Release 2.7.0.dev0: Add dynamic nonce in both snp and gpu tokens. (#3546) · NVIDIA/NVFlare

2.7.0.dev0
27c9c54
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified
Learn about vigilant mode
Choose a tag to compare

Filter

View all tags

2.7.0.dev0: Add dynamic nonce in both snp and gpu tokens. (#3546)

2.7.0.dev0
27c9c54
Choose a tag to compare

Filter

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified
Learn about vigilant mode

IsaacYangSLA tagged this 18 Jul 23:09

### Description

This PR adds one more check on the nonce value in the cross-site token
verification stage. The nonce is embedded into `reported data` for
snpguest report and nonce parameter in the client of nvtrust. At
verification stage, the nonce is extracted from the received tokens,
compared with previously received tokens. If it matches any, then this
token is considered an used one, which is likely a replay attack to the
system. Therefore, the verification will fail.

### Types of changes
<!--- Put an `x` in all the boxes that apply, and remove the not
applicable items -->
- [x] Non-breaking change (fix or new feature that would not break
existing functionality).
- [ ] Breaking change (fix or new feature that would cause existing
functionality to change).
- [ ] New tests added to cover the changes.
- [x] Quick tests passed locally by running `./runtest.sh`.
- [ ] In-line docstrings updated.
- [ ] Documentation updated.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!