verifcid

package
v0.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: Apache-2.0, MIT Imports: 4 Imported by: 22

Documentation

Overview

Package verifcid validates CIDs against configurable hash function allowlists.

ValidateCid checks that a CID's multihash uses an allowed hash function and that the digest size falls within the permitted range. The DefaultAllowlist permits common secure hash functions (SHA2, SHA3, BLAKE2, BLAKE3) and identity CIDs with constrained digest sizes.

Custom Allowlists

Use NewAllowlist to build a custom set of allowed hash functions, or NewOverridingAllowlist to extend an existing allowlist with overrides.

Index

Constants

View Source 
const (
	// DefaultMinDigestSize is the default minimum size for hash digests (except for identity hashes)
	DefaultMinDigestSize = 20
	// DefaultMaxDigestSize is the default maximum size for cryptographic hash digests.
	// This does not apply to identity hashes which are not cryptographic and use DefaultMaxIdentityDigestSize instead.
	DefaultMaxDigestSize = 128
	// DefaultMaxIdentityDigestSize is the default maximum size for identity CID digests.
	// Identity CIDs (with multihash code 0x00) are not cryptographic hashes - they embed
	// data directly in the CID. This separate limit prevents abuse while allowing
	// different size constraints than cryptographic digests.
	DefaultMaxIdentityDigestSize = 128
)

Variables

View Source 
var (
	ErrPossiblyInsecureHashFunction = errors.New("potentially insecure hash functions not allowed")
	ErrDigestTooSmall               = errors.New("digest too small")
	ErrDigestTooLarge               = errors.New("digest too large")

	// Deprecated: Use ErrDigestTooSmall instead
	ErrBelowMinimumHashLength = ErrDigestTooSmall
	// Deprecated: Use ErrDigestTooLarge instead
	ErrAboveMaximumHashLength = ErrDigestTooLarge
)
View Source 
var DefaultAllowlist defaultAllowlist

DefaultAllowlist is the default list of hashes allowed in IPFS.

Functions

func ValidateCid 

func ValidateCid(allowlist Allowlist, c cid.Cid) error

ValidateCid validates multihash allowance behind given CID.

Types

type Allowlist added in v0.12.0 

type Allowlist interface {
	// IsAllowed checks for multihash allowance by the code.
	IsAllowed(code uint64) bool

	// MinDigestSize returns the minimum digest size for a given multihash code.
	MinDigestSize(code uint64) int

	// MaxDigestSize returns the maximum digest size for a given multihash code.
	MaxDigestSize(code uint64) int
}

Allowlist defines an interface containing list of allowed multihashes.

func NewAllowlist added in v0.12.0 

func NewAllowlist(allowset map[uint64]bool) Allowlist

NewAllowlist constructs new Allowlist from the given map set.

func NewOverridingAllowlist added in v0.12.0 

func NewOverridingAllowlist(override Allowlist, allowset map[uint64]bool) Allowlist

NewOverridingAllowlist is like NewAllowlist but it will fallback to an other [AllowList] if keys are missing. If override is nil it will return unsecure for unknown things.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.