Permalink
Browse files

enable stack protector

  • Loading branch information...
prusnak committed Jul 30, 2014
1 parent a2eb43b commit 524f2a957afb66e6a869384aceaca1cb7f9cba60
Showing with 27 additions and 94 deletions.
  1. +3 −6 Dockerfile
  2. +1 −0 Makefile.include
  3. +0 −1 firmware/Makefile
  4. +0 −40 firmware/ssp.c
  5. +0 −26 firmware/ssp.h
  6. +5 −2 firmware/storage.c
  7. +2 −2 firmware/transaction.c
  8. +11 −2 firmware/trezor.c
  9. +1 −1 firmware/trezor.h
  10. +4 −14 serialno.c
@@ -6,14 +6,9 @@ FROM ubuntu:14.04

RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE324A81C208C89497EFC6246D1D8367A3421AFB && echo "deb http://ppa.launchpad.net/terry.guo/gcc-arm-embedded/ubuntu trusty main" >> /etc/apt/sources.list && apt-get update

# define used versions for pinning

ENV GCC_ARM_VERSION 4-8-2014q2-0trusty10
ENV LIBOPENCM3_GITREV f6b6d62ec5628ebb0602c466ee9fd7a6070ef1f0
ENV TREZOR_MCU_GITREV v1.2.0

# install build tools and dependencies

ENV GCC_ARM_VERSION 4-8-2014q2-0trusty10
RUN apt-get install -y build-essential git gcc-arm-none-eabi=$GCC_ARM_VERSION python

# clone the source code
@@ -22,8 +17,10 @@ RUN git clone https://github.com/libopencm3/libopencm3 && git clone https://gith

# build libopencm3

ENV LIBOPENCM3_GITREV f6b6d62ec5628ebb0602c466ee9fd7a6070ef1f0
RUN cd libopencm3 && git checkout $LIBOPENCM3_GITREV && make

# build the firmware

ENV TREZOR_MCU_GITREV v1.2.1
RUN cd trezor-mcu && git checkout $TREZOR_MCU_GITREV && git submodule update --init && make && cd firmware && make
@@ -35,6 +35,7 @@ CFLAGS += $(OPTFLAGS) \
-fvisibility=internal \
-ffunction-sections \
-fdata-sections \
-fstack-protector-all \
-mcpu=cortex-m3 \
-mthumb \
-msoft-float \
@@ -2,7 +2,6 @@ APPVER = 1.0.0

NAME = trezor

OBJS += ssp.o
OBJS += usb.o
OBJS += messages.o
OBJS += storage.o

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.
@@ -63,12 +63,15 @@ static char sessionPassphrase[51];
0x0010 | ? | Storage structure
*/

#define STORAGE_VERSION 1
#define STORAGE_VERSION 2

void storage_from_flash(uint32_t version)
{
switch (version) {
case 1:
case 1: // copy
memcpy(&storage, (void *)(FLASH_STORAGE_START + 4 + sizeof(storage_uuid)), sizeof(Storage));
break;
case 2: // copy
memcpy(&storage, (void *)(FLASH_STORAGE_START + 4 + sizeof(storage_uuid)), sizeof(Storage));
break;
}
@@ -246,7 +246,7 @@ void tx_init(TxStruct *tx, uint32_t inputs_len, uint32_t outputs_len, uint32_t v

bool tx_hash_input(TxStruct *t, TxInputType *input)
{
uint8_t buf[512];
uint8_t buf[1024];
uint32_t r = tx_serialize_input(t, input->prev_hash.bytes, input->prev_index, input->script_sig.bytes, input->script_sig.size, input->sequence, buf);
if (!r) return false;
sha256_Update(&(t->ctx), buf, r);
@@ -255,7 +255,7 @@ bool tx_hash_input(TxStruct *t, TxInputType *input)

bool tx_hash_output(TxStruct *t, TxOutputBinType *output)
{
uint8_t buf[512];
uint8_t buf[1024];
uint32_t r = tx_serialize_output(t, output->amount, output->script_pubkey.bytes, output->script_pubkey.size, buf);
if (!r) return false;
sha256_Update(&(t->ctx), buf, r);
@@ -24,18 +24,27 @@
#include "usb.h"
#include "setup.h"
#include "storage.h"
#include "layout.h"
#include "layout2.h"
#include "ssp.h"
#include "rng.h"

uint32_t __stack_chk_guard;

void __attribute__((noreturn)) __stack_chk_fail(void)
{
layoutDialog(DIALOG_ICON_ERROR, NULL, NULL, NULL, "Stack smashing", "detected.", NULL, "Please unplug", "the device.", NULL);
for (;;) {} // loop forever
}

int main(void)
{
__stack_chk_guard = random32();
#ifndef APPVER
setup();
oledInit();
#else
setupApp();
#endif
// __stack_chk_guard_setup();
#if DEBUG_LINK
oledSetDebug(1);
storage_reset(); // wipe storage if debug link
@@ -22,7 +22,7 @@

#define VERSION_MAJOR 1
#define VERSION_MINOR 2
#define VERSION_PATCH 0
#define VERSION_PATCH 1

#define STR(X) #X
#define VERSTR(X) STR(X)
@@ -20,27 +20,17 @@
#include <stdint.h>
#include <string.h>

#include <libopencm3/stm32/desig.h>

#include "serialno.h"
#include "util.h"
#include "sha2.h"

#if defined(STM32F4) || defined(STM32F2)
#define UNIQUE_SERIAL_ADDR 0x1FFF7A10
#elif defined(STM32F3)
#define UNIQUE_SERIAL_ADDR 0x1FFFF7AC
#elif defined(STM32L1)
#define UNIQUE_SERIAL_ADDR 0x1FF80050
#else // STM32F1
#define UNIQUE_SERIAL_ADDR 0x1FFFF7E8
#endif

void fill_serialno_fixed(char *s)
{
uint8_t uuid[32];
memcpy(uuid, (uint8_t *)UNIQUE_SERIAL_ADDR, 12);
memcpy(uuid + 12, (uint8_t *)UNIQUE_SERIAL_ADDR, 12);
memcpy(uuid + 24, (uint8_t *)UNIQUE_SERIAL_ADDR, 8);
sha256_Raw(uuid, 32, uuid);
desig_get_unique_id((uint32_t *)uuid);
sha256_Raw(uuid, 12, uuid);
sha256_Raw(uuid, 32, uuid);
data2hex(uuid, 12, s);
}

0 comments on commit 524f2a9

Please sign in to comment.