增加instant client for osx 64位版本
diff --git a/sdk/include/nzt.h b/sdk/include/nzt.h
new file mode 100644
index 0000000..42fec33
--- /dev/null
+++ b/sdk/include/nzt.h
@@ -0,0 +1,2387 @@
+/* DISABLE check_long_lines */
+
+/* Copyright (c) 1996, 2007, Oracle. All rights reserved. */
+/* Copyright (c) 1996, 2007, Oracle. All rights reserved. */
+
+/*
+ *
+ */
+
+/*
+ * NAME
+ * nzt.h
+ *
+ * DESCRIPTION
+ * Toolkit public declarations.
+ *
+ * PUBLIC FUNCTIONS
+ * nztwOpenWallet - Open a wallet based on a WRL and pwd.
+ * nztwCloseWallet - Close a wallet.
+ * + nztwCreateWallet - Create a new wallet.
+ * + nztwDestroyWallet - Destroy an existing wallet.
+ * nztwRetrievePersonaCopy - Retieve a copy of a particular persona.
+ * + nzteStorePersona - Store a persona in the wallet.
+ * nzteOpenPersona - Open a persona.
+ * nzteClosePersona - Close a persona.
+ * + nzteRemovePersona - Remove a persona from a wallet.
+ * + nzteCreatePersona - Create a persona.
+ * nzteDestroyPersona - Destroy a persona.
+ * nztiStoreTrustedIdentity - Store an identity with associated trust.
+ * nzteRetrieveTrustedIdentCopy - Retrieves a trusted identity from persona
+ * + nzteSetProtection - Modify the protection set in a persona.
+ * + nzteGetProtection - Get the protection set in a persona
+ * nztePriKey - Get the Private Key (X509 Only)
+ * nzteMyCert - Get the Certificate (X509 only)
+ * nzteX509CreatePersona - Create a persona given an X509 Certificate.
+ * + nztiRemoveIdentity - Remove an identity from a persona.
+ * nztiCreateIdentity - Create an identity.
+ * nztiDuplicateIdentity - Create a complete copy of an identity.
+ * nztiAbortIdentity - Discard an unstored identity.
+ * nztidGetIdentityDesc - Gets Identity Description from Identity.
+ * nztidFreeIdentityDesc - Frees memory for Identity Desc object.
+ * nztSign - Generate an attached signature.
+ * + nztxSignExpansion - Determine size of signature.
+ * nztVerify - Verify an attached signature.
+ * nztValidate - Validate an identity.
+ * nztsd_SignDetached - Generate a detached signature.
+ * + nztxsd_SignDetachedExpansion - Determine size of detached signature.
+ * nztved_VerifyDetached - Verify a detached signature.
+ * + nztEncrypt - Symmetric key encryption.
+ * + nztxEncryptExpansion - Determine the tdu length for encryption.
+ * + nztDecrypt - Symmetric key decryption.
+ * + nztEnvelope - Sign then encrypt data for recipient(s).
+ * + nztDeEnvelope - Reverse nztEnvelope.
+ * + nztKeyedHash - Generate keyed hash.
+ * + nztxKeyedHashExpansion - Determine size of TDU for keyed hash.
+ * nztHash - Generate hash.
+ * + nztxHashExpansion - Determine the size of the TDU for a hash.
+ * nztSeedRandom - See the random number generator.
+ * nztrb_RandomBytes - Generate a series of random bytes.
+ * nztrn_RandomNumber - Generate a random number.
+ * nztbbInitBlock - Initialize a buffer block.
+ * nztbbReuseBlock - Reuse a buffer block.
+ * nztbbSizeBlock - Find the size of the buffer block.
+ * nztbbGrowBlock - Grow initialized buffer block by 'inc' bytes.
+ * nztbbPurgeBlock - Purge the memory used within a buffer block.
+ * nztbbSetBlock - Set block to known state.
+ * nztkec_PKEncrypt - Encrypt data then encrypt key for recipient.
+ * nztkdc_PKDecrypt - Decrypt PKEncrypt'ed data.
+ * nztific_FreeIdentityContent - Free the contents of an identity.
+ * nztifdn - Create an identity from a distinguished name
+ * nztcts_CipherSpecToStr - Converts the Cipher Spec Code To String
+ * nztiae_IsAuthEnabled - Checks to see if Authentication is Enabled
+ * in the current Cipher Spec.
+ * nztiae_IsEncrEnabled - Checks to see if Encryption is Enabled
+ * in the current Cipher Spec.
+ * nztiae_IsHashEnabled - Checks to see if Hashing is Enabled
+ * in the current Cipher Spec.
+ * nztwGetCertInfo - Get peer certificate info
+ *
+ * NOTE: the '+' indicates that these functions are UNSUPPORTED at this time.
+ *
+ * NOTES
+ *
+ * MODIFIED
+ * shiahuan 11/28/07 -
+ * skalyana 08/15/07 -
+ * pkale 09/28/06 - Bug 5565668: Removed __STDC__
+ * tnallath 09/22/05 -
+ * rchahal 07/27/04 - add keyusage
+ * srtata 11/10/03 - fix nztSetAppDefaultLocation header
+ * rchahal 10/15/03 - bug 2513821
+ * rchahal 11/11/02 - pkcs11 support
+ * akoyfman 07/05/02 - adding secret store to persona
+ * supriya 10/11/01 - Fix for bug # 2015732
+ * ajacobs 04/04/01 - make NZT_REGISTRY_WRL always available
+ * ajacobs 03/06/01 - olint fix
+ * ajacobs 03/02/01 - Add GetCertInfo
+ * supriya 02/23/01 - Move nzttKPUsage from nzt0.h
+ * rchahal 01/26/01 - olint fixes
+ * supriya 12/07/00 - Change fn name
+ * supriya 12/01/00 - Certificate API's needed for iAS
+ * supriya 06/19/00 - Adding definitions for MCS and ENTR
+ * lkethana 05/31/00 - multiple cert support
+ * skanjila 06/25/99 - Remove nztcts_CipherSpecToStr() to NZOS.
+ * skanjila 06/23/99 - Change API of nztcts_CipherSpecToStr.
+ * lkethana 06/18/99 - rem nztIPrivateAlloc, etc
+ * lkethana 06/10/99 - changing size_t to ub4
+ * lkethana 06/02/99 - add api for getting auth/encry/hash capability of c
+ * arswamin 12/28/98 - add NZT_MAX_MD5.
+ * arswamin 12/21/98 - change signature of compareDN
+ * qdinh 12/21/98 - change size_t to ub4.
+ * inetwork 11/22/98 - Removing NZDEPRECATED definition
+ * amthakur 09/14/98 - deprecating and updating the c-structures.
+ * arswamin 09/24/98 - adding NZTTWRL_NULL for SSO support.
+ * amthakur 07/30/98 - changing the prototype of nztGetCertChain.
+ * qdinh 05/01/98 - add NZTTIDENTTYPE_INVALID_TYPE
+ * qdinh 04/17/98 - add NZTTWRL_ORACLE.
+ * ascott 10/08/97 - implement nztiStoreTrustedIdentity
+ * ascott 10/07/97 - add nztiGetIdentityDesc
+ * ascott 09/28/97 - clarify prototype comments and error codes
+ * ascott 09/05/97 - update identity: create, destroy, duplicate
+ * ascott 08/21/97 - add GetCert and GetPriKey
+ * ascott 08/07/97 - add other WRL settings
+ * asriniva 03/25/97 - Add ANSI prototypes
+ * rwessman 03/19/97 - Added prototypes for nztific_FreeIdentityContent()
+ * asriniva 03/11/97 - Fix olint errors
+ * sdange 02/28/97 - Removed inclusion of nz0decl.h
+ * sdange 02/18/97 - Moved nzt specific declarations from nz0decl.h
+ * asriniva 01/21/97 - Remove prototypes.
+ * asriniva 10/31/96 - Include oratypes.h
+ * asriniva 10/15/96 - Declare buffer block helper functions
+ * asriniva 10/08/96 - First pass at wallet open/close
+ * asriniva 10/04/96 - Add random number seed function
+ * asriniva 10/03/96 - Reorder parameters in nztbbSetBlock
+ * asriniva 10/03/96 - Keep editing.
+ * asriniva 10/03/96 - Continued edits.
+ * asriniva 10/02/96 - Continue editing.
+ * asriniva 09/26/96 -
+ */
+
+/* ENABLE check_long_lines */
+
+#ifndef NZT_ORACLE
+#define NZT_ORACLE
+
+#ifndef ORATYPES
+# include <oratypes.h>
+#endif /* ORATYPES */
+
+#ifndef NZERROR_ORACLE
+# include <nzerror.h> /* NZ error type */
+#endif /* NZERROR_ORACLE */
+
+
+#define NZT_MAX_SHA1 20
+#define NZT_MAX_MD5 16
+
+/***************************************/
+/* PUBLIC CONSTANTS, MACROS, AND TYPES */
+/***************************************/
+
+/*
+ * Wallet Resource Locator Type Strings
+ *
+ * WRL TYPE PARAMETERS BEHAVIOR
+ * ======== ========== =====================================
+ * default: <none> Uses directory defined by the parameter
+ * SNZD_DEFAULT_FILE_DIRECTORY which in
+ * unix is "$HOME/oracle/oss"
+ *
+ * file: file path Find the Oracle wallet in this directory.
+ * example: file:<dir-path>
+ *
+ * sqlnet: <none> In this case, the directory path will be
+ * retrieved from the sqlnet.ora file under
+ * the oss.source.my_wallet parameter.
+ *
+ * mcs: <none> Microsoft WRL.
+ *
+ * entr: dir path Entrust WRL. eg: ENTR:<dir-path>
+ *
+ */
+/* Note that there is no NZT_NULL_WRL. Instead look in snzd.h for DEFAULT_WRP
+ * which is used in our new defaulting mechanism. The NZT_DEFAULT_WRL
+ * should be deprecated.
+ */
+#define NZT_DEFAULT_WRL ((text *)"default:")
+#define NZT_SQLNET_WRL ((text *)"sqlnet:")
+#define NZT_FILE_WRL ((text *)"file:")
+#define NZT_ENTR_WRL ((text *)"entr:")
+#define NZT_MCS_WRL ((text *)"mcs:")
+#define NZT_ORACLE_WRL ((text *)"oracle:")
+#define NZT_REGISTRY_WRL ((text *)"reg:")
+
+enum nzttwrl
+{
+ NZTTWRL_DEFAULT = 1, /* Default, use SNZD_DEFAULT_FILE_DIRECTORY */
+ NZTTWRL_SQLNET, /* Use oss.source.my_wallet in sqlnet.ora file */
+ NZTTWRL_FILE, /* Find the oracle wallet in this directory */
+ NZTTWRL_ENTR, /* Find the entrust profile in this directory */
+ NZTTWRL_MCS, /* WRL for Microsoft */
+ NZTTWRL_ORACLE, /* Get the wallet from OSS db */
+ NZTTWRL_NULL, /* New SSO defaulting mechanism */
+ NZTTWRL_REGISTRY /* Find the wallet in Windows Registry */
+};
+typedef enum nzttwrl nzttwrl;
+
+#ifndef NZ0DECL_ORACLE
+ /*
+ * With the elimination of nz0decl.h from public, we need this
+ * redundant typedef.
+ */
+ typedef struct nzctx nzctx;
+ typedef struct nzstrc nzstrc;
+ typedef struct nzosContext nzosContext;
+#endif /* NZ0DECL_ORACLE */
+
+/* Moved from nz0decl.h */
+
+typedef struct nzttIdentity nzttIdentity;
+typedef struct nzttIdentityPrivate nzttIdentityPrivate;
+typedef struct nzttPersona nzttPersona;
+typedef struct nzttPersonaPrivate nzttPersonaPrivate;
+typedef struct nzttWallet nzttWallet;
+typedef struct nzttWalletPrivate nzttWalletPrivate;
+typedef struct nzttWalletObj nzttWalletObj; /* For wallet object */
+typedef struct nzssEntry nzssEntry; /* For secretstore */
+typedef struct nzpkcs11_Info nzpkcs11_Info;
+
+/*
+ * Crypto Engine State
+ *
+ * Once the crypto engine (CE) has been initialized for a particular
+ * cipher, it is either at the initial state, or it is continuing to
+ * use the cipher. NZTCES_END is used to change the state back to
+ * initialized and flush any remaining output. NZTTCES_RESET can be
+ * used to change the state back to initialized and throw away any
+ * remaining output.
+ */
+enum nzttces
+{
+ NZTTCES_CONTINUE = 1, /* Continue processing input */
+ NZTTCES_END, /* End processing input */
+ NZTTCES_RESET /* Reset processing and skip generating output */
+};
+typedef enum nzttces nzttces;
+
+/*
+ * Crypto Engine Functions
+ *
+ * List of crypto engine categories; used to index into protection
+ * vector.
+ */
+enum nzttcef
+{
+ NZTTCEF_DETACHEDSIGNATURE = 1, /* Signature, detached from content */
+ NZTTCEF_SIGNATURE, /* Signature combined with content */
+ NZTTCEF_ENVELOPING, /* Signature and encryption with content */
+ NZTTCEF_PKENCRYPTION, /* Encryption for one or more recipients */
+ NZTTCEF_ENCRYPTION, /* Symmetric encryption */
+ NZTTCEF_KEYEDHASH, /* Keyed hash/checkusm */
+ NZTTCEF_HASH, /* Hash/checsum */
+ NZTTCEF_RANDOM, /* Random byte generation */
+
+ NZTTCEF_LAST /* Used for array size */
+};
+typedef enum nzttcef nzttcef;
+
+/*
+ * State of the persona.
+ */
+enum nzttState
+{
+ NZTTSTATE_EMPTY = 0, /* is not in any state(senseless???) */
+ NZTTSTATE_REQUESTED, /* cert-request */
+ NZTTSTATE_READY, /* certificate */
+ NZTTSTATE_INVALID, /* certificate */
+ NZTTSTATE_RENEWAL /* renewal-requested */
+};
+typedef enum nzttState nzttState;
+
+/*
+ * Cert-version types
+ *
+ * This is used to quickly look-up the cert-type
+ */
+enum nzttVersion
+{
+ NZTTVERSION_X509v1 = 1, /* X.509v1 */
+ NZTTVERSION_X509v3, /* X.509v3 */
+#ifdef NZDEPRECATED
+ NZTTVERSION_SYMMETRIC, /* Symmetric */
+#endif
+ NZTTVERSION_INVALID_TYPE /* For Initialization */
+};
+typedef enum nzttVersion nzttVersion;
+
+/*
+ * Cipher Types
+ *
+ * List of all cryptographic algorithms, some of which may not be
+ * available.
+ */
+enum nzttCipherType
+{
+ NZTTCIPHERTYPE_RSA = 1, /* RSA public key */
+ NZTTCIPHERTYPE_DES, /* DES */
+ NZTTCIPHERTYPE_RC4, /* RC4 */
+ NZTTCIPHERTYPE_MD5DES, /* DES encrypted MD5 with salt (PBE) */
+ NZTTCIPHERTYPE_MD5RC2, /* RC2 encrypted MD5 with salt (PBE) */
+ NZTTCIPHERTYPE_MD5, /* MD5 */
+ NZTTCIPHERTYPE_SHA /* SHA */
+};
+typedef enum nzttCipherType nzttCipherType;
+
+/*
+ * TDU Formats
+ *
+ * List of possible toolkit data unit (TDU) formats. Depending on the
+ * function and cipher used some may be not be available.
+ */
+enum nztttdufmt
+{
+ NZTTTDUFMT_PKCS7 = 1, /* PKCS7 format */
+ NZTTTDUFMT_RSAPAD, /* RSA padded format */
+ NZTTTDUFMT_ORACLEv1, /* Oracle v1 format */
+ NZTTTDUFMT_LAST /* Used for array size */
+};
+typedef enum nztttdufmt nztttdufmt;
+
+/*
+ * Validate State
+ *
+ * Possible validation states an identity can be in.
+ */
+enum nzttValState
+{
+ NZTTVALSTATE_NONE = 1, /* Needs to be validated */
+ NZTTVALSTATE_GOOD, /* Validated */
+ NZTTVALSTATE_REVOKED /* Failed to validate */
+};
+typedef enum nzttValState nzttValState;
+
+/*
+ * Policy Fields <----NEW (09/14/98)
+ *
+ * Policies enforced
+ */
+enum nzttPolicy
+{
+ NZTTPOLICY_NONE = 0,
+ NZTTPOLICY_RETRY_1, /* number of retries for decryption = 1 */
+ NZTTPOLICY_RETRY_2, /* number of retries for decryption = 2 */
+ NZTTPOLICY_RETRY_3 /* number of retries for decryption = 3 */
+};
+typedef enum nzttPolicy nzttPolicy;
+
+/*
+ * Persona Usage <----NEW (09/14/98)
+ *
+ * what a persona will be used for?
+ */
+
+#ifdef NZDEPRECATED_MULTIPLECERTS
+enum nzttUsage
+{
+ NZTTUSAGE_NONE = 0,
+ NZTTUSAGE_SSL /* persona for SSL usage */
+};
+typedef enum nzttUsage nzttUsage;
+#endif
+
+/*
+ * Personas and identities have unique id's that are represented with
+ * 128 bits.
+ */
+typedef ub1 nzttID[16];
+
+/*
+ * Identity Types
+ *
+ * List of all Identity types..
+ */
+enum nzttIdentType
+{
+ NZTTIDENTITYTYPE_INVALID_TYPE = 0,
+ NZTTIDENTITYTYPE_CERTIFICTAE,
+ NZTTIDENTITYTYPE_CERT_REQ,
+ NZTTIDENTITYTYPE_RENEW_CERT_REQ,
+ NZTTIDENTITYTYPE_CLEAR_ETP,
+ NZTTIDENTITYTYPE_CLEAR_UTP,
+ NZTTIDENTITYTYPE_CLEAR_PTP
+};
+typedef enum nzttIdentType nzttIdentType;
+
+typedef ub4 nzttKPUsage;
+/* IF new types are added nztiMUS should be changed */
+#define NZTTKPUSAGE_NONE 0
+#define NZTTKPUSAGE_SSL 1 /* SSL Server */
+#define NZTTKPUSAGE_SMIME_ENCR 2
+#define NZTTKPUSAGE_SMIME_SIGN 4
+#define NZTTKPUSAGE_CODE_SIGN 8
+#define NZTTKPUSAGE_CERT_SIGN 16
+#define NZTTKPUSAGE_SSL_CLIENT 32 /* SSL Client */
+#define NZTTKPUSAGE_INVALID_USE 0xffff
+
+
+/*
+ * Timestamp as 32 bit quantity in UTC.
+ */
+typedef ub1 nzttTStamp[4];
+
+/*
+ * Buffer Block
+ *
+ * A function that needs to fill (and possibly grow) an output buffer
+ * uses an output parameter block to describe each buffer.
+ *
+ * The flags_nzttBufferBlock member tells the function whether the
+ * buffer can be grown or not. If flags_nzttBufferBlock is 0, then
+ * the buffer will be realloc'ed automatically.
+ *
+ * The buflen_nzttBufferBLock member is set to the length of the
+ * buffer before the function is called and will be the length of the
+ * buffer when the function is finished. If buflen_nzttBufferBlock is
+ * 0, then the initial pointer stored in pobj_nzttBufferBlock is
+ * ignored.
+ *
+ * The objlen_nzttBufferBlock member is set to the length of the
+ * object stored in the buffer when the function is finished. If the
+ * initial buffer had a non-0 length, then it is possible that the
+ * object length is shorter than the buffer length.
+ *
+ * The pobj_nzttBufferBlock member is a pointer to the output object.
+ */
+struct nzttBufferBlock
+{
+# define NZT_NO_AUTO_REALLOC 0x1
+
+ uword flags_nzttBufferBlock; /* Flags */
+ ub4 buflen_nzttBufferBlock; /* Total length of buffer */
+ ub4 usedlen_nzttBufferBlock; /* Length of used buffer part */
+ ub1 *buffer_nzttBufferBlock; /* Pointer to buffer */
+};
+typedef struct nzttBufferBlock nzttBufferBlock;
+
+/*
+ * Wallet.
+ */
+struct nzttWallet
+{
+ ub1 *ldapName_nzttWallet; /* user's LDAP Name */
+ ub4 ldapNamelen_nzttWallet; /* len of user's LDAP Name */
+ nzttPolicy securePolicy_nzttWallet; /* secured-policy of the wallet */
+ nzttPolicy openPolicy_nzttWallet; /* open-policy of the wallet */
+ nzttPersona *persona_nzttWallet; /* List of personas in wallet */
+ nzttWalletPrivate *private_nzttWallet; /* Private wallet information */
+#ifdef NZDEPRECATED
+ ub4 npersona_nzttWallet; /* Number of personas */
+#endif
+};
+
+/*
+ * The wallet contains, one or more personas. A persona always
+ * contains its private key and its identity. It may also contain
+ * other 3rd party identites. All identities qualified with trust
+ * where the qualifier can indicate anything from untrusted to trusted
+ * for specific operations.
+ */
+
+/*
+ * Persona
+ *
+ * Structure containing information about a persona.
+ */
+struct nzttPersona
+{
+ ub1 *genericName_nzttPersona; /* user-friendly persona name */
+ ub4 genericNamelen_nzttPersona; /* persona-name length */
+ nzttPersonaPrivate *private_nzttPersona; /* Opaque part of persona */
+ nzttIdentity *mycertreqs_nzttPersona; /* My cert-requests */
+ nzttIdentity *mycerts_nzttPersona; /* My certificates */
+ nzttIdentity *mytps_nzttPersona; /* List of trusted identities */
+ nzssEntry *mystore_nzttPersona; /* List of secrets */
+ nzpkcs11_Info *mypkcs11Info_nzttPersona; /* PKCS11 token info */
+ struct nzttPersona *next_nzttPersona; /* Next persona */
+#ifdef NZDEPRECATED_MULTIPLECERTS
+ /* As Persona has multiple certs for different
+ usages, Persona Usage does not mean anything. Similarly
+ each key pair has its own state and Persona state itself
+ does not mean anything. - lk 5/31/00
+ */
+ nzttUsage usage_nzttPersona; /* persona usage; SSL/SET/.. */
+ nzttState state_nzttPersona; /* persona state-requested/ready */
+ ub4 ntps_nzttPersona; /* Num of trusted identities */
+#endif
+};
+
+/*
+ * Identity
+ *
+ * Structure containing information about an identity.
+ *
+ * NOTE
+ * -- the next_trustpoint field only applies to trusted identities and
+ * has no meaning (i.e. is NULL) for self identities.
+ */
+struct nzttIdentity
+{
+ text *dn_nzttIdentity; /* Alias */
+ ub4 dnlen_nzttIdentity; /* Length of alias */
+ text *comment_nzttIdentity; /* Comment */
+ ub4 commentlen_nzttIdentity; /* Length of comment */
+ nzttIdentityPrivate *private_nzttIdentity; /* Opaque part of identity */
+ nzttIdentity *next_nzttIdentity; /* next identity in list */
+};
+
+struct nzttB64Cert
+{
+ ub1 *b64Cert_nzttB64Cert;
+ ub4 b64Certlen_nzttB64Cert;
+ struct nzttB64Cert *next_nzttB64Cert;
+};
+typedef struct nzttB64Cert nzttB64Cert;
+
+
+struct nzttPKCS7ProtInfo
+{
+ nzttCipherType mictype_nzttPKCS7ProtInfo; /* Hash cipher */
+ nzttCipherType symmtype_nzttPKCS7ProtInfo; /* Symmetric cipher */
+ ub4 keylen_nzttPKCS7ProtInfo; /* Length of key to use */
+};
+typedef struct nzttPKCS7ProtInfo nzttPKCS7ProtInfo;
+
+/*
+ * Protection Information.
+ *
+ * Information specific to a type of protection.
+ */
+union nzttProtInfo
+{
+ nzttPKCS7ProtInfo pkcs7_nzttProtInfo;
+};
+typedef union nzttProtInfo nzttProtInfo;
+
+/*
+ * A description of a persona so that the toolkit can create one. A
+ * persona can be symmetric or asymmetric and both contain an
+ * identity. The identity for an asymmetric persona will be the
+ * certificate and the identity for the symmetric persona will be
+ * descriptive information about the persona. In either case, an
+ * identity will have been created before the persona is created.
+ *
+ * A persona can be stored separately from the wallet that references
+ * it. By default, a persona is stored with the wallet (it inherits
+ * with WRL used to open the wallet). If a WRL is specified, then it
+ * is used to store the actuall persona and the wallet will have a
+ * reference to it.
+ */
+struct nzttPersonaDesc
+{
+ ub4 privlen_nzttPersonaDesc; /* Length of private info (key)*/
+ ub1 *priv_nzttPersonaDesc; /* Private information */
+ ub4 prllen_nzttPersonaDesc; /* Length of PRL */
+ text *prl_nzttPersonaDesc; /* PRL for storage */
+ ub4 aliaslen_nzttPersonaDesc; /* Length of alias */
+ text *alias_nzttPersonaDesc; /* Alias */
+ ub4 longlen_nzttPersonaDesc; /* Length of longer description*/
+ text *long_nzttPersonaDesc; /* Longer persona description */
+};
+typedef struct nzttPersonaDesc nzttPersonaDesc;
+
+/*
+ * A description of an identity so that the toolkit can create one.
+ * Since an identity can be symmetric or asymmetric, the asymmetric
+ * identity information will not be used when a symmetric identity is
+ * created. This means the publen_nzttIdentityDesc and
+ * pub_nzttIdentityDesc members will not be used when creating a
+ * symmetric identity.
+ */
+struct nzttIdentityDesc
+{
+ ub4 publen_nzttIdentityDesc; /* Length of identity */
+ ub1 *pub_nzttIdentityDesc; /* Type specific identity */
+ ub4 dnlen_nzttIdentityDesc; /* Length of alias */
+ text *dn_nzttIdentityDesc; /* Alias */
+ ub4 longlen_nzttIdentityDesc; /* Length of longer description */
+ text *long_nzttIdentityDesc; /* Longer description */
+ ub4 quallen_nzttIdentityDesc; /* Length of trust qualifier */
+ text *trustqual_nzttIdentityDesc; /* Trust qualifier */
+};
+typedef struct nzttIdentityDesc nzttIdentityDesc;
+
+/********************************/
+/* PUBLIC FUNCTION DECLARATIONS */
+/********************************/
+
+/*---------------------- nztwOpenWallet ----------------------*/
+
+/*
+ * NAME
+ * nztwOpenWallet - Open a wallet based on a wallet Resource Locator (WRL).
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wrllen {IN} Length of WRL.
+ * wrl {IN} WRL.
+ * pwdlen {IN} Length of password.
+ * pwd {IN} Password.
+ * wallet {IN/OUT} Initialized wallet structure.
+ *
+ * NOTES
+ * The syntax for a WRL is <Wallet Type>:<Wallet Type Parameters>.
+ *
+ * Wallet Type Wallet Type Parameters.
+ * ----------- ----------------------
+ * File Pathname (e.g. "file:/home/asriniva")
+ * Oracle Connect string (e.g. "oracle:scott/tiger@oss")
+ *
+ * There are also defaults. If the WRL is NZT_DEFAULT_WRL, then
+ * the platform specific WRL default is used. If only the wallet
+ * type is specified, then the WRL type specific default is used
+ * (e.g. "oracle:")
+ *
+ * There is an implication with Oracle that should be stated: An
+ * Oracle based wallet can be implemented in a user's private space
+ * or in world readable space.
+ *
+ * When the wallet is opened, the password is verified by hashing
+ * it and comparing against the password hash stored with the
+ * wallet. The list of personas (and their associated identities)
+ * is built and stored into the wallet structure.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_RIO_OPEN RIO could not open wallet (see network trace file).
+ * NZERROR_TK_PASSWORD Password verification failed.
+ * NZERROR_TK_WRLTYPE WRL type is not known.
+ * NZERROR_TK_WRLPARM WRL parm does not match type.
+ */
+nzerror nztwOpenWallet( nzctx *, ub4, text *, ub4, text *,
+ nzttWallet * );
+
+
+/*---------------------- nztwCloseWallet ----------------------*/
+
+/*
+ * NAME
+ * nztwCloseWallet - Close a wallet
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wallet {IN/OUT} Wallet.
+ *
+ * NOTES
+ * Closing a wallet also closes all personas associated with that
+ * wallet. It does not cause a persona to automatically be saved
+ * if it has changed. The implication is that a persona can be
+ * modified by an application but if it is not explicitly saved it
+ * reverts back to what was in the wallet.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_RIO_CLOSE RIO could not close wallet (see network trace file).
+ */
+nzerror nztwCloseWallet( nzctx *, nzttWallet * );
+
+/*--------------------nztwGetCertInfo----------------------------*/
+/****NOTE: This function is a temporary hack.****/
+/****DO NOT CALL. It will soon disappear.****/
+nzerror nztwGetCertInfo( nzctx *nz_context,
+ nzosContext *nzosCtx,
+ nzttWallet *walletRef,
+ void *peerCert );
+
+
+/*------------------------ nztwConstructWallet -----------------------*/
+/*
+ *
+ * nzerror nztwConstructWallet( nzctx *oss_context,
+ * nzttPolicy openPolicy,
+ * nzttPolicy securePolicy,
+ * ub1 *ldapName,
+ * ub4 ldapNamelen,
+ * nzstrc *wrl,
+ * nzttPersona *personas,
+ * nzttWallet **wallet );
+ */
+
+/*---------------------- nztwRetrievePersonaCopy ----------------------*/
+
+/*
+ * NAME
+ * nztwRetrievePersonaCopy - Retrieves a persona based from wallet
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wallet {IN} Wallet.
+ * index {IN} Which wallet index to remove (first persona is zero).
+ * persona {OUT} Persona found.
+ *
+ * NOTES
+ * Retrieves a persona from the wallet based on the index number passed
+ * in. This persona is a COPY of the one stored in the wallet, therefore
+ * it is perfectly fine for the wallet to be closed after this call is
+ * made.
+ *
+ * The caller is responsible for disposing of the persona when completed.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztwRetrievePersonaCopy( nzctx *, nzttWallet *, ub4,
+ nzttPersona ** );
+
+
+/*---------------------- nztwRetrievePersonaCopyByName ----------------------*/
+
+/*
+ * NAME
+ * nztwRetrievePersonaCopyByName - Retrieves a persona based on its name.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wallet {IN} Wallet.
+ * name {IN} Name of the persona
+ * persona {OUT} Persona found.
+ *
+ * NOTES
+ * Retrieves a persona from the wallet based on the name of the persona.
+ * This persona is a COPY of the one stored in the wallet, therefore
+ * it is perfectly fine for the wallet to be closed after this call is
+ * made.
+ *
+ * The caller is responsible for disposing of the persona when completed.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztwRetrievePersonaCopyByName( nzctx *, nzttWallet *, char *,
+ nzttPersona ** );
+
+/*---------------------- nzteOpenPersona ----------------------*/
+
+/*
+ * NAME
+ * nzteOpenPersona - Open a persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_PASSWORD Password failed to decrypt persona.
+ * NZERROR_TK_BADPRL Persona resource locator did not work.
+ * NZERROR_RIO_OPEN Could not open persona (see network trace file).
+ */
+nzerror nzteOpenPersona( nzctx *, nzttPersona * );
+
+/*--------------------- nzteClosePersona ---------------------*/
+
+/*
+ * NAME
+ * nzteClosePersona - Close a persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ *
+ * NOTES
+ * Closing a persona does not store the persona, it simply releases
+ * the memory associated with the crypto engine.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nzteClosePersona( nzctx *, nzttPersona * );
+
+/*--------------------- nzteDestroyPersona ---------------------*/
+
+/*
+ * NAME
+ * nzteDestroyPersona - Destroy a persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ *
+ * NOTES
+ * The persona is destroyd in the open state, but it will
+ * not be associated with a wallet.
+ *
+ * The persona parameter is doubly indirect so that at the
+ * conclusion of the function, the pointer can be set to NULL.
+ *
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_TYPE Unsupported itype/ctype combination.
+ * NZERROR_TK_PARMS Error in persona description.
+ */
+nzerror nzteDestroyPersona( nzctx *, nzttPersona ** );
+
+/*---------------------- nzteRetrieveTrustedIdentCopy ----------------------*/
+
+/*
+ * NAME
+ * nzteRetrieveTrustedIdentCopy - Retrieves a trusted identity from persona
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * index {IN} Which wallet index to remove (first element is zero).
+ * identity {OUT} Trusted Identity from this persona.
+ *
+ * NOTES
+ * Retrieves a trusted identity from the persona based on the index
+ * number passed in. This identity is a COPY of the one stored in
+ * the persona, therefore it is perfectly fine to close the persona
+ * after this call is made.
+ *
+ * The caller is responsible for freeing the memory of this object
+ * by calling nztiAbortIdentity it is no longer needed
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nzteRetrieveTrustedIdentCopy( nzctx *, nzttPersona *, ub4,
+ nzttIdentity ** );
+
+/*--------------------- nztePriKey ---------------------*/
+
+/*
+ * NAME
+ * nztePriKey - Get the decrypted Private Key for the Persona
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * vkey {OUT} Private Key [B_KEY_OBJ]
+ * vkey_len {OUT} Private Key Length
+ *
+ * NOTES
+ * This funiction will only work for X.509 based persona which contain
+ * a private key.
+ * A copy of the private key is returned to the caller so that they do not
+ * have to worry about the key changeing "underneath them".
+ * Memory will be allocated for the vkey and therefore, the CALLER
+ * will be responsible for freeing this memory.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_NO_MEMORY ossctx is null.
+ * NZERROR_TK_BADPRL Persona resource locator did not work.
+ */
+nzerror nztePriKey( nzctx *, nzttPersona *, ub1 **, ub4 * );
+
+/*--------------------- nzteMyCert ---------------------*/
+
+/*
+ * NAME
+ * nzteMyCert - Get the X.509 Certificate for a persona
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * cert {OUT} X.509 Certificate [BER encoded]
+ * cert_len {OUT} Certificate length
+ *
+ * NOTES
+ * This funiction will only work for X.509 based persona which contain
+ * a certificate for the self identity.
+ * A copy of the certificate is returned to the caller so that they do not
+ * have to worry about the certificate changeing "underneath them".
+ * Memory will be allocated for the cert and therefore, the CALLER
+ * will be responsible for freeing this memory.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_NO_MEMORY ossctx is null.
+ */
+nzerror nzteMyCert( nzctx *, nzttPersona *, ub1 **, ub4 * );
+
+/*--------------------- nzteX509CreatePersona ---------------------*/
+
+/*
+ * NAME
+ * nzteX509CreatePersona - Given a BER X.509 cert, create a persona
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * cert {IN} X.509 Certificate [BER encoded]
+ * cert_len {IN} Certificate length
+ * persona {OUT} Persona.
+ *
+ * NOTES
+ * Memory will be allocated for the persona and therefore, the CALLER
+ * will be responsible for freeing this memory.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_NO_MEMORY ossctx is null.
+ */
+nzerror nzteX509CreatePersona( nzctx *, ub1 *, ub4, nzttPersona ** );
+
+/*-------------------- nztiCreateIdentity --------------------*/
+
+/*
+ * NAME
+ * nztiCreateIdentity - Create an identity.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * itype {IN} Identity type.
+ * desc {IN} Description of identity.
+ * identity {IN/OUT} Identity.
+ *
+ * NOTES
+ * Memory is only allocated for the identity structure. The elements in
+ * the description struct are not copied. Rather their pointers are copied
+ * into the identity structure. Therefore, the caller should not free
+ * the elements referenced by the desc. These elements will be freed
+ * when the nztiDestroyIdentity is called.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_PARMS Error in description.
+ */
+nzerror nztiCreateIdentity( nzctx *, nzttVersion, nzttIdentityDesc *,
+ nzttIdentity ** );
+
+#ifdef NZ_OLD_TOOLS
+/*-------------------- nztiDuplicateIdentity --------------------*/
+
+/*
+ * NAME
+ * nztiDuplicateIdentity - Duplicate an identity.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * identity {IN} Target Identity.
+ * new_identity {IN} New Identity.
+ *
+ * NOTES
+ * Memory for the identity is allocated inside the function, and all
+ * internal identity elements as well.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTFOUND Identity not found.
+ * NZERROR_PARMS Error in description.
+ */
+nzerror nztiDuplicateIdentity( nzctx *, nzttIdentity *,
+ nzttIdentity ** );
+#endif /* NZ_OLD_TOOLS */
+
+/*--------------------- nztiAbortIdentity ---------------------*/
+
+/*
+ * NAME
+ * nztiAbortIdentity - Abort an unassociated identity.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * identity {IN/OUT} Identity.
+ *
+ * NOTES
+ * It is an error to try to abort an identity that can be
+ * referenced through a persona.
+ *
+ * The identity pointer is set to NULL at the conclusion.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_CANTABORT Identity is associated with persona.
+ */
+nzerror nztiAbortIdentity( nzctx *, nzttIdentity ** );
+
+#ifdef NZ_OLD_TOOLS
+/*----------------- nztidGetIdentityDesc -----------------*/
+
+/*
+ * NAME
+ * nztidGetIdentityDesc - Gets an Identity Description from the identity
+ *
+ * PARAMETERS
+ * osscntxt {IN} Success.
+ * identity {IN} Identity.
+ * description {IN/OUT} Identity Description.
+ *
+ * NOTES
+ * Memory is allocated for the Identity Description. It
+ * is the callers responsibility to free this memory by calling
+ * nztiFreeIdentityDesc.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztidGetIdentityDesc( nzctx *, nzttIdentity *,
+ nzttIdentityDesc ** );
+
+/*----------------- nztidFreeIdentityDesc -----------------*/
+
+/*
+ * NAME
+ * nztidFreeIdentityDesc - Frees memory for Identity Desc object.
+ *
+ * PARAMETERS
+ * osscntxt {IN} oss context.
+ * description {IN/OUT} Identity Description.
+ *
+ * NOTES
+ * Memory is freed for all Identity description elements. Pointer is
+ * then set to null.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztidFreeIdentityDesc( nzctx *, nzttIdentityDesc ** );
+#endif /* NZ_OLD_TOOLS */
+
+/*---------------- nztific_FreeIdentityContent ----------------*/
+
+/*
+ * NAME
+ * nztific_FreeIdentityContent - free the contents of an identity.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * identity {IN/OUT} freed identity
+ *
+ * NOTES
+ * Free a created identity.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+/*
+ * Free the identity content.
+ */
+nzerror nztific_FreeIdentityContent( nzctx *ossctx,
+ nzttIdentity *identity );
+
+
+/*-------------------------- nztSign --------------------------*/
+
+/*
+ * NAME
+ * nztSign - Create an attached signature.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Open persona acting as signer.
+ * state {IN} State of signature.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow output buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztSign( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*------------------------- nztVerify -------------------------*/
+
+/*
+ * NAME
+ * nztVerify - Verify an attached signature.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of verification.
+ * intdulen {IN} TDU length.
+ * intdu {IN} TDU.
+ * out {IN/OUT} Extracted message.
+ * verified {OUT} TRUE if signature verified.
+ * validated{OUT} TRUE if signing identity validated.
+ * identity {OUT} Identity of signing party.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow outptu buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztVerify( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock *, boolean *, boolean *,
+ nzttIdentity ** );
+
+/*------------------------ nztValidate ------------------------*/
+
+/*
+ * NAME
+ * nztValidate - Validate an identity.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * identity {IN} Identity.
+ * validated{OUT} TRUE if identity was validated.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztValidate( nzctx *, nzttPersona *, nzttIdentity *, boolean * );
+
+/*-------------------- nztsd_SignDetached --------------------*/
+
+/*
+ * NAME
+ * nztsd_SignDetached - Generate a detached signature.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of signature.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow output buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztsd_SignDetached( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*------------------- nztved_VerifyDetached -------------------*/
+
+/*
+ * NAME
+ * nztved_VerifyDetached - Verify a detached signature.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of verification.
+ * inlen {IN} Length of data.
+ * in {IN} Data.
+ * intdulen {IN} Input TDU length.
+ * tdu {IN} Input TDU.
+ * verified {OUT} TRUE if signature verified.
+ * validated{OUT} TRUE if signing identity validated.
+ * identity {OUT} Identity of signing party.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztved_VerifyDetached( nzctx *, nzttPersona *, nzttces, ub4,
+ ub1 *, ub4, ub1 *, boolean *, boolean *,
+ nzttIdentity ** );
+
+/*--------------------- nztkec_PKEncrypt ---------------------*/
+
+/*
+ * NAME
+ * nztkec_PKEncrypt - Encrypt data symmetrically, encrypt key asymmetrically
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * nrecipients {IN} Number of recipients for this encryption.
+ * recipients {IN} List of recipients.
+ * state {IN} State of encryption.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ * There is a limitation of 1 recipient (nrecipients = 1) at this
+ * time.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow output buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztkec_PKEncrypt( nzctx *, nzttPersona *, ub4, nzttIdentity *,
+ nzttces, ub4, ub1 *, nzttBufferBlock * );
+
+/*---------------- nztxkec_PKEncryptExpansion ----------------*/
+
+/*
+ * NAME
+ * nztxkec_PKEncryptExpansion - Determine the buffer needed for PKEncrypt
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * nrecipients {IN} Number of recipients.
+ * inlen {IN} Length of input.
+ * tdulen {out} Length of buffer need.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxkec_PKEncryptExpansion( nzctx *, nzttPersona *, ub4, ub4,
+ ub4 * );
+
+/*--------------------- nztkdc_PKDecrypt ---------------------*/
+
+/*
+ * NAME
+ * nztkdc_PKDecrypt - Decrypt a PKEncrypted message.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of encryption.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow output buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztkdc_PKDecrypt( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*-------------------------- nztHash --------------------------*/
+
+/*
+ * NAME
+ * nztHash - Generate a hash.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of hash.
+ * inlen {IN} Length of this input.
+ * in {IN} This input.
+ * tdu {IN/OUT} Output tdu.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztHash( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*----------------------- nztSeedRandom -----------------------*/
+
+/*
+ * NAME
+ * nztSeedRandom - Seed the random function
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * seedlen {IN} Length of seed.
+ * seed {IN} Seed.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztSeedRandom( nzctx *, nzttPersona *, ub4, ub1 * );
+
+/*--------------------- nztrb_RandomBytes ---------------------*/
+
+/*
+ * NAME
+ * nztrb_RandomBytes - Generate a buffer random bytes.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * nbytes {IN} Number of bytes desired.
+ * out {IN/OUT} Buffer block for bytes.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztrb_RandomBytes( nzctx *, nzttPersona *, ub4,
+ nzttBufferBlock * );
+
+/*-------------------- nztrn_RandomNumber --------------------*/
+
+/*
+ * NAME
+ * nztrn_RandomNumber - Generate a random number
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * num {OUT} Number.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztrn_RandomNumber( nzctx *, nzttPersona *, uword * );
+
+/*---------------------- nztbbInitBlock ----------------------*/
+
+/*
+ * NAME
+ * nztbbInitBlock - Initialize a buffer block.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * block {IN/OUT} Buffer block.
+ *
+ * NOTES
+ * The buffer block is initialized to be empty (all members are set
+ * to 0/NULL). Such a block will be allocated memory as needed.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbInitBlock( nzctx *, nzttBufferBlock * );
+
+/*---------------------- nztbbReuseBlock ----------------------*/
+
+/*
+ * NAME
+ * nztbbReuseBlock - Reuse an already initialized and possibly used block.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * block {IN/OUT} Buffer block.
+ *
+ * NOTES
+ * This function simply sets the used length member of the buffer
+ * block to 0. If the block already has memory allocated to it,
+ * this will cause it to be reused.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbReuseBlock( nzctx *, nzttBufferBlock * );
+
+/*---------------------- nztbbSizeBlock ----------------------*/
+
+/*
+ * NAME
+ * nztbbSizeBlock - Size an initialized block to a particular size.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * len {IN} Minimum number of unused bytes desired.
+ * block {IN/OUT} Buffer block.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbSizeBlock( nzctx *, ub4, nzttBufferBlock * );
+
+/*----------------------- nztbbGrowBlock -----------------------*/
+
+/*
+ * NAME
+ * nzbbGrowBlock - Increase the size of the buffer block.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * inc {IN} Number of bytes to increase.
+ * block {IN/OUT} Buffer block.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbGrowBlock( nzctx *, ub4, nzttBufferBlock * );
+
+/*---------------------- nztbbPurgeBlock ----------------------*/
+
+/*
+ * NAME
+ * nztbbPurgeBlock - Purge a buffer block of its memory.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * block {IN/OUT} Buffer block.
+ *
+ * NOTES
+ * The memory used by the buffer block as the buffer is released.
+ * The buffer block itself is not affected.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbPurgeBlock( nzctx *, nzttBufferBlock * );
+
+/*----------------------- nztbbSetBlock -----------------------*/
+
+/*
+ * NAME
+ * nztbbSetBlock - Set a buffer block to a known state.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * flags {IN} Flags to set.
+ * buflen {IN} Length of buffer.
+ * usedlen {IN} Used length.
+ * buffer {IN} Buffer.
+ * block {IN/OUT} Buffer block
+ *
+ * NOTES
+ * If buflen > 0, objlen == 0, and obj == NULL, then buflen bytes
+ * of memory is allocated and a pointer is stored in the buffer
+ * block.
+ *
+ * The buffer parameter remains unchanged.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztbbSetBlock( nzctx *, uword, ub4, ub4, ub1 *,
+ nzttBufferBlock * );
+
+
+/*--------------------- nztiGetSecInfo ---------------------*/
+
+/*
+ * NAME
+ * nztiGetSecInfo - Get some security information for SSL
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * persona {IN} persona
+ * dname {OUT} distinguished name of the certificate
+ * dnamelen {OUT} length of the distinguished name
+ * issuername {OUT} issuer name of the certificate
+ * certhash {OUT} SHA1 hash of the certificate
+ * certhashlen{OUT} length of the hash
+ * NOTES
+ * This function allocate memories for issuername, certhash, and dname.
+ * To deallocate memory for those params, you should call nztdbuf_DestroyBuf.
+ * RETURNS
+ *
+ */
+nzerror nztiGetSecInfo( nzctx *, nzttPersona *, text **, ub4 *,
+ text **, ub4 *, ub1 **, ub4 * );
+
+
+/*---------------------- nztiGetDName ----------------------*/
+
+/*
+ * NAME
+ * nztiGetDName - Get the distinguished name for the given identity
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * identity {IN} identity need to get dname from
+ * dn {OUT} distinguished name
+ * dnlen {OUT} length of the dname
+ *
+ * NOTES
+ *
+ * RETURNS
+ *
+ */
+
+nzerror nztiGetDName( nzctx *, nzttIdentity *,
+ text **, ub4 * );
+
+/*------------------- nztiGetIssuerName -------------------*/
+
+/*
+ * NAME
+ * nztiGetIssuerName - Get IssuerName for the given identity
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * identity {IN} identity need to get issuername from
+ * issuername {OUT} issuer's name
+ * issuernamelen {OUT} length of the issuer's name
+ *
+ * NOTES
+ *
+ * RETURNS
+ *
+ */
+nzerror nztiGetIssuerName( nzctx *, nzttIdentity *,
+ text **, ub4 * );
+
+
+/*-------------------- nztgch_GetCertHash --------------------*/
+
+/*
+ * NAME
+ * nztgch_GetCertHash - Get SHA1 hash for the certificate of the identity
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * identity {IN} identity need to get issuername from
+ * certHash {OUT} certHash buffer
+ * hashLen {OUT} length of the certHash
+ *
+ * NOTES
+ * Need to call nztdbuf_DestroyBuf to deallocate memory for certHash.
+ * RETURNS
+ *
+ */
+nzerror nztgch_GetCertHash( nzctx *, nzttIdentity *,
+ ub1 **, ub4 * );
+
+/*-------------------- nztdbuf_DestroyBuf --------------------*/
+
+/*
+ * NAME
+ * nztdbuf_DestroyBuf - Deallocation funtions for ub1 and text buffer
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * buf {IN} Allocated buffer to be destroyed.
+ *
+ * NOTES
+ *
+ * RETURNS
+ *
+ */
+nzerror nztdbuf_DestroyBuf( nzctx *, void ** );
+
+
+/*----------------------- nztGetCertChain -----------------------*/
+
+/*
+ * NAME
+ * nztGetCertChain -
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ *
+ * NOTES
+ *
+ * RETURNS
+ *
+ */
+nzerror nztGetCertChain( nzctx *, nzttWallet * );
+
+/*----------------------- nztCompareDN -----------------------*/
+
+/*
+ * NAME
+ * nztCompareDN -
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * dn1 {IN} distinguished name 1
+ * dn2 {IN} distinguished name 2
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztCompareDN( nzctx *, ub1 *,ub4 , ub1 *, ub4, boolean * );
+
+
+#ifdef NZ_OLD_TOOLS
+/*--------------------- nztIdentityAlloc ---------------------*/
+
+/*
+ * NAME
+ * nztIdentityAlloc - Allocate memory for nzttIdentity context
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * identity {OUT} nzttIdentity context
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztIdentityAlloc( nzctx *, nzttIdentity ** );
+
+/*--------------------- nztIPrivateAlloc ---------------------*/
+
+/*
+ * NAME
+ * nztIPrivateAlloc - Allocate memory for nzttIdentityPrivate
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ *
+ * osscntxt {IN} OSS context.
+ * ipriv {OUT} identityPrivate structure
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+
+nzerror nztIPrivateAlloc( nzctx *, nzttIdentityPrivate **);
+
+
+/*---------------------- nztIDupContent ----------------------*/
+
+/*
+ * NAME
+ * nztIDupContent -
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * targetIdentity{OUT} target identity
+ * sourceIdentity {IN} source identity
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+
+nzerror nztIDupContent( nzctx *, nzttIdentity *, nzttIdentity * );
+/*---------------------- nztIPDuplicate ----------------------*/
+
+/*
+ * NAME
+ * nztIPDuplicate -
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * target_ipriv {OUT} target identityPrivate
+ * source_ipriv {IN} source identityPrivate
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztIPDuplicate( nzctx *, nzttIdentityPrivate **,
+ nzttIdentityPrivate * );
+
+/*--------------------- nztiDupIdentList ---------------------*/
+
+/*
+ * NAME
+ * nztiDupIdentList -
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * source_identities {IN} source identity list
+ * numIdent {OUT} number of identity in the list
+ * ppidentity {OUT} Target of identity
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztiDupIdentList( nzctx *, nzttIdentity *, ub4 *,
+ nzttIdentity ** );
+
+/*--------------------- nztFreeIdentList ---------------------*/
+
+/*
+ * NAME
+ * nztFreeIdentList - Free memory for a list of Identities
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * identity {IN} identity context
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztFreeIdentList( nzctx *, nzttIdentity ** );
+#endif /* NZ_OLD_TOOLS */
+
+/*--------------------- nztCheckVaLidity ---------------------*/
+
+/*
+ * NAME
+ * nztCheckVaLidity - Check the validity of certificate
+ *
+ * PARAMETERS
+ * Name {IN/OUT} Description
+ * osscntxt {IN} OSS context.
+ * start_time Start time of the certificate
+ * end_time End time of the certificate
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK succeeded
+ * others failed
+ *
+ */
+nzerror nztCheckValidity( nzctx *, ub4 , ub4 );
+
+/*--------------------- nztwCreateWallet ---------------------*/
+
+/*
+ * NAME
+ * nztwCreateWallet - Create a new wallet.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wrllen {IN} Length of wallet resource locator.
+ * wrl {IN} WRL.
+ * pwdlen {IN} Length of password (see notes below).
+ * pwd {IN} Password.
+ * wallet {IN/OUT} Wallet.
+ *
+ * NOTES
+ * It is an error to try to create a wallet that already exists.
+ * The previously existing wallet must be destroyed first.
+ *
+ * The wallet itself is not encrypted. Rather, all the personas in
+ * the wallet are encrypted under the same password. A hash of the
+ * password is stored in the wallet.
+ *
+ * Upon success, an empty open wallet is stored in the wallet
+ * parameter.
+ *
+ * RETURNS
+ * NZERROR_OK Sucess.
+ * NZERROR_TK_WALLET_EXISTS Wallet already exists.
+ * NZERROR_RIO_OPEN RIO could not create wallet (see trace file).
+ */
+nzerror nztwCreateWallet( nzctx *, ub4, text *, ub4, text *,
+ nzttWallet * );
+
+
+/*--------------------- nztwDestroyWallet ---------------------*/
+
+/*
+ * NAME
+ * nztwDestroyWallet - Destroy an existing wallet.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * wrllen {IN} Length of wallet resource locator.
+ * wrl {IN} WRL.
+ * pwdlen {IN} Length of password.
+ * pwd {IN} Password.
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_PASSWORD Password verification failed.
+ * NZERROR_RIO_OPEN RIO could not open wallet (see trace file).
+ * NZERROR_RIO_DELETE Delete failed (see trace file).
+ */
+nzerror nztwDestroyWallet( nzctx *, ub4, text *, ub4, text * );
+
+/*--------------------- nzteStorePersona ---------------------*/
+
+/*
+ * NAME
+ * nzteStorePersona - Store an open persona in a wallet.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ * wallet {IN/OUT} Wallet.
+ *
+ * NOTES
+ * If the open persona is not associated with any wallet (it was
+ * created via the nzteClosePersona function), then storing the
+ * persona creates that association. The wallet will also have an
+ * updated persona list that reflects this association.
+ *
+ * If the open persona was associated with wallet 'A' (it was
+ * opened via the nztwOpenWallet function), and is stored back into
+ * wallet 'A', then then the old persona is overwritten by the new
+ * persona if the password can be verified. Recall that all
+ * personas have a unique identity id. If that id changes then
+ * storing the persona will put a new persona in the wallet.
+ *
+ * If the open persona was associated with wallet 'A' and is stored
+ * into wallet 'B', and if wallet 'B' does not contain a persona
+ * with that unique identity id, then the persona will be copied
+ * into wallet 'B', wallet 'B''s persona list will be updated, and
+ * the persona structure will be updated to be associated with
+ * wallet 'B'. If wallet 'B' already contained the persona, it
+ * would be overwritten by the new persona.
+ *
+ * The persona parameter is doubly indirect so that at the
+ * conclusion of the function call, the pointer can be directed to
+ * the persona in the wallet.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_PASSWORD Password verification failed.
+ * NZERROR_RIO_STORE Store failed (see network trace file).
+ */
+nzerror nzteStorePersona( nzctx *, nzttPersona **, nzttWallet * );
+
+/*--------------------- nzteRemovePersona ---------------------*/
+
+/*
+ * NAME
+ * nzteRemovePersona - Remove a persona from the wallet.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ *
+ * NOTES
+ * The password is verified before trying to remove the persona.
+ *
+ * If the persona is open, it is closed. The persona is removed
+ * from the wallet list and the persona pointer is set to NULL.
+ *
+ * A double indirect pointer to the persona is required so that the
+ * persona pointer can be set to NULL upon completion.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_PASSWORD Password verification failed.
+ * NZERROR_RIO_DELETE Delete failed.
+ */
+nzerror nzteRemovePersona( nzctx *, nzttPersona ** );
+
+/*--------------------- nzteCreatePersona ---------------------*/
+
+/*
+ * NAME
+ * nzteCreatePersona - Create a persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * itype {IN} Identity type.
+ * ctype {IN} Cipher type.
+ * desc {IN} Persona description.
+ * persona {OUT} Persona.
+ *
+ * NOTES
+ * The resulting persona is created in the open state, but it will
+ * not be associated with a wallet.
+ *
+ * The memory for the persona is allocated by the function.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_TYPE Unsupported itype/ctype combination.
+ * NZERROR_TK_PARMS Error in persona description.
+ */
+nzerror nzteCreatePersona( nzctx *, nzttVersion, nzttCipherType,
+ nzttPersonaDesc *, nzttPersona ** );
+
+
+/*----------------- nztiStoreTrustedIdentity -----------------*/
+
+/*
+ * NAME
+ * nztiStoreTrustedIdentity - Store an identity into a persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} Success.
+ * identity {IN/OUT} Trusted Identity.
+ * persona {IN/OUT} Persona.
+ *
+ * NOTES
+ * The identity is not saved with the persona in the wallet until
+ * the persona is stored.
+ *
+ * The identity parameter is double indirect so that it can point
+ * into the persona at the conclusion of the call.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztiStoreTrustedIdentity( nzctx *, nzttIdentity **,
+ nzttPersona * );
+
+/*--------------------- nzteSetProtection ---------------------*/
+
+/*
+ * NAME
+ * nzteSetProtection - Set the protection type for a CE function.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN/OUT} Persona.
+ * func {IN} CE function.
+ * tdufmt {IN} TDU Format.
+ * protinfo {IN} Protection information specific to this format.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_PROTECTION Unsupported protection.
+ * NZERROR_TK_PARMS Error in protection info.
+ */
+nzerror nzteSetProtection( nzctx *, nzttPersona *, nzttcef, nztttdufmt,
+ nzttProtInfo * );
+
+/*--------------------- nzteGetProtection ---------------------*/
+
+/*
+ * NAME
+ * nzteGetProtection - Get the protection type for a CE function.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * func {IN} CE function.
+ * tdufmt {OUT} TDU format.
+ * protinfo {OUT} Protection information.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nzteGetProtection( nzctx *, nzttPersona *, nzttcef, nztttdufmt *,
+ nzttProtInfo * );
+
+/*-------------------- nztiRemoveIdentity --------------------*/
+
+/*
+ * NAME
+ * nztiRemoveIdentity - Remove an identity from an open persona.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * identity {IN/OUT} Identity.
+ *
+ * NOTES
+ * If the persona is not stored, this identity will still be in the
+ * persona stored in the wallet.
+ *
+ * The identity parameter is doubly indirect so that at the
+ * conclusion of the function, the pointer can be set to NULL.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTFOUND Identity not found.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ */
+nzerror nztiRemoveIdentity( nzctx *, nzttIdentity ** );
+
+/*----------------- nztifdn -----------------*/
+
+/*
+ * NAME
+ * nztifdn - create an Identity From a Distinguished Name
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * length {IN} Length of the distinguished name
+ * distinguished_name {IN} distinguished name string
+ * ppidentity {OUT} created identity
+ *
+ * NOTES
+ * Given a distinguished name, return the identity that corresponds to it.
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ */
+nzerror nztifdn( nzctx *ossctx,
+ ub4 length,
+ text *distinguished_name,
+ nzttIdentity **ppidentity );
+
+/*--------------------- nztxSignExpansion ---------------------*/
+
+/*
+ * NAME
+ * nztxSignExpansion - Determine the size of the attached signature buffer.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of input.
+ * tdulen {OUT} Buffer needed for signature.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxSignExpansion( nzctx *, nzttPersona *, ub4, ub4 * );
+
+/*--------------- nztxsd_SignDetachedExpansion ---------------*/
+
+/*
+ * NAME
+ * nztxsd_SignDetachedExpansion - Determine the size of buffer needed.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of input.
+ * tdulen {OUT} Buffer needed for signature.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxsd_SignDetachedExpansion( nzctx *, nzttPersona *, ub4,
+ ub4 * );
+
+/*------------------------ nztEncrypt ------------------------*/
+
+/*
+ * NAME
+ * nztEncrypt - Symmetrically encrypt
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztEncrypt( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*------------------- nztxEncryptExpansion -------------------*/
+
+/*
+ * NAME
+ * nztxEncryptExpansion - Determine the size of the TDU to encrypt.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of this input part.
+ * tdulen {OUT} Length of TDU.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxEncryptExpansion( nzctx *, nzttPersona *, ub4, ub4 * );
+
+/*------------------------ nztDecrypt ------------------------*/
+
+/*
+ * NAME
+ * nztDecrypt - Decrypt an Encrypted message.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of decryption.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * out {IN/OUT} Cleartext message.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztDecrypt( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*------------------------ nztEnvelope ------------------------*/
+
+/*
+ * NAME
+ * nztEnvelope - Sign and PKEncrypt a message.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * nrecipients {IN} Number of recipients for this encryption.
+ * recipients {IN} List of recipients.
+ * state {IN} State of encryption.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * tdubuf {IN/OUT} TDU buffer.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow output buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztEnvelope( nzctx *, nzttPersona *, ub4, nzttIdentity *,
+ nzttces, ub4, ub1 *, nzttBufferBlock * );
+
+/*----------------------- nztDeEnvelope -----------------------*/
+
+/*
+ * NAME
+ * nztDeEnvelope - PKDecrypt and verify a message.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of encryption.
+ * inlen {IN} Length of this input part.
+ * in {IN} This input part.
+ * out {OUT} Message from TDU.
+ * verified {OUT} TRUE if verified.
+ * validated {OUT} TRUE if validated.
+ * sender {OUT} Identity of sender.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztDeEnvelope( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock *, boolean *, boolean *,
+ nzttIdentity ** );
+
+/*----------------------- nztKeyedHash -----------------------*/
+
+/*
+ * NAME
+ * nztKeyedHash - Generate a keyed hash.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * state {IN} State of hash.
+ * inlen {IN} Length of this input.
+ * in {IN} This input.
+ * tdu {IN/OUT} Output tdu.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_CANTGROW Needed to grow TDU buffer but could not.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztKeyedHash( nzctx *, nzttPersona *, nzttces, ub4, ub1 *,
+ nzttBufferBlock * );
+
+/*------------------ nztxKeyedHashExpansion ------------------*/
+
+/*
+ * NAME
+ * nztxKeyedHashExpansion - Determine the space needed for a keyed hash.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of this input.
+ * tdulen {OUT} TDU length.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxKeyedHashExpansion( nzctx *, nzttPersona *, ub4,
+ ub4 * );
+
+/*--------------------- nztxHashExpansion ---------------------*/
+
+/*
+ * NAME
+ * nztxHashExpansion - Determine the size of the TDU for a hash.
+ *
+ * PARAMETERS
+ * osscntxt {IN} OSS context.
+ * persona {IN} Persona.
+ * inlen {IN} Length of this input.
+ * tdulen {OUT} TDU length.
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK Success.
+ * NZERROR_TK_NOTOPEN Persona is not open.
+ * NZERROR_TK_NOTSUPP Function not supported with persona.
+ */
+nzerror nztxHashExpansion( nzctx *, nzttPersona *, ub4, ub4 * );
+
+/*---------------- nztiae_IsAuthEnabled ----------------*/
+
+/*
+ * NAME
+ * nztiae_IsAuthEnabled - Checks to see if Authentication is Enabled
+ * in the current Cipher Spec.
+ *
+ * PARAMETERS
+ * ctx {IN} Oracle SSL Context
+ * ncipher {IN} CipherSuite
+ * authEnabled {OUT} Boolean for is Auth Enabled?
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK on success.
+ * NZERROR_TK_INV_CIPHR_TYPE if Cipher Spec is not Recognized.
+ */
+
+nzerror nztiae_IsAuthEnabled( nzctx *ctx,
+ ub2 ncipher,
+ boolean *authEnabled );
+
+/*---------------- nztiee_IsEncrEnabled ----------------*/
+/*
+ * NAME
+ * nztiee_IsEncrEnabled - Checks to see if Encryption is Enabled
+ * in the current Cipher Spec.
+ *
+ * PARAMETERS
+ * ctx {IN} Oracle SSL Context
+ * ncipher {IN} CipherSuite
+ * EncrEnabled {OUT} Boolean for is Auth Enabled?
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK on success.
+ * NZERROR_TK_INV_CIPHR_TYPE if Cipher Spec is not Recognized.
+ */
+
+nzerror nztiee_IsEncrEnabled( nzctx *ctx,
+ ub2 ncipher,
+ boolean *EncrEnabled );
+
+/*---------------- nztihe_IsHashEnabled ----------------*/
+/*
+ * NAME
+ * nztihe_IsHashEnabled - Checks to see if HAshing is Enabled
+ * in the current Cipher Spec.
+ *
+ * PARAMETERS
+ * ctx {IN} Oracle SSL Context
+ * ncipher {IN} CipherSuite
+ * hashEnabled {OUT} Boolean for is Auth Enabled?
+ *
+ * NOTES
+ *
+ * RETURNS
+ * NZERROR_OK on success.
+ * NZERROR_TK_INV_CIPHR_TYPE if Cipher Spec is not Recognized.
+ */
+
+nzerror nztihe_IsHashEnabled( nzctx *ctx,
+ ub2 ncipher,
+ boolean *hashEnabled );
+
+/*
+ *
+ */
+
+nzerror nztGetIssuerName( nzctx *ctx,
+ nzttIdentity *identity,
+ ub1 **issuername,
+ ub4 *issuernamelen );
+
+nzerror nztGetSubjectName( nzctx *ctx,
+ nzttIdentity *identity,
+ ub1 **subjectname,
+ ub4 *subjectnamelen );
+
+nzerror nztGetBase64Cert( nzctx *ctx,
+ nzttIdentity *identity,
+ ub1 **b64cert,
+ ub4 *b64certlen );
+
+nzerror nztGetSerialNumber( nzctx *ctx,
+ nzttIdentity *identity,
+ ub1 **serialnum,
+ ub4 *serialnumlen );
+
+nzerror nztGetValidDate( nzctx *ctx,
+ nzttIdentity *identity,
+ ub4 *startdate,
+ ub4 *enddate );
+
+nzerror nztGetVersion( nzctx *ctx,
+ nzttIdentity *identity,
+ nzstrc *pVerStr );
+
+nzerror nztGetPublicKey( nzctx *ctx,
+ nzttIdentity *identity,
+ ub1 **pubKey,
+ ub4 *pubKeylen );
+
+nzerror nztGenericDestroy( nzctx *ctx,
+ ub1 **var );
+
+nzerror nztSetAppDefaultLocation( nzctx *ctx,
+ text *,
+ size_t );
+
+nzerror nztSearchNZDefault( nzctx *ctx,
+ boolean *search );
+
+nzerror nztSetLightWeight(nzctx *ctx,
+ boolean flag);
+
+#endif /* NZT_ORACLE */
+