feat: security fixes and improved test coverages

Security Fixes

  1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction
  2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision
  3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes
  4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies
  5. Constants moved inside include guards (blowfish.h, blowfish2.h)

  Code Quality Fixes

  6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc
  7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14

  Test Fixes & Additions

  8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0
  9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added
  10. Key length tests — min (1 byte), max (56 bytes), and differing lengths
  11. Invalid key rejection tests — empty, over-length, and null keys
  12. Edge-case blocks — all-zero, all-ones, L==R
  13. Key avalanche tests — flipping each key bit produces large ciphertext changes
  14. Cross-instance consistency — same key → same output across instances
  15. Re-initialization tests — different key after re-init produces different output

Assisted-by: Claude Code

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
This commit is contained in:
2026-04-15 18:21:01 +05:30
parent 2b4c5a2a6f
commit 1933265148
10 changed files with 437 additions and 22 deletions
+39
View File
@@ -20,3 +20,42 @@ TEST("Blowfish Known Test Vectors") {
EXPECT_EQ(L, 0x424C4F57);
EXPECT_EQ(R, 0x46495348);
}
// Eric Young test vectors — official Blowfish KAT from Schneier's reference.
// Each entry: { key (hex bytes), plaintext_L, plaintext_R, cipher_L, cipher_R }
TEST("Blowfish Eric Young Test Vectors") {
struct TestVector {
const uint8_t key[8];
size_t keylen;
uint32_t plain_l, plain_r;
uint32_t cipher_l, cipher_r;
};
// Subset of the published Eric Young / SSLeay test vectors
static const TestVector vectors[] = {
{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
8, 0x00000000, 0x00000000, 0x4EF99745, 0x6198DD78},
{{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
8, 0xFFFFFFFF, 0xFFFFFFFF, 0x51866FD5, 0xB85ECB8A},
{{0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
8, 0x10000000, 0x00000001, 0x7D856F9A, 0x613063F2},
{{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
8, 0x11111111, 0x11111111, 0x61F9C380, 0x2281B096},
{{0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
8, 0x01234567, 0x89ABCDEF, 0x0ACEAB0F, 0xC6A0A28D},
};
for (const auto &v : vectors) {
Blowfish bf;
bf.initialize(v.key, v.keylen);
uint32_t L = v.plain_l, R = v.plain_r;
bf.encrypt(L, R);
EXPECT_EQ(L, v.cipher_l);
EXPECT_EQ(R, v.cipher_r);
bf.decrypt(L, R);
EXPECT_EQ(L, v.plain_l);
EXPECT_EQ(R, v.plain_r);
}
}