eth: harmonize large data warnings for transactions and typed messages#1876
eth: harmonize large data warnings for transactions and typed messages#1876benma merged 1 commit intoBitBoxSwiss:masterfrom
Conversation
| use alloc::boxed::Box; | ||
| use alloc::string::{String, ToString}; | ||
| use alloc::vec::Vec; | ||
| use bitbox02::ui::{MAX_CONFIRM_BODY_SIZE, truncating_hex_preview_byte_cap}; |
There was a problem hiding this comment.
Not allowed to use any bitbox02 functions in bitbox02_rust. I thought we had this in our AGENTS 😛
bitbox02_rust is gonna be renamed bitbox_core and be there for all version of bitbox, while bitbox02 only implements bitbox02 specific things. So the constant duplication before was actually okay.
| /// Returns how many bytes of hex-encoded data to include in a preview body. | ||
| /// | ||
| /// The preview body is rendered as `<prefix><hex>`. If the full value is longer than what fits, | ||
| /// one additional byte is included so the body exceeds `MAX_CONFIRM_BODY_SIZE` and the UI appends | ||
| /// `...`. | ||
| pub fn truncating_hex_preview_byte_cap(prefix_len: usize, data_length: usize) -> usize { | ||
| let hex_chars_budget = MAX_CONFIRM_BODY_SIZE.saturating_sub(prefix_len); | ||
| let bytes_that_fit = hex_chars_budget / 2; | ||
| let needs_ellipsis = data_length > bytes_that_fit; | ||
| let preview_bytes = bytes_that_fit + usize::from(needs_ellipsis); | ||
|
|
||
| preview_bytes.min(data_length) |
There was a problem hiding this comment.
Quite a specific function, I'd move it to bitbox02_rust::api::eth. Since we can't use the bitbox02 crate in bitbox02_rust anyway, that's necessary anyway.
| let display_cap = truncating_hex_preview_byte_cap(0, display_size); | ||
| let mut producer = super::sighash::ChunkingProducer::from_host(data_length); | ||
| let mut display_buf: Vec<u8> = Vec::new(); | ||
| while let Some(chunk) = producer.next().await? { |
There was a problem hiding this comment.
I added some improvement commits and rebased to resolve a conflict, but there is a conceptual problem here:
This fetches data from the host once, and later when computing the sighash it will be fetched again. This is redundant, but more importantly, you can't be sure the chunk delivered by the host here is the same as when it delivers it once more for the sighash.
There was a problem hiding this comment.
Fixed in a commit, please check
There was a problem hiding this comment.
makes sense, much cleaner 💯
Adjust wording in transaction signing so warnings and truncating logic match the newly implemented approach in sign_typed_msg.rs Co-Authored-By: Marko Bencun <marko@shiftcrypto.ch>
2 participants
Adjust wording in transaction signing so warnings and truncating logic match the newly implemented approach in sign_typed_msg.rs
Move the truncating logic and constant into a shared crate to avoid duplication