psda_service.cpp 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "psda_service.h"
  32. #include "session_mgr.h"
  33. #include "se_memcpy.h"
  34. #include "pse_op_t.h"
  35. #include "util.h"
  36. #include "byte_order.h"
  37. #include <stdlib.h>
  38. #include "utility.h"
  39. #include "sgx_tcrypto.h"
  40. // ephemeral session
  41. extern eph_session_t g_eph_session;
  42. // Encrypt psda message by AES-CTR-128
  43. static pse_op_error_t encrypt_psda_msg(psda_service_message_t* psda_service_msg,
  44. const uint8_t* payload_data,
  45. uint32_t payload_size,
  46. const sgx_key_128bit_t* tsk)
  47. {
  48. assert(psda_service_msg != NULL);
  49. assert(payload_data != NULL);
  50. assert(tsk != NULL);
  51. Ipp8u ctr[16];
  52. uint32_t ctr_num_bit_size = 32;
  53. // number of blocks in message should not exceed counter
  54. //if ((uint64_t)payload_size > ((uint64_t)1<<ctr_num_bit_size)*AES_BLOCK_SIZE)
  55. //{
  56. // // counter not enough for encryption
  57. // return OP_ERROR_INVALID_PARAMETER;
  58. //}
  59. // generate random iv, 96 bits=12 bytes here
  60. if(sgx_read_rand(&psda_service_msg->service_message.payload_iv[0],
  61. PSDA_MESSAGE_IV_SIZE-4) != SGX_SUCCESS)
  62. {
  63. return OP_ERROR_INTERNAL;
  64. }
  65. // setup COUNTER part to all 0, IV[127:0] = counter[127:96] | random[95:0]
  66. memset(&psda_service_msg->service_message.payload_iv[12], 0, 4);
  67. //*((uint32_t*)&psda_service_msg->service_message.payload_iv[0]) = 0;
  68. // for other ctr_num_bit_size:
  69. //uint64_t* low_ptr = (uint64_t*)&psda_service_msg->service_message.payload_iv[0];
  70. //uint64_t* high_ptr = (uint64_t*)&psda_service_msg->service_message.payload_iv[8];
  71. //*low_ptr &= (uint64_t)(-1) << ctr_num_bit_size;
  72. //*high_ptr &= (uint64_t)(-1) << (ctr_num_bit_size > 64? ctr_num_bit_size - 64 : 0);
  73. memcpy(ctr, psda_service_msg->service_message.payload_iv, AES_BLOCK_SIZE);
  74. sgx_status_t stat = sgx_aes_ctr_encrypt((const sgx_aes_ctr_128bit_key_t*)tsk,
  75. (const uint8_t*)payload_data,
  76. payload_size,
  77. ctr,
  78. ctr_num_bit_size,
  79. psda_service_msg->service_message.payload);
  80. if (stat == SGX_SUCCESS)
  81. return OP_SUCCESS;
  82. else
  83. return OP_ERROR_INTERNAL;
  84. }
  85. // Decrypt psda message by AES-CTR-128
  86. static pse_op_error_t decrypt_psda_msg(const psda_service_message_t* psda_service_msg,
  87. uint8_t* payload_data,
  88. const sgx_key_128bit_t* tsk)
  89. {
  90. assert(psda_service_msg != NULL);
  91. assert(payload_data != NULL);
  92. assert(tsk != NULL);
  93. Ipp8u ctr[16];
  94. uint32_t ctr_num_bit_size = 32;
  95. memcpy(ctr, psda_service_msg->service_message.payload_iv, AES_BLOCK_SIZE);
  96. sgx_status_t stat = sgx_aes_ctr_decrypt((const sgx_aes_ctr_128bit_key_t*)tsk,
  97. psda_service_msg->service_message.payload,
  98. psda_service_msg->service_message.payload_size,
  99. ctr,
  100. ctr_num_bit_size,
  101. (uint8_t*)payload_data);
  102. if (stat == SGX_SUCCESS)
  103. return OP_SUCCESS;
  104. else
  105. return OP_ERROR_INTERNAL;
  106. }
  107. static pse_op_error_t check_ephemeral_session_state()
  108. {
  109. // check ephemeral session status
  110. if (g_eph_session.state != SESSION_ACTIVE || g_eph_session.seq_num >= (uint32_t)-2)
  111. {
  112. // ephemeral session not established or sequence number overflows
  113. memset_s(&g_eph_session, sizeof(eph_session_t), 0, sizeof(eph_session_t));
  114. return OP_ERROR_INVALID_EPH_SESSION;
  115. }
  116. return OP_SUCCESS;
  117. }
  118. static pse_op_error_t invoke_psda_service(uint8_t* req,
  119. uint32_t req_size,
  120. uint8_t* resp,
  121. uint32_t resp_size)
  122. {
  123. assert(req!= NULL);
  124. assert(resp!= NULL);
  125. pse_op_error_t ret = OP_SUCCESS;
  126. psda_service_message_t* service_req_message = NULL;
  127. psda_service_message_t* service_resp_message = NULL;
  128. psda_req_hdr_t* req_hdr_ptr = (psda_req_hdr_t*)req;
  129. psda_resp_hdr_t* resp_hdr_ptr = (psda_resp_hdr_t*)resp;
  130. sgx_status_t stat = SGX_SUCCESS;
  131. ae_error_t ocall_ret;
  132. // change endian. Note only members in header are of little endian. Other fields
  133. // are already converted to big endian before this function is called
  134. req_hdr_ptr->service_id = _htons(req_hdr_ptr->service_id);
  135. req_hdr_ptr->service_cmd = _htons(req_hdr_ptr->service_cmd);
  136. // set sequence number in request header
  137. req_hdr_ptr->seqnum = _htonl(g_eph_session.seq_num);
  138. // check ephemeral session
  139. ret = check_ephemeral_session_state();
  140. if (ret != OP_SUCCESS)
  141. {
  142. goto clean_up;
  143. }
  144. // allocate buffer for request message
  145. service_req_message = (psda_service_message_t*)malloc(
  146. sizeof(psda_service_message_t) + req_size);
  147. if (service_req_message == NULL)
  148. {
  149. ret = OP_ERROR_MALLOC;
  150. goto clean_up;
  151. }
  152. // Fill request message with proper values
  153. copy_pse_instance_id(service_req_message->msg_hdr.pse_instance_id); // set global instance id
  154. service_req_message->msg_hdr.msg_type = BE_PSDA_MSG_TYPE_SERV_REQ;
  155. service_req_message->msg_hdr.msg_len = _htonl(sizeof(service_message_t) + req_size);
  156. service_req_message->service_message.version = BE_PSDA_API_VERSION;
  157. service_req_message->service_message.session_id = 0;
  158. service_req_message->service_message.msg_type_exp_resp_size = _htonl(resp_size);
  159. service_req_message->service_message.payload_size = _htonl(req_size);
  160. // encrypt message body with AES-CTR
  161. if ((ret = encrypt_psda_msg(service_req_message,
  162. req,
  163. req_size,
  164. (sgx_key_128bit_t*)g_eph_session.TSK)) != OP_SUCCESS)
  165. {
  166. goto clean_up;
  167. }
  168. // sign encrypted payload data with HMAC-SHA256
  169. if (ippsHMAC_Message(service_req_message->service_message.payload,
  170. req_size,
  171. g_eph_session.TMK,
  172. sizeof(g_eph_session.TMK),
  173. service_req_message->service_message.payload_mac,
  174. SGX_SHA256_HASH_SIZE, IPP_ALG_HASH_SHA256) != ippStsNoErr)
  175. {
  176. ret = OP_ERROR_INTERNAL;
  177. goto clean_up;
  178. }
  179. // allocate response message buffer
  180. service_resp_message = (psda_service_message_t*)malloc(
  181. sizeof(psda_service_message_t) + resp_size);
  182. if (service_resp_message == NULL)
  183. {
  184. ret = OP_ERROR_MALLOC;
  185. goto clean_up;
  186. }
  187. // always increase seqnum by 2
  188. g_eph_session.seq_num += 2;
  189. // OCALL PSDA service
  190. stat = psda_invoke_service_ocall(&ocall_ret,
  191. (uint8_t*)service_req_message,
  192. static_cast<uint32_t>(sizeof(psda_service_message_t)) + req_size,
  193. (uint8_t*)service_resp_message,
  194. static_cast<uint32_t>(sizeof(psda_service_message_t)) + resp_size);
  195. if (stat != SGX_SUCCESS)
  196. {
  197. ret = OP_ERROR_INTERNAL;
  198. goto clean_up;
  199. }
  200. else {
  201. switch(ocall_ret)
  202. {
  203. case AE_SUCCESS:
  204. break;
  205. case AESM_PSDA_INTERNAL_ERROR:
  206. /* Internal errors or under attack */
  207. ret = OP_ERROR_INTERNAL;
  208. goto clean_up;
  209. case AESM_PSDA_NEED_REPAIRING:
  210. ret = OP_ERROR_INVALID_EPH_SESSION;
  211. goto clean_up;
  212. case AESM_PSDA_SESSION_LOST:
  213. ret = OP_ERROR_PSDA_SESSION_LOST;
  214. goto clean_up;
  215. default:
  216. ret = OP_ERROR_INTERNAL;
  217. goto clean_up;
  218. }
  219. }
  220. // The message we received is of BigEndian format, convert to LE
  221. service_resp_message->service_message.payload_size = _ntohl(service_resp_message->service_message.payload_size);
  222. // verify response message type and size
  223. if (service_resp_message->msg_hdr.msg_type != BE_PSDA_MSG_TYPE_SERV_RESP
  224. || service_resp_message->service_message.version != BE_PSDA_API_VERSION
  225. || service_resp_message->service_message.payload_size != resp_size)
  226. {
  227. // return OP_ERROR_INVALID_EPH_SESSION will trigger ephemeral session re-establishment
  228. ret = OP_ERROR_INVALID_EPH_SESSION;
  229. memset_s(&g_eph_session, sizeof(eph_session_t), 0, sizeof(eph_session_t));
  230. goto clean_up;
  231. }
  232. // verify HMAC
  233. if (!verify_hmac_sha256(g_eph_session.TMK,
  234. sizeof(g_eph_session.TMK),
  235. service_resp_message->service_message.payload,
  236. service_resp_message->service_message.payload_size,
  237. service_resp_message->service_message.payload_mac))
  238. {
  239. // return OP_ERROR_INVALID_EPH_SESSION will trigger ephemeral session re-establishment
  240. ret = OP_ERROR_INVALID_EPH_SESSION;
  241. memset_s(&g_eph_session, sizeof(eph_session_t), 0, sizeof(eph_session_t));
  242. goto clean_up;
  243. }
  244. // decrypt message body
  245. if ((ret = decrypt_psda_msg(service_resp_message,
  246. resp,
  247. (sgx_key_128bit_t*)g_eph_session.TSK)) != OP_SUCCESS)
  248. {
  249. goto clean_up;
  250. }
  251. // resp_msg is of BigEndian format, convert to LE first
  252. resp_hdr_ptr->service_id = _ntohs(resp_hdr_ptr->service_id);
  253. resp_hdr_ptr->service_cmd = _ntohs(resp_hdr_ptr->service_cmd);
  254. resp_hdr_ptr->seqnum = _ntohl(resp_hdr_ptr->seqnum);
  255. resp_hdr_ptr->status = _ntohl(resp_hdr_ptr->status);
  256. // verify service command, id, status and SEQNUM
  257. if (resp_hdr_ptr->service_id != _ntohs(req_hdr_ptr->service_id)
  258. || resp_hdr_ptr->service_cmd != _ntohs(req_hdr_ptr->service_cmd)
  259. || resp_hdr_ptr->seqnum != g_eph_session.seq_num - 1)
  260. {
  261. // return OP_ERROR_INVALID_EPH_SESSION will trigger ephemeral session re-establishment
  262. ret = OP_ERROR_INVALID_EPH_SESSION;
  263. memset_s(&g_eph_session, sizeof(eph_session_t), 0, sizeof(eph_session_t));
  264. goto clean_up;
  265. }
  266. switch (resp_hdr_ptr->status)
  267. {
  268. case CSE_SERVICE_SUCCESS:
  269. break;
  270. case CSE_ERROR_UNKNOWN_REQ:
  271. // for the first generation of PSE-PSDA product, CSE_UNKOWN_REQUEST_RESP is not expected
  272. ret = OP_ERROR_UNKNOWN_REQUEST;
  273. goto clean_up;
  274. case CSE_ERROR_CAP_NOT_AVAILABLE:
  275. ret = OP_ERROR_CAP_NOT_AVAILABLE;
  276. goto clean_up;
  277. case CSE_ERROR_INVALID_PARAM:
  278. ret = OP_ERROR_INVALID_PARAMETER;
  279. goto clean_up;
  280. case CSE_ERROR_INTERNAL:
  281. ret = OP_ERROR_INTERNAL;
  282. goto clean_up;
  283. case CSE_ERROR_PERSISTENT_DATA_WRITE_THROTTLED:
  284. ret = OP_ERROR_PSDA_BUSY;
  285. goto clean_up;
  286. default:
  287. ret = OP_ERROR_INTERNAL;
  288. goto clean_up;
  289. }
  290. clean_up:
  291. // memory free
  292. SAFE_FREE(service_req_message);
  293. SAFE_FREE(service_resp_message);
  294. return ret;
  295. }
  296. /*
  297. Calculate TimeSourceNonce
  298. */
  299. static pse_op_error_t calculate_time_source_nonce(const uint8_t* pairing_nonce,
  300. const uint32_t pairing_nonce_size,
  301. const uint8_t* time_epoch,
  302. const uint32_t time_epoch_size,
  303. const sgx_measurement_t *mrsigner,
  304. void* time_source_nonce)
  305. {
  306. assert(pairing_nonce != NULL);
  307. assert(time_epoch != NULL);
  308. assert(time_source_nonce != NULL);
  309. sgx_sha_state_handle_t ctx = NULL;
  310. sgx_status_t sgx_ret = SGX_SUCCESS;
  311. do
  312. {
  313. // Init
  314. sgx_ret = sgx_sha256_init(&ctx);
  315. BREAK_ON_ERROR(sgx_ret);
  316. // pairing-nonce
  317. sgx_ret = sgx_sha256_update(pairing_nonce,
  318. pairing_nonce_size,
  319. ctx);
  320. BREAK_ON_ERROR(sgx_ret);
  321. // PRTC-EPOCH
  322. sgx_ret = sgx_sha256_update(time_epoch,
  323. time_epoch_size,
  324. ctx);
  325. BREAK_ON_ERROR(sgx_ret);
  326. // MRSIGNER
  327. sgx_ret = sgx_sha256_update((const uint8_t*)mrsigner,
  328. sizeof(sgx_measurement_t),
  329. ctx);
  330. BREAK_ON_ERROR(sgx_ret);
  331. // Finalize
  332. sgx_ret = sgx_sha256_get_hash(ctx, (sgx_sha256_hash_t*)time_source_nonce);
  333. BREAK_ON_ERROR(sgx_ret);
  334. } while (0);
  335. if(ctx)
  336. {
  337. sgx_status_t ret = sgx_sha256_close(ctx);
  338. sgx_ret = (sgx_ret != SGX_SUCCESS)? sgx_ret : ret;
  339. }
  340. if (sgx_ret == SGX_SUCCESS)
  341. {
  342. return OP_SUCCESS;
  343. }
  344. else
  345. {
  346. return OP_ERROR_INTERNAL;
  347. }
  348. }
  349. // call PSDA RPDATA service to read RPDATA
  350. pse_op_error_t psda_read_rpdata(uint8_t* rpdata, uint32_t* rp_epoch)
  351. {
  352. assert(rpdata != NULL);
  353. assert(rp_epoch != NULL);
  354. pse_op_error_t ret;
  355. cse_rpdata_read_req_t cse_rpdata_read_req;
  356. cse_rpdata_resp_t cse_rpdata_resp;
  357. // prepare request header
  358. cse_rpdata_read_req.req_hdr.service_id = CSE_RPDATA_SERVICE;
  359. cse_rpdata_read_req.req_hdr.service_cmd = CSE_RPDATA_READ;
  360. ret = invoke_psda_service(
  361. (uint8_t*)&cse_rpdata_read_req,
  362. sizeof(cse_rpdata_read_req_t),
  363. (uint8_t*)&cse_rpdata_resp,
  364. sizeof(cse_rpdata_resp_t));
  365. if (ret != OP_SUCCESS)
  366. {
  367. return ret;
  368. }
  369. // copy RPDATA buffer
  370. memcpy(rpdata, cse_rpdata_resp.rpdata, SGX_RPDATA_SIZE);
  371. *rp_epoch = cse_rpdata_resp.rp_epoch;
  372. return OP_SUCCESS;
  373. }
  374. // call PSDA RPDATA service to update RPDATA
  375. pse_op_error_t psda_update_rpdata(uint8_t* rpdata_cur, uint8_t* rpdata_new, uint32_t* rp_epoch)
  376. {
  377. assert(rpdata_cur != NULL);
  378. assert(rpdata_new != NULL);
  379. assert(rp_epoch != NULL);
  380. pse_op_error_t ret;
  381. cse_rpdata_update_req_t cse_rpdata_update_req;
  382. cse_rpdata_resp_t cse_rpdata_resp;
  383. // prepare request header
  384. cse_rpdata_update_req.req_hdr.service_id = CSE_RPDATA_SERVICE;
  385. cse_rpdata_update_req.req_hdr.service_cmd = CSE_RPDATA_UPDATE;
  386. memcpy(cse_rpdata_update_req.rpdata_cur, rpdata_cur, SGX_RPDATA_SIZE);
  387. memcpy(cse_rpdata_update_req.rpdata_new, rpdata_new, SGX_RPDATA_SIZE);
  388. ret = invoke_psda_service(
  389. (uint8_t*)&cse_rpdata_update_req,
  390. sizeof(cse_rpdata_update_req_t),
  391. (uint8_t*)&cse_rpdata_resp,
  392. sizeof(cse_rpdata_resp_t));
  393. if (ret != OP_SUCCESS)
  394. {
  395. return ret;
  396. }
  397. if (memcmp(rpdata_new, &cse_rpdata_resp.rpdata[0], SGX_RPDATA_SIZE) != 0)
  398. return OP_ERROR_INTERNAL;
  399. // update success
  400. *rp_epoch = cse_rpdata_resp.rp_epoch;
  401. return OP_SUCCESS;
  402. }
  403. // call PSDA RPDATA service to reset RPDATA
  404. pse_op_error_t psda_reset_rpdata(uint8_t* rpdata_cur, uint8_t* rpdata_new, uint32_t* rp_epoch)
  405. {
  406. assert(rpdata_cur != NULL);
  407. assert(rp_epoch != NULL);
  408. assert(rpdata_new != NULL);
  409. pse_op_error_t ret;
  410. cse_rpdata_reset_req_t cse_rpdata_reset_req;
  411. cse_rpdata_resp_t cse_rpdata_resp;
  412. // prepare request header
  413. cse_rpdata_reset_req.req_hdr.service_id = CSE_RPDATA_SERVICE;
  414. cse_rpdata_reset_req.req_hdr.service_cmd = CSE_RPDATA_RESET;
  415. memcpy(cse_rpdata_reset_req.rpdata_cur, rpdata_cur, SGX_RPDATA_SIZE);
  416. ret = invoke_psda_service(
  417. (uint8_t*)&cse_rpdata_reset_req,
  418. sizeof(cse_rpdata_reset_req_t),
  419. (uint8_t*)&cse_rpdata_resp,
  420. sizeof(cse_rpdata_resp_t));
  421. if (ret != OP_SUCCESS)
  422. {
  423. return ret;
  424. }
  425. // reset success
  426. *rp_epoch = cse_rpdata_resp.rp_epoch;
  427. memcpy(rpdata_new, &cse_rpdata_resp.rpdata, SGX_RPDATA_SIZE);
  428. return OP_SUCCESS;
  429. }
  430. // call PSDA service to get trusted time
  431. pse_op_error_t psda_read_timer(
  432. const isv_attributes_t &owner_attributes,
  433. uint64_t* timestamp,
  434. uint8_t* time_source_nonce)
  435. {
  436. cse_timer_read_req_t cse_timer_req;
  437. cse_timer_read_resp_t cse_timer_resp;
  438. // prepare request header
  439. cse_timer_req.req_hdr.service_id = CSE_TRUSTED_TIME_SERVICE;
  440. cse_timer_req.req_hdr.service_cmd = CSE_TIMER_READ;
  441. pse_op_error_t ret = invoke_psda_service(
  442. (uint8_t*)&cse_timer_req,
  443. sizeof(cse_timer_read_req_t),
  444. (uint8_t*)&cse_timer_resp,
  445. sizeof(cse_timer_read_resp_t));
  446. if(OP_SUCCESS == ret)
  447. {
  448. // set trusted time ( note cse_timer_resp.timestamp is of BE format)
  449. uint32_t high = (uint32_t)(cse_timer_resp.timestamp & 0x00000000FFFFFFFFLL);
  450. uint32_t low = (uint32_t)((cse_timer_resp.timestamp & 0xFFFFFFFF00000000LL) >> 32);
  451. high = _ntohl(high);
  452. low = _ntohl(low);
  453. *timestamp = (uint64_t)low + (((uint64_t)high) << 32);
  454. uint32_t prtc_epoch = cse_timer_resp.epoch;
  455. uint8_t pairing_nonce[16];
  456. if (!copy_global_pairing_nonce(&pairing_nonce[0]))
  457. return OP_ERROR_INTERNAL;
  458. // TimeSourceNonce = SHA256(pairing-nonce||PRTC-EPOCH||Session.ENCALVEMRSIGNER)
  459. if (calculate_time_source_nonce(pairing_nonce,
  460. sizeof(Nonce128_t),
  461. (uint8_t*)&prtc_epoch,
  462. sizeof(prtc_epoch),
  463. &owner_attributes.mr_signer,
  464. time_source_nonce
  465. ) != OP_SUCCESS)
  466. {
  467. ret = OP_ERROR_INTERNAL;
  468. }
  469. }
  470. return ret;
  471. }