Contact Details
solomon.liu@armchina.com
Version
wolfSSL Release 5.8.4 (Nov. 20, 2025)
Description
Spec Reference (Section 2.4 – Integer-to-Byte Conversion):
If x and y are non-negative integers, we define Z = toByte(x, y) to be the y-byte string containing the binary representation of x in big-endian byte order.
Observed Behavior in wc_xmss_sign / wc_xmssmt_sign (wc_xmss_impl.c +3412):
/* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */
wc_idx_copy(sig, params->idx_len, state->buf, XMSS_PRF_M_LEN);
wc_xmss_prf(state, sk_prf, state->buf, sig_r);
Here, idx_sig is encoded only into the first params->idx_len bytes of the buffer.
Observed Behavior in wc_xmss_hash_message (wc_xmss_impl.c +1275):
XMEMSET(idx_sig, 0, params->n - idx_len);
XMEMCPY(idx_sig + params->n - idx_len, idx, idx_len);
In this case, the encoding follows the spec definition more closely: the index is right-aligned within an n-byte buffer, padded with leading zeros to ensure big-endian representation.
Reproduction steps
No response
Relevant log output
Contact Details
solomon.liu@armchina.com
Version
wolfSSL Release 5.8.4 (Nov. 20, 2025)
Description
Spec Reference (Section 2.4 – Integer-to-Byte Conversion):
If x and y are non-negative integers, we define Z = toByte(x, y) to be the y-byte string containing the binary representation of x in big-endian byte order.
Observed Behavior in wc_xmss_sign / wc_xmssmt_sign (wc_xmss_impl.c +3412):
Observed Behavior in wc_xmss_hash_message (wc_xmss_impl.c +1275):
In this case, the encoding follows the spec definition more closely: the index is right-aligned within an n-byte buffer, padded with leading zeros to ensure big-endian representation.
Reproduction steps
No response
Relevant log output