TIMECOP
/ crypto_hashblocks

Primitives for crypto_hashblocks

This page lists all primitives grouped under operation crypto_hashblocks.

For each primitive, all listed implementations were checked across a number of compilers, compiler options, and hosts.

The progress bar shows the relative number of successes, fails, and errors:

  • Success. The constant-time checker didn't find any cases where the execution time of the tested code depends on secret data.
  • Fail. The execution time of the tested code depends on secret data.
  • Error.

Errors can have multiple causes:
  • The constant-time checker encountered an error and couldn't be completed.
  • Valgrind found memory issues, but none of them are related to constant-time checks.
  • The constant-time checker timed out after 6 minutes.
  • The tested code produced invalid results. More details can be found near the start of the output file. Example:
    crypto_aead_decrypt returns nonzero 

The absolute number of successes, fails, and errors is shown to the left of the progress bar.

The following code was used to flag secret data, and test implementations:

1void timecop_doit(void)
2{
3 poison(m, TUNE_BYTES);
4 return doit();
5}

Click an implementation to see all checked compiler options.

md5
Description
MD5 updating 16-byte state using 64-byte blocks
Designers
Ron Rivest
Implementations:
rfsb509
Description
RFSB-509 compression function updating 64-byte state using 48-byte blocks
Designers
Daniel J. Bernstein
Tanja Lange
Christiane Peters
Peter Schwabe
Implementations:
sha256
Description
SHA-256 updating 32-byte state using 64-byte blocks
Designers
NSA
Implementations:
sha512
Description
SHA-512 updating 64-byte state using 128-byte blocks
Designers
NSA
Implementations: