Files
blowfish/include/blowfish/blowfish.h
T
avinal 1933265148 feat: security fixes and improved test coverages
Security Fixes

  1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction
  2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision
  3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes
  4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies
  5. Constants moved inside include guards (blowfish.h, blowfish2.h)

  Code Quality Fixes

  6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc
  7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14

  Test Fixes & Additions

  8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0
  9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added
  10. Key length tests — min (1 byte), max (56 bytes), and differing lengths
  11. Invalid key rejection tests — empty, over-length, and null keys
  12. Edge-case blocks — all-zero, all-ones, L==R
  13. Key avalanche tests — flipping each key bit produces large ciphertext changes
  14. Cross-instance consistency — same key → same output across instances
  15. Re-initialization tests — different key after re-init produces different output

Assisted-by: Claude Code

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-15 18:21:01 +05:30

40 lines
1.0 KiB
C++

// SPDX-FileCopyrightText: 2024 Avinal Kumar avinal.xlvii@gmail.com
// SPDX-License-Identifier: MIT
// Original Blowfish Algorithm copyright:
// SPDX-FileCopyrightText: 1997 Paul Kocher
#pragma once
#if !defined(BLOWFISH_BLOWFISH_H_)
#define BLOWFISH_BLOWFISH_H_
#include <array>
#include <cstdint>
#include <string>
static constexpr uint32_t BF_NUM_ROUNDS = 16;
static constexpr uint32_t BF_MAX_KEYBYTES = 56;
class Blowfish {
private:
std::array<uint32_t, BF_NUM_ROUNDS + 2> PArray{};
std::array<std::array<uint32_t, 256>, 4> Sboxes{};
uint32_t F(uint32_t x) const noexcept;
public:
Blowfish() = default;
explicit Blowfish(std::string const &key);
Blowfish(Blowfish const &) = delete;
Blowfish &operator=(const Blowfish &) = delete;
void initialize(const uint8_t *key, size_t keylen);
void initialize(const std::string &key);
void encrypt(uint32_t &xl, uint32_t &xr) noexcept;
void decrypt(uint32_t &xl, uint32_t &xr) noexcept;
~Blowfish();
};
#endif // BLOWFISH_BLOWFISH_H_