Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a94ba1748703972f801f0893f002c6baf8a68870^! / . / libs / apkverify / src / sigutil.rs
commita94ba1748703972f801f0893f002c6baf8a68870[log] [tgz]
authorAlice Wang <aliceywang@google.com>Thu Sep 08 15:25:31 2022 +0000
committerAlice Wang <aliceywang@google.com>Fri Sep 09 12:30:42 2022 +0000
treea796b28d56d254f62990659044d3e8d2c201f383
parented79eabc0c02b57bc6ff42c1f536139f1344264c [diff] [blame]
Test V4 apk_digest computation in apkverify

Bug: 239534874
Test: atest libapkverify.test
Change-Id: I73df9d67be0fdc922299968a56db7ed87dec171c

diff --git a/libs/apkverify/src/sigutil.rs b/libs/apkverify/src/sigutil.rs
index 7034527..72c5c1a 100644
--- a/libs/apkverify/src/sigutil.rs
+++ b/libs/apkverify/src/sigutil.rs

@@ -289,17 +289,20 @@
     }
 }
 
-/// Rank the signature algorithm according to the preferences of the v4 signing scheme.
-pub fn rank_signature_algorithm(algo: u32) -> Result<u32> {
-    rank_content_digest_algorithm(to_content_digest_algorithm(algo)?)
-}
-
-fn rank_content_digest_algorithm(id: u32) -> Result<u32> {
-    match id {
+/// This method is used to help pick v4 apk digest. According to APK Signature
+/// Scheme v4, apk digest is the first available content digest of the highest
+/// rank (rank N).
+///
+/// This rank was also used for step 3a of the v3 signature verification.
+///
+/// [v3 verification]: https://source.android.com/docs/security/apksigning/v3#v3-verification
+pub fn get_signature_algorithm_rank(algo: u32) -> Result<u32> {
+    let content_digest = to_content_digest_algorithm(algo)?;
+    match content_digest {
         CONTENT_DIGEST_CHUNKED_SHA256 => Ok(0),
         CONTENT_DIGEST_VERITY_CHUNKED_SHA256 => Ok(1),
         CONTENT_DIGEST_CHUNKED_SHA512 => Ok(2),
-        _ => bail!("Unknown digest algorithm: {}", id),
+        _ => bail!("Unknown digest algorithm: {}", content_digest),
     }
 }