commit 5070102465dee8e53ed063fa8bcca7fd9bc56f2d
author Alice Wang <aliceywang@google.com> Wed Sep 21 08:51:38 2022 +0000
committer Alice Wang <aliceywang@google.com> Fri Sep 23 08:07:34 2022 +0000
tree 7224d06210ac26789cb2b6cac9267e99c68b9c5a
parent 0da928ae7b39b369a9364ca5dc68739ccfbec69f

Reland "[apkverify] Skip DSA SHA256 during apk verification"

Reland this change as the broken idsig test has been fixed.

Test: libapkverify.integration_test
Bug: 197052981
Change-Id: Ic7c18915b33c506f09a8e821f613668a0600cac2

libs/apkverify/tests/apkverify_test.rs

diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 5bd901d..e17ba5c 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -40,22 +40,11 @@
 }
 
 #[test]
-fn test_verify_v3_dsa_sha256() {
+fn apks_signed_with_v3_dsa_sha256_are_not_supported() {
     for key_name in KEY_NAMES_DSA.iter() {
         let res = verify(format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name));
-        assert!(res.is_err());
-        assert_contains(&res.unwrap_err().to_string(), "not implemented");
-    }
-}
-
-/// TODO(b/197052981): DSA algorithm is not yet supported.
-#[test]
-fn apks_signed_with_v3_dsa_sha256_have_valid_apk_digest() {
-    for key_name in KEY_NAMES_DSA.iter() {
-        validate_apk_digest(
-            format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name),
-            SignatureAlgorithmID::DsaWithSha256,
-        );
+        assert!(res.is_err(), "DSA algorithm is not supported for verification. See b/197052981.");
+        assert_contains(&res.unwrap_err().to_string(), "No supported signatures found");
     }
 }
 
@@ -102,32 +91,21 @@
 #[test]
 fn test_verify_v3_sig_does_not_verify() {
     let path_list = [
-        "tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk",
         "tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk",
         "tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk",
     ];
     for path in path_list.iter() {
         let res = verify(path);
         assert!(res.is_err());
-        let error_msg = &res.unwrap_err().to_string();
-        assert!(
-            error_msg.contains("Signature is invalid") || error_msg.contains("not implemented")
-        );
+        assert_contains(&res.unwrap_err().to_string(), "Signature is invalid");
     }
 }
 
 #[test]
 fn test_verify_v3_digest_mismatch() {
-    let path_list = [
-        "tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk",
-        "tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk",
-    ];
-    for path in path_list.iter() {
-        let res = verify(path);
-        assert!(res.is_err());
-        let error_msg = &res.unwrap_err().to_string();
-        assert!(error_msg.contains("Digest mismatch") || error_msg.contains("not implemented"));
-    }
+    let res = verify("tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk");
+    assert!(res.is_err());
+    assert_contains(&res.unwrap_err().to_string(), "Digest mismatch");
 }
 
 #[test]