verifySignature method
Verify the message against the signature.
Implementation
@override
bool verifySignature(Uint8List message, covariant RSASignature signature) {
if (_forSigning) {
throw StateError('Signer was not initialised for signature verification');
}
var hash = Uint8List(_digest.digestSize);
_digest.reset();
_digest.update(message, 0, message.length);
_digest.doFinal(hash, 0);
var sig = Uint8List(_rsa.outputBlockSize);
try {
final len =
_rsa.processBlock(signature.bytes, 0, signature.bytes.length, sig, 0);
sig = sig.sublist(0, len);
} on ArgumentError {
// Signature was tampered with so the RSA 'decrypted' block is totally
// different to the original, causing [PKCS1Encoding._decodeBlock] to
// throw an exception because it does not recognise it.
return false;
}
var expected = _derEncode(hash);
if (sig.length == expected.length) {
for (var i = 0; i < sig.length; i++) {
if (sig[i] != expected[i]) {
return false;
}
}
return true; //return Arrays.constantTimeAreEqual(sig, expected);
} else if (sig.length == expected.length - 2) {
// NULL left out
var sigOffset = sig.length - hash.length - 2;
var expectedOffset = expected.length - hash.length - 2;
expected[1] -= 2; // adjust lengths
expected[3] -= 2;
var nonEqual = 0;
for (var i = 0; i < hash.length; i++) {
nonEqual |= sig[sigOffset + i] ^ expected[expectedOffset + i];
}
for (var i = 0; i < sigOffset; i++) {
nonEqual |= sig[i] ^ expected[i]; // check header less NULL
}
return nonEqual == 0;
} else {
return false;
}
}