Hello everyone.
This is my first post here on Daniweb.
Recently I have been working on an AES encryption program using the OpenSSL library.
I am running into a small problem, there seems to be a buffer overflow and I cant seem to find the problem area. Or atleast I suspect it being a buffer overflow.
Here is my code:
/*
* Used by the server to generate the salt, IV and key.
*/
int init_server_cipher(char* username, char* password)
{
if ((strlen(username) > 64) || (strlen(password) > 64))
{
printf("%s\n", ERROR_MAX_BUFFER_LENGTH_EXCEEDS);
return -1;
}
// Assign the username and password.
strcpy_s(cipher_data.username, MAX_USERNAME_LENGTH, username);
strcpy_s(cipher_data.password, MAX_PASSWORD_LENGTH, password);
printf("init_server_cipher:\n");
printf("cipher_data.username: %s\n", cipher_data.username);
printf("cipher_data.password: %s\n", cipher_data.password);
// Generate the salt, IV and then the key.
generate_salt();
generate_iv();
generate_key();
return 0;
}
/*
* Used by the client to genreate the key from pre generated salt and IV.
*/
int init_client_cipher(char* username, char* password, char* salt, char* iv)
{
if ((strlen(username) > 64) || (strlen(password) > 64))
{
printf("%s\n", ERROR_MAX_BUFFER_LENGTH_EXCEEDS);
return -1;
}
// Assign the username, password, IV and salt.
strcpy_s(cipher_data.username, MAX_USERNAME_LENGTH, username);
strcpy_s(cipher_data.password, MAX_PASSWORD_LENGTH, password);
strcpy_s(cipher_data.salt, MAX_SALT_LENGTH, salt);
strcpy_s(cipher_data.iv, MAX_IV_LENGTH, iv);
// Generate the key.
generate_key();
return 0;
}
/*
* Encrypts the data.
*/
char* encrypt_data(char* plaintext)
{
}
/*
* Decrypts the data.
*/
char* decrypt_data(char* ciphertext)
{
}
/*
* Generates a salt.
*/
void generate_salt()
{
time_t ltime;
// Generate 16 random byte values.
srand(time(<ime));
for (int index = 0; index < MAX_SALT_LENGTH; index++)
cipher_data.salt[index] = 126 + rand() / (RAND_MAX / (32 - 126 + 1) + 1);
printf("\ngenerate_salt:\ncipher_data.salt: %s\n", cipher_data.salt);
}
/*
* Generates an IV.
*/
void generate_iv()
{
time_t ltime;
// Generate 16 random byte values.
srand(time(<ime));
for (int index = 0; index < MAX_IV_LENGTH; index++)
cipher_data.iv[index] = 126 + rand() / (RAND_MAX / (32 - 126 + 1) + 1);
printf("\ngenerate_iv:\ncipher_data.iv: %s\n", cipher_data.iv);
}
/*
* Generates a key from the salt, IV, username and password.
*/
int generate_key()
{
char* key_buffer;
char hashed_key[SHA512_DIGEST_LENGTH];
int key_len;
// Calculate the length of the key.
key_len = strlen(cipher_data.password) + strlen(cipher_data.salt) + strlen(cipher_data.iv);
printf("\ngenerate_key:\nkey_len: %i\n", key_len);
// Allocate memory for the key buffer.
key_buffer = (char*)malloc(sizeof(char) * key_len + 1);
if (key_buffer == NULL)
{
printf("%s\n", ERROR_FAILED_TO_ALLOCATE_MEMORY);
return -1;
}
// Create the key buffer.
strcpy_s(key_buffer, key_len, cipher_data.salt);
strcpy_s(key_buffer, key_len, cipher_data.password);
strcpy_s(key_buffer, key_len, cipher_data.iv);
printf("\nkey_buffer: %s\n", key_buffer);
// Hash the key buffer and generate the key.
SHA512(key_buffer, strlen(key_buffer), hashed_key);
strcpy_s(cipher_data.key, MAX_KEY_LENGTH, key_buffer);
// Cleanup.
free(key_buffer);
return 0;
}
The output I am getting:
init_server_cipher:
cipher_data.username: USERNAME
cipher_data.password: PASSWORD
generate_salt:
cipher_data.salt: jz-5`sa.HN^/aGO@
generate_iv:
cipher_data.iv: jz-5`sa.HN^/aGO@USERNAME
generate_key:
key_len: 72
So my salt is being generated randomly (YAY).\
My IV is my salt with my 'username' appended to my salt. It is suppose to be a randomly generated string just like the salt.
And then my key buffer is my IV.... Where it is suppose to be my (salt + password + IV).
I suspect that there might be a buffer overflow due to the buffer values getting mixed out. However I am always using the secure version of any copy or concating functions when I'm working with strings.
Where is the problem?