[neox-2.x] add interop services

neo.UnitTests/UT_ECDsa.cs

@@ -0,0 +1,62 @@
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using System.Security.Cryptography;
+using System.Numerics;
+
+namespace Neo.Cryptography.ECC.Tests
+{
+    [TestClass()]
+    public class UT_ECDsa
+    {
+        private ECDsa ecdsa;
+
+        public static byte[] generatekey(int privateKeyLength)
+        {
+            byte[] privateKey = new byte[privateKeyLength];
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+            {
+                rng.GetBytes(privateKey);
+            }
+            return privateKey;
+        }
+
+        [TestMethod()]
+        public void KeyRecoverTest()
+        {
+            byte[] privateKey = generatekey(32);
+            ECPoint publickey = ECCurve.Secp256k1.G * privateKey;
+            ecdsa = new ECDsa(privateKey, ECCurve.Secp256k1);
+            byte[] message = System.Text.Encoding.Default.GetBytes("HelloWorld");
+            BigInteger[] signatures = ecdsa.GenerateSignature(message);
+            BigInteger r = signatures[0];
+            BigInteger s = signatures[1];
+            bool v;
+            if (signatures[2] == 0)
+            {
+                v = true;
+            }
+            else
+            {
+                v = false;
+            }
+            ECPoint recoverKey = ECDsa.KeyRecover(ECCurve.Secp256k1, r, s, message, v, true);
+            Assert.IsTrue(recoverKey.Equals(publickey));
+            //wrong key part
+            r = new System.Numerics.BigInteger(generatekey(32));
+            try
+            {
+                recoverKey = ECDsa.KeyRecover(ECCurve.Secp256k1, r, signatures[1], message, true, true);
+                Assert.IsFalse(recoverKey.Equals(publickey));
+            }
+            //wrong key may cause exception in decompresspoint
+            catch { }
+            s = new System.Numerics.BigInteger(generatekey(32));
+            try
+            {
+                recoverKey = ECDsa.KeyRecover(ECCurve.Secp256k1, signatures[0], s, message, true, true);
+                Assert.IsFalse(recoverKey.Equals(publickey));
+            }
+            //wrong key may cause exception in decompresspoint
+            catch { }
+        }
+    }
+}

neo.UnitTests/UT_Helper.cs

@@ -1,8 +1,12 @@
-using FluentAssertions;
+using System.Numerics;
+using System.Globalization;
+using FluentAssertions;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Neo.Network.P2P;
 using Neo.SmartContract;
+using Neo.Cryptography;
 using Neo.Wallets;
+using Neo.Cryptography.ECC;
 
 namespace Neo.UnitTests
 {
@@ -38,5 +42,14 @@ public void ToScriptHash()
             res.Should().Be(UInt160.Parse("2d3b96ae1bcc5a585e075e3b81920210dec16302"));
         }
 
+        [TestMethod()]
+        public void Keccak256Test()
+        {
+            byte[] messageA = System.Text.Encoding.Default.GetBytes("HelloWorld");
+            byte[] messageB = System.Text.Encoding.Default.GetBytes("HiWorld");
+            Assert.IsFalse(messageA.Keccak256().Equals(messageB.Keccak256()));
+            Assert.IsTrue(messageA.Keccak256().Length == 32 && messageB.Keccak256().Length == 32);
+            Assert.IsTrue(messageA.Keccak256().ToHexString() == "7c5ea36004851c764c44143b1dcb59679b11c9a68e5f41497f6cf3d480715331");
+        }
     }
 }

neo/Cryptography/ECC/ECDsa.cs

@@ -39,7 +39,7 @@ public BigInteger[] GenerateSignature(byte[] message)
             if (privateKey == null) throw new InvalidOperationException();
             BigInteger e = CalculateE(curve.N, message);
             BigInteger d = new BigInteger(privateKey.Reverse().Concat(new byte[1]).ToArray());
-            BigInteger r, s;
+            BigInteger r, s, id;
             using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 do
@@ -53,6 +53,7 @@ public BigInteger[] GenerateSignature(byte[] message)
                         }
                         while (k.Sign == 0 || k.CompareTo(curve.N) >= 0);
                         ECPoint p = ECPoint.Multiply(curve.G, k);
+                        id = p.Y.Value & 1;
                         BigInteger x = p.X.Value;
                         r = x.Mod(curve.N);
                     }
@@ -61,11 +62,12 @@ public BigInteger[] GenerateSignature(byte[] message)
                     if (s > curve.N / 2)
                     {
                         s = curve.N - s;
+                        id = id ^ 1;
                     }
                 }
                 while (s.Sign == 0);
             }
-            return new BigInteger[] { r, s };
+            return new BigInteger[] { r, s, id };
         }
 
         private static ECPoint SumOfTwoMultiplies(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
@@ -104,5 +106,51 @@ public bool VerifySignature(byte[] message, BigInteger r, BigInteger s)
             BigInteger v = point.X.Value.Mod(curve.N);
             return v.Equals(r);
         }
+
+        public static ECPoint KeyRecover(ECCurve curve, BigInteger r, BigInteger s, byte[] msg, bool IsEven, bool doChecks)
+        {
+            // calculate h
+            BigInteger h = (curve.Q + 1 + 2 * (BigInteger)Math.Sqrt((double)curve.Q)) / curve.N;
+            BigInteger e;
+            ECPoint Q = new ECPoint();
+            int messageBitLength;
+
+            for (int j = 0; j <= h; j++)
+            {
+                // step 1.1 x = (n * i) + r
+                BigInteger Rx = curve.N * j + r;
+                if (Rx > curve.Q) break;
+
+                // step 1.2 and 1.3 get point R
+                ECPoint R;
+                if (IsEven)
+                {
+                    R = ECPoint.DecompressPoint(0, Rx, curve);
+                }
+                else
+                {
+                    R = ECPoint.DecompressPoint(1, Rx, curve);
+                }
+                if (doChecks)
+                {
+                    if (ECPoint.Multiply(R, curve.N) != curve.Infinity)
+                        continue;
+                }
+
+                // step 1.5 compute e
+                messageBitLength = msg.Length * 8;
+                e = new BigInteger(msg.Reverse().Concat(new byte[1]).ToArray());
+                if (curve.N.GetBitLength() < messageBitLength)
+                {
+                    e >>= messageBitLength - curve.N.GetBitLength();
+                }
+
+                // step 1.6 Q = r^-1 (sR-eG)
+                BigInteger invr = r.ModInverse(curve.N);
+                ECPoint t0 = ECPoint.Multiply(R, s) - ECPoint.Multiply(curve.G, e);
+                Q = ECPoint.Multiply(t0, invr);
+            }
+            return Q;
+        }
     }
 }

neo/Cryptography/ECC/ECPoint.cs

@@ -81,7 +81,7 @@ public static ECPoint DecodePoint(byte[] encoded, ECCurve curve)
             return p;
         }
 
-        private static ECPoint DecompressPoint(int yTilde, BigInteger X1, ECCurve curve)
+        public static ECPoint DecompressPoint(int yTilde, BigInteger X1, ECCurve curve)
         {
             ECFieldElement x = new ECFieldElement(X1, curve);
             ECFieldElement alpha = x * (x.Square() + curve.A) + curve.B;

neo/Cryptography/Helper.cs

@@ -1,5 +1,6 @@
 using Neo.IO;
 using Neo.Network.P2P.Payloads;
+using Org.BouncyCastle.Crypto.Digests;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -91,6 +92,15 @@ public static string Base58CheckEncode(this byte[] data)
             return Base58.Encode(buffer);
         }
 
+        public static byte[] Keccak256(this byte[] value)
+        {
+            var digest = new KeccakDigest(256);
+            byte[] hash = new byte[digest.GetDigestSize()];
+            digest.BlockUpdate(value, 0, value.Length);
+            digest.DoFinal(hash, 0);
+            return hash;
+        }
+
         public static byte[] RIPEMD160(this IEnumerable<byte> value)
         {
             return _ripemd160.Value.ComputeHash(value.ToArray());

neo/SmartContract/NeoService.cs

@@ -1,5 +1,7 @@
-using Neo.Cryptography.ECC;
+using Neo.Cryptography;
+using Neo.Cryptography.ECC;
 using Neo.Ledger;
+using Neo.Network.P2P;
 using Neo.Network.P2P.Payloads;
 using Neo.Persistence;
 using Neo.SmartContract.Enumerators;
@@ -99,6 +101,8 @@ public NeoService(TriggerType trigger, Snapshot snapshot)
             Register("Neo.Iterator.Keys", Iterator_Keys, 1);
             Register("Neo.Iterator.Values", Iterator_Values, 1);
             Register("Neo.Iterator.Concat", Iterator_Concat, 1);
+            Register("Neo.Cryptography.Keccak256", Keccak256, 1);
+            Register("Neo.Cryptography.Ecrecover", Ecrecover, 1);
 
             #region Aliases
             Register("Neo.Iterator.Next", Enumerator_Next, 1);
@@ -165,6 +169,36 @@ public NeoService(TriggerType trigger, Snapshot snapshot)
             #endregion
         }
 
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="engine">r, s, v, messageHash</param>
+        /// <returns></returns>
+        private bool Ecrecover(ExecutionEngine engine)
+        {
+            var r = new System.Numerics.BigInteger(engine.CurrentContext.EvaluationStack.Pop().GetByteArray().Reverse().Concat(new byte[1]).ToArray());
+            var s = new System.Numerics.BigInteger(engine.CurrentContext.EvaluationStack.Pop().GetByteArray().Reverse().Concat(new byte[1]).ToArray());
+            bool v = engine.CurrentContext.EvaluationStack.Pop().GetBoolean();
+            byte[] messageHash = engine.CurrentContext.EvaluationStack.Pop().GetByteArray();
+            try
+            {
+                ECPoint point = ECDsa.KeyRecover(ECCurve.Secp256k1, r, s, messageHash, v, true);
+                engine.CurrentContext.EvaluationStack.Push(point.EncodePoint(false).Skip(1).ToArray());
+            }
+            catch
+            {
+                engine.CurrentContext.EvaluationStack.Push(new byte[] { 0x00 });
+            }
+            return true;
+        }
+
+        private bool Keccak256(ExecutionEngine engine)
+        {
+            var message = engine.CurrentContext.EvaluationStack.Pop().GetByteArray();
+            engine.CurrentContext.EvaluationStack.Push(message.Keccak256());
+            return true;
+        }
+
         private bool Blockchain_GetAccount(ExecutionEngine engine)
         {
             UInt160 hash = new UInt160(engine.CurrentContext.EvaluationStack.Pop().GetByteArray());

neo/SmartContract/StandardService.cs

@@ -1,4 +1,5 @@
-using Neo.Cryptography.ECC;
+using Neo.Cryptography;
+using Neo.Cryptography.ECC;
 using Neo.IO;
 using Neo.Ledger;
 using Neo.Network.P2P.Payloads;

neo/neo.csproj

@@ -22,6 +22,7 @@
 
   <ItemGroup>
     <PackageReference Include="Akka" Version="1.3.11" />
+    <PackageReference Include="BouncyCastle.NetCore" Version="1.8.5" />
     <PackageReference Include="Microsoft.AspNetCore.ResponseCompression" Version="2.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="2.2.0" />