commit 60817689faf7029d6073e0ebcf0c3bb9cce0cf73
author Alex Klyubin <klyubin@google.com> Thu Apr 07 10:24:56 2016 -0700
committer Alex Klyubin <klyubin@google.com> Thu Apr 07 10:24:56 2016 -0700
tree d5732cc55e5b7dc209fef3bced58e2e5a6e97604
parent 4d69fbf5beeb7f56c878ed8b3286b23521029f74

Remove support for DSA with SHA-512 from v2 signing.

Android platform does not support DSA with SHA-512. Thus, it does not
make sense to support this unsupported algorithm in APK Signature
Scheme v2.

Bug: 24331392
Change-Id: Ifba90ad5b11188bb968c28d9e0ed3f9cb13ce2e7

tools/signapk/src/com/android/signapk/ApkSignerV2.java

diff --git a/tools/signapk/src/com/android/signapk/ApkSignerV2.java b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
index 46cd11e..7b617db 100644
--- a/tools/signapk/src/com/android/signapk/ApkSignerV2.java
+++ b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
@@ -75,7 +75,6 @@
     public static final int SIGNATURE_ECDSA_WITH_SHA256 = 0x0201;
     public static final int SIGNATURE_ECDSA_WITH_SHA512 = 0x0202;
     public static final int SIGNATURE_DSA_WITH_SHA256 = 0x0301;
-    public static final int SIGNATURE_DSA_WITH_SHA512 = 0x0302;
 
     /**
      * {@code .SF} file header section attribute indicating that the APK is signed not just with
@@ -660,8 +659,6 @@
                 return Pair.create("SHA512withECDSA", null);
             case SIGNATURE_DSA_WITH_SHA256:
                 return Pair.create("SHA256withDSA", null);
-            case SIGNATURE_DSA_WITH_SHA512:
-                return Pair.create("SHA512withDSA", null);
             default:
                 throw new IllegalArgumentException(
                         "Unknown signature algorithm: 0x"
@@ -679,7 +676,6 @@
             case SIGNATURE_RSA_PSS_WITH_SHA512:
             case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512:
             case SIGNATURE_ECDSA_WITH_SHA512:
-            case SIGNATURE_DSA_WITH_SHA512:
                 return CONTENT_DIGEST_CHUNKED_SHA512;
             default:
                 throw new IllegalArgumentException(

tools/signapk/src/com/android/signapk/SignApk.java

diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index ba84b42..d763be5 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -992,7 +992,7 @@
             } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
                 return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA512;
             } else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
-                return ApkSignerV2.SIGNATURE_DSA_WITH_SHA512;
+                throw new IllegalArgumentException("SHA-512 is not supported with DSA");
             } else {
                 throw new IllegalArgumentException("Unsupported key algorithm: " + keyAlgorithm);
             }