From 85310dfbf605351713671d34d30f1d5641c8a7b2 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Mon, 14 Mar 2022 02:59:03 -0700 Subject: [PATCH] Change the signature format requirement of OEMCrypto_GenerateCertificateKeyPair [ Merge of http://go/wvgerrit/147593 ] As we have decided to use hw_bcc service in Trusty to generate BCC and sign the generated certificate public key, we need to change the signature format to cose-sign1, which is defined by hw_bcc API. Bug: 221496117 Test: GtsMediaTestCase on sunfish Change-Id: I30739a0f0ae49291d343db46ad9e898663985cc8 --- libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index fd410044..ebd4b22e 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -4811,9 +4811,11 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain( * @param[in,out] public_key_size: on input, size of the caller's public_key * buffer. On output, the number of bytes written into the buffer. * @param[out] public_key_signature: pointer to the buffer that receives the - * signature of the public key. If an OEM private key is unavailable, it is - * signed by the device private key; otherwise is signed by the OEM private - * key. + * signature of the public key. + * If an OEM private key is unavailable: it is signed by the device private + * key. The signature must be in COSE_SIGN1 format as specified in RFC 8152. + * If an OEM private key is available: it is signed by the OEM private key. + * The signature must be raw signature bytes. * @param[in,out] public_key_signature_size: on input, size of the caller's * public_key_signature buffer. On output, the number of bytes written into * the buffer.