Revert "[apkverify] Skip DSA SHA256 during apk verification"
This reverts commit c68b95b84de4b852b0e6480df459b8f8ec8d41e3.
Reason for revert: b/248068872
Test: atest libidsig.test
Change-Id: Ib978f23954fe6d901b4806d230e3067c4572083f
diff --git a/libs/apkverify/src/algorithms.rs b/libs/apkverify/src/algorithms.rs
index ecca7ed..a1cf368 100644
--- a/libs/apkverify/src/algorithms.rs
+++ b/libs/apkverify/src/algorithms.rs
@@ -97,6 +97,14 @@
&self,
public_key: &'a PKey<pkey::Public>,
) -> Result<Verifier<'a>> {
+ ensure!(
+ !matches!(
+ self,
+ SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256
+ ),
+ "TODO(b/197052981): Algorithm '{:?}' is not implemented.",
+ self
+ );
ensure!(public_key.id() == self.pkey_id(), "Public key has the wrong ID");
let mut verifier = Verifier::new(self.new_message_digest(), public_key)?;
if public_key.id() == pkey::Id::RSA {
@@ -122,14 +130,6 @@
}
}
- /// DSA is not directly supported in openssl today. See b/197052981.
- pub(crate) fn is_supported(&self) -> bool {
- !matches!(
- self,
- SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256,
- )
- }
-
fn pkey_id(&self) -> pkey::Id {
match self {
SignatureAlgorithmID::RsaPssWithSha256