uint32_t Cipher(uint8_t* out, const uint8_t* in, uint32_t len, uint8_t mode, const uint8_t* key, const uint8_t* IV, bool inverse)
	Cipher_CTX ctx;
	CipherInit(&ctx, mode, key, IV);
	uint32_t ret = CipherUpdate(&ctx, out, in, len, inverse);
	ret += CipherFinal(&ctx, out, inverse);
	return ret;
VLT_STS CipherDoFinal( VLT_PU8 pDataIn, 
        VLT_U32 DataInLen, 
        VLT_U32 dataInCapacity, 
        VLT_PU8 pDataOut, 
        VLT_PU32 pDataOutLen, 
        VLT_U32 dataOutCapacity )
    VLT_STS status = VLT_FAIL;      

    if ( ( ST_UNKNOWN == cipherState ) ||
         ( ST_FINALISED == cipherState ) )

        return( ECPHDFNOTSUPPORTED );   

     * Ensure we haven't been passed
     * null pointers by the caller.
    if( ( NULL == pDataIn )||
        ( NULL == pDataOutLen ) ||
        ( NULL == pDataOut ) )
        return( ECPHUPDNULLPARAM );
     * Apply the padding if we have been called to
     * encrypt data.
    if( ( VLT_ENCRYPT_MODE == operationalMode ) && 
        ( PADDING_NONE != params.paddingScheme ) )
        status = PaddingAdd( params.paddingScheme, 
            dataInCapacity );
        status = VLT_OK;

     * Process the data, encrypt/decrypt
    if( VLT_OK == status )
        status = CipherUpdate( 
    if( VLT_OK == status )
        if( VLT_DECRYPT_MODE == operationalMode )
            status = PaddingRemove( params.paddingScheme, 
                pDataOutLen );

     * Set the appropriate cipher state;
    cipherState = ST_FINALISED;

    return( status );
VLT_STS SignerIso9797Update( VLT_PU8 pMessage, VLT_U32 messageLen, VLT_U32 messageCapacity )
    VLT_STS status = VLT_FAIL;
    VLT_U8 blockSize = 0;
    VLT_U32 byteCount = 0;
    VLT_U32 workingLen = 0;
    VLT_U8 workingBuffer[VLT_AES_CMAC_LENGTH];

    if ( ( ST_UNKNOWN == signerState ) ||
         ( ST_FINALISED == signerState ) )
        return( SIGNER_NOT_SETUP );

     * Ensure we haven't been passed
     * a null pointer by the caller.
    if ( NULL == pMessage )
        return( SIGNER_UPD_NULL_PARAMS );

     * Cache the block size, we'll use it 
     * frequently.
    blockSize = (VLT_U8)CipherGetBlockSize( );

     * For the SignerIso9797Update the capacity of
     * the buffer passed to us by the caller
     * should be equal or larger than that
     * of the data buffer length.
    if ( ( messageLen > messageCapacity ) ||
         ( messageLen < blockSize )      ||
         ( messageCapacity < blockSize ) )
        return( SIGNER_UPD_INVALID_CAP );

     * Update only deals with data lengths
     * multiple of the block size, if the 
     * client has passed us anything else 
     * other than that then we should exit
     * gracefully-ish!
    if( 0 != ( messageLen % blockSize ) )
        return( SIGNER_UPD_NON_MUL_BLK_SZ );

    while( 0 != ( messageLen - byteCount ) )
         * Right, the cipher requires the output buffer
         * to be as big as the message buffer, which 
         * this method has no control over, so the signer
         * will send BLOCK_SIZED chunks to the cipher
         * and discard the answer for each block
         * until the last block in do final is processed.
        * No need to check the return type as pointer has been validated
        (void)host_memcpy(&workingBuffer[0], &pMessage[byteCount], blockSize);

        if( VLT_OK == ( status = CipherUpdate(
            NELEMS(workingBuffer)) ) )
             * It should be impossible for the cipher 
             * to return a length not equal to 
             * the blockSize, nevertheless if it does
             * exit with an appropriate error code.
            if( workingLen != blockSize )
                return( SIGNER_UPD_INVALID_BLOCK );
            return( status );
        byteCount += blockSize;

     * Setup the IV in the IV buffer if the 
     * do final is called with a message 
     * shorter or equal to the block size.
     * In this case the cipher will be re-
     * initalized with a new algorithm.
    * No need to check the return type as pointer has been validated
    (void)host_memcpy(&aIv[0], &workingBuffer[0], params.ivSize);

    return( VLT_OK );
VLT_STS SignerIso9797DoFinal(
    VLT_PU8 pMessage, 
    VLT_U32 messageLen, 
    VLT_U32 messageCapacity, 
    VLT_PU8 pMac, 
    VLT_PU32 pMacLen, 
    VLT_U32 macCapacity )
    VLT_STS status = VLT_FAIL;  
    VLT_U8 blockSize = 0;
    VLT_U32 byteCount = 0;
    VLT_U32 workingLen = 0;
    VLT_U8 paddingPerformed = VLT_PAD_NOT_DONE;
    VLT_PU8 pMessageIt = &pMessage[byteCount];
    VLT_U8 hasGrownByBlockSize = FALSE;
     * With padding the final block can be double the 
     * block size, so double the size of the buffer. 
    VLT_U8 workingBuffer[VLT_AES_CMAC_LENGTH * 2]; 


    if ( ( ST_UNKNOWN == signerState ) ||
         ( ST_FINALISED == signerState ) )

        return( SIGNER_NOT_SETUP ); 

     * Ensure we haven't been passed
     * a null pointer by the caller.
    if ( ( NULL == pMessage ) ||
         ( NULL == pMac )     ||
         ( NULL == pMacLen ) )
        return( SIGNER_DOF_NULL_PARAMS );

     * Cache the block size, we'll use it 
     * frequently.
    workingLen = blockSize = (VLT_U8)CipherGetBlockSize( );

     * For the SignerIso9797Update the capacity of
     * the buffer passed to us by the caller
     * should be equal or larger than that
     * of the data buffer length.
    if ( ( messageLen > messageCapacity ) ||
         ( messageLen == 0 )              ||
         ( blockSize > macCapacity) )
        return( SIGNER_DOF_INVALID_CAP );

    if ( ( blockCounter == 0 )      &&
         ( messageLen < blockSize ) &&
         ( params.paddingScheme == PADDING_NONE ) )
         * Can not process an empty do final 
         * with no padding.
        return ( SIGNER_EMPT_DOFIN_NPAD );

    while( 0 != ( messageLen - byteCount ) )
         * The cipher requires the output buffer
         * to be as big as the message buffer, which 
         * this method has no control over, so the signer
         * will send BLOCK_SIZED chunks to the cipher
         * and discard the answer for each block
         * until the last block in do final is processed.
        if ( ( messageLen - byteCount ) <= blockSize )
            if ( messageLen > blockSize )
                 * Copy the last block, to setup the IV for the next if 
                 * MAC algo 1 is being used.
                * No need to check the return type as pointer has been validated
                (void)host_memcpy( &aIv[0], &workingBuffer[0], blockSize );
             * Check if Padding is needed
            if ( ( PADDING_NONE != params.paddingScheme ) &&
                 ( VLT_PAD_DONE != paddingPerformed ) )
                 * Working in a small internal buffer so
                 * the current count (byteCount) has to be 
                 * removed from the message size to ensure
                 * the correct sizes are passed to padding
                 * to ensure padding thinks there is enough
                 * room in the working buffer.  The working
                 * length is left so the correct number of 
                 * remaining bytes are copied.
                messageLen = workingLen = messageLen - byteCount;
                if ( VLT_OK != ( status = PaddingAdd( 
                    &messageLen, /* Used because of the copying blockSize bytes at a time. */
                    NELEMS(workingBuffer) ) ) )
                    return ( status );
                 * Add the padding length onto the message.
                messageLen += byteCount;

                paddingPerformed = VLT_PAD_DONE;

             * Padding can make the remaining bytes double
             * and result in two blocks remaining to be signed
             * Re-test the message length and take different 
             * action if the message length has grown such 
             * another block is required.
            if ( ( messageLen - byteCount ) <= blockSize )
                signerState = ST_FINALISED;

                 * Get the cipher to perform a different 
                 * action on do final.  Mac Alg3 switchs from DES to
                 * TDES on the do final, and AES_CMAC can use one of
                 * two different session keys on final!
                DoFinalSetup ( aIv, blockSize );

                if ( ( VLT_PAD_DONE == paddingPerformed ) &&
                     ( hasGrownByBlockSize ) )
                    * Setup the the latst block copy from the end 
                    * of the buffer to the start, no needed
                    * but simpler than more logic later.
                    pMessageIt = &workingBuffer[blockSize];
                 * Padding has added block size
                 * more bytes so another round 
                 * is required.
                 hasGrownByBlockSize = TRUE;
        * No need to check the return type as pointer has been validated
        (void)host_memcpy(&workingBuffer[0], pMessageIt, workingLen);

        if ( ST_FINALISED != signerState )
            if( VLT_OK == ( status = CipherUpdate(
                NELEMS(workingBuffer)) ) )
                 * It is possible for the cipher 
                 * to return a length twice 
                 * the blockSize, or the blockSize, 
                 * if it is any other value exit 
                 * with an appropriate error code.
                if ( ( workingLen != blockSize ) &&
                     ( workingLen != ( blockSize * 2 ) ) )
                    return( SIGNER_UPD_INVALID_BLOCK );
                return( status );
        else if ( ST_FINALISED == signerState )
            if( VLT_OK == ( status = CipherDoFinal(
                NELEMS(workingBuffer)) ) )
                 * It is possible for the cipher 
                 * to return a length twice 
                 * the blockSize, or the blockSize, 
                 * if it is any other value exit 
                 * with an appropriate error code.
                if ( ( workingLen != blockSize ) &&
                     ( workingLen != ( blockSize * 2 ) ) )
                    return( SIGNER_UPD_INVALID_BLOCK );
                return( status );
            if ( workingLen == ( blockSize * 2 ) )
                workingLen = blockSize;
                workingLen = 0;
             * Take a block sized chunk and 
             * copy it into the output buffer.
            * No need to check the return type as pointer has been validated
            (void)host_memcpy(pMac, &workingBuffer[workingLen], blockSize);
             * Set the length of the Mac
            *pMacLen = blockSize;

         * Add block size to the byte count and 
         * increment the message ptr by block size.
        byteCount += blockSize;
        pMessageIt += blockSize;
    return ( VLT_OK );
VLT_STS VltUnwrapKey( VLT_U8 u8KeyGroup,
    VLT_U8 u8KeyIndex,
    const VLT_FILE_PRIVILEGES *pKeyFilePrivileges,
    const VLT_KEY_OBJ_RAW* pKeyObj )
    VLT_STS status = VLT_FAIL;
    * Check the validity of the input parameters
    if( ( NULL == pKeyFilePrivileges ) || 
        ( NULL == pKeyObj ) || 
        ( NULL == pKeyObj->pu16ClearKeyObjectLen ) || 
        ( NULL == pKeyObj->pu8KeyObject ) )
        return( EKWWKNULLPARAM );

    * Check that the key wrapping has been initialised
    if( ST_UNINIT == keyWrappingState )
        return ( EKWWKUNINIT );

    * Check if a Secure channel is enabled.  If it is, don't allow the wrap
    if( VLT_OK == VltScpGetState( &u8SecChnlState ) )
        if( u8SecChnlState == VLT_USER_AUTHENTICATED )
            status = EKWWKSCPENBLD;
            status = VLT_OK;
        * As Secure Channel hasn't been enabled the wrap call can proceed
        status = VLT_OK;

    if( VLT_OK == status )
        * Initialise the Cipher
        status = CipherInit( VLT_ENCRYPT_MODE,
            (VLT_PU8)&theWrapParams );

        if( VLT_OK == status )
            * The cipher was initialised correctly so update the state
            keyWrappingState = ST_CIPHER_INIT;

    if( ( VLT_OK == status ) && ( WRAP_MODE != keyWrappingMode ) )
        * Call Initialize Algorithm on the VaultIC to set it up to unwrap the
        * wrapped key we are about to send down. Only do this if it hasn't 
        * already been called
        VLT_ALGO_PARAMS algorithm;

        algorithm.u8AlgoID = theWrapParams.algoID;
        algorithm.data.SymCipher.u8Padding = theWrapParams.paddingScheme;
        algorithm.data.SymCipher.u8Mode = theWrapParams.chainMode;

		if (theWrapParams.pIV != NULL)
        * No need to check the return type as pointer has been validated
        (void)host_memcpy( &(algorithm.data.SymCipher.u8Iv[0]),
            CipherGetBlockSize() );

        algorithm.data.SymCipher.u8IvLength = (VLT_U8)CipherGetBlockSize();
			 algorithm.data.SymCipher.u8IvLength = 0;

        status = VltInitializeAlgorithm( u8CachedKTSKeyGroup, 
            &algorithm );

        if( VLT_OK == status )
            * Update the mode to wrap
            keyWrappingMode = WRAP_MODE;

    if( VLT_OK == status )
        VLT_U16 u16Remaining = 
                VLT_PUTKEY_FIXED_DATA_LENGTH + *pKeyObj->pu16ClearKeyObjectLen;
        VLT_U16 u16KeyBytesRemaining = *(pKeyObj->pu16ClearKeyObjectLen);
        VLT_U16 u16MaxChunk = VltCommsGetMaxSendSize();
        VLT_U16 u16Offset = 0;

        while( 0 != u16Remaining )
            VLT_SW Sw = VLT_STATUS_NONE;
            VLT_U16 u16Avail = 0;
            VLT_U16 u16PartialKeyLen = 0;
            VLT_U32 u32CipherDataLen = 0;
            VLT_U8 u8Final = 0;

            * Set index at the start of the data portion of the buffer
            idx = VLT_APDU_DATA_OFFSET;

            * Build the data in
            if( 0 == u16Offset )
                * Add the Key Priviliges 
                Command.pu8Data[idx++] = pKeyFilePrivileges->u8Read;
                Command.pu8Data[idx++] = pKeyFilePrivileges->u8Write;
                Command.pu8Data[idx++] = pKeyFilePrivileges->u8Delete;
                Command.pu8Data[idx++] = pKeyFilePrivileges->u8Execute;

                * Add the Key Length
                Command.pu8Data[idx++] = 
                    (VLT_U8)( (*pKeyObj->pu16ClearKeyObjectLen >> 8 ) & 0xFF );

                Command.pu8Data[idx++] = 
                    (VLT_U8)( (*pKeyObj->pu16ClearKeyObjectLen >> 0 ) & 0xFF );

            u16Avail = NumBufferBytesAvail( u16MaxChunk, idx );

            if(u16KeyBytesRemaining > u16Avail)
                * There is more key data remaining than can be transferred
                * in one transaction
                u16PartialKeyLen = ( u16Avail / CipherGetBlockSize() )
                    * CipherGetBlockSize();
                * The remaining data might all be able to be transferred in
                * one transaction
                if( u16Avail >= (u16KeyBytesRemaining + CipherGetBlockSize() ) )
                    u16PartialKeyLen = u16KeyBytesRemaining;

                    * Flag that this will be the final block to be encrypted
                    u8Final = 1;
                    u16PartialKeyLen = 
                        u16KeyBytesRemaining - CipherGetBlockSize();

            * Copy the number of bytes of the partial key into the buffer
            * No need to check the return type as pointer has been validated
            (void)host_memcpy( &(Command.pu8Data[idx]),
                &( (pKeyObj->pu8KeyObject[u16Offset]) ), 
                u16PartialKeyLen  );

            * Now encrypt the data in the buffer
            if( 1 == u8Final )
                status = CipherDoFinal( &(Command.pu8Data[idx]), 
                    Command.u16Capacity - VLT_APDU_DATA_OFFSET, 
                    Command.u16Capacity - VLT_APDU_DATA_OFFSET );
                status = CipherUpdate( &(Command.pu8Data[idx]), 
                    Command.u16Capacity - VLT_APDU_DATA_OFFSET, 
                    Command.u16Capacity - VLT_APDU_DATA_OFFSET );

            if( VLT_OK == status )
                * Update the index to reflect the data that has just been added
                idx += (VLT_U16)u32CipherDataLen;

                * Subtract the number of key bytes that have just been added to
                * the buffer from the number of key bytes remaining to be sent
                u16KeyBytesRemaining -= u16PartialKeyLen;

                * Decrement the remaining number of bytes to be sent.
                if( 0 == u16Offset )
                    * The first time the File Privileges and the length are
                    * included so include them plus the partial key length
                    * which won't incude any padding bytes if some have been
                    * added
                    u16Remaining -= 
                        ( VLT_PUTKEY_FIXED_DATA_LENGTH - NUM_CRC_BYTES ) +
                    * Subtract the partial key length that was added to
                    * the buffer
                    u16Remaining -= u16PartialKeyLen;

                * Update the offset into the key
                u16Offset += u16PartialKeyLen;

                * We need two bytes free in the buffer for the wCRC field.
                if( ( NUM_CRC_BYTES == u16Remaining ) &&
                    ( NumBufferBytesAvail( u16MaxChunk, idx ) >= NUM_CRC_BYTES ) )
                    Command.pu8Data[idx++] = 
                        (VLT_U8)( ( pKeyObj->u16Crc >> 8 ) & 0xFF );

                    Command.pu8Data[idx++] = 
                        (VLT_U8)( (pKeyObj->u16Crc >> 0 ) & 0xFF );

                    u16Remaining -= NUM_CRC_BYTES;
uint32_t DecryptUpdate(Decrypt_CTX* ctx, uint8_t* out, const uint8_t* in, uint32_t len)
	return CipherUpdate(ctx, out, in, len, true);
uint32_t EncryptUpdate(Encrypt_CTX* ctx, uint8_t* out, const uint8_t* in, uint32_t len)
	return CipherUpdate(ctx, out, in, len, false);