feat: add blake3 as a good hash

This include fixing versions, adding tests, restraining blake3 to 20 <= x <= 128 bytes of length, improving error messages, fixing deprecation warnings. This commit was moved from ipfs/go-verifcid@71377ec
ipfs · Aug 12, 2022 · 912fc33 · 912fc33
1 parent 86d8e7b
commit 912fc33
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/verifcid/validate.go b/verifcid/validate.go
@@ -2,15 +2,16 @@ package verifcid
 
 import (
 	"fmt"
-
 	cid "github.com/ipfs/go-cid"
 	mh "github.com/multiformats/go-multihash"
 )
 
 var ErrPossiblyInsecureHashFunction = fmt.Errorf("potentially insecure hash functions not allowed")
-var ErrBelowMinimumHashLength = fmt.Errorf("hashes must be at %d least bytes long", minimumHashLength)
+var ErrBelowMinimumHashLength = fmt.Errorf("hashes must be at least %d bytes long", minimumHashLength)
+var ErrAboveMaximumHashLength = fmt.Errorf("hashes must be at most %d bytes long", maximumHashLength)
 
 const minimumHashLength = 20
+const maximumHashLength = 128
 
 var goodset = map[uint64]bool{
 	mh.SHA2_256:     true,
@@ -25,7 +26,8 @@ var goodset = map[uint64]bool{
 	mh.KECCAK_256:   true,
 	mh.KECCAK_384:   true,
 	mh.KECCAK_512:   true,
-	mh.ID:           true,
+	mh.BLAKE3:       true,
+	mh.IDENTITY:     true,
 
 	mh.SHA1: true, // not really secure but still useful
 }
@@ -54,9 +56,13 @@ func ValidateCid(c cid.Cid) error {
 		return ErrPossiblyInsecureHashFunction
 	}
 
-	if pref.MhType != mh.ID && pref.MhLength < minimumHashLength {
+	if pref.MhType != mh.IDENTITY && pref.MhLength < minimumHashLength {
 		return ErrBelowMinimumHashLength
 	}
 
+	if pref.MhType != mh.IDENTITY && pref.MhLength > maximumHashLength {
+		return ErrAboveMaximumHashLength
+	}
+
 	return nil
 }
diff --git a/verifcid/validate_test.go b/verifcid/validate_test.go
@@ -35,7 +35,7 @@ func TestValidateCids(t *testing.T) {
 	mhcid := func(code uint64, length int) cid.Cid {
 		mhash, err := mh.Sum([]byte{}, code, length)
 		if err != nil {
-			t.Fatal(err)
+			t.Fatalf("%v: code: %x length: %d", err, code, length)
 		}
 		return cid.NewCidV1(cid.DagCBOR, mhash)
 	}
@@ -46,7 +46,10 @@ func TestValidateCids(t *testing.T) {
 	}{
 		{mhcid(mh.SHA2_256, 32), nil},
 		{mhcid(mh.SHA2_256, 16), ErrBelowMinimumHashLength},
-		{mhcid(mh.MURMUR3, 4), ErrPossiblyInsecureHashFunction},
+		{mhcid(mh.MURMUR3X64_64, 4), ErrPossiblyInsecureHashFunction},
+		{mhcid(mh.BLAKE3, 32), nil},
+		{mhcid(mh.BLAKE3, 69), nil},
+		{mhcid(mh.BLAKE3, 128), nil},
 	}
 
 	for i, cas := range cases {
@@ -56,4 +59,12 @@ func TestValidateCids(t *testing.T) {
 		}
 	}
 
+	longBlake3Hex := "1e810104e0bb39f30b1a3feb89f536c93be15055482df748674b00d26e5a75777702e9791074b7511b59d31c71c62f5a745689fa6c9497f68bdf1061fe07f518d410c0b0c27f41b3cf083f8a7fdc67a877e21790515762a754a45dcb8a356722698a7af5ed2bb608983d5aa75d4d61691ef132efe8631ce0afc15553a08fffc60ee9369b"
+	longBlake3Mh, err := mh.FromHexString(longBlake3Hex)
+	if err != nil {
+		t.Fatalf("failed to produce a multihash from the long blake3 hash: %v", err)
+	}
+	if ValidateCid(cid.NewCidV1(cid.DagCBOR, longBlake3Mh)) != ErrAboveMaximumHashLength {
+		t.Errorf("a CID that was longer than the maximum hash length did not error with ErrAboveMaximumHashLength")
+	}
 }