naoki 1.0.1-x86-linux

data/ext/icapi.h

@@ -0,0 +1,1187 @@
+/*
+ * @(#)icapi.h	1.79   10/03/10 05:58:06 SafeNet, Inc.
+ *
+ * Copyright (c) 2003-2009 SafeNet, Inc.
+ *
+ * Ingrian/SafeNet Crypto API (ICAPI)
+ *
+ */
+
+#ifndef IngrianICAPI
+#define IngrianICAPI
+
+#define ARCH 32
+/* Identifier naming:
+ *
+ * I_C_ denotes function
+ * I_O_ denotes opaque object
+ * I_T_ denotes type or enum value
+ * I_E_ denotes enum value for error code
+ */
+
+
+#define ICAPI_VERSION 1.0.0
+
+
+#include "icapierr.h"
+
+#include <sys/types.h>
+
+
+typedef unsigned char     I_T_BYTE;
+typedef char              I_T_CHAR;
+typedef const char *      I_T_PCCHAR;
+
+/* I_T_INT is supposed to be a 32-bit int */
+#if ARCH == 32
+typedef long int          I_T_INT;
+typedef unsigned long int I_T_UINT;
+#elif ARCH == 64
+typedef int               I_T_INT;
+typedef unsigned int      I_T_UINT;
+#else
+#error "ARCH neither 32 nor 64!"
+#endif
+
+/* The function return type */
+typedef I_T_INT           I_T_RETURN;
+
+/* The boolean type and values */
+typedef I_T_UINT          I_T_BOOL;
+#define I_T_TRUE          1
+#define I_T_FALSE         0
+const I_T_UINT I_T_MAX_BULK_DATA_SIZE = 100;
+
+#ifdef WIN32
+#define FUNCEXP __declspec(dllexport)
+#else
+#define FUNCEXP
+#endif
+
+
+
+/* Permission masks may be OR'd together to define the complete permissions
+ * to be granted to groups for using keys.
+ */
+enum I_T_PermissionMaskEnum
+{
+    I_T_Permission_Encrypt = 0x1,
+    I_T_Permission_Decrypt = 0x2,
+    I_T_Permission_Sign = 0x4,
+    I_T_Permission_SignV = 0x8,
+    I_T_Permission_MAC = 0x10,
+    I_T_Permission_MACV = 0x20,
+    I_T_Permission_UsePrivate = 0x40,
+    I_T_Permission_UsePublic = 0x80,
+    I_T_Permission_Export = 0x100
+};
+
+
+/* Opaque objects are typedef'd to pointers to structs in order to provide
+ * type safety.
+ */
+
+/* An opaque object representing a list of group permissions for a key */
+typedef struct _O_GroupList * I_O_GroupList;
+
+/* An opaque object representing a reusable algorithm specification */
+typedef struct _O_CipherSpec * I_O_CipherSpec;
+
+/* An opaque object representing a given encryption operation */
+typedef struct _O_CipherState * I_O_CipherState;
+
+/* An opaque object representing a session belonging to a single user */
+typedef struct _O_Session * I_O_Session;
+
+/* An opaque object representing key information */
+typedef struct _O_KeyInfo * I_O_KeyInfo;
+
+/* An opaque object representing an attribute list */
+typedef struct _O_AttributeList * I_O_AttributeList;
+
+/* Cryptographic operation types */
+typedef enum I_T_OperationEnum
+{
+    I_T_Operation_Encrypt = 0,
+    I_T_Operation_Decrypt = 1,
+    I_T_Operation_PublicEncrypt = 2,
+    I_T_Operation_PrivateDecrypt = 5,
+    I_T_Operation_MAC = 7,
+    I_T_Operation_MACV = 8,
+    I_T_Operation_Sign = 9,
+    I_T_Operation_SignV = 10
+} I_T_Operation;
+
+#define I_T_LNG_ALG_DES_ECB_PKCS5PADDING         "DES/ECB/PKCS5Padding"
+#define I_T_LNG_ALG_DES_ECB_NOPADDING            "DES/ECB/NoPadding"
+#define I_T_LNG_ALG_DES_CBC_PKCS5PADDING         "DES/CBC/PKCS5Padding"
+#define I_T_LNG_ALG_DES_CBC_NOPADDING            "DES/CBC/NoPadding"
+#define I_T_LNG_ALG_DES_EDE_ECB_PKCS5PADDING     "DESede/ECB/PKCS5Padding"
+#define I_T_LNG_ALG_DES_EDE_ECB_NOPADDING        "DESede/ECB/NoPadding"
+#define I_T_LNG_ALG_DES_EDE_CBC_PKCS5PADDING     "DESede/CBC/PKCS5Padding"
+#define I_T_LNG_ALG_DES_EDE_CBC_NOPADDING        "DESede/CBC/NoPadding"
+#define I_T_LNG_ALG_AES_ECB_PKCS5PADDING         "AES/ECB/PKCS5Padding"
+#define I_T_LNG_ALG_AES_ECB_NOPADDING            "AES/ECB/NoPadding"
+#define I_T_LNG_ALG_AES_CBC_PKCS5PADDING         "AES/CBC/PKCS5Padding"
+#define I_T_LNG_ALG_AES_CBC_NOPADDING            "AES/CBC/NoPadding"
+#define I_T_LNG_ALG_HMACSHA1                     "HmacSHA1"
+#define I_T_LNG_ALG_HMACSHA256                   "HmacSHA256"
+#define I_T_LNG_ALG_HMACSHA384                   "HmacSHA384"
+#define I_T_LNG_ALG_HMACSHA512                   "HmacSHA512"
+#define I_T_LNG_ALG_RSA                          "RSA"
+#define I_T_LNG_ALG_SHA1WITHRSA                  "SHA1withRSA"
+#define I_T_LNG_ALG_SHA256WITHRSA                "SHA256withRSA"
+#define I_T_LNG_ALG_SHA384WITHRSA                "SHA384withRSA"
+#define I_T_LNG_ALG_SHA512WITHRSA                "SHA512withRSA"
+#define I_T_LNG_ALG_RC4                          "RC4"
+#define I_T_LNG_ALG_SEED                         "SEED"
+
+/* Initialize the library by configuration (properties) file or environment
+ * variable that points to a configuration file
+ */
+typedef enum I_T_InitializationSourceEnum
+{
+    I_T_Init_File = 0,
+    I_T_Init_Environment = 1
+} I_T_InitializationSource;
+
+
+/* For bulk operations, specifies whether to use an IV per data element or
+ * a single IV for all data elements.
+ */
+typedef enum I_T_IVTypeEnum
+{
+    I_T_IV_PerElement = 0,
+    I_T_IV_Single = 1,
+    I_T_IV_None = 2
+} I_T_IVType;
+
+
+/* Session authentication types */
+typedef enum I_T_AuthTypeEnum
+{
+    I_T_Auth_Password = 0
+} I_T_AuthType;
+
+
+/* Create and modify the state of versioned keys.
+ */
+typedef enum I_T_KeyParameterTypeEnum
+{
+    I_T_KeyLifecycleState = 0,
+    I_T_KeyVersion = 1
+} I_T_KeyParameterType;
+
+
+typedef enum I_T_KeyParameterValueEnum
+{
+    I_T_KeyParameter_State_Active = 0,
+    I_T_KeyParameter_State_Restricted = 10,
+    I_T_KeyParameter_State_Retired = 20,
+    I_T_KeyParameter_Version_Increment = 100
+} I_T_KeyParameterValue;
+
+
+typedef enum I_T_ExportFormatEnum 
+{
+  I_T_ExportFormat_PEM_PKCS1_CERT_ONLY,
+  I_T_ExportFormat_PEM_PKCS1,
+  I_T_ExportFormat_PEM_PKCS8,
+  I_T_ExportFormat_PKCS12
+} I_T_ExportFormat;
+
+/* Supported key wrapping formats for exporting symmetric key */
+typedef enum I_T_KeyWrapFormatEnum
+{
+  I_T_ExportKeyWrapFormat_NONE = 0,
+  I_T_ExportKeyWrapFormat_RAW_PKCS1v15 = 1
+} I_T_KeyWrapFormat;
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+
+/*! Initialize the library
+ *
+ * \param source
+ *        The source of the initialization information -- either
+ *        Init_File or Init_Environment.
+ * \param path
+ *        The path to the properties file for Init_File, or the
+ *        environment variable to read to obtain the location of the path
+ *        for Init_Environment.
+ */
+I_T_RETURN FUNCEXP
+I_C_Initialize(I_T_InitializationSource source,
+               const I_T_CHAR *         path);
+
+
+/*! Close the library
+ */
+I_T_RETURN FUNCEXP
+I_C_Fini(void);
+
+
+/*! Open a new session
+ *
+ * \param session
+ *        A pointer to a new session object to be returned.
+ * \param authType
+ *        The session authentication type.
+ * \param username
+ *        The username for the session.
+ * \param authToken
+ *        The user's authentication information (i.e., password).
+ */
+I_T_RETURN FUNCEXP
+I_C_OpenSession(I_O_Session *    session,
+                I_T_AuthType     authType,
+                const I_T_CHAR * username,
+                const I_T_CHAR * authToken);
+
+
+/*! Open a new session with a persistent cache passphrase
+ *
+ * \param session
+ *        A pointer to a new session object to be returned.
+ * \param authType
+ *        The session authentication type.
+ * \param username
+ *        The username for the session.
+ * \param authToken
+ *        The user's authentication information (i.e., password).
+ * \param passphrase
+ *        A pointer to the passphrase
+ * \param passphraseLength
+ *        The length of the passphrase 
+ */
+I_T_RETURN FUNCEXP
+I_C_OpenSessionPersistentCachePassphrase(I_O_Session *    session,
+                                         I_T_AuthType     authType,
+                                         const I_T_CHAR * username,
+                                         const I_T_CHAR * authToken,
+                                         const I_T_BYTE * passphrase, 
+                                         const I_T_UINT   passphraseLength);
+
+/*!Passphrase callback.
+* \param Session	: The current session.
+* \param passphrase	: Buffer area to copy passphrase into.
+* \param passphrase_len : Size of buffer allocated. Put passphrase length here.
+*/
+typedef int (*I_C_PersistentCacheCallback)(I_O_Session session,
+                                           unsigned char * const passphrase,
+                                           unsigned int * const passphrase_len);
+
+/*! Open a new session supplying a persistent cache callback function.
+ *
+ * \param session
+ *        A pointer to a new session object to be returned.
+ * \param authType
+ *        The session authentication type.
+ * \param username
+ *        The username for the session.
+ * \param authToken
+ *        The user's authentication information (i.e., password).
+ * \param callbackFunction
+ *        A callback function to be called for perisistent cache access.
+ */
+I_T_RETURN FUNCEXP
+I_C_OpenSessionPersistentCacheCallback(I_O_Session *    session,
+                                       I_T_AuthType     authType,
+                                       const I_T_CHAR * username,
+                                       const I_T_CHAR * authToken,
+                                       I_C_PersistentCacheCallback callbackFunction);
+
+/*! Close a session
+ *
+ * \param session  The session to close.
+ */
+I_T_RETURN FUNCEXP
+I_C_CloseSession(I_O_Session session);
+
+
+/*! Get the most recent error code for a session
+ *
+ * \param session    The session.
+ * \param errorCode  A pointer to the returned error code.
+ */
+I_T_RETURN FUNCEXP
+I_C_GetLastError(I_O_Session  session,
+                 I_T_RETURN * errorCode);
+
+
+/*! Get an error message string corresponding to an error code
+ *
+ * Returns the error string or NULL if the error code is invalid.
+ *
+ * \param errorCode  The error code to retrieve the string for.
+ */
+I_T_PCCHAR FUNCEXP
+I_C_GetErrorString(I_T_RETURN errorCode);
+
+
+/*! Create a CipherSpec object
+ *
+ * A CipherSpec defines an algorithm and key.  It may be reused in multiple
+ * crypto operations and may be used in more than one operation at a time.
+ *
+ * \param longAlgorithmName
+ *        A full algorithm specification, such as "AES/CBC/PKCS5Padding".
+ * \param keyName
+ *        The key name.
+ * \param cipher
+ *        A pointer to an I_O_CipherSpec to hold the returned object.
+ */
+I_T_RETURN FUNCEXP
+I_C_CreateCipherSpec(const I_T_CHAR * longAlgorithmName,
+                     const I_T_CHAR * keyName,
+                     I_O_CipherSpec * cipher);
+
+
+/*! Delete a CipherSpec object
+ *
+ * \param cipher  The object to delete.
+ */
+I_T_RETURN FUNCEXP
+I_C_DeleteCipherSpec(I_O_CipherSpec cipher);
+
+/*! Get the size the output will be when operated using a given cipher
+ *
+ * \param cipher          The cipher spec.
+ * \param operation       The operation that will be performed.
+ * \param inputSize       The size of the plaintext in bytes.
+ * \param outputSize      The returned ciphertext size in bytes.
+ */
+I_T_RETURN FUNCEXP I_C_CalculateOutputSize(I_O_CipherSpec cipher, 
+	                                       I_T_Operation operation,
+                                           I_T_UINT inputSize, 
+                                           I_T_UINT * outputSize);
+
+/*! Get the size the output will be when operated using a given cipher. This function
+ *  supports Versioned keys.
+ *
+ * \param session         The session.
+ * \param cipher          The cipher spec.
+ * \param operation       The operation that will be performed.
+ * \param inputSize       The size of the plaintext in bytes.
+ * \param outputSize      The returned ciphertext size in bytes.
+ */
+I_T_RETURN FUNCEXP I_C_CalculateOutputSizeForKey(I_O_Session session,
+                                           I_O_CipherSpec cipher, 
+	                                       I_T_Operation operation,
+                                           I_T_UINT inputSize, 
+                                           I_T_UINT * outputSize);
+
+
+/*! Get the block size of a cipher
+ *
+ * \param cipher     The cipher spec.
+ * \param blockSize  The returned cipher block size in bytes.
+ */
+I_T_RETURN FUNCEXP
+I_C_GetCipherBlockSize(I_O_CipherSpec cipher,
+                       I_T_UINT *     blockSize);
+
+
+/*! Create a KeyInfo object
+ *
+ * \param shortAlgorithmName
+ *        A cryptographic algorithm name, such as "AES" or "DES".
+ * \param keySizeInBits
+ *        The key size in bits.  Use 168 for triple DES.
+ * \param exportable
+ *        If true, allows the key to be exported (from a non-FIPS appliance).
+ * \param deletable
+ *        If true, allows the key to be deleted.
+ * \param keyInfo
+ *        A pointer to an I_O_KeyInfo to hold the returned object.
+ */
+I_T_RETURN FUNCEXP
+I_C_CreateKeyInfo(const I_T_CHAR * shortAlgorithmName,
+                  I_T_UINT         keySizeInBits,
+                  I_T_BOOL         exportable,
+                  I_T_BOOL         deletable,
+                  I_O_KeyInfo *    keyInfo);
+
+
+/*! Delete a KeyInfo object
+ *
+ * \param keyInfo  The object to delete.
+ */
+I_T_RETURN FUNCEXP
+I_C_DeleteKeyInfo(I_O_KeyInfo keyInfo);
+
+
+/*! Create a GroupList object
+ *
+ * A GroupList is a list of user groups and their associated permissions,
+ * which allow access to key operations.
+ *
+ * \param groupList
+ *        A pointer to an I_O_GroupList to hold the returned object.
+ */
+I_T_RETURN FUNCEXP
+I_C_CreateGroupListObject(I_O_GroupList * groupList);
+
+
+/*! Add a group to a GroupList
+ *
+ * \param groupList
+ *        The GroupList in which to add the group.
+ * \param groupName
+ *        The name of the group.
+ * \param permissionMask
+ *        The permissions for the group, such as
+ *        I_T_Permission_Encrypt|I_T_Permission_Decrypt.
+ */
+I_T_RETURN FUNCEXP
+I_C_AddGroupToObject(I_O_GroupList    groupList,
+                     const I_T_CHAR * groupName,
+                     I_T_UINT         permissionMask);
+
+
+/*! Delete a GroupList object
+ *
+ * \param groupList  The object to delete.
+ */
+I_T_RETURN FUNCEXP
+I_C_DeleteGroupListObject(I_O_GroupList groupList);
+
+
+/*! Create a key.
+ * 
+ * To create a versioned key, append a # to the end of the keyName parameter.
+ * This feature is for versions of the NAE server that support versioned keys.
+ *
+ * \param session    The session.
+ * \param keyName    The name for the new key.
+ * \param keyInfo    A KeyInfo object (see I_C_CreateKeyInfo()).
+ * \param groupList  A GroupList object (see I_C_CreateGroupListObject()).
+ */
+I_T_RETURN FUNCEXP
+I_C_CreateKey(I_O_Session      session,
+              const I_T_CHAR * keyName,
+              I_O_KeyInfo      keyInfo,
+              I_O_GroupList    groupList);
+
+
+/*! Destroy a key on the cluster of servers
+ *
+ * \param session
+ *        The session.
+ * \param keyName
+ *        The name of the key to irretrievably destroy, obliterating its
+ *        bits from the universe forever.
+ */
+I_T_RETURN FUNCEXP
+I_C_DestroyKey(I_O_Session      session,
+               const I_T_CHAR * keyName);
+
+
+/*! Export the public portion of an RSA key pair
+ *
+ * \param session   The session.
+ * \param keyName   The name of the RSA key to export.
+ * \param keyBytes  A pointer to the returned RSA public key.
+ *                  The memory pointed to is allocated
+ *                  by this function. The function I_C_Free() 
+ *                  should be used to deallocate the memory.
+ */
+I_T_RETURN FUNCEXP
+I_C_ExportPublicKey(I_O_Session      session,
+                    const I_T_CHAR * keyName,
+                    I_T_CHAR **      keyBytes);
+
+
+/* Synchronous Crypto APIs */
+
+/*! Generate random bytes
+ *
+ * \param session       The session.
+ * \param randomLength  The number of random bytes to be returned.
+ * \param outData       A buffer to hold returned bytes.
+ */
+I_T_RETURN FUNCEXP
+I_C_Random(I_O_Session session,
+           I_T_UINT    randomLength,
+           I_T_BYTE *  outData);
+
+
+/*! Encrypt data in a single chunk
+ *
+ * Use I_C_Crypt() to encrypt complete chunks of data less than 3K bytes
+ * when you want the results immediately.  I_C_Crypt() blocks while
+ * waiting for the results.
+ *
+ * \param session     The session.
+ * \param cipher      The cipher spec.
+ * \param operation   The crypto operation to perform.
+ * \param iv          The initialization vector for CBC mode block ciphers.
+ * \param ivLen       The length of the IV.
+ * \param inData      The data to encrypt or decrypt.
+ * \param inDataLen   The length of the input data.
+ * \param outData     A buffer to hold the output data.
+ * \param outDataLen  In: The length of outData.
+ *                    Out: The number of bytes returned.
+ */
+I_T_RETURN FUNCEXP
+I_C_Crypt(I_O_Session      session,
+          I_O_CipherSpec   cipher,
+          I_T_Operation    operation,
+          const I_T_BYTE * iv,
+          I_T_UINT         ivLen,
+          const I_T_BYTE * inData,
+          I_T_UINT         inDataLen,
+          I_T_BYTE *       outData,
+          I_T_UINT *       outDataLen);
+
+
+/*! Encrypt data with all active versions of a key
+ *
+ * Use I_C_CryptAllVersions() to encrypt complete chunks of data less than 3K
+ * bytes when you want the results immediately.  I_C_CryptAllVersions() blocks
+ * while waiting for the results.
+ *
+ * \param session     The session.
+ * \param cipher      The cipher spec.
+ * \param operation   The crypto operation to perform (encrypt only).
+ * \param numOps      The number of elements in output data buffer.
+ * \param iv          The initialization vector for CBC mode block ciphers.
+ * \param ivLen       The length of the IV.
+ * \param inData      The data to encrypt or decrypt.
+ * \param inDataLen   The length of the input data.
+ * \param outData     A buffer to hold the output data.
+ * \param outDataLen  In: The length of outData.
+ *                    Out: The number of bytes returned.
+ * 
+ * To determine the value of numOps (i.e., the number of active versioned keys)
+ * if unknown to the programmer, call I_C_CryptAllVersions with numOps == 0,
+ * iv, inData, outData, and outDataLen == NULL, and inDataLen == 0.  On return,
+ * *numOps will have the number of active keys.
+ */
+I_T_RETURN FUNCEXP
+I_C_CryptAllVersions(I_O_Session           session,
+                     I_O_CipherSpec        cipher,
+                     I_T_Operation         operation,
+                     I_T_UINT*             numOps,
+                     const I_T_BYTE*       iv,
+                     I_T_UINT              ivLen,
+                     const I_T_BYTE*       inData,
+                     I_T_UINT              inDataLen,
+                     I_T_BYTE**            outData,
+                     I_T_UINT*             outDataLen);
+
+/*! Encrypt data in multiple chunks
+ *
+ * Use the Init/Update/Final interface (multiple updates are OK) when you
+ * want results back from part of your crypto operation before you have
+ * all the data ready, or if your data is larger than I_C_Crypt() will
+ * allow.  I_C_CryptUpdate() and I_C_CryptFinal() block while waiting for
+ * the results.
+ */
+I_T_RETURN FUNCEXP
+I_C_CryptInit(I_O_Session       session,
+              I_O_CipherSpec    cipher,
+              I_T_Operation     operation,
+              const I_T_BYTE *  iv,
+              I_T_UINT          ivLen,
+              I_O_CipherState * state);
+
+
+I_T_RETURN FUNCEXP
+I_C_CryptUpdate(I_O_Session      session,
+                I_O_CipherState  state,
+                const I_T_BYTE * inData,
+                I_T_UINT         inDataLen,
+                I_T_BYTE *       outData,
+                I_T_UINT *       outDataLen);
+
+
+I_T_RETURN FUNCEXP
+I_C_CryptFinal(I_O_Session     session,
+               I_O_CipherState state,
+               I_T_BYTE *      outData,
+               I_T_UINT *      outDataLen);
+
+
+/*! Encrypt an array of data elements
+ *
+ * Use the Bulk interface to operate on a large array of data elements
+ * using the same key.  Bulk is optimized for high throughput where
+ * latency is not a priority.  If the ivFlag is I_T_IV_PerElement, then
+ * there should be the same number of IVs as the number of inData
+ * elements.  If the ivFlag is I_T_IV_Single, then there should be one IV.
+ */
+I_T_RETURN FUNCEXP
+I_C_CryptBulk(I_O_Session       session,
+              I_O_CipherSpec    cipher,
+              I_T_Operation     operation,
+              I_T_UINT          numOps,
+              I_T_IVType        ivFlag,
+              const I_T_BYTE ** ivs,
+              I_T_UINT          ivLen,
+              const I_T_BYTE ** inData,
+              I_T_UINT *        inDataLen,
+              I_T_BYTE **       outData,
+              I_T_UINT *        outDataLen);
+
+/*! Encrypt data in multiple chunks
+ *
+ * Use the Init/UpdateSend/UpdateRecv/Final interface (multiple updates are OK) when you
+ * want results back from part of your crypto operation before you have
+ * all the data ready, or if your data is larger than I_C_Crypt() will
+ * allow.  
+ */
+
+I_T_RETURN FUNCEXP 
+I_C_CryptUpdateSend(I_O_Session handle,
+                    I_O_CipherState state,
+                    const I_T_BYTE * InData,
+                    I_T_UINT InDataLen);
+
+I_T_RETURN FUNCEXP 
+I_C_CryptUpdateRecv(I_O_Session handle,
+                    I_O_CipherState state,
+                    I_T_BYTE * OutData, 
+                    I_T_UINT *OutDataLen);
+
+I_T_RETURN FUNCEXP
+I_C_CryptRecvOK(I_O_Session     session,
+                I_O_CipherState state);
+
+  /*! Get the attributes of a user
+   * 
+   * \param session
+   *        A pointer to the current session.
+   * \param username
+   *        The user whose attributes should be retrieved.
+   *        If a null pointer is sent, then the attributes
+   *        of the logged in user are retrieved.
+   *        All users may retrieve their own attributes.
+   *        Only users with administrative privileges
+   *        may retrieve attributes of other users.
+   * \param pSystemAttributeList
+   *        On output, *pSystemAttributeList contains a pointer
+   *        to an AttributeList of the system attributes
+   *
+   *        The attribute names returned are:
+   *           "ModifyUserInfo" - Whether the user can modify
+   *                              certain user attributes ( currently
+   *                              limited to password )
+   *           "Group"          - A group the user belongs to. Multiple
+   *                              instances are possible - one for each
+   *                              group the user belongs to.
+   *           "User"           - The name of the connected user.
+   * \param pCustomAttributeList
+   *        On output, *pCustomAttributeList contains a pointer
+   *        to an AttributeList of the custom attributes
+   *
+   *
+   */
+  I_T_RETURN FUNCEXP 
+  I_C_GetUserAttributes(I_O_Session       session,
+                        const I_T_CHAR *  username,
+                        I_O_AttributeList *pSystemAttributeList,
+                        I_O_AttributeList *pCustomAttributeList);
+
+  /*! Get the attributes of a key
+   * 
+   * \param session
+   *        A pointer to the current session.
+   * \param keyName
+   *        A pointer to the key whose attributes
+   *        should be retrieved.
+   * \param pSystemAttributeList
+   *        On output, *pSystemAttributeList contains a pointer
+   *        to an attribute list  of the system attributes
+   *
+   *        The attribute names returned are:
+   *           "KeySize"     - The size of the key (in bits)
+   *           "Algorithm"   - An algorithm that can be used
+   *                           with the key.  
+   *                           Multiple instances may be present -
+   *                           one for each supported algorithm.
+   *           "Fingerprint" - A hash of the key bytes
+   *           The following attributes can only be "true" or "false"
+   *           "Deletable"   - Can this key be deleted?
+   *           "Exportable"  - Can this key be exported?
+   *           "Encrypt"     - Can session user encrypt with this key?
+   *           "Decrypt"     - Can session user decrypt with this key?
+   *           "Sign"        - Can session user sign with this key?
+   *           "SignV"       - Can session user verify signature with this key?
+   *           "MAC"         - Can session user compute a MAC with this key?
+   *           "MACV"        - Can session user verify a MAC with this key?
+   *           "UsePrivate"  - Can session user decrypt with the private key?
+   *           "UsePublic"   - Can session user encrypt with the public key?
+   *
+   * \param pCustomAttributeList
+   *        On output, *pCustomAttributeList contains a pointer
+   *        to an attribute list  of the custom attributes
+   *
+   * The user must be the owner of the key, or must have access
+   * granted to the key.
+   *
+   */
+  I_T_RETURN FUNCEXP 
+  I_C_GetKeyAttributes(I_O_Session        session,
+                       const I_T_CHAR *   keyName,  
+                       I_O_AttributeList  *pSystemAttributeList,
+                       I_O_AttributeList  *pCustomAttributeList);
+
+  /*! Export key bytes of a symmetric key.
+   * 
+   * \param session
+   *        A pointer to the current session.
+   * \param keyName
+   *        A pointer to the name of the key that should
+   *        should be exported. The key must be exportable.
+   * \param ppkeyBytes
+   *        On output, *ppKeyBytes will be assigned a pointer to the
+   *        key bytes of the key. The memory pointed to is allocated
+   *        by this function. The function I_C_Free() should be
+   *        to deallocate the memory.
+   * \param CustomAttributeList
+   *        On output, *pKeyBytesLen will be assigned the number
+   *        of key bytes of the key.
+   *
+   * The user must be the owner of the key or must have permission
+   * to export the key.
+   *
+   */
+  I_T_RETURN FUNCEXP 
+  I_C_ExportSymmetricKey(I_O_Session      session,
+                         const I_T_CHAR * keyName,
+                         I_T_BYTE **      ppKeyBytes,
+                         I_T_UINT *       pKeyBytesLen);
+
+/*! Export Wrapped Key.
+* 
+* \param session
+*        A pointer to the current session.
+* \param keyName
+*        A pointer to the name of the key that should
+*        should be exported. The key must be exportable.
+* \param wrapPublicKey
+*        A Public key to be used for wrapping.
+* \param wrapPublicKeyLen
+*        Buffer length of Public key or certificate.
+* \param wrapFormat
+*        Decides how to encode the key prior to wrapping 
+*        and how to encrypt the wrapped key.
+* \param ppWrappedKeyBytes
+*        On output, *ppWrappedKeyBytes will be assigned a 
+*        pointer to the wrapped key bytes of the key. The memory
+*        pointed to is allocated by this function. The function 
+*        I_C_Free() should be  to deallocate the memory.
+* \param pWrappedKeyBytesLen
+*        On output, *pWrappedKeyBytes will be assigned the number
+*        of key bytes of the key.
+*
+*/
+
+I_T_RETURN FUNCEXP 
+I_C_ExportWrappedKey(I_O_Session handle, 
+		       const I_T_CHAR * keyName,
+		       const I_T_BYTE* wrapPublicKey, 
+		       const I_T_UINT wrapPublicKeyLen, 
+		       const I_T_KeyWrapFormat wrapFormat, 
+		       I_T_BYTE ** ppWrappedKeyBytes, 
+		       I_T_UINT *pWrappedKeyBytesLen);
+
+
+  /*! Clone oldKeyname to newKeyname
+   * 
+   * \param session
+   *        A pointer to the current session.
+   * \param keyName
+   *        A pointer to the name of the key that should.
+   *        should be cloned.
+   * \param newKeyName
+   *        A pointer to the name of the new clone.
+   */
+  I_T_RETURN FUNCEXP
+  I_C_CloneKey(I_O_Session      handle,
+               const I_T_CHAR * keyName,
+               const I_T_CHAR * newKeyName);
+
+  /*! Create an I_O_AttributeList object.
+   * 
+   * \param pCustomAttributeList
+   *        On output, a pointer to a newly created I_O_AttributeList
+   *        will be stored in *pAttributeList.
+   */
+  I_T_RETURN FUNCEXP
+  I_C_CreateCustomAttributeList(I_O_AttributeList * pCustomAttributeList);
+
+  /*! Add an attribute to an I_O_AttributeList object 
+   * 
+   * \param customAttributeList
+   *        An attribute list object to which an attribute should be added.
+   *        Note that only a custom attribute list may be passed.
+   * \param attributeName
+   *        The name of the attribute. The name must be null terminated
+   *        strings of at most 64 characters (excluding null termination)
+   *        and may only contain the following characters:
+   *             - letters 'a' thru 'z'
+   *             - letters 'A' thru 'Z'
+   *             - numerals '0' thru '9'
+   *             - underscore '_'
+   *             - hyphen '-'
+   *             - period '.'
+   *       The name must start with an alphabetic character.
+   * \param attributeValue
+   *        The value of the attribute.
+   *        A new attribute will be added to the attribute list
+   *        if an attribute with the attributeName does not exist.
+   *        otherwise the value of that attribute will be overwritten
+   *        with attributeValue.
+   *        The value must not contain more than 1024 characters,
+   *        and must be null-terminated strings of 7-bit US ASCII
+   *        characters.
+   */
+  I_T_RETURN FUNCEXP
+  I_C_AddToAttributeList(I_O_AttributeList customAttributeList,
+                         const I_T_CHAR *  attributeName,
+                         const I_T_CHAR *  attributeValue);
+
+   /*! Find an attribute value in an I_O_AttributeList object 
+    *  
+    * \param attributeList 
+    *        An AttributeList object. 
+    * \param attributeName 
+    *        The name of the attribute whose value must 
+    *        be found. 
+    *        Both custom and system attribute lists may be passed.
+    * \param ppAttributeValue 
+    *        If attributeList contains an attribute with the attributeName, 
+    *        I_E_OK is returned and *ppAttributeValue 
+    *        contains a pointer to the value of the attribute. 
+    *        Otherwise, I_E_END is returned. 
+    */
+  I_T_RETURN FUNCEXP
+  I_C_FindInAttributeList(I_O_AttributeList attributeList,
+                          const I_T_CHAR *  attributeName,
+                          I_T_CHAR **       ppAttributeValue);
+
+  /*! Retrieve the value of a specific instance of an attribute
+   *  with the given attributeName. 
+   *  Meant for use with an attributeList that may contain multiple
+   *  instances of attributes with the same attributeName.
+   *  Typically used to retrieve the values of all instances
+   *  of an attributeName.
+   *
+   * \param attributeList
+   *        An AttributeList object.
+   *        Only system attribute lists may be passed.
+   * \param attributeName
+   *        The name of the attribute whose value for a specific
+   *        instance is to be retrieved.
+   * \param ppAttributeValue
+   *        If attributeList contains the specific instance of 
+   *        an attribute with the attributeName, 
+   *        I_E_OK is returned and *ppAttributeValue 
+   *        contains a pointer to the value of the attribute. 
+   *        Otherwise, I_E_END is returned.
+   *        There are no "holes" - the lowest value of the
+   *        parameter instance that causes an I_E_END represents
+   *        one more than the number of instances 
+   *        that exist with the given attributeName. 
+   * \param instanceNumber
+   *        The specific instance of the attribute with the
+   *        attributeName whose value is to be retrieved.
+   *        The instance numbering starts with 1 (not with zero!).
+   */
+  I_T_RETURN FUNCEXP
+  I_C_FindInstanceInAttributeList(I_O_AttributeList attributeList,
+				     const I_T_CHAR *  attributeName,
+				     I_T_CHAR **       ppAttributeValue,
+				     I_T_UINT instanceNumber);
+
+  /*! Remove an attribute from an I_O_AttributeList object
+   * \param customAttributeList
+   *        An attribute list object from which to remove an attribute.
+   *        Note that only a custom attribute list may be passed.
+   * \param attributeName
+   *        The name of the attribute that should be removed.
+   *        All attribute instances with the name will be removed.
+   */
+  I_T_RETURN FUNCEXP
+  I_C_RemoveFromAttributeList(I_O_AttributeList customAttributeList,
+                              const I_T_CHAR *  attributeName);
+
+  /*! Destroy an AttributeList object and release resources 
+   * \param attributeList
+   *        The AttributeList object to be destroyed.
+   *        Both custom and system attribute lists may be passed.
+   */
+  I_T_RETURN FUNCEXP
+  I_C_DeleteAttributeList(I_O_AttributeList attributeList);
+
+/*! Return information about the encryption provider.  
+ *
+ * As the client can connect to many servers in active and passive failover, 
+ * the values returned from this will change randomly for any given call 
+ * depending on which server connection is used.
+ *
+ * \param session          The current session.
+ * \param software_version OUT: The version of the software on the NAE server. 
+ * \param library_version  OUT: library versionperform.
+ * \param vendor_ID        OUT: The name of the vendor.                    
+ * \param model_number     OUT: The model number of the server (e.g. "i321")
+ * \param serial_number    OUT: The serial number (or Box ID) of the NAE server.
+ * \param datetime         OUT: Timestamp from the server in GMT.
+ */
+I_T_RETURN FUNCEXP 
+I_C_GetKeyManagerInfo(I_O_Session session,
+                      /* OUT: */
+                      I_T_CHAR ** software_version,
+                      I_T_CHAR ** library_version,
+                      I_T_CHAR ** vendor_ID,
+                      I_T_CHAR ** model_number,
+                      I_T_CHAR ** serial_number,
+                      I_T_CHAR ** datetime);
+ 
+/*! Log a message on the server.
+ * 
+ * \param session    : The current session.
+ * \param logMessage : A message to log on the server.
+ */
+I_T_RETURN FUNCEXP
+I_C_LogEvent(I_O_Session session,
+             const I_T_CHAR * logMessage);
+
+/*! Set custom attributes of the key on the server
+ *
+ * \param session                 : The current session.
+ * \param keyname                 : The name of the key.
+ * \param clearExistingAttributes : Removes existing attributes before setting
+ *                                  the given attribute list.  Setting this to
+ *                                  false will have the passed customAttributeList
+ *                                  list merged with the existing values with 
+ *                                  any common names being overwritten.
+ * \param customAttributeList        : The new attribute list.
+ *
+ * Only the owner of the key may modify the attributes.
+ */
+I_T_RETURN FUNCEXP
+I_C_SetKeyAttributes(I_O_Session session,
+                     const I_T_CHAR * keyname,
+                     I_T_BOOL clearExistingAttributes,
+                     I_O_AttributeList customAttributeList);
+
+
+/*!Import a key to the server.
+ *
+ * \param session     : The current session.
+ * \param keyname     : The name of the new key
+ * \param keyBytes    : The key bytes to use for the new key
+ * \param keyBytesLen : The length of the keyBytes array
+ * \param keyInfo     : The keyInfo (algorithm name, key size, etc) for the key.
+ * \param grouplist   : A GroupList object (see I_C_CreateGroupListObject()).
+ */
+I_T_RETURN FUNCEXP
+I_C_ImportKey(I_O_Session     session, 
+              const I_T_CHAR *keyname,
+              I_T_BYTE       *keyBytes,
+              I_T_UINT        keyBytesLen,
+              I_O_KeyInfo     keyinfo, 
+              I_O_GroupList   grouplist);
+
+
+/*! Return the length of the cipher text's header (aka, tag).
+ * 
+ * \param session
+ *        The current session.
+ * \param cipher
+ *        The cipher spec.
+ * \param cipherText
+ *        A pointer to a buffer containing tagged cipher text.  Must not be NULL
+ * \param cipherTextLen
+ *        The length of the cipherText.  Must be greater than zero.
+ * \param cipherHeaderLen
+ *        On output, cipherHeaderLen will be assigned the number of bytes
+ *        consumed by the tag.  Must not be NULL.
+ */
+I_T_RETURN FUNCEXP 
+I_C_GetCiphertextHeaderLength(I_O_Session    session,
+                              I_O_CipherSpec cipher,
+                        const I_T_BYTE *     cipherText,
+                              I_T_UINT       cipherTextLen,
+                              I_T_UINT *     cipherHeaderLen);
+
+/*!Deallocate memory
+ *
+ * \param vp     : A void pointer. The memory pointed to
+ *                 will be deallocated.
+ *
+ * Deallocates memory allocated by some ICAPI functions.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_Free(void *vp);
+
+
+
+/*!Modifies a key's lifecycle state or version.
+ *
+ * \param session
+ *        The current session.
+ * \param keyName
+ *        The key name.  When the keyParameterType == I_T_KeyLifecycleState,
+ *        keyname should be in the format, "key_name#number_to_alter".  For
+ *        example, given the key name for the versioned key, "SecureKey", and
+ *        and the version to modify is, say, 3, keyname should be "SecureKey#3".
+ *        When keyParameterType == I_T_KeyVersion, keyname should be in the
+ *        format, "key_name", without the "#" and version number.
+ * \param keyParameterType
+ *        The parameter type being modified.  See the typedef enum for 
+ *        I_T_KeyParameterType for valid values.
+ * \param keyParameterValue
+ *        The key parameter type.  See the typedef enum for
+ *        I_T_KeyParameterValueEnum. 
+ *
+ * Increments key versions, or alters key lifecycle states.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_SetKeyParameter(I_O_Session session,
+              const I_T_CHAR *keyname,
+                    I_T_KeyParameterType keyParameterType,
+                    I_T_KeyParameterValue keyParameterValue);
+
+/*!Destroys a certificate.
+ *
+ * \param sessionHandle
+ *        The current session.
+ * \param certificateName
+ *        The name of the certificate to delete.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_DestroyCertificate(I_O_Session     sessionHandle,
+                      const I_T_CHAR * certificateName);
+
+
+/*!Export a certificate to a specified format.
+ *
+ * \param sessionHandle
+ *        The current session.
+ * \param certificateName
+ *        The name of the certificate to export.
+ * \param exportFormat
+ *        Format of the exported certificate data.
+ * \param password
+ *        Password required when exporting to PKCS#12 format.
+ * \param data
+ *        Output buffer that will receive certificate data.  The function will
+ *        allocate the memory, and it should be freed using I_C_Free when done.
+ *        to free the data.
+ * \param dataSize
+ *        On input, this parameter specifies the size of the data buffer.
+ *        On output, this parameter is set to number of bytes actually
+ *        written to the output data buffer.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_ExportCertificate(I_O_Session      sessionHandle,
+                      const I_T_CHAR * certificateName,
+                      I_T_ExportFormat exportFormat,
+                      const I_T_CHAR * password,
+                      I_T_CHAR **      data,
+                      I_T_UINT *       dataSize);
+
+/*!Export a CA chain to a specified format.
+ *
+ * \param sessionHandle
+ *        The current session.
+ * \param caName
+ *        The name of the certificate for which CA chain is exported.
+ * \param data
+ *        Output buffer that will receive CA chain data.  The function will
+ *        allocate the memory, and it should be freed using I_C_Free when done.
+ * \param dataSize
+ *        On input, this parameter specifies the size of the data buffer.
+ *        On output, this parameter is set to number of bytes actually
+ *        written to the output data buffer.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_ExportCAChain(I_O_Session      sessionHandle,
+                  const I_T_CHAR * caName,
+                  I_T_CHAR **      data,
+                  I_T_UINT *       dataSize);
+
+
+/*!Import a certificate.
+ *
+ * \param sessionHandle
+ *        The current session.
+ * \param certificateName
+ *        Name of the certificate to import.
+ * \param deletableFlag
+ *        Specify if this certificate can be deleted from the server.
+ * \param exportableFlag
+ *        Specify if this certificate can be exported from the server
+ * \param grouplist
+ *        A GroupList object (see I_C_CreateGroupListObject()).
+ * \param password
+ *        Password required when exporting to PKCS#12 format.
+ * \param data
+ *        Input certificate data.
+ * \param dataSize
+ *        Size of the import certificate.
+ *
+ */
+I_T_RETURN FUNCEXP
+I_C_ImportCertificate(I_O_Session      sessionHandle,
+                      const I_T_CHAR * certificateName,
+                      I_T_BOOL         deletableFlag,
+                      I_T_BOOL         exportableFlag,
+                      I_O_GroupList    groupList,
+                      const I_T_CHAR * password,
+                      I_T_CHAR *       data,
+                      I_T_UINT         dataSize);
+
+
+/* Deprecated Functions - Begin */
+
+/* Note : This function is deprecated. Use I_C_CalculateOutputSize().
+ * ! Get the size the ciphertext will be when encrypted using a given cipher
+ *
+ * \param cipher          The cipher spec.
+ * \param operation       The operation that will be performed.
+ * \param plaintextSize   The size of the plaintext in bytes.
+ * \param ciphertextSize  The returned ciphertext size in bytes.
+ */
+I_T_RETURN FUNCEXP
+I_C_CalculateEncipheredSize(I_O_CipherSpec cipher,
+                            I_T_Operation  operation,
+                            I_T_UINT       plaintextSize,
+                            I_T_UINT *     ciphertextSize);
+
+
+/* Note : This function is deprecated. Use I_C_CalculateOutputSizeForKey().
+ * ! Get the size the ciphertext will be when encrypted using a given cipher
+ *
+ * \param session         The session.
+ * \param cipher          The cipher spec.
+ * \param operation       The operation that will be performed.
+ * \param plaintextSize   The size of the plaintext in bytes.
+ * \param ciphertextSize  The returned ciphertext size in bytes.
+ */
+I_T_RETURN FUNCEXP
+I_C_CalculateEncipheredSizeForKey(I_O_Session session,
+                                  I_O_CipherSpec cipher,
+                                  I_T_Operation  operation,
+                                  I_T_UINT       plaintextSize,
+                                  I_T_UINT *     ciphertextSize);
+
+/* Deprecated Functions - End */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* IngrianICAPI */