Increase minimum Blowfish key length to 64 bits

See #1673

Also, skip tests if the provider doesn't support the given key length.

6 files changed, 36 insertions, 8 deletions

diff --git a/news.rst b/news.rst
index 44c636643..bf4703bad 100644
--- a/news.rst
+++ b/news.rst
@@ -73,6 +73,8 @@ Version 2.8.0, Not Yet Released
 
 * Optimizations for SM4
 
+* The minimum keylength allowed for Blowfish has been increased to 64 bits.
+
 * Avoid a cache side channel in the AES key schedule
 
 * Add ``pk_encrypt`` and ``pk_decrypt`` CLI operations
diff --git a/src/lib/block/blowfish/blowfish.h b/src/lib/block/blowfish/blowfish.h
index d5c318752..d3beb0386 100644
--- a/src/lib/block/blowfish/blowfish.h
+++ b/src/lib/block/blowfish/blowfish.h
@@ -15,7 +15,7 @@ namespace Botan {
 /**
 * Blowfish
 */
-class BOTAN_PUBLIC_API(2,0) Blowfish final : public Block_Cipher_Fixed_Params<8, 1, 56>
+class BOTAN_PUBLIC_API(2,0) Blowfish final : public Block_Cipher_Fixed_Params<8, 8, 56>
    {
    public:
       void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override;
diff --git a/src/lib/block/blowfish/info.txt b/src/lib/block/blowfish/info.txt
index cc72634df..25a6363c9 100644
--- a/src/lib/block/blowfish/info.txt
+++ b/src/lib/block/blowfish/info.txt
@@ -1,3 +1,3 @@
 <defines>
-BLOWFISH -> 20180718
+BLOWFISH -> 20180907
 </defines>
diff --git a/src/tests/data/block/blowfish.vec b/src/tests/data/block/blowfish.vec
index d4d6b7106..6b460fe5d 100644
--- a/src/tests/data/block/blowfish.vec
+++ b/src/tests/data/block/blowfish.vec
@@ -147,27 +147,31 @@ Key = F0
 In = FEDCBA9876543210
 Out = F9AD597C49DB005E
 
-Key = F0E1
+Key = F0F0F0F0F0F0F0F0
+In = FEDCBA9876543210
+Out = F9AD597C49DB005E
+
+Key = F0E1F0E1F0E1F0E1
 In = FEDCBA9876543210
 Out = E91D21C1D961A6D6
 
-Key = F0E1D2
+Key = F0E1D2F0E1D2F0E1D2
 In = FEDCBA9876543210
 Out = E9C2B70A1BC65CF3
 
-Key = F0E1D2C3
+Key = F0E1D2C3F0E1D2C3
 In = FEDCBA9876543210
 Out = BE1E639408640F05
 
-Key = F0E1D2C3B4
+Key = F0E1D2C3B4F0E1D2C3B4
 In = FEDCBA9876543210
 Out = B39E44481BDB1E6E
 
-Key = F0E1D2C3B4A5
+Key = F0E1D2C3B4A5F0E1D2C3B4A5
 In = FEDCBA9876543210
 Out = 9457AA83B1928C0D
 
-Key = F0E1D2C3B4A596
+Key = F0E1D2C3B4A596F0E1D2C3B4A596
 In = FEDCBA9876543210
 Out = 8BB77032F960629D
 
diff --git a/src/tests/test_block.cpp b/src/tests/test_block.cpp
index 66ef9e24b..a53ff2633 100644
--- a/src/tests/test_block.cpp
+++ b/src/tests/test_block.cpp
@@ -86,6 +86,17 @@ class Block_Cipher_Tests final : public Text_Based_Test
             cipher->encrypt(garbage);
             cipher->clear();
 
+            /*
+            * Different providers may have additional restrictions on key sizes.
+            * Avoid testing the cipher with a key size that it does not natively support.
+            */
+            if(!cipher->valid_keylength(key.size()))
+               {
+               result.test_note("Skipping test with provider " + provider +
+                                " as it does not support key length " + std::to_string(key.size()));
+               continue;
+               }
+
             cipher->set_key(key);
 
             if(tweak.size() > 0)
diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp
index bae94ca0f..6e3f76dc6 100644
--- a/src/tests/test_stream.cpp
+++ b/src/tests/test_stream.cpp
@@ -108,6 +108,17 @@ class Stream_Cipher_Tests final : public Text_Based_Test
                catch(Botan::Invalid_State&) {}
                }
 
+            /*
+            * Different providers may have additional restrictions on key sizes.
+            * Avoid testing the cipher with a key size that it does not natively support.
+            */
+            if(!cipher->valid_keylength(key.size()))
+               {
+               result.test_note("Skipping test with provider " + provider +
+                                " as it does not support key length " + std::to_string(key.size()));
+               continue;
+               }
+
             cipher->set_key(key);
 
             /*