Add support for PSS.

This has tests generated by openssl, and integrated with
the existing chromium verify_signed_data corpus.

The PSS parameter encodings are slightly unwieldy, and
are included from files rather than embedded in the source.

There are python scripts for regenerating the parameter encodings
and tests.

Cargo.toml

@@ -89,7 +89,7 @@ default = ["trust_anchor_util"]
 trust_anchor_util = []
 
 [dependencies]
-ring = "0.5.3"
+ring = "0.6.0-alpha"
 rustc-serialize = "0.3.15"
 time = "0.1"
 untrusted = "0.3"

src/data/pss.py

@@ -0,0 +1,78 @@
+# Copyright 2016 Joseph Birr-Pixton.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+"""
+Generates assorted RSASSA-PSS-params encodings.  See RFC4055.
+
+Requires pyasn1 and python2.
+"""
+
+from pyasn1.type import univ, tag
+from pyasn1.codec.der import encoder
+
+pkcs1 = [1, 2, 840, 113549, 1, 1]
+id_RSASSA_PSS = univ.ObjectIdentifier(pkcs1 + [10])
+id_mgf1 = univ.ObjectIdentifier(pkcs1 + [8])
+
+id_SHA1 = univ.ObjectIdentifier([1, 3, 14, 3, 2, 26])
+nist_hash_algs = [2, 16, 840, 1, 101, 3, 4, 2]
+id_SHA256 = univ.ObjectIdentifier(nist_hash_algs + [1])
+id_SHA384 = univ.ObjectIdentifier(nist_hash_algs + [2])
+id_SHA512 = univ.ObjectIdentifier(nist_hash_algs + [3])
+
+def alg_id(id, param = None):
+    alg = univ.Sequence()
+    alg[0] = id
+    if param is None:
+        alg[1] = univ.Null()
+    else:
+        alg[1] = param
+    return alg
+
+sha1Identifier = alg_id(id_SHA1)
+sha256Identifier = alg_id(id_SHA256)
+sha384Identifier = alg_id(id_SHA384)
+sha512Identifier = alg_id(id_SHA512)
+
+def mgf1_with(hash):
+    return alg_id(id_mgf1, hash)
+
+mgf1SHA1Identifier = mgf1_with(sha1Identifier)
+mgf1SHA256Identifier = mgf1_with(sha256Identifier)
+mgf1SHA384Identifier = mgf1_with(sha384Identifier)
+mgf1SHA512Identifier = mgf1_with(sha512Identifier)
+
+def dump_pss_encoding(filename, hash, mgf1, salt):
+    pss = univ.Sequence()
+    pss[0] = univ.Sequence(tagSet = tag.TagSet().tagExplicitly(
+                tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    pss[0][0] = hash
+
+    pss[1] = univ.Sequence(tagSet = tag.TagSet().tagExplicitly(
+                tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    pss[1][0] = mgf1
+
+    pss[2] = univ.Integer(salt).subtype(
+            explicitTag = tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))
+
+    alg = alg_id(id_RSASSA_PSS, pss)
+
+    open('params-' + filename, 'wb').write(encoder.encode(pss))
+    open('alg-' + filename, 'wb').write(encoder.encode(alg))
+
+if __name__ == '__main__':
+    dump_pss_encoding('pss-sha256.der', sha256Identifier, mgf1SHA256Identifier, 32)
+    dump_pss_encoding('pss-sha384.der', sha384Identifier, mgf1SHA384Identifier, 48)
+    dump_pss_encoding('pss-sha512.der', sha512Identifier, mgf1SHA512Identifier, 64)
+

src/signed_data.rs

@@ -296,6 +296,31 @@ pub static RSA_PKCS1_3072_8192_SHA384: SignatureAlgorithm = SignatureAlgorithm {
     verification_alg: &signature::RSA_PKCS1_3072_8192_SHA384,
 };
 
+/// RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of
+/// type rsaEncryption; see https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: SignatureAlgorithm =
+        SignatureAlgorithm {
+    signature_alg_oid: RSA_PSS_OID,
+    public_key_alg: &RSA_PSS_SHA256_LEGACY_KEY,
+    verification_alg: &signature::RSA_PSS_2048_8192_SHA256,
+};
+
+/// RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of
+/// type rsaEncryption; see https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: SignatureAlgorithm =
+        SignatureAlgorithm {
+    signature_alg_oid: RSA_PSS_OID,
+    public_key_alg: &RSA_PSS_SHA384_LEGACY_KEY,
+    verification_alg: &signature::RSA_PSS_2048_8192_SHA384,
+};
+
+/// RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of
+/// type rsaEncryption; see https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: SignatureAlgorithm = SignatureAlgorithm {
+    signature_alg_oid: RSA_PSS_OID,
+    public_key_alg: &RSA_PSS_SHA512_LEGACY_KEY,
+    verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
+};
 
 struct PublicKeyAlgorithm {
     shared: &'static PublicKeyAlgorithmSharedInfo,
@@ -343,7 +368,7 @@ const ECDSA_SHARED: PublicKeyAlgorithmSharedInfo = PublicKeyAlgorithmSharedInfo
 
 const RSA_PKCS1_SHARED: PublicKeyAlgorithmSharedInfo =
         PublicKeyAlgorithmSharedInfo {
-    spki_algorithm_oid: &oid_1_2_840_113549![1, 1, 1],
+    spki_algorithm_oid: &RSA_ENCRYPTION_OID,
 
     // RFC 4055 Section 5 and RFC 3279 Section 2.2.1 both say that parameters
     // for RSA PKCS#1 must be encoded as NULL; we relax that requirement by
@@ -352,15 +377,47 @@ const RSA_PKCS1_SHARED: PublicKeyAlgorithmSharedInfo =
     allowed_signature_alg_parameters: &[&[], &[0x05, 0x00]], // Optional NULL.
 };
 
+const RSA_PSS_SHA256_LEGACY_KEY: PublicKeyAlgorithm = PublicKeyAlgorithm {
+    shared: &PublicKeyAlgorithmSharedInfo {
+      spki_algorithm_oid: &RSA_ENCRYPTION_OID,
+      allowed_signature_alg_parameters: &[
+        include_bytes!("data/params-pss-sha256.der")
+      ]
+    },
+    curve_oid: None
+};
+
+const RSA_PSS_SHA384_LEGACY_KEY: PublicKeyAlgorithm = PublicKeyAlgorithm {
+    shared: &PublicKeyAlgorithmSharedInfo {
+      spki_algorithm_oid: &RSA_ENCRYPTION_OID,
+      allowed_signature_alg_parameters: &[
+        include_bytes!("data/params-pss-sha384.der")
+      ]
+    },
+    curve_oid: None
+};
+
+const RSA_PSS_SHA512_LEGACY_KEY: PublicKeyAlgorithm = PublicKeyAlgorithm {
+    shared: &PublicKeyAlgorithmSharedInfo {
+      spki_algorithm_oid: &RSA_ENCRYPTION_OID,
+      allowed_signature_alg_parameters: &[
+        include_bytes!("data/params-pss-sha512.der")
+      ]
+    },
+    curve_oid: None
+};
+
 // TODO: add documentation for all this stuff.
 
 const ECDSA_SHA256_OID: &'static [u8] = &oid_1_2_840_10045![4, 3, 2];
 const ECDSA_SHA384_OID: &'static [u8] = &oid_1_2_840_10045![4, 3, 3];
 
+const RSA_ENCRYPTION_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 1];
 const RSA_PKCS1_SHA1_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 5];
 const RSA_PKCS1_SHA256_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 11];
 const RSA_PKCS1_SHA384_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 12];
 const RSA_PKCS1_SHA512_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 13];
+const RSA_PSS_OID: &'static [u8] = &oid_1_2_840_113549![1, 1, 10];
 
 
 #[cfg(test)]
@@ -569,8 +626,7 @@ mod tests {
         "rsa-pkcs1-sha256-using-id-ea-rsa.pem",
         Err(Error::UnsupportedSignatureAlgorithmForPublicKey));
 
-    // XXX: PSS is not supported, so our test results are not the same as
-    // Chromium's test results for these cases.
+    // Chromium's PSS test are for parameter combinations we don't support.
     test_parse_spki_bad!(test_rsa_pss_sha1_salt20_using_pss_key_no_params,
                          "rsa-pss-sha1-salt20-using-pss-key-no-params.pem",
                          Error::BadDER);
@@ -598,6 +654,32 @@ mod tests {
                              "rsa-pss-sha256-salt10.pem",
                              Err(Error::UnsupportedSignatureAlgorithm));
 
+    /// Our PSS tests that should work.
+    test_verify_signed_data!(
+        test_rsa_pss_sha256_salt32,
+        "ours/rsa-pss-sha256-salt32.pem",
+        Ok(()));
+    test_verify_signed_data!(
+        test_rsa_pss_sha384_salt48,
+        "ours/rsa-pss-sha384-salt48.pem",
+        Ok(()));
+    test_verify_signed_data!(
+        test_rsa_pss_sha512_salt64,
+        "ours/rsa-pss-sha512-salt64.pem",
+        Ok(()));
+    test_verify_signed_data!(
+        test_rsa_pss_sha256_salt32_corrupted_data,
+        "ours/rsa-pss-sha256-salt32-corrupted-data.pem",
+        Err(Error::InvalidSignatureForPublicKey));
+    test_verify_signed_data!(
+        test_rsa_pss_sha384_salt48_corrupted_data,
+        "ours/rsa-pss-sha384-salt48-corrupted-data.pem",
+        Err(Error::InvalidSignatureForPublicKey));
+    test_verify_signed_data!(
+        test_rsa_pss_sha512_salt64_corrupted_data,
+        "ours/rsa-pss-sha512-salt64-corrupted-data.pem",
+        Err(Error::InvalidSignatureForPublicKey));
+
     test_verify_signed_data!(
         test_rsa_using_ec_key, "rsa-using-ec-key.pem",
         Err(Error::UnsupportedSignatureAlgorithmForPublicKey));
@@ -667,6 +749,9 @@ mod tests {
         &signed_data::RSA_PKCS1_2048_8192_SHA384,
         &signed_data::RSA_PKCS1_2048_8192_SHA512,
         &signed_data::RSA_PKCS1_3072_8192_SHA384,
+        &signed_data::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+        &signed_data::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
+        &signed_data::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 
         // Algorithms deprecated because they are annoying (P-521) or because
         // they are nonsensical combinations.

src/webpki.rs

@@ -112,6 +112,9 @@ pub use signed_data::{
     RSA_PKCS1_2048_8192_SHA384,
     RSA_PKCS1_2048_8192_SHA512,
     RSA_PKCS1_3072_8192_SHA384,
+    RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+    RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
+    RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 };
 
 /// An end-entity certificate.

third-party/chromium/data/verify_signed_data/ours/make-pss.py

@@ -0,0 +1,59 @@
+# Copyright 2016 Joseph Birr-Pixton.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import subprocess
+import glob
+import hashlib
+import os
+
+TOP = '../../../../../'
+
+def dump(bin, type):
+    return '-----BEGIN %s-----\n%s-----END %s-----\n' % \
+            (type, bin.encode('base64'), type)
+
+def gen(outfile, paramfile, hashfn):
+    param = open(paramfile).read()
+
+    rand = os.urandom(64)
+    hash = getattr(hashlib, hashfn)(rand).digest()
+
+    proc = subprocess.Popen(['openssl', 'pkeyutl',
+        '-inkey', 'priv.pem',
+        '-sign',
+        '-pkeyopt', 'rsa_padding_mode:pss',
+        '-pkeyopt', 'rsa_pss_saltlen:-1',
+        '-pkeyopt', 'digest:%s' % hashfn
+        ],
+        stdout = subprocess.PIPE,
+        stdin = subprocess.PIPE)
+
+    sig, _ = proc.communicate(hash)
+
+    with open(outfile, 'w') as f:
+        print >>f, dump(open('pub.der').read(), 'PUBLIC KEY')
+        print >>f, dump(param, 'ALGORITHM')
+        print >>f, dump(rand, 'DATA')
+
+        assert len(sig) == 256 # only works with 2048-bit keys
+        # turn it into a DER bitstring
+        print >>f, dump('\x03\x82\x01\x01\x00' + sig, 'SIGNATURE')
+
+if __name__ == '__main__':
+    subprocess.check_call('openssl genrsa -out priv.pem 2048', shell = True)
+    subprocess.check_call('openssl rsa -pubout -out pub.pem -in priv.pem', shell = True)
+    subprocess.check_call('openssl asn1parse -inform pem -in pub.pem -out pub.der', shell = True)
+    gen('rsa-pss-sha256-salt32.pem', TOP + 'src/data/alg-pss-sha256.der', 'sha256')
+    gen('rsa-pss-sha384-salt48.pem', TOP + 'src/data/alg-pss-sha384.der', 'sha384')
+    gen('rsa-pss-sha512-salt64.pem', TOP + 'src/data/alg-pss-sha512.der', 'sha512')

third-party/chromium/data/verify_signed_data/ours/priv.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkmClZR5z1jNht+As6+M
+lgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNvrQkoOL
+znXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF
+5Wc0sktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZ
+xmqoewYHuXQUAfl7W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6e
+alb5Osj3iSEknxRTley47SsODQ0maUUWj8wEjwIDAQABAoIBAFBAVQmt7fBQgAWQ
+JDimeWz198k7pVKCVND94Zg7luReYmmlhpUVM7V6A1/BC9EMuERlmq6YEgwIyZjW
+KUFxhQZAINfk64334CSRMzh/om9uPgjLPoMIQG1dzL9NtR0Ic7wKV8afxPf/mKL9
+Iwvv1+HMoi5qafzz58xNNLk6OgopdZ6H2aX0QtHy/jkMfpE3od7W6Xc+lSVUO7HG
+zmN3pHaM5K5n59cX9jpg/K+a0loceY5vmqUfXyh6IP6h1XyAb2NTpU04klDEFEnU
+tyaYtxL4ZMZzefoeVXVbCl7qeOE7KGIz7gcvsqL7T8dkK+uYf6mLENeyUvkCKiTG
+QAqon0kCgYEA6pLLAYpRo9JbLYlYNt9iTFwIU+R8RcxzZrltm7OUqztmaVq4pOek
+cPw/2sCMvqeEWuGhv+bbeIsDUWADU9NFkWySlVRKEFKGb3ECv3A07yfP2K22exOZ
+/SglNZKB/ycvpOMcNKnJD5folRrh0actdVG8vOf/sN+887vE77u0f6sCgYEAxeC0
+/6831k/EWYzQf+OfeLqx4ABgkgqxvMXO3YCp44+DD4l8TVWfP4Ahfj5p0zCbXIv3
+5OcxdVwjNljZw4Y5vDNwcDK7vKwp9ne+H9xJB7Yedfr7oyJbqIvJ1nd6jmXoL7GA
+dX9xSxJ1CucD7RAY99MS77y8xm0sTbFoI6SvOq0CgYEApeQihXhYvE6sBMw5ArWA
+QxhjG1FfQc2RX3iLt62M2nwrtR5frt/TP8RlNEMwRjUaOVuQlLKjS+Cj/Ay2zbWA
+YZQzJkByEJEMWgvGMbUc+nVhXI+dmfUG1i5qAjUWkmgYHbgv3l6kvs5jwe88/JQK
+ZgnkPISmI2RXsNd+MzzALfkCgYB/56HXa/ERzHnE0KqtH/si1LrJajUB8Xu14761
+msc12rwCvQHmEyRerXn42msZIeAq0CaqhW6Ix8fTB1erdQW4yx8wxvpnGHn/YKM6
+gO+L1oKWDGe/qSPKLKGIya4kgWa1/Wxlhr06o3GYXH9DKxaYio1A/aSgNk1e4v/H
+mlnR+QKBgQDd2cdhBTXIo5FZSONip5GG2Ku9m60qGSyPTCqxLNWBfYE/fu0aFCUU
+GemqA2ygxFnyCG1Af0SDWwQFH8W7BJ6H1geJVcwVKLrZokKOul8kdwXCxz1J2XGe
+gskT4Dsd9K8TSU3J09XVKhC5SrF0vDjdXOE6rtFSqa/bs7B2JcfNwQ==
+-----END RSA PRIVATE KEY-----

third-party/chromium/data/verify_signed_data/ours/pub.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mj
+EB5mxjJzgkmClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDO
+FwtrxJE6Eg1GQ2ux9nDVNvrQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbc
+Wc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0sktNr6he6R3zSQ6YK5KZFzQdnEtGc4gw
+HWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7W0DC3hoxOoLwSqL2bt2z
+MMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0maUUWj8wE
+jwIDAQAB
+-----END PUBLIC KEY-----

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha256-salt32-corrupted-data.pem

@@ -0,0 +1,63 @@
+This has had DATA corrupted, so the signature is not valid.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIBBQCiAwIBIA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :20
+
+
+
+-----BEGIN DATA-----
+K6BCjy4hCNAZBmRT+wS4h5wDg7pO67oHFabDt5cXNp8X6sLNH2vjICLtO2niPwZ/Yk2ySxC8MgO
+/+U9sdSXxqA==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQCZqlXJhviFKOKHe1ssbm0ThtAnAbcuP3ACBZyfpBjfYlxAgltNzBnmEtxjsbZQPMXHDHy
+Y+fdEXwK2vboCz7BzIRXcrcJGzjsBc2zPeNZlmhaadIoa5d8jy3kxnT+f3YVjKGZBqwDaqE5Kie
+jhV0laTK+cNGFXo9a3ylICok+s4jVN2Y7qE+ImgyANbZyn1d6W6VnFf4GVvin2hFwTCcZnKA6Db
+NYnArbbNmHmMB2S+1Kw9dAklnzZmwWgNSRirtTpUHTBIWYq3B0hPL8IzwKk89/iKDaY2fpV/Wnt
+oL2mgM7oa/7+oQWa27BGYftYZmDpIQtNbUeO4VBnaeqGgA5f
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING        

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha256-salt32.pem

@@ -0,0 +1,63 @@
+
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIBBQCiAwIBIA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :20
+
+
+
+-----BEGIN DATA-----
+K5BCjy4hCNAZBmRT+wS4h5wDg7pO67oHFabDt5cXNp8X6sLNH2vjICLtO2niPwZ/Yk2ySxC8MgO
+/+U9sdSXxqA==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQCZqlXJhviFKOKHe1ssbm0ThtAnAbcuP3ACBZyfpBjfYlxAgltNzBnmEtxjsbZQPMXHDHy
+Y+fdEXwK2vboCz7BzIRXcrcJGzjsBc2zPeNZlmhaadIoa5d8jy3kxnT+f3YVjKGZBqwDaqE5Kie
+jhV0laTK+cNGFXo9a3ylICok+s4jVN2Y7qE+ImgyANbZyn1d6W6VnFf4GVvin2hFwTCcZnKA6Db
+NYnArbbNmHmMB2S+1Kw9dAklnzZmwWgNSRirtTpUHTBIWYq3B0hPL8IzwKk89/iKDaY2fpV/Wnt
+oL2mgM7oa/7+oQWa27BGYftYZmDpIQtNbUeO4VBnaeqGgA5f
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING        

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha384-salt48-corrupted-data.pem

@@ -0,0 +1,63 @@
+This has had DATA corrupted, so the signature is not valid.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAICBQCiAwIBMA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha384
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha384
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :30
+
+
+
+-----BEGIN DATA-----
+TDrlz5dKOqfOQhirwHj00bsVlf+0WEe2qMe9l6SVr9SHB4Eow26r+aU7+pGZFp774O041xIeU2g
+ZHYzNWBjGZQ==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQBvlL4AuwL3hEobMolBzR/0gzuJ9u4ATWEPO5uTiBtdJ5Nx9O6gFCrtZMwfEU9q4bzazKV
+yWRSpn23GZjlmNYhFCNlfY3l6IlhxGEVz/YeOglrBR8hFbA17835jTmcCR09G6SZ7Wwm8NV7riw
+woW15A1N2axuaAAcCxf9T48uehAmXrfApJygl2PWeKzzATUAuGzLLmQ0hNGVvUraxCJfiehtnMl
+kWUiSZgjvmXKv6N2JtN8dHMHVEzPTBou4a25ozQIRAIGFvZYcDm5DW4CNJqFM1mTv2BEeOCW5hw
+Bt60xm8kXOX4OGwgEyB/aHttWHPdAiFUoODo5j4MtcvajuWt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING        

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha384-salt48.pem

@@ -0,0 +1,63 @@
+
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAICBQCiAwIBMA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha384
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha384
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :30
+
+
+
+-----BEGIN DATA-----
+TDRlz5dKOqfOQhirwHj00bsVlf+0WEe2qMe9l6SVr9SHB4Eow26r+aU7+pGZFp774O041xIeU2g
+ZHYzNWBjGZQ==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQBvlL4AuwL3hEobMolBzR/0gzuJ9u4ATWEPO5uTiBtdJ5Nx9O6gFCrtZMwfEU9q4bzazKV
+yWRSpn23GZjlmNYhFCNlfY3l6IlhxGEVz/YeOglrBR8hFbA17835jTmcCR09G6SZ7Wwm8NV7riw
+woW15A1N2axuaAAcCxf9T48uehAmXrfApJygl2PWeKzzATUAuGzLLmQ0hNGVvUraxCJfiehtnMl
+kWUiSZgjvmXKv6N2JtN8dHMHVEzPTBou4a25ozQIRAIGFvZYcDm5DW4CNJqFM1mTv2BEeOCW5hw
+Bt60xm8kXOX4OGwgEyB/aHttWHPdAiFUoODo5j4MtcvajuWt
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING        

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha512-salt64-corrupted-data.pem

@@ -0,0 +1,63 @@
+This has had DATA corrupted, so the signature is not valid.
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIDBQCiAwIBQA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha512
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha512
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :40
+
+
+
+-----BEGIN DATA-----
+BENGYY+GrDsvawb08kP/OZ0iWbG5yBlJpCIJ1YLPfTCjEouvBzwAkWpUEsI3zk0N8+xcMyJ3qOi
+pIsX4YnFfPw==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQBPA1K787NaEycdAHDfil1/F2imI9PcVD5ZuloBz9Qj1q4ZfdZ9PMagunDBVRQoBr1VDhI
+6VkDfyQvhKebIbSsfk/qJoNZGCZtsKhXcGm5ZI2+fUbbMW7EwlKle8SqXCHRAIICND/qwundcqp
+kLNHOqOK8GRUYHnJcMmQbMCBUx9aw3IRu2LRp6FtBwA16stpSat/NlX+aH79f1B/uoFpDVzG7Kw
+oqmAuv81vOVQSCNTn4MrCyxmJTLqbk6frXN7nRF+SQOPksUwXXYgpzGyFhrwgUHwkc3skNx/jOT
+fpWnvjOUVbi80Sa9i7EIOcmt4IP4a3BRPWT/MTYDDPADIgVf
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING        

third-party/chromium/data/verify_signed_data/ours/rsa-pss-sha512-salt64.pem

@@ -0,0 +1,63 @@
+
+
+
+
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDcg1BMqPneiNBL5+mjEB5mxjJzgkm
+ClZR5z1jNht+As6+Mlgflni0bB8LjhWbIt+dZ6Bt4cSHOnAOnkMDOFwtrxJE6Eg1GQ2ux9nDVNv
+rQkoOLznXrxMh/af0pcSo8kItDmkqbV/fi3Q7agpbcWc/4wTZOfO6lns4nb5s08oaUv3uF5Wc0s
+ktNr6he6R3zSQ6YK5KZFzQdnEtGc4gwHWXZ9xt4JeANht3m4RNpMY89qZsZxmqoewYHuXQUAfl7
+W0DC3hoxOoLwSqL2bt2zMMeR8WAo51YY0cJnzAEETcnWIM6ealb5Osj3iSEknxRTley47SsODQ0
+maUUWj8wEjwIDAQAB
+-----END PUBLIC KEY-----
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=4 l= 290 cons: SEQUENCE          
+    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
+    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
+   17:d=2  hl=2 l=   0 prim:   NULL              
+   19:d=1  hl=4 l= 271 prim:  BIT STRING        
+
+
+
+-----BEGIN ALGORITHM-----
+MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
+DBAIDBQCiAwIBQA==
+-----END ALGORITHM-----
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  65 cons: SEQUENCE          
+    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
+   13:d=1  hl=2 l=  52 cons:  SEQUENCE          
+   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]        
+   17:d=3  hl=2 l=  13 cons:    SEQUENCE          
+   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha512
+   30:d=4  hl=2 l=   0 prim:     NULL              
+   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]        
+   34:d=3  hl=2 l=  26 cons:    SEQUENCE          
+   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
+   47:d=4  hl=2 l=  13 cons:     SEQUENCE          
+   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha512
+   60:d=5  hl=2 l=   0 prim:      NULL              
+   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
+   64:d=3  hl=2 l=   1 prim:    INTEGER           :40
+
+
+
+-----BEGIN DATA-----
+BEnGYY+GrDsvawb08kP/OZ0iWbG5yBlJpCIJ1YLPfTCjEouvBzwAkWpUEsI3zk0N8+xcMyJ3qOi
+pIsX4YnFfPw==
+-----END DATA-----
+
+
+
+-----BEGIN SIGNATURE-----
+A4IBAQBPA1K787NaEycdAHDfil1/F2imI9PcVD5ZuloBz9Qj1q4ZfdZ9PMagunDBVRQoBr1VDhI
+6VkDfyQvhKebIbSsfk/qJoNZGCZtsKhXcGm5ZI2+fUbbMW7EwlKle8SqXCHRAIICND/qwundcqp
+kLNHOqOK8GRUYHnJcMmQbMCBUx9aw3IRu2LRp6FtBwA16stpSat/NlX+aH79f1B/uoFpDVzG7Kw
+oqmAuv81vOVQSCNTn4MrCyxmJTLqbk6frXN7nRF+SQOPksUwXXYgpzGyFhrwgUHwkc3skNx/jOT
+fpWnvjOUVbi80Sa9i7EIOcmt4IP4a3BRPWT/MTYDDPADIgVf
+-----END SIGNATURE-----
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=4 l= 257 prim: BIT STRING