IKEv2: Add support for null encryption

Add support for null encryption (ENC_NULL) in IKEv2, as described in RFC
2410.

Implement the null cipher by reusing the OpenSSL EVP_enc_null()
function, adding support for ENC_NULL in both encrypt and decrypt
operations.

As specified in RFC 2410:
- The cipher does not use an IV, so an explicit check prevents
  a potential floating point exception.
- Padding is not required; so a pad length field with value 0
  is appended to the ciphertext.

Null encryption can be useful for (1) debugging purposes and (2)
supporting emerging scenarios, such as 5G networks, where the TNGF
(Trusted Non-3GPP Gateway Function) leverages IKEv2 with null
encryption.

Tested with Free5GC (v4.0.1) using wpa_supplicant.

Signed-off-by: Domenico Verde <domenico.verde.96@alumni.uniroma2.eu>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 2efe3ed942187197dcc00b343ee8ed254f924087..d99572ec0d60b274cbcf774a044a197c2fdd29a2 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -966,6 +966,11 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
                cipher = EVP_rc2_ecb();
                break;
 #endif /* OPENSSL_NO_RC2 */
+#ifndef OPENSSL_NO_NULL
+       case CRYPTO_CIPHER_NULL:
+               cipher = EVP_enc_null();
+               break;
+#endif /* OPENSSL_NO_NULL */
        default:
                os_free(ctx);
                return NULL;

diff --git a/src/eap_common/ikev2_common.c b/src/eap_common/ikev2_common.c
index 90fb89e243b83224b515368a3fad01532211e10d..2e75b437587f38083bdd74dd900b26285678e383 100644 (file)
--- a/src/eap_common/ikev2_common.c
+++ b/src/eap_common/ikev2_common.c
@@ -34,7 +34,8 @@ static const struct ikev2_prf_alg ikev2_prf_algs[] = {
 
 static const struct ikev2_encr_alg ikev2_encr_algs[] = {
        { ENCR_AES_CBC, 16, 16 }, /* only 128-bit keys supported for now */
-       { ENCR_3DES, 24, 8 }
+       { ENCR_3DES, 24, 8 },
+       { ENCR_NULL, 0, 0 }
 };
 
 #define NUM_ENCR_ALGS ARRAY_SIZE(ikev2_encr_algs)
@@ -185,6 +186,9 @@ int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
        case ENCR_AES_CBC:
                encr_alg = CRYPTO_CIPHER_ALG_AES;
                break;
+       case ENCR_NULL:
+               encr_alg = CRYPTO_CIPHER_NULL;
+               break;
        default:
                wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg);
                return -1;
@@ -220,6 +224,9 @@ int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
        case ENCR_AES_CBC:
                encr_alg = CRYPTO_CIPHER_ALG_AES;
                break;
+       case ENCR_NULL:
+               encr_alg = CRYPTO_CIPHER_NULL;
+               break;
        default:
                wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg);
                return -1;
@@ -577,9 +584,15 @@ int ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys,
                return -1;
        }
 
-       pad_len = iv_len - (wpabuf_len(plain) + 1) % iv_len;
-       if (pad_len == iv_len)
+       if (iv_len) {
+               pad_len = iv_len - (wpabuf_len(plain) + 1) % iv_len;
+               if (pad_len == iv_len)
+                       pad_len = 0;
+       } else {
+               /* Avoid padding when not necessary */
                pad_len = 0;
+       }
+
        wpabuf_put(plain, pad_len);
        wpabuf_put_u8(plain, pad_len);