TDES/3DES functions

Edit online

Use the provided TDES/3DES functions for data encryption in various operation modes.

These functions are declared in: include/ica_api.h.

These functions perform encryption and decryption or computation and verification of message authentication codes using a triple-DES (3DES, TDES or TDEA) key. A 3DES key consists of a concatenation of three DES keys, each of which has a size of 8 bytes. Note that each byte of a DES key contains one parity bit, such that each 64-bit DES key contains only 56 security-relevant bits. The cipher block size for 3DES is 8 bytes.

3DES is known in two variants: a two key variant and a three key variant. This library implements only the three key variant. The two key variant can be derived from functions for the three key variant by using the same key as the first and third key.

To securely apply 3DES encryption to messages that are longer than the cipher block size, modes of operation can be used to chain multiple encryption, decryption, or authentication operations. Most modes of operation require an initialization vector as additional input. As long as the messages are encrypted or decrypted using such a mode of operation and have a size that is a multiple of a particular block size (mostly the cipher block size), the functions encrypting or decryption according to that mode of operation also compute an output vector that can be used as the initialization vector of a chained encryption or decryption operation in the same mode with the same block size and the same key.

Note that when decrypting a cipher text, the mode of operation, the key, the initialization vector (if applicable), and for ica_3des_cfb the lcfb value used for the decryption function must match the corresponding settings of the encryption function that was used to transform the plain text into the cipher text.

Use of TDES/3DES functions in FIPS mode

According to the NIST guidelines, all functions described in this topic are deprecated since 2019 and will be prohibited for use by US government employees and personnel after 2023. Starting with libica version 4.1, all TDES/3DES functions can no longer be used when running in FIPS mode (FIPS 140-2 or later).