From d0802335a8758569d82299d6b323b540e64aece6 Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Fri, 5 Apr 2024 12:09:04 -0500
Subject: [PATCH 1/2] Add wc_XmssKey_ExportPubRaw to wolfcrypt test.

---
 wolfcrypt/test/test.c | 39 ++++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 80e4e49fe..07d93e044 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -37775,15 +37775,19 @@ static /* not const */ byte xmss_sig[2500] =
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 {
-    XmssKey      verifyKey;
-    word32       pkSz  = 0;
-    word32       sigSz = 0;
-    const char * param = "XMSS-SHA2_10_256";
-    int          j     = 0;
-    int          ret2  = -1;
-    int          ret   = -1;
+    XmssKey       verifyKey;
+    unsigned char pub_raw[XMSS_SHA256_PUBLEN];
+    word32        pub_len = sizeof(pub_raw);
+    word32        pkSz  = 0;
+    word32        sigSz = 0;
+    const char *  param = "XMSS-SHA2_10_256";
+    int           j     = 0;
+    int           ret2  = -1;
+    int           ret   = -1;
     WOLFSSL_ENTER("xmss_test_verify_only");
 
+    XMEMSET(pub_raw, 0, sizeof(pub_raw));
+
     ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
@@ -37820,6 +37824,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
         return WC_TEST_RET_ENC_EC(ret);
     }
 
+    /* Now test the ExportPubRaw API, verify we recover the original pub. */
+    ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
+    if (ret != 0) {
+        printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+
+    if (pub_len != XMSS_SHA256_PUBLEN) {
+        printf("error: xmss pub len %d, expected %d\n", pub_len,
+               XMSS_SHA256_PUBLEN);
+        return WC_TEST_RET_ENC_EC(pub_len);
+    }
+
+    int n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
+
+    if (n_diff != 0) {
+        printf("error: exported and imported pub raw do not match: %d\n",
+               n_diff);
+        return WC_TEST_RET_ENC_EC(n_diff);
+    }
+
     /* Flip bits in message. This should fail. */
     xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
     ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),

From 4a069ee5c11e915617ad6322358ecc34b4b041d2 Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Mon, 8 Apr 2024 21:41:33 -0500
Subject: [PATCH 2/2] Small cleanup for review.

---
 wolfcrypt/test/test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 07d93e044..8dc45f651 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -37784,6 +37784,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
     int           j     = 0;
     int           ret2  = -1;
     int           ret   = -1;
+    int           n_diff = 0;
     WOLFSSL_ENTER("xmss_test_verify_only");
 
     XMEMSET(pub_raw, 0, sizeof(pub_raw));
@@ -37837,7 +37838,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
         return WC_TEST_RET_ENC_EC(pub_len);
     }
 
-    int n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
+    n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
 
     if (n_diff != 0) {
         printf("error: exported and imported pub raw do not match: %d\n",