Commit Graph

7 Commits

Author SHA1 Message Date
avinal 1933265148 feat: security fixes and improved test coverages
Security Fixes

  1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction
  2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision
  3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes
  4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies
  5. Constants moved inside include guards (blowfish.h, blowfish2.h)

  Code Quality Fixes

  6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc
  7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14

  Test Fixes & Additions

  8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0
  9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added
  10. Key length tests — min (1 byte), max (56 bytes), and differing lengths
  11. Invalid key rejection tests — empty, over-length, and null keys
  12. Edge-case blocks — all-zero, all-ones, L==R
  13. Key avalanche tests — flipping each key bit produces large ciphertext changes
  14. Cross-instance consistency — same key → same output across instances
  15. Re-initialization tests — different key after re-init produces different output

Assisted-by: Claude Code

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-15 18:21:01 +05:30
avinal 612086dfb7 feat: add more robust tests
- add test to cover corner cases and known failure points

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2025-12-06 18:23:08 +05:30
avinal f9ae6fddfd Fix Blowfish and Blowfish2 correctness issues and improve initialization safety
In Blowfish
- Fix incorrect F-function byte extraction (critical bug).
- Correct key-schedule handling by using `uint8_t` key bytes.
- Initialize local variables in `initialize()` to prevent UB.
- Improve decrypt loop and XOR usage for clarity and correctness.

In Blowfish2
- Zero-initialize P-array and S-boxes to guarantee deterministic state.
- Fix incorrect key size comment (448 bits, not 4224 bits).
- Improve F-function byte extraction clarity.
- Normalize round loop logic and use XOR-assignment.

Others
- Replace macro `N` with `constexpr N`.
- Add `noexcept` to internal operations.
- Add `initialize(const uint8_t*, size_t)` overload for binary keys.
- Clean up readability and internal consistency across both ciphers.

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2025-12-04 21:11:16 +05:30
avinal 960c48573e feat: add blowfish2 128 bit implementation
- regular blowfish only uses 64 bits
- blowfish2 uses 128 bits like AES

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2024-09-17 12:25:32 +05:30
avinal ccc7e8b1e3 header files updated with uint32_t 2021-03-07 23:46:18 +05:30
avinal 0a366dcbd8 changed according to Google Guidelines 2021-03-06 23:12:59 +05:30
avinal 9fe7c09471 blowfish header file added 2021-02-16 17:48:29 +05:30