From 74f7d0f03de292474ed16500575aee45758fa491 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 6 Jul 2020 14:28:12 -0400 Subject: [PATCH] Duplicate sensitive buffer and buffer length information Detect FI attacks on buffer pointers and buffer lengths. Signed-off-by: Andrzej Kurek --- library/aes.c | 21 ++++++++++++++++++--- library/ccm.c | 39 +++++++++++++++++++++++++++++++++++++++ library/entropy.c | 24 ++++++++++++++++++++++-- library/hmac_drbg.c | 31 +++++++++++++++++++++++++++++-- library/sha256.c | 21 +++++++++++++++++---- library/ssl_cli.c | 6 +++++- library/ssl_srv.c | 16 +++++++++++++--- library/ssl_tls.c | 6 ++++++ tinycrypt/ecc.c | 7 ++++++- tinycrypt/ecc_dh.c | 18 ++++++++++++++++-- tinycrypt/ecc_dsa.c | 17 +++++++++++++++++ 11 files changed, 188 insertions(+), 18 deletions(-) diff --git a/library/aes.c b/library/aes.c index 57469873f..8cfb4ba2f 100644 --- a/library/aes.c +++ b/library/aes.c @@ -686,6 +686,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int flow_ctrl = 0; volatile unsigned int i = 0; volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile const unsigned char *key_dup = key; + volatile unsigned int keybits_dup = keybits; uint32_t *RK; uint32_t offset = 0; @@ -814,7 +816,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, #endif ) ) { - return ret; + if( keybits_dup == keybits && key_dup == key ) + { + return ret; + } } return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); @@ -1063,6 +1068,8 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, aes_r_data_t *aes_data_table[2]; // pointers to real and fake data int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS; volatile int flow_control; + volatile const unsigned char *input_dup = input; + volatile unsigned char *output_dup = output; // control bytes for AES calculation rounds, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; @@ -1163,7 +1170,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, if( flow_control == tindex + dummy_rounds + 8 ) { /* Validate control path due possible fault injection */ - return 0; + if( output_dup == output && input_dup == input ) + { + return 0; + } } return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); @@ -1342,6 +1352,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, aes_r_data_t *aes_data_table[2]; // pointers to real and fake data int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS; volatile int flow_control; + volatile const unsigned char *input_dup = input; + volatile unsigned char *output_dup = output; // control bytes for AES calculation rounds, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; @@ -1442,7 +1454,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, if( flow_control == tindex + dummy_rounds + 8 ) { /* Validate control path due possible fault injection */ - return 0; + if( output_dup == output && input_dup == input ) + { + return 0; + } } return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); diff --git a/library/ccm.c b/library/ccm.c index 750ec9e98..ab0540b57 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -77,6 +77,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; const mbedtls_cipher_info_t *cipher_info; + volatile const unsigned char *key_dup = key; + volatile unsigned int keybits_dup = keybits; CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( key != NULL ); @@ -99,6 +101,11 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, return( ret ); } + if( keybits_dup != keybits || key_dup != key ) + { + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } + return( ret ); } @@ -165,6 +172,15 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, unsigned char ctr[16]; const unsigned char *src; unsigned char *dst; + volatile size_t length_dup = length; + volatile const unsigned char *iv_dup = iv; + volatile size_t iv_len_dup = iv_len; + volatile const unsigned char *add_dup = add; + volatile size_t add_len_dup = add_len; + volatile const unsigned char *input_dup = input; + volatile unsigned char *output_dup = output; + volatile unsigned char *tag_dup = tag; + volatile size_t tag_len_dup = tag_len; /* * Check length requirements: SP800-38C A.1 @@ -316,6 +332,13 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, CTR_CRYPT( y, y, 16 ); mbedtls_platform_memcpy( tag, y, tag_len ); + if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len || + add_dup != add || add_len_dup != add_len || input_dup != input || + output_dup != output || tag_dup != tag || tag_len_dup != tag_len) + { + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } + return( ret ); } @@ -370,6 +393,15 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, unsigned char check_tag[16]; unsigned char i; int diff; + volatile size_t length_dup = length; + volatile const unsigned char *iv_dup = iv; + volatile size_t iv_len_dup = iv_len; + volatile const unsigned char *add_dup = add; + volatile size_t add_len_dup = add_len; + volatile const unsigned char *input_dup = input; + volatile unsigned char *output_dup = output; + volatile const unsigned char *tag_dup = tag; + volatile size_t tag_len_dup = tag_len; CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( iv != NULL ); @@ -395,6 +427,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } + if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len || + add_dup != add || add_len_dup != add_len || input_dup != input || + output_dup != output || tag_dup != tag || tag_len_dup != tag_len) + { + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } + return( ret ); } diff --git a/library/entropy.c b/library/entropy.c index f5d7d4021..8db3d94f1 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -143,6 +143,10 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, size_t threshold, int strong ) { int idx, ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile mbedtls_entropy_f_source_ptr f_source_dup = f_source; + volatile void *p_source_dup = p_source; + volatile size_t threshold_dup = threshold; + volatile int strong_dup = strong; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -170,6 +174,11 @@ exit: return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif + if( f_source_dup != f_source || p_source_dup != p_source || + threshold_dup != threshold || strong_dup != strong ) + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } return( ret ); } @@ -184,7 +193,8 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id size_t use_len = len; const unsigned char *p = data; int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; - + volatile const unsigned char *data_dup = data; + volatile size_t len_dup = len; if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) @@ -229,6 +239,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id cleanup: mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + if( len_dup != len || data_dup != data ) + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } return( ret ); } @@ -349,6 +363,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) int count = 0, i, done; mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + volatile void *data_dup = data; + volatile unsigned char *output_dup = output; + volatile size_t len_dup = len; if( len > MBEDTLS_ENTROPY_BLOCK_SIZE ) return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); @@ -456,7 +473,10 @@ exit: if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif - + if( data_dup != data || len_dup != len || output_dup != output ) + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } return( ret ); } diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index d197f24a1..ecca88034 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -81,6 +81,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, volatile unsigned int flow_counter = 0; unsigned char K[MBEDTLS_MD_MAX_SIZE]; int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile const unsigned char *additional_dup = additional; + volatile size_t add_len_dup = add_len; for( sep[0] = 0; sep[0] < rounds; sep[0]++ ) { @@ -143,7 +145,10 @@ exit: // Double check flow_counter if ( ( flow_counter == 7 ) || ( flow_counter == 16 ) ) { - return ret; // success, return 0 from ret + if( additional_dup == additional && add_len_dup == add_len ) + { + return ret; // success, return 0 from ret + } } } @@ -167,6 +172,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, const unsigned char *data, size_t data_len ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile const unsigned char *data_dup = data; + volatile size_t data_len_dup = data_len; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -183,7 +190,10 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) return( ret ); - + if( data_dup != data || data_len_dup != data_len ) + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } return( ret ); } @@ -200,6 +210,8 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, size_t seedlen = 0; size_t total_entropy_len; int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile const unsigned char *additional_dup = additional; + volatile size_t len_dup = len; if( use_nonce == HMAC_NONCE_NO ) total_entropy_len = ctx->entropy_len; @@ -264,6 +276,11 @@ exit: /* 4. Done */ mbedtls_platform_zeroize( seed, seedlen ); + if( additional_dup != additional || len_dup != len ) + { + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } + if ( ret != 0 ) return ret; @@ -299,6 +316,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, size_t len ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + int (* volatile f_entropy_dup)(void *, unsigned char *, size_t) = f_entropy; + volatile void *p_entropy_dup = p_entropy; + volatile const unsigned char *custom_dup = custom; + volatile size_t len_dup = len; + size_t md_size; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) @@ -339,6 +361,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, return( ret ); } + if( f_entropy != f_entropy_dup || p_entropy != p_entropy_dup || + custom_dup != custom || len_dup != len ) + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } return( ret ); } diff --git a/library/sha256.c b/library/sha256.c index 07b899d07..bf52eaea0 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -310,7 +310,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, int ret; size_t fill; uint32_t left; - + volatile const unsigned char *input_dup = input; + volatile size_t ilen_dup = ilen; + size_t ilen_change; SHA256_VALIDATE_RET( ctx != NULL ); SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -353,7 +355,12 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, /* Re-check ilen to protect from a FI attack */ if( ilen < 64 ) { - return( 0 ); + /* Re-check that the calculated offsets are correct */ + ilen_change = ilen_dup - ilen; + if( ( input_dup + ilen_change ) == input ) + { + return( 0 ); + } } return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); } @@ -472,8 +479,10 @@ int mbedtls_sha256_ret( const unsigned char *input, unsigned char output[32], int is224 ) { - int ret; + int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; mbedtls_sha256_context ctx; + volatile const unsigned char *input_dup = input; + volatile size_t ilen_dup = ilen; SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -493,7 +502,11 @@ int mbedtls_sha256_ret( const unsigned char *input, exit: mbedtls_sha256_free( &ctx ); - return( ret ); + if( input_dup == input && ilen_dup == ilen ) + { + return( ret ); + } + return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5c74386e0..24c73b534 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2796,10 +2796,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, volatile int ret = 0; unsigned char *p; unsigned char *end; + volatile unsigned char *buf_dup = buf; + volatile size_t buflen_dup = buflen; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); + ((void) buf_dup); + ((void) buflen_dup); p = buf + mbedtls_ssl_hs_hdr_len( ssl ); end = buf + buflen; @@ -3100,7 +3104,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, { mbedtls_platform_random_delay(); - if( ret == 0 ) + if( ret == 0 && buf_dup == buf && buflen_dup == buflen ) { #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2cd34b21f..d560d3516 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3286,6 +3286,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { + volatile size_t *signature_len_dup = signature_len; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); @@ -3673,7 +3674,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ - return( 0 ); + if( signature_len_dup == signature_len ) + { + return( 0 ); + } + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; } /* Prepare the ServerKeyExchange message and send it. For ciphersuites @@ -4218,6 +4223,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); unsigned char *p, *end; + volatile unsigned char *buf_dup = buf; + volatile size_t buflen_dup = buflen; p = buf + mbedtls_ssl_hs_hdr_len( ssl ); end = buf + buflen; @@ -4412,8 +4419,11 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - - return( ret ); + if( buf_dup == buf && buflen_dup == buflen ) + { + return( ret ); + } + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; } /* Update the handshake state */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4f41ac9fe..ad2dc9809 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -177,6 +177,8 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, size_t buflen ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + volatile unsigned char *buf_dup = buf; + volatile size_t buflen_dup = buflen; mbedtls_record rec; MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); @@ -228,6 +230,10 @@ exit: ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } + if( buf_dup != buf || buflen_dup != buflen ) + { + return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); return( ret ); } diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index ca91e12f4..27cef2e20 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -1234,11 +1234,13 @@ int uECC_valid_public_key(const uint8_t *public_key) return uECC_valid_point(_public); } -int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key) +int uECC_compute_public_key(const uint8_t * private_key, uint8_t * public_key) { int ret = UECC_FAULT_DETECTED; uECC_word_t _private[NUM_ECC_WORDS]; uECC_word_t _public[NUM_ECC_WORDS * 2]; + volatile const uint8_t * private_key_dup = private_key; + volatile const uint8_t * public_key_dup = public_key; uECC_vli_bytesToNative( _private, @@ -1264,5 +1266,8 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key) uECC_vli_nativeToBytes( public_key + NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS); + if(private_key_dup != private_key || public_key_dup != public_key){ + return UECC_FAULT_DETECTED; + } return ret; } diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c index a63c84bba..08805eb25 100644 --- a/tinycrypt/ecc_dh.c +++ b/tinycrypt/ecc_dh.c @@ -114,6 +114,8 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key) uECC_word_t _private[NUM_ECC_WORDS]; uECC_word_t _public[NUM_ECC_WORDS * 2]; uECC_word_t tries; + volatile uint8_t *public_key_dup = public_key; + volatile uint8_t *private_key_dup = private_key; for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { /* Generating _private uniformly at random: */ @@ -148,8 +150,12 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key) /* erasing temporary buffer that stored secret: */ mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES); - return UECC_SUCCESS; - } + if(private_key == private_key_dup && + public_key == public_key_dup){ + return UECC_SUCCESS; + } + return UECC_FAULT_DETECTED; + } } return UECC_FAILURE; } @@ -163,6 +169,10 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key, wordcount_t num_words = NUM_ECC_WORDS; wordcount_t num_bytes = NUM_ECC_BYTES; int r = UECC_FAULT_DETECTED; + volatile const uint8_t *public_key_dup = public_key; + volatile const uint8_t *private_key_dup = private_key; + volatile const uint8_t *secret_dup = secret; + /* Converting buffers to correct bit order: */ uECC_vli_bytesToNative(_private, @@ -180,6 +190,10 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key, /* erasing temporary buffer used to store secret: */ mbedtls_platform_zeroize(_private, sizeof(_private)); + if(public_key_dup != public_key || private_key_dup != private_key || + secret_dup != secret){ + return UECC_FAULT_DETECTED; + } return r; } diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index bb3ed813b..b2adb9e9c 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -146,6 +146,10 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash, uECC_word_t _random[2*NUM_ECC_WORDS]; uECC_word_t k[NUM_ECC_WORDS]; uECC_word_t tries; + volatile const uint8_t *private_key_dup = private_key; + volatile const uint8_t *message_hash_dup = message_hash; + volatile unsigned hash_size_dup = hash_size; + volatile uint8_t *signature_dup = signature; for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { /* Generating _random uniformly at random: */ @@ -164,6 +168,10 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash, return r; } if (r == UECC_SUCCESS) { + if(private_key_dup != private_key || message_hash_dup != message_hash || + hash_size_dup != hash_size || signature_dup != signature){ + return UECC_FAULT_DETECTED; + } return UECC_SUCCESS; } /* else keep trying */ @@ -194,6 +202,11 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, bitcount_t i; bitcount_t flow_control; volatile uECC_word_t diff; + volatile const uint8_t *public_key_dup = public_key; + volatile const uint8_t *message_hash_dup = message_hash; + volatile unsigned hash_size_dup = hash_size; + volatile const uint8_t *signature_dup = signature; + uECC_word_t _public[NUM_ECC_WORDS * 2]; uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS]; @@ -295,6 +308,10 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations. */ if (diff == 0 && flow_control == (num_bits + 5)) { + if(public_key_dup != public_key || message_hash_dup != message_hash || + hash_size_dup != hash_size || signature_dup != signature){ + return UECC_FAULT_DETECTED; + } return UECC_SUCCESS; } else {