verify function
Verify reports whether sig is a valid signature of message by publicKey. It will throw ArgumentError if publicKey.bytes.length is not PublicKeySize.
Implementation
bool verify(PublicKey publicKey, Uint8List message, Uint8List sig) {
if (publicKey.bytes.length != PublicKeySize) {
throw ArgumentError(
'ed25519: bad publicKey length ${publicKey.bytes.length}');
}
if (sig.length != SignatureSize || sig[63] & 224 != 0) {
return false;
}
var A = ExtendedGroupElement();
var publicKeyBytes = Uint8List.fromList(publicKey.bytes);
if (!A.FromBytes(publicKeyBytes)) {
return false;
}
FeNeg(A.X, A.X);
FeNeg(A.T, A.T);
var output = AccumulatorSink<Digest>();
var input = sha512.startChunkedConversion(output);
input.add(sig.sublist(0, 32));
input.add(publicKeyBytes);
input.add(message);
input.close();
var digest = output.events.single.bytes;
var hReduced = Uint8List(32);
ScReduce(hReduced, digest as Uint8List);
var R = ProjectiveGroupElement();
var s = sig.sublist(32);
if (!ScMinimal(s)) {
return false;
}
GeDoubleScalarMultVartime(R, hReduced, A, s);
var checkR = Uint8List(32);
R.ToBytes(checkR);
return ListEquality().equals(sig.sublist(0, 32), checkR);
}