Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 2ef3074e4820ed8bf3348b81710fc7469677f86e^! / . / libs / apkverify / src / v3.rs
commit2ef3074e4820ed8bf3348b81710fc7469677f86e[log] [tgz]
authorAlice Wang <aliceywang@google.com>Mon Sep 19 11:59:17 2022 +0000
committerAlice Wang <aliceywang@google.com>Mon Sep 19 20:19:53 2022 +0000
treeea10fb61548619f03374922c455927280e13e3eb
parentf8f201143056cdba75cfc624af3ca63432cddfdd [diff] [blame]
[apk_digest] Return SignatureAlgorithmID when fetching apk digest

This CL changes the apk digest fetch API's return type from raw
integer to SignatureAlgorithmID enum. This API is used in avmd
and idsig.

Bug: 246254355
Test: avmdtool_tests libidsig.test libapkverify.test
Change-Id: I4aba18e22324f74af328115a6cadd718eb45f220

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 2f8fb45..875fec8 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs

@@ -127,7 +127,7 @@
 /// Gets the v4 [apk_digest].
 ///
 /// [apk_digest]: https://source.android.com/docs/security/apksigning/v4#apk-digest
-pub fn pick_v4_apk_digest<R: Read + Seek>(apk: R) -> Result<(u32, Box<[u8]>)> {
+pub fn pick_v4_apk_digest<R: Read + Seek>(apk: R) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
     let mut sections = ApkSections::new(apk)?;
     let mut block = sections.find_signature(APK_SIGNATURE_SCHEME_V3_BLOCK_ID)?;
     let signers = block.read::<Signers>()?;
@@ -151,7 +151,7 @@
             .context("No supported signatures found")?)
     }
 
-    fn pick_v4_apk_digest(&self) -> Result<(u32, Box<[u8]>)> {
+    fn pick_v4_apk_digest(&self) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
         let strongest = self.strongest_signature()?;
         let signed_data: SignedData = self.signed_data.slice(..).read()?;
         let digest = signed_data
@@ -159,7 +159,10 @@
             .iter()
             .find(|&dig| dig.signature_algorithm_id == strongest.signature_algorithm_id)
             .context("Digest not found")?;
-        Ok((digest.signature_algorithm_id, digest.digest.as_ref().to_vec().into_boxed_slice()))
+        // TODO(b/246254355): Remove this conversion once Digest contains the enum SignatureAlgorithmID
+        let signature_algorithm_id = SignatureAlgorithmID::from_u32(digest.signature_algorithm_id)
+            .context("Unsupported algorithm")?;
+        Ok((signature_algorithm_id, digest.digest.as_ref().to_vec().into_boxed_slice()))
     }
 
     /// The steps in this method implements APK Signature Scheme v3 verification step 3.
@@ -297,7 +300,7 @@
     fn test_pick_v4_apk_digest_only_with_v3_dsa_sha256() {
         check_v4_apk_digest(
             "tests/data/v3-only-with-dsa-sha256-1024.apk",
-            SIGNATURE_DSA_WITH_SHA256,
+            SignatureAlgorithmID::DsaWithSha256,
             "0DF2426EA33AEDAF495D88E5BE0C6A1663FF0A81C5ED12D5B2929AE4B4300F2F",
         );
     }
@@ -306,13 +309,17 @@
     fn test_pick_v4_apk_digest_only_with_v3_pkcs1_sha512() {
         check_v4_apk_digest(
             "tests/data/v3-only-with-rsa-pkcs1-sha512-1024.apk",
-            SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512,
+            SignatureAlgorithmID::RsaPkcs1V15WithSha512,
             "9B9AE02DA60B18999BF541790F00D380006FDF0655C3C482AA0BB0AF17CF7A42\
              ECF56B973518546C9080B2FEF83027E895ED2882BFC88EA19790BBAB29AF53B3",
         );
     }
 
-    fn check_v4_apk_digest(apk_filename: &str, expected_algorithm: u32, expected_digest: &str) {
+    fn check_v4_apk_digest(
+        apk_filename: &str,
+        expected_algorithm: SignatureAlgorithmID,
+        expected_digest: &str,
+    ) {
         let apk_file = File::open(apk_filename).unwrap();
         let (signature_algorithm_id, apk_digest) = pick_v4_apk_digest(apk_file).unwrap();