ca_mgmt.h

Go to the documentation of this file.

/*
 * ca_mgmt.h
 *
 * Certificate Authority Management Factory
 *
 * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
 * Proprietary and Confidential Material.
 *
 */

/*------------------------------------------------------------------*/

#ifndef __CA_MGMT_HEADER__
#define __CA_MGMT_HEADER__

#ifdef __cplusplus
extern "C" {
#endif


/*------------------------------------------------------------------*/

/* these values are serialized -- add but don't modify */
/* valid values for the AsymmetricKey type field */
/* The akt_custom is for custom keys, such as hardware keys.
 */
enum
{
    akt_undefined = 0, /* keep it 0 -> static var are correctly initialized */
                       /* as undefined */
    akt_rsa = 1,
    akt_ecc = 2,
    akt_dsa = 3,
    akt_dh  = 4,
    akt_rsa_pss = 5,

    akt_custom = 101,
    akt_moc    = 102,
    
    akt_ecc_ed = 112,
    
    akt_hybrid = 113,
    akt_qs = 114,
    
    akt_tap_rsa = 0x00020001,
    akt_tap_ecc = 0x00020002,
    akt_hsm_rsa = 0x00010001,
    akt_hsm_ecc = 0x00010002
};

#if (defined(__ENABLE_MOCANA_ECC__))
/*
 curveId: they actually match the suffix of the OID
 for these curves or algorithm identifiers
 */
enum
{
    cid_EC_P192 = 1,
    cid_EC_P256 = 7,
    cid_EC_P224 = 33,
    cid_EC_P384 = 34,
    cid_EC_P521 = 35,
    cid_EC_X25519 = 110,  /* edDH X25519 suffix */
    cid_EC_X448 = 111,    /* edDH X448 suffix */
    cid_EC_Ed25519 = 112, /* edDSA 25519 suffix */
    cid_EC_Ed448 = 113    /* edDSA 448 suffix */
};

#endif

#if (defined(__ENABLE_MOCANA_QS__))
/* Identifiers for quantum safe sig algs, SIG values match the OID suffix for each algorithm */ 
enum
{
    cid_QS_SIG_DILITHIUM_2 = 0x04,
    cid_QS_SIG_DILITHIUM_3 = 0x05,
    cid_QS_SIG_DILITHIUM_4 = 0x06,
    cid_QS_SIG_DILITHIUM_5 = 0x07,
    cid_QS_SIG_FALCON_512 = 0x10,
    cid_QS_SIG_FALCON_1024 = 0x11,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_128S = 0x50,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_128F = 0x51,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_128S = 0x52,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_128F = 0x53,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_192S = 0x54,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_192F = 0x55,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_192S = 0x56,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_192F = 0x57,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_256S = 0x58,
    cid_QS_SIG_SPHINCS_PLUS_SHA2_256F = 0x59,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_256S = 0x5a,
    cid_QS_SIG_SPHINCS_PLUS_SHAKE_256F = 0x5b,
#if 0
    cid_QS_SIG_RAINBOW_IA_CLASSIC = 0x20,
    cid_QS_SIG_RAINBOW_IA_CYCLIC = 0x21,
    cid_QS_SIG_RAINBOW_IA_CYCLIC_COMPRESSED = 0x22,
    cid_QS_SIG_RAINBOW_IIIC_CLASSIC = 0x23,
    cid_QS_SIG_RAINBOW_IIIC_CYCLIC = 0x24,
    cid_QS_SIG_RAINBOW_IIIC_CYCLIC_COMPRESSED = 0x25,
    cid_QS_SIG_RAINBOW_VC_CLASSIC = 0x26,
    cid_QS_SIG_RAINBOW_VC_CYCLIC = 0x27,
    cid_QS_SIG_RAINBOW_VC_CYCLIC_COMPRESSED = 0x28,
    cid_QS_SIG_QTESLA_P_I = 0x30,
    cid_QS_SIG_MQDSS_31_48  = 0x40,
#endif
    cid_QS_KEM_MCELIECE_348864 = 0x100,
    cid_QS_KEM_MCELIECE_348864F = 0x101,
    cid_QS_KEM_MCELIECE_460896 = 0x102,
    cid_QS_KEM_MCELIECE_460896F = 0x103,
    cid_QS_KEM_MCELIECE_6688128 = 0x104,
    cid_QS_KEM_MCELIECE_6688128F = 0x105,
    cid_QS_KEM_MCELIECE_6960119 = 0x106,
    cid_QS_KEM_MCELIECE_6960119F = 0x107,
    cid_QS_KEM_MCELIECE_8192128 = 0x108,
    cid_QS_KEM_MCELIECE_8192128F = 0x109,
    cid_QS_KEM_KYBER_512 = 0x110,
    cid_QS_KEM_KYBER_768 = 0x111,
    cid_QS_KEM_KYBER_1024 = 0x112,
    cid_QS_KEM_KYBER_512_90S = 0x113,
    cid_QS_KEM_KYBER_768_90S = 0x114,
    cid_QS_KEM_KYBER_1024_90S = 0x115,
    cid_QS_KEM_NTRU_HPS_2048_509 = 0x120,
    cid_QS_KEM_NTRU_HPS_2048_677 = 0x121,
    cid_QS_KEM_NTRU_HPS_4096_821 = 0x122,
    cid_QS_KEM_NTRU_HRSS_701 = 0x123,
    cid_QS_KEM_LIGHTSABER = 0x130,
    cid_QS_KEM_SABER = 0x131,
    cid_QS_KEM_FIRESABER = 0x132,
    cid_QS_KEM_FRODOKEM_640_AES = 0x140,
    cid_QS_KEM_NEWHOPE_512CCA = 0x150,
    cid_QS_KEM_SIKE_P434 = 0x160,
    cid_QS_KEM_SIDH_P434 = 0x170
};
#endif


/*------------------------------------------------------------------*/

struct AsymmetricKey;

typedef struct certDescriptor
{
    ubyte*  pCertificate;

    ubyte4  certLength;

    ubyte*  pKeyBlob;

    ubyte4  keyBlobLength;

    struct AsymmetricKey* pKey;

#if !(defined __ENABLE_MOCANA_64_BIT__)

    ubyte4  cookie;
#else

    ubyte8  cookie;
#endif
} certDescriptor;

/* old structure */

typedef struct nameAttr
{
    const ubyte *oid; /* the OID of the attribute */
    ubyte type;
    ubyte* value;
    ubyte4 valueLen;
} nameAttr;

typedef struct relativeDN /* RDN */
{
    nameAttr *pNameAttr;
    ubyte4   nameAttrCount;
} relativeDN;

typedef struct certDistinguishedName
{
    relativeDN *pDistinguishedName;
    ubyte4      dnCount;

    sbyte*          pStartDate;                 /* 030526000126Z */

    sbyte*          pEndDate;                   /* 330524230347Z */

} certDistinguishedName;

typedef struct extensions
{
    ubyte* oid;

    byteBoolean isCritical;

    ubyte* value;

    ubyte4 valueLen;
} extensions;

typedef struct certExtensions
{
    byteBoolean    hasBasicConstraints;

    byteBoolean    isCA;

    sbyte          certPathLen; /* if negative omit this */

    /* key usage */
    byteBoolean    hasKeyUsage;

    ubyte2         keyUsage;

    extensions *otherExts;

    ubyte4      otherExtCount;
} certExtensions;

enum matchFlag
{
    matchFlagSuffix = 0x01,     /* match only the last part "server1.acme.com" matches "acme.com" */
    noWildcardMatch = 0x02,     /* name is not following rules... */
    matchFlagNoWildcard = 0x02,
    matchFlagDotSuffix = 0x04
    /* others tbd */
};


typedef struct CNMatchInfo
{
    ubyte4          flags;
    const sbyte*    name;
} CNMatchInfo;

/* subtype of SubjectAltName */
enum
{
    SubjectAltName_otherName,
    SubjectAltName_rfc822Name,
    SubjectAltName_dNSName,
    SubjectAltName_x400Address,
    SubjectAltName_directoryName,
    SubjectAltName_ediPartyName,
    SubjectAltName_uniformResourceIdentifier,
    SubjectAltName_iPAddress,
    SubjectAltName_registeredID
};

typedef struct Blob
{
    ubyte4 dataLen;
    ubyte* data;
} Blob;

/* similar to nameAttr */
typedef struct SubjectAltNameAttr
{
    Blob  subjectAltNameValue;
    ubyte subjectAltNameType;
} SubjectAltNameAttr;


/* keyPropertyType values */
enum
{
    kp_undefined = 0,
    kp_size = 1,
    kp_blob = 2,
    kp_key = 3
};

/* properties to use when creating a certificate
 all are optional, if not specified, appropriate default values will be used */
typedef struct CertProperties
{
    ubyte signAlgorithm;
    ubyte keyPropertyType; /* kp_xxxx */
    union
    {
        Blob keyBlob;
        const struct AsymmetricKey* pKey;
        ubyte4 keySize;
    } keyProperty;
    const certDescriptor* pParentCert;
    const certExtensions* pExtensions;
    Blob serialNumber;
} CertProperties;


/*------------------------------------------------------------------*/

/* common server (certificate & key related methods) */
/* signAlgo is now the last digit of the PKCS1 OID ex: md5withRSAEncryption */
/* more complex versions of these -- specify extensions and parent certificate */
MOC_EXTERN sbyte4 CA_MGMT_generateCertificateEx( certDescriptor *pRetCertificate, ubyte4 keySize,
                                            const certDistinguishedName *pCertInfo, ubyte signAlgorithm,
                                            const certExtensions* pExtensions,
                                            const certDescriptor* pParentCertificate);

MOC_EXTERN sbyte4 CA_MGMT_generateCertificateWithProperties( certDescriptor *pRetCertificate,
                                                            const certDistinguishedName* forName,
                                                            const CertProperties* properties);

MOC_EXTERN sbyte4 CA_MGMT_generateCertificateEx2( certDescriptor *pRetCertificate,
                                                 struct AsymmetricKey* key,
                                                 const certDistinguishedName *pCertInfo,
                                                 ubyte signAlgorithm);

MOC_EXTERN sbyte4 CA_MGMT_generateCertificateExType( certDescriptor *pRetCertificate, ubyte4 keyType, ubyte4 keySize,
                                const certDistinguishedName *pCertInfo, ubyte signAlgorithm,
                                const certExtensions* pExtensions,
                                const certDescriptor* pParentCertificate);

MOC_EXTERN sbyte4 CA_MGMT_generateCertificateHybrid( certDescriptor *pRetCertificate, ubyte4 curve, ubyte4 qsAlg,
                                const certDistinguishedName *pCertInfo, const certExtensions* pExtensions,
                                const certDescriptor* pParentCertificate);


MOC_EXTERN sbyte4 CA_MGMT_makeSubjectAltNameExtension( extensions* pExtension,
                                                      const SubjectAltNameAttr* nameAttrs,
                                                      sbyte4 numNameAttrs);


MOC_EXTERN sbyte4  CA_MGMT_freeCertificate(certDescriptor *pRetCertificateDescr);

#if 0
/*
 @cond
 
 @brief      Get a copy of an SoT Platform key blob's public key.
 
 @details    This function gets a copy of the public key in an SoT Platform
             key blob returned by CA_MGMT_generateCertificate().
 
 @ingroup    cert_mgmt_functions
 
 @since 1.41
 @version 1.41 and later
 
 @flags
 To enable this function, the following flag must \b not be defined:
 + \c \__DISABLE_MOCANA_CERTIFICATE_GENERATION__
 
 @inc_file ca_mgmt.h
 
 @param pCertificateDescr    Pointer to the certificate descriptor containing
                             the X.509 certificate and key blob from which
                             you want to extract the key.
 @param ppRetPublicKey       On return, pointer to the extracted public key.
 @param pRetPublicKeyLength  On return, pointer to number of bytes in the
                             generated public key.
 
 @return     \c OK (0) if successful; otherwise a negative number error code
             definition from merrors.h. To retrieve a string containing an
             English text error identifier corresponding to the function's
             returned error status, use the \c DISPLAY_ERROR macro.
 
 @remark     This is a convenience function provided for your application's
             use; it is not used by Digicert SoT Platform internal code.
 
 @code
 sbyte4 status = 0;
 
 status = CA_MGMT_returnPublicKey(pCertificateDescr, &pRetPublicKey, &retPublicKeyLength);
 @endcode
 
 @funcdoc    ca_mgmt.h
 */
MOC_EXTERN sbyte4  CA_MGMT_returnPublicKey(certDescriptor *pCertificateDescr, ubyte **ppRetPublicKey, ubyte4 *pRetPublicKeyLength);

/*
 @brief      Get number of bytes in a certificate's public key.
 
 @details    This function gets the number of bytes in a specified
             certificate's public key.
 
 @ingroup    cert_mgmt_functions
 
 @since 1.41
 @version 1.41 and later
 
 @flags
 To enable this function, the following flag must \b not be defined:
 + \c \__DISABLE_MOCANA_CERTIFICATE_GENERATION__
 
 @inc_file ca_mgmt.h
 
 @param pCertificateDescr            Pointer to the certificate descriptor
                                     containing the X.509 certificate and
                                     key blob generated public key whose
                                     length you want.
 @param pRetPublicKeyLengthInBits    On return, pointer to length (in bits) of
                                     the generated public key.
 
 @return     \c OK (0) if successful; otherwise a negative number error code
             definition from merrors.h. To retrieve a string containing an
             English text error identifier corresponding to the function's
             returned error status, use the \c DISPLAY_ERROR macro.
 
 @remark     This is a convenience function provided for your application's
             use; it is not used by Digicert SoT Platform internal code.
 
 @funcdoc    ca_mgmt.h
 */
MOC_EXTERN sbyte4  CA_MGMT_returnPublicKeyBitLength(certDescriptor *pCertificateDescr, ubyte4 *pRetPublicKeyLengthInBits);

/*
 @brief      Free memory allocated by CA_MGMT_returnPublicKey().
 
 @details    This function frees the memory in the specified buffer that was
              previously allocated by a call to CA_MGMT__returnPublicKey().
 
 @ingroup    cert_mgmt_functions
 
 @since 1.41
 @version 1.41 and later
 
 @flags
 To enable this function, the following flag must \b not be defined:
 + \c \__DISABLE_MOCANA_CERTIFICATE_GENERATION__
 
 @inc_file ca_mgmt.h
 
 @param ppRetPublicKey   Pointer to the public key to free.
 
 @return     \c OK (0) if successful; otherwise a negative number error code
              definition from merrors.h. To retrieve a string containing an
              English text error identifier corresponding to the function's
              returned error status, use the \c DISPLAY_ERROR macro.
 
 @code
 sbyte4 status = 0;
 
 status = CA_MGMT_freePublicKey(&pRetPublicKey);
 @endcode
 
 @funcdoc    ca_mgmt.h
 */
MOC_EXTERN sbyte4  CA_MGMT_freePublicKey(ubyte **ppRetPublicKey);

#endif

MOC_EXTERN sbyte4  CA_MGMT_allocCertDistinguishedName(certDistinguishedName **ppNewCertDistName);

MOC_EXTERN sbyte4  CA_MGMT_extractCertDistinguishedName(ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, certDistinguishedName *pRetDN);

MOC_EXTERN sbyte4  CA_MGMT_returnCertificatePrints(ubyte *pCertificate, ubyte4 certLength, ubyte *pShaFingerPrint, ubyte *pMD5FingerPrint);


MOC_EXTERN sbyte4  CA_MGMT_freeCertDistinguishedName(certDistinguishedName **ppFreeCertDistName);

MOC_EXTERN sbyte4  CA_MGMT_extractCertASN1Name(const ubyte *pCertificate, ubyte4 certificateLength,
                                           sbyte4 isSubject, sbyte4 includeASN1SeqHeader, ubyte4* pASN1NameOffset, ubyte4* pASN1NameLen);

MOC_EXTERN sbyte4  CA_MGMT_convertKeyDER(ubyte *pDerRsaKey, ubyte4 derRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength);
MOC_EXTERN sbyte4  CA_MGMT_convertKeyPEM(ubyte *pPemRsaKey, ubyte4 pemRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength);
MOC_EXTERN MSTATUS CA_MGMT_keyBlobToDER(const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength);
MOC_EXTERN MSTATUS CA_MGMT_publicKeyBlobToDER(const ubyte *pPublicKeyBlob, ubyte4 publicKeyBlobLength,
  ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength);
MOC_EXTERN MSTATUS CA_MGMT_keyBlobToPEM(const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyPEM, ubyte4 *pRetKeyPEMLength);

MOC_EXTERN MSTATUS CA_MGMT_convertRSAPublicKeyInfoDER (
  ubyte *pDerRsaKey,
  ubyte4 derRsaKeyLength,
  ubyte **ppRetKeyBlob,
  ubyte4 *pRetKeyBlobLength
  );

struct vlong;

/* Build the DER encoding of
 * <pre>
 * <code>
 *   MocanaTPM1.2RSAKeyData ::= SEQUENCE {
 *     OCTET STRING   encryptedPrivateKey,
 *     INTEGER        modulus,
 *     INTEGER        publicExponent }
 * </code>
 * </pre>
 * <p>This function will allocate space for the encoding and return a pointer to
 * this allocated memory at the address given by ppDerEncoding.
 * <p>Note that the blob is the Digicert version 2 blob.
 */
MOC_EXTERN MSTATUS CA_MGMT_tpm12RsaKeyBlobToDer (
  ubyte *pKeyBlob,
  ubyte4 keyBlobLen,
  struct vlong *pModulus,
  struct vlong *pPubExpo,
  ubyte **ppDerEncoding,
  ubyte4 *pDerEncodingLen
  );

MOC_EXTERN MSTATUS CA_MGMT_verifyCertDate(ubyte *pCert, ubyte4 certLen);

MOC_EXTERN sbyte4  CA_MGMT_verifyCertWithKeyBlob(certDescriptor *pCertificateDescr, sbyte4 *pIsGood);

MOC_EXTERN sbyte4  CA_MGMT_extractCertTimes(ubyte *pCertificate, ubyte4 certificateLength, certDistinguishedName *pRetDN);
    
MOC_EXTERN sbyte4  CA_MGMT_decodeCertificate(ubyte* pKeyFile, ubyte4 fileSize, ubyte** ppDecodeFile, ubyte4 *pDecodedLength);

#ifdef __ENABLE_MOCANA_CERTIFICATE_SEARCH_SUPPORT__
MOC_EXTERN sbyte4  CA_MGMT_extractSerialNum (ubyte* pCertificate, ubyte4 certificateLength, ubyte** ppRetSerialNum, ubyte4* pRetSerialNumLength);
MOC_EXTERN sbyte4  CA_MGMT_freeSearchDetails(ubyte** ppFreeData);

typedef sbyte4 (*CA_MGMT_EnumItemCBFun)( const ubyte* pContent, ubyte4 contentLen, ubyte4 contentType,
                                        ubyte4 index, void* userArg);


MOC_EXTERN sbyte4  CA_MGMT_enumCrl(ubyte* pCertificate, ubyte4 certificateLength,
                                         CA_MGMT_EnumItemCBFun callbackFunc, void* userArg);

MOC_EXTERN sbyte4  CA_MGMT_enumAltName( ubyte* pCertificate, ubyte4 certificateLength, sbyte4 isSubject,
                                         CA_MGMT_EnumItemCBFun callbackFunc, void* userArg);
#endif

#ifdef __PUBCRYPTO_HEADER__

MOC_EXTERN MSTATUS CA_MGMT_makeKeyBlobEx(const AsymmetricKey *pKey, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyLength);
MOC_EXTERN MSTATUS CA_MGMT_extractKeyBlobEx(const ubyte *pKeyBlob, ubyte4 keyBlobLength, AsymmetricKey* pKey);
MOC_EXTERN MSTATUS CA_MGMT_extractKeyBlobTypeEx(const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte4 *pRetKeyType);
MOC_EXTERN MSTATUS CA_MGMT_extractPublicKey(const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetPublicKeyBlob, ubyte4 *pRetPublicKeyBlobLength, ubyte4 *pRetKeyType);
#endif /* __PUBCRYPTO_HEADER__ */

#ifdef __ENABLE_MOCANA_EXTRACT_CERT_BLOB__
MOC_EXTERN sbyte4 CA_MGMT_findCertDistinguishedName(ubyte *pCertificate, ubyte4 certificateLength, intBoolean isSubject, ubyte **ppRetDistinguishedName, ubyte4 *pRetDistinguishedNameLen);
#endif

MOC_EXTERN sbyte4 CA_MGMT_generateNakedKey(ubyte4 keyType, ubyte4 keySize, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength);

MOC_EXTERN sbyte4 CA_MGMT_generateNakedHybridKey(ubyte4 keyType, ubyte4 legacyKeyType, ubyte4 legacyKeySize, ubyte4 qsAlgoId,
                         ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength);
MOC_EXTERN sbyte4 CA_MGMT_freeNakedKey(ubyte **ppFreeKeyBlob);

MOC_EXTERN sbyte4 CA_MGMT_convertPKCS8KeyToKeyBlob(const ubyte* pPKCS8DER, ubyte4 pkcs8DERLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength);

MOC_EXTERN sbyte4 CA_MGMT_convertProtectedPKCS8KeyToKeyBlob(const ubyte* pPKCS8DER, ubyte4 pkcs8DERLen, ubyte *pPassword, ubyte4 passwordLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength);

#ifdef __PKCS_KEY_HEADER__

MOC_EXTERN sbyte4 CA_MGMT_convertKeyBlobToPKCS8Key(const ubyte *pKeyBlob, ubyte4 keyBlobLength, enum PKCS8EncryptionType encType, const ubyte *pPassword, ubyte4 passwordLen, ubyte **ppRetPKCS8DER, ubyte4 *pRetPkcs8DERLen);
#endif

#if !(defined(__DISABLE_MOCANA_KEY_GENERATION__)) && !(defined(__DISABLE_MOCANA_CERTIFICATE_PARSING__))

MOC_EXTERN sbyte4 CA_MGMT_extractPublicKeyInfo(ubyte *pCertificate, ubyte4 certificateLen, ubyte** ppRetKeyBlob, ubyte4 *pRetKeyBlobLen);
#endif

MOC_EXTERN sbyte4 CA_MGMT_verifySignature(const ubyte* pIssuerCertBlob, ubyte4 issuerCertBlobLen, ubyte* pCertificate, ubyte4 certLen);

MOC_EXTERN sbyte4 CA_MGMT_extractSignature(ubyte* pCertificate, ubyte4 certificateLen, ubyte** ppSignature, ubyte4* pSignatureLen);

MOC_EXTERN sbyte4 CA_MGMT_extractBasicConstraint(ubyte* pCertificate, ubyte4 certificateLen, intBoolean* pIsCritical, certExtensions* pCertExtensions);

MOC_EXTERN MSTATUS CA_MGMT_getCertSignAlgoType(ubyte *pCertificate, ubyte4 certificateLen, ubyte4* pHashType, ubyte4* pPubKeyType);

MOC_EXTERN MSTATUS CA_MGMT_convertIpAddress(ubyte *pIpString, ubyte *pIpBytes, ubyte4 *pIpLen);

#ifdef __cplusplus
}
#endif

#endif /* __CA_MGMT_HEADER__ */