Merge pull request #384 from nspcc-dev/signature-limits

Author: roman-khimov

CHANGELOG.md

@@ -6,6 +6,7 @@
 - Support for initial placement policy of containers (#381)
 
 ### Changed
+- `key` and `sign` fields of `refs.Signature(RFC6979)` message now have a sane length limit (#384)
 
 ### Removed
 

proto-docs/refs.md

@@ -149,8 +149,8 @@ Signature of something in NeoFS.
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| key | [bytes](#bytes) |  | Public key used for signing. For N3 `scheme`, the field represents a verification script. |
-| sign | [bytes](#bytes) |  | Signature. For N3 `scheme`, the field represents an invocation script. |
+| key | [bytes](#bytes) |  | Public key used for signing. For N3 `scheme`, the field represents a verification script. The maximum allowed length is 1024 bytes. |
+| sign | [bytes](#bytes) |  | Signature. For N3 `scheme`, the field represents an invocation script. The maximum allowed length is 1024 bytes. |
 | scheme | [SignatureScheme](#neo.fs.v2.refs.SignatureScheme) |  | Scheme contains digital signature scheme identifier |
 
 
@@ -162,8 +162,8 @@ RFC 6979 signature.
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| key | [bytes](#bytes) |  | Public key used for signing. For N3 auth scheme, the field represents a verification script. |
-| sign | [bytes](#bytes) |  | Deterministic ECDSA with SHA-256 hashing. For N3 auth scheme, the field represents an invocation script. |
+| key | [bytes](#bytes) |  | Public key used for signing. For N3 auth scheme, the field represents a verification script. The maximum allowed length is 1024 bytes. |
+| sign | [bytes](#bytes) |  | Deterministic ECDSA with SHA-256 hashing. For N3 auth scheme, the field represents an invocation script. The maximum allowed length is 1024 bytes. |
 
 
 <a name="neo.fs.v2.refs.SubnetID"></a>

refs/types.proto

@@ -106,9 +106,10 @@ message Version {
 // Signature of something in NeoFS.
 message Signature {
   // Public key used for signing. For N3 `scheme`, the field represents a
-  // verification script.
+  // verification script. The maximum allowed length is 1024 bytes.
   bytes key = 1 [json_name = "key"];
-  // Signature. For N3 `scheme`, the field represents an invocation script.
+  // Signature. For N3 `scheme`, the field represents an invocation script. The
+  // maximum allowed length is 1024 bytes.
   bytes sign = 2 [json_name = "signature"];
   // Scheme contains digital signature scheme identifier
   SignatureScheme scheme = 3 [json_name = "scheme"];
@@ -133,10 +134,10 @@ enum SignatureScheme {
 // RFC 6979 signature.
 message SignatureRFC6979 {
   // Public key used for signing. For N3 auth scheme, the field represents a
-  // verification script.
+  // verification script. The maximum allowed length is 1024 bytes.
   bytes key = 1 [json_name = "key"];
   // Deterministic ECDSA with SHA-256 hashing. For N3 auth scheme, the field
-  // represents an invocation script.
+  // represents an invocation script. The maximum allowed length is 1024 bytes.
   bytes sign = 2 [json_name = "signature"];
 }