fix: refuse creating new DAGs with insecure hash functions (SHA1)

core/commands/add.go

@@ -45,6 +45,7 @@ const (
 	hashOptionName        = "hash"
 	inlineOptionName      = "inline"
 	inlineLimitOptionName = "inline-limit"
+	forceHashOptionName   = "allow-insecure-hash"
 )
 
 const adderOutChanSize = 8
@@ -140,7 +141,9 @@ only-hash, and progress/status related flags) will change the final hash.
 		cmds.StringOption(hashOptionName, "Hash function to use. Implies CIDv1 if not sha2-256. (experimental)").WithDefault("sha2-256"),
 		cmds.BoolOption(inlineOptionName, "Inline small blocks into CIDs. (experimental)"),
 		cmds.IntOption(inlineLimitOptionName, "Maximum block size to inline. (experimental)").WithDefault(32),
+		cmds.BoolOption(forceHashOptionName, "Allow use of insecure hash functions.").WithDefault(false),
 	},
+
 	PreRun: func(req *cmds.Request, env cmds.Environment) error {
 		quiet, _ := req.Options[quietOptionName].(bool)
 		quieter, _ := req.Options[quieterOptionName].(bool)
@@ -166,6 +169,7 @@ only-hash, and progress/status related flags) will change the final hash.
 			return err
 		}
 
+
 		progress, _ := req.Options[progressOptionName].(bool)
 		trickle, _ := req.Options[trickleOptionName].(bool)
 		wrap, _ := req.Options[wrapOptionName].(bool)
@@ -181,11 +185,16 @@ only-hash, and progress/status related flags) will change the final hash.
 		inline, _ := req.Options[inlineOptionName].(bool)
 		inlineLimit, _ := req.Options[inlineLimitOptionName].(int)
 
-		hashFunCode, ok := mh.Names[strings.ToLower(hashFunStr)]
+		forceHash, _ := req.Options[forceHashOptionName].(bool)
+		loweredHash := strings.ToLower(hashFunStr)
+		hashFunCode, ok := mh.Names[loweredHash]
+		if !forceHash && loweredHash == "sha1" {
+			return fmt.Errorf("selected hash function is no longer secure; use --hash=sha2-256 or pass --allow-insecure-hash" )
+		}
 		if !ok {
 			return fmt.Errorf("unrecognized hash function: %s", strings.ToLower(hashFunStr))
 		}
-
+		
 		enc, err := cmdenv.GetCidEncoder(req)
 		if err != nil {
 			return err

test/sharness/t0047-add-forcehash.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+test_description="Test add force hash commands"
+
+. lib/test-lib.sh
+
+
+test_add_force_hash() {
+
+    test_expect_success "'ipfs add succeeds" '
+    echo "Hello Worlds!" >mountdir/hello.txt &&
+    ipfs add mountdir/hello.txt >actual
+    '
+
+     test_expect_success "ipfs add output looks good" '
+    HASH="QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH" &&
+    echo "added $HASH hello.txt" >expected &&
+    test_cmp expected actual
+  '
+    test_expect_success "'ipfs add --hash=sha2-256 succeeds" '
+    ipfs add --hash=sha2-256 mountdir/hello.txt >actual
+    '
+    test_expect_success "'ipfs add --hash=sha1 --allow-insecure-hash-function succeeds" '
+    ipfs add --hash=sha1 --allow-insecure-hash-function mountdir/hello.txt >actual
+    '
+    test_expect_success "'ipfs add --hash=sha2-256 --allow-insecure-hash-function succeeds" '
+    ipfs add --hash=sha2-256 --allow-insecure-hash-function mountdir/hello.txt >actual
+    '
+    test_expect_success "'ipfs add --allow-insecure-hash-function succeeds" '
+    ipfs add --hash=sha2-256 --allow-insecure-hash-function mountdir/hello.txt >actual
+    '
+    test_expect_success "ipfs add --allow-insecure-hash-function succeeds output looks good" '
+    HASH="QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH" &&
+    echo "added $HASH hello.txt" >expected &&
+    test_cmp expected actual
+    '
+    test_expect_failure "ipfs -add --hash=sha1 fails" '
+    ipfs add --hash=sha1 mountdir/hello.txt >actual
+    '
+
+    test_expect_failure 'ipfs -add --hash=sha1 correct out' '
+    test_cmp expected actual
+    '
+
+}
+
+test_init_ipfs
+test_add_force_hash
+
+test_launch_ipfs_daemon
+test_add_force_hash
+test_kill_ipfs_daemon
+
+test_done