security(Tron): Remove Tron direct transaction signing

[sergei-boiko-trustwallet]

This pull request removes support for "direct signing" of Tron transactions using either the txId or raw JSON input fields. The changes simplify the Tron transaction signing logic by eliminating code paths and tests related to this feature, and by removing the now-unnecessary fields from the protocol buffer definition.

Key changes:

Protocol/API simplification:

• Removed the txId and raw_json fields from the SigningInput message in Tron.proto, as well as all related documentation.

Core signing logic cleanup:

• Deleted the signDirect function and all code handling direct signing via txId or raw_json in Signer.cpp, consolidating all signing through the standard transaction-building path.
• Removed logic from Signer::compile, Signer::signaturePreimage, and Signer::signaturePreimageHash that previously parsed and handled raw JSON input.

Test suite cleanup:

• Deleted all tests that covered direct signing via txId or raw JSON from both Kotlin (TestTronTransactionSigner.kt) and C++ test suites (SignerTests.cpp, TransactionCompilerTests.cpp).

These changes make the Tron signing codebase more maintainable by removing rarely used or redundant signing paths.

[Copilot]

Pull request overview

This PR removes Tron “direct signing” support (signing via txId or raw JSON), simplifying the Tron signing API and implementation by forcing all signing through the standard transaction-building path.

Changes:

• Removed txId and raw_json from Tron.proto SigningInput.
• Deleted direct-signing code paths and raw-JSON handling in the Tron signer implementation.
• Removed C++ and Android instrumentation tests that covered direct signing.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/proto/Tron.proto	Simplifies Tron SigningInput by removing direct-signing fields.
src/Tron/Signer.cpp	Removes signDirect and raw-JSON branches; consolidates signing behavior.
tests/chains/Tron/SignerTests.cpp	Removes direct-signing unit tests.
tests/chains/Tron/TransactionCompilerTests.cpp	Removes raw-JSON compile/signature test coverage.
android/app/src/androidTest/java/com/trustwallet/core/app/blockchains/tron/TestTronTransactionSigner.kt	Removes Android test for direct signing via txId.

Comments suppressed due to low confidence (1)

src/Tron/Signer.cpp:443

• After removing the raw_json/direct-signing code paths, Signer.cpp no longer uses nlohmann::json directly (only the #include <nlohmann/json.hpp> remains). Consider dropping that include to reduce compile-time dependencies and keep includes minimal.

Proto::SigningOutput Signer::compile(const Data& signature) const {
    Proto::SigningOutput output;
    auto preImage = signaturePreimage();
    auto hash = Hash::sha256(preImage);
    auto transaction = buildTransaction(input);
    const auto json = transactionJSON(transaction, hash, signature).dump();
    output.set_json(json.data(), json.size());

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Binary size comparison

➡️ aarch64-apple-ios: 14.34 MB

➡️ aarch64-apple-ios-sim:

- 14.34 MB
+ 14.34 MB 	 -1 KB

➡️ aarch64-linux-android: 18.77 MB

➡️ armv7-linux-androideabi:

- 16.20 MB
+ 16.20 MB 	 -1 KB

➡️ wasm32-unknown-emscripten:

- 13.68 MB
+ 13.68 MB 	 -1 KB

[moscowchill]

Why is this not being handled?