commit f8f201143056cdba75cfc624af3ca63432cddfdd
author Alice Wang <aliceywang@google.com> Mon Sep 19 19:52:24 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Sep 19 19:52:24 2022 +0000
tree 58552bd39f3a423ea8859aeeb9dac20209fc2066
parent 62353c5cb45d81d69ba707e747177fe845d00de8
parent b1e15cae6556ffdf372987f301557efcbc1b4681

Merge "[apkverify] Remove the Ord implementation for SignatureAlgorithmID"

libs/apkverify/src/algorithms.rs

diff --git a/libs/apkverify/src/algorithms.rs b/libs/apkverify/src/algorithms.rs
index 9e6c415..9a5144c 100644
--- a/libs/apkverify/src/algorithms.rs
+++ b/libs/apkverify/src/algorithms.rs
@@ -22,13 +22,12 @@
 use openssl::pkey::{self, PKey};
 use openssl::rsa::Padding;
 use openssl::sign::Verifier;
-use std::cmp::Ordering;
 
 /// [Signature Algorithm IDs]: https://source.android.com/docs/security/apksigning/v2#signature-algorithm-ids
 /// [SignatureAlgorithm.java]: (tools/apksig/src/main/java/com/android/apksig/internal/apk/SignatureAlgorithm.java)
 ///
 /// Some of the algorithms are not implemented. See b/197052981.
-#[derive(Clone, Debug, Eq, FromPrimitive, ToPrimitive)]
+#[derive(Clone, Debug, Eq, PartialEq, FromPrimitive, ToPrimitive)]
 #[repr(u32)]
 pub enum SignatureAlgorithmID {
     /// RSASSA-PSS with SHA2-256 digest, SHA2-256 MGF1, 32 bytes of salt, trailer: 0xbc, content
@@ -77,26 +76,6 @@
     }
 }
 
-impl Ord for SignatureAlgorithmID {
-    /// Ranks the signature algorithm according to the corresponding content
-    /// digest algorithm's rank.
-    fn cmp(&self, other: &Self) -> Ordering {
-        self.to_content_digest_algorithm().cmp(&other.to_content_digest_algorithm())
-    }
-}
-
-impl PartialOrd for SignatureAlgorithmID {
-    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
-        Some(self.cmp(other))
-    }
-}
-
-impl PartialEq for SignatureAlgorithmID {
-    fn eq(&self, other: &Self) -> bool {
-        self.cmp(other) == Ordering::Equal
-    }
-}
-
 impl SignatureAlgorithmID {
     pub(crate) fn new_verifier<'a>(
         &self,
@@ -167,7 +146,7 @@
         }
     }
 
-    fn to_content_digest_algorithm(&self) -> ContentDigestAlgorithm {
+    pub(crate) fn to_content_digest_algorithm(&self) -> ContentDigestAlgorithm {
         match self {
             SignatureAlgorithmID::RsaPssWithSha256
             | SignatureAlgorithmID::RsaPkcs1V15WithSha256
@@ -195,7 +174,7 @@
 /// [apk digest]: https://source.android.com/docs/security/features/apksigning/v4#apk-digest
 /// [v3 verification]: https://source.android.com/docs/security/apksigning/v3#v3-verification
 #[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord)]
-enum ContentDigestAlgorithm {
+pub(crate) enum ContentDigestAlgorithm {
     ChunkedSha256 = 1,
     VerityChunkedSha256,
     ChunkedSha512,

libs/apkverify/src/v3.rs

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 570ad49..2f8fb45 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -143,7 +143,11 @@
             .signatures
             .iter()
             .filter(|sig| SignatureAlgorithmID::from_u32(sig.signature_algorithm_id).is_some())
-            .max_by_key(|sig| SignatureAlgorithmID::from_u32(sig.signature_algorithm_id).unwrap())
+            .max_by_key(|sig| {
+                SignatureAlgorithmID::from_u32(sig.signature_algorithm_id)
+                    .unwrap()
+                    .to_content_digest_algorithm()
+            })
             .context("No supported signatures found")?)
     }