RFC Errata
RFC 2104, "HMAC: Keyed-Hashing for Message Authentication", February 1997
Note: This RFC has been updated by RFC 6151
Source of RFC: ipsec (sec)
Errata ID: 4459
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Bozhi ZHENG
Date Reported: 2015-08-27
Rejected by: Stephen Farrell
Date Rejected: 2015-08-27
Section Appendix says:
/* start out by storing key in pads */ bzero( k_ipad, sizeof k_ipad); bzero( k_opad, sizeof k_opad); bcopy( key, k_ipad, key_len); bcopy( key, k_opad, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; k_opad[i] ^= 0x5c; }
It should say:
/* start out by storing key in pads */ bzero( k_ipad, sizeof k_ipad); bzero( k_opad, sizeof k_opad); bcopy( k_ipad, key, key_len); bcopy( k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; k_opad[i] ^= 0x5c; }
Notes:
The ipad = the byte 0x36 repeated 64 times, opad = the type 0x5C repeated B times and then ipad and opad XOR K after it appended to 64 byptes.
--VERIFIER NOTES--
The net effect of the suggested change would be to zero the key
and make HMAC useless.