avinal 1933265148 feat: security fixes and improved test coverages
Security Fixes

  1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction
  2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision
  3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes
  4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies
  5. Constants moved inside include guards (blowfish.h, blowfish2.h)

  Code Quality Fixes

  6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc
  7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14

  Test Fixes & Additions

  8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0
  9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added
  10. Key length tests — min (1 byte), max (56 bytes), and differing lengths
  11. Invalid key rejection tests — empty, over-length, and null keys
  12. Edge-case blocks — all-zero, all-ones, L==R
  13. Key avalanche tests — flipping each key bit produces large ciphertext changes
  14. Cross-instance consistency — same key → same output across instances
  15. Re-initialization tests — different key after re-init produces different output

Assisted-by: Claude Code

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-15 18:21:01 +05:30
2021-03-07 23:31:28 +05:30

Blowfish and Blowfish2 Encryption Algorithm

Build Status

Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is not patented and license-free, and is available free for all uses.

Blowfish 2 was released in 2005. It has exactly the same design but has twice as many S tables and uses 64-bit integers instead of 32-bit integers. It no longer works on 64-bit blocks but on 128-bit blocks like AES. 128-bit block, 64 rounds, key up to 4224 bits.

About this project

This is a C++ implementation of the encryption algorithm.

How to use this in your project?

  1. You may fork it and use it like any other source file in your project. You only need blowfish.hpp and blowfish.cpp files. Just modify the header as per your convenience.

  2. If you are using CMake, the work is lot easier. You can add this as a git submodule. It isolates your project from this dependency.

  # In your project root type these commands
  git submodule add https://github.com/avinal/blowfish
  # considering this addition is your only change
  git commit -m "blowfish submodule added"
  git push origin main

Add this to your CMakeLists.txt as well.

Building

This library has no dependencies on any other code. Just a C++ compiler should be enough to build this. Although this library is supposed to be used under some other project, sometimes you may need to build this. Here are the prerequisites:

Here is how I install them on Fedora:

  sudo dnf install clang cmake g++ make ninja-build

Configure CMake, enabled debug for development purposes:

  cmake -B build -G Ninja -DCMAKE_BUILD_TYPE=Debug 

Build using configured generator:

  cmake --build build --config Debug

References

S
Description
Languages
C++ 97.4%
CMake 2.4%
Shell 0.2%