Developer Guide and Reference for Intel® Cryptography Primitives Library
A newer version of this document is available. Customers should click here to go to the newest version.
Visible to Intel only — GUID: GUID-92B02F47-A35C-4D4E-A7F7-52B0CE97CE4D
Visible to Intel only — GUID: GUID-92B02F47-A35C-4D4E-A7F7-52B0CE97CE4D
TDES Functions
The Triple Data Encryption Algorithm (TDEA) is a revised symmetric algorithm scheme built on the Data Encryption Standard (DES) system. The Triple DES (TDES) encryption process includes three consecutive DES operations in the encryption, decryption, and encryption (E-D-E) sequence again in accordance with the American standard FIPS 46-3. While AES (Rijndael) is preferred, TDEA is an approved cipher. Use implementations of AES where possible. In cases where using AES is impossible or inconvenient, use TDES functions.
Although the functions that support TDES operations require three sets of round keys, the functions can operate under TDES cipher system with a two-set round keys by simply setting the third set of round keys to be the same as the first set.
You can use the functions described in this section for performing various operational modes under the TDES cipher systems.
Intel® Cryptography Primitives Library supports ECB, CBC, CFB, and CTR modes. You can tell which algorithm a given function supports from the function base name, for example, the TDESEncryptECB function operates under the ECB mode.
The encryption function TDESEncryptCBC operates under the CBC mode using its cipher scheme and requires to have an initialization vector iv. Since there are a number of ways to initialize the initialization vector iv, you should remember which of them you used to be able to decrypt the message when needed.
The encryption function TDESEncryptCFB operates under the CFB mode using its cipher scheme and requires having the initialization vector pIV and CFB block size cfbBlkSize.
All functions described in this section use the context IppsDESSpec to serve as an operational vehicle that carries a set of round keys.
Application code for conducting a typical encryption under CBC mode using the TDES scheme must perform the following sequence of operations:
Get the size required to configure the context IppsDESSpec by calling the function DESGetSize.
Call operating system memory allocation service function to allocate three buffers whose sizes are not less than the one specified by the function DESGetSize. Initialize pointers to contexts pCtx1, pCtx2, and pCtx3 by calling the function DESInit three times, each with the allocated buffer and the respective DES key.
Specify the initialization vector and then call the function TDESEncryptCBC to encrypt the input data stream under CBC mode using TDES scheme.
Clean up secret data stored in the contexts.
Free the memory allocated to the buffer once TDES encryption under the CBC mode has been completed and the data structures allocated for set of round keys are no longer required.
The IppsDESSpec context is position-dependent. The DESPack/DESUnpack functions transform the position-dependent context to a position-independent form and vice versa.
Related Information