commit c68b95b84de4b852b0e6480df459b8f8ec8d41e3
author Alice Wang <aliceywang@google.com> Wed Sep 21 08:51:38 2022 +0000
committer Alice Wang <aliceywang@google.com> Wed Sep 21 14:21:58 2022 +0000
tree 63d025ae6a687c365264e9984215a58c719ed0b3
parent 85666e872cd42d427676e8ebc95dad89c7d0adda

[apkverify] Skip DSA SHA256 during apk verification

Test: libapkverify.integration_test
Bug: 197052981
Change-Id: Ia42864ab609b1dbe59e260bd330cbdc4079982d6

libs/apkverify/tests/apkverify_test.rs

diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 5bd901d..f2018a1 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -40,22 +40,11 @@
 }
 
 #[test]
-fn test_verify_v3_dsa_sha256() {
+fn apks_signed_with_v3_dsa_sha256_are_not_supported() {
     for key_name in KEY_NAMES_DSA.iter() {
         let res = verify(format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name));
-        assert!(res.is_err());
-        assert_contains(&res.unwrap_err().to_string(), "not implemented");
-    }
-}
-
-/// TODO(b/197052981): DSA algorithm is not yet supported.
-#[test]
-fn apks_signed_with_v3_dsa_sha256_have_valid_apk_digest() {
-    for key_name in KEY_NAMES_DSA.iter() {
-        validate_apk_digest(
-            format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name),
-            SignatureAlgorithmID::DsaWithSha256,
-        );
+        assert!(res.is_err(), "DSA algorithm is not supported for verification. See b/197052981.");
+        assert_contains(&res.unwrap_err().to_string(), "No supported signatures found");
     }
 }
 
@@ -102,7 +91,6 @@
 #[test]
 fn test_verify_v3_sig_does_not_verify() {
     let path_list = [
-        "tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk",
         "tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk",
         "tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk",
     ];
@@ -118,16 +106,9 @@
 
 #[test]
 fn test_verify_v3_digest_mismatch() {
-    let path_list = [
-        "tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk",
-        "tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk",
-    ];
-    for path in path_list.iter() {
-        let res = verify(path);
-        assert!(res.is_err());
-        let error_msg = &res.unwrap_err().to_string();
-        assert!(error_msg.contains("Digest mismatch") || error_msg.contains("not implemented"));
-    }
+    let res = verify("tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk");
+    assert!(res.is_err());
+    assert_contains(&res.unwrap_err().to_string(), "Digest mismatch");
 }
 
 #[test]