Developer Reference

Contents

TDES Functions

The TDES algorithm is considered weak due to known attacks on it. The functionality remains in the library, but the implementation will no longer be optimized and no security patches will be applied. A more secure alternative is available: AES. For more information, see
Transitioning the Use of Cryptographic Algorithms and Key Lengths
(https://csrc.nist.gov/CSRC/media/Publications/sp/800-131a/rev-2/draft/documents/sp800-131Ar2-draft.pdf),
Update to Current Use and Deprecation of TDEA
(https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA),
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
(https://sweet32.info/).
The Triple Data Encryption Algorithm (TDEA) is a revised symmetric algorithm scheme built on the Data Encryption Standard (DES) system. The Triple DES (TDES) encryption process includes three consecutive DES operations in the encryption, decryption, and encryption (E-D-E) sequence again in accordance with the American standard FIPS 46-3. While AES (Rijndael) is preferred, TDEA is an approved cipher. Use implementations of AES where possible. In cases where using AES is impossible or inconvenient, use TDES functions.
Although the functions that support TDES operations require three sets of round keys, the functions can operate under TDES cipher system with a two-set round keys by simply setting the third set of round keys to be the same as the first set.
You can use the functions described in this section for performing various operational modes under the TDES cipher systems.
Intel IPP functions for cryptography do not allocate memory internally. The
GetSize
function does not require allocated memory. You need to call the
GetSize
function to find out how much available memory you need to have to work with the selected algorithm and after that you call the initialization function to create a memory buffer and initialize it.
Intel IPP for cryptography supports ECB, CBC, CFB, and CTR modes. You can tell which algorithm a given function supports from the function base name, for example, the
TDESEncryptECB
function operates under the ECB mode.
The encryption function
TDESEncryptCBC
operates under the CBC mode using its cipher scheme and requires to have an initialization vector
iv
. Since there are a number of ways to initialize the initialization vector
iv
, you should remember which of them you used to be able to decrypt the message when needed.
The encryption function
TDESEncryptCFB
operates under the CFB mode using its cipher scheme and requires having the initialization vector
pIV
and CFB block size
cfbBlkSize
.
All functions described in this section use the context
IppsDESSpec
to serve as an operational vehicle that carries a set of round keys.
Application code for conducting a typical encryption under CBC mode using the TDES scheme must perform the following sequence of operations:
  1. Get the size required to configure the context
    IppsDESSpec
    by calling the function
    DESGetSize
    .
  2. Call operating system memory allocation service function to allocate three buffers whose sizes are not less than the one specified by the function
    DESGetSize
    . Initialize pointers to contexts
    pCtx1
    ,
    pCtx2
    , and
    pCtx3
    by calling the function
    DESInit
    three times, each with the allocated buffer and the respective DES key.
  3. Specify the initialization vector and then call the function
    TDESEncryptCBC
    to encrypt the input data stream under CBC mode using TDES scheme.
  4. Clean up secret data stored in the contexts.
  5. Free the memory allocated to the buffer once TDES encryption under the CBC mode has been completed and the data structures allocated for set of round keys are no longer required.
Similar procedure can be applied for ECB, CFB, and CTR mode operation.
The
IppsDESSpec
context is position-dependent. The
DESPack/DESUnpack
functions transform the position-dependent context to a position-independent form and vice versa.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.