Implement VerifySignedData() for ECDSA, RSA PKCS#1 and RSA PSS.

The implementation is specifically for BoringSSL.

BUG=410574

Review URL: https://codereview.chromium.org/1209283004

Cr-Commit-Position: refs/heads/master@{#340633}

34 files changed, 2309 insertions, 0 deletions

diff --git a/net/cert/internal/verify_signed_data.cc b/net/cert/internal/verify_signed_data.cc
new file mode 100644
index 0000000..fd68328
--- /dev/null
+++ b/net/cert/internal/verify_signed_data.cc
@@ -0,0 +1,318 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/verify_signed_data.h"
+
+#include "base/logging.h"
+
+// TODO(eroman): There is no intention to implement this for non-OpenSSL. Remove
+// this branch once the migration is complete. This could have been done as a
+// conditional file (_openssl.cc) in the build file instead, but that is likely
+// not worth the effort at this point.
+
+#if !defined(USE_OPENSSL)
+
+namespace net {
+
+bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
+                      const der::Input& signed_data,
+                      const der::Input& signature_value_bit_string,
+                      const der::Input& public_key) {
+  NOTIMPLEMENTED();
+  return false;
+}
+
+}  // namespace net
+
+#else
+
+#include <openssl/digest.h>
+#include <openssl/ec.h>
+#include <openssl/ec_key.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+
+#include "base/compiler_specific.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "net/cert/internal/signature_algorithm.h"
+#include "net/der/input.h"
+#include "net/der/parser.h"
+
+namespace net {
+
+namespace {
+
+// Converts a DigestAlgorithm to an equivalent EVP_MD*.
+WARN_UNUSED_RESULT bool GetDigest(DigestAlgorithm digest, const EVP_MD** out) {
+  *out = nullptr;
+
+  switch (digest) {
+    case DigestAlgorithm::Sha1:
+      *out = EVP_sha1();
+      break;
+    case DigestAlgorithm::Sha256:
+      *out = EVP_sha256();
+      break;
+    case DigestAlgorithm::Sha384:
+      *out = EVP_sha384();
+      break;
+    case DigestAlgorithm::Sha512:
+      *out = EVP_sha512();
+      break;
+  }
+
+  return *out != nullptr;
+}
+
+// Sets the RSASSA-PSS parameters on |pctx|. Returns true on success.
+WARN_UNUSED_RESULT bool ApplyRsaPssOptions(const RsaPssParameters* params,
+                                           EVP_PKEY_CTX* pctx) {
+  // BoringSSL takes a signed int for the salt length, and interprets
+  // negative values in a special manner. Make sure not to silently underflow.
+  base::CheckedNumeric<int> salt_length_bytes_int(params->salt_length());
+  if (!salt_length_bytes_int.IsValid())
+    return false;
+
+  const EVP_MD* mgf1_hash;
+  if (!GetDigest(params->mgf1_hash(), &mgf1_hash))
+    return false;
+
+  return EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) &&
+         EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1_hash) &&
+         EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                          salt_length_bytes_int.ValueOrDie());
+}
+
+// TODO(eroman): This function is not strict enough. It accepts BER, other RSA
+// OIDs, and does not check id-rsaEncryption parameters.
+WARN_UNUSED_RESULT bool ImportPkeyFromSpki(const der::Input& spki,
+                                           int expected_pkey_id,
+                                           crypto::ScopedEVP_PKEY* pkey) {
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  const uint8_t* ptr = spki.UnsafeData();
+  pkey->reset(d2i_PUBKEY(nullptr, &ptr, spki.Length()));
+  if (!pkey->get() || ptr != spki.UnsafeData() + spki.Length() ||
+      EVP_PKEY_id(pkey->get()) != expected_pkey_id) {
+    pkey->reset();
+    return false;
+  }
+
+  return true;
+}
+
+// Parses an RSA public key from SPKI to an EVP_PKEY.
+//
+// Returns true on success.
+//
+// There are two flavors of RSA public key that this function should recognize
+// from RFC 5912 (however note that pk-rsaSSA-PSS is not supported in the
+// current implementation).
+// TODO(eroman): Support id-RSASSA-PSS and its associated parameters.
+//
+//     pk-rsa PUBLIC-KEY ::= {
+//      IDENTIFIER rsaEncryption
+//      KEY RSAPublicKey
+//      PARAMS TYPE NULL ARE absent
+//      -- Private key format not in this module --
+//      CERT-KEY-USAGE {digitalSignature, nonRepudiation,
+//      keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
+//     }
+//
+//  ...
+//
+//     pk-rsaSSA-PSS PUBLIC-KEY ::= {
+//         IDENTIFIER id-RSASSA-PSS
+//         KEY RSAPublicKey
+//         PARAMS TYPE RSASSA-PSS-params ARE optional
+//          -- Private key format not in this module --
+//         CERT-KEY-USAGE { nonRepudiation, digitalSignature,
+//                              keyCertSign, cRLSign }
+//     }
+//
+// Any RSA signature algorithm can accept a "pk-rsa" (rsaEncryption). However a
+// "pk-rsaSSA-PSS" key is only accepted if the signature algorithm was for PSS
+// mode:
+//
+//     sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= {
+//         IDENTIFIER id-RSASSA-PSS
+//         PARAMS TYPE RSASSA-PSS-params ARE required
+//         HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384
+//                      | mda-sha512 }
+//         PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS }
+//         SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS }
+//     }
+//
+// Moreover, if a "pk-rsaSSA-PSS" key was used and it optionally provided
+// parameters for the algorithm, they must match those of the signature
+// algorithm.
+//
+// COMPATIBILITY NOTE: RFC 5912 and RFC 3279 are in disagreement on the value
+// of parameters for rsaEncryption. Whereas RFC 5912 says they must be absent,
+// RFC 3279 says they must be NULL:
+//
+//     The rsaEncryption OID is intended to be used in the algorithm field
+//     of a value of type AlgorithmIdentifier.  The parameters field MUST
+//     have ASN.1 type NULL for this algorithm identifier.
+//
+// Following RFC 3279 in this case.
+WARN_UNUSED_RESULT bool ParseRsaKeyFromSpki(const der::Input& public_key_spki,
+                                            crypto::ScopedEVP_PKEY* pkey) {
+  return ImportPkeyFromSpki(public_key_spki, EVP_PKEY_RSA, pkey);
+}
+
+// Does signature verification using either RSA or ECDSA.
+//
+// Note that the |signature_value| input is expected to be a byte string (and
+// not a DER-encoded BIT STRING)
+WARN_UNUSED_RESULT bool DoVerify(const SignatureAlgorithm& algorithm,
+                                 const der::Input& signed_data,
+                                 const der::Input& signature_value,
+                                 EVP_PKEY* public_key) {
+  DCHECK(algorithm.algorithm() == SignatureAlgorithmId::RsaPkcs1 ||
+         algorithm.algorithm() == SignatureAlgorithmId::RsaPss ||
+         algorithm.algorithm() == SignatureAlgorithmId::Ecdsa);
+
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+  EVP_PKEY_CTX* pctx = nullptr;  // Owned by |ctx|.
+
+  const EVP_MD* digest;
+  if (!GetDigest(algorithm.digest(), &digest))
+    return false;
+
+  if (!EVP_DigestVerifyInit(ctx.get(), &pctx, digest, nullptr, public_key))
+    return false;
+
+  // Set the RSASSA-PSS specific options.
+  if (algorithm.algorithm() == SignatureAlgorithmId::RsaPss &&
+      !ApplyRsaPssOptions(algorithm.ParamsForRsaPss(), pctx)) {
+    return false;
+  }
+
+  if (!EVP_DigestVerifyUpdate(ctx.get(), signed_data.UnsafeData(),
+                              signed_data.Length())) {
+    return false;
+  }
+
+  return 1 == EVP_DigestVerifyFinal(ctx.get(), signature_value.UnsafeData(),
+                                    signature_value.Length());
+}
+
+// Returns true if the given curve is allowed for ECDSA. The input is a
+// BoringSSL NID.
+//
+// TODO(eroman): Extract policy decisions such as allowed curves, hashes, RSA
+// modulus size, to somewhere more central.
+WARN_UNUSED_RESULT bool IsAllowedCurveName(int curve_nid) {
+  switch (curve_nid) {
+    case NID_X9_62_prime256v1:
+    case NID_secp384r1:
+    case NID_secp521r1:
+      return true;
+  }
+  return false;
+}
+
+// Parses an EC public key from SPKI to an EVP_PKEY.
+//
+// Returns true on success.
+//
+// RFC 5912 describes all the ECDSA signature algorithms as requiring a public
+// key of type "pk-ec":
+//
+//     pk-ec PUBLIC-KEY ::= {
+//      IDENTIFIER id-ecPublicKey
+//      KEY ECPoint
+//      PARAMS TYPE ECParameters ARE required
+//      -- Private key format not in this module --
+//      CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
+//                           keyCertSign, cRLSign }
+//     }
+//
+// Moreover RFC 5912 stipulates what curves are allowed. The ECParameters
+// MUST NOT use an implicitCurve or specificCurve for PKIX:
+//
+//     ECParameters ::= CHOICE {
+//      namedCurve      CURVE.&id({NamedCurve})
+//      -- implicitCurve   NULL
+//        -- implicitCurve MUST NOT be used in PKIX
+//      -- specifiedCurve  SpecifiedCurve
+//        -- specifiedCurve MUST NOT be used in PKIX
+//        -- Details for specifiedCurve can be found in [X9.62]
+//        -- Any future additions to this CHOICE should be coordinated
+//        -- with ANSI X.9.
+//     }
+//     -- If you need to be able to decode ANSI X.9 parameter structures,
+//     -- uncomment the implicitCurve and specifiedCurve above, and also
+//     -- uncomment the following:
+//     --(WITH COMPONENTS {namedCurve PRESENT})
+//
+// The namedCurves are extensible. The ones described by RFC 5912 are:
+//
+//     NamedCurve CURVE ::= {
+//     { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
+//     { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
+//     { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
+//     { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
+//     { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
+//     ... -- Extensible
+//     }
+WARN_UNUSED_RESULT bool ParseEcKeyFromSpki(const der::Input& public_key_spki,
+                                           crypto::ScopedEVP_PKEY* pkey) {
+  if (!ImportPkeyFromSpki(public_key_spki, EVP_PKEY_EC, pkey))
+    return false;
+
+  // Enforce policy on allowed curves in case ImportPkeyFromSpki() were to
+  // recognize and allow use of a weak curve.
+  crypto::ScopedEC_KEY ec(EVP_PKEY_get1_EC_KEY(pkey->get()));
+  if (!ec.get())
+    return false;  // Unexpected.
+
+  int curve_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec.get()));
+  return IsAllowedCurveName(curve_nid);
+}
+
+}  // namespace
+
+bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
+                      const der::Input& signed_data,
+                      const der::Input& signature_value_bit_string,
+                      const der::Input& public_key_spki) {
+  crypto::ScopedEVP_PKEY public_key;
+
+  // Parse the SPKI to an EVP_PKEY appropriate for the signature algorithm.
+  switch (signature_algorithm.algorithm()) {
+    case SignatureAlgorithmId::RsaPkcs1:
+    case SignatureAlgorithmId::RsaPss:
+      if (!ParseRsaKeyFromSpki(public_key_spki, &public_key))
+        return false;
+      break;
+    case SignatureAlgorithmId::Ecdsa:
+      if (!ParseEcKeyFromSpki(public_key_spki, &public_key))
+        return false;
+      break;
+  }
+
+  // Extract the bytes of the signature_value. Assume that the BIT STRING has
+  // no unused bits (in other words, is a multiple of 8 bits), since that is the
+  // case for all of the currently supported algorithms.
+  der::Input signature_value;
+  der::Parser parser(signature_value_bit_string);
+  if (!parser.ReadBitStringNoUnusedBits(&signature_value))
+    return false;
+  // By definition signature_value_bit_string must be a single BIT STRING.
+  if (parser.HasMore())
+    return false;
+
+  return DoVerify(signature_algorithm, signed_data, signature_value,
+                  public_key.get());
+}
+
+}  // namespace net
+
+#endif
diff --git a/net/cert/internal/verify_signed_data.h b/net/cert/internal/verify_signed_data.h
new file mode 100644
index 0000000..fc622e8
--- /dev/null
+++ b/net/cert/internal/verify_signed_data.h
@@ -0,0 +1,38 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_
+#define NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_
+
+#include "base/compiler_specific.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace der {
+class Input;
+}  // namespace der
+
+class SignatureAlgorithm;
+
+// Verifies that |signature_value| is a valid signature of |signed_data| using
+// the algorithm |signature_algorithm| and the public key |public_key|.
+//
+//   |signature_algorithm| - The parsed AlgorithmIdentifier
+//   |signed_data| - The blob of data to verify
+//   |signature_value_bit_string| - The DER-encoded BIT STRING representing the
+//       signature's value (to be interpreted according to the signature
+//       algorithm).
+//   |public_key| - A DER-encoded SubjectPublicKeyInfo.
+//
+// Returns true if verification was successful.
+NET_EXPORT bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
+                                 const der::Input& signed_data,
+                                 const der::Input& signature_value_bit_string,
+                                 const der::Input& public_key)
+    WARN_UNUSED_RESULT;
+
+}  // namespace net
+
+#endif  // NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_
diff --git a/net/cert/internal/verify_signed_data_unittest.cc b/net/cert/internal/verify_signed_data_unittest.cc
new file mode 100644
index 0000000..ebd8e461
--- /dev/null
+++ b/net/cert/internal/verify_signed_data_unittest.cc
@@ -0,0 +1,281 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/verify_signed_data.h"
+
+#include <set>
+
+#include "base/base_paths.h"
+#include "base/files/file_util.h"
+#include "base/path_service.h"
+#include "net/cert/internal/signature_algorithm.h"
+#include "net/cert/pem_tokenizer.h"
+#include "net/der/input.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+// Creates a der::Input from an std::string. The lifetimes are a bit subtle
+// when using this function:
+//
+// The returned der::Input() is only valid so long as the input string is alive
+// and is not mutated.
+//
+// Note that the input parameter has been made a pointer to prevent callers
+// from accidentally passing an r-value.
+der::Input InputFromString(const std::string* s) {
+  return der::Input(reinterpret_cast<const uint8_t*>(s->data()), s->size());
+}
+
+// Reads a signature verification test file.
+//
+// The test file is a series of PEM blocks (PEM is just base64 data) with
+// headings of:
+//
+//    "PUBLIC KEY" - DER encoding of the SubjectPublicKeyInfo
+//    "ALGORITHM" - DER encoding of the AlgorithmIdentifier for the signature
+//                  algorithm (signatureAlgorithm in X.509)
+//    "DATA" - The data that was signed (tbsCertificate in X.509)
+//    "SIGNATURE" - The result of signing DATA.
+::testing::AssertionResult ParseTestDataFile(const std::string& file_data,
+                                             std::string* public_key,
+                                             std::string* algorithm,
+                                             std::string* signed_data,
+                                             std::string* signature_value) {
+  const char kPublicKeyBlock[] = "PUBLIC KEY";
+  const char kAlgorithmBlock[] = "ALGORITHM";
+  const char kSignedDataBlock[] = "DATA";
+  const char kSignatureBlock[] = "SIGNATURE";
+
+  std::vector<std::string> pem_headers;
+  pem_headers.push_back(kPublicKeyBlock);
+  pem_headers.push_back(kAlgorithmBlock);
+  pem_headers.push_back(kSignedDataBlock);
+  pem_headers.push_back(kSignatureBlock);
+
+  // Keep track of which blocks have been encountered (by elimination).
+  std::set<std::string> remaining_blocks(pem_headers.begin(),
+                                         pem_headers.end());
+
+  PEMTokenizer pem_tokenizer(file_data, pem_headers);
+  while (pem_tokenizer.GetNext()) {
+    const std::string& block_type = pem_tokenizer.block_type();
+    if (block_type == kPublicKeyBlock) {
+      public_key->assign(pem_tokenizer.data());
+    } else if (block_type == kAlgorithmBlock) {
+      algorithm->assign(pem_tokenizer.data());
+    } else if (block_type == kSignedDataBlock) {
+      signed_data->assign(pem_tokenizer.data());
+    } else if (block_type == kSignatureBlock) {
+      signature_value->assign(pem_tokenizer.data());
+    }
+
+    if (remaining_blocks.erase(block_type) != 1u) {
+      return ::testing::AssertionFailure()
+             << "PEM block defined multiple times: " << block_type;
+    }
+  }
+
+  if (!remaining_blocks.empty()) {
+    // Print one of the missing PEM blocks.
+    return ::testing::AssertionFailure() << "PEM block missing: "
+                                         << *remaining_blocks.begin();
+  }
+
+  return ::testing::AssertionSuccess();
+}
+
+// Returns a path to the file |file_name| within the unittest data directory.
+base::FilePath GetTestFilePath(const char* file_name) {
+  base::FilePath src_root;
+  PathService::Get(base::DIR_SOURCE_ROOT, &src_root);
+  return src_root.Append(
+                     FILE_PATH_LITERAL("net/data/verify_signed_data_unittest"))
+      .AppendASCII(file_name);
+}
+
+enum VerifyResult {
+  SUCCESS,
+  FAILURE,
+};
+
+// Reads test data from |file_name| and runs VerifySignedData() over its inputs.
+//
+// If expected_result was SUCCESS then the test will only succeed if
+// VerifySignedData() returns true.
+//
+// If expected_result was FAILURE then the test will only succeed if
+// VerifySignedData() returns false.
+void RunTestCase(VerifyResult expected_result, const char* file_name) {
+#if !defined(USE_OPENSSL)
+  LOG(INFO) << "Skipping test, only implemented for BoringSSL";
+  return;
+#endif
+
+  base::FilePath test_file_path = GetTestFilePath(file_name);
+
+  std::string file_data;
+  ASSERT_TRUE(base::ReadFileToString(test_file_path, &file_data))
+      << "Couldn't read file: " << test_file_path.value();
+
+  std::string public_key;
+  std::string algorithm;
+  std::string signed_data;
+  std::string signature_value;
+
+  ASSERT_TRUE(ParseTestDataFile(file_data, &public_key, &algorithm,
+                                &signed_data, &signature_value));
+
+  scoped_ptr<SignatureAlgorithm> signature_algorithm =
+      SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm));
+  ASSERT_TRUE(signature_algorithm);
+
+  bool expected_result_bool = expected_result == SUCCESS;
+
+  EXPECT_EQ(
+      expected_result_bool,
+      VerifySignedData(*signature_algorithm, InputFromString(&signed_data),
+                       InputFromString(&signature_value),
+                       InputFromString(&public_key)));
+}
+
+// Read the descriptions in the test files themselves for details on what is
+// being tested.
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1) {
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha1.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha256) {
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha256KeyEncodedBer) {
+  // TODO(eroman): This should fail! (SPKI should be DER-encoded).
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha256-key-encoded-ber.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256) {
+  RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512) {
+  RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha1) {
+  RunTestCase(SUCCESS, "rsa-pss-sha1-salt20.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha256Mgf1Sha512Salt33) {
+  RunTestCase(SUCCESS, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha256) {
+  RunTestCase(SUCCESS, "rsa-pss-sha256-salt10.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha1WrongSalt) {
+  RunTestCase(FAILURE, "rsa-pss-sha1-wrong-salt.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256CorruptedData) {
+  RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1WrongAlgorithm) {
+  RunTestCase(FAILURE, "rsa-pkcs1-sha1-wrong-algorithm.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512WrongSignatureFormat) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-wrong-signature-format.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaUsingRsaKey) {
+  RunTestCase(FAILURE, "ecdsa-using-rsa-key.pem");
+}
+
+TEST(VerifySignedDataTest, RsaUsingEcKey) {
+  RunTestCase(FAILURE, "rsa-using-ec-key.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerNull) {
+  RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-null.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerLength) {
+  RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-length.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingEcdsaAlgorithm) {
+  RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingRsaAlgorithm) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcdhKey) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcmqvKey) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1KeyParamsAbsent) {
+  // TODO(eroman): This should fail! (key algoritm parsing is too permissive)
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha1-key-params-absent.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha1Salt20UsingPssKeyNoParams) {
+  // TODO(eroman): This should pass! (rsaPss not currently supported in key
+  // algorithm).
+  RunTestCase(FAILURE, "rsa-pss-sha1-salt20-using-pss-key-no-params.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha1UsingPssKeyNoParams) {
+  RunTestCase(FAILURE, "rsa-pkcs1-sha1-using-pss-key-no-params.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithParams) {
+  // TODO(eroman): This should pass! (rsaPss not currently supported in key
+  // algorithm).
+  RunTestCase(FAILURE, "rsa-pss-sha256-salt10-using-pss-key-with-params.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithWrongParams) {
+  RunTestCase(FAILURE,
+              "rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPssSha256Salt12UsingPssKeyWithNullParams) {
+  RunTestCase(FAILURE,
+              "rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SpkiParamsNull) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-spki-params-null.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingIdEaRsa) {
+  // TODO(eroman): This should fail! (shouldn't recognize this weird OID).
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha256-using-id-ea-rsa.pem");
+}
+
+TEST(VerifySignedDataTest, RsaPkcs1Sha256SpkiNonNullParams) {
+  // TODO(eroman): This should fail! (shouldn't recognize bogus params in rsa
+  // SPKI).
+  RunTestCase(SUCCESS, "rsa-pkcs1-sha256-spki-non-null-params.pem");
+}
+
+TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SignatureNotBitString) {
+  RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-signature-not-bitstring.pem");
+}
+
+}  // namespace
+
+}  // namespace net
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-signature-not-bitstring.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-signature-not-bitstring.pem
new file mode 100644
index 0000000..2f7a281
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-signature-not-bitstring.pem
@@ -0,0 +1,49 @@
+This is the same test as ecdsa-prime256v1-sha512.pem, except the signature
+value is not wrapped in a BIT STRING and is just the straight up
+Ecdsa-Sig-Value.
+
+This should fail to verify since the expectation is that the signature be a BIT STRING.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS
+o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+MEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoXX/LD
+DO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  68 cons: SEQUENCE          
+    2:d=1  hl=2 l=  32 prim:  INTEGER           :4B9F91E4285287261A1D1C923CF619CD52C175CFE7F1BE60A5258C610348BA3D
+   36:d=1  hl=2 l=  32 prim:  INTEGER           :28C45F901D71C41B298638EC0D6A85D7FCB0C33BBFEC5A9C810846B639289A84
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem
new file mode 100644
index 0000000..6f65be1
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-spki-params-null.pem
@@ -0,0 +1,45 @@
+This is the same test as ecdsa-prime256v1-sha512.pem except the public key's
+algorithm has been tampered with. The parameters for ecPublicKey should be a
+namedCurve, but here they have been replaced by NULL.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFEwCwYHKoZIzj0CAQUAA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb3LVEjOhe
+IkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  81 cons: SEQUENCE          
+    2:d=1  hl=2 l=  11 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   0 prim:   NULL              
+   15:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX
+X/LDDO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  71 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem
new file mode 100644
index 0000000..4f3e26c
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecdh-key.pem
@@ -0,0 +1,48 @@
+This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the
+algorithm OID for the public key has been changed from id-ecPublicKey
+(1.2.840.10045.2.1) to id-ecDH (1.3.132.1.12)
+
+This test should fail because the public key's algorithm does not match that of
+the signature algorithm.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFcwEQYFK4EEAQwGCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb
+3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  87 cons: SEQUENCE          
+    2:d=1  hl=2 l=  17 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   5 prim:   OBJECT            :1.3.132.1.12
+   11:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   21:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX
+X/LDDO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  71 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem
new file mode 100644
index 0000000..d0b906f
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-ecmqv-key.pem
@@ -0,0 +1,48 @@
+This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the
+algorithm OID for the public key has been changed from id-ecPublicKey
+(1.2.840.10045.2.1) to id-ecMQV (1.3.132.1.13)
+
+This test should fail because the public key's algorithm does not match that of
+the signature algorithm.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFcwEQYFK4EEAQ0GCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb
+3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  87 cons: SEQUENCE          
+    2:d=1  hl=2 l=  17 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   5 prim:   OBJECT            :1.3.132.1.13
+   11:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   21:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX
+X/LDDO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  71 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem
new file mode 100644
index 0000000..8085486
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem
@@ -0,0 +1,48 @@
+This test specified a valid ECDSA signature and EC key (the same as ecdsa-prime256v1-sha512.pem)
+
+The problem however is the signature algorithm is indicated as being RSA PKCS#1 v1.5.
+
+Signature verification consequently should fail.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS
+o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBDQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha512WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX
+X/LDDO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  71 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem
new file mode 100644
index 0000000..d51317c
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512-wrong-signature-format.pem
@@ -0,0 +1,47 @@
+This is the same as ecdsa-prime256v1-sha512.pem, except the signature is wrong.
+
+Rather than encoding the signature into a DER-encoded Ecdsa-Sig-Value, it is a
+concatenation of the r and s values. This is the format that WebCrypto uses for
+ECDSA signature, but not what is used for digital signatures.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS
+o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0EAS5+R5ChShyYaHRySPPYZzVLBdc/n8b5gpSWMYQNIuj0oxF+QHXHEGymGOOwNaoXX/LDDO7/
+sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  65 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem
new file mode 100644
index 0000000..54f490c
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-prime256v1-sha512.pem
@@ -0,0 +1,49 @@
+The key, message, and signature come from:
+http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip (SigVer.rsp)
+
+The algorithm DER was synthesized to match, and the signature (provided as an r
+and s tuple) was encoded into a Ecdsa-Sig-Value and then a BIT STRING.
+
+It uses ECDSA verification, using curve prime256v1 and SHA-512
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS
+o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAME
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA512
+
+
+
+-----BEGIN DATA-----
+bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV
+SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1
+APuEMjWr/5jiQb37VTjD4=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX
+X/LDDO7/sWpyBCEa2OSiahA==
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  71 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem b/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem
new file mode 100644
index 0000000..5f5380b
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256-corrupted-data.pem
@@ -0,0 +1,53 @@
+This is the same test as ecdsa-secp384r1-sha256.pem, except the DATA section
+has been corrupted. The third byte has been set to 0.
+
+This signature should NOT verify successfully.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q
+qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5
+emYjLtvDsQ
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l= 118 cons: SEQUENCE          
+    2:d=1  hl=2 l=  16 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   5 prim:   OBJECT            :secp384r1
+   20:d=1  hl=2 l=  98 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+
+
+-----BEGIN DATA-----
+MIIA6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg
+MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw
+wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M
+DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V
+wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh
+FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t
+Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV
+HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM
+CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU=
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l= 105 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem b/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem
new file mode 100644
index 0000000..d5c3798
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-secp384r1-sha256.pem
@@ -0,0 +1,84 @@
+This test data was produced by creating a self-signed EC cert using OpenSSL,
+and then extracting the relevant fields.
+
+It uses ECDSA with curve secp384r1 an SHA-256.
+
+(1) Generate self-signed certificate
+
+  openssl ecparam -out ec_key.pem -name secp384r1 -genkey 
+  openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
+
+(2) Extract public key
+
+  openssl x509 -in cert.pem -pubkey -noout > pubkey.pem
+  cat pubkey.pem
+
+(3) Extract signed data (tbsCertificate)
+
+  openssl asn1parse -in cert.pem -out tbs -noout -strparse 4
+  base64 tbs
+
+(4) Extract signature algorithm
+
+  # Find the offset of the signature algorithm near the end (496 in this case)
+  openssl asn1parse -in cert.pem
+
+  openssl asn1parse -in cert.pem -out alg -noout -strparse 496
+  base64 alg
+
+(5) Extract the signature
+
+  # Find the final offset of BIT STRING (508 in this case)
+  openssl asn1parse -in cert.pem
+
+  openssl asn1parse -in cert.pem -out sig -noout -strparse 508
+  base64 sig
+
+
+
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q
+qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5
+emYjLtvDsQ
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l= 118 cons: SEQUENCE          
+    2:d=1  hl=2 l=  16 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   5 prim:   OBJECT            :secp384r1
+   20:d=1  hl=2 l=  98 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+
+
+-----BEGIN DATA-----
+MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg
+MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw
+wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M
+DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V
+wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh
+FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t
+Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV
+HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM
+CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU=
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l= 105 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/ecdsa-using-rsa-key.pem b/net/data/verify_signed_data_unittest/ecdsa-using-rsa-key.pem
new file mode 100644
index 0000000..653bcd7
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/ecdsa-using-rsa-key.pem
@@ -0,0 +1,51 @@
+This test specifies an ECDSA signature algorithm (and a valid ecdsa signature),
+HOWEVER it provides an RSA key. Verification should fail.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+
+
+-----BEGIN DATA-----
+MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg
+MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw
+wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M
+DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V
+wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh
+FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t
+Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV
+HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM
+CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU=
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l= 105 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem
new file mode 100644
index 0000000..ef7967d
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-length.pem
@@ -0,0 +1,44 @@
+Same test as rsa-pkcs1-sha1.pem except the length of the first SEQUENCE has
+been increased by 2 (which makes it invalid).
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIOfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+Error in encoding
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBBQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha1WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem
new file mode 100644
index 0000000..59559f4
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-bad-key-der-null.pem
@@ -0,0 +1,52 @@
+Same test as rsa-pkcs1-sha1.pem except an extra NULL (0x05, 0x00) has been
+appended to the SPKI.
+
+The DER can still be parsed, however it should fail due to the unconsumed data
+at the end.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQABBQA=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+  162:d=0  hl=2 l=   0 prim: NULL              
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBBQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha1WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem
new file mode 100644
index 0000000..10cc3d0
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-key-params-absent.pem
@@ -0,0 +1,49 @@
+Same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified so the
+algorithm parameters are absent rather than NULL.
+
+This should fail because RFC 3279 says the parameters MUST be NULL.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGdMAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9
+62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC
+cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 157 cons: SEQUENCE          
+    3:d=1  hl=2 l=  11 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBBQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha1WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem
new file mode 100644
index 0000000..0dfff97
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-using-pss-key-no-params.pem
@@ -0,0 +1,51 @@
+This is the same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified
+so that the key algorithm is rsaPss (1.2.840.113549.1.1.10) with absent
+parameters.
+
+Subsequently this should fail, as a PSS key should not be used with a signature
+algorithm for PKCS#1 v1.5.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGdMAsGCSqGSIb3DQEBCgOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9
+62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC
+cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 157 cons: SEQUENCE          
+    3:d=1  hl=2 l=  11 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
+   16:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBBQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha1WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem
new file mode 100644
index 0000000..9aaedba
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1-wrong-algorithm.pem
@@ -0,0 +1,48 @@
+This is the same as rsa-pkcs1-sha1.pem, however the ALGORITHM has been change
+to have SHA256 instead of SHA1. Using this algorithm verification should fail.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1.pem
new file mode 100644
index 0000000..0972aca
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha1.pem
@@ -0,0 +1,53 @@
+The key, message, and signature come from Example 1 of:
+ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt
+
+(The algorithm DER was synthesized to match, and the signature enclosed in a BIT STRING).
+
+It uses an RSA key with modulus length of 1024 bits, PKCS#1 v1.5 padding, and
+SHA-1 as the digest.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBBQUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha1WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8
+Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/
+wJfKsY6aRY/LY0zc6O41iUxITX
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem
new file mode 100644
index 0000000..2a8db4a
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-key-encoded-ber.pem
@@ -0,0 +1,62 @@
+This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been encoded
+using a non-minimal length for the outtermost SEQUENCE.
+
+Under DER, the tag-length-value encodings should be minimal and hence this should fail.
+
+Specifically the SPKI start was changed from:
+  30 81 9f 
+To:
+  30 82 00 9f 
+
+(the length of 0x9F is being expressed using 2 bytes instead of 1)
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIAnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx0
+94X+QD8mooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFed
+qqcTffKVMQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 159 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem
new file mode 100644
index 0000000..4e7fc96
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-spki-non-null-params.pem
@@ -0,0 +1,59 @@
+This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered
+with. The parameters have been changed from NULL to an INTEGER.
+
+This was done by changing:
+
+  05 00  (NULL)
+To:
+  02 00 (INTEGER)
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQIAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3
+hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q
+pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   INTEGER           :00
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem
new file mode 100644
index 0000000..a9b9eb9
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem
@@ -0,0 +1,55 @@
+This test specified a valid RSA PKCS#1 v.1.5 signature and RSA key (the same as rsa-pkcs1-sha256.pem).
+
+The problem however is the signature algorithm is indicated as being ECDSA.
+
+Signature verification consequently should fail.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3
+hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q
+pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem
new file mode 100644
index 0000000..dd5d39c
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256-using-id-ea-rsa.pem
@@ -0,0 +1,54 @@
+This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered
+with. Rather than using an rsaEncryption OID for the key's algorithm, it uses
+id-ea-rsa (2.5.8.1.1).
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGaMAgGBFUIAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx094X+QD8m
+ooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFedqqcTffKV
+MQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 154 cons: SEQUENCE          
+    3:d=1  hl=2 l=   8 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   4 prim:   OBJECT            :rsa
+   11:d=2  hl=2 l=   0 prim:   NULL              
+   13:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256.pem b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256.pem
new file mode 100644
index 0000000..8509111
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pkcs1-sha256.pem
@@ -0,0 +1,86 @@
+This test data was produced by creating a self-signed EC cert using OpenSSL,
+and then extracting the relevant fields.
+
+It uses RSA PKCS#1 v1.5 with SHA-256 and a 1024-bit key.
+
+(1) Generate self-signed certificate
+
+  openssl genrsa -out rsa_key.pem 1024
+  openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -out cert.pem
+
+(2) Extract public key
+
+  openssl x509 -in cert.pem -pubkey -noout > pubkey.pem
+  cat pubkey.pem
+
+(3) Extract signed data (tbsCertificate)
+
+  openssl asn1parse -in cert.pem -out tbs -noout -strparse 4
+  base64 tbs
+
+(4) Extract signature algorithm
+
+  # Find the offset of the signature algorithm near the end (491 in this case)
+  openssl asn1parse -in cert.pem
+
+  openssl asn1parse -in cert.pem -out alg -noout -strparse 491
+  base64 alg
+
+(5) Extract the signature
+
+  # Find the final offset of BIT STRING (506 in this case)
+  openssl asn1parse -in cert.pem
+
+  openssl asn1parse -in cert.pem -out sig -noout -strparse 506
+  base64 sig
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3
+hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q
+pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-no-params.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-no-params.pem
new file mode 100644
index 0000000..503cc2e
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-no-params.pem
@@ -0,0 +1,48 @@
+This is the same test as rsa-pss-sha1-salt20.pem, except the public key's
+algorithm identifier has been changed from rsaEncryption (1.2.840.113549.1.1.1)
+to rsaPss (1.2.840.113549.1.1.10).
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGdMAsGCSqGSIb3DQEBCgOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9
+62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC
+cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 157 cons: SEQUENCE          
+    3:d=1  hl=2 l=  11 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
+   16:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCjAA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=   0 cons:  SEQUENCE          
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ
+/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS
+yCwtTD9mzVAPH/K5lNik4wy7M8
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem
new file mode 100644
index 0000000..222614b
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem
@@ -0,0 +1,50 @@
+This is the same test as rsa-pss-sha1-salt20.pem, except the public key's
+algorithm identifier has been changed from rsaEncryption (1.2.840.113549.1.1.1)
+to rsaPss (1.2.840.113549.1.1.10). Note that the PSS parameters have been
+encoded as NULL which is incorrect.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBCgUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCjAA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=   0 cons:  SEQUENCE          
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ
+/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS
+yCwtTD9mzVAPH/K5lNik4wy7M8
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20.pem
new file mode 100644
index 0000000..e56f0fe
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha1-salt20.pem
@@ -0,0 +1,53 @@
+The key, message, and signature come from Example 1.1 of:
+ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip (pss-vect.txt)
+
+(The algorithm DER was synthesized to match, and the signature enclosed in a BIT STRING).
+
+It uses an RSA key with modulus length of 1024 bits, PSS padding,
+SHA-1 as the digest, MGF1 with SHA-1, and salt length of 20.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCjAA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=   0 cons:  SEQUENCE          
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ
+/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS
+yCwtTD9mzVAPH/K5lNik4wy7M8
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha1-wrong-salt.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha1-wrong-salt.pem
new file mode 100644
index 0000000..57ec775
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha1-wrong-salt.pem
@@ -0,0 +1,51 @@
+Same as rsa-pss-sha1-wrong-salt.pem except the ALGORITHM has been changed to
+have a salt of 23. When verified using this algorithm it will fail, however if
+the default salt of 20 were used it would succeed.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MBIGCSqGSIb3DQEBCjAFogMCARc=
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  18 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=   5 cons:  SEQUENCE          
+   15:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   17:d=3  hl=2 l=   1 prim:    INTEGER           :17
+
+
+
+-----BEGIN DATA-----
+zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu
+jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc
+vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY
+pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ
+/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS
+yCwtTD9mzVAPH/K5lNik4wy7M8
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha256-mgf1-sha512-salt33.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha256-mgf1-sha512-salt33.pem
new file mode 100644
index 0000000..f3b9dcb
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha256-mgf1-sha512-salt33.pem
@@ -0,0 +1,67 @@
+This test exercises using a different hash function parameter to the mask gen
+function (SHA-256 for the hash, but SHA-512 for the MGF1 hash).
+
+This test data was constructed manually by calling signing functions from
+OpenSSL code.
+
+It constructs an RSASSA-PSS signature using:
+  * Key with modulus 1024 bit
+  * Salt length 33 bytes
+  * Digest function of SHA-256
+  * Mask gen function of MGF1 with SHA-512
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH
+mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL
+I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 159 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 141 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIDBQCiAwIBIQ==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha512
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :21
+
+
+
+-----BEGIN DATA-----
+VGVzdCBtZXNzYWdlIHRvIGJlIHNpZ25lZC4uLg==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBAFob0HSC5uuTqKu4J/lj+5bDa+Hhij4H3klWnvt6Yc+wwPza7/UC4lgGGyvZqD32RUEdt7v
+Z14qqYNk53b5aj4C2gBMvLzV7Pay4mmQM4DSWa5JHMxTILqE3DDqihrbMcBw2q3XAsLcjeqLWQ9
+yp8tfnV21h98qsCLtErrxZWHRr
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-params.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-params.pem
new file mode 100644
index 0000000..e0140b3
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-params.pem
@@ -0,0 +1,74 @@
+This is the same test as rsa-pss-sha256-salt10.pem except instead of specifying
+the SPKI using rsaEncryption it is specified using rsaPss along with
+parameters that match those of the signature algorithm.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIHRMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZ
+IAWUDBAIBBQCiAwIBCgOBiwAwgYcCgYEAvkmbXn8GyD+gKT4xRlyOtrWK+SC65Sp7W5v+t6py2x
+JkES6z/UMdMaKn5QlBVmkpSUoOiR7VYTkYtLUbDR+5d4Oyas99DzhM+zX00oJPXdOAYjomvxgLY
+5YcYZ3NsgyuQG8i9uJ2yAo3JZSQz+tywacahPGEbTMId7o+MQHsnHsCARE=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 209 cons: SEQUENCE          
+    3:d=1  hl=2 l=  65 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
+   16:d=2  hl=2 l=  52 cons:   SEQUENCE          
+   18:d=3  hl=2 l=  15 cons:    cont [ 0 ]        
+   20:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   22:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   33:d=5  hl=2 l=   0 prim:      NULL              
+   35:d=3  hl=2 l=  28 cons:    cont [ 1 ]        
+   37:d=4  hl=2 l=  26 cons:     SEQUENCE          
+   39:d=5  hl=2 l=   9 prim:      OBJECT            :mgf1
+   50:d=5  hl=2 l=  13 cons:      SEQUENCE          
+   52:d=6  hl=2 l=   9 prim:       OBJECT            :sha256
+   63:d=6  hl=2 l=   0 prim:       NULL              
+   65:d=3  hl=2 l=   3 cons:    cont [ 2 ]        
+   67:d=4  hl=2 l=   1 prim:     INTEGER           :0A
+   70:d=1  hl=3 l= 139 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIBBQCiAwIBCg==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :0A
+
+
+
+-----BEGIN DATA-----
+x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
+frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
+nNV1xPnLMnlRuM3+QIcWg=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D
+/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID
+zsLmAesMUfVn8u2gIrC5693u76
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem
new file mode 100644
index 0000000..646ac1f
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem
@@ -0,0 +1,74 @@
+This is the same test as rsa-pss-sha256-salt10-using-pss-key-with-params.pem
+except the hash in the PSS key's parameters has been changed from SHA-256 to
+SHA-384.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIHRMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZ
+IAWUDBAIBBQCiAwIBCgOBiwAwgYcCgYEAvkmbXn8GyD+gKT4xRlyOtrWK+SC65Sp7W5v+t6py2x
+JkES6z/UMdMaKn5QlBVmkpSUoOiR7VYTkYtLUbDR+5d4Oyas99DzhM+zX00oJPXdOAYjomvxgLY
+5YcYZ3NsgyuQG8i9uJ2yAo3JZSQz+tywacahPGEbTMId7o+MQHsnHsCARE=
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 209 cons: SEQUENCE          
+    3:d=1  hl=2 l=  65 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
+   16:d=2  hl=2 l=  52 cons:   SEQUENCE          
+   18:d=3  hl=2 l=  15 cons:    cont [ 0 ]        
+   20:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   22:d=5  hl=2 l=   9 prim:      OBJECT            :sha384
+   33:d=5  hl=2 l=   0 prim:      NULL              
+   35:d=3  hl=2 l=  28 cons:    cont [ 1 ]        
+   37:d=4  hl=2 l=  26 cons:     SEQUENCE          
+   39:d=5  hl=2 l=   9 prim:      OBJECT            :mgf1
+   50:d=5  hl=2 l=  13 cons:      SEQUENCE          
+   52:d=6  hl=2 l=   9 prim:       OBJECT            :sha256
+   63:d=6  hl=2 l=   0 prim:       NULL              
+   65:d=3  hl=2 l=   3 cons:    cont [ 2 ]        
+   67:d=4  hl=2 l=   1 prim:     INTEGER           :0A
+   70:d=1  hl=3 l= 139 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIBBQCiAwIBCg==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :0A
+
+
+
+-----BEGIN DATA-----
+x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
+frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
+nNV1xPnLMnlRuM3+QIcWg=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D
+/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID
+zsLmAesMUfVn8u2gIrC5693u76
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10.pem b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10.pem
new file mode 100644
index 0000000..fc37f41
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-pss-sha256-salt10.pem
@@ -0,0 +1,65 @@
+The key, message, and signature come from:
+http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip (SigVerPSS_186-3.rsp)
+
+(The algorithm DER was synthesized to match, and the signature wrapped in a BIT STRING).
+
+It uses an RSA key with modulus length of 1024 bits, PSS padding,
+SHA-256 as the digest, MGF1 with SHA-256, and salt length of 10.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC+SZtefwbIP6ApPjFGXI62tYr5ILrlKntbm/6
+3qnLbEmQRLrP9Qx0xoqflCUFWaSlJSg6JHtVhORi0tRsNH7l3g7Jqz30POEz7NfTSgk9d04BiOi
+a/GAtjlhxhnc2yDK5AbyL24nbICjcllJDP63LBpxqE8YRtMwh3uj4xAeycewIBEQ==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=3 l= 157 cons: SEQUENCE          
+    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   16:d=2  hl=2 l=   0 prim:   NULL              
+   18:d=1  hl=3 l= 139 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIBBQCiAwIBCg==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :0A
+
+
+
+-----BEGIN DATA-----
+x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
+frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
+nNV1xPnLMnlRuM3+QIcWg=
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D
+/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID
+zsLmAesMUfVn8u2gIrC5693u76
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/data/verify_signed_data_unittest/rsa-using-ec-key.pem b/net/data/verify_signed_data_unittest/rsa-using-ec-key.pem
new file mode 100644
index 0000000..b9a3777
--- /dev/null
+++ b/net/data/verify_signed_data_unittest/rsa-using-ec-key.pem
@@ -0,0 +1,52 @@
+This test specifies an RSA PKCS#1 v1.5 signature algorithm (and a valid RSA
+signature), HOWEVER it provides an EC key. Verification should fail.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS
+o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA==
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MA0GCSqGSIb3DQEBCwUA
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  13 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
+   13:d=1  hl=2 l=   0 prim:  NULL              
+
+
+
+-----BEGIN DATA-----
+MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
+VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
+UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
+VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
+1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
+0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
+cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
+FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
+oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
++Gqf3saGdr8/LnvFAdNQvkalQt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=3 l= 129 prim: BIT STRING        
diff --git a/net/net.gypi b/net/net.gypi
index 85301b8..708ef29 100644
--- a/net/net.gypi
+++ b/net/net.gypi
@@ -83,6 +83,8 @@
       'cert/internal/signature_algorithm.h',
       'cert/internal/verify_name_match.cc',
       'cert/internal/verify_name_match.h',
+      'cert/internal/verify_signed_data.cc',
+      'cert/internal/verify_signed_data.h',
       'cert/pem_tokenizer.cc',
       'cert/pem_tokenizer.h',
       'cert/sha256_legacy_support_nss_win.cc',
@@ -1358,6 +1360,7 @@
       'cert/internal/extended_key_usage_unittest.cc',
       'cert/internal/signature_algorithm_unittest.cc',
       'cert/internal/verify_name_match_unittest.cc',
+      'cert/internal/verify_signed_data_unittest.cc',
       'cert/jwk_serializer_unittest.cc',
       'cert/multi_log_ct_verifier_unittest.cc',
       'cert/multi_threaded_cert_verifier_unittest.cc',