From 67c55d5869d5473e5139614637f31ea37746181d Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Thu, 11 Jun 2026 10:03:14 +0000 Subject: irmd: Specify peer authentication contract OAP accepted requests and responses without a certificate even when the peer was expected to authenticate. An on-path attacker could strip the certificate and signature from a flow allocation response and substitute its own key exchange, silently downgrading the handshake to unauthenticated. Add an auth=required|optional policy to enc.conf, enforced per role: a client config requires the server to present a valid certificate, a server config requires the same from the client. Default is required for client side (https), optional server side. The client side default can be changed via OAP_CLIENT_AUTH_DEFAULT for testing. Replace the bare 'none' keyword with encryption=none, which disables encryption only: the digest and the authentication policy are kept, so authenticated but unencrypted flows can be configured. Configs using bare 'none' are now rejected. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- enc.conf.in | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'enc.conf.in') diff --git a/enc.conf.in b/enc.conf.in index 8f91d717..17b480c1 100644 --- a/enc.conf.in +++ b/enc.conf.in @@ -22,7 +22,8 @@ # cipher= Symmetric cipher algorithm # kdf= Key derivation function hash algorithm # kem_mode= KEM encapsulation mode (server or client) -# none Explicitly disable encryption +# auth= Peer authentication policy (required or optional) +# encryption=none Explicitly disable encryption # # Supported KEX algorithms (kex=): # -------------------------------- @@ -76,6 +77,20 @@ # blake2b512 BLAKE2b-512 # blake2s256 BLAKE2s-256 # +# Peer Authentication (auth=): +# ---------------------------- +# +# optional Accept unauthenticated peers +# required Reject peers that do not present a valid certificate +# +# This setting applies to the *peer*: in a client config it requires +# the server to authenticate; in a server config it requires the +# client. The defaults mirror the web: a client config defaults to +# required (the server must authenticate), a server config defaults +# to optional (client authentication is opt-in). Set auth=required on +# the server too for mutual authentication. Combine encryption=none +# with auth=required for authenticated but unencrypted flows. +# # KEM Mode (kem_mode=): # --------------------- # @@ -147,4 +162,8 @@ kdf=sha256 # kdf=sha512 # # Disable encryption: -# none +# encryption=none +# +# Authentication required, no encryption: +# encryption=none +# auth=required -- cgit v1.2.3