From 6886c5f57ceb4db04c2e4e4a3d52da1d233698dc Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 5 Apr 2011 15:53:58 +0200 Subject: Hash full MAC even for VendorHashed and VendorKeyHashed. Comment on VendorKeyHashed, from source: We are hashing the first nine octets too for easier correlation between vendor-key-hashed and fully-key-hashed log records. This opens up for a known plaintext attack on the key but the consequences of that is considered outweighed by the convenience gained. --- fticks.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fticks.c b/fticks.c index f882854..d4d405b 100644 --- a/fticks.c +++ b/fticks.c @@ -183,11 +183,17 @@ fticks_log(const struct options *options, break; case RSP_FTICKS_MAC_VENDOR_HASHED: memcpy(macout, macin, 9); - fticks_hashmac(macin + 9, NULL, sizeof(macout) - 9, macout + 9); + fticks_hashmac(macin, NULL, sizeof(macout) - 9, macout + 9); break; case RSP_FTICKS_MAC_VENDOR_KEY_HASHED: memcpy(macout, macin, 9); - fticks_hashmac(macin + 9, options->fticks_key, + /* We are hashing the first nine octets too for easier + * correlation between vendor-key-hashed and + * fully-key-hashed log records. This opens up for a + * known plaintext attack on the key but the + * consequences of that is considered outweighed by + * the convenience gained. */ + fticks_hashmac(macin, options->fticks_key, sizeof(macout) - 9, macout + 9); break; case RSP_FTICKS_MAC_FULLY_HASHED: -- cgit v1.1