• Johannes Berg's avatar
    iwlwifi: mvm: check PN for CCMP/GCMP in the driver · f5e28eac
    Johannes Berg authored
    As we're working on multi-queue RX, we want to parallelise checking
    the PN in order to avoid having to serialise the RX processing.
    
    It may seem that doing parallel PN checking is insecure, but it turns
    out to be OK because queue assignment is done based on the data in the
    frame (IP/TCP) and thus cannot be manipulated by an attacker, since
    the data is encrypted and must first have been decrypted successfully.
    
    There are some corner cases, in particular when the peer starts using
    fragmentation which redirects the packet to the default queue. However
    this redirection is remembered (for the STA, per TID) and thus cannot
    be exploited by an attacker either.
    
    Leave checking on the default queue (queue 0) to mac80211, since we
    get fragmented packets there and those are subject to stricter checks
    during reassembly.
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    Signed-off-by: default avatarSara Sharon <sara.sharon@intel.com>
    Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
    f5e28eac
d3.c 59.2 KB