eth: add streaming support for large data for EIP-712 typed data

Author: Tomasvrba

CHANGELOG-npm.md

@@ -1,7 +1,7 @@
 # Changelog
 
 ## [Unreleased]
-- eth: add support for streaming transactions with large data
+- eth: add support for streaming transactions and EIP-712 typed data with large data
 - eth: add optional `useAntiklepto` argument to `ethSignTypedMessage()` (set to `false` for
   deterministic typed-message signatures, firmware >=9.26.0)
 

CHANGELOG-rust.md

@@ -1,7 +1,7 @@
 # Changelog
 
 ## [Unreleased]
-- eth: add support for streaming transactions with large data
+- eth: add support for streaming transactions and EIP-712 typed data with large data
 - eth: add `use_antiklepto` toggle to `eth_sign_typed_message()` (set `false` for deterministic
   typed-message signatures, firmware >=9.26.0)
 

messages/eth.proto

@@ -144,6 +144,9 @@ message ETHTypedMessageValueResponse {
 
 message ETHTypedMessageValueRequest {
   bytes value = 1;
+  // If non-zero, value should be empty and data will be streamed via
+  // DataRequestChunk/DataResponseChunk.
+  uint32 data_length = 2;
 }
 
 message ETHRequest {

src/eth.rs

@@ -383,7 +383,7 @@ fn encode_value(typ: &MemberType, value: &Value) -> Result<Vec<u8>, String> {
 fn get_value(
     what: &pb::EthTypedMessageValueResponse,
     msg: &Eip712Message,
-) -> Result<Vec<u8>, String> {
+) -> Result<(Vec<u8>, DataType), String> {
     enum Either<'a> {
         HashMap(&'a HashMap<String, Value>),
         JsonValue(Value),
@@ -446,8 +446,10 @@ fn get_value(
             _ => return Err("path element does not point to struct or array".into()),
         }
     }
+    let data_type =
+        DataType::try_from(typ.r#type).map_err(|_| format!("invalid data type: {}", typ.r#type))?;
     if let Either::JsonValue(value) = &value {
-        encode_value(&typ, value)
+        encode_value(&typ, value).map(|v| (v, data_type))
     } else {
         Err("path points to struct or array; value expected".to_string())
     }
@@ -700,12 +702,25 @@ impl<R: Runtime> PairedBitBox<R> {
             ))
             .await?;
         while let pb::eth_response::Response::TypedMsgValue(typed_msg_value) = &response {
-            let value = get_value(typed_msg_value, &msg).map_err(Error::EthTypedMessage)?;
+            let (value, data_type) =
+                get_value(typed_msg_value, &msg).map_err(Error::EthTypedMessage)?;
+            if data_type == DataType::String && value.len() > STREAMING_THRESHOLD {
+                return Err(Error::EthTypedMessage(
+                    "string value exceeds maximum size".into(),
+                ));
+            }
+            let use_streaming = value.len() > STREAMING_THRESHOLD;
             response = self
                 .query_proto_eth(pb::eth_request::Request::TypedMsgValue(
-                    pb::EthTypedMessageValueRequest { value },
+                    pb::EthTypedMessageValueRequest {
+                        value: if use_streaming { vec![] } else { value.clone() },
+                        data_length: if use_streaming { value.len() as u32 } else { 0 },
+                    },
                 ))
                 .await?;
+            if use_streaming {
+                response = self.handle_eth_data_streaming(&value, response).await?;
+            }
         }
         let mut signature = if use_antiklepto {
             self.handle_antiklepto(&response, host_nonce.unwrap())
@@ -1224,7 +1239,7 @@ mod tests {
         .is_err());
 
         // domain.name
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Domain as _,
                 path: vec![0],
@@ -1235,7 +1250,7 @@ mod tests {
         assert_eq!(value, b"Ether Mail".to_vec());
 
         // domain.version
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Domain as _,
                 path: vec![1],
@@ -1246,7 +1261,7 @@ mod tests {
         assert_eq!(value, b"1".to_vec());
 
         // domain.chainId
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Domain as _,
                 path: vec![2],
@@ -1257,7 +1272,7 @@ mod tests {
         assert_eq!(value, b"\x01".to_vec());
 
         // domain.verifyingContract
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Domain as _,
                 path: vec![3],
@@ -1282,7 +1297,7 @@ mod tests {
         // MESSAGE
 
         // message.from.name
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Message as _,
                 path: vec![0, 0],
@@ -1293,7 +1308,7 @@ mod tests {
         assert_eq!(value, b"Cow".to_vec());
 
         // message.from.wallet
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Message as _,
                 path: vec![0, 1],
@@ -1307,7 +1322,7 @@ mod tests {
         );
 
         // message.to.wallet
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Message as _,
                 path: vec![1, 1],
@@ -1321,7 +1336,7 @@ mod tests {
         );
 
         // message.attachments.0.contents
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Message as _,
                 path: vec![3, 0, 0],
@@ -1332,7 +1347,7 @@ mod tests {
         assert_eq!(value, b"attachment1".to_vec());
 
         // message.attachments.1.contents
-        let value = get_value(
+        let (value, _) = get_value(
             &pb::EthTypedMessageValueResponse {
                 root_object: RootObject::Message as _,
                 path: vec![3, 1, 0],

src/shiftcrypto.bitbox02.rs

@@ -1973,6 +1973,10 @@ pub mod eth_typed_message_value_response {
 pub struct EthTypedMessageValueRequest {
     #[prost(bytes = "vec", tag = "1")]
     pub value: ::prost::alloc::vec::Vec<u8>,
+    /// If non-zero, value should be empty and data will be streamed via
+    /// DataRequestChunk/DataResponseChunk.
+    #[prost(uint32, tag = "2")]
+    pub data_length: u32,
 }
 #[cfg_attr(feature = "wasm", derive(serde::Serialize, serde::Deserialize))]
 #[cfg_attr(feature = "wasm", serde(rename_all = "camelCase"))]

tests/test_eth.rs

@@ -103,6 +103,28 @@ fn eip1559_sighash(tx: &EIP1559Transaction) -> [u8; 32] {
     keccak256(&prefixed)
 }
 
+fn eip712_sighash(primary_type: &str, data_type: &str, data: &[u8]) -> [u8; 32] {
+    let domain_type_hash = keccak256(b"EIP712Domain(string name)");
+    let name_hash = keccak256(b"Test");
+    let mut domain_input = Vec::new();
+    domain_input.extend_from_slice(&domain_type_hash);
+    domain_input.extend_from_slice(&name_hash);
+    let domain_separator = keccak256(&domain_input);
+
+    let type_hash = keccak256(format!("{primary_type}({data_type} data)").as_bytes());
+    let data_hash = keccak256(data);
+    let mut struct_input = Vec::new();
+    struct_input.extend_from_slice(&type_hash);
+    struct_input.extend_from_slice(&data_hash);
+    let struct_hash = keccak256(&struct_input);
+
+    let mut sig_input = Vec::new();
+    sig_input.extend_from_slice(b"\x19\x01");
+    sig_input.extend_from_slice(&domain_separator);
+    sig_input.extend_from_slice(&struct_hash);
+    keccak256(&sig_input)
+}
+
 fn verify_eth_signature(sighash: &[u8; 32], signature: &[u8; 65]) {
     let secp = secp256k1::Secp256k1::new();
     let path: bitcoin::bip32::DerivationPath = "m/44'/60'/0'/0/0".parse().unwrap();
@@ -312,3 +334,45 @@ async fn test_eth_sign_typed_message_antiklepto_disabled() {
     })
     .await
 }
+
+#[tokio::test]
+async fn test_eth_sign_typed_message_streaming_bytes() {
+    test_initialized_simulators(async |paired_bitbox| {
+        if !semver::VersionReq::parse(">=9.26.0")
+            .unwrap()
+            .matches(paired_bitbox.version())
+        {
+            return;
+        }
+
+        let large_bytes_hex = "aa".repeat(10000);
+        let msg = format!(
+            r#"{{
+  "types": {{
+    "EIP712Domain": [
+      {{ "name": "name", "type": "string" }}
+    ],
+    "Msg": [
+      {{ "name": "data", "type": "bytes" }}
+    ]
+  }},
+  "primaryType": "Msg",
+  "domain": {{
+    "name": "Test"
+  }},
+  "message": {{
+    "data": "0x{large_bytes_hex}"
+  }}
+}}"#
+        );
+
+        let signature = paired_bitbox
+            .eth_sign_typed_message(1, &"m/44'/60'/0'/0/0".try_into().unwrap(), &msg, false)
+            .await
+            .unwrap();
+        assert_eq!(signature.len(), 65);
+        let sighash = eip712_sighash("Msg", "bytes", &vec![0xaa; 10000]);
+        verify_eth_signature(&sighash, &signature);
+    })
+    .await
+}