enable stack protector

trezor · Jul 31, 2014 · 524f2a9 · 524f2a9
1 parent a2eb43b
commit 524f2a9
Show file tree

Hide file tree

Showing 10 changed files with 27 additions and 94 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,14 +6,9 @@ FROM ubuntu:14.04
 
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE324A81C208C89497EFC6246D1D8367A3421AFB && echo "deb http://ppa.launchpad.net/terry.guo/gcc-arm-embedded/ubuntu trusty main" >> /etc/apt/sources.list && apt-get update
 
-# define used versions for pinning
-
-ENV GCC_ARM_VERSION    4-8-2014q2-0trusty10
-ENV LIBOPENCM3_GITREV  f6b6d62ec5628ebb0602c466ee9fd7a6070ef1f0
-ENV TREZOR_MCU_GITREV  v1.2.0
-
 # install build tools and dependencies
 
+ENV GCC_ARM_VERSION 4-8-2014q2-0trusty10
 RUN apt-get install -y build-essential git gcc-arm-none-eabi=$GCC_ARM_VERSION python
 
 # clone the source code
@@ -22,8 +17,10 @@ RUN git clone https://github.com/libopencm3/libopencm3 && git clone https://gith
 
 # build libopencm3
 
+ENV LIBOPENCM3_GITREV f6b6d62ec5628ebb0602c466ee9fd7a6070ef1f0
 RUN cd libopencm3 && git checkout $LIBOPENCM3_GITREV && make
 
 # build the firmware
 
+ENV TREZOR_MCU_GITREV v1.2.1
 RUN cd trezor-mcu && git checkout $TREZOR_MCU_GITREV && git submodule update --init && make && cd firmware && make
diff --git a/Makefile.include b/Makefile.include
@@ -35,6 +35,7 @@ CFLAGS   += $(OPTFLAGS) \
             -fvisibility=internal \
             -ffunction-sections \
             -fdata-sections \
+            -fstack-protector-all \
             -mcpu=cortex-m3 \
             -mthumb \
             -msoft-float \

diff --git a/firmware/Makefile b/firmware/Makefile
@@ -2,7 +2,6 @@ APPVER = 1.0.0
 
 NAME  = trezor
 
-OBJS += ssp.o
 OBJS += usb.o
 OBJS += messages.o
 OBJS += storage.o

diff --git a/firmware/ssp.c b/firmware/ssp.c
diff --git a/firmware/ssp.h b/firmware/ssp.h
diff --git a/firmware/storage.c b/firmware/storage.c
@@ -63,12 +63,15 @@ static char sessionPassphrase[51];
  0x0010 |  ?          |  Storage structure
  */
 
-#define STORAGE_VERSION 1
+#define STORAGE_VERSION 2
 
 void storage_from_flash(uint32_t version)
 {
 	switch (version) {
-		case 1:
+		case 1: // copy
+			memcpy(&storage, (void *)(FLASH_STORAGE_START + 4 + sizeof(storage_uuid)), sizeof(Storage));
+			break;
+		case 2: // copy
 			memcpy(&storage, (void *)(FLASH_STORAGE_START + 4 + sizeof(storage_uuid)), sizeof(Storage));
 			break;
 	}

diff --git a/firmware/transaction.c b/firmware/transaction.c
@@ -246,7 +246,7 @@ void tx_init(TxStruct *tx, uint32_t inputs_len, uint32_t outputs_len, uint32_t v
 
 bool tx_hash_input(TxStruct *t, TxInputType *input)
 {
-	uint8_t buf[512];
+	uint8_t buf[1024];
 	uint32_t r = tx_serialize_input(t, input->prev_hash.bytes, input->prev_index, input->script_sig.bytes, input->script_sig.size, input->sequence, buf);
 	if (!r) return false;
 	sha256_Update(&(t->ctx), buf, r);
@@ -255,7 +255,7 @@ bool tx_hash_input(TxStruct *t, TxInputType *input)
 
 bool tx_hash_output(TxStruct *t, TxOutputBinType *output)
 {
-	uint8_t buf[512];
+	uint8_t buf[1024];
 	uint32_t r = tx_serialize_output(t, output->amount, output->script_pubkey.bytes, output->script_pubkey.size, buf);
 	if (!r) return false;
 	sha256_Update(&(t->ctx), buf, r);

diff --git a/firmware/trezor.c b/firmware/trezor.c
@@ -24,18 +24,27 @@
 #include "usb.h"
 #include "setup.h"
 #include "storage.h"
+#include "layout.h"
 #include "layout2.h"
-#include "ssp.h"
+#include "rng.h"
+
+uint32_t __stack_chk_guard;
+
+void __attribute__((noreturn)) __stack_chk_fail(void)
+{
+	layoutDialog(DIALOG_ICON_ERROR, NULL, NULL, NULL, "Stack smashing", "detected.", NULL, "Please unplug", "the device.", NULL);
+	for (;;) {} // loop forever
+}
 
 int main(void)
 {
+	__stack_chk_guard = random32();
 #ifndef APPVER
 	setup();
 	oledInit();
 #else
 	setupApp();
 #endif
-//	__stack_chk_guard_setup();
 #if DEBUG_LINK
 	oledSetDebug(1);
 	storage_reset(); // wipe storage if debug link

diff --git a/firmware/trezor.h b/firmware/trezor.h
@@ -22,7 +22,7 @@
 
 #define VERSION_MAJOR 1
 #define VERSION_MINOR 2
-#define VERSION_PATCH 0
+#define VERSION_PATCH 1
 
 #define STR(X) #X
 #define VERSTR(X) STR(X)

diff --git a/serialno.c b/serialno.c
@@ -20,27 +20,17 @@
 #include <stdint.h>
 #include <string.h>
 
+#include <libopencm3/stm32/desig.h>
+
 #include "serialno.h"
 #include "util.h"
 #include "sha2.h"
 
-#if defined(STM32F4) || defined(STM32F2)
-#define UNIQUE_SERIAL_ADDR 0x1FFF7A10
-#elif defined(STM32F3)
-#define UNIQUE_SERIAL_ADDR 0x1FFFF7AC
-#elif defined(STM32L1)
-#define UNIQUE_SERIAL_ADDR 0x1FF80050
-#else // STM32F1
-#define UNIQUE_SERIAL_ADDR 0x1FFFF7E8
-#endif
-
 void fill_serialno_fixed(char *s)
 {
 	uint8_t uuid[32];
-	memcpy(uuid, (uint8_t *)UNIQUE_SERIAL_ADDR, 12);
-	memcpy(uuid + 12, (uint8_t *)UNIQUE_SERIAL_ADDR, 12);
-	memcpy(uuid + 24, (uint8_t *)UNIQUE_SERIAL_ADDR, 8);
-	sha256_Raw(uuid, 32, uuid);
+	desig_get_unique_id((uint32_t *)uuid);
+	sha256_Raw(uuid, 12, uuid);
 	sha256_Raw(uuid, 32, uuid);
 	data2hex(uuid, 12, s);
 }