commit b8d776c9b7539ba61f6976a6e964ee7ecdfeac8c
author Kelvin Zhang <zhangkelvin@google.com> Wed Sep 07 03:12:49 2022 +0000
committer Kelvin Zhang <zhangkelvin@google.com> Wed Sep 07 03:29:46 2022 +0000
tree c21d97a316e63384cb3cae8b5e71eb099a2dfebf
parent 4decfcd3b63c0bcc6ad9fc9b547a08320182ea13

Add utility method to check payload's data hash

Various OTA utilities, such as merge_ota tool will need this to check
integrity of OTA updates.

Bug: 227848550
Test: th
Change-Id: Id4efb8b9b3a28e30ef7f8ced6db9833bedce04a8

scripts/update_payload/payload.py

diff --git a/scripts/update_payload/payload.py b/scripts/update_payload/payload.py
index cc15753..b513f72 100644
--- a/scripts/update_payload/payload.py
+++ b/scripts/update_payload/payload.py
@@ -18,6 +18,7 @@
 
 from __future__ import absolute_import
 from __future__ import print_function
+import binascii
 
 import hashlib
 import io
@@ -324,3 +325,17 @@
                metadata_size=metadata_size,
                part_sizes=part_sizes,
                report_out_file=report_out_file)
+
+  def CheckDataHash(self):
+    for part in self.manifest.partitions:
+      for op in part.operations:
+        if op.data_length == 0:
+          continue
+        if not op.data_sha256_hash:
+          raise PayloadError(
+              f"Operation {op} in partition {part.partition_name} missing data_sha256_hash")
+        blob = self.ReadDataBlob(op.data_offset, op.data_length)
+        blob_hash = hashlib.sha256(blob)
+        if blob_hash.digest() != op.data_sha256_hash:
+          raise PayloadError(
+              f"Operation {op} in partition {part.partition_name} has unexpected hash, expected: {binascii.hexlify(op.data_sha256_hash)}, actual: {blob_hash.hexdigest()}")