mirror of
https://github.com/avinal/blowfish.git
synced 2026-07-04 04:10:09 +05:30
feat: security fixes and improved test coverages
Security Fixes 1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction 2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision 3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes 4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies 5. Constants moved inside include guards (blowfish.h, blowfish2.h) Code Quality Fixes 6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc 7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14 Test Fixes & Additions 8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0 9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added 10. Key length tests — min (1 byte), max (56 bytes), and differing lengths 11. Invalid key rejection tests — empty, over-length, and null keys 12. Edge-case blocks — all-zero, all-ones, L==R 13. Key avalanche tests — flipping each key bit produces large ciphertext changes 14. Cross-instance consistency — same key → same output across instances 15. Re-initialization tests — different key after re-init produces different output Assisted-by: Claude Code Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
This commit is contained in:
@@ -5,6 +5,10 @@
|
||||
// SPDX-FileCopyrightText: 1997 Paul Kocher
|
||||
|
||||
#pragma once
|
||||
|
||||
#if !defined(BLOWFISH_BLOWFISH_H_)
|
||||
#define BLOWFISH_BLOWFISH_H_
|
||||
|
||||
#include <array>
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
@@ -12,9 +16,6 @@
|
||||
static constexpr uint32_t BF_NUM_ROUNDS = 16;
|
||||
static constexpr uint32_t BF_MAX_KEYBYTES = 56;
|
||||
|
||||
#if !defined(BLOWFISH_BLOWFISH_H_)
|
||||
#define BLOWFISH_BLOWFISH_H_
|
||||
|
||||
class Blowfish {
|
||||
private:
|
||||
std::array<uint32_t, BF_NUM_ROUNDS + 2> PArray{};
|
||||
@@ -25,6 +26,7 @@ public:
|
||||
Blowfish() = default;
|
||||
explicit Blowfish(std::string const &key);
|
||||
Blowfish(Blowfish const &) = delete;
|
||||
Blowfish &operator=(const Blowfish &) = delete;
|
||||
|
||||
void initialize(const uint8_t *key, size_t keylen);
|
||||
void initialize(const std::string &key);
|
||||
|
||||
@@ -5,6 +5,10 @@
|
||||
// SPDX-FileCopyrightText: 2005 Alexander Pukall
|
||||
|
||||
#pragma once
|
||||
|
||||
#if !defined(BLOWFISH_BLOWFISH2_H_)
|
||||
#define BLOWFISH_BLOWFISH2_H_
|
||||
|
||||
#include <array>
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
@@ -12,9 +16,6 @@
|
||||
static constexpr uint64_t BF2_NUM_ROUNDS = 64;
|
||||
static constexpr uint64_t BF2_MAX_KEYBYTES = 56;
|
||||
|
||||
#if !defined(BLOWFISH_BLOWFISH2_H_)
|
||||
#define BLOWFISH_BLOWFISH2_H_
|
||||
|
||||
class Blowfish2 {
|
||||
private:
|
||||
std::array<uint64_t, BF2_NUM_ROUNDS + 2> PArray{};
|
||||
@@ -33,6 +34,7 @@ public:
|
||||
|
||||
void encrypt(uint64_t &xl, uint64_t &xr) noexcept;
|
||||
void decrypt(uint64_t &xl, uint64_t &xr) noexcept;
|
||||
~Blowfish2();
|
||||
};
|
||||
|
||||
#endif // BLOWFISH_BLOWFISH2_H_
|
||||
|
||||
Reference in New Issue
Block a user