Implement VerifySignedData() for ECDSA, RSA PKCS#1 and RSA PSS.

net/cert/internal/verify_signed_data.h

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_
+#define NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_
+
+#include "base/compiler_specific.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace der {
+class Input;
+}

[Ryan Sleevi, 2015/07/07 14:07:31]

nit: }  // namespace der

[eroman, 2015/07/07 18:07:00]

Done.

+
+class SignatureAlgorithm;
+
+// Verifies that |signature_value| is a valid signature of |signed_data| using
+// the algorithm |signature_algorithm| and the public key |public_key|.
+//
+//   |signature_algorithm| - The parsed AlgorithmIdentifier
+//   |signed_data| - The blob of data to verify
+//   |signature_value| - The bytes for the signature's value, to be interpreted
+//        according to the signature algorithm.
+//        IMPORTANT: In RFC 5280, signatureValue is a BIT STRING. The expected
+//        input to this function is the byte contents of that bit string, and
+//        not the BIT STRING's DER itself.
+//   |public_key| - A DER encoded SubjectPublicKeyInfo.

[Ryan Sleevi, 2015/07/07 14:07:31]

nit: DER-encoded

[eroman, 2015/07/07 18:07:00]

Done.

+//
+// Returns true if verification was successful.
+NET_EXPORT bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
+                                 const der::Input& signed_data,
+                                 const der::Input& signature_value,
+                                 const der::Input& public_key)
+    WARN_UNUSED_RESULT;
+
+}  // namespace net
+
+#endif  // NET_CERT_INTERNAL_VERIFY_SIGNED_DATA_H_