Filter
Top Products
CCA Release 2.54
ANSI X3.106 Cipher Block Chaining (CBC) Method
ANSI standard X3.106 defines four modes of operation for ciphering. One of these
modes, Cipher Block Chaining (CBC), defines the basic method for ciphering
multiple eight-byte data strings. Figure D-3 and Figure D-4 on page D-8 show
Cipher Block Chaining using the Encipher and the Decipher verbs. A plaintext data
string that must be a multiple of eight bytes, is processed as a series of eight-byte
blocks. The ciphered result from processing an eight-byte block is exclusive-ORd
with the next block of eight input bytes. The last eight-byte ciphered result is
defined as an output chaining value (OCV). The security server stores the OCV in
bytes 0 through 7 of the chaining_vector variable.
An ICV is exclusive-ORd with the first block of eight bytes. When you call the
Encipher verb or the Decipher verb, specify the INITIAL or CONTINUE keywords.
If you specify the INITIAL keyword (the default), the initialization vector from the
verb parameter is exclusive-ORd with the first eight bytes of data. If you specify
the CONTINUE keyword, the OCV identified by the chaining_vector parameter is
exclusive-ORd with the first eight bytes of data.
ANSI X9.23
An enhancement to the basic Cipher Block Chaining mode of X3.106 is defined so
that the system can process data lengths that are not exact multiples of eight bytes.
The ANSI X9.23 method always adds from one byte to eight bytes to the plaintext
before encipherment. With these methods, the last added byte is the count of the
added bytes and is within the range of X'01' to X'08'. The other added padding
bytes are set to X'00'.
For other than the CBC method, when the security server deciphers the ciphertext,
the security server uses the last byte of the deciphered data as the number of
bytes to be removed (the pad bytes and the count byte). The resulting plaintext is
the same length as the original plaintext.
Appendix D. Algorithms and Processes D-7