XMSS BDS State reconstruction excludes last 2 indices

[rosualinpetru]

Is it possible that the check here unintentionally excludes last two indices for BDS reconstruction?

Consider a case when an application does not store the BDS state. Upon specifying an index value of 1022 and 1023 for a tree of height 10, BDS is not reconstructed, and the resulting XMSSPrivateKeyParameters if used for signature by the XMSSSigner will yield an error that the BDS state has not been initialised. In short, last two indices can only be used if one stores the BDS state.

Is this intended?

bc-java/core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSPrivateKeyParameters.java

Line 165 in 65c3dc4

if (builder.index < ((1 << params.getHeight()) - 2) && tmpPublicSeed != null && tmpSecretKeySeed != null)