Merge pull request #15 from Zondax/namada_v0.24.0

Namada v0.24.0

app/Makefile

@@ -55,7 +55,7 @@ endif
 
 APP_LOAD_PARAMS =  --curve ed25519 $(COMMON_LOAD_PARAMS) --path $(APPPATH)
 
-NANOS_STACK_SIZE := 2650
+NANOS_STACK_SIZE := 2620
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.devices
 
 $(info TARGET_NAME  = [$(TARGET_NAME)])

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=8
+APPVERSION_P=9

app/src/common/actions.h

@@ -65,7 +65,7 @@ __Z_INLINE void app_sign() {
         set_code(G_io_apdu_buffer, 0, APDU_CODE_SIGN_VERIFY_ERROR);
         io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, 2);
     } else {
-        const uint16_t responseLen = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG;
+        const uint16_t responseLen = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 10;
         set_code(G_io_apdu_buffer, responseLen, APDU_CODE_OK);
         io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, responseLen + 2);
     }

app/src/crypto.c

@@ -153,8 +153,21 @@ zxerr_t crypto_fillAddress(signing_key_type_e addressKind, uint8_t *buffer, uint
     return err;
 }
 
+static zxerr_t crypto_hashFeeHeader(const header_t *header, uint8_t *output, uint32_t outputLen) {
+    if (header == NULL || output == NULL || outputLen < CX_SHA256_SIZE) {
+         return zxerr_invalid_crypto_settings;
+    }
+    cx_sha256_t sha256 = {0};
+    cx_sha256_init(&sha256);
+    const uint8_t discriminant = 0x07;
+    cx_sha256_update(&sha256, &discriminant, sizeof(discriminant));
+    cx_sha256_update(&sha256, header->extBytes.ptr, header->extBytes.len);
+    cx_sha256_final(&sha256, output);
+    return zxerr_ok;
+}
 
-static zxerr_t crypto_hashHeader(const header_t *header, uint8_t *output, uint32_t outputLen) {
+
+static zxerr_t crypto_hashRawHeader(const header_t *header, uint8_t *output, uint32_t outputLen) {
     if (header == NULL || output == NULL || outputLen < CX_SHA256_SIZE) {
          return zxerr_invalid_crypto_settings;
     }
@@ -163,6 +176,8 @@ static zxerr_t crypto_hashHeader(const header_t *header, uint8_t *output, uint32
     const uint8_t discriminant = 0x07;
     cx_sha256_update(&sha256, &discriminant, sizeof(discriminant));
     cx_sha256_update(&sha256, header->bytes.ptr, header->bytes.len);
+    const uint8_t header_discriminant = 0x00;
+    cx_sha256_update(&sha256, &header_discriminant, sizeof(header_discriminant));
     cx_sha256_final(&sha256, output);
     return zxerr_ok;
 }
@@ -214,24 +229,29 @@ static zxerr_t crypto_addTxnHashes(const parser_tx_t *txObj, concatenated_hashes
     switch (txObj->typeTx) {
         case InitAccount:
             MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->initAccount.vp_type_sechash.ptr, HASH_LEN);
+            hashes->indices.ptr[hashes->hashesLen] = txObj->initAccount.vp_type_secidx;
             hashes->hashesLen++;
             break;
 
         case InitValidator:
             MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->initValidator.vp_type_sechash.ptr, HASH_LEN);
+            hashes->indices.ptr[hashes->hashesLen] = txObj->initValidator.vp_type_secidx;
             hashes->hashesLen++;
             break;
 
         case UpdateVP:
             MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->updateVp.vp_type_sechash.ptr, HASH_LEN);
+            hashes->indices.ptr[hashes->hashesLen] = txObj->updateVp.vp_type_secidx;
             hashes->hashesLen++;
             break;
 
         case InitProposal:
             MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->initProposal.content_sechash.ptr, HASH_LEN);
+            hashes->indices.ptr[hashes->hashesLen] = txObj->initProposal.content_secidx;
             hashes->hashesLen++;
             if (txObj->initProposal.has_proposal_code) {
                 MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->initProposal.proposal_code_sechash.ptr, HASH_LEN);
+                hashes->indices.ptr[hashes->hashesLen] = txObj->initProposal.proposal_code_secidx;
                 hashes->hashesLen++;
             }
             break;
@@ -246,7 +266,8 @@ static zxerr_t crypto_addTxnHashes(const parser_tx_t *txObj, concatenated_hashes
 
 
 zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLen) {
-    const uint16_t minimumBufferSize = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG;
+    const uint16_t minimumBufferSize = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 10;
+
     if (txObj == NULL || output == NULL || outputLen < minimumBufferSize) {
         return zxerr_unknown;
     }
@@ -256,20 +277,24 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
 
     // Hashes: code, data, (initAcc | initVali | updateVP = 1  /  initProp = 2), raw_signature, header ---> MaxHashes = 6
     uint8_t hashes_buffer[MAX_SIGNATURE_HASHES * HASH_LEN] = {0};
+    uint8_t indices_buffer[MAX_SIGNATURE_HASHES] = {0};
     concatenated_hashes_t section_hashes = {
         .hashes.ptr = hashes_buffer,
         .hashes.len = sizeof(hashes_buffer),
+        .indices.ptr = indices_buffer,
+        .indices.len = sizeof(indices_buffer),
         .hashesLen = 0
     };
 
-    const section_t *data = &txObj->transaction.sections.data;
-    const section_t *code = &txObj->transaction.sections.code;
-    uint8_t *codeHash = section_hashes.hashes.ptr;
-    uint8_t *dataHash = section_hashes.hashes.ptr + HASH_LEN;
-    // Concatenate the code and data section hashes
-    CHECK_ZXERR(crypto_hashCodeSection(code, codeHash, HASH_LEN))
-    CHECK_ZXERR(crypto_hashDataSection(data, dataHash, HASH_LEN))
-    section_hashes.hashesLen = 2;
+    uint8_t *rawHeaderHash = section_hashes.hashes.ptr;
+    section_hashes.indices.ptr[0] = 255;
+    // Concatenate the raw header hash
+    CHECK_ZXERR(crypto_hashRawHeader(&txObj->transaction.header, rawHeaderHash, HASH_LEN))
+    section_hashes.hashesLen = 1;
+
+    char hexString[100] = {0};
+    array_to_hexstr(hexString, sizeof(hexString), section_hashes.hashes.ptr, HASH_LEN);
+    ZEMU_LOGF(100, "Raw header hash: %s\n", hexString);
 
     CHECK_ZXERR(crypto_addTxnHashes(txObj, &section_hashes))
 
@@ -296,6 +321,10 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     uint8_t *raw = salt_buffer + SALT_LEN;
     CHECK_ZXERR(crypto_sign_ed25519(raw + 1, ED25519_SIGNATURE_SIZE, raw_signature_hash, HASH_LEN))
 
+    uint8_t raw_indices_len = section_hashes.hashesLen;
+    uint8_t raw_indices_buffer[MAX_SIGNATURE_HASHES] = {0};
+    MEMCPY(raw_indices_buffer, section_hashes.indices.ptr, section_hashes.hashesLen);
+
     // ----------------------------------------------------------------------
     // Start generating wrapper signature
     // Affix the signature to make the signature section signed
@@ -308,14 +337,28 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     // Compute the hash of the signed signature section and concatenate it
     const uint8_t sig_sec_prefix = 0x03;
     CHECK_ZXERR(crypto_hashSigSection(&signature_section, &sig_sec_prefix, 1, raw_signature_hash, HASH_LEN))
+    section_hashes.indices.ptr[section_hashes.hashesLen] = txObj->transaction.sections.sectionLen+1+0 /*signature_raw*/;
     section_hashes.hashesLen++;
     signature_section.hashes.hashesLen++;
 
-    // Hash the header section
-    uint8_t *header_hash = section_hashes.hashes.ptr + (section_hashes.hashesLen * HASH_LEN);
-    CHECK_ZXERR(crypto_hashHeader(&txObj->transaction.header, header_hash, HASH_LEN))
-    section_hashes.hashesLen++;
-    signature_section.hashes.hashesLen++;
+    /// Hash the header section
+    uint8_t *header_hash = section_hashes.hashes.ptr;
+    CHECK_ZXERR(crypto_hashFeeHeader(&txObj->transaction.header, header_hash, HASH_LEN))
+    section_hashes.indices.ptr[0] = 0;
+
+    // Hash the code and data sections
+    const section_t *data = &txObj->transaction.sections.data;
+    const section_t *code = &txObj->transaction.sections.code;
+    uint8_t *codeHash = section_hashes.hashes.ptr + (section_hashes.hashesLen * HASH_LEN);
+    uint8_t *dataHash = codeHash + HASH_LEN;
+    section_hashes.indices.ptr[section_hashes.hashesLen] = code->idx;
+    section_hashes.indices.ptr[section_hashes.hashesLen+1] = data->idx;
+    // Concatenate the code and data section hashes
+    CHECK_ZXERR(crypto_hashCodeSection(code, codeHash, HASH_LEN))
+    CHECK_ZXERR(crypto_hashDataSection(data, dataHash, HASH_LEN))
+    section_hashes.hashesLen += 2;
+    signature_section.hashes.hashesLen += 2;
+
 
     // Hash the eligible signature sections
     for (uint32_t i = 0; i < txObj->transaction.sections.signaturesLen; i++) {
@@ -345,6 +388,7 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
         // We sign over a signature if it signs over hashes that we recognize
         uint8_t *prev_sig_hash = section_hashes.hashes.ptr + (section_hashes.hashesLen * HASH_LEN);
         CHECK_ZXERR(crypto_hashSigSection(prev_sig, &sig_sec_prefix, 1, prev_sig_hash, HASH_LEN))
+        section_hashes.indices.ptr[section_hashes.hashesLen] = prev_sig->idx;
         section_hashes.hashesLen++;
         signature_section.hashes.hashesLen++;
     }
@@ -360,11 +404,21 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     CHECK_ZXERR(crypto_sign_ed25519(wrapper + 1, ED25519_SIGNATURE_SIZE, wrapper_sig_hash, sizeof(wrapper_sig_hash)))
 
 #if defined(DEBUG_HASHES)
+    ZEMU_LOGF(100, "------------------------------------------------\n");
     for (uint8_t i = 0; i < section_hashes.hashesLen; i++) {
         char hexString[100] = {0};
         array_to_hexstr(hexString, sizeof(hexString), section_hashes.hashes.ptr + (HASH_LEN * i), HASH_LEN);
         ZEMU_LOGF(100, "Hash %d: %s\n", i, hexString);
     }
+    ZEMU_LOGF(100, "------------------------------------------------\n");
 #endif
+
+    uint8_t *indices = wrapper + SIG_LEN_25519_PLUS_TAG;
+    *indices = raw_indices_len;
+    MEMCPY(indices + 1, raw_indices_buffer, raw_indices_len);
+    indices += 1 + raw_indices_len;
+    *indices = section_hashes.hashesLen;
+    MEMCPY(indices + 1, section_hashes.indices.ptr, section_hashes.hashesLen);
+
     return zxerr_ok;
 }

app/src/parser_impl_txn.c

@@ -32,51 +32,51 @@
 #define DISCRIMINANT_MASP_BUILDER 0x06
 
 static const txn_types_t allowed_txn[] = {
-    {{0xad, 0x42, 0xb5, 0x36, 0xc7, 0x23, 0x8f, 0x79, 0xa3, 0xe6, 0x41, 0xb6, 0x67, 0x41, 0x58, 0x42, 0x66, 0xcb, 0x33, 0x21, 0x62, 0x81, 0x9b, 0x8c, 0x23, 0x19, 0xe2, 0xf9, 0x2c, 0xbe, 0x6d, 0x9a},
+    {{0xbe, 0xc1, 0xef, 0xd3, 0x7d, 0x88, 0x87, 0x6b, 0xe4, 0x17, 0x6d, 0x1a, 0xfc, 0x0b, 0x6f, 0xa7, 0x84, 0x90, 0x1e, 0xfe, 0x18, 0xcf, 0x9e, 0xc3, 0x02, 0x93, 0x31, 0x3b, 0xe8, 0x55, 0xd8, 0x14},
     Bond},
 
-    {{0x6f, 0x87, 0x20, 0x12, 0x7c, 0xcf, 0x68, 0xc7, 0xd5, 0xd1, 0x55, 0x52, 0x9f, 0x62, 0xce, 0xa7, 0x33, 0x6c, 0x7c, 0xbc, 0xdb, 0x73, 0xaa, 0x8e, 0xbd, 0x40, 0xe4, 0xc3, 0xcd, 0x46, 0xd1, 0x28},
+    {{0x47, 0x30, 0xc6, 0xc3, 0x02, 0xf0, 0xa5, 0x72, 0xc0, 0x9d, 0x2b, 0x67, 0x1a, 0xe4, 0xc4, 0x0d, 0xee, 0xe8, 0xcf, 0x46, 0xfc, 0x16, 0x8c, 0x8e, 0xba, 0x57, 0xfa, 0xde, 0xf8, 0x8b, 0x73, 0xde},
     Unbond},
 
-    {{0x50, 0xcb, 0x32, 0x29, 0x8b, 0x6f, 0x6b, 0xbd, 0x66, 0x1e, 0x09, 0xd3, 0x6b, 0xbe, 0x7b, 0xa7, 0xce, 0x2c, 0x9d, 0xb7, 0x53, 0x92, 0xa9, 0x87, 0x9a, 0xe7, 0x38, 0x1e, 0x87, 0xc9, 0xfc, 0x3a},
+    {{0xf0, 0x06, 0x11, 0x57, 0x37, 0x74, 0x54, 0xc3, 0x14, 0xad, 0x7c, 0x9e, 0x38, 0x55, 0x22, 0x1d, 0x49, 0xda, 0x74, 0x25, 0xff, 0xef, 0x6d, 0xb6, 0xb7, 0xd2, 0x8f, 0x52, 0x42, 0x42, 0x32, 0x81},
     InitAccount},
 
-    {{0xd1, 0xba, 0xa3, 0x73, 0x45, 0xff, 0xdb, 0x85, 0x0c, 0x6b, 0x09, 0x2f, 0x5b, 0x31, 0x4f, 0xf0, 0x41, 0x25, 0xdf, 0xb5, 0x30, 0xf1, 0x1e, 0xad, 0xb3, 0xa8, 0x66, 0xda, 0x90, 0x78, 0xb3, 0x6f},
+    {{0x6f, 0x63, 0xdc, 0x0e, 0xe5, 0x34, 0xb7, 0x4c, 0xec, 0x72, 0x8b, 0x9f, 0x76, 0xda, 0xe3, 0x83, 0x38, 0x8f, 0x73, 0x06, 0xdf, 0x66, 0xb8, 0x27, 0xfa, 0x94, 0x0e, 0x21, 0x0a, 0x7c, 0x11, 0xca},
     InitProposal},
 
-    {{0xb9, 0xe6, 0xf6, 0xaa, 0x0e, 0xdd, 0xe8, 0xb4, 0x72, 0xb0, 0x8e, 0xca, 0x84, 0xb3, 0x4a, 0x73, 0xb6, 0x46, 0xba, 0x65, 0x0d, 0x58, 0x84, 0xea, 0x2e, 0xa0, 0x73, 0xfe, 0xf6, 0x91, 0x66, 0xf1},
+    {{0x92, 0xed, 0x2a, 0x56, 0x80, 0x21, 0xd8, 0xc0, 0x15, 0xe2, 0x75, 0xcc, 0x39, 0x93, 0x67, 0x50, 0xe1, 0x0b, 0x51, 0xa2, 0xee, 0x95, 0x0f, 0x21, 0x3f, 0xb2, 0x1a, 0x76, 0xcc, 0xc7, 0x21, 0x47},
     VoteProposal},
 
-    {{0x94, 0x46, 0xa4, 0xfc, 0x34, 0xb6, 0x7b, 0x48, 0xc1, 0x5b, 0xbb, 0x3e, 0xbd, 0xe3, 0xa5, 0x25, 0x00, 0x30, 0x6b, 0x69, 0x99, 0xcc, 0xb0, 0x43, 0xa0, 0xfe, 0x13, 0x0e, 0xec, 0x63, 0xf1, 0xf1},
+    {{0xb3, 0xb4, 0x81, 0x66, 0x97, 0x6e, 0x02, 0x59, 0xdb, 0x4e, 0xab, 0x1e, 0x72, 0xac, 0xe4, 0xc9, 0x23, 0x68, 0xb3, 0x4f, 0xd5, 0xa0, 0x6f, 0x7c, 0xcd, 0x41, 0xb4, 0xae, 0x4c, 0x88, 0xca, 0x1d},
     InitValidator},
 
-    {{0xb2, 0xef, 0x04, 0xe0, 0x9b, 0xa5, 0xa4, 0x50, 0x35, 0x9b, 0x56, 0x68, 0x37, 0x7d, 0x80, 0x2f, 0x67, 0x35, 0x2b, 0xda, 0x72, 0xb3, 0x1e, 0x97, 0x95, 0xee, 0x4c, 0x6b, 0xd3, 0xba, 0x7b, 0xfd},
+    {{0x15, 0x2e, 0xfe, 0xbe, 0x39, 0x54, 0xac, 0x8f, 0x2d, 0x57, 0x60, 0xec, 0x18, 0xfa, 0xe1, 0x19, 0x7c, 0x9e, 0x02, 0xa1, 0x61, 0x49, 0x13, 0x75, 0x51, 0x6c, 0xfc, 0x40, 0xcb, 0xa0, 0xa1, 0xe8},
     RevealPubkey},
 
-    {{0xf0, 0xe4, 0xe3, 0x42, 0x46, 0xa0, 0x4b, 0x19, 0xba, 0x8f, 0x29, 0xa4, 0x1e, 0x3d, 0x21, 0x23, 0xa1, 0x4b, 0x95, 0xc1, 0x8b, 0xa1, 0x64, 0x3f, 0x94, 0xf0, 0x95, 0x44, 0x43, 0x2d, 0x3b, 0x12},
+    {{0x11, 0x1a, 0x5b, 0x61, 0xd8, 0x39, 0xf5, 0xb9, 0x74, 0xf7, 0x74, 0x76, 0x2e, 0x74, 0xc9, 0x8d, 0xb8, 0xfc, 0x38, 0x9d, 0x27, 0x95, 0xcb, 0xd6, 0x1a, 0x2c, 0x44, 0xe5, 0xab, 0x46, 0xc5, 0xa1},
     Transfer},
 
-    {{0xd7, 0x44, 0x05, 0x9f, 0x69, 0x88, 0x88, 0xfb, 0x5f, 0x4b, 0x96, 0xf5, 0x31, 0xfe, 0x5e, 0x2f, 0x1e, 0xb3, 0x07, 0xed, 0x52, 0x62, 0x1c, 0xcc, 0x18, 0x9b, 0xbf, 0x02, 0x2a, 0xe3, 0x6a, 0xd5},
+    {{0xc3, 0xe2, 0x5b, 0x73, 0xb9, 0x4a, 0x22, 0x6c, 0x3e, 0x9a, 0x59, 0x90, 0xfb, 0x91, 0x86, 0x4c, 0x15, 0x15, 0xcf, 0x2b, 0xcb, 0x8e, 0x28, 0xe4, 0xb3, 0xe4, 0x03, 0xc4, 0x1a, 0x37, 0x09, 0x32},
     UpdateVP},
 
-    {{0x68, 0x98, 0xf2, 0xfb, 0x12, 0x58, 0x6d, 0x11, 0x6c, 0x52, 0xad, 0x67, 0x75, 0xed, 0x10, 0x11, 0xda, 0x9d, 0x81, 0xd6, 0xa5, 0x8a, 0x43, 0x4f, 0xea, 0x63, 0x86, 0x25, 0xda, 0x60, 0x7e, 0x13},
+    {{0x64, 0x93, 0x53, 0xad, 0x4c, 0x9b, 0x5a, 0xce, 0xfe, 0x52, 0xb5, 0xe6, 0x7e, 0xad, 0xa7, 0x8b, 0x6f, 0x83, 0xe2, 0x06, 0xed, 0x71, 0xdc, 0x93, 0x5d, 0xde, 0xc7, 0x04, 0x67, 0xc3, 0x06, 0x3b},
     Withdraw},
 
-    {{0x2e, 0xc2, 0xe9, 0x82, 0xbf, 0x93, 0xe3, 0x7e, 0x86, 0x5c, 0x35, 0x58, 0xe3, 0xcc, 0xbc, 0x52, 0x5a, 0xa0, 0xc5, 0xb7, 0xda, 0xc6, 0x71, 0x02, 0xda, 0x79, 0xbe, 0x1c, 0x7d, 0xa2, 0x94, 0x17},
+    {{0x6c, 0xf3, 0x29, 0x12, 0x02, 0x04, 0xbf, 0x10, 0xb2, 0x17, 0xb8, 0x11, 0x3f, 0x93, 0x01, 0x1f, 0xc2, 0xea, 0x27, 0xa0, 0x9c, 0x02, 0x46, 0xa8, 0x66, 0x71, 0x0f, 0xa9, 0xf8, 0xb6, 0x8f, 0x79},
     CommissionChange},
 
-    {{0x2e, 0x05, 0x0f, 0xf9, 0xc8, 0xc3, 0x5e, 0x71, 0x5c, 0x83, 0x8e, 0x11, 0x6c, 0x9e, 0x4a, 0x69, 0xbc, 0x07, 0x35, 0xf1, 0xa5, 0x89, 0xa8, 0x65, 0x1b, 0x4f, 0x55, 0x23, 0xef, 0xe7, 0x8d, 0xac},
+    {{0x0a, 0x76, 0x24, 0xe9, 0x88, 0x4b, 0x68, 0x1e, 0x0a, 0xf8, 0x70, 0x89, 0x61, 0xb4, 0xe0, 0xc9, 0x8a, 0x02, 0x5e, 0xf5, 0x71, 0x67, 0x6c, 0xfb, 0xb4, 0x08, 0xb7, 0x7a, 0x31, 0x95, 0xcd, 0x15},
     UnjailValidator},
 
-    {{0xa5, 0xbe, 0xe8, 0xcd, 0xed, 0x06, 0xf8, 0x3a, 0xc0, 0x6d, 0x2f, 0x5a, 0xdd, 0x87, 0x52, 0x40, 0x18, 0xc4, 0x5d, 0xb0, 0x74, 0x5a, 0x7c, 0xee, 0x35, 0x0c, 0x8c, 0x0e, 0x38, 0xf4, 0xe2, 0x46},
+    {{0x58, 0xbd, 0x56, 0x8d, 0xfa, 0x94, 0x97, 0x3c, 0x79, 0x8b, 0x38, 0x68, 0x32, 0x61, 0x97, 0xfa, 0x5d, 0x86, 0x87, 0xa6, 0xf6, 0xae, 0xe7, 0x7c, 0x39, 0x5e, 0xaa, 0xa1, 0xd0, 0x1e, 0x2c, 0x19},
     IBC},
 
 };
 static const uint32_t allowed_txn_len = sizeof(allowed_txn) / sizeof(allowed_txn[0]);
 
 // Update VP types
 static const vp_types_t vp_user = {
-        {0x72, 0xd2, 0xc2, 0xb9, 0xfc, 0x24, 0x7c, 0xe6, 0xcd, 0x6a, 0xc0, 0x0b, 0xb5, 0xbc, 0xcc, 0x35, 0x69, 0xd0, 0xb9, 0x4b, 0x01, 0xaf, 0x74, 0x6f, 0xb3, 0xb4, 0xce, 0x48, 0x76, 0x10, 0x60, 0xd3},
+        {0x3b, 0x9e, 0x4d, 0x77, 0x7c, 0x94, 0x20, 0xbb, 0xbf, 0x73, 0x0e, 0x15, 0x49, 0x25, 0x2f, 0x1a, 0x09, 0x1b, 0xc0, 0x15, 0x35, 0xeb, 0x1f, 0x37, 0xe7, 0xa7, 0xe3, 0xd1, 0xba, 0xce, 0x75, 0x76},
         "User"
 };
 static const char *unknown_vp = "Unknown VP hash";
@@ -813,6 +813,7 @@ parser_error_t readHeader(parser_context_t *ctx, parser_tx_t *v) {
         return parser_unexpected_value;
     }
     v->transaction.header.bytes.ptr = ctx->buffer + ctx->offset;
+    v->transaction.header.extBytes.ptr = ctx->buffer + ctx->offset;
     const uint16_t tmpOffset = ctx->offset;
 
     // Read length of chain_id
@@ -842,6 +843,8 @@ parser_error_t readHeader(parser_context_t *ctx, parser_tx_t *v) {
     v->transaction.header.dataHash.len = HASH_LEN;
     CHECK_ERROR(readBytes(ctx, &v->transaction.header.dataHash.ptr, v->transaction.header.dataHash.len))
 
+    v->transaction.header.bytes.len = ctx->offset - tmpOffset;
+
     CHECK_ERROR(checkTag(ctx, 0x01))
     // Fee.amount
     CHECK_ERROR(readUint256(ctx, &v->transaction.header.fees.amount))
@@ -867,7 +870,18 @@ parser_error_t readHeader(parser_context_t *ctx, parser_tx_t *v) {
         CHECK_ERROR(readBytes(ctx, &v->transaction.header.unshieldSectionHash.ptr, v->transaction.header.unshieldSectionHash.len))
     }
 
-    v->transaction.header.bytes.len = ctx->offset - tmpOffset;
+    // Check if a PoW solution is present (should only exist in mainnet)
+    uint8_t num_pow_solution = 0;
+    CHECK_ERROR(readByte(ctx, &num_pow_solution))
+    if (num_pow_solution){
+        // A PoW solution consists of :
+        // - challenge parameters = Difficulty (u8) and a Counter (u64)
+        // - a SolutionValue (u64)
+        // so we skip 17 bytes
+        ctx->offset += num_pow_solution * 17;
+    }
+
+    v->transaction.header.extBytes.len = ctx->offset - tmpOffset;
 
     return parser_ok;
 }

app/src/parser_txdef.h

@@ -47,6 +47,7 @@ typedef struct {
 typedef struct {
     uint32_t hashesLen;
     mut_bytes_t hashes;
+    mut_bytes_t indices;
 } concatenated_hashes_t;
 
 typedef enum {
@@ -129,6 +130,7 @@ typedef struct {
 #endif
 
 typedef struct {
+    bytes_t extBytes;
     bytes_t bytes;
     fees_t fees;
     bytes_t pubkey;

js/src/processResponses.ts

@@ -19,9 +19,9 @@ import { PK_LEN_PLUS_TAG, SALT_LEN, SIG_LEN_PLUS_TAG } from './config'
 import { ISignature } from './types'
 
 export function getSignatureResponse(response: Buffer): ISignature {
-  console.log('Processing get signature response')
+  // App sign response: [ pubkey(33) | raw_salt(8) | raw_signature(65) | wrapper_salt(8) | wrapper_signature(65) |
+  // raw_indices_len(1) | wrapper_indices_len(1) | indices(wrapper_indices_len) ]
 
-  // App sign response: [ pubkey(33) | raw_salt(8) | raw_signature(65) | wrapper_salt(8) | wrapper_signature(65) ]
   let offset = 0;
   const pubkey = Buffer.from(response.subarray(offset, offset + PK_LEN_PLUS_TAG));
 
@@ -35,18 +35,29 @@ export function getSignatureResponse(response: Buffer): ISignature {
   offset += SALT_LEN;
   const wrapper_signature = Buffer.from(response.subarray(offset, offset + SIG_LEN_PLUS_TAG));
 
+  offset += SIG_LEN_PLUS_TAG;
+  const raw_indices_len = response[offset];
+  offset += 1;
+  const raw_indices = Buffer.from(response.subarray(offset, offset + raw_indices_len))
+  offset += raw_indices_len;
+
+  const wrapper_indices_len = response[offset];
+  offset += 1;
+  const wrapper_indices = Buffer.from(response.subarray(offset, offset + wrapper_indices_len))
+  offset += wrapper_indices_len;
+
   return {
     pubkey,
     raw_salt,
     raw_signature,
     wrapper_salt,
     wrapper_signature,
+    raw_indices,
+    wrapper_indices,
   }
 }
 
 export function processGetAddrResponse(response: Buffer) {
-  console.log('Processing get address response')
-
   const errorCodeData = response.subarray(-2)
   const returnCode = errorCodeData[0] * 256 + errorCodeData[1]