commit 9173eb83ba5425fa290e94ab6d25e62b48e52d30
author Andrew Scull <ascull@google.com> Wed Jun 01 09:17:14 2022 +0000
committer Andrew Scull <ascull@google.com> Wed Jun 01 14:35:34 2022 +0000
tree daeeb3f804e561f48fc5b122fb4676304669c415
parent ddc9f24ce4e3522c555329fe410d447e15cc76a5

apkverify: Rank based on v4 preferences

The signing algorithms were already ranked following the order of
preference used by the v4 signing scheme, so there's no functional
change. Documentation is added to make this connection explicit and a
functions for selecting the best signed is factored out.

Test: libapkverify.test
Bug: 234564414
Change-Id: I28e25ce744cbc5854d1cb2b73fee9f966d2f8eb6

libs/apkverify/src/sigutil.rs

diff --git a/libs/apkverify/src/sigutil.rs b/libs/apkverify/src/sigutil.rs
index 009154f..2b2f9da 100644
--- a/libs/apkverify/src/sigutil.rs
+++ b/libs/apkverify/src/sigutil.rs
@@ -282,6 +282,7 @@
     }
 }
 
+/// Rank the signature algorithm according to the preferences of the v4 signing scheme.
 pub fn rank_signature_algorithm(algo: u32) -> Result<u32> {
     rank_content_digest_algorithm(to_content_digest_algorithm(algo)?)
 }

libs/apkverify/src/v3.rs

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 16530be..710c9c3 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -129,15 +129,20 @@
 }
 
 impl Signer {
-    fn verify<R: Read + Seek>(&self, sections: &mut ApkSections<R>) -> Result<Box<[u8]>> {
-        // 1. Choose the strongest supported signature algorithm ID from signatures. The strength
-        //    ordering is up to each implementation/platform version.
-        let strongest: &Signature = self
+    /// Select the signature that uses the strongest algorithm according to the preferences of the
+    /// v4 signing scheme.
+    fn strongest_signature(&self) -> Result<&Signature> {
+        Ok(self
             .signatures
             .iter()
             .filter(|sig| is_supported_signature_algorithm(sig.signature_algorithm_id))
             .max_by_key(|sig| rank_signature_algorithm(sig.signature_algorithm_id).unwrap())
-            .ok_or_else(|| anyhow!("No supported signatures found"))?;
+            .ok_or_else(|| anyhow!("No supported signatures found"))?)
+    }
+
+    fn verify<R: Read + Seek>(&self, sections: &mut ApkSections<R>) -> Result<Box<[u8]>> {
+        // 1. Choose the strongest supported signature algorithm ID from signatures.
+        let strongest = self.strongest_signature()?;
 
         // 2. Verify the corresponding signature from signatures against signed data using public key.
         //    (It is now safe to parse signed data.)