RFC Errata
RFC 2104, "HMAC: Keyed-Hashing for Message Authentication", February 1997
Note: This RFC has been updated by RFC 6151
Source of RFC: ipsec (sec)
Errata ID: 4459
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Bozhi ZHENG
Date Reported: 2015-08-27
Rejected by: Stephen Farrell
Date Rejected: 2015-08-27
Section Appendix says:
/* start out by storing key in pads */
bzero( k_ipad, sizeof k_ipad);
bzero( k_opad, sizeof k_opad);
bcopy( key, k_ipad, key_len);
bcopy( key, k_opad, key_len);
/* XOR key with ipad and opad values */
for (i=0; i<64; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
It should say:
/* start out by storing key in pads */
bzero( k_ipad, sizeof k_ipad);
bzero( k_opad, sizeof k_opad);
bcopy( k_ipad, key, key_len);
bcopy( k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i=0; i<64; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
Notes:
The ipad = the byte 0x36 repeated 64 times, opad = the type 0x5C repeated B times and then ipad and opad XOR K after it appended to 64 byptes.
--VERIFIER NOTES--
The net effect of the suggested change would be to zero the key
and make HMAC useless.