private static BigInteger[] getDoubleP(BigInteger[] bigIntegers, out bool isZero)
{
var x = bigIntegers[0];
var y = bigIntegers[1];
//if ((y%17.IsZero)
//{
// isZero = true;
// return null;
//}
//else
{
var s = ((3 * x * x + Secp256k1.a) * (Inverse.ex_gcd((2 * y) % Secp256k1.p, Secp256k1.p))) % Secp256k1.p;
var Xr = (s * s - 2 * x) % Secp256k1.p;
while (Xr < 0)
{
Xr += Secp256k1.p;
}
//Xr = Xr % p;
var Yr = (s * (x - Xr) - y) % Secp256k1.p;
while (Yr < 0)
{
Yr += Secp256k1.p;
}
isZero = false;
return(new BigInteger[] { Xr, Yr });
}
}
public static BigInteger[] pointPlus(BigInteger[] point_P, BigInteger[] point_Q, out bool isZero)
{
// throw new Exception("");
if (((point_P[0] - point_Q[0]) % Secp256k1.p).IsZero)
{
if ((point_P[1] - point_Q[1] % Secp256k1.p).IsZero)
{
return(getDoubleP(point_P, out isZero));
}
else
{
isZero = true;
return(null);
}
}
else
{
isZero = false;
var s = (point_P[1] - point_Q[1]) * (Inverse.ex_gcd((point_P[0] - point_Q[0] + Secp256k1.p) % Secp256k1.p, Secp256k1.p));
s = s % Secp256k1.p;
if (s < 0)
{
s += Secp256k1.p;
}
var Xr = (s * s - (point_P[0] + point_Q[0])) % Secp256k1.p;
var Yr = (s * (point_P[0] - Xr) - point_P[1]) % Secp256k1.p;
while (Xr < 0)
{
Xr += Secp256k1.p;
}
while (Yr < 0)
{
Yr += Secp256k1.p;
}
return(new BigInteger[] { Xr, Yr });
}
// var s=a[]
//var x = bigIntegers[0];
//var y = bigIntegers[1];
//var s = ((3 * x * x + a) * (ECCMain.Inverse.ex_gcd(2 * y, p))) % p;
//var Xr = (s * s - 2 * x) % p;
//while (Xr < 0)
//{
// Xr += p;
//}
////Xr = Xr % p;
//var Yr = (s * (x - Xr) - y) % p;
//while (Yr < 0)
//{
// Yr += p;
//}
//return new BigInteger[] { Xr, Yr };
}
public static string verify_message(string signature, string message, int addrtype)
{
byte[] sig;
//try
{
sig = Convert.FromBase64String(signature);
}
//catch (err)
//{
// return false;
//}
if (sig.Length != 65)
{
return("Error e");
}
// extract r,s from signature
var r = Bytes32.ConvetToBigInteger(sig.Skip(1).Take(32).ToArray());
var s = Bytes32.ConvetToBigInteger(sig.Skip(33).Take(32).ToArray());
// var s = BigInteger.fromByteArrayUnsigned(sig.slice(33, 33 + 32));
// get recid
// var compressed = false;
var nV = Convert.ToInt32(sig[0]);
if (nV < 27 || nV >= 35)
{
return("Error e");
}
if (nV >= 31)
{
// compressed = true;
nV -= 4;
}
var recid = new BigInteger(nV - 27);
{
//var z = Bytes32.ConvetToBigInteger(hash); ;
//var w = s.ModInverse(Secp256k1.q);
//var u1 = (z * w) % Secp256k1.q;
//var u2 = (r * w) % Secp256k1.q;
//bool isZero;
//var pt = Calculate.pointPlus(Calculate.getPublicByPrivate(u1), Calculate.getMulValue(u2, publicKey), out isZero);// (publicKey.Multiply(u2));
//if (pt == null)
//{
// return false;
//}
//else
//{
// var pmod = pt[0] % Secp256k1.q;
// return pmod == r;
//}
}
//var ecparams = getSECCurveByName("secp256k1");
//var curve = ecparams.getCurve();
//var a = curve.getA().toBigInteger();
//var b = curve.getB().toBigInteger();
//var p = curve.getQ();
//var G = ecparams.getG();
//var order = ecparams.getN();
//var x = r.add(order.multiply(recid.divide(BigInteger.valueOf(2))));
var x = recid / 2 * Secp256k1.q + r;
//Calculate.getMulValue(,recid / 2);
// var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p);
var alpha = (x * x * x + Secp256k1.a * x + Secp256k1.b) % Secp256k1.p;
//var beta = alpha.modPow(p.add(BigInteger.ONE).divide(BigInteger.valueOf(4)), p);
var beta = BigInteger.ModPow(alpha, (Secp256k1.p + 1) / 4, Secp256k1.p);//Calculate.Pow((Secp256k1.p + 1) / 4, alpha);
var y = (beta - recid).IsEven ? beta : (Secp256k1.p - beta);
//var y = beta.subtract(recid).isEven() ? beta : p.subtract(beta);
// var R = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y));
// var e = BigInteger.fromByteArrayUnsigned(msg_digest(message));
var e = Bytes32.ConvetToBigInteger(msg_digest(message));
// var minus_e = BigInteger.Negate(e)+ % Secp256k1.q;
var minus_e = ((Secp256k1.q - e) % Secp256k1.q + Secp256k1.q) % Secp256k1.q;
var inv_r = Inverse.ex_gcd(r, Secp256k1.q);////BigInteger.mo r.modInverse(order);
//var Q = (R.multiply(s).add(G.multiply(minus_e))).multiply(inv_r);
bool isZero;
var Q__ = Calculate.pointPlus(Calculate.getMulValue(s, new BigInteger[] { x, y }),
Calculate.getPublicByPrivate(minus_e), out isZero);
if (isZero)
{
return("Error e");
}
else
{
var Q = Calculate.getMulValue(inv_r, Q__);
var public_key = PublicKeyF.GetAddressOfcompressed(Q);
if (addrtype == 0)
{
return(PublicKeyF.GetAddressOfUncompressed(Q));
}
else if (addrtype == 1)
{
return(PublicKeyF.GetAddressOfcompressed(Q));
}
else
{
return("Error e");
}
}
}
public static bool checkSign(string signature, string message, string address)
{
byte[] sig;
{
sig = Convert.FromBase64String(signature);
}
if (sig.Length != 65)
{
return(false);
}
// extract r,s from signature
var r = Bytes32.ConvetToBigInteger(sig.Skip(1).Take(32).ToArray());
var s = Bytes32.ConvetToBigInteger(sig.Skip(33).Take(32).ToArray());
// var s = BigInteger.fromByteArrayUnsigned(sig.slice(33, 33 + 32));
// get recid
var compressed = false;
var nV = Convert.ToInt32(sig[0]);
if (nV < 27 || nV >= 35)
{
return(false);
}
if (nV >= 31)
{
compressed = true;
nV -= 4;
}
var recid = new BigInteger(nV - 27);
//var ecparams = getSECCurveByName("secp256k1");
//var curve = ecparams.getCurve();
//var a = curve.getA().toBigInteger();
//var b = curve.getB().toBigInteger();
//var p = curve.getQ();
//var G = ecparams.getG();
//var order = ecparams.getN();
//var x = r.add(order.multiply(recid.divide(BigInteger.valueOf(2))));
var x = recid / 2 * Secp256k1.q + r;
//Calculate.getMulValue(,recid / 2);
// var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p);
var alpha = (x * x * x + Secp256k1.a * x + Secp256k1.b) % Secp256k1.p;
//var beta = alpha.modPow(p.add(BigInteger.ONE).divide(BigInteger.valueOf(4)), p);
var beta = BigInteger.ModPow(alpha, (Secp256k1.p + 1) / 4, Secp256k1.p);//Calculate.Pow((Secp256k1.p + 1) / 4, alpha);
var y = (beta - recid).IsEven ? beta : (Secp256k1.p - beta);
//var y = beta.subtract(recid).isEven() ? beta : p.subtract(beta);
// var R = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y));
// var e = BigInteger.fromByteArrayUnsigned(msg_digest(message));
var e = Bytes32.ConvetToBigInteger(msg_digest(message));
// var minus_e = BigInteger.Negate(e)+ % Secp256k1.q;
var minus_e = ((Secp256k1.q - e) % Secp256k1.q + Secp256k1.q) % Secp256k1.q;
var inv_r = Inverse.ex_gcd(r, Secp256k1.q);////BigInteger.mo r.modInverse(order);
//var Q = (R.multiply(s).add(G.multiply(minus_e))).multiply(inv_r);
bool isZero;
var Q__ = Calculate.pointPlus(Calculate.getMulValue(s, new BigInteger[] { x, y }),
Calculate.getPublicByPrivate(minus_e), out isZero);
if (isZero)
{
return(false);
}
else
{
var Q = Calculate.getMulValue(inv_r, Q__);
// var public_key = PublicKeyF.GetAddressOfcompressed(Q);
if (compressed)
{
var compressedAdress = PublicKeyF.GetAddressOfcompressed(Q);
Console.WriteLine($"compressed Adress:{compressedAdress}");
return(compressedAdress == address);
}
else
{
var unCompressedAdress = PublicKeyF.GetAddressOfUncompressed(Q);
Console.WriteLine($"uncompressed adress:{unCompressedAdress}");
return(unCompressedAdress == address);
}
}
}