jlpoole/reticiulum-specification
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
reticiulum-specification/tools/README.md

41 lines
2.6 KiB
Markdown
Raw Normal View History

Initial bootstrap: README, LICENSE, SPEC.md, agent.md, scaffolding Bootstrapped from the working notes of two reverse-engineering efforts: - reticulum-lora-webclient (web/Capacitor) - reticulum-mobile-app (Kotlin Multiplatform / Android) SPEC.md consolidates byte-level wire format findings that aren't in the upstream Reticulum manual. Each section grounded in upstream Python source citations (file + line) where possible. agent.md establishes the verification rules: - Every claim is verified, unverified, or speculation; markers required - Verification means a runnable script or a source citation - PRs that quietly remove markers get rejected tools/ and test-vectors/ are placeholder scaffolding with READMEs describing the work needed. Sections in SPEC.md flagged as currently UNVERIFIED: - §2.3 Originator HEADER_1 -> HEADER_2 conversion - §4.3 app_data 3-element variant with capabilities - §7.1 path? always precedes LXMF (vs only on stale paths) - §7.4 ratchet ring count default = 8 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 09:38:46 -04:00
# Verifier scripts
Self-contained Python scripts that test claims in [`../SPEC.md`](../SPEC.md) against the upstream RNS / LXMF Python stack.
## Conventions
- Each script verifies one claim or one related cluster of claims.
- Exit code 0 on PASS, non-zero on FAIL.
- Print a one-line PASS/FAIL summary plus a unified diff or hex dump on mismatch.
- Reference the SPEC.md section the script verifies in a docstring at the top.
## Required environment
```
pip install rns lxmf
```
The scripts read `RNS.__version__` at startup and print it in their output so a future reader can tell which RNS version a verification ran against.
## Status
Verify §2.3, §4.3, §7.1, §7.4 against upstream RNS 1.2.0 / LXMF 0.9.6 Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:14:51 -04:00
Populated against RNS 1.2.0 / LXMF 0.9.6:
| Script | Verifies SPEC.md section | Status |
|---|---|---|
Fix and expand §1.3 — on-disk identity format (real spec bug!) Closes Tier 1 #6 and the entire Tier 1 sweep. Previous §1.3 said the on-disk byte order was Ed25519_priv(32) || X25519_priv(32) ("opposite of the public_key concatenation"). That was WRONG. Verified empirically against RNS 1.2.0 by round-tripping the existing test vectors through Identity.to_file and reading the bytes back: disk = X25519_priv(32) || Ed25519_priv(32) # same as public_key This matches Identity.get_private_key() at RNS/Identity.py:694-698: return self.prv_bytes + self.sig_prv_bytes where prv_bytes is X25519 (line 679) and sig_prv_bytes is Ed25519 (line 682). It also matches load_private_key at line 706-717. Implementations following the prior spec wording would have written identity files that fail to load on upstream RNS — a real interop break that would have been very hard to debug because the failure is in keypair-loading, before any signature operation runs. §1.3 rewritten and expanded: - Correct byte order with citation to upstream code. - 64-byte raw-blob format with explicit "no header / no version / no checksum / no encryption". - File-system facts: no chmod, expected to live in OS-protected storage, filename is caller-controlled. - from_bytes HAZARD note: feeding raw random bytes skips the `cryptography` library's keypair-generation invariants (X25519 RFC 7748 §5 scalar clamping etc). - Cross-implementation portability follows automatically because there's nothing in the file but the bytes. - ⚠️ Spec correction callout warning future readers about the previous wording so the bug history is on record. tools/verify_destination_hash.py extended with a §1.3 to_file / from_file round-trip section. For each test vector it now: - writes the identity via to_file - asserts the on-disk file is exactly 64 bytes - asserts disk[:32] hex == expected x25519_priv_hex - asserts disk[32:64] hex == expected ed25519_priv_hex - reloads via from_file and asserts identity_hash invariance This is what would have caught the bug if it had been there from the start. tools/README.md updated to reflect §1.3 coverage. Cumulative Tier 1 status: 6 of 6 done. A from-scratch client built from §1-§9 + §10 + §11 + flows/ can now interop with upstream Reticulum / LXMF / RNode for identity, announce, opportunistic LXMF DATA, Resource fragmentation, regular PROOF receipts, link handshakes with MTU/mode signalling, path-? discovery, and KISS/HDLC/RNode-air-frame framing. Tiers 2 and 3 remain open in the todo for follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 11:54:54 -04:00
| `verify_destination_hash.py` | §1.1, §1.2, §1.3 — identity composition, `dest_hash = SHA256(name_hash \|\| identity_hash)[:16]`, on-disk private-key round-trip via `to_file`/`from_file` | ✅ |
Verify §2.3, §4.3, §7.1, §7.4 against upstream RNS 1.2.0 / LXMF 0.9.6 Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:14:51 -04:00
| `verify_packet_header.py` | §2.1, §2.2, §2.3 — flag byte layout, HEADER_1/HEADER_2 form, originator HEADER_1→HEADER_2 conversion via upstream `Transport.outbound` | ✅ |
Add four more verifiers + receive-propagated flow + frontmatter version Verifiers: tools/verify_proof_packet.py — locks in §6.5. Toggles Reticulum.__use_implicit_proof to test both modes; confirms Identity.prove emits 64B (implicit) or 96B (explicit) proof body; PacketReceipt.validate_proof accepts both lengths and rejects an 80B body. tools/verify_link_handshake.py — locks in §6.1, §6.2, §6.3, §6.6. Most importantly verifies the previously-corrected §6.2 LRPROOF body order (signature(64) || responder_X25519_pub(32) || [signalling]) and §6.3 link_id offsets (N=2 for HEADER_1) by actually building a Link initiator-side, capturing the LINKREQUEST raw bytes, computing link_id by the spec recipe, running validate_request inline (since the upstream wrapper swallows exceptions), and confirming the responder's LRPROOF bytes match the spec layout. This was the single most interop-critical correction we made. tools/verify_rnode_split.py — locks in §8.3. Pure-function re-implementation of the canonical TX and RX state machines from RNode_Firmware.ino:359-446 + 716-742; tests header-byte layout, single-frame TX, split-frame TX (300B → 254+46 with shared header byte), all four RX state-machine cases (a/b/c/d from the spec table), and end-to-end TX/RX round-trip at sizes 50, 254, 255, 300, 508. tools/verify_msgpack_quirk.py — locks in §9.3. Confirms umsgpack distinguishes str (fixstr/0xa5) from bytes (bin8/0xc4); confirms LXMF.display_name_from_app_data parses bytes-encoded display names correctly and silently returns None (not crash) on str-encoded ones, matching the bug-tolerance documented in §9.3. All 11 verifiers pass against RNS 1.2.0 / LXMF 0.9.6. Plus: - SPEC.md frontmatter: 'Last verified against' line per agent.md §7. - flows/receive-propagated-lxmf.md: closing half of the propagated LXMF lifecycle. /get listing query, fetch query, ack-and-purge via the have_ids slot, message-bundle unpack and dispatch through lxmf_delivery. - tools/README.md status table refreshed; flows/README.md flips receive-propagated-lxmf.md to ✅. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 12:54:34 -04:00
| `verify_token_crypto.py` | §3 — Token encrypt/decrypt, HKDF salt = identity_hash, HMAC-then-AES order, PKCS#7 padding | ✅ |
Verify §2.3, §4.3, §7.1, §7.4 against upstream RNS 1.2.0 / LXMF 0.9.6 Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:14:51 -04:00
| `verify_announce_app_data.py` | §4.3 — LXMF announce app_data 2-element form, parser tolerance | ✅ |
Add four more verifiers + receive-propagated flow + frontmatter version Verifiers: tools/verify_proof_packet.py — locks in §6.5. Toggles Reticulum.__use_implicit_proof to test both modes; confirms Identity.prove emits 64B (implicit) or 96B (explicit) proof body; PacketReceipt.validate_proof accepts both lengths and rejects an 80B body. tools/verify_link_handshake.py — locks in §6.1, §6.2, §6.3, §6.6. Most importantly verifies the previously-corrected §6.2 LRPROOF body order (signature(64) || responder_X25519_pub(32) || [signalling]) and §6.3 link_id offsets (N=2 for HEADER_1) by actually building a Link initiator-side, capturing the LINKREQUEST raw bytes, computing link_id by the spec recipe, running validate_request inline (since the upstream wrapper swallows exceptions), and confirming the responder's LRPROOF bytes match the spec layout. This was the single most interop-critical correction we made. tools/verify_rnode_split.py — locks in §8.3. Pure-function re-implementation of the canonical TX and RX state machines from RNode_Firmware.ino:359-446 + 716-742; tests header-byte layout, single-frame TX, split-frame TX (300B → 254+46 with shared header byte), all four RX state-machine cases (a/b/c/d from the spec table), and end-to-end TX/RX round-trip at sizes 50, 254, 255, 300, 508. tools/verify_msgpack_quirk.py — locks in §9.3. Confirms umsgpack distinguishes str (fixstr/0xa5) from bytes (bin8/0xc4); confirms LXMF.display_name_from_app_data parses bytes-encoded display names correctly and silently returns None (not crash) on str-encoded ones, matching the bug-tolerance documented in §9.3. All 11 verifiers pass against RNS 1.2.0 / LXMF 0.9.6. Plus: - SPEC.md frontmatter: 'Last verified against' line per agent.md §7. - flows/receive-propagated-lxmf.md: closing half of the propagated LXMF lifecycle. /get listing query, fetch query, ack-and-purge via the have_ids slot, message-bundle unpack and dispatch through lxmf_delivery. - tools/README.md status table refreshed; flows/README.md flips receive-propagated-lxmf.md to ✅. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 12:54:34 -04:00
| `verify_announce_roundtrip.py` | §4.1, §4.2, §4.5 — announce body layout, signature, dest_hash recompute, tamper rejection | ✅ |
| `verify_lxmf_opportunistic.py` | §5.1, §5.2, §5.5, §5.6 — full identity → encrypt → decrypt → parse round-trip | ✅ |
| `verify_proof_packet.py` | §6.5 — implicit (64B) and explicit (96B) proof body forms, validator length-dispatch | ✅ |
| `verify_link_handshake.py` | §6.1, §6.2, §6.3, §6.6 — LINKREQUEST/LRPROOF body order, link_id derivation, signalling | ✅ |
Verify §2.3, §4.3, §7.1, §7.4 against upstream RNS 1.2.0 / LXMF 0.9.6 Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:14:51 -04:00
| `verify_path_request.py` | §1.2 well-known hashes, §7.1 LXMF path-preamble gating | ✅ |
Add four more verifiers + receive-propagated flow + frontmatter version Verifiers: tools/verify_proof_packet.py — locks in §6.5. Toggles Reticulum.__use_implicit_proof to test both modes; confirms Identity.prove emits 64B (implicit) or 96B (explicit) proof body; PacketReceipt.validate_proof accepts both lengths and rejects an 80B body. tools/verify_link_handshake.py — locks in §6.1, §6.2, §6.3, §6.6. Most importantly verifies the previously-corrected §6.2 LRPROOF body order (signature(64) || responder_X25519_pub(32) || [signalling]) and §6.3 link_id offsets (N=2 for HEADER_1) by actually building a Link initiator-side, capturing the LINKREQUEST raw bytes, computing link_id by the spec recipe, running validate_request inline (since the upstream wrapper swallows exceptions), and confirming the responder's LRPROOF bytes match the spec layout. This was the single most interop-critical correction we made. tools/verify_rnode_split.py — locks in §8.3. Pure-function re-implementation of the canonical TX and RX state machines from RNode_Firmware.ino:359-446 + 716-742; tests header-byte layout, single-frame TX, split-frame TX (300B → 254+46 with shared header byte), all four RX state-machine cases (a/b/c/d from the spec table), and end-to-end TX/RX round-trip at sizes 50, 254, 255, 300, 508. tools/verify_msgpack_quirk.py — locks in §9.3. Confirms umsgpack distinguishes str (fixstr/0xa5) from bytes (bin8/0xc4); confirms LXMF.display_name_from_app_data parses bytes-encoded display names correctly and silently returns None (not crash) on str-encoded ones, matching the bug-tolerance documented in §9.3. All 11 verifiers pass against RNS 1.2.0 / LXMF 0.9.6. Plus: - SPEC.md frontmatter: 'Last verified against' line per agent.md §7. - flows/receive-propagated-lxmf.md: closing half of the propagated LXMF lifecycle. /get listing query, fetch query, ack-and-purge via the have_ids slot, message-bundle unpack and dispatch through lxmf_delivery. - tools/README.md status table refreshed; flows/README.md flips receive-propagated-lxmf.md to ✅. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 12:54:34 -04:00
| `verify_rnode_split.py` | §8.3 — RNode air-frame split-packet TX/RX state machines | ✅ |
| `verify_msgpack_quirk.py` | §9.3 — encoding name as bytes vs str affects upstream parsing | ✅ |
Add tools/verify_stamps.py — runtime-lock §5.7 12th verifier in the suite. Locks in the LXMF stamps and tickets spec (§5.7) by exercising LXMF.LXMStamper directly: - Workblock construction: deterministic for a given material; confirms exactly 768 KiB at the WORKBLOCK_EXPAND_ROUNDS = 3000 default (matches spec §5.7.2 documented size). - PoW search-and-validate: brute-force search at target_cost = 4 bits (fast — usually 1-16 iterations). Confirms stamp_valid and stamp_value round-trip; tampers a byte and confirms rejection. - LXMessage.validate_stamp end-to-end: accepts a valid PoW stamp on a synthesized LXMessage; rejects a tampered one. - Ticket shortcut: builds stamp = SHA256(ticket || message_id) by hand, confirms validate_stamp(target_cost, tickets=[...]) accepts with the matching ticket and rejects with a wrong one. target_cost = 4 keeps the test fast; real interop uses 8-16 bits. The verifier doesn't claim to be a stamp-cost benchmark — that's a separate use case. 12 of 12 verifiers in tools/ now pass against RNS 1.2.0 / LXMF 0.9.6. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 15:13:59 -04:00
| `verify_stamps.py` | §5.7 — workblock determinism, PoW stamp search/validate, ticket shortcut | ✅ |
Resolve issue #1 — five §7.2/§7.3 gaps from clean-room JS implementation Reporter implemented §7.2.6 minimum-leaf path-request responder + §7.3 ratchet rotation in thatSFguy/reticulum-lora-webclient and surfaced five small gaps. Each is fixed below; the first is a real spec correction backed by a new runtime verifier. #### 1. §7.3 dedup-mechanism claim was wrong (verified) Earlier §7.3 claimed transit nodes dedup on '(destination_hash, ratchet_pub)' tuples. Reporter pointed out this can't be right: upstream's RATCHET_INTERVAL = 30 min × ANNOUNCE_INTERVAL = 5-15 min means most upstream announces share a ratchet across 2-6 emissions. If relays really dropped on ratchet_pub equality, upstream wouldn't function. Confirmed by new tools/verify_ratchet_dedup.py: builds two announces with same ratchet_pub but distinct random_hash[:5], walks the upstream replay-defence machinery (Transport.py:1707,1732,1745 'not random_blob in random_blobs' check) by hand. Both announces ACCEPTED — dedup is keyed on random_blob, not on ratchet_pub. §7.3 rewritten: - Drops the wrong dedup claim with an explicit ⚠️ Spec correction callout naming the bug. - Reframes ratchet rotation as forward-secrecy hygiene, not a mesh-visibility requirement. - Points at §4.5 step 6.3 / §4.1 for the actual replay-defence mechanism. - Documents upstream's at-most-every-30-min rotation cadence (rotate_ratchets is a no-op if RATCHET_INTERVAL hasn't elapsed). - Says clean-room MAY rotate per-announce or follow upstream's cadence — either is interop-correct. #### 2. Path-response ratchet rotation guidance — §7.3.4 (new) Added explicit guidance: path-response announces SHOULD reuse the current ratchet rather than rotate. Burst-rotating on identical-target path? requests would burn ratchet-ring slots without forward-secrecy benefit. Upstream's no-op-if-recent gate enforces this implicitly. #### 3. Leaf dedup-table size — §7.2.6 step 4 Added: 'A leaf-appropriate cap is 128–256 entries with FIFO eviction; the upstream max_pr_tags = 32000 is sized for a transit node.' #### 4. PR_TAG_WINDOW body cache for leaves — §7.2.6 trailing Added: 'Leaves may skip the §7.2.5 PR_TAG_WINDOW body cache' with explanation that step 4's dedup table already collapses identical-tag retransmits and a leaf isn't fanning to multiple downstream relays. #### 5. PLAIN destination recipe link — §7.2.1 Added: 'The path-request destination is a PLAIN destination ... per the PLAIN/GROUP recipe in §1.4.3 (the identity == None branch).' Surfaces the connection that's currently buried in §1.4 titled 'GROUP destinations' but actually covers PLAIN too. agent.md §5 audit table updated — §7.3 entry corrected to note the prior 'verified' claim was actually mis-attributed; the test result came from incidental random_hash rotation, not ratchet rotation. 13 of 13 verifiers in tools/ now pass. Closes #1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 20:38:01 -04:00
| `verify_ratchet_dedup.py` | §7.3 / §4.5 step 6.3 — confirms replay defence is keyed on `random_blob`, NOT on `(dest_hash, ratchet_pub)` | ✅ |
Verify §2.3, §4.3, §7.1, §7.4 against upstream RNS 1.2.0 / LXMF 0.9.6 Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:14:51 -04:00
| `regen_identities.py` | regenerates `test-vectors/identities.json` | ✅ |
See [`../agent.md`](../agent.md) §5 and [`../todo.md`](../todo.md) for the remaining priority order.
Reference in a new issue Copy permalink