ANSI standard X3.106 defines four methods of operation for ciphering. One of these modes, cipher block chaining (CBC), defines the basic method for performing ciphering on multiple blocks. A plaintext data string, which must be a multiple of the block size, is processed as a series of blocks. The ciphered result from processing a block is exclusive ORed with the next block. The last block of the ciphered result is defined as an output chaining vector (OCV). ICSF stores the output chaining vector value in the chaining_vector parameter.

An initial chaining vector is exclusive ORed with the first group of 8 input bytes.

In summary:

• An input chaining vector (ICV) is required.
• If the text_length is not an exact multiple of 8 bytes, the request fails.
• The plaintext is not padded, for example, the output text length is not increased.

ICSF provides an enhancement to CBC mode called ciphertext-stealing. This allows for a text length that is not a multiple of the block size. This is accomplished by manipulating the last two blocks in a certain way. The second to last block is encrypted in the normal manner, but then some of the bits are "stolen" and added to the last (partial) block. These bits can be recovered by decrypting the last block. This enhancement is currently proposed to NIST as Proposal To Extend CBC Mode By “Ciphertext Stealing", dated May 6, 2007.