From 67c55d5869d5473e5139614637f31ea37746181d Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Thu, 11 Jun 2026 10:03:14 +0000 Subject: irmd: Specify peer authentication contract OAP accepted requests and responses without a certificate even when the peer was expected to authenticate. An on-path attacker could strip the certificate and signature from a flow allocation response and substitute its own key exchange, silently downgrading the handshake to unauthenticated. Add an auth=required|optional policy to enc.conf, enforced per role: a client config requires the server to present a valid certificate, a server config requires the same from the client. Default is required for client side (https), optional server side. The client side default can be changed via OAP_CLIENT_AUTH_DEFAULT for testing. Replace the bare 'none' keyword with encryption=none, which disables encryption only: the digest and the authentication policy are kept, so authenticated but unencrypted flows can be configured. Configs using bare 'none' are now rejected. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/irmd/oap/cli.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/irmd/oap/cli.c') diff --git a/src/irmd/oap/cli.c b/src/irmd/oap/cli.c index 7a202da7..d38f38dd 100644 --- a/src/irmd/oap/cli.c +++ b/src/irmd/oap/cli.c @@ -93,6 +93,11 @@ int load_cli_kex_config(const struct name_info * info, assert(info != NULL); assert(cfg != NULL); + memset(cfg, 0, sizeof(*cfg)); + + /* A client authenticates the server by default, like an https client */ + cfg->req_auth = OAP_CLIENT_AUTH_DEFAULT; + return load_kex_config(info->name, info->c.enc, cfg); } @@ -534,6 +539,12 @@ int oap_cli_complete(void * ctx, goto fail_oap; } + /* Required peer auth makes sig and name binding mandatory */ + if (s->kcfg.req_auth && peer_hdr.crt.len == 0) { + log_err_id(id, "Server did not provide a certificate."); + goto fail_oap; + } + /* Verify request hash in authenticated response */ if (peer_hdr.req_hash.len == 0) { log_err_id(id, "Response missing req_hash."); -- cgit v1.2.3