The only official sdk available is written in typescript. Using that as reference, we see that the message needs to be bcs encoded before verification.
All the previous answers miss this.
You can take a look at this PR I made to implement the signature verification.