Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 3bae36ceec768e58f4b3c5ff1a9e05e940f0c25b^! / . / libs / apkverify / src
commit3bae36ceec768e58f4b3c5ff1a9e05e940f0c25b[log] [tgz]
authorAndrew Scull <ascull@google.com>Wed Sep 21 21:55:42 2022 +0000
committerAndrew Scull <ascull@google.com>Wed Sep 21 22:08:09 2022 +0000
tree75c81db0583f2ee498e1d30dcd493a4b2630cae4
parentbe9493c8941af058ffab925b07fced93be1988a4 [diff]
Revert "[apkverify] Skip DSA SHA256 during apk verification"

This reverts commit c68b95b84de4b852b0e6480df459b8f8ec8d41e3.

Reason for revert: b/248068872

Test: atest libidsig.test
Change-Id: Ib978f23954fe6d901b4806d230e3067c4572083f

diff --git a/libs/apkverify/src/algorithms.rs b/libs/apkverify/src/algorithms.rs
index ecca7ed..a1cf368 100644
--- a/libs/apkverify/src/algorithms.rs
+++ b/libs/apkverify/src/algorithms.rs

@@ -97,6 +97,14 @@
         &self,
         public_key: &'a PKey<pkey::Public>,
     ) -> Result<Verifier<'a>> {
+        ensure!(
+            !matches!(
+                self,
+                SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256
+            ),
+            "TODO(b/197052981): Algorithm '{:?}' is not implemented.",
+            self
+        );
         ensure!(public_key.id() == self.pkey_id(), "Public key has the wrong ID");
         let mut verifier = Verifier::new(self.new_message_digest(), public_key)?;
         if public_key.id() == pkey::Id::RSA {
@@ -122,14 +130,6 @@
         }
     }
 
-    /// DSA is not directly supported in openssl today. See b/197052981.
-    pub(crate) fn is_supported(&self) -> bool {
-        !matches!(
-            self,
-            SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256,
-        )
-    }
-
     fn pkey_id(&self) -> pkey::Id {
         match self {
             SignatureAlgorithmID::RsaPssWithSha256

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 5272834..2a16cb1 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs

@@ -139,7 +139,7 @@
         Ok(self
             .signatures
             .iter()
-            .filter(|sig| sig.signature_algorithm_id.map_or(false, |algo| algo.is_supported()))
+            .filter(|sig| sig.signature_algorithm_id.is_some())
             .max_by_key(|sig| sig.signature_algorithm_id.unwrap().content_digest_algorithm())
             .context("No supported signatures found")?)
     }