[apk_digest] Pass SignatureAlgorithmID to compute_digest
This CL passes the enum SignatureAlgorithmID to compute_digest
instead of raw integer.
Bug: 246254355
Test: libapkverify.integration_test
Change-Id: I451c841f5bb95701f350791c7395b9a50bf4455f
diff --git a/libs/apkverify/src/sigutil.rs b/libs/apkverify/src/sigutil.rs
index 3832c09..fabb8e6 100644
--- a/libs/apkverify/src/sigutil.rs
+++ b/libs/apkverify/src/sigutil.rs
@@ -23,7 +23,6 @@
use anyhow::{anyhow, ensure, Error, Result};
use byteorder::{LittleEndian, ReadBytesExt};
use bytes::{Buf, BufMut, Bytes, BytesMut};
-use num_traits::FromPrimitive;
use openssl::hash::{DigestBytes, Hasher, MessageDigest};
use std::cmp::min;
use std::io::{self, Cursor, ErrorKind, Read, Seek, SeekFrom, Take};
@@ -95,12 +94,11 @@
/// chunks (little-endian uint32), and the concatenation of digests of the chunks in the
/// order the chunks appear in the APK.
/// (see https://source.android.com/security/apksigning/v2#integrity-protected-contents)
- pub fn compute_digest(&mut self, signature_algorithm_id: u32) -> Result<Vec<u8>> {
- // TODO(b/246254355): Passes the enum SignatureAlgorithmID directly to this method.
- let signature_algorithm_id = SignatureAlgorithmID::from_u32(signature_algorithm_id)
- .ok_or_else(|| anyhow!("Unsupported algorithm ID: {}", signature_algorithm_id))?;
+ pub(crate) fn compute_digest(
+ &mut self,
+ signature_algorithm_id: SignatureAlgorithmID,
+ ) -> Result<Vec<u8>> {
let digester = Digester { message_digest: signature_algorithm_id.new_message_digest() };
-
let mut digests_of_chunks = BytesMut::new();
let mut chunk_count = 0u32;
let mut chunk = vec![0u8; CHUNK_SIZE_BYTES as usize];
@@ -293,7 +291,7 @@
fn test_apk_digest() {
let apk_file = File::open("tests/data/v3-only-with-dsa-sha256-1024.apk").unwrap();
let mut apk_sections = ApkSections::new(apk_file).unwrap();
- let digest = apk_sections.compute_digest(SIGNATURE_DSA_WITH_SHA256).unwrap();
+ let digest = apk_sections.compute_digest(SignatureAlgorithmID::DsaWithSha256).unwrap();
assert_eq!(
"0DF2426EA33AEDAF495D88E5BE0C6A1663FF0A81C5ED12D5B2929AE4B4300F2F",
to_hex_string(&digest[..])
diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 76617e1..570ad49 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -195,7 +195,12 @@
.iter()
.find(|&dig| dig.signature_algorithm_id == strongest.signature_algorithm_id)
.unwrap(); // ok to unwrap since we check if two lists are the same above
- let computed = sections.compute_digest(digest.signature_algorithm_id)?;
+ let computed = sections.compute_digest(
+ // TODO(b/246254355): Removes the conversion once Digest contains the enum
+ // SignatureAlgorithmID.
+ SignatureAlgorithmID::from_u32(digest.signature_algorithm_id)
+ .context("Unsupported algorithm")?,
+ )?;
// 6. Verify that the computed digest is identical to the corresponding digest from digests.
ensure!(