idsig: Include the APK digest
Get the best APK digest from the APK and include it in the generated
idsig.
Test: atest libidsig.test
Bug: 234564414
Change-Id: If55eab3bb62131bcdb9dfeb6000b9a5ba7ab9236
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index 2445dd5..d45a77f 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -24,6 +24,7 @@
defaults: ["libapkverify.defaults"],
// TODO(b/204562227): move to host_supported to the defaults to include tests
host_supported: true,
+ apex_available: ["com.android.virt"],
}
rust_test {
diff --git a/libs/idsig/Android.bp b/libs/idsig/Android.bp
index 2e9c663..25eeae4 100644
--- a/libs/idsig/Android.bp
+++ b/libs/idsig/Android.bp
@@ -10,6 +10,7 @@
prefer_rlib: true,
rustlibs: [
"libanyhow",
+ "libapkverify",
"libbyteorder",
"libnum_traits",
"libopenssl",
diff --git a/libs/idsig/src/apksigv4.rs b/libs/idsig/src/apksigv4.rs
index 3004ed1..db8a8c6 100644
--- a/libs/idsig/src/apksigv4.rs
+++ b/libs/idsig/src/apksigv4.rs
@@ -15,6 +15,7 @@
*/
use anyhow::{anyhow, bail, Context, Result};
+use apkverify::pick_v4_apk_digest;
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use num_derive::{FromPrimitive, ToPrimitive};
use num_traits::{FromPrimitive, ToPrimitive};
@@ -190,9 +191,12 @@
ret.hashing_info.raw_root_hash = hash_tree.root_hash.into_boxed_slice();
ret.hashing_info.log2_blocksize = log2(block_size);
- // TODO(jiyong): fill the signing_info struct by reading the APK file. The information,
- // especially `apk_digest` is needed to check if `V4Signature` is outdated, in which case
- // it needs to be created from the updated APK.
+ apk.seek(SeekFrom::Start(start))?;
+ let (signature_algorithm_id, apk_digest) = pick_v4_apk_digest(apk)?;
+ ret.signing_info.signature_algorithm_id =
+ SignatureAlgorithmId::from(signature_algorithm_id)?;
+ ret.signing_info.apk_digest = apk_digest;
+ // TODO(jiyong): add a signature to the signing_info struct
Ok(ret)
}