go.crypto/blowfish: allow shorter passwords.
bcrypt didn't allow one, two and three letter passwords which is a
policy decision best left to the user of the code. Some users have
legacy issues which require such short passwords to be processed.
LGTM=bradfitz
R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/81800044
diff --git a/bcrypt/bcrypt_test.go b/bcrypt/bcrypt_test.go
index f949103..f08a6f5 100644
--- a/bcrypt/bcrypt_test.go
+++ b/bcrypt/bcrypt_test.go
@@ -53,6 +53,15 @@
}
}
+func TestVeryShortPasswords(t *testing.T) {
+ key := []byte("k")
+ salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
+ _, err := bcrypt(key, 10, salt)
+ if err != nil {
+ t.Errorf("One byte key resulted in error: %s", err)
+ }
+}
+
func TestTooLongPasswordsWork(t *testing.T) {
salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
// One byte over the usual 56 byte limit that blowfish has
diff --git a/blowfish/blowfish_test.go b/blowfish/blowfish_test.go
index 1038d2e..f57d353 100644
--- a/blowfish/blowfish_test.go
+++ b/blowfish/blowfish_test.go
@@ -192,19 +192,13 @@
}
func TestSaltedCipherKeyLength(t *testing.T) {
- var key []byte
- for i := 0; i < 4; i++ {
- _, err := NewSaltedCipher(key, []byte{'a'})
- if err != KeySizeError(i) {
- t.Errorf("NewSaltedCipher with short key, gave error %#v, expected %#v", err, KeySizeError(i))
- }
- key = append(key, 'a')
+ if _, err := NewSaltedCipher(nil, []byte{'a'}); err != KeySizeError(0) {
+ t.Errorf("NewSaltedCipher with short key, gave error %#v, expected %#v", err, KeySizeError(0))
}
// A 57-byte key. One over the typical blowfish restriction.
- key = []byte("012345678901234567890123456789012345678901234567890123456")
- _, err := NewSaltedCipher(key, []byte{'a'})
- if err != nil {
+ key := []byte("012345678901234567890123456789012345678901234567890123456")
+ if _, err := NewSaltedCipher(key, []byte{'a'}); err != nil {
t.Errorf("NewSaltedCipher with long key, gave error %#v", err)
}
}
diff --git a/blowfish/cipher.go b/blowfish/cipher.go
index fbefe78..d346684 100644
--- a/blowfish/cipher.go
+++ b/blowfish/cipher.go
@@ -26,11 +26,10 @@
}
// NewCipher creates and returns a Cipher.
-// The key argument should be the Blowfish key, 4 to 56 bytes.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
func NewCipher(key []byte) (*Cipher, error) {
var result Cipher
- k := len(key)
- if k < 4 || k > 56 {
+ if k := len(key); k < 1 || k > 56 {
return nil, KeySizeError(k)
}
initCipher(key, &result)
@@ -44,8 +43,7 @@
// bytes. Only the first 16 bytes of salt are used.
func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
var result Cipher
- k := len(key)
- if k < 4 {
+ if k := len(key); k < 1 {
return nil, KeySizeError(k)
}
initCipher(key, &result)
