- }
-#if RS_TESTING || 1
- if (macin == NULL)
- macin = (uint8_t *) strdup(BOGUS_MAC);
-#endif /* RS_TESTING */
-
- switch (options->fticks_mac)
- {
- case RSP_FTICKS_MAC_STATIC:
- memcpy(macout, BOGUS_MAC, sizeof(BOGUS_MAC));
- break;
- case RSP_FTICKS_MAC_ORIGINAL:
- memcpy(macout, macin, sizeof(macout));
- break;
- case RSP_FTICKS_MAC_VENDOR_HASHED:
- fticks_hashmac(macin + 3, NULL, sizeof(macout), macout);
- break;
- case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
- fticks_hashmac(macin + 3, options->fticks_key, sizeof(macout),
- macout);
- break;
- case RSP_FTICKS_MAC_FULLY_HASHED:
- fticks_hashmac(macin, NULL, sizeof(macout), macout);
- break;
- case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
- fticks_hashmac(macin, options->fticks_key, sizeof(macout), macout);
- break;
- default:
- debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
- options->fticks_mac);
+ if (macin) {
+ switch (options->fticks_mac)
+ {
+ case RSP_FTICKS_MAC_ORIGINAL:
+ memcpy(macout, macin, sizeof(macout));
+ break;
+ case RSP_FTICKS_MAC_VENDOR_HASHED:
+ memcpy(macout, macin, 9);
+ fticks_hashmac(macin, NULL, sizeof(macout) - 9, macout + 9);
+ break;
+ case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
+ memcpy(macout, macin, 9);
+ /* We are hashing the first nine octets too for easier
+ * correlation between vendor-key-hashed and
+ * fully-key-hashed log records. This opens up for a
+ * known plaintext attack on the key but the
+ * consequences of that is considered outweighed by
+ * the convenience gained. */
+ fticks_hashmac(macin, options->fticks_key,
+ sizeof(macout) - 9, macout + 9);
+ break;
+ case RSP_FTICKS_MAC_FULLY_HASHED:
+ fticks_hashmac(macin, NULL, sizeof(macout), macout);
+ break;
+ case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
+ fticks_hashmac(macin, options->fticks_key, sizeof(macout),
+ macout);
+ break;
+ default:
+ debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
+ options->fticks_mac);
+ }
+ }