Improve test coverage v3-only for apkverify
APKs are brought from tools/apksig/src/test/resources/com/android/apksig
Covered test for all existing v3-only apks at there.
Bug: 233573377
Test: atest libapkverify.integration_test
Change-Id: Icdad3afa352fec2286d70a395f18a0973e6e2def
diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 22faba4..a674ad7 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -17,29 +17,9 @@
use apkverify::{testing::assert_contains, verify};
use std::matches;
-#[test]
-fn test_verify_v3() {
- assert!(verify("tests/data/test.apex").is_ok());
-}
-
-#[test]
-fn test_verify_v3_ecdsa_sha256_p256() {
- assert!(verify("tests/data/v3-only-with-ecdsa-sha256-p256.apk").is_ok());
-}
-
-#[test]
-fn test_verify_v3_digest_mismatch() {
- let res = verify("tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk");
- assert!(res.is_err());
- assert_contains(&res.unwrap_err().to_string(), "Digest mismatch");
-}
-
-#[test]
-fn test_verify_v3_cert_and_public_key_mismatch() {
- let res = verify("tests/data/v3-only-cert-and-public-key-mismatch.apk");
- assert!(res.is_err());
- assert_contains(&res.unwrap_err().to_string(), "Public key mismatch");
-}
+const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
+const KEY_NAMES_ECDSA: &[&str] = &["p256", "p384", "p521"];
+const KEY_NAMES_RSA: &[&str] = &["1024", "2048", "3072", "4096", "8192", "16384"];
#[test]
fn test_verify_truncated_cd() {
@@ -51,3 +31,172 @@
ZipError::InvalidArchive(_),
));
}
+
+#[test]
+fn test_verify_v3() {
+ assert!(verify("tests/data/test.apex").is_ok());
+}
+
+// TODO(b/190343842)
+#[test]
+fn test_verify_v3_dsa_sha256() {
+ for key_name in KEY_NAMES_DSA.iter() {
+ let res = verify(format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name));
+ assert!(res.is_err());
+ assert_contains(
+ &res.unwrap_err().to_string(),
+ "TODO(b/190343842) not implemented signature algorithm",
+ );
+ }
+}
+
+#[test]
+fn test_verify_v3_ecdsa_sha256() {
+ for key_name in KEY_NAMES_ECDSA.iter() {
+ assert!(verify(format!("tests/data/v3-only-with-ecdsa-sha256-{}.apk", key_name)).is_ok());
+ }
+}
+
+// TODO(b/190343842)
+#[test]
+fn test_verify_v3_ecdsa_sha512() {
+ for key_name in KEY_NAMES_ECDSA.iter() {
+ let res = verify(format!("tests/data/v3-only-with-ecdsa-sha512-{}.apk", key_name));
+ assert!(res.is_err());
+ assert_contains(
+ &res.unwrap_err().to_string(),
+ "TODO(b/190343842) not implemented signature algorithm",
+ );
+ }
+}
+
+#[test]
+fn test_verify_v3_rsa_sha256() {
+ for key_name in KEY_NAMES_RSA.iter() {
+ assert!(
+ verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha256-{}.apk", key_name)).is_ok()
+ );
+ }
+}
+
+#[test]
+fn test_verify_v3_rsa_sha512() {
+ for key_name in KEY_NAMES_RSA.iter() {
+ assert!(
+ verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha512-{}.apk", key_name)).is_ok()
+ );
+ }
+}
+
+// TODO(b/190343842)
+#[test]
+fn test_verify_v3_sig_does_not_verify() {
+ let path_list = [
+ "tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk",
+ "tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk",
+ "tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk",
+ ];
+ for path in path_list.iter() {
+ let res = verify(path);
+ assert!(res.is_err());
+ let error_msg = &res.unwrap_err().to_string();
+ assert!(
+ error_msg.contains("Signature is invalid")
+ || error_msg.contains("TODO(b/190343842) not implemented signature algorithm")
+ );
+ }
+}
+
+// TODO(b/190343842)
+#[test]
+fn test_verify_v3_digest_mismatch() {
+ let path_list = [
+ "tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk",
+ "tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk",
+ ];
+ for path in path_list.iter() {
+ let res = verify(path);
+ assert!(res.is_err());
+ let error_msg = &res.unwrap_err().to_string();
+ assert!(
+ error_msg.contains("Digest mismatch")
+ || error_msg.contains("TODO(b/190343842) not implemented signature algorithm")
+ );
+ }
+}
+
+#[test]
+fn test_verify_v3_wrong_apk_sig_block_magic() {
+ let res = verify("tests/data/v3-only-with-ecdsa-sha512-p384-wrong-apk-sig-block-magic.apk");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "No APK Signing Block");
+}
+
+#[test]
+fn test_verify_v3_apk_sig_block_size_mismatch() {
+ let res =
+ verify("tests/data/v3-only-with-rsa-pkcs1-sha512-4096-apk-sig-block-size-mismatch.apk");
+ assert!(res.is_err());
+ assert_contains(
+ &res.unwrap_err().to_string(),
+ "APK Signing Block sizes in header and footer do not match",
+ );
+}
+
+#[test]
+fn test_verify_v3_cert_and_public_key_mismatch() {
+ let res = verify("tests/data/v3-only-cert-and-public-key-mismatch.apk");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "Public key mismatch");
+}
+
+#[test]
+fn test_verify_v3_empty() {
+ let res = verify("tests/data/v3-only-empty.apk");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "APK too small for APK Signing Block");
+}
+
+#[test]
+fn test_verify_v3_no_certs_in_sig() {
+ let res = verify("tests/data/v3-only-no-certs-in-sig.apk");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "No certificates listed");
+}
+
+#[test]
+fn test_verify_v3_no_supported_sig_algs() {
+ let res = verify("tests/data/v3-only-no-supported-sig-algs.apk");
+ assert!(res.is_err());
+ assert_contains(&res.unwrap_err().to_string(), "No supported signatures found");
+}
+
+#[test]
+fn test_verify_v3_signatures_and_digests_block_mismatch() {
+ let res = verify("tests/data/v3-only-signatures-and-digests-block-mismatch.apk");
+ assert!(res.is_err());
+ assert_contains(
+ &res.unwrap_err().to_string(),
+ "Signature algorithms don't match between digests and signatures records",
+ );
+}
+
+#[test]
+fn test_verify_v3_unknown_additional_attr() {
+ assert!(verify("tests/data/v3-only-unknown-additional-attr.apk").is_ok());
+}
+
+#[test]
+fn test_verify_v3_unknown_pair_in_apk_sig_block() {
+ assert!(verify("tests/data/v3-only-unknown-pair-in-apk-sig-block.apk").is_ok());
+}
+
+#[test]
+fn test_verify_v3_ignorable_unsupported_sig_algs() {
+ assert!(verify("tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk").is_ok());
+}
+
+#[test]
+fn test_verify_v3_stamp() {
+ assert!(verify("tests/data/v3-only-with-stamp.apk").is_ok());
+}
diff --git a/libs/apkverify/tests/data/v3-only-empty.apk b/libs/apkverify/tests/data/v3-only-empty.apk
new file mode 100644
index 0000000..15cb0ec
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-empty.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-no-certs-in-sig.apk b/libs/apkverify/tests/data/v3-only-no-certs-in-sig.apk
new file mode 100644
index 0000000..86e7971
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-no-certs-in-sig.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-no-supported-sig-algs.apk b/libs/apkverify/tests/data/v3-only-no-supported-sig-algs.apk
new file mode 100644
index 0000000..f0debf3
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-no-supported-sig-algs.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-signatures-and-digests-block-mismatch.apk b/libs/apkverify/tests/data/v3-only-signatures-and-digests-block-mismatch.apk
new file mode 100644
index 0000000..31aea2f
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-signatures-and-digests-block-mismatch.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-unknown-additional-attr.apk b/libs/apkverify/tests/data/v3-only-unknown-additional-attr.apk
new file mode 100644
index 0000000..2245922
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-unknown-additional-attr.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-unknown-pair-in-apk-sig-block.apk b/libs/apkverify/tests/data/v3-only-unknown-pair-in-apk-sig-block.apk
new file mode 100644
index 0000000..49eeaf3
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-unknown-pair-in-apk-sig-block.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-dsa-sha256-1024.apk b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-1024.apk
new file mode 100644
index 0000000..af6b0d7
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-1024.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk
new file mode 100644
index 0000000..50dbab2
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048.apk b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048.apk
new file mode 100644
index 0000000..3d2161e
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-2048.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk
new file mode 100644
index 0000000..42f885b
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072.apk b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072.apk
new file mode 100644
index 0000000..c58902d
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-dsa-sha256-3072.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p384.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p384.apk
new file mode 100644
index 0000000..75135af
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p384.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p521.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p521.apk
new file mode 100644
index 0000000..74071f0
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha256-p521.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p256.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p256.apk
new file mode 100644
index 0000000..543c1f3
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p256.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384-wrong-apk-sig-block-magic.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384-wrong-apk-sig-block-magic.apk
new file mode 100644
index 0000000..ce79751
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384-wrong-apk-sig-block-magic.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384.apk
new file mode 100644
index 0000000..36fa0ee
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p384.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk
new file mode 100644
index 0000000..8e89c98
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521.apk b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521.apk
new file mode 100644
index 0000000..b74b4fb
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ecdsa-sha512-p521.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk b/libs/apkverify/tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk
new file mode 100644
index 0000000..88ae376
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-1024.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-1024.apk
new file mode 100644
index 0000000..7a62c24
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-1024.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-16384.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-16384.apk
new file mode 100644
index 0000000..825cfba
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-16384.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-2048.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-2048.apk
new file mode 100644
index 0000000..1ab85f8
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-2048.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk
new file mode 100644
index 0000000..ddaaccd
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072.apk
new file mode 100644
index 0000000..8bcc82c
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-3072.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-4096.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-4096.apk
new file mode 100644
index 0000000..0c9391c
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-4096.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-8192.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-8192.apk
new file mode 100644
index 0000000..41db21b
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha256-8192.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-1024.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-1024.apk
new file mode 100644
index 0000000..776d366
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-1024.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-16384.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-16384.apk
new file mode 100644
index 0000000..85146f1
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-16384.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-2048.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-2048.apk
new file mode 100644
index 0000000..8b1b915
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-2048.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-3072.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-3072.apk
new file mode 100644
index 0000000..5b364fd
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-3072.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096-apk-sig-block-size-mismatch.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096-apk-sig-block-size-mismatch.apk
new file mode 100644
index 0000000..52d5a67
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096-apk-sig-block-size-mismatch.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096.apk
new file mode 100644
index 0000000..c210b70
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-4096.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-8192.apk b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-8192.apk
new file mode 100644
index 0000000..3c2cc79
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-rsa-pkcs1-sha512-8192.apk
Binary files differ
diff --git a/libs/apkverify/tests/data/v3-only-with-stamp.apk b/libs/apkverify/tests/data/v3-only-with-stamp.apk
new file mode 100644
index 0000000..5f65214
--- /dev/null
+++ b/libs/apkverify/tests/data/v3-only-with-stamp.apk
Binary files differ