Upgrading signing to multisig.

Zondax · Sep 14, 2023 · e547c17 · e547c17
1 parent 98a5742
commit e547c17
Show file tree

Hide file tree

Showing 131 changed files with 218 additions and 112 deletions.
diff --git a/app/Makefile b/app/Makefile
@@ -55,7 +55,7 @@ endif
 
 APP_LOAD_PARAMS =  --curve ed25519 $(COMMON_LOAD_PARAMS) --path $(APPPATH)
 
-NANOS_STACK_SIZE := 2850
+NANOS_STACK_SIZE := 2650
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.devices
 
 $(info TARGET_NAME  = [$(TARGET_NAME)])

diff --git a/app/src/common/actions.h b/app/src/common/actions.h
@@ -65,7 +65,7 @@ __Z_INLINE void app_sign() {
         set_code(G_io_apdu_buffer, 0, APDU_CODE_SIGN_VERIFY_ERROR);
         io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, 2);
     } else {
-        const uint16_t responseLen = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 6;
+        const uint16_t responseLen = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 10;
         set_code(G_io_apdu_buffer, responseLen, APDU_CODE_OK);
         io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, responseLen + 2);
     }

diff --git a/app/src/crypto.c b/app/src/crypto.c
@@ -28,7 +28,7 @@
 #define SIGN_PREFIX_SIZE 11u
 #define SIGN_PREHASH_SIZE (SIGN_PREFIX_SIZE + CX_SHA256_SIZE)
 
-#define MAX_SIGNATURE_HASHES 6
+#define MAX_SIGNATURE_HASHES 10
 
 static zxerr_t crypto_extractPublicKey_ed25519(uint8_t *pubKey, uint16_t pubKeyLen) {
     if (pubKey == NULL || pubKeyLen < PK_LEN_25519) {
@@ -160,7 +160,7 @@ static zxerr_t crypto_hashHeader(const header_t *header, uint8_t *output, uint32
     }
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
-    const uint8_t discriminant = 0x08;
+    const uint8_t discriminant = 0x07;
     cx_sha256_update(&sha256, &discriminant, sizeof(discriminant));
     cx_sha256_update(&sha256, header->bytes.ptr, header->bytes.len);
     cx_sha256_final(&sha256, output);
@@ -178,14 +178,20 @@ zxerr_t crypto_hashSigSection(const signature_section_t *signature_section, cons
     if (prefix != NULL) {
         cx_sha256_update(&sha256, prefix, prefixLen);
     }
-    cx_sha256_update(&sha256, signature_section->salt.ptr, signature_section->salt.len);
     cx_sha256_update(&sha256, (uint8_t*) &signature_section->hashes.hashesLen, 4);
     cx_sha256_update(&sha256, signature_section->hashes.hashes.ptr, HASH_LEN * signature_section->hashes.hashesLen);
-    cx_sha256_update(&sha256, signature_section->pubKey.ptr, signature_section->pubKey.len);
-    cx_sha256_update(&sha256, (const uint8_t*) &signature_section->has_signature, 1);
-    if(signature_section->has_signature) {
-        cx_sha256_update(&sha256, signature_section->signature.ptr, signature_section->signature.len);
+    cx_sha256_update(&sha256, (uint8_t*) &signature_section->signerDiscriminant, 1);
+    switch (signature_section->signerDiscriminant) {
+    case PubKeys:
+      cx_sha256_update(&sha256, (uint8_t*) &signature_section->pubKeysLen, 4);
+      cx_sha256_update(&sha256, signature_section->pubKeys.ptr, PK_LEN_25519_PLUS_TAG * signature_section->pubKeysLen);
+      break;
+    case Address:
+      cx_sha256_update(&sha256, (uint8_t*) &signature_section->address.ptr, signature_section->address.len);
+      break;
     }
+    cx_sha256_update(&sha256, (const uint8_t*) &signature_section->signaturesLen, 4);
+    cx_sha256_update(&sha256, signature_section->indexedSignatures.ptr, (1+SIG_LEN_25519_PLUS_TAG) * signature_section->signaturesLen);
     cx_sha256_final(&sha256, output);
     return zxerr_ok;
 }
@@ -236,7 +242,7 @@ static zxerr_t crypto_addTxnHashes(const parser_tx_t *txObj, concatenated_hashes
 
 
 zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLen) {
-    const uint16_t minimumBufferSize = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 6;
+    const uint16_t minimumBufferSize = PK_LEN_25519_PLUS_TAG + 2 * SALT_LEN + 2 * SIG_LEN_25519_PLUS_TAG + 2 + 10;
     if (txObj ==NULL || output == NULL || outputLen < minimumBufferSize) {
         return zxerr_unknown;
     }
@@ -276,26 +282,31 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     signature_section_t signature_section = {
       .salt = salt,
       .hashes = section_hashes,
-      .pubKey = pubkey,
-      .has_signature = false,
-      .signature = {NULL, 0},
+      .signerDiscriminant = PubKeys,
+      .pubKeysLen = 0,
+      .pubKeys = pubkey,
+      .signaturesLen = 0,
+      .indexedSignatures = {NULL, 0},
     };
 
     // Hash the unsigned signature section
     uint8_t *raw_signature_hash = section_hashes.hashes.ptr + (section_hashes.hashesLen * HASH_LEN);
     CHECK_ZXERR(crypto_hashSigSection(&signature_section, NULL, 0, raw_signature_hash, HASH_LEN))
 
     // Sign over the hash of the unsigned signature section
+    uint8_t indexed_signatures_buffer[1+SIG_LEN_25519_PLUS_TAG] = {0};
+    CHECK_ZXERR(crypto_sign_ed25519(indexed_signatures_buffer + 2, ED25519_SIGNATURE_SIZE, raw_signature_hash, HASH_LEN))
     uint8_t *raw = salt_buffer + SALT_LEN;
-    CHECK_ZXERR(crypto_sign_ed25519(raw + 1, ED25519_SIGNATURE_SIZE, raw_signature_hash, HASH_LEN))
+    MEMCPY(raw, indexed_signatures_buffer+1, SIG_LEN_25519_PLUS_TAG);
     uint8_t raw_indices_len = section_hashes.hashesLen;
 
     // ----------------------------------------------------------------------
     // Start generating wrapper signature
     // Affix the signature to make the signature section signed
-    signature_section.has_signature = true;
-    signature_section.signature.ptr = raw;
-    signature_section.signature.len = SIG_LEN_25519_PLUS_TAG;
+    signature_section.signaturesLen = 1;
+    signature_section.indexedSignatures.ptr = indexed_signatures_buffer;
+    signature_section.indexedSignatures.len = 1+SIG_LEN_25519_PLUS_TAG;
+    signature_section.pubKeysLen = 1;
 
     // Compute the hash of the signed signature section and concatenate it
     const uint8_t sig_sec_prefix = 0x03;
@@ -311,7 +322,34 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     section_hashes.hashesLen++;
     signature_section.hashes.hashesLen++;
 
-    signature_section.has_signature = false;
+    /// Hash the eligible signature sections
+    for (unsigned int i = 0; i < txObj->transaction.sections.signaturesLen; i++) {
+      const signature_section_t *prev_sig = &txObj->transaction.sections.signatures[i];
+      unsigned int j;
+      // Ensure that we recognize each hash that was signed over
+      for (j = 0; j < prev_sig->hashes.hashesLen; j++) {
+        unsigned int k;
+        // Check if we know the hash that was signed over
+        for (k = 0; k < signature_section.hashes.hashesLen; k++) {
+          if (!memcmp(prev_sig->hashes.hashes.ptr, signature_section.hashes.hashes.ptr, HASH_LEN)) {
+            break;
+          }
+        }
+        // If loop counter makes it to end, then this hash was not recognized
+        if (k == signature_section.hashes.hashesLen) break;
+      }
+      // If loop counter doesn't make it to end, then a hash was not recognized
+      if (j != prev_sig->hashes.hashesLen) continue;
+      // We sign over a signature if it signs over hashes that we recognize
+      uint8_t *prev_sig_hash = section_hashes.hashes.ptr + (section_hashes.hashesLen * HASH_LEN);
+      CHECK_ZXERR(crypto_hashSigSection(prev_sig, &sig_sec_prefix, 1, prev_sig_hash, HASH_LEN))
+      section_hashes.indices.ptr[section_hashes.hashesLen] = prev_sig->idx;
+      section_hashes.hashesLen++;
+      signature_section.hashes.hashesLen++;
+    }
+
+    signature_section.signaturesLen = 0;
+    signature_section.pubKeysLen = 0;
     // Hash the unsigned signature section into raw_sig_hash
     uint8_t wrapper_sig_hash[HASH_LEN] = {0};
     CHECK_ZXERR(crypto_hashSigSection(&signature_section, NULL, 0, wrapper_sig_hash, sizeof(wrapper_sig_hash)))

diff --git a/app/src/parser_impl_txn.c b/app/src/parser_impl_txn.c
@@ -32,47 +32,47 @@
 #define DISCRIMINANT_MASP_BUILDER 0x06
 
 static const txn_types_t allowed_txn[] = {
-    {{0x8d, 0x1d, 0xdb, 0xeb, 0x39, 0x72, 0x09, 0xc5, 0xef, 0xa2, 0x2d, 0xd5, 0x7f, 0xbd, 0xb3, 0x18, 0x25, 0xd6, 0x7c, 0x29, 0x42, 0x44, 0x1c, 0xb2, 0x61, 0x25, 0x83, 0xec, 0x25, 0x93, 0x83, 0x1a},
+    {{0xa4, 0x53, 0x05, 0xb1, 0x98, 0x40, 0x05, 0x30, 0x9b, 0x77, 0xd5, 0xd7, 0x12, 0x5f, 0x15, 0x43, 0x6c, 0xc0, 0xd6, 0x39, 0x78, 0x39, 0xbc, 0x74, 0x21, 0x08, 0x77, 0x36, 0x3a, 0x97, 0x8b, 0x3c},
     Bond},
 
-    {{0x0c, 0x90, 0xa1, 0xf9, 0xa9, 0x5b, 0x71, 0x71, 0xe0, 0xeb, 0xdc, 0xa8, 0x31, 0x8c, 0x19, 0xba, 0x45, 0xf3, 0x58, 0x15, 0x8a, 0xa6, 0x83, 0x70, 0xf6, 0x30, 0xf8, 0x40, 0x25, 0x63, 0x5c, 0x8f},
+    {{0x18, 0x26, 0x82, 0xe3, 0xa0, 0xcd, 0x37, 0xa0, 0x05, 0x24, 0x2a, 0x80, 0x1c, 0x47, 0x75, 0x96, 0x19, 0x63, 0xcf, 0xd9, 0xb4, 0xe6, 0x0d, 0x03, 0xf1, 0x0a, 0x12, 0x32, 0x52, 0x58, 0x5d, 0x55},
     Unbond},
 
-    {{0xd5, 0x27, 0xea, 0x17, 0xb4, 0x17, 0xfc, 0xa1, 0xa7, 0x2d, 0x6a, 0x26, 0xab, 0xc3, 0x42, 0x19, 0x63, 0x0e, 0xfc, 0xad, 0x47, 0x01, 0xe6, 0x29, 0xa8, 0x9e, 0x02, 0x6e, 0x06, 0xee, 0x06, 0xc1},
+    {{0xf1, 0x35, 0x34, 0xa2, 0x1b, 0x8a, 0xfd, 0x05, 0x8e, 0x4e, 0x64, 0x36, 0x69, 0x61, 0xbd, 0x58, 0x64, 0x86, 0x49, 0x56, 0xcc, 0x91, 0x5a, 0x74, 0x5a, 0xd3, 0xcc, 0x08, 0x7e, 0xb0, 0xa6, 0xd7},
     InitAccount},
 
-    {{0xe6, 0x05, 0xbb, 0x96, 0xff, 0x8b, 0x6a, 0xd1, 0xe1, 0x04, 0x91, 0xa8, 0x15, 0x90, 0xd1, 0x5e, 0xd7, 0x92, 0xf8, 0x7b, 0x03, 0x82, 0xd1, 0xfa, 0xee, 0x99, 0x66, 0xcb, 0x25, 0xa0, 0x90, 0x28},
+    {{0x46, 0x84, 0x4b, 0xfd, 0xbb, 0x8b, 0xfb, 0xbf, 0x44, 0xbd, 0x4e, 0xaf, 0xb7, 0xcd, 0x25, 0x46, 0x66, 0x31, 0xb2, 0xad, 0xf1, 0x9e, 0x3b, 0xa7, 0x69, 0xfe, 0x46, 0xfd, 0x52, 0xf1, 0x82, 0x57},
     InitProposal},
 
-    {{0x33, 0x56, 0x7a, 0xfd, 0x0c, 0x59, 0xd5, 0xf2, 0x49, 0x9a, 0x3c, 0xf4, 0xeb, 0xf3, 0xc2, 0x54, 0xde, 0x1c, 0xae, 0x1d, 0x31, 0x0d, 0x00, 0x4b, 0x8e, 0x0e, 0x53, 0x8f, 0x2f, 0xc8, 0x37, 0x7a},
+    {{0x3a, 0xfc, 0x69, 0x68, 0x02, 0x43, 0xb6, 0x8b, 0x2b, 0x86, 0x6b, 0xdb, 0x82, 0x7a, 0x3e, 0x90, 0x1b, 0x18, 0xaf, 0xe2, 0x7b, 0xf8, 0x5b, 0xb0, 0x40, 0x19, 0xa2, 0x6d, 0xfc, 0x1c, 0x61, 0x09},
     VoteProposal},
 
-    {{0x91, 0xce, 0x97, 0xff, 0x0b, 0xfa, 0x49, 0xce, 0x9b, 0xaa, 0x75, 0x85, 0xae, 0x7e, 0x2c, 0x05, 0x14, 0xe9, 0x1a, 0x66, 0xc6, 0x25, 0x50, 0x2b, 0x4a, 0xce, 0xd6, 0x35, 0xda, 0x5b, 0x02, 0x1a},
+    {{0xbe, 0xc4, 0x86, 0xbb, 0x8c, 0xa3, 0xdd, 0xc5, 0x40, 0x19, 0xee, 0x0b, 0x8f, 0x65, 0x84, 0x9e, 0xc1, 0xf8, 0x86, 0xe5, 0x15, 0xc6, 0x5e, 0x85, 0xa0, 0x06, 0x23, 0x34, 0x12, 0xfd, 0x9a, 0xac},
     InitValidator},
 
-    {{0x8a, 0xb3, 0x8f, 0x51, 0x6a, 0xc7, 0x99, 0xdc, 0xb9, 0x6b, 0xa3, 0x72, 0xcd, 0x5e, 0x5d, 0xef, 0xd3, 0x81, 0xdd, 0xf9, 0xd6, 0x95, 0x79, 0xce, 0x15, 0x56, 0xd1, 0x72, 0x1d, 0x34, 0xf6, 0x68},
+    {{0x55, 0x47, 0x7e, 0x7a, 0x6c, 0x7c, 0x8d, 0x62, 0x42, 0x06, 0x39, 0x6b, 0xeb, 0x7f, 0x34, 0x06, 0x62, 0x44, 0x60, 0xb4, 0x1a, 0x78, 0x3d, 0x29, 0x9d, 0x3c, 0x3d, 0x5c, 0xcc, 0x19, 0x40, 0xc5},
     RevealPubkey},
 
-    {{0x73, 0x8a, 0xc6, 0x9d, 0x4a, 0x4f, 0x3d, 0xfb, 0x15, 0x4a, 0xee, 0xd6, 0xb8, 0x06, 0xef, 0x10, 0x42, 0xb1, 0xa7, 0x07, 0xde, 0x98, 0xbf, 0x8c, 0x6c, 0xc5, 0xad, 0x66, 0xd4, 0x78, 0xf6, 0xd9},
+    {{0x3f, 0x22, 0xef, 0x22, 0xdd, 0x8f, 0x1f, 0xe5, 0x1b, 0xbe, 0xf7, 0x3a, 0x97, 0x50, 0x92, 0x3b, 0x36, 0x4e, 0x3c, 0x58, 0x34, 0x9d, 0xc7, 0xe6, 0x50, 0xee, 0xcb, 0x7e, 0xa2, 0xb5, 0x75, 0x36},
     Transfer},
 
-    {{0x8f, 0x59, 0x34, 0xe4, 0xfc, 0xca, 0x4e, 0x7d, 0x3c, 0x58, 0xe1, 0xc0, 0xb8, 0x72, 0x2c, 0xe0, 0xa9, 0x48, 0xef, 0xa6, 0xb9, 0x9e, 0x78, 0x01, 0xdd, 0x1c, 0x16, 0xf8, 0xea, 0x22, 0xfb, 0x59},
+    {{0x7b, 0x53, 0xa6, 0xbb, 0x49, 0x9a, 0x18, 0x3e, 0xb9, 0xe4, 0x2d, 0xa2, 0xb9, 0xa7, 0xe3, 0x29, 0x63, 0x03, 0x70, 0x6f, 0x21, 0x1c, 0x79, 0x6d, 0x60, 0xd1, 0x47, 0x6b, 0xea, 0x70, 0x62, 0x50},
     UpdateVP},
 
-    {{0x00, 0xe0, 0xa0, 0x4e, 0x89, 0x2e, 0xb6, 0x7a, 0xc3, 0xc3, 0xc7, 0xa3, 0x16, 0x2b, 0x12, 0xdc, 0x19, 0x85, 0x06, 0xc1, 0xc4, 0x66, 0x89, 0x39, 0x23, 0x91, 0x1c, 0x3a, 0xb4, 0x71, 0xdc, 0x03},
+    {{0xf8, 0x38, 0xcf, 0xa0, 0x72, 0x3c, 0x27, 0x48, 0x36, 0x9f, 0x70, 0x12, 0x5e, 0x13, 0x17, 0xea, 0x6a, 0x46, 0x04, 0xc1, 0xf1, 0x87, 0x18, 0x5e, 0xab, 0x23, 0x15, 0x15, 0x57, 0x38, 0x87, 0x40},
     Withdraw},
 
-    {{0x13, 0x7f, 0x28, 0x71, 0x84, 0x89, 0x70, 0xaa, 0x9c, 0xf1, 0xd3, 0xa9, 0x2a, 0x1e, 0x1a, 0x6e, 0x7a, 0x48, 0xb0, 0x53, 0x76, 0x32, 0xd8, 0x38, 0xbb, 0xb4, 0xe6, 0x9f, 0xd3, 0x01, 0xf8, 0xc3},
+    {{0x9c, 0x06, 0x09, 0x6b, 0x65, 0x71, 0x37, 0x55, 0xe3, 0xee, 0x90, 0x49, 0x09, 0x49, 0x49, 0x7b, 0xbf, 0x99, 0xbb, 0x2a, 0x3a, 0x5b, 0x10, 0x43, 0xbc, 0xed, 0x13, 0xac, 0xc6, 0x03, 0x4c, 0xa9},
     CommissionChange},
 
-    {{0x31, 0x0c, 0x19, 0x6c, 0xb7, 0xb2, 0xd3, 0x71, 0xbb, 0x74, 0xfe, 0x37, 0xee, 0x1f, 0x2f, 0x7e, 0x23, 0x3e, 0xad, 0x59, 0x47, 0x70, 0x27, 0x89, 0x1e, 0x4e, 0x28, 0x75, 0x1b, 0x6b, 0xb3, 0xfe},
+    {{0xac, 0x21, 0x49, 0xf6, 0x40, 0xf0, 0x66, 0x00, 0xc4, 0x53, 0x7e, 0xba, 0xd7, 0xfa, 0x5c, 0x94, 0xeb, 0x4f, 0xeb, 0x3a, 0x57, 0xce, 0x6f, 0xa3, 0x9a, 0xc4, 0x3d, 0xc2, 0xd7, 0x7f, 0x20, 0x16},
      UnjailValidator},
 };
 static const uint32_t allowed_txn_len = sizeof(allowed_txn) / sizeof(allowed_txn[0]);
 
 // Update VP types
 static const vp_types_t vp_user = {
-        {0xf9, 0x3b, 0x90, 0xd5, 0xa0, 0x22, 0x6c, 0x79, 0x15, 0x9e, 0xdd, 0x48, 0xf2, 0x80, 0x1e, 0x7a, 0x12, 0x52, 0x57, 0x51, 0xb9, 0x37, 0xfd, 0xa5, 0x85, 0x25, 0xa8, 0xfc, 0x8b, 0x42, 0xd7, 0x45},
+        {0x1c, 0x05, 0xc8, 0x8e, 0xcb, 0x42, 0x36, 0x27, 0x53, 0xe6, 0x72, 0xdb, 0x47, 0x37, 0x70, 0xbb, 0x46, 0xb5, 0x68, 0x54, 0x49, 0xd8, 0x10, 0xcf, 0x40, 0x7b, 0xde, 0x68, 0xd9, 0x06, 0xf0, 0x8c},
         "User"
 };
 static const char *unknown_vp = "Unknown VP hash";
@@ -845,6 +845,38 @@ static parser_error_t readExtraDataSection(parser_context_t *ctx, section_t *ext
     return parser_ok;
 }
 
+static parser_error_t readSignatureSection(parser_context_t *ctx, signature_section_t *signature) {
+    if (ctx == NULL || signature == NULL) {
+        return parser_unexpected_error;
+    }
+
+    uint8_t sectionDiscriminant;
+    CHECK_ERROR(readByte(ctx, &sectionDiscriminant))
+    if (sectionDiscriminant != DISCRIMINANT_SIGNATURE) {
+        return parser_unexpected_value;
+    }
+    CHECK_ERROR(readUint32(ctx, &signature->hashes.hashesLen))
+    signature->hashes.hashes.len = HASH_LEN*signature->hashes.hashesLen;
+    CHECK_ERROR(readBytes(ctx, (const uint8_t **) &signature->hashes.hashes.ptr, signature->hashes.hashes.len))
+    CHECK_ERROR(readByte(ctx, &signature->signerDiscriminant))
+    switch (signature->signerDiscriminant) {
+    case PubKeys:
+      CHECK_ERROR(readUint32(ctx, &signature->pubKeysLen))
+      signature->pubKeys.len = PK_LEN_25519_PLUS_TAG*signature->pubKeysLen;
+      CHECK_ERROR(readBytes(ctx, &signature->pubKeys.ptr, signature->pubKeys.len))
+      break;
+    case Address:
+      signature->address.len = ADDRESS_LEN_BYTES;
+      CHECK_ERROR(readBytes(ctx, &signature->address.ptr, signature->address.len))
+      break;
+    }
+    CHECK_ERROR(readUint32(ctx, &signature->signaturesLen))
+    signature->indexedSignatures.len = signature->signaturesLen * (1+SIG_LEN_25519_PLUS_TAG);
+    CHECK_ERROR(readBytes(ctx, &signature->indexedSignatures.ptr, signature->indexedSignatures.len))
+
+    return parser_ok;
+}
+
 static parser_error_t readDataSection(parser_context_t *ctx, section_t *data) {
     if (ctx == NULL || data == NULL) {
         return parser_unexpected_error;
@@ -924,11 +956,12 @@ parser_error_t readSections(parser_context_t *ctx, parser_tx_t *v) {
     }
     CHECK_ERROR(readUint32(ctx, &v->transaction.sections.sectionLen))
 
-    if (v->transaction.sections.sectionLen > 7) {
+    if (v->transaction.sections.sectionLen > 10) {
         return parser_invalid_output_buffer;
     }
 
     v->transaction.sections.extraDataLen = 0;
+    v->transaction.sections.signaturesLen = 0;
 
     for (uint32_t i = 0; i < v->transaction.sections.sectionLen; i++) {
         const uint8_t discriminant = *(ctx->buffer + ctx->offset);
@@ -952,8 +985,15 @@ parser_error_t readSections(parser_context_t *ctx, parser_tx_t *v) {
                 v->transaction.sections.code.idx = i+1;
                 break;
             }
-            case DISCRIMINANT_SIGNATURE:
+            case DISCRIMINANT_SIGNATURE: {
+                if (v->transaction.sections.signaturesLen >= MAX_SIGNATURE_SECS) {
+                    return parser_unexpected_field;
+                }
+                signature_section_t *signature = &v->transaction.sections.signatures[v->transaction.sections.signaturesLen++];
+                CHECK_ERROR(readSignatureSection(ctx, signature))
+                signature->idx = i+1;
                 break;
+            }
 #if(0)
             case DISCRIMINANT_CIPHERTEXT:
                 CHECK_ERROR(readCiphertext(ctx, &v->transaction.sections.ciphertext))

diff --git a/app/src/parser_print_common.c b/app/src/parser_print_common.c
@@ -162,13 +162,14 @@ static parser_error_t printTimestamp(const bytes_t timestamp,
 
     // Received         "2023-04-19T14:19:38.114481351+00:00"
     // Expected         "2023-04-19 14:19:38.114481351 UTC"
-    if (timestamp.len != 35) {
-        return parser_unexpected_value;
+    if (timestamp.len > 35 || timestamp.len < 25) {
+      return parser_unexpected_value;
     }
 
+    uint32_t offset = timestamp.len - 6;
     char date[50] = {0};
     memcpy(date, timestamp.ptr, timestamp.len - 6);
-    snprintf(date + 29, sizeof(date) - 29, " UTC");
+    snprintf(date + offset, sizeof(date) - offset, " UTC");
     if (date[10] == 'T') date[10] = ' ';
 
     pageString(outVal, outValLen, date, pageIdx, pageCount);

diff --git a/app/src/parser_txdef.h b/app/src/parser_txdef.h
@@ -26,6 +26,7 @@ extern "C" {
 #include "coin.h"
 
 #define MAX_EXTRA_DATA_SECS 3
+#define MAX_SIGNATURE_SECS 3
 
 typedef struct {
     uint8_t address[ADDRESS_LEN_TESTNET];
@@ -47,13 +48,22 @@ typedef struct {
     mut_bytes_t hashes;
     mut_bytes_t indices;
 } concatenated_hashes_t;
+
+typedef enum {
+    Address = 0,
+    PubKeys = 1
+} signer_e;
 // -----------------------------------------------------------------
 typedef struct {
     bytes_t salt;
+    uint8_t idx;
     concatenated_hashes_t hashes;
-    bytes_t pubKey;
-    bool has_signature;
-    bytes_t signature;
+    signer_e signerDiscriminant;
+    bytes_t address;
+    uint32_t pubKeysLen;
+    bytes_t pubKeys;
+    uint32_t signaturesLen;
+    bytes_t indexedSignatures;
 } signature_section_t;
 
 #if(0)
@@ -140,9 +150,11 @@ typedef struct {
 typedef struct {
     uint32_t sectionLen;
     uint32_t extraDataLen;
+    uint32_t signaturesLen;
     section_t code;
     section_t data;
     section_t extraData[MAX_EXTRA_DATA_SECS];
+    signature_section_t signatures[MAX_SIGNATURE_SECS];
 #if(0)
     section_t ciphertext; // todo: if we need to parse this in future, it will not be a section_t
     masp_tx_section_t maspTx;