MIP-00: enforce i-tag KeyPackageRef length matches mls_ciphersuite hash

[alltheseas]

Context

MIP-00 kind:30443 (KeyPackage) has an i tag containing the hex-encoded KeyPackageRef. The hash function (and thus output length) is determined by the mls_ciphersuite tag:

Ciphersuite	Hash	i-tag length
0x0001, 0x0002, 0x0003	SHA-256	64 hex chars
0x0004, 0x0005, 0x0006	SHA-512	128 hex chars
0x0007	SHA-384	96 hex chars

Problem

JSON Schema contains constraints on array items are independent — you cannot conditionally constrain one tag based on another tag's value. The schemata schema accepts all three valid hash sizes (64/96/128 hex) in the i tag regardless of the mls_ciphersuite value. This means a kind:30443 event with ["mls_ciphersuite", "0x0001"] and a 128-char i tag incorrectly validates.

Proposed fix

In schemata-codegen generated validators for kind:30443 (and kind:443), add a cross-field check:

ciphersuite = get_tag_value("mls_ciphersuite")
i_value = get_tag_value("i")

expected_length = match ciphersuite:
    "0x0001" | "0x0002" | "0x0003" => 64
    "0x0004" | "0x0005" | "0x0006" => 128
    "0x0007" => 96
    _ => skip (unknown ciphersuite)

if i_value.length != expected_length:
    reject("i tag length does not match ciphersuite hash size")

This could be:

1. A new ValidatorAction type (e.g., check_cross_field_length) in the planner
2. Or generated from a new schema annotation/convention for cross-tag constraints

Related

• Add kind:30443 addressable KeyPackage and MIP-05 notification schemas schemata#135 (MIP schemas PR)
• MIP-05: enforce kind:446 content decoded length is a multiple of 280 bytes #35 (kind:446 content length check)
• MIP-00 spec: https://github.com/marmot-protocol/marmot/blob/master/00.md