RFC Errata
RFC 3447, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", February 2003
Note: This RFC has been obsoleted by RFC 8017
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 3447 w/ inline errata
Errata ID: 595
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2003-08-28
Section 9.1 says:
+-----------+ | M | +-----------+ | V Hash | V +--------+----------+----------+ M' = |Padding1| mHash | salt | +--------+----------+----------+ | +--------+----------+ V DB = |Padding2|maskedseed| Hash +--------+----------+ | | | V | +--+ xor <--- MGF <---| |bc| | | +--+ | | | V V V +-------------------+----------+--+ EM = | maskedDB |maskedseed|bc| +-------------------+----------+--+
It should say:
+-----------+ | M | +-----------+ | V Hash | V +--------+----------+----------+ M' = |Padding1| mHash | salt | +--------+----------+----------+ | +--------+----------+ V DB = |Padding2| salt | Hash +--------+----------+ | | | V | +--+ xor <--- MGF <---| |bc| | | +--+ | | | V V V +-------------------+----------+--+ EM = | maskedDB | H |bc| +-------------------+----------+--+
Notes:
Figure 2 names two fields "maskedseed" which in fact are _very_
different, and this nomenclature matches neither the figure
caption given nor the subsequent text -- see e.g. 'step 6.' and
'step 8.' on page 39 and 'step 12.' on page 40.