SomeProgrammer 0 Newbie Poster

Hello everyone.
This is my first post here on Daniweb.

Recently I have been working on an AES encryption program using the OpenSSL library.

I am running into a small problem, there seems to be a buffer overflow and I cant seem to find the problem area. Or atleast I suspect it being a buffer overflow.

Here is my code:

/*
 * Used by the server to generate the salt, IV and key.
 */
int init_server_cipher(char* username, char* password)
{
    if ((strlen(username) > 64) || (strlen(password) > 64))
    {
        printf("%s\n", ERROR_MAX_BUFFER_LENGTH_EXCEEDS);
        return -1;
    }

    // Assign the username and password.
    strcpy_s(cipher_data.username, MAX_USERNAME_LENGTH, username);
    strcpy_s(cipher_data.password, MAX_PASSWORD_LENGTH, password);

    printf("init_server_cipher:\n");
    printf("cipher_data.username: %s\n", cipher_data.username);
    printf("cipher_data.password: %s\n", cipher_data.password);

    // Generate the salt, IV and then the key.
    generate_salt();
    generate_iv();
    generate_key();

    return 0;
}

/*
 * Used by the client to genreate the key from pre generated salt and IV.
 */
int init_client_cipher(char* username, char* password, char* salt, char* iv)
{
    if ((strlen(username) > 64) || (strlen(password) > 64))
    {
        printf("%s\n", ERROR_MAX_BUFFER_LENGTH_EXCEEDS);
        return -1;
    }

    // Assign the username, password, IV and salt.
    strcpy_s(cipher_data.username, MAX_USERNAME_LENGTH, username);
    strcpy_s(cipher_data.password, MAX_PASSWORD_LENGTH, password);
    strcpy_s(cipher_data.salt, MAX_SALT_LENGTH, salt);
    strcpy_s(cipher_data.iv, MAX_IV_LENGTH, iv);

    // Generate the key.
    generate_key();

    return 0;
}

/*
 * Encrypts the data.
 */
char* encrypt_data(char* plaintext)
{

}

/*
 * Decrypts the data.
 */
char* decrypt_data(char* ciphertext)
{

}

/*
* Generates a salt.
*/
void generate_salt()
{
    time_t ltime;

    // Generate 16 random byte values.
    srand(time(&ltime));
    for (int index = 0; index < MAX_SALT_LENGTH; index++)
        cipher_data.salt[index] = 126 + rand() / (RAND_MAX / (32 - 126 + 1) + 1);

    printf("\ngenerate_salt:\ncipher_data.salt: %s\n", cipher_data.salt);
}

/*
 * Generates an IV.
 */
void generate_iv()
{
    time_t ltime;

    // Generate 16 random byte values.
    srand(time(&ltime));
    for (int index = 0; index < MAX_IV_LENGTH; index++)
        cipher_data.iv[index] = 126 + rand() / (RAND_MAX / (32 - 126 + 1) + 1);
    printf("\ngenerate_iv:\ncipher_data.iv: %s\n", cipher_data.iv);
}

/*
 * Generates a key from the salt, IV, username and password.
 */
int generate_key()
{
    char* key_buffer;
    char hashed_key[SHA512_DIGEST_LENGTH];
    int key_len;

    // Calculate the length of the key.
    key_len = strlen(cipher_data.password) + strlen(cipher_data.salt) + strlen(cipher_data.iv);
    printf("\ngenerate_key:\nkey_len: %i\n", key_len);

    // Allocate memory for the key buffer.
    key_buffer = (char*)malloc(sizeof(char) * key_len + 1);
    if (key_buffer == NULL)
    {
        printf("%s\n", ERROR_FAILED_TO_ALLOCATE_MEMORY);

        return -1;
    }

    // Create the key buffer.
    strcpy_s(key_buffer, key_len, cipher_data.salt);
    strcpy_s(key_buffer, key_len, cipher_data.password);
    strcpy_s(key_buffer, key_len, cipher_data.iv);

    printf("\nkey_buffer: %s\n", key_buffer);

    // Hash the key buffer and generate the key.
    SHA512(key_buffer, strlen(key_buffer), hashed_key);

    strcpy_s(cipher_data.key, MAX_KEY_LENGTH, key_buffer);

    // Cleanup.
    free(key_buffer);

    return 0;
}

The output I am getting:

init_server_cipher:
cipher_data.username: USERNAME
cipher_data.password: PASSWORD

generate_salt:
cipher_data.salt: jz-5`sa.HN^/aGO@

generate_iv:
cipher_data.iv: jz-5`sa.HN^/aGO@USERNAME

generate_key:
key_len: 72

key_buffer: jz-5`sa.HN^/aGO@USERNAME

So my salt is being generated randomly (YAY).\
My IV is my salt with my 'username' appended to my salt. It is suppose to be a randomly generated string just like the salt.
And then my key buffer is my IV.... Where it is suppose to be my (salt + password + IV).

I suspect that there might be a buffer overflow due to the buffer values getting mixed out. However I am always using the secure version of any copy or concating functions when I'm working with strings.

Where is the problem?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.