I know that for HMAC/SHA there are default IV values. But if I want to supply my own IV (different from a default), there doesn't seem to be a way to implement it in — for example — Java. (At least, so far I hadn't found a solution in javax/bouncy castle. Looks like MessageDigest class isn't providing us with such methods).
Why are default values for IV (HMAC/SHA) used? What is the reason not expose them to a user?
Why are default values for IV (HMAC/SHA) used? What is the reason not expose them to a user?
Actually, if you go through the theoretical basis of HMAC as explored in this paper, they start with NMAC, which is essentially what you are asking for. That is, it's a nested hash construction (just like HMAC), however instead of prepending the hash with keying material, they set the IV for both levels to keying data.
They then go on to HMAC, and show that HMAC is as secure as NMAC; the prepended keying material (which occupies precisely one hash block) sets the hash internal state to a value which is unpredictable to someone who doesn't know the key. HMAC also has the advantage that it can be implemented using a standard hash implementation.
Hence, the answer is "you don't need to set the HMAC IV values; the HMAC keys do that for you"
