RFC Errata
RFC 8439, "ChaCha20 and Poly1305 for IETF Protocols", June 2018
Source of RFC: IRTF
Errata ID: 5675
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Stefan Heiss
Date Reported: 2019-03-25
Rejected by: Colin Perkins
Date Rejected: 2019-04-15
Section 2.5.1 says:
for i=1 upto ceil(msg length in bytes / 16) n = le_bytes_to_num(msg[((i-1)*16)..(i*16)] | [0x01]) a += n a = (r * a) % p end
It should say:
for i=1 upto floor(msg length in bytes / 16) j = min(i*16-1, msg length in bytes - 1) n = le_bytes_to_num(msg[((i-1)*16)..j] | [0x01]) a += n a = (r * a) % p end
Notes:
Corection for lengths of msg blocks (full blocks are of size 16, NOT 17 and last blocks of size != 16 have to be treated separately).
--VERIFIER NOTES--
Rejected in favour of errata 5689.