add secp256k1 + keccak256 to signature verification.

src/Neo/Cryptography/Crypto.cs

@@ -28,6 +28,7 @@ public static class Crypto
         private static readonly bool IsOSX = RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
         private static readonly ECCurve secP256k1 = ECCurve.CreateFromFriendlyName("secP256k1");
         private static readonly X9ECParameters bouncySecp256k1 = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
+        private static readonly X9ECParameters bouncySecp256r1 = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256r1");
 
         /// <summary>
         /// Calculates the 160-bit hash value of the specified message.
@@ -55,17 +56,30 @@ public static byte[] Hash256(ReadOnlySpan<byte> message)
         /// <param name="message">The message to be signed.</param>
         /// <param name="priKey">The private key to be used.</param>
         /// <param name="ecCurve">The <see cref="ECC.ECCurve"/> curve of the signature, default is <see cref="ECC.ECCurve.Secp256r1"/>.</param>
+        /// <param name="hasher">The hash algorithm of the signature, SHA256 by default</param>
         /// <returns>The ECDSA signature for the specified message.</returns>
-        public static byte[] Sign(byte[] message, byte[] priKey, ECC.ECCurve ecCurve = null)
+        public static byte[] Sign(byte[] message, byte[] priKey, ECC.ECCurve ecCurve = null, Hasher hasher = Hasher.SHA256)
         {
-            if (IsOSX && ecCurve == ECC.ECCurve.Secp256k1)
+            if (hasher == Hasher.Keccak256 || (IsOSX && ecCurve == ECC.ECCurve.Secp256k1))
             {
-                var domain = new ECDomainParameters(bouncySecp256k1.Curve, bouncySecp256k1.G, bouncySecp256k1.N, bouncySecp256k1.H);
+                ECDomainParameters domain;
+                if (ecCurve == ECC.ECCurve.Secp256k1)
+                {
+                    domain = new ECDomainParameters(bouncySecp256k1.Curve, bouncySecp256k1.G, bouncySecp256k1.N, bouncySecp256k1.H);
+                }
+                else if (ecCurve == ECC.ECCurve.Secp256r1)
+                {
+                    domain = new ECDomainParameters(bouncySecp256r1.Curve, bouncySecp256r1.G, bouncySecp256r1.N, bouncySecp256r1.H);
+                }
+                else
+                {
+                    throw new ArgumentException("Unsupported curve", nameof(ecCurve));
+                }
                 var signer = new Org.BouncyCastle.Crypto.Signers.ECDsaSigner();
                 var privateKey = new BigInteger(1, priKey);
                 var priKeyParameters = new ECPrivateKeyParameters(privateKey, domain);
                 signer.Init(true, priKeyParameters);
-                var signature = signer.GenerateSignature(message.Sha256());
+                var signature = signer.GenerateSignature(hasher == Hasher.SHA256 ? message.Sha256() : message.Keccak256());
 
                 var signatureBytes = new byte[64];
                 var rBytes = signature[0].ToByteArrayUnsigned();
@@ -96,15 +110,33 @@ public static byte[] Sign(byte[] message, byte[] priKey, ECC.ECCurve ecCurve = n
         /// <param name="message">The signed message.</param>
         /// <param name="signature">The signature to be verified.</param>
         /// <param name="pubkey">The public key to be used.</param>
+        /// <param name="hasher">The hash algorithm to be used.</param>
         /// <returns><see langword="true"/> if the signature is valid; otherwise, <see langword="false"/>.</returns>
-        public static bool VerifySignature(ReadOnlySpan<byte> message, ReadOnlySpan<byte> signature, ECC.ECPoint pubkey)
+        public static bool VerifySignature(ReadOnlySpan<byte> message, ReadOnlySpan<byte> signature, ECC.ECPoint pubkey, Hasher hasher = Hasher.SHA256)
         {
             if (signature.Length != 64) return false;
 
-            if (IsOSX && pubkey.Curve == ECC.ECCurve.Secp256k1)
+            if (hasher == Hasher.Keccak256 || (IsOSX && pubkey.Curve == ECC.ECCurve.Secp256k1))
             {
-                var domain = new ECDomainParameters(bouncySecp256k1.Curve, bouncySecp256k1.G, bouncySecp256k1.N, bouncySecp256k1.H);
-                var point = bouncySecp256k1.Curve.CreatePoint(
+                ECDomainParameters domain;
+                X9ECParameters curve;
+
+                if (pubkey.Curve == ECC.ECCurve.Secp256k1)
+                {
+                    domain = new ECDomainParameters(bouncySecp256k1.Curve, bouncySecp256k1.G, bouncySecp256k1.N, bouncySecp256k1.H);
+                    curve = bouncySecp256k1;
+                }
+                else if (pubkey.Curve == ECC.ECCurve.Secp256r1)
+                {
+                    domain = new ECDomainParameters(bouncySecp256r1.Curve, bouncySecp256r1.G, bouncySecp256r1.N, bouncySecp256r1.H);
+                    curve = bouncySecp256r1;
+                }
+                else
+                {
+                    throw new ArgumentException("Unsupported curve", nameof(pubkey.Curve));
+                }
+
+                var point = curve.Curve.CreatePoint(
                     new BigInteger(pubkey.X.Value.ToString()),
                     new BigInteger(pubkey.Y.Value.ToString()));
                 var pubKey = new ECPublicKeyParameters("ECDSA", point, domain);
@@ -115,7 +147,12 @@ public static bool VerifySignature(ReadOnlySpan<byte> message, ReadOnlySpan<byte
                 var r = new BigInteger(1, sig, 0, 32);
                 var s = new BigInteger(1, sig, 32, 32);
 
-                return signer.VerifySignature(message.Sha256(), r, s);
+                return hasher switch
+                {
+                    Hasher.SHA256 => signer.VerifySignature(message.Sha256(), r, s),
+                    Hasher.Keccak256 => signer.VerifySignature(message.Keccak256(), r, s),
+                    _ => throw new ArgumentOutOfRangeException(nameof(hasher), hasher, "Invalid hasher")
+                };
             }
 
             var ecdsa = CreateECDsa(pubkey);
@@ -159,10 +196,11 @@ public static ECDsa CreateECDsa(ECC.ECPoint pubkey)
         /// <param name="signature">The signature to be verified.</param>
         /// <param name="pubkey">The public key to be used.</param>
         /// <param name="curve">The curve to be used by the ECDSA algorithm.</param>
+        /// <param name="hasher">The hash algorithm to be used.</param>
         /// <returns><see langword="true"/> if the signature is valid; otherwise, <see langword="false"/>.</returns>
-        public static bool VerifySignature(ReadOnlySpan<byte> message, ReadOnlySpan<byte> signature, ReadOnlySpan<byte> pubkey, ECC.ECCurve curve)
+        public static bool VerifySignature(ReadOnlySpan<byte> message, ReadOnlySpan<byte> signature, ReadOnlySpan<byte> pubkey, ECC.ECCurve curve, Hasher hasher = Hasher.SHA256)
         {
-            return VerifySignature(message, signature, ECC.ECPoint.DecodePoint(pubkey, curve));
+            return VerifySignature(message, signature, ECC.ECPoint.DecodePoint(pubkey, curve), hasher);
         }
     }
 }

src/Neo/Cryptography/Hasher.cs

@@ -0,0 +1,18 @@
+// Copyright (C) 2015-2024 The Neo Project.
+//
+// Hasher.cs file belongs to the neo project and is free
+// software distributed under the MIT software license, see the
+// accompanying file LICENSE in the main directory of the
+// repository or http://www.opensource.org/licenses/mit-license.php
+// for more details.
+//
+// Redistribution and use in source and binary forms with or without
+// modifications are permitted.
+
+namespace Neo.Cryptography;
+
+public enum Hasher : byte
+{
+    SHA256 = 0x00,
+    Keccak256 = 0x01,
+}

src/Neo/Cryptography/Helper.cs

@@ -12,6 +12,7 @@
 using Neo.IO;
 using Neo.Network.P2P.Payloads;
 using Neo.Wallets;
+using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Crypto.Modes;
 using Org.BouncyCastle.Crypto.Parameters;
@@ -153,6 +154,25 @@ public static byte[] Sha256(this Span<byte> value)
             return Sha256((ReadOnlySpan<byte>)value);
         }
 
+        public static byte[] Keccak256(this byte[] value)
+        {
+            KeccakDigest keccak = new(256);
+            keccak.BlockUpdate(value, 0, value.Length);
+            byte[] result = new byte[keccak.GetDigestSize()];
+            keccak.DoFinal(result, 0);
+            return result;
+        }
+
+        public static byte[] Keccak256(this ReadOnlySpan<byte> value)
+        {
+            return Keccak256(value.ToArray());
+        }
+
+        public static byte[] Keccak256(this Span<byte> value)
+        {
+            return Keccak256(value.ToArray());
+        }
+
         public static byte[] AES256Encrypt(this byte[] plainData, byte[] key, byte[] nonce, byte[] associatedData = null)
         {
             if (nonce.Length != 12) throw new ArgumentOutOfRangeException(nameof(nonce));

src/Neo/Network/P2P/Payloads/Transaction.cs

@@ -379,11 +379,11 @@
             uint execFeeFactor = NativeContract.Policy.GetExecFeeFactor(snapshot);
             for (int i = 0; i < hashes.Length; i++)
             {
-                if (IsSignatureContract(witnesses[i].VerificationScript.Span))
-                    net_fee -= execFeeFactor * SignatureContractCost();
-                else if (IsMultiSigContract(witnesses[i].VerificationScript.Span, out int m, out int n))
+                if (IsSignatureContract(witnesses[i].VerificationScript.Span, out bool? isV2, out _, out _))
+                    net_fee -= execFeeFactor * SignatureContractCost(isV2.Value);
+                else if (IsMultiSigContract(witnesses[i].VerificationScript.Span, out int m, out int n, out isV2))
                 {
-                    net_fee -= execFeeFactor * MultiSignatureContractCost(m, n);
+                    net_fee -= execFeeFactor * MultiSignatureContractCost(m, n, isV2.Value);
                 }
                 else
                 {
@@ -415,21 +415,21 @@
             UInt160[] hashes = GetScriptHashesForVerifying(null);
             for (int i = 0; i < hashes.Length; i++)
             {
-                if (IsSignatureContract(witnesses[i].VerificationScript.Span))
+                if (IsSignatureContract(witnesses[i].VerificationScript.Span, out bool? isV2, out ECCurve? curve, out Hasher? hasher))
                 {
                     if (hashes[i] != witnesses[i].ScriptHash) return VerifyResult.Invalid;
-                    var pubkey = witnesses[i].VerificationScript.Span[2..35];
+                    var pubkey = isV2.Value ? witnesses[i].VerificationScript.Span[4..37] : witnesses[i].VerificationScript.Span[2..35];
                     try
                     {
-                        if (!Crypto.VerifySignature(this.GetSignData(settings.Network), witnesses[i].InvocationScript.Span[2..], pubkey, ECCurve.Secp256r1))
+                        if (!Crypto.VerifySignature(this.GetSignData(settings.Network), witnesses[i].InvocationScript.Span[2..], pubkey, curve, hasher.Value))
                             return VerifyResult.InvalidSignature;
                     }
                     catch
                     {
                         return VerifyResult.Invalid;
                     }
                 }
-                else if (IsMultiSigContract(witnesses[i].VerificationScript.Span, out var m, out ECPoint[] points))
+                else if (IsMultiSigContract(witnesses[i].VerificationScript.Span, out var m, out ECPoint[] points, out isV2, out curve, out hasher))
                 {
                     if (hashes[i] != witnesses[i].ScriptHash) return VerifyResult.Invalid;
                     var signatures = GetMultiSignatures(witnesses[i].InvocationScript);

src/Neo/SmartContract/ApplicationEngine.Crypto.cs

@@ -13,11 +13,17 @@
 using Neo.Cryptography.ECC;
 using Neo.Network.P2P;
 using System;
+using System.Collections.Generic;
 
 namespace Neo.SmartContract
 {
     partial class ApplicationEngine
     {
+        protected internal readonly static Dictionary<byte, ECCurve> ECCurveSelection = new(){
+            { 0x00, ECCurve.Secp256r1 },
+            { 0x01, ECCurve.Secp256k1 },
+        };
+
         /// <summary>
         /// The price of System.Crypto.CheckSig.
         /// </summary>
@@ -29,12 +35,24 @@ partial class ApplicationEngine
         /// </summary>
         public static readonly InteropDescriptor System_Crypto_CheckSig = Register("System.Crypto.CheckSig", nameof(CheckSig), CheckSigPrice, CallFlags.None);
 
+        /// <summary>
+        /// The <see cref="InteropDescriptor"/> of System.Crypto.CheckSigV2.
+        /// Checks the signature (secp256k1, secp256r1, or other curve) for the current script container.
+        /// </summary>
+        public static readonly InteropDescriptor System_Crypto_CheckSigV2 = Register("System.Crypto.CheckSigV2", nameof(CheckSigV2), CheckSigPrice, CallFlags.None);
+
         /// <summary>
         /// The <see cref="InteropDescriptor"/> of System.Crypto.CheckMultisig.
         /// Checks the signatures for the current script container.
         /// </summary>
         public static readonly InteropDescriptor System_Crypto_CheckMultisig = Register("System.Crypto.CheckMultisig", nameof(CheckMultisig), 0, CallFlags.None);
 
+        /// <summary>
+        /// The <see cref="InteropDescriptor"/> of System.Crypto.CheckMultisigV2.
+        /// Checks the signatures (secp256k1, secp256r1, or other curve) for the current script container.
+        /// </summary>
+        public static readonly InteropDescriptor System_Crypto_CheckMultisigV2 = Register("System.Crypto.CheckMultisigV2", nameof(CheckMultisigV2), 0, CallFlags.None);
+
         /// <summary>
         /// The implementation of System.Crypto.CheckSig.
         /// Checks the signature for the current script container.
@@ -54,6 +72,32 @@ protected internal bool CheckSig(byte[] pubkey, byte[] signature)
             }
         }
 
+        /// <summary>
+        /// This is a new version check signature method that allows for different curves and hashers.
+        /// </summary>
+        /// <param name="eccurve">The ec curve</param>
+        /// <param name="hash">The hash algorithm to get the hash of the message.</param>
+        /// <param name="pubkey">The public key.</param>
+        /// <param name="signature">The signature of the message.</param>
+        /// <returns>The signature is valid or not.</returns>
+        /// <exception cref="ArgumentOutOfRangeException">Throw if the given hash algorithm or ec curve is not defined.</exception>
+        protected internal bool CheckSigV2(byte eccurve, byte hash, byte[] pubkey, byte[] signature)
+        {
+            try
+            {
+                if (!Enum.IsDefined(typeof(Hasher), hash))
+                    throw new ArgumentOutOfRangeException("Invalid hasher");
+                Hasher hasher = (Hasher)hash;
+                if (!ECCurveSelection.TryGetValue(eccurve, out ECCurve curve))
+                    throw new ArgumentOutOfRangeException("Invalid EC curve");
+                return Crypto.VerifySignature(ScriptContainer.GetSignData(ProtocolSettings.Network), signature, pubkey, curve, hasher);
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+        }
+
         /// <summary>
         /// The implementation of System.Crypto.CheckMultisig.
         /// Checks the signatures for the current script container.
@@ -84,5 +128,44 @@ protected internal bool CheckMultisig(byte[][] pubkeys, byte[][] signatures)
             }
             return true;
         }
+
+        /// <summary>
+        /// This is a new version check multisig method that allows for different curves and hashers.
+        /// </summary>
+        /// <param name="eccurve">The ec curve</param>
+        /// <param name="hash">The hash algorithm to get the hash of the message.</param>
+        /// <param name="pubkeys">The public keys.</param>
+        /// <param name="signatures">The signatures of the message.</param>
+        /// <returns>The signature is valid or not.</returns>
+        /// <exception cref="ArgumentOutOfRangeException">Throw if the given hash algorithm or ec curve is not defined.</exception>
+        protected internal bool CheckMultisigV2(byte eccurve, byte hash, byte[][] pubkeys, byte[][] signatures)
+        {
+            byte[] message = ScriptContainer.GetSignData(ProtocolSettings.Network);
+            int m = signatures.Length, n = pubkeys.Length;
+            if (n == 0 || m == 0 || m > n) throw new ArgumentException();
+            AddGas(CheckSigPrice * n * ExecFeeFactor);
+            try
+            {
+                if (!Enum.IsDefined(typeof(Hasher), hash))
+                    throw new ArgumentOutOfRangeException("Invalid hasher");
+                Hasher hasher = (Hasher)hash;
+                if (!ECCurveSelection.TryGetValue(eccurve, out ECCurve curve))
+                    throw new ArgumentOutOfRangeException("Invalid EC curve");
+
+                for (int i = 0, j = 0; i < m && j < n;)
+                {
+                    if (Crypto.VerifySignature(message, signatures[i], pubkeys[j], curve, hasher))
+                        i++;
+                    j++;
+                    if (m - i > n - j)
+                        return false;
+                }
+            }
+            catch (ArgumentException)
+            {
+                return false;
+            }
+            return true;
+        }
     }
 }