Duplicate sensitive buffer and buffer length information

Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/aes.c

@@ -686,6 +686,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
     unsigned int flow_ctrl = 0;
     volatile unsigned int i = 0;
     volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile const unsigned char *key_dup = key;
+    volatile unsigned int keybits_dup = keybits;
     uint32_t *RK;
     uint32_t offset = 0;
 
@@ -814,7 +816,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
 #endif
     ) )
     {
-        return ret;
+        if( keybits_dup == keybits && key_dup == key )
+        {
+            return ret;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
@@ -1063,6 +1068,8 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1163,7 +1170,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
     if( flow_control == tindex + dummy_rounds + 8 )
     {
         /* Validate control path due possible fault injection */
-        return 0;
+        if( output_dup == output && input_dup == input )
+        {
+            return 0;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
@@ -1342,6 +1352,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1442,7 +1454,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
     if( flow_control == tindex + dummy_rounds + 8 )
     {
         /* Validate control path due possible fault injection */
-        return 0;
+        if( output_dup == output && input_dup == input )
+        {
+            return 0;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );

library/ccm.c

@@ -77,6 +77,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
+    volatile const unsigned char *key_dup = key;
+    volatile unsigned int keybits_dup = keybits;
 
     CCM_VALIDATE_RET( ctx != NULL );
     CCM_VALIDATE_RET( key != NULL );
@@ -99,6 +101,11 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
         return( ret );
     }
 
+    if( keybits_dup != keybits || key_dup != key )
+    {
+        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
+
     return( ret );
 }
 
@@ -165,6 +172,15 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     unsigned char ctr[16];
     const unsigned char *src;
     unsigned char *dst;
+    volatile size_t length_dup = length;
+    volatile const unsigned char *iv_dup = iv;
+    volatile size_t iv_len_dup = iv_len;
+    volatile const unsigned char *add_dup = add;
+    volatile size_t add_len_dup = add_len;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
+    volatile unsigned char *tag_dup = tag;
+    volatile size_t tag_len_dup = tag_len;
 
     /*
      * Check length requirements: SP800-38C A.1
@@ -316,6 +332,13 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     CTR_CRYPT( y, y, 16 );
     mbedtls_platform_memcpy( tag, y, tag_len );
 
+    if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
+        add_dup != add || add_len_dup != add_len || input_dup != input ||
+        output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
+    {
+        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
+
     return( ret );
 }
 
@@ -370,6 +393,15 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
     unsigned char check_tag[16];
     unsigned char i;
     int diff;
+    volatile size_t length_dup = length;
+    volatile const unsigned char *iv_dup = iv;
+    volatile size_t iv_len_dup = iv_len;
+    volatile const unsigned char *add_dup = add;
+    volatile size_t add_len_dup = add_len;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
+    volatile const unsigned char *tag_dup = tag;
+    volatile size_t tag_len_dup = tag_len;
 
     CCM_VALIDATE_RET( ctx != NULL );
     CCM_VALIDATE_RET( iv != NULL );
@@ -395,6 +427,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
         return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
+    if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
+        add_dup != add || add_len_dup != add_len || input_dup != input ||
+        output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
+    {
+        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
+
     return( ret );
 }
 

library/entropy.c

@@ -143,6 +143,10 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
                         size_t threshold, int strong )
 {
     int idx, ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile mbedtls_entropy_f_source_ptr f_source_dup = f_source;
+    volatile void *p_source_dup = p_source;
+    volatile size_t threshold_dup = threshold;
+    volatile int strong_dup = strong;
 
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -170,6 +174,11 @@ exit:
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
 #endif
 
+    if( f_source_dup != f_source || p_source_dup != p_source ||
+        threshold_dup != threshold || strong_dup != strong )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     return( ret );
 }
 
@@ -184,7 +193,8 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
     size_t use_len = len;
     const unsigned char *p = data;
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-
+    volatile const unsigned char *data_dup = data;
+    volatile size_t len_dup = len;
     if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
     {
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
@@ -229,6 +239,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
 cleanup:
     mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
 
+    if( len_dup != len || data_dup != data )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     return( ret );
 }
 
@@ -349,6 +363,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
     int count = 0, i, done;
     mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+    volatile void *data_dup = data;
+    volatile unsigned char *output_dup = output;
+    volatile size_t len_dup = len;
 
     if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
         return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
@@ -456,7 +473,10 @@ exit:
     if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
 #endif
-
+    if( data_dup != data || len_dup != len || output_dup != output )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     return( ret );
 }
 

library/hmac_drbg.c

@@ -81,6 +81,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
     volatile unsigned int flow_counter = 0;
     unsigned char K[MBEDTLS_MD_MAX_SIZE];
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile const unsigned char *additional_dup = additional;
+    volatile size_t add_len_dup = add_len;
 
     for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
     {
@@ -143,7 +145,10 @@ exit:
         // Double check flow_counter
         if ( ( flow_counter == 7 ) || ( flow_counter == 16 ) )
         {
-            return ret;   // success, return 0 from ret
+            if( additional_dup == additional && add_len_dup == add_len )
+            {
+                return ret;   // success, return 0 from ret
+            }
         }
     }
 
@@ -167,6 +172,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
                                 const unsigned char *data, size_t data_len )
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile const unsigned char *data_dup = data;
+    volatile size_t data_len_dup = data_len;
 
     if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
         return( ret );
@@ -183,7 +190,10 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
 
     if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
         return( ret );
-
+    if( data_dup != data || data_len_dup != data_len )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     return( ret );
 }
 
@@ -200,6 +210,8 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
     size_t seedlen = 0;
     size_t total_entropy_len;
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile const unsigned char *additional_dup = additional;
+    volatile size_t len_dup = len;
 
     if( use_nonce == HMAC_NONCE_NO )
         total_entropy_len = ctx->entropy_len;
@@ -264,6 +276,11 @@ exit:
     /* 4. Done */
     mbedtls_platform_zeroize( seed, seedlen );
 
+    if( additional_dup != additional || len_dup != len )
+    {
+        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
+
     if ( ret != 0 )
         return ret;
 
@@ -299,6 +316,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len )
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    int (* volatile f_entropy_dup)(void *, unsigned char *, size_t) = f_entropy;
+    volatile void *p_entropy_dup = p_entropy;
+    volatile const unsigned char *custom_dup = custom;
+    volatile size_t len_dup = len;
+
     size_t md_size;
 
     if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
@@ -339,6 +361,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
         return( ret );
     }
 
+    if( f_entropy != f_entropy_dup || p_entropy != p_entropy_dup ||
+        custom_dup != custom || len_dup != len )
+    {
+        ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     return( ret );
 }
 

library/sha256.c

@@ -310,7 +310,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
     int ret;
     size_t fill;
     uint32_t left;
-
+    volatile const unsigned char *input_dup = input;
+    volatile size_t ilen_dup = ilen;
+    size_t ilen_change;
     SHA256_VALIDATE_RET( ctx != NULL );
     SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
 
@@ -353,7 +355,12 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
     /* Re-check ilen to protect from a FI attack */
     if( ilen < 64 )
     {
-        return( 0 );
+        /* Re-check that the calculated offsets are correct */
+        ilen_change = ilen_dup - ilen;
+        if( ( input_dup + ilen_change ) == input )
+        {
+            return( 0 );
+        }
     }
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
@@ -472,8 +479,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
                         unsigned char output[32],
                         int is224 )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
     mbedtls_sha256_context ctx;
+    volatile const unsigned char *input_dup = input;
+    volatile size_t ilen_dup = ilen;
 
     SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
     SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
@@ -493,7 +502,11 @@ int mbedtls_sha256_ret( const unsigned char *input,
 exit:
     mbedtls_sha256_free( &ctx );
 
-    return( ret );
+    if( input_dup == input && ilen_dup == ilen )
+    {
+        return( ret );
+    }
+    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)

library/ssl_cli.c

@@ -2796,10 +2796,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
     volatile int ret = 0;
     unsigned char *p;
     unsigned char *end;
+    volatile unsigned char *buf_dup = buf;
+    volatile size_t buflen_dup = buflen;
 
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
+    ((void) buf_dup);
+    ((void) buflen_dup);
     p   = buf + mbedtls_ssl_hs_hdr_len( ssl );
     end = buf + buflen;
 
@@ -3100,7 +3104,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
         {
             mbedtls_platform_random_delay();
 
-            if( ret == 0 )
+            if( ret == 0 && buf_dup == buf && buflen_dup == buflen )
             {
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
                 /* We don't need the peer's public key anymore. Free it,

library/ssl_srv.c

@@ -3286,6 +3286,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
 static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                                             size_t *signature_len )
 {
+    volatile size_t *signature_len_dup = signature_len;
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
@@ -3673,7 +3674,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
 
-    return( 0 );
+    if( signature_len_dup == signature_len )
+    {
+        return( 0 );
+    }
+    return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
 }
 
 /* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -4218,6 +4223,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
     unsigned char *p, *end;
+    volatile unsigned char *buf_dup = buf;
+    volatile size_t buflen_dup = buflen;
 
     p = buf + mbedtls_ssl_hs_hdr_len( ssl );
     end = buf + buflen;
@@ -4412,8 +4419,11 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-
-    return( ret );
+    if( buf_dup == buf && buflen_dup == buflen )
+    {
+        return( ret );
+    }
+    return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
 }
 
 /* Update the handshake state */

library/ssl_tls.c

@@ -177,6 +177,8 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
                               size_t buflen )
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile unsigned char *buf_dup = buf;
+    volatile size_t buflen_dup = buflen;
     mbedtls_record rec;
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
@@ -228,6 +230,10 @@ exit:
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
     }
 
+    if( buf_dup != buf || buflen_dup != buflen )
+    {
+        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    }
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
     return( ret );
 }

tinycrypt/ecc.c

@@ -1234,11 +1234,13 @@ int uECC_valid_public_key(const uint8_t *public_key)
 	return uECC_valid_point(_public);
 }
 
-int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
+int uECC_compute_public_key(const uint8_t * private_key, uint8_t * public_key)
 {
 	int ret = UECC_FAULT_DETECTED;
 	uECC_word_t _private[NUM_ECC_WORDS];
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
+	volatile const uint8_t * private_key_dup = private_key;
+	volatile const uint8_t * public_key_dup = public_key;
 
 	uECC_vli_bytesToNative(
 	_private,
@@ -1264,5 +1266,8 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
 	uECC_vli_nativeToBytes(
 	public_key +
 	NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
+	if(private_key_dup != private_key || public_key_dup != public_key){
+	    return UECC_FAULT_DETECTED;
+	}
 	return ret;
 }

tinycrypt/ecc_dh.c

@@ -114,6 +114,8 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
 	uECC_word_t _private[NUM_ECC_WORDS];
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
 	uECC_word_t tries;
+	volatile uint8_t *public_key_dup = public_key;
+	volatile uint8_t *private_key_dup = private_key;
 
 	for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
 		/* Generating _private uniformly at random: */
@@ -148,8 +150,12 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
 			/* erasing temporary buffer that stored secret: */
 			mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES);
 
-      			return UECC_SUCCESS;
-    		}
+			if(private_key == private_key_dup &&
+               public_key == public_key_dup){
+			    return UECC_SUCCESS;
+			}
+			return UECC_FAULT_DETECTED;
+    	}
   	}
 	return UECC_FAILURE;
 }
@@ -163,6 +169,10 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
 	wordcount_t num_words = NUM_ECC_WORDS;
 	wordcount_t num_bytes = NUM_ECC_BYTES;
 	int r = UECC_FAULT_DETECTED;
+	volatile const uint8_t *public_key_dup = public_key;
+	volatile const uint8_t *private_key_dup = private_key;
+	volatile const uint8_t *secret_dup = secret;
+
 
 	/* Converting buffers to correct bit order: */
 	uECC_vli_bytesToNative(_private,
@@ -180,6 +190,10 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
 
 	/* erasing temporary buffer used to store secret: */
 	mbedtls_platform_zeroize(_private, sizeof(_private));
+	if(public_key_dup != public_key || private_key_dup != private_key ||
+	   secret_dup != secret){
+	    return UECC_FAULT_DETECTED;
+	 }
 
 	return r;
 }

tinycrypt/ecc_dsa.c

@@ -146,6 +146,10 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
 	uECC_word_t _random[2*NUM_ECC_WORDS];
 	uECC_word_t k[NUM_ECC_WORDS];
 	uECC_word_t tries;
+	volatile const uint8_t *private_key_dup = private_key;
+	volatile const uint8_t *message_hash_dup = message_hash;
+    volatile unsigned hash_size_dup = hash_size;
+    volatile uint8_t *signature_dup = signature;
 
 	for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
 		/* Generating _random uniformly at random: */
@@ -164,6 +168,10 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
 			return r;
 		}
 		if (r == UECC_SUCCESS) {
+		    if(private_key_dup != private_key || message_hash_dup != message_hash ||
+               hash_size_dup != hash_size || signature_dup != signature){
+		        return UECC_FAULT_DETECTED;
+		    }
 			return UECC_SUCCESS;
 		}
 		/* else keep trying */
@@ -194,6 +202,11 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
 	bitcount_t i;
 	bitcount_t flow_control;
 	volatile uECC_word_t diff;
+    volatile const uint8_t *public_key_dup = public_key;
+    volatile const uint8_t *message_hash_dup = message_hash;
+    volatile unsigned hash_size_dup = hash_size;
+    volatile const uint8_t *signature_dup = signature;
+
 
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
 	uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@@ -295,6 +308,10 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
 	     * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
 	     */
 		if (diff == 0 && flow_control == (num_bits + 5)) {
+		    if(public_key_dup != public_key || message_hash_dup != message_hash ||
+		       hash_size_dup != hash_size || signature_dup != signature){
+                return UECC_FAULT_DETECTED;
+            }
 			return UECC_SUCCESS;
 		}
 		else {