idsig: Include the APK digest
Get the best APK digest from the APK and include it in the generated
idsig.
Test: atest libidsig.test
Bug: 234564414
Change-Id: If55eab3bb62131bcdb9dfeb6000b9a5ba7ab9236
diff --git a/libs/idsig/src/apksigv4.rs b/libs/idsig/src/apksigv4.rs
index 3004ed1..db8a8c6 100644
--- a/libs/idsig/src/apksigv4.rs
+++ b/libs/idsig/src/apksigv4.rs
@@ -15,6 +15,7 @@
*/
use anyhow::{anyhow, bail, Context, Result};
+use apkverify::pick_v4_apk_digest;
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use num_derive::{FromPrimitive, ToPrimitive};
use num_traits::{FromPrimitive, ToPrimitive};
@@ -190,9 +191,12 @@
ret.hashing_info.raw_root_hash = hash_tree.root_hash.into_boxed_slice();
ret.hashing_info.log2_blocksize = log2(block_size);
- // TODO(jiyong): fill the signing_info struct by reading the APK file. The information,
- // especially `apk_digest` is needed to check if `V4Signature` is outdated, in which case
- // it needs to be created from the updated APK.
+ apk.seek(SeekFrom::Start(start))?;
+ let (signature_algorithm_id, apk_digest) = pick_v4_apk_digest(apk)?;
+ ret.signing_info.signature_algorithm_id =
+ SignatureAlgorithmId::from(signature_algorithm_id)?;
+ ret.signing_info.apk_digest = apk_digest;
+ // TODO(jiyong): add a signature to the signing_info struct
Ok(ret)
}