Revert "[apkverify] Skip DSA SHA256 during apk verification"
This reverts commit c68b95b84de4b852b0e6480df459b8f8ec8d41e3.
Reason for revert: b/248068872
Test: atest libidsig.test
Change-Id: Ib978f23954fe6d901b4806d230e3067c4572083f
diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index f2018a1..5bd901d 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -40,11 +40,22 @@
}
#[test]
-fn apks_signed_with_v3_dsa_sha256_are_not_supported() {
+fn test_verify_v3_dsa_sha256() {
for key_name in KEY_NAMES_DSA.iter() {
let res = verify(format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name));
- assert!(res.is_err(), "DSA algorithm is not supported for verification. See b/197052981.");
- assert_contains(&res.unwrap_err().to_string(), "No supported signatures found");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "not implemented");
+ }
+}
+
+/// TODO(b/197052981): DSA algorithm is not yet supported.
+#[test]
+fn apks_signed_with_v3_dsa_sha256_have_valid_apk_digest() {
+ for key_name in KEY_NAMES_DSA.iter() {
+ validate_apk_digest(
+ format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name),
+ SignatureAlgorithmID::DsaWithSha256,
+ );
}
}
@@ -91,6 +102,7 @@
#[test]
fn test_verify_v3_sig_does_not_verify() {
let path_list = [
+ "tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk",
"tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk",
"tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk",
];
@@ -106,9 +118,16 @@
#[test]
fn test_verify_v3_digest_mismatch() {
- let res = verify("tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk");
- assert!(res.is_err());
- assert_contains(&res.unwrap_err().to_string(), "Digest mismatch");
+ let path_list = [
+ "tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk",
+ "tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk",
+ ];
+ for path in path_list.iter() {
+ let res = verify(path);
+ assert!(res.is_err());
+ let error_msg = &res.unwrap_err().to_string();
+ assert!(error_msg.contains("Digest mismatch") || error_msg.contains("not implemented"));
+ }
}
#[test]