[idsig] Use SignatureAlgorithmID from apkverify
This CL lets idsig uses the enum SignatureAlgorithmID from
apkverify instead of creating a duplicate enum.
Bug: 246254355
Test: libidsig.test libapkverify.integration_test
Change-Id: Id634e296f93018f15a8aa502c676706b7d52a7d2
diff --git a/libs/apkverify/src/algorithms.rs b/libs/apkverify/src/algorithms.rs
index edfa946..9e6c415 100644
--- a/libs/apkverify/src/algorithms.rs
+++ b/libs/apkverify/src/algorithms.rs
@@ -17,7 +17,7 @@
//! Algorithms used for APK Signature Scheme.
use anyhow::{ensure, Result};
-use num_derive::FromPrimitive;
+use num_derive::{FromPrimitive, ToPrimitive};
use openssl::hash::MessageDigest;
use openssl::pkey::{self, PKey};
use openssl::rsa::Padding;
@@ -25,23 +25,58 @@
use std::cmp::Ordering;
/// [Signature Algorithm IDs]: https://source.android.com/docs/security/apksigning/v2#signature-algorithm-ids
+/// [SignatureAlgorithm.java]: (tools/apksig/src/main/java/com/android/apksig/internal/apk/SignatureAlgorithm.java)
///
/// Some of the algorithms are not implemented. See b/197052981.
-#[derive(Clone, Debug, Eq, FromPrimitive)]
+#[derive(Clone, Debug, Eq, FromPrimitive, ToPrimitive)]
#[repr(u32)]
pub enum SignatureAlgorithmID {
+ /// RSASSA-PSS with SHA2-256 digest, SHA2-256 MGF1, 32 bytes of salt, trailer: 0xbc, content
+ /// digested using SHA2-256 in 1 MB chunks.
RsaPssWithSha256 = 0x0101,
+
+ /// RSASSA-PSS with SHA2-512 digest, SHA2-512 MGF1, 64 bytes of salt, trailer: 0xbc, content
+ /// digested using SHA2-512 in 1 MB chunks.
RsaPssWithSha512 = 0x0102,
+
+ /// RSASSA-PKCS1-v1_5 with SHA2-256 digest, content digested using SHA2-256 in 1 MB chunks.
RsaPkcs1V15WithSha256 = 0x0103,
+
+ /// RSASSA-PKCS1-v1_5 with SHA2-512 digest, content digested using SHA2-512 in 1 MB chunks.
RsaPkcs1V15WithSha512 = 0x0104,
+
+ /// ECDSA with SHA2-256 digest, content digested using SHA2-256 in 1 MB chunks.
EcdsaWithSha256 = 0x0201,
+
+ /// ECDSA with SHA2-512 digest, content digested using SHA2-512 in 1 MB chunks.
EcdsaWithSha512 = 0x0202,
+
+ /// DSA with SHA2-256 digest, content digested using SHA2-256 in 1 MB chunks.
+ /// Signing is done deterministically according to RFC 6979.
DsaWithSha256 = 0x0301,
+
+ /// RSASSA-PKCS1-v1_5 with SHA2-256 digest, content digested using SHA2-256 in 4 KB
+ /// chunks, in the same way fsverity operates. This digest and the content length
+ /// (before digestion, 8 bytes in little endian) construct the final digest.
VerityRsaPkcs1V15WithSha256 = 0x0421,
+
+ /// ECDSA with SHA2-256 digest, content digested using SHA2-256 in 4 KB chunks, in the
+ /// same way fsverity operates. This digest and the content length (before digestion,
+ /// 8 bytes in little endian) construct the final digest.
VerityEcdsaWithSha256 = 0x0423,
+
+ /// DSA with SHA2-256 digest, content digested using SHA2-256 in 4 KB chunks, in the
+ /// same way fsverity operates. This digest and the content length (before digestion,
+ /// 8 bytes in little endian) construct the final digest.
VerityDsaWithSha256 = 0x0425,
}
+impl Default for SignatureAlgorithmID {
+ fn default() -> Self {
+ SignatureAlgorithmID::DsaWithSha256
+ }
+}
+
impl Ord for SignatureAlgorithmID {
/// Ranks the signature algorithm according to the corresponding content
/// digest algorithm's rank.