Security Fixes 1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction 2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision 3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes 4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies 5. Constants moved inside include guards (blowfish.h, blowfish2.h) Code Quality Fixes 6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc 7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14 Test Fixes & Additions 8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0 9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added 10. Key length tests — min (1 byte), max (56 bytes), and differing lengths 11. Invalid key rejection tests — empty, over-length, and null keys 12. Edge-case blocks — all-zero, all-ones, L==R 13. Key avalanche tests — flipping each key bit produces large ciphertext changes 14. Cross-instance consistency — same key → same output across instances 15. Re-initialization tests — different key after re-init produces different output Assisted-by: Claude Code Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
Blowfish and Blowfish2 Encryption Algorithm
Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is not patented and license-free, and is available free for all uses.
Blowfish 2 was released in 2005. It has exactly the same design but has twice as many S tables and uses 64-bit integers instead of 32-bit integers. It no longer works on 64-bit blocks but on 128-bit blocks like AES. 128-bit block, 64 rounds, key up to 4224 bits.
About this project
This is a C++ implementation of the encryption algorithm.
How to use this in your project?
-
You may fork it and use it like any other source file in your project. You only need blowfish.hpp and blowfish.cpp files. Just modify the header as per your convenience.
-
If you are using CMake, the work is lot easier. You can add this as a git submodule. It isolates your project from this dependency.
# In your project root type these commands
git submodule add https://github.com/avinal/blowfish
# considering this addition is your only change
git commit -m "blowfish submodule added"
git push origin main
Add this to your CMakeLists.txt as well.
Building
This library has no dependencies on any other code. Just a C++ compiler should be enough to build this. Although this library is supposed to be used under some other project, sometimes you may need to build this. Here are the prerequisites:
- CMake
- G++ or Clang
- Make or Ninja Build or any other CMake compatible generator.
Here is how I install them on Fedora:
sudo dnf install clang cmake g++ make ninja-build
Configure CMake, enabled debug for development purposes:
cmake -B build -G Ninja -DCMAKE_BUILD_TYPE=Debug
Build using configured generator:
cmake --build build --config Debug