RFC Errata
RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 4114
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marc Girault
Date Reported: 2014-09-16
Section 7 says:
R = OCRA(K, {[C] | Q | [P | S | T]})
RS = OCRA(K, [C] | QC | QS | [S | T])
OCRA(K, [C] | QC | QS | [S | T]) != RS
RC = OCRA(K, [C] | QS | QC | [P | S | T])
OCRA(K, [C] | QS | QC | [P|S|T]) != RC
SIGN = OCRA(K, [C] | QS | [P | T])
RS = OCRA(K, [C] | QC | QS | [T]
OCRA(K, [C] | QC | QS | [T]) != RS
SIGN = OCRA( K, [C] | QS | QC | [P | T])
OCRA(K, [C] | QS | QC | [P|T]) != SIGN
It should say:
R = CryptoFunction(K, OCRASuite | 00 | [C] | Q | [P | S | T]) RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T]) != RS RC = CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P | S | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|S|T]) != RC SIGN = CryptoFunction(K, OCRASuite | 00 | [C] | QS | [P | T]) RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T] CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T]) != RS SIGN = CryptoFunction( K, OCRASuite | 00 | [C] | QS | QC | [P | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|T]) != SIGN
Notes:
Page 5, DataInput is defined as the concatenation of OCRASuite, byte 00 and five parameters. Pages 11 and subsequent ones, it is defined as the concatenation of only those five parameters, omitting OCRASuite and byte 00. This is technically inconsistent.
The proposed new text anticipates positive verification of errata n°4113 and supersedes it.