[avb] Collect kernel/initrd digests when verification succeeds

Bug: 265897559
Test: m pvmfw_img && atest libpvmfw_avb.integration_test
Change-Id: I6f281090d0f53464824d80e1348f4d099330ad31
diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
index 0a2eac6..8756d06 100644
--- a/pvmfw/avb/tests/utils.rs
+++ b/pvmfw/avb/tests/utils.rs
@@ -16,12 +16,13 @@
 
 //! Utility functions used by API tests.
 
-use anyhow::Result;
+use anyhow::{anyhow, Result};
 use avb_bindgen::{
     avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
     AvbVBMetaImageHeader,
 };
-use pvmfw_avb::{verify_payload, AvbSlotVerifyError, DebugLevel};
+use openssl::sha;
+use pvmfw_avb::{verify_payload, AvbSlotVerifyError, DebugLevel, Digest};
 use std::{
     fs,
     mem::{size_of, transmute, MaybeUninit},
@@ -34,22 +35,22 @@
 
 pub const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
 
-pub fn assert_payload_verification_with_initrd_eq(
+pub fn assert_payload_verification_with_initrd_fails(
     kernel: &[u8],
     initrd: &[u8],
     trusted_public_key: &[u8],
-    expected_result: Result<DebugLevel, AvbSlotVerifyError>,
+    expected_error: AvbSlotVerifyError,
 ) -> Result<()> {
-    assert_payload_verification_eq(kernel, Some(initrd), trusted_public_key, expected_result)
+    assert_payload_verification_fails(kernel, Some(initrd), trusted_public_key, expected_error)
 }
 
-pub fn assert_payload_verification_eq(
+pub fn assert_payload_verification_fails(
     kernel: &[u8],
     initrd: Option<&[u8]>,
     trusted_public_key: &[u8],
-    expected_result: Result<DebugLevel, AvbSlotVerifyError>,
+    expected_error: AvbSlotVerifyError,
 ) -> Result<()> {
-    assert_eq!(expected_result, verify_payload(kernel, initrd, trusted_public_key));
+    assert_eq!(expected_error, verify_payload(kernel, initrd, trusted_public_key).unwrap_err());
     Ok(())
 }
 
@@ -95,3 +96,34 @@
     };
     Ok(vbmeta_header)
 }
+
+pub fn assert_latest_payload_verification_passes(
+    initrd: &[u8],
+    initrd_salt: &[u8],
+    expected_debug_level: DebugLevel,
+) -> Result<()> {
+    let kernel = load_latest_signed_kernel()?;
+    let verified_boot_data = verify_payload(&kernel, Some(initrd), &load_trusted_public_key()?)
+        .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
+
+    assert_eq!(expected_debug_level, verified_boot_data.debug_level);
+
+    let footer = extract_avb_footer(&kernel)?;
+    assert_eq!(
+        hash(&[&hash(&[b"bootloader"]), &kernel[..usize::try_from(footer.original_image_size)?]]),
+        verified_boot_data.kernel_digest,
+        "Kernel digest is not equal to the expected."
+    );
+    assert_eq!(
+        hash(&[&hash(&[initrd_salt]), initrd,]),
+        verified_boot_data.initrd_digest.unwrap(),
+        "initrd digest is not equal to the expected."
+    );
+    Ok(())
+}
+
+pub fn hash(inputs: &[&[u8]]) -> Digest {
+    let mut digester = sha::Sha256::new();
+    inputs.iter().for_each(|input| digester.update(input));
+    digester.finish()
+}