commit 5070102465dee8e53ed063fa8bcca7fd9bc56f2d
author Alice Wang <aliceywang@google.com> Wed Sep 21 08:51:38 2022 +0000
committer Alice Wang <aliceywang@google.com> Fri Sep 23 08:07:34 2022 +0000
tree 7224d06210ac26789cb2b6cac9267e99c68b9c5a
parent 0da928ae7b39b369a9364ca5dc68739ccfbec69f

Reland "[apkverify] Skip DSA SHA256 during apk verification"

Reland this change as the broken idsig test has been fixed.

Test: libapkverify.integration_test
Bug: 197052981
Change-Id: Ic7c18915b33c506f09a8e821f613668a0600cac2

libs/apkverify/src/algorithms.rs

diff --git a/libs/apkverify/src/algorithms.rs b/libs/apkverify/src/algorithms.rs
index 6d4362b..ed2c1fc 100644
--- a/libs/apkverify/src/algorithms.rs
+++ b/libs/apkverify/src/algorithms.rs
@@ -102,7 +102,7 @@
                 self,
                 SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256
             ),
-            "TODO(b/197052981): Algorithm '{:?}' is not implemented.",
+            "Algorithm '{:?}' is not supported in openssl to build this verifier (b/197052981).",
             self
         );
         ensure!(public_key.id() == self.pkey_id(), "Public key has the wrong ID");
@@ -130,6 +130,14 @@
         }
     }
 
+    /// DSA is not directly supported in openssl today. See b/197052981.
+    pub(crate) fn is_supported(&self) -> bool {
+        !matches!(
+            self,
+            SignatureAlgorithmID::DsaWithSha256 | SignatureAlgorithmID::VerityDsaWithSha256,
+        )
+    }
+
     fn pkey_id(&self) -> pkey::Id {
         match self {
             SignatureAlgorithmID::RsaPssWithSha256