From 478c388df96cc11f72dc338e1440ce20d3c890ae Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Mon, 21 Feb 2022 11:54:46 +0300 Subject: [PATCH] [#55] container: add a comment about signature restrictions Signed-off-by: Evgenii Stratonikov --- container/service.proto | 15 ++++++++++----- proto-docs/container.md | 10 +++++----- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/container/service.proto b/container/service.proto index fae6d4c..05668d8 100644 --- a/container/service.proto +++ b/container/service.proto @@ -96,7 +96,8 @@ message PutRequest { // Container structure to register in NeoFS container.Container container = 1; - // Signature of a stable-marshalled container according to RFC-6979 + // Signature of a stable-marshalled container according to RFC-6979. + // Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. neo.fs.v2.refs.Signature signature =2; } // Body of container put request message. @@ -144,7 +145,8 @@ message DeleteRequest { // Identifier of the container to delete from NeoFS neo.fs.v2.refs.ContainerID container_id = 1; - // `ContainerID` signed with the container owner's key according to RFC-6979 + // `ContainerID` signed with the container owner's key according to RFC-6979. + // Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. neo.fs.v2.refs.Signature signature = 2; } // Body of container delete request message. @@ -207,7 +209,8 @@ message GetResponse { // Requested container structure Container container = 1; - // Signature of a stable-marshalled container according to RFC-6979 + // Signature of a stable-marshalled container according to RFC-6979. + // Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. neo.fs.v2.refs.Signature signature = 2; // Session token if the container was created within a session @@ -275,7 +278,8 @@ message SetExtendedACLRequest { // Extended ACL table to set for container neo.fs.v2.acl.EACLTable eacl = 1; - // Signature of stable-marshalled Extended ACL table according to RFC-6979 + // Signature of stable-marshalled Extended ACL table according to RFC-6979. + // Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. neo.fs.v2.refs.Signature signature = 2; } // Body of set extended acl request message. @@ -341,7 +345,8 @@ message GetExtendedACLResponse { // Extended ACL requested, if available neo.fs.v2.acl.EACLTable eacl = 1; - // Signature of stable-marshalled Extended ACL according to RFC-6979 + // Signature of stable-marshalled Extended ACL according to RFC-6979. + // Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. neo.fs.v2.refs.Signature signature = 2; // Session token if Extended ACL was set within a session diff --git a/proto-docs/container.md b/proto-docs/container.md index 80684db..6fc2fb9 100644 --- a/proto-docs/container.md +++ b/proto-docs/container.md @@ -259,7 +259,7 @@ smart contract, so signing algorithm must be supported by NeoVM. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | container_id | [neo.fs.v2.refs.ContainerID](#neo.fs.v2.refs.ContainerID) | | Identifier of the container to delete from NeoFS | -| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | `ContainerID` signed with the container owner's key according to RFC-6979 | +| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | `ContainerID` signed with the container owner's key according to RFC-6979. Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. | @@ -332,7 +332,7 @@ container creation. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | eacl | [neo.fs.v2.acl.EACLTable](#neo.fs.v2.acl.EACLTable) | | Extended ACL requested, if available | -| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of stable-marshalled Extended ACL according to RFC-6979 | +| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of stable-marshalled Extended ACL according to RFC-6979. Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. | | session_token | [neo.fs.v2.session.SessionToken](#neo.fs.v2.session.SessionToken) | | Session token if Extended ACL was set within a session | @@ -383,7 +383,7 @@ was already verified on container creation. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | container | [Container](#neo.fs.v2.container.Container) | | Requested container structure | -| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of a stable-marshalled container according to RFC-6979 | +| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of a stable-marshalled container according to RFC-6979. Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. | | session_token | [neo.fs.v2.session.SessionToken](#neo.fs.v2.session.SessionToken) | | Session token if the container was created within a session | @@ -461,7 +461,7 @@ additional signature checks. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | container | [Container](#neo.fs.v2.container.Container) | | Container structure to register in NeoFS | -| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of a stable-marshalled container according to RFC-6979 | +| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of a stable-marshalled container according to RFC-6979. Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. | @@ -514,7 +514,7 @@ reference. It will be taken from `EACLTable.container_id` field. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | eacl | [neo.fs.v2.acl.EACLTable](#neo.fs.v2.acl.EACLTable) | | Extended ACL table to set for container | -| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of stable-marshalled Extended ACL table according to RFC-6979 | +| signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of stable-marshalled Extended ACL table according to RFC-6979. Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256. |