Hash full MAC even for VendorHashed and VendorKeyHashed.

Comment on VendorKeyHashed, from source: We are hashing the first nine octets too for easier correlation between vendor-key-hashed and fully-key-hashed log records. This opens up for a known plaintext attack on the key but the consequences of that is considered outweighed by the convenience gained.
author: Linus Nordberg <linus@nordu.net> 2011-04-05 15:53:58 +0200
committer: Linus Nordberg <linus@nordu.net> 2011-04-05 15:53:58 +0200
commit: 6886c5f57ceb4db04c2e4e4a3d52da1d233698dc (patch)
tree: 869ad9d76d5972314170a97bfbfd8ef79e03086e
parent: 1c114bfcb18c98b12182dc9f1d1e6d8eb6127d94 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/fticks.c b/fticks.c
index f882854..d4d405b 100644
--- a/fticks.c
+++ b/fticks.c
@@ -183,11 +183,17 @@ fticks_log(const struct options *options,
 		break;
 	    case RSP_FTICKS_MAC_VENDOR_HASHED:
 		memcpy(macout, macin, 9);
-		fticks_hashmac(macin + 9, NULL, sizeof(macout) - 9, macout + 9);
+		fticks_hashmac(macin, NULL, sizeof(macout) - 9, macout + 9);
 		break;
 	    case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
 		memcpy(macout, macin, 9);
-		fticks_hashmac(macin + 9, options->fticks_key,
+		/* We are hashing the first nine octets too for easier
+		 * correlation between vendor-key-hashed and
+		 * fully-key-hashed log records.  This opens up for a
+		 * known plaintext attack on the key but the
+		 * consequences of that is considered outweighed by
+		 * the convenience gained.  */
+		fticks_hashmac(macin, options->fticks_key,
 			       sizeof(macout) - 9, macout + 9);
 		break;
 	    case RSP_FTICKS_MAC_FULLY_HASHED:
author	Linus Nordberg <linus@nordu.net>	2011-04-05 15:53:58 +0200
committer	Linus Nordberg <linus@nordu.net>	2011-04-05 15:53:58 +0200
commit	6886c5f57ceb4db04c2e4e4a3d52da1d233698dc (patch)
tree	869ad9d76d5972314170a97bfbfd8ef79e03086e
parent	1c114bfcb18c98b12182dc9f1d1e6d8eb6127d94 (diff)