go.crypto/blowfish: allow shorter passwords.

bcrypt didn't allow one, two and three letter passwords which is a
policy decision best left to the user of the code. Some users have
legacy issues which require such short passwords to be processed.

LGTM=bradfitz
R=golang-codereviews, bradfitz
CC=golang-codereviews
https://golang.org/cl/81800044

bcrypt/bcrypt_test.go

@@ -53,6 +53,15 @@ func TestBcryptingIsCorrect(t *testing.T) {
 	}
 }
 
+func TestVeryShortPasswords(t *testing.T) {
+	key := []byte("k")
+	salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
+	_, err := bcrypt(key, 10, salt)
+	if err != nil {
+		t.Errorf("One byte key resulted in error: %s", err)
+	}
+}
+
 func TestTooLongPasswordsWork(t *testing.T) {
 	salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
 	// One byte over the usual 56 byte limit that blowfish has

blowfish/blowfish_test.go

@@ -192,19 +192,13 @@ func TestCipherDecrypt(t *testing.T) {
 }
 
 func TestSaltedCipherKeyLength(t *testing.T) {
-	var key []byte
-	for i := 0; i < 4; i++ {
-		_, err := NewSaltedCipher(key, []byte{'a'})
-		if err != KeySizeError(i) {
-			t.Errorf("NewSaltedCipher with short key, gave error %#v, expected %#v", err, KeySizeError(i))
-		}
-		key = append(key, 'a')
+	if _, err := NewSaltedCipher(nil, []byte{'a'}); err != KeySizeError(0) {
+		t.Errorf("NewSaltedCipher with short key, gave error %#v, expected %#v", err, KeySizeError(0))
 	}
 
 	// A 57-byte key. One over the typical blowfish restriction.
-	key = []byte("012345678901234567890123456789012345678901234567890123456")
-	_, err := NewSaltedCipher(key, []byte{'a'})
-	if err != nil {
+	key := []byte("012345678901234567890123456789012345678901234567890123456")
+	if _, err := NewSaltedCipher(key, []byte{'a'}); err != nil {
 		t.Errorf("NewSaltedCipher with long key, gave error %#v", err)
 	}
 }

blowfish/cipher.go

@@ -26,11 +26,10 @@ func (k KeySizeError) Error() string {
 }
 
 // NewCipher creates and returns a Cipher.
-// The key argument should be the Blowfish key, 4 to 56 bytes.
+// The key argument should be the Blowfish key, from 1 to 56 bytes.
 func NewCipher(key []byte) (*Cipher, error) {
 	var result Cipher
-	k := len(key)
-	if k < 4 || k > 56 {
+	if k := len(key); k < 1 || k > 56 {
 		return nil, KeySizeError(k)
 	}
 	initCipher(key, &result)
@@ -44,8 +43,7 @@ func NewCipher(key []byte) (*Cipher, error) {
 // bytes. Only the first 16 bytes of salt are used.
 func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
 	var result Cipher
-	k := len(key)
-	if k < 4 {
+	if k := len(key); k < 1 {
 		return nil, KeySizeError(k)
 	}
 	initCipher(key, &result)