56.4 Functional Description
The Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDES) specify FIPS-approved cryptographic algorithms that can be used to protect electronic data. TDES_MR.TDES is used to select either the single DES or the Triple DES mode.
Encryption (enciphering) converts data to an unintelligible form called ciphertext. Decrypting (deciphering) the ciphertext converts the data back into its original form, called plaintext. TDES_MR.CIPHER is used to choose between encryption and decryption.
A DES is capable of using cryptographic keys of 64 bits to encrypt and decrypt data in blocks of 64 bits. This 64-bit key is defined in the Key 1 registers (TDES_KEY1WRx or Private Key internal registers, only writable from the Private Key bus).
A TDES key consists of three DES keys, which is also referred to as a key bundle. These three 64-bit keys are defined, respectively, in the Key 1, 2 and 3 Registers (TDES_KEY1WRy, TDES_KEY2WRy and TDES_KEY3WRy or the Private Key internal registers). In Triple DES mode (TDESMOD = 1 in TDES_MR), TDES_MR.KEYMOD is used to choose between a two- and a three-key algorithm, as summarized in the table below.
Algorithm | Mode | Data Processing Sequence Steps | ||
---|---|---|---|---|
First | Second | Third | ||
Three-key | Encryption | Encryption with Key 1 | Decryption with Key 2 | Encryption with Key 3 |
Decryption | Decryption with Key 3 | Encryption with Key 2 | Decryption with Key 1 | |
Two-key | Encryption | Encryption with Key 1 | Decryption with Key 2 | Encryption with Key 1 |
Decryption | Decryption with Key 1 | Encryption with Key 2 | Decryption with Key 1 |
The input to the encryption processes of the CBC, CFB, and OFB modes includes, in addition to the plaintext, a 64-bit data block called the initialization vector (IV), which must be set in TDES_IVRx. The initialization vector is used in an initial step in the encryption of a message and in the corresponding decryption of the message.
The XTEA algorithm can be used instead of DES/TDES by configuring TDES_MR.TDESMOD with the appropriate value 0x2. An XTEA key consists of a 128-bit key. They are defined in the Key 1 and 2 Registers.
The number of rounds of XTEA is defined in TDES_XTEA_RNDR and can be programmed up to 64 (1 round = 2 Feistel network rounds).
All the start and operating modes of the TDES algorithm can be applied to the XTEA algorithm.