RFC Errata
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Note: This RFC has been updated by RFC 6649
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 2067
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Michiko Short
Date Reported: 2010-03-05
Rejected by: Sean Turner
Date Rejected: 2011-06-28
Section 7.3 says:
// Encrypt the data (if encrypting) if (encrypt) RC4(Kcrypt, data); // Save first 8 octets of HMAC Sgn_Cksum Sgn_Cksum = HMAC(Ksign, Sgn_Cksum); memcpy(Token.SGN_CKSUM, Sgn_Cksum, 8);
It should say:
// Encrypt the data (if encrypting) if (encrypt) RC4(Kcrypt, data); // Sum the padding buffer Sgn_Cksum += MD5(padding); // Encrypt the padding (if encrypting) if (padding) RC4(Kcrypt, padding); // Save first 8 octets of HMAC Sgn_Cksum Sgn_Cksum = HMAC(Ksign, Sgn_Cksum); memcpy(Token.SGN_CKSUM, Sgn_Cksum, 8);
Notes:
WRAP missing padding
--VERIFIER NOTES--
Turns out padding is already included in data, so Errata 1674, which I just approved, covers this. I verified this with Magnus Nystrom.