eth: add streaming support for large data for EIP-712 typed data

Author: Tomasvrba

CHANGELOG-npm.md

@@ -1,7 +1,7 @@
 # Changelog
 
 ## [Unreleased]
-- eth: add support for streaming transactions with large data
+- eth: add support for streaming transactions and EIP-712 typed data with large data
 - eth: add optional `useAntiklepto` argument to `ethSignTypedMessage()` (set to `false` for
   deterministic typed-message signatures, firmware >=9.26.0)
 

CHANGELOG-rust.md

@@ -1,7 +1,7 @@
 # Changelog
 
 ## [Unreleased]
-- eth: add support for streaming transactions with large data
+- eth: add support for streaming transactions and EIP-712 typed data with large data
 - eth: add `use_antiklepto` toggle to `eth_sign_typed_message()` (set `false` for deterministic
   typed-message signatures, firmware >=9.26.0)
 

messages/eth.proto

@@ -144,6 +144,9 @@ message ETHTypedMessageValueResponse {
 
 message ETHTypedMessageValueRequest {
   bytes value = 1;
+  // If non-zero, value should be empty and data will be streamed via
+  // DataRequestChunk/DataResponseChunk.
+  uint32 data_length = 2;
 }
 
 message ETHRequest {

src/eth.rs

@@ -701,11 +701,18 @@ impl<R: Runtime> PairedBitBox<R> {
             .await?;
         while let pb::eth_response::Response::TypedMsgValue(typed_msg_value) = &response {
             let value = get_value(typed_msg_value, &msg).map_err(Error::EthTypedMessage)?;
+            let use_streaming = value.len() > STREAMING_THRESHOLD;
             response = self
                 .query_proto_eth(pb::eth_request::Request::TypedMsgValue(
-                    pb::EthTypedMessageValueRequest { value },
+                    pb::EthTypedMessageValueRequest {
+                        value: if use_streaming { vec![] } else { value.clone() },
+                        data_length: if use_streaming { value.len() as u32 } else { 0 },
+                    },
                 ))
                 .await?;
+            if use_streaming {
+                response = self.handle_eth_data_streaming(&value, response).await?;
+            }
         }
         let mut signature = if use_antiklepto {
             self.handle_antiklepto(&response, host_nonce.unwrap())

src/shiftcrypto.bitbox02.rs

@@ -1973,6 +1973,10 @@ pub mod eth_typed_message_value_response {
 pub struct EthTypedMessageValueRequest {
     #[prost(bytes = "vec", tag = "1")]
     pub value: ::prost::alloc::vec::Vec<u8>,
+    /// If non-zero, value should be empty and data will be streamed via
+    /// DataRequestChunk/DataResponseChunk.
+    #[prost(uint32, tag = "2")]
+    pub data_length: u32,
 }
 #[cfg_attr(feature = "wasm", derive(serde::Serialize, serde::Deserialize))]
 #[cfg_attr(feature = "wasm", serde(rename_all = "camelCase"))]

tests/test_eth.rs

@@ -103,6 +103,28 @@ fn eip1559_sighash(tx: &EIP1559Transaction) -> [u8; 32] {
     keccak256(&prefixed)
 }
 
+fn eip712_sighash(primary_type: &str, data_type: &str, data: &[u8]) -> [u8; 32] {
+    let domain_type_hash = keccak256(b"EIP712Domain(string name)");
+    let name_hash = keccak256(b"Test");
+    let mut domain_input = Vec::new();
+    domain_input.extend_from_slice(&domain_type_hash);
+    domain_input.extend_from_slice(&name_hash);
+    let domain_separator = keccak256(&domain_input);
+
+    let type_hash = keccak256(format!("{primary_type}({data_type} data)").as_bytes());
+    let data_hash = keccak256(data);
+    let mut struct_input = Vec::new();
+    struct_input.extend_from_slice(&type_hash);
+    struct_input.extend_from_slice(&data_hash);
+    let struct_hash = keccak256(&struct_input);
+
+    let mut sig_input = Vec::new();
+    sig_input.extend_from_slice(b"\x19\x01");
+    sig_input.extend_from_slice(&domain_separator);
+    sig_input.extend_from_slice(&struct_hash);
+    keccak256(&sig_input)
+}
+
 fn verify_eth_signature(sighash: &[u8; 32], signature: &[u8; 65]) {
     let secp = secp256k1::Secp256k1::new();
     let path: bitcoin::bip32::DerivationPath = "m/44'/60'/0'/0/0".parse().unwrap();
@@ -312,3 +334,87 @@ async fn test_eth_sign_typed_message_antiklepto_disabled() {
     })
     .await
 }
+
+#[tokio::test]
+async fn test_eth_sign_typed_message_streaming_bytes() {
+    test_initialized_simulators(async |paired_bitbox| {
+        if !semver::VersionReq::parse(">=9.26.0")
+            .unwrap()
+            .matches(paired_bitbox.version())
+        {
+            return;
+        }
+
+        let large_bytes_hex = "aa".repeat(10000);
+        let msg = format!(
+            r#"{{
+  "types": {{
+    "EIP712Domain": [
+      {{ "name": "name", "type": "string" }}
+    ],
+    "Msg": [
+      {{ "name": "data", "type": "bytes" }}
+    ]
+  }},
+  "primaryType": "Msg",
+  "domain": {{
+    "name": "Test"
+  }},
+  "message": {{
+    "data": "0x{large_bytes_hex}"
+  }}
+}}"#
+        );
+
+        let signature = paired_bitbox
+            .eth_sign_typed_message(1, &"m/44'/60'/0'/0/0".try_into().unwrap(), &msg, false)
+            .await
+            .unwrap();
+        assert_eq!(signature.len(), 65);
+        let sighash = eip712_sighash("Msg", "bytes", &vec![0xaa; 10000]);
+        verify_eth_signature(&sighash, &signature);
+    })
+    .await
+}
+
+#[tokio::test]
+async fn test_eth_sign_typed_message_streaming_string() {
+    test_initialized_simulators(async |paired_bitbox| {
+        if !semver::VersionReq::parse(">=9.26.0")
+            .unwrap()
+            .matches(paired_bitbox.version())
+        {
+            return;
+        }
+
+        let large_string = "a".repeat(10000);
+        let msg = format!(
+            r#"{{
+  "types": {{
+    "EIP712Domain": [
+      {{ "name": "name", "type": "string" }}
+    ],
+    "Msg": [
+      {{ "name": "data", "type": "string" }}
+    ]
+  }},
+  "primaryType": "Msg",
+  "domain": {{
+    "name": "Test"
+  }},
+  "message": {{
+    "data": "{large_string}"
+  }}
+}}"#
+        );
+
+        let signature = paired_bitbox
+            .eth_sign_typed_message(1, &"m/44'/60'/0'/0/0".try_into().unwrap(), &msg, false)
+            .await
+            .unwrap();
+        assert_eq!(signature.len(), 65);
+        let sighash = eip712_sighash("Msg", "string", "a".repeat(10000).as_bytes());
+        verify_eth_signature(&sighash, &signature);
+    })
+    .await
+}