mirror of
https://github.com/avinal/blowfish.git
synced 2026-07-04 04:10:09 +05:30
1933265148
Security Fixes 1. Blowfish2 destructor added (blowfish2.h, blowfish2.cc) — zeros PArray and Sboxes on destruction 2. Secure memory zeroing (blowfish.cc, blowfish2.cc) — both destructors now use volatile pointer writes to prevent compiler elision 3. Input validation (blowfish.cc, blowfish2.cc) — initialize() now throws std::invalid_argument for null key, empty key, or key > 56 bytes 4. Copy assignment deleted (blowfish.h) — prevents accidental key material copies 5. Constants moved inside include guards (blowfish.h, blowfish2.h) Code Quality Fixes 6. Typo fixed — BF_SBOX_INT → BF_SBOX_INIT in blowfish.cc 7. CMake standard fixed — blowfish2 target now requires cxx_std_17 instead of cxx_std_14 Test Fixes & Additions 8. Fixed "no fixed points" bug (test_properties.cpp) — L is no longer always 0 9. Eric Young KAT vectors (test_vectors.cpp) — 5 official Blowfish test vectors added 10. Key length tests — min (1 byte), max (56 bytes), and differing lengths 11. Invalid key rejection tests — empty, over-length, and null keys 12. Edge-case blocks — all-zero, all-ones, L==R 13. Key avalanche tests — flipping each key bit produces large ciphertext changes 14. Cross-instance consistency — same key → same output across instances 15. Re-initialization tests — different key after re-init produces different output Assisted-by: Claude Code Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
62 lines
1.9 KiB
C++
62 lines
1.9 KiB
C++
// SPDX-FileCopyrightText: 2025 Avinal Kumar avinal.xlvii@gmail.com
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
#include "test_framework.h"
|
|
#include <blowfish/blowfish.h>
|
|
|
|
// Known Answer Tests (KAT): Validate Blowfish output against fixed reference
|
|
// vectors to ensure algorithmic correctness.
|
|
TEST("Blowfish Known Test Vectors") {
|
|
Blowfish bf("abcdefghijklmnopqrstuvwxyz");
|
|
|
|
uint32_t L = 0x424C4F57; // "BLOW"
|
|
uint32_t R = 0x46495348; // "FISH"
|
|
|
|
bf.encrypt(L, R);
|
|
EXPECT_EQ(L, 0x324ED0FE);
|
|
EXPECT_EQ(R, 0xF413A203);
|
|
|
|
bf.decrypt(L, R);
|
|
EXPECT_EQ(L, 0x424C4F57);
|
|
EXPECT_EQ(R, 0x46495348);
|
|
}
|
|
|
|
// Eric Young test vectors — official Blowfish KAT from Schneier's reference.
|
|
// Each entry: { key (hex bytes), plaintext_L, plaintext_R, cipher_L, cipher_R }
|
|
TEST("Blowfish Eric Young Test Vectors") {
|
|
struct TestVector {
|
|
const uint8_t key[8];
|
|
size_t keylen;
|
|
uint32_t plain_l, plain_r;
|
|
uint32_t cipher_l, cipher_r;
|
|
};
|
|
|
|
// Subset of the published Eric Young / SSLeay test vectors
|
|
static const TestVector vectors[] = {
|
|
{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
8, 0x00000000, 0x00000000, 0x4EF99745, 0x6198DD78},
|
|
{{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
|
|
8, 0xFFFFFFFF, 0xFFFFFFFF, 0x51866FD5, 0xB85ECB8A},
|
|
{{0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
8, 0x10000000, 0x00000001, 0x7D856F9A, 0x613063F2},
|
|
{{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
|
|
8, 0x11111111, 0x11111111, 0x61F9C380, 0x2281B096},
|
|
{{0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
|
|
8, 0x01234567, 0x89ABCDEF, 0x0ACEAB0F, 0xC6A0A28D},
|
|
};
|
|
|
|
for (const auto &v : vectors) {
|
|
Blowfish bf;
|
|
bf.initialize(v.key, v.keylen);
|
|
|
|
uint32_t L = v.plain_l, R = v.plain_r;
|
|
bf.encrypt(L, R);
|
|
EXPECT_EQ(L, v.cipher_l);
|
|
EXPECT_EQ(R, v.cipher_r);
|
|
|
|
bf.decrypt(L, R);
|
|
EXPECT_EQ(L, v.plain_l);
|
|
EXPECT_EQ(R, v.plain_r);
|
|
}
|
|
}
|