commit a94ba1748703972f801f0893f002c6baf8a68870
author Alice Wang <aliceywang@google.com> Thu Sep 08 15:25:31 2022 +0000
committer Alice Wang <aliceywang@google.com> Fri Sep 09 12:30:42 2022 +0000
tree a796b28d56d254f62990659044d3e8d2c201f383
parent ed79eabc0c02b57bc6ff42c1f536139f1344264c

Test V4 apk_digest computation in apkverify

Bug: 239534874
Test: atest libapkverify.test
Change-Id: I73df9d67be0fdc922299968a56db7ed87dec171c

libs/apkverify/src/v3.rs

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 0c20a2e..bad6bc2 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -128,14 +128,14 @@
     })
 }
 
-/// Gets the APK digest.
+/// Gets the v4 [apk_digest].
+///
+/// [apk_digest]: https://source.android.com/docs/security/apksigning/v4#apk-digest
 pub fn pick_v4_apk_digest<R: Read + Seek>(apk: R) -> Result<(u32, Box<[u8]>)> {
     let mut sections = ApkSections::new(apk)?;
     let mut block = sections.find_signature(APK_SIGNATURE_SCHEME_V3_BLOCK_ID)?;
     let signers = block.read::<Signers>()?;
-    if signers.len() != 1 {
-        bail!("should only have one signer");
-    }
+    ensure!(signers.len() == 1, "should only have one signer");
     signers[0].pick_v4_apk_digest()
 }
 
@@ -147,7 +147,7 @@
             .signatures
             .iter()
             .filter(|sig| is_supported_signature_algorithm(sig.signature_algorithm_id))
-            .max_by_key(|sig| rank_signature_algorithm(sig.signature_algorithm_id).unwrap())
+            .max_by_key(|sig| get_signature_algorithm_rank(sig.signature_algorithm_id).unwrap())
             .ok_or_else(|| anyhow!("No supported signatures found"))?)
     }
 
@@ -304,3 +304,36 @@
 fn to_hex_string(buf: &[u8]) -> String {
     buf.iter().map(|b| format!("{:02X}", b)).collect()
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::fs::File;
+
+    #[test]
+    fn test_pick_v4_apk_digest_only_with_v3_dsa_sha256() {
+        check_v4_apk_digest(
+            "tests/data/v3-only-with-dsa-sha256-1024.apk",
+            SIGNATURE_DSA_WITH_SHA256,
+            "0DF2426EA33AEDAF495D88E5BE0C6A1663FF0A81C5ED12D5B2929AE4B4300F2F",
+        );
+    }
+
+    #[test]
+    fn test_pick_v4_apk_digest_only_with_v3_pkcs1_sha512() {
+        check_v4_apk_digest(
+            "tests/data/v3-only-with-rsa-pkcs1-sha512-1024.apk",
+            SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512,
+            "9B9AE02DA60B18999BF541790F00D380006FDF0655C3C482AA0BB0AF17CF7A42\
+             ECF56B973518546C9080B2FEF83027E895ED2882BFC88EA19790BBAB29AF53B3",
+        );
+    }
+
+    fn check_v4_apk_digest(apk_filename: &str, expected_algorithm: u32, expected_digest: &str) {
+        let apk_file = File::open(apk_filename).unwrap();
+        let (signature_algorithm_id, apk_digest) = pick_v4_apk_digest(apk_file).unwrap();
+
+        assert_eq!(expected_algorithm, signature_algorithm_id);
+        assert_eq!(expected_digest, to_hex_string(apk_digest.as_ref()));
+    }
+}