verify function
verify verifies the signature in r, s of hash using the public key, pub. Its return value records whether the signature is valid.
Implementation
bool verify(PublicKey pub, List<int> hash, Signature sig) {
// See [NSA] 3.4.2
var curve = pub.curve;
var byteLen = (curve.bitSize + 7) ~/ 8;
if (sig.R.sign <= 0 || sig.S.sign <= 0) {
return false;
}
if (sig.R >= curve.n || sig.S >= curve.n) {
return false;
}
var e = bitsToInt(hash, curve.n.bitLength);
var w = sig.S.modInverse(curve.n);
var u1 = e * w;
u1 = u1 % curve.n;
var u2 = sig.R * w;
u2 = u2 % curve.n;
// Check if implements S1*g + S2*p
var hexU1 = u1.toRadixString(16).padLeft(byteLen * 2, '0');
var hexU2 = u2.toRadixString(16).padLeft(byteLen * 2, '0');
var p1 = curve.scalarBaseMul(List<int>.generate(hexU1.length ~/ 2,
(i) => int.parse(hexU1.substring(i * 2, i * 2 + 2), radix: 16)));
var p2 = curve.scalarMul(
pub,
List<int>.generate(hexU2.length ~/ 2,
(i) => int.parse(hexU2.substring(i * 2, i * 2 + 2), radix: 16)));
var p = curve.add(p1, p2);
if (p.X.sign == 0 && p.Y.sign == 0) {
return false;
}
p.X = p.X % curve.n;
return p.X == sig.R;
}