forked from trezor/trezor-firmware
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmessages-crypto.proto
132 lines (118 loc) · 3.83 KB
/
messages-crypto.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
syntax = "proto2";
package hw.trezor.messages.crypto;
// Sugar for easier handling in Java
option java_package = "com.satoshilabs.trezor.lib.protobuf";
option java_outer_classname = "TrezorMessageCrypto";
option (include_in_bitcoin_only) = true;
import "messages.proto";
/**
* Request: Ask device to encrypt or decrypt value of given key
* @start
* @next CipheredKeyValue
* @next Failure
*/
message CipherKeyValue {
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
required string key = 2; // key component of key:value
required bytes value = 3; // value component of key:value
optional bool encrypt = 4; // are we encrypting (True) or decrypting (False)?
optional bool ask_on_encrypt = 5; // should we ask on encrypt operation?
optional bool ask_on_decrypt = 6; // should we ask on decrypt operation?
optional bytes iv = 7; // initialization vector (will be computed if not set)
}
/**
* Response: Return ciphered/deciphered value
* @end
*/
message CipheredKeyValue {
required bytes value = 1; // ciphered/deciphered value
}
/**
* Structure representing identity data
* @embed
*/
message IdentityType {
optional string proto = 1; // proto part of URI
optional string user = 2; // user part of URI
optional string host = 3; // host part of URI
optional string port = 4; // port part of URI
optional string path = 5; // path part of URI
optional uint32 index = 6 [default=0]; // identity index
}
/**
* Request: Ask device to sign identity
* @start
* @next SignedIdentity
* @next Failure
*/
message SignIdentity {
required IdentityType identity = 1; // identity
optional bytes challenge_hidden = 2 [default=""]; // non-visible challenge
optional string challenge_visual = 3 [default=""]; // challenge shown on display (e.g. date+time)
optional string ecdsa_curve_name = 4; // ECDSA curve name to use
}
/**
* Response: Device provides signed identity
* @end
*/
message SignedIdentity {
optional string address = 1; // identity address
required bytes public_key = 2; // identity public key
required bytes signature = 3; // signature of the identity data
}
/**
* Request: Ask device to generate ECDH session key
* @start
* @next ECDHSessionKey
* @next Failure
*/
message GetECDHSessionKey {
required IdentityType identity = 1; // identity
required bytes peer_public_key = 2; // peer's public key
optional string ecdsa_curve_name = 3; // ECDSA curve name to use
}
/**
* Response: Device provides ECDH session key
* @end
*/
message ECDHSessionKey {
required bytes session_key = 1; // ECDH session key
optional bytes public_key = 2; // identity public key
}
/**
* Request: Ask device to commit to CoSi signing
* @start
* @next CosiCommitment
* @next Failure
*/
message CosiCommit {
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
optional bytes data = 2; // Data to be signed
}
/**
* Response: Contains a CoSi commitment
* @end
*/
message CosiCommitment {
optional bytes commitment = 1; // Commitment
optional bytes pubkey = 2; // Public key
}
/**
* Request: Ask device to sign using CoSi
* @start
* @next CosiSignature
* @next Failure
*/
message CosiSign {
repeated uint32 address_n = 1; // BIP-32 path to derive the key from master node
optional bytes data = 2; // Data to be signed
optional bytes global_commitment = 3; // Aggregated commitment
optional bytes global_pubkey = 4; // Aggregated public key
}
/**
* Response: Contains a CoSi signature
* @end
*/
message CosiSignature {
required bytes signature = 1; // Signature
}