# RFC Errata

### Errata Search

Source of RFC
Summary Table Full Records

#### RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 5625
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Emanuele Giacomelli
Date Reported: 2019-02-07

Section Appendix A says:

```// put selected bytes into result int
int offset = hash[hash.length - 1] & 0xf;

int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);

int otp = binary % DIGITS_POWER[codeDigits];

result = Integer.toString(otp);
while (result.length() < codeDigits) {
result = "0" + result;
}
return result;

```

It should say:

```if (codeDigits > 0) {
// put selected bytes into result int
int offset = hash[hash.length - 1] & 0xf;

int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);

int otp = binary % DIGITS_POWER[codeDigits];

result = Integer.toString(otp);
while (result.length() < codeDigits) {
result = "0" + result;
}
return result;
} else {
return asHex(hash);
}

```

Notes:

The code does not honor what the RFC says in section 5.2:

3. t=0 means that no truncation is performed and the full HMAC value
is used for authentication purposes

and still applies dynamic truncation to suites requesting "0" digits.
As a result, the computation performs a "modulo 1" operation causing
the code to always return 0 for such suites.

The proposed patch explicitly disables dynamic truncation for such suites and returns the full HMAC
encoded as a Base16 string. The "asHex" function is the same defined in Appendix B.

Report New Errata