RFC Errata
RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", May 2015
Note: This RFC has been obsoleted by RFC 8439
Source of RFC: IRTFSee Also: RFC 7539 w/ inline errata
Errata ID: 4371
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Adam Eijdenberg
Date Reported: 2015-05-21
Verifier Name: Lars Eggert
Date Verified: 2015-06-03
Section 2.8.1 says:
mac_data |= num_to_4_le_bytes(aad.length) mac_data |= num_to_4_le_bytes(ciphertext.length)
It should say:
mac_data |= num_to_8_le_bytes(aad.length) mac_data |= num_to_8_le_bytes(ciphertext.length)
Notes:
Per section 2.8 the lengths should be 64-bit (8 bytes), not 4.
After this change the pseudo-code output matches the test vectors shown in 2.8.2.