string ecdsa_curve_name = 2;	// ECDSA curve name to use
+	optional bool show_display = 3;		// optionally show on display before sending the result
+	optional string coin_name = 4 [default='Bitcoin'];
+}
+
+/**
+ * Response: Contains public key derived from device private seed
+ * @prev GetPublicKey
+ */
+message PublicKey {
+	required HDNodeType node = 1;		// BIP32 public node
+	optional string xpub = 2;		// serialized form of public node
+}
+
+/**
+ * Request: Ask device for address corresponding to address_n path
+ * @next PassphraseRequest
+ * @next Address
+ * @next Failure
+ */
+message GetAddress {
+	repeated uint32 address_n = 1;						// BIP-32 path to derive the key from master node
+	optional string coin_name = 2 [default='Bitcoin'];
+	optional bool show_display = 3			;			// optionally show on display before sending the result
+	optional MultisigRedeemScriptType multisig = 4;				// filled if we are showing a multisig address
+	optional InputScriptType script_type = 5 [default=SPENDADDRESS];	// used to distinguish between various address formats (non-segwit, segwit, etc.)
+}
+
+/**
+ * Request: Ask device for Ethereum address corresponding to address_n path
+ * @next PassphraseRequest
+ * @next EthereumAddress
+ * @next Failure
+ */
+message EthereumGetAddress {
+	repeated uint32 address_n = 1;			// BIP-32 path to derive the key from master node
+	optional bool show_display = 2;			// optionally show on display before sending the result
+}
+
+/**
+ * Response: Contains address derived from device private seed
+ * @prev GetAddress
+ */
+message Address {
+	required string address = 1;		// Coin address in Base58 encoding
+}
+
+/**
+ * Response: Contains an Ethereum address derived from device private seed
+ * @prev EthereumGetAddress
+ */
+message EthereumAddress {
+	required bytes address = 1;		// Coin address as an Ethereum 160 bit hash
+}
+
+/**
+ * Request: Request device to wipe all sensitive data and settings
+ * @next ButtonRequest
+ */
+message WipeDevice {
+}
+
+/**
+ * Request: Load seed and related internal settings from the computer
+ * @next ButtonRequest
+ * @next Success
+ * @next Failure
+ */
+message LoadDevice {
+	optional string mnemonic = 1;				// seed encoded as BIP-39 mnemonic (12, 18 or 24 words)
+	optional HDNodeType node = 2;				// BIP-32 node
+	optional string pin = 3;				// set PIN protection
+	optional bool passphrase_protection = 4;		// enable master node encryption using passphrase
+	optional string language = 5 [default='english'];	// device language
+	optional string label = 6;				// device label
+	optional bool skip_checksum = 7;			// do not test mnemonic for valid BIP-39 checksum
+	optional uint32 u2f_counter = 8;			// U2F counter
+}
+
+/**
+ * Request: Ask device to do initialization involving user interaction
+ * @next EntropyRequest
+ * @next Failure
+ */
+message ResetDevice {
+	optional bool display_random = 1;			// display entropy generated by the device before asking for additional entropy
+	optional uint32 strength = 2 [default=256];		// strength of seed in bits
+	optional bool passphrase_protection = 3;		// enable master node encryption using passphrase
+	optional bool pin_protection = 4;			// enable PIN protection
+	optional string language = 5 [default='english'];	// device language
+	optional string label = 6;				// device label
+	optional uint32 u2f_counter = 7;			// U2F counter
+	optional bool skip_backup = 8;				// postpone seed backup to BackupDevice workflow
+}
+
+/**
+ * Request: Perform backup of the device seed if not backed up using ResetDevice
+ * @next ButtonRequest
+ */
+message BackupDevice {
+}
+
+/**
+ * Response: Ask for additional entropy from host computer
+ * @prev ResetDevice
+ * @next EntropyAck
+ */
+message EntropyRequest {
+}
+
+/**
+ * Request: Provide additional entropy for seed generation function
+ * @prev EntropyRequest
+ * @next ButtonRequest
+ */
+message EntropyAck {
+	optional bytes entropy = 1;				// 256 bits (32 bytes) of random data
+}
+
+/**
+ * Request: Start recovery workflow asking user for specific words of mnemonic
+ * Used to recovery device safely even on untrusted computer.
+ * @next WordRequest
+ */
+message RecoveryDevice {
+	optional uint32 word_count = 1;				// number of words in BIP-39 mnemonic
+	optional bool passphrase_protection = 2;		// enable master node encryption using passphrase
+	optional bool pin_protection = 3;			// enable PIN protection
+	optional string language = 4 [default='english'];	// device language
+	optional string label = 5;				// device label
+	optional bool enforce_wordlist = 6;			// enforce BIP-39 wordlist during the process
+	// 7 reserved for unused recovery method
+	optional uint32 type = 8;				// supported recovery type (see RecoveryType)
+	optional uint32 u2f_counter = 9;			// U2F counter
+	optional bool dry_run = 10;				// perform dry-run recovery workflow (for safe mnemonic validation)
+}
+
+/**
+ * Response: Device is waiting for user to enter word of the mnemonic
+ * Its position is shown only on device's internal display.
+ * @prev RecoveryDevice
+ * @prev WordAck
+ */
+message WordRequest {
+	optional WordRequestType type = 1;
+}
+
+/**
+ * Request: Computer replies with word from the mnemonic
+ * @prev WordRequest
+ * @next WordRequest
+ * @next Success
+ * @next Failure
+ */
+message WordAck {
+	required string word = 1;				// one word of mnemonic on asked position
+}
+
+//////////////////////////////
+// Message signing messages //
+//////////////////////////////
+
+/**
+ * Request: Ask device to sign message
+ * @next MessageSignature
+ * @next Failure
+ */
+message SignMessage {
+	repeated uint32 address_n = 1;						// BIP-32 path to derive the key from master node
+	required bytes message = 2;						// message to be signed
+	optional string coin_name = 3 [default='Bitcoin'];			// coin to use for signing
+	optional InputScriptType script_type = 4 [default=SPENDADDRESS];	// used to distinguish between various address formats (non-segwit, segwit, etc.)
+}
+
+/**
+ * Request: Ask device to verify message
+ * @next Success
+ * @next Failure
+ */
+message VerifyMessage {
+	optional string address = 1;				// address to verify
+	optional bytes signature = 2;				// signature to verify
+	optional bytes message = 3;				// message to verify
+	optional string coin_name = 4 [default='Bitcoin'];	// coin to use for verifying
+}
+
+/**
+ * Response: Signed message
+ * @prev SignMessage
+ */
+message MessageSignature {
+	optional string address = 1;				// address used to sign the message
+	optional bytes signature = 2;				// signature of the message
+}
+
+///////////////////////////
+// Encryption/decryption //
+///////////////////////////
+
+/**
+ * Request: Ask device to encrypt message
+ * @next EncryptedMessage
+ * @next Failure
+ */
+message EncryptMessage {
+	optional bytes pubkey = 1;				// public key
+	optional bytes message = 2;				// message to encrypt
+	optional bool display_only = 3;				// show just on display? (don't send back via wire)
+	repeated uint32 address_n = 4;				// BIP-32 path to derive the signing key from master node
+	optional string coin_name = 5 [default='Bitcoin'];	// coin to use for signing
+}
+
+/**
+ * Response: Encrypted message
+ * @prev EncryptMessage
+ */
+message EncryptedMessage {
+	optional bytes nonce = 1;				// nonce used during encryption
+	optional bytes message = 2;				// encrypted message
+	optional bytes hmac = 3;				// message hmac
+}
+
+/**
+ * Request: Ask device to decrypt message
+ * @next Success
+ * @next Failure
+ */
+message DecryptMessage {
+	repeated uint32 address_n = 1;				// BIP-32 path to derive the decryption key from master node
+	optional bytes nonce = 2;				// nonce used during encryption
+	optional bytes message = 3;				// message to decrypt
+	optional bytes hmac = 4;				// message hmac
+}
+
+/**
+ * Response: Decrypted message
+ * @prev DecryptedMessage
+ */
+message DecryptedMessage {
+	optional bytes message = 1;				// decrypted message
+	optional string address = 2;				// address used to sign the message (if used)
+}
+
+/**
+ * Request: Ask device to encrypt or decrypt value of given key
+ * @next CipheredKeyValue
+ * @next Failure
+ */
+message CipherKeyValue {
+	repeated uint32 address_n = 1;		// BIP-32 path to derive the key from master node
+	optional string key = 2;		// key component of key:value
+	optional bytes value = 3;		// value component of key:value
+	optional bool encrypt = 4;		// are we encrypting (True) or decrypting (False)?
+	optional bool ask_on_encrypt = 5;	// should we ask on encrypt operation?
+	optional bool ask_on_decrypt = 6;	// should we ask on decrypt operation?
+	optional bytes iv = 7;			// initialization vector (will be computed if not set)
+}
+
+/**
+ * Response: Return ciphered/deciphered value
+ * @prev CipherKeyValue
+ */
+message CipheredKeyValue {
+	optional bytes value = 1;		// ciphered/deciphered value
+}
+
+//////////////////////////////////
+// Transaction signing messages //
+//////////////////////////////////
+
+/**
+ * Request: Estimated size of the transaction
+ * This behaves exactly like SignTx, which means that it can ask using TxRequest
+ * This call is non-blocking (except possible PassphraseRequest to unlock the seed)
+ * @next TxSize
+ * @next Failure
+ */
+message EstimateTxSize {
+	required uint32 outputs_count = 1;			// number of transaction outputs
+	required uint32 inputs_count = 2;			// number of transaction inputs
+	optional string coin_name = 3 [default='Bitcoin'];	// coin to use
+}
+
+/**
+ * Response: Estimated size of the transaction
+ * @prev EstimateTxSize
+ */
+message TxSize {
+	optional uint32 tx_size = 1;				// estimated size of transaction in bytes
+}
+
+/**
+ * Request: Ask device to sign transaction
+ * @next PassphraseRequest
+ * @next PinMatrixRequest
+ * @next TxRequest
+ * @next Failure
+ */
+message SignTx {
+	required uint32 outputs_count = 1;			// number of transaction outputs
+	required uint32 inputs_count = 2;			// number of transaction inputs
+	optional string coin_name = 3 [default='Bitcoin'];	// coin to use
+	optional uint32 version = 4 [default=1];		// transaction version
+	optional uint32 lock_time = 5 [default=0];		// transaction lock_time
+}
+
+/**
+ * Request: Simplified transaction signing
+ * This method doesn't support streaming, so there are hardware limits in number of inputs and outputs.
+ * In case of success, the result is returned using TxRequest message.
+ * @next PassphraseRequest
+ * @next PinMatrixRequest
+ * @next TxRequest
+ * @next Failure
+ */
+message SimpleSignTx {
+	repeated TxInputType inputs = 1;			// transaction inputs
+	repeated TxOutputType outputs = 2;			// transaction outputs
+	repeated TransactionType transactions = 3;		// transactions whose outputs are used to build current inputs
+	optional string coin_name = 4 [default='Bitcoin'];	// coin to use
+	optional uint32 version = 5 [default=1];		// transaction version
+	optional uint32 lock_time = 6 [default=0];		// transaction lock_time
+}
+
+/**
+ * Response: Device asks for information for signing transaction or returns the last result
+ * If request_index is set, device awaits TxAck message (with fields filled in according to request_type)
+ * If signature_index is set, 'signature' contains signed input of signature_index's input
+ * @prev SignTx
+ * @prev SimpleSignTx
+ * @prev TxAck
+ */
+message TxRequest {
+	optional RequestType request_type = 1;			// what should be filled in TxAck message?
+	optional TxRequestDetailsType details = 2;		// request for tx details
+	optional TxRequestSerializedType serialized = 3;	// serialized data and request for next
+}
+
+/**
+ * Request: Reported transaction data
+ * @prev TxRequest
+ * @next TxRequest
+ */
+message TxAck {
+	optional TransactionType tx = 1;
+}
+
+/**
+ * Request: Ask device to sign transaction
+ * All fields are optional from the protocol's point of view. Each field defaults to value `0` if missing.
+ * Note: the first at most 1024 bytes of data MUST be transmitted as part of this message.
+ * @next PassphraseRequest
+ * @next PinMatrixRequest
+ * @next EthereumTxRequest
+ * @next Failure
+ */
+message EthereumSignTx {
+	repeated uint32 address_n = 1;			// BIP-32 path to derive the key from master node
+	optional bytes nonce = 2;			// <=256 bit unsigned big endian
+	optional bytes gas_price = 3;			// <=256 bit unsigned big endian (in wei)
+	optional bytes gas_limit = 4;			// <=256 bit unsigned big endian
+	optional bytes to = 5;				// 160 bit address hash
+	optional bytes value = 6;			// <=256 bit unsigned big endian (in wei)
+	optional bytes data_initial_chunk = 7;		// The initial data chunk (<= 1024 bytes)
+	optional uint32 data_length = 8;		// Length of transaction payload
+	optional uint32 chain_id = 9;			// Chain Id for EIP 155
+}
+
+/**
+ * Response: Device asks for more data from transaction payload, or returns the signature.
+ * If data_length is set, device awaits that many more bytes of payload.
+ * Otherwise, the signature_* fields contain the computed transaction signature. All three fields will be present.
+ * @prev EthereumSignTx
+ * @next EthereumTxAck
+ */
+message EthereumTxRequest {
+	optional uint32 data_length = 1;		// Number of bytes being requested (<= 1024)
+	optional uint32 signature_v = 2;		// Computed signature (recovery parameter, limited to 27 or 28)
+	optional bytes signature_r = 3;			// Computed signature R component (256 bit)
+	optional bytes signature_s = 4;			// Computed signature S component (256 bit)
+}
+
+/**
+ * Request: Transaction payload data.
+ * @prev EthereumTxRequest
+ * @next EthereumTxRequest
+ */
+message EthereumTxAck {
+	optional bytes data_chunk = 1;			// Bytes from transaction payload (<= 1024 bytes)
+}
+
+////////////////////////////////////////
+// Ethereum: Message signing messages //
+////////////////////////////////////////
+
+/**
+ * Request: Ask device to sign message
+ * @next EthereumMessageSignature
+ * @next Failure
+ */
+message EthereumSignMessage {
+	repeated uint32 address_n = 1;				// BIP-32 path to derive the key from master node
+	required bytes message = 2;				// message to be signed
+}
+
+/**
+ * Request: Ask device to verify message
+ * @next Success
+ * @next Failure
+ */
+message EthereumVerifyMessage {
+	optional bytes address = 1;				// address to verify
+	optional bytes signature = 2;				// signature to verify
+	optional bytes message = 3;				// message to verify
+}
+
+/**
+ * Response: Signed message
+ * @prev EthereumSignMessage
+ */
+message EthereumMessageSignature {
+	optional bytes address = 1;				// address used to sign the message
+	optional bytes signature = 2;				// signature of the message
+}
+
+///////////////////////
+// Identity messages //
+///////////////////////
+
+/**
+ * Request: Ask device to sign identity
+ * @next SignedIdentity
+ * @next Failure
+ */
+message SignIdentity {
+	optional IdentityType identity = 1;		// identity
+	optional bytes challenge_hidden = 2;		// non-visible challenge
+	optional string challenge_visual = 3;		// challenge shown on display (e.g. date+time)
+	optional string ecdsa_curve_name = 4;		// ECDSA curve name to use
+}
+
+/**
+ * Response: Device provides signed identity
+ * @prev SignIdentity
+ */
+message SignedIdentity {
+	optional string address = 1;			// identity address
+	optional bytes public_key = 2;			// identity public key
+	optional bytes signature = 3;			// signature of the identity data
+}
+
+///////////////////
+// ECDH messages //
+///////////////////
+
+/**
+ * Request: Ask device to generate ECDH session key
+ * @next ECDHSessionKey
+ * @next Failure
+ */
+message GetECDHSessionKey {
+	optional IdentityType identity = 1;		// identity
+	optional bytes peer_public_key = 2;		// peer's public key
+	optional string ecdsa_curve_name = 3;		// ECDSA curve name to use
+}
+
+/**
+ * Response: Device provides ECDH session key
+ * @prev GetECDHSessionKey
+ */
+message ECDHSessionKey {
+	optional bytes session_key = 1;			// ECDH session key
+}
+
+///////////////////
+// U2F messages //
+///////////////////
+
+/**
+ * Request: Set U2F counter
+ * @next Success
+ */
+message SetU2FCounter {
+	optional uint32 u2f_counter = 1;		// counter
+}
+
+/////////////////////////
+// Bootloader messages //
+/////////////////////////
+
+/**
+ * Request: Ask device to erase its firmware (so it can be replaced via FirmwareUpload)
+ * @next Success
+ * @next FirmwareRequest
+ * @next Failure
+ */
+message FirmwareErase {
+	optional uint32 length = 1;			// length of new firmware
+}
+
+/**
+ * Response: Ask for firmware chunk
+ * @next FirmwareUpload
+ */
+message FirmwareRequest {
+	optional uint32 offset = 1;			// offset of requested firmware chunk
+	optional uint32 length = 2;			// length of requested firmware chunk
+}
+
+/**
+ * Request: Send firmware in binary form to the device
+ * @next Success
+ * @next Failure
+ */
+message FirmwareUpload {
+	required bytes payload = 1;			// firmware to be loaded into device
+	optional bytes hash = 2;			// hash of the payload
+}
+
+
+/**
+ * Request: Perform a device self-test
+ * @next Success
+ * @next Failure
+ */
+message SelfTest {
+	optional bytes payload = 1;			// payload to be used in self-test
+}
+
+/////////////////////////////////////////////////////////////
+// Debug messages (only available if DebugLink is enabled) //
+/////////////////////////////////////////////////////////////
+
+/**
+ * Request: "Press" the button on the device
+ * @next Success
+ */
+message DebugLinkDecision {
+	required bool yes_no = 1;			// true for "Confirm", false for "Cancel"
+}
+
+/**
+ * Request: Computer asks for device state
+ * @next DebugLinkState
+ */
+message DebugLinkGetState {
+}
+
+/**
+ * Response: Device current state
+ * @prev DebugLinkGetState
+ */
+message DebugLinkState {
+	optional bytes layout = 1;			// raw buffer of display
+	optional string pin = 2;			// current PIN, blank if PIN is not set/enabled
+	optional string matrix = 3;			// current PIN matrix
+	optional string mnemonic = 4;			// current BIP-39 mnemonic
+	optional HDNodeType node = 5;			// current BIP-32 node
+	optional bool passphrase_protection = 6;	// is node/mnemonic encrypted using passphrase?
+	optional string reset_word = 7;			// word on device display during ResetDevice workflow
+	optional bytes reset_entropy = 8;		// current entropy during ResetDevice workflow
+	optional string recovery_fake_word = 9;		// (fake) word on display during RecoveryDevice workflow
+	optional uint32 recovery_word_pos = 10;		// index of mnemonic word the device is expecting during RecoveryDevice workflow
+}
+
+/**
+ * Request: Ask device to restart
+ */
+message DebugLinkStop {
+}
+
+/**
+ * Response: Device wants host to log event
+ */
+message DebugLinkLog {
+	optional uint32 level = 1;
+	optional string bucket = 2;
+	optional string text = 3;
+}
+
+/**
+ * Request: Read memory from device
+ * @next DebugLinkMemory
+ */
+message DebugLinkMemoryRead {
+	optional uint32 address = 1;
+	optional uint32 length = 2;
+}
+
+/**
+ * Response: Device sends memory back
+ * @prev DebugLinkMemoryRead
+ */
+message DebugLinkMemory {
+	optional bytes memory = 1;
+}
+
+/**
+ * Request: Write memory to device.
+ * WARNING: Writing to the wrong location can irreparably break the device.
+ */
+message DebugLinkMemoryWrite {
+	optional uint32 address = 1;
+	optional bytes memory = 2;
+	optional bool flash = 3;
+}
+
+/**
+ * Request: Erase block of flash on device
+ * WARNING: Writing to the wrong location can irreparably break the device.
+ */
+message DebugLinkFlashErase {
+	optional uint32 sector = 1;
+}
--- a/accounts/usbwallet/trezor/trezor.go
+++ b/accounts/usbwallet/trezor/trezor.go
@ -0,0 +1,46 @@
+// Copyright 2017 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+// This file contains the implementation for interacting with the Trezor hardware
+// wallets. The wire protocol spec can be found on the SatoshiLabs website:
+// https://doc.satoshilabs.com/trezor-tech/api-protobuf.html
+
+//go:generate protoc --go_out=import_path=trezor:. types.proto messages.proto
+
+// Package trezor contains the wire protocol wrapper in Go.
+package trezor
+
+import (
+	"reflect"
+
+	"github.com/golang/protobuf/proto"
+)
+
+// Type returns the protocol buffer type number of a specific message. If the
+// message is nil, this method panics!
+func Type(msg proto.Message) uint16 {
+	return uint16(MessageType_value["MessageType_"+reflect.TypeOf(msg).Elem().Name()])
+}
+
+// Name returns the friendly message type name of a specific protocol buffer
+// type number.
+func Name(kind uint16) string {
+	name := MessageType_name[int32(kind)]
+	if len(name) < 12 {
+		return name
+	}
+	return name[12:]
+}
--- a/accounts/usbwallet/trezor/types.pb.go
+++ b/accounts/usbwallet/trezor/types.pb.go
--- a/accounts/usbwallet/trezor/types.proto
+++ b/accounts/usbwallet/trezor/types.proto
@ -0,0 +1,278 @@
+// This file originates from the SatoshiLabs Trezor `common` repository at:
+//   https://github.com/trezor/trezor-common/blob/master/protob/types.proto
+// dated 28.07.2017, commit dd8ec3231fb5f7992360aff9bdfe30bb58130f4b.
+
+syntax = "proto2";
+
+/**
+ * Types for TREZOR communication
+ *
+ * @author	Marek Palatinus <slush@satoshilabs.com>
+ * @version	1.2
+ */
+
+// Sugar for easier handling in Java
+option java_package = "com.satoshilabs.trezor.lib.protobuf";
+option java_outer_classname = "TrezorType";
+
+import "google/protobuf/descriptor.proto";
+
+/**
+ * Options for specifying message direction and type of wire (normal/debug)
+ */
+extend google.protobuf.EnumValueOptions {
+	optional bool wire_in = 50002;		// message can be transmitted via wire from PC to TREZOR
+	optional bool wire_out = 50003;		// message can be transmitted via wire from TREZOR to PC
+	optional bool wire_debug_in = 50004;	// message can be transmitted via debug wire from PC to TREZOR
+	optional bool wire_debug_out = 50005;	// message can be transmitted via debug wire from TREZOR to PC
+	optional bool wire_tiny = 50006;	// message is handled by TREZOR when the USB stack is in tiny mode
+	optional bool wire_bootloader = 50007;  // message is only handled by TREZOR Bootloader
+}
+
+/**
+ * Type of failures returned by Failure message
+ * @used_in Failure
+ */
+enum FailureType {
+	Failure_UnexpectedMessage = 1;
+	Failure_ButtonExpected = 2;
+	Failure_DataError = 3;
+	Failure_ActionCancelled = 4;
+	Failure_PinExpected = 5;
+	Failure_PinCancelled = 6;
+	Failure_PinInvalid = 7;
+	Failure_InvalidSignature = 8;
+	Failure_ProcessError = 9;
+	Failure_NotEnoughFunds = 10;
+	Failure_NotInitialized = 11;
+	Failure_FirmwareError = 99;
+}
+
+/**
+ * Type of script which will be used for transaction output
+ * @used_in TxOutputType
+ */
+enum OutputScriptType {
+	PAYTOADDRESS = 0;	// used for all addresses (bitcoin, p2sh, witness)
+	PAYTOSCRIPTHASH = 1;	// p2sh address (deprecated; use PAYTOADDRESS)
+	PAYTOMULTISIG = 2;	// only for change output
+	PAYTOOPRETURN = 3;	// op_return
+	PAYTOWITNESS = 4;	// only for change output
+	PAYTOP2SHWITNESS = 5;	// only for change output
+}
+
+/**
+ * Type of script which will be used for transaction output
+ * @used_in TxInputType
+ */
+enum InputScriptType {
+	SPENDADDRESS = 0;		// standard p2pkh address
+	SPENDMULTISIG = 1;		// p2sh multisig address
+	EXTERNAL = 2;			// reserved for external inputs (coinjoin)
+	SPENDWITNESS = 3;		// native segwit
+	SPENDP2SHWITNESS = 4;		// segwit over p2sh (backward compatible)
+}
+
+/**
+ * Type of information required by transaction signing process
+ * @used_in TxRequest
+ */
+enum RequestType {
+	TXINPUT = 0;
+	TXOUTPUT = 1;
+	TXMETA = 2;
+	TXFINISHED = 3;
+	TXEXTRADATA = 4;
+}
+
+/**
+ * Type of button request
+ * @used_in ButtonRequest
+ */
+enum ButtonRequestType {
+	ButtonRequest_Other = 1;
+	ButtonRequest_FeeOverThreshold = 2;
+	ButtonRequest_ConfirmOutput = 3;
+	ButtonRequest_ResetDevice = 4;
+	ButtonRequest_ConfirmWord = 5;
+	ButtonRequest_WipeDevice = 6;
+	ButtonRequest_ProtectCall = 7;
+	ButtonRequest_SignTx = 8;
+	ButtonRequest_FirmwareCheck = 9;
+	ButtonRequest_Address = 10;
+	ButtonRequest_PublicKey = 11;
+}
+
+/**
+ * Type of PIN request
+ * @used_in PinMatrixRequest
+ */
+enum PinMatrixRequestType {
+	PinMatrixRequestType_Current = 1;
+	PinMatrixRequestType_NewFirst = 2;
+	PinMatrixRequestType_NewSecond = 3;
+}
+
+/**
+ * Type of recovery procedure. These should be used as bitmask, e.g.,
+ * `RecoveryDeviceType_ScrambledWords | RecoveryDeviceType_Matrix`
+ * listing every method supported by the host computer.
+ *
+ * Note that ScrambledWords must be supported by every implementation
+ * for backward compatibility; there is no way to not support it.
+ *
+ * @used_in RecoveryDevice
+ */
+enum RecoveryDeviceType {
+	// use powers of two when extending this field
+	RecoveryDeviceType_ScrambledWords = 0;		// words in scrambled order
+	RecoveryDeviceType_Matrix = 1;				// matrix recovery type
+}
+
+/**
+ * Type of Recovery Word request
+ * @used_in WordRequest
+ */
+enum WordRequestType {
+	WordRequestType_Plain = 0;
+	WordRequestType_Matrix9 = 1;
+	WordRequestType_Matrix6 = 2;
+}
+
+/**
+ * Structure representing BIP32 (hierarchical deterministic) node
+ * Used for imports of private key into the device and exporting public key out of device
+ * @used_in PublicKey
+ * @used_in LoadDevice
+ * @used_in DebugLinkState
+ * @used_in Storage
+ */
+message HDNodeType {
+	required uint32 depth = 1;
+	required uint32 fingerprint = 2;
+	required uint32 child_num = 3;
+	required bytes chain_code = 4;
+	optional bytes private_key = 5;
+	optional bytes public_key = 6;
+}
+
+message HDNodePathType {
+	required HDNodeType node = 1;						// BIP-32 node in deserialized form
+	repeated uint32 address_n = 2;						// BIP-32 path to derive the key from node
+}
+
+/**
+ * Structure representing Coin
+ * @used_in Features
+ */
+message CoinType {
+	optional string coin_name = 1;
+	optional string coin_shortcut = 2;
+	optional uint32 address_type = 3 [default=0];
+	optional uint64 maxfee_kb = 4;
+	optional uint32 address_type_p2sh = 5 [default=5];
+	optional string signed_message_header = 8;
+	optional uint32 xpub_magic = 9 [default=76067358];	// default=0x0488b21e
+	optional uint32 xprv_magic = 10 [default=76066276];	// default=0x0488ade4
+	optional bool segwit = 11;
+	optional uint32 forkid = 12;
+}
+
+/**
+ * Type of redeem script used in input
+ * @used_in TxInputType
+ */
+message MultisigRedeemScriptType {
+	repeated HDNodePathType pubkeys = 1;					// pubkeys from multisig address (sorted lexicographically)
+	repeated bytes signatures = 2;						// existing signatures for partially signed input
+	optional uint32 m = 3;							// "m" from n, how many valid signatures is necessary for spending
+}
+
+/**
+ * Structure representing transaction input
+ * @used_in SimpleSignTx
+ * @used_in TransactionType
+ */
+message TxInputType {
+	repeated uint32 address_n = 1;						// BIP-32 path to derive the key from master node
+	required bytes prev_hash = 2;						// hash of previous transaction output to spend by this input
+	required uint32 prev_index = 3;						// index of previous output to spend
+	optional bytes script_sig = 4;						// script signature, unset for tx to sign
+	optional uint32 sequence = 5 [default=4294967295];			// sequence (default=0xffffffff)
+	optional InputScriptType script_type = 6 [default=SPENDADDRESS];	// defines template of input script
+	optional MultisigRedeemScriptType multisig = 7;				// Filled if input is going to spend multisig tx
+	optional uint64 amount = 8;						// amount of previous transaction output (for segwit only)
+}
+
+/**
+ * Structure representing transaction output
+ * @used_in SimpleSignTx
+ * @used_in TransactionType
+ */
+message TxOutputType {
+	optional string address = 1;			// target coin address in Base58 encoding
+	repeated uint32 address_n = 2;			// BIP-32 path to derive the key from master node; has higher priority than "address"
+	required uint64 amount = 3;			// amount to spend in satoshis
+	required OutputScriptType script_type = 4;	// output script type
+	optional MultisigRedeemScriptType multisig = 5; // defines multisig address; script_type must be PAYTOMULTISIG
+	optional bytes op_return_data = 6;		// defines op_return data; script_type must be PAYTOOPRETURN, amount must be 0
+}
+
+/**
+ * Structure representing compiled transaction output
+ * @used_in TransactionType
+ */
+message TxOutputBinType {
+	required uint64 amount = 1;
+	required bytes script_pubkey = 2;
+}
+
+/**
+ * Structure representing transaction
+ * @used_in SimpleSignTx
+ */
+message TransactionType {
+	optional uint32 version = 1;
+	repeated TxInputType inputs = 2;
+	repeated TxOutputBinType bin_outputs = 3;
+	repeated TxOutputType outputs = 5;
+	optional uint32 lock_time = 4;
+	optional uint32 inputs_cnt = 6;
+	optional uint32 outputs_cnt = 7;
+	optional bytes extra_data = 8;
+	optional uint32 extra_data_len = 9;
+}
+
+/**
+ * Structure representing request details
+ * @used_in TxRequest
+ */
+message TxRequestDetailsType {
+	optional uint32 request_index = 1;	// device expects TxAck message from the computer
+	optional bytes tx_hash = 2;		// tx_hash of requested transaction
+	optional uint32 extra_data_len = 3;	// length of requested extra data
+	optional uint32 extra_data_offset = 4;	// offset of requested extra data
+}
+
+/**
+ * Structure representing serialized data
+ * @used_in TxRequest
+ */
+message TxRequestSerializedType {
+	optional uint32 signature_index = 1;	// 'signature' field contains signed input of this index
+	optional bytes signature = 2;		// signature of the signature_index input
+	optional bytes serialized_tx = 3;	// part of serialized and signed transaction
+}
+
+/**
+ * Structure representing identity data
+ * @used_in IdentityType
+ */
+message IdentityType {
+	optional string proto = 1;			// proto part of URI
+	optional string user = 2;			// user part of URI
+	optional string host = 3;			// host part of URI
+	optional string port = 4;			// port part of URI
+	optional string path = 5;			// path part of URI
+	optional uint32 index = 6 [default=0];		// identity index
+}