[PATCH] IKEv2: Add support for null encryption
Jouni Malinen
j at w1.fi
Tue Sep 30 02:41:01 PDT 2025
On Wed, Jul 09, 2025 at 10:39:27AM +0200, Domenico Verde wrote:
> This patch adds support for null encryption (ENC_NULL) in IKEv2,
> as described in RFC 2410.
>
> The patch implements the null cipher by reusing the OpenSSL
> EVP_enc_null() function, adding support for ENC_NULL in both
> encrypt and decrypt operations.
>
> As specified in RFC 2410:
> - The cipher does not use an IV, so an explicit check prevents
> a potential floating point exception.
> - Padding is not required; so a pad length field with value 0
> is appended to the ciphertext.
>
> Null encryption can be useful for (1) debugging purposes and (2)
> supporting emerging scenarios, such as 5G networks, where the TNGF
> (Trusted Non-3GPP Gateway Function) leverages IKEv2 with null
> encryption.
>
> Tested with Free5GC (v4.0.1) using wpa_supplicant.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list