Merge "Check Signing Block size and alignment requirements"
diff --git a/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java b/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
index 2330f6d..c9cc4c1 100644
--- a/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
+++ b/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
@@ -178,6 +178,22 @@
beforeApkSigningBlock,
centralDir,
new ByteBufferDataSource(modifiedEocd));
+ // Special checks for the verity algorithm requirements.
+ if (actualContentDigests.containsKey(ContentDigestAlgorithm.VERITY_CHUNKED_SHA256)) {
+ if ((beforeApkSigningBlock.size() % ANDROID_COMMON_PAGE_ALIGNMENT_BYTES != 0)) {
+ throw new RuntimeException(
+ "APK Signing Block is not aligned on 4k boundary: " +
+ beforeApkSigningBlock.size());
+ }
+
+ long centralDirOffset = ZipUtils.getZipEocdCentralDirectoryOffset(eocd);
+ long signingBlockSize = centralDirOffset - beforeApkSigningBlock.size();
+ if (signingBlockSize % ANDROID_COMMON_PAGE_ALIGNMENT_BYTES != 0) {
+ throw new RuntimeException(
+ "APK Signing Block size is not multiple of page size: " +
+ signingBlockSize);
+ }
+ }
} catch (DigestException e) {
throw new RuntimeException("Failed to compute content digests", e);
}