From 60817689faf7029d6073e0ebcf0c3bb9cce0cf73 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Thu, 7 Apr 2016 10:24:56 -0700
Subject: [PATCH] Remove support for DSA with SHA-512 from v2 signing.

Android platform does not support DSA with SHA-512. Thus, it does not
make sense to support this unsupported algorithm in APK Signature
Scheme v2.

Bug: 24331392
Change-Id: Ifba90ad5b11188bb968c28d9e0ed3f9cb13ce2e7
---
 tools/signapk/src/com/android/signapk/ApkSignerV2.java | 4 ----
 tools/signapk/src/com/android/signapk/SignApk.java     | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/tools/signapk/src/com/android/signapk/ApkSignerV2.java b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
index 46cd11ecbd..7b617dbe03 100644
--- a/tools/signapk/src/com/android/signapk/ApkSignerV2.java
+++ b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
@@ -75,7 +75,6 @@ public abstract class ApkSignerV2 {
     public static final int SIGNATURE_ECDSA_WITH_SHA256 = 0x0201;
     public static final int SIGNATURE_ECDSA_WITH_SHA512 = 0x0202;
     public static final int SIGNATURE_DSA_WITH_SHA256 = 0x0301;
-    public static final int SIGNATURE_DSA_WITH_SHA512 = 0x0302;
 
     /**
      * {@code .SF} file header section attribute indicating that the APK is signed not just with
@@ -660,8 +659,6 @@ public abstract class ApkSignerV2 {
                 return Pair.create("SHA512withECDSA", null);
             case SIGNATURE_DSA_WITH_SHA256:
                 return Pair.create("SHA256withDSA", null);
-            case SIGNATURE_DSA_WITH_SHA512:
-                return Pair.create("SHA512withDSA", null);
             default:
                 throw new IllegalArgumentException(
                         "Unknown signature algorithm: 0x"
@@ -679,7 +676,6 @@ public abstract class ApkSignerV2 {
             case SIGNATURE_RSA_PSS_WITH_SHA512:
             case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512:
             case SIGNATURE_ECDSA_WITH_SHA512:
-            case SIGNATURE_DSA_WITH_SHA512:
                 return CONTENT_DIGEST_CHUNKED_SHA512;
             default:
                 throw new IllegalArgumentException(
diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index ba84b42f93..d763be5021 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -992,7 +992,7 @@ class SignApk {
             } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
                 return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA512;
             } else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
-                return ApkSignerV2.SIGNATURE_DSA_WITH_SHA512;
+                throw new IllegalArgumentException("SHA-512 is not supported with DSA");
             } else {
                 throw new IllegalArgumentException("Unsupported key algorithm: " + keyAlgorithm);
             }