peat-schema 0.9.0-rc.10

Wire format (Protobuf) definitions for the Peat Coordination Protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

// Security message types for PEAT Protocol Device Authentication (PKI)
// Version: 1.0.0
// Related: ADR-006, Issue #160

syntax = "proto3";

package cap.security.v1;

import "common.proto";

// Device type classification per ADR-006
enum DeviceType {
  DEVICE_TYPE_UNSPECIFIED = 0;
  DEVICE_TYPE_UAV = 1;           // Unmanned Aerial Vehicle
  DEVICE_TYPE_UGV = 2;           // Unmanned Ground Vehicle
  DEVICE_TYPE_USV = 3;           // Unmanned Surface Vehicle
  DEVICE_TYPE_SOLDIER_SYSTEM = 4; // Soldier/Dismounted System
  DEVICE_TYPE_C2_STATION = 5;     // Command & Control Station
  DEVICE_TYPE_RELAY_NODE = 6;     // Relay/Communication Node
  DEVICE_TYPE_SENSOR_PLATFORM = 7; // Sensor Platform (static)
}

// Hierarchy level for organizational units
enum HierarchyLevel {
  HIERARCHY_LEVEL_UNSPECIFIED = 0;
  HIERARCHY_LEVEL_SQUAD = 1;
  HIERARCHY_LEVEL_PLATOON = 2;
  HIERARCHY_LEVEL_COMPANY = 3;
  HIERARCHY_LEVEL_BATTALION = 4;
  HIERARCHY_LEVEL_BRIGADE = 5;
  HIERARCHY_LEVEL_DIVISION = 6;
}

// Device identity information
message DeviceIdentity {
  // Unique device identifier (hex-encoded, 32 chars from SHA-256 of public key)
  string device_id = 1;

  // Ed25519 public key (32 bytes)
  bytes public_key = 2;

  // Device type classification
  DeviceType device_type = 3;

  // Organization unit level
  HierarchyLevel organization_level = 4;

  // Organization unit identifier (e.g., "1-502" for 1st Battalion, 502nd Regiment)
  string organization_unit_id = 5;

  // Common name / call sign
  string common_name = 6;

  // X.509 certificate chain (DER-encoded, leaf first) - optional for MVP
  repeated bytes certificates = 7;
}

// Authentication challenge for peer verification
message Challenge {
  // Random nonce (32 bytes) for replay protection
  bytes nonce = 1;

  // Challenge creation timestamp
  cap.common.v1.Timestamp timestamp = 2;

  // Challenger's device ID (hex string)
  string challenger_id = 3;

  // Challenge expiration timestamp
  cap.common.v1.Timestamp expires_at = 4;
}

// Signed response to authentication challenge
message SignedChallengeResponse {
  // Original challenge nonce (for correlation)
  bytes challenge_nonce = 1;

  // Responder's Ed25519 public key (32 bytes)
  bytes public_key = 2;

  // Ed25519 signature (64 bytes) over: nonce || challenger_id || timestamp
  bytes signature = 3;

  // Response creation timestamp
  cap.common.v1.Timestamp timestamp = 4;

  // Responder's device type
  DeviceType device_type = 5;

  // X.509 certificate chain (DER-encoded) - optional for MVP
  repeated bytes certificates = 6;
}

// Signed beacon wrapper for discovery phase security
message SignedBeacon {
  // The beacon data (serialized beacon protobuf)
  bytes beacon_data = 1;

  // Device ID of signer (hex string)
  string signer_device_id = 2;

  // Ed25519 signature over beacon_data
  bytes signature = 3;

  // Signer's certificate (included periodically, not every beacon)
  optional bytes signer_certificate = 4;
}

// Security error details for protocol messages
message SecurityError {
  // Error code (e.g., "CERT_EXPIRED", "INVALID_SIGNATURE")
  string code = 1;

  // Human-readable error message
  string message = 2;

  // Device ID involved (if applicable)
  optional string device_id = 3;
}