extractSalt method

String extractSalt(
  1. RSAPublicKey key,
  2. dynamic signature
)

Implementation

String extractSalt(
    RSAPublicKey key,
    /* String | List<int> | BigInt */ signature) {
  final hashLength = hasher.convert([0]).bytes.length;

  final em = key.engine.unsign(signature);

  if (em.length < hashLength + saltLength + 2) {
    throw Exception('inconsistent. encoded message length small');
  }

  if (em.last != 0xbc) {
    throw Exception('inconsistent. bc octet not found in encoded message');
  }

  final maskedDb = em.take(key.blockSize - hashLength - 1);
  final h = em.skip(key.blockSize - hashLength - 1).take(hashLength);

  final dbMask = mgf.encode(maskedDb.length, h);

  final db = ListOps.xor(maskedDb, dbMask);

  int emDiff = (8 * key.blockSize) - key.bitSize;
  if (emDiff < 0) {
    throw Exception();
  } else if (emDiff > 7) {
    throw Exception();
  }

  db[0] &= (1 << emDiff) - 1;

  final ps = db.take(key.blockSize - hashLength - saltLength - 2);
  if (ps.any((element) => element != 0)) {
    throw Exception('inconsistent. invalid ps');
  }
  if (db.skip(key.blockSize - hashLength - saltLength - 2).first != 0x01) {
    throw Exception('inconsistent');
  }

  final salt = db.skip(key.blockSize - hashLength - saltLength - 1).toList();

  return base64Encode(salt);
}