search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / external / bsd / openssh / dist / schnorr.c
blobdbe297a32967f348b7492b883a842f0064d6d1d0
1 /* $NetBSD: schnorr.c,v 1.1.1.2 2009/12/27 01:07:03 christos Exp $ */
2 /* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */
3 /*
4 * Copyright (c) 2008 Damien Miller. All rights reserved.
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /*
20 * Implementation of Schnorr signatures / zero-knowledge proofs, based on
21 * description in:
22 *
23 * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
24 * 16th Workshop on Security Protocols, Cambridge, April 2008
25 *
26 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
27 */
28
29 #include <sys/types.h>
30
31 #include <string.h>
32 #include <stdarg.h>
33 #include <stdio.h>
34
35 #include <openssl/evp.h>
36 #include <openssl/bn.h>
37
38 #include "xmalloc.h"
39 #include "buffer.h"
40 #include "log.h"
41
42 #include "schnorr.h"
43
44 /* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */
45 /* #define SCHNORR_MAIN */ /* Include main() selftest */
46
47 #ifndef SCHNORR_DEBUG
48 # define SCHNORR_DEBUG_BN(a)
49 # define SCHNORR_DEBUG_BUF(a)
50 #else
51 # define SCHNORR_DEBUG_BN(a) debug3_bn a
52 # define SCHNORR_DEBUG_BUF(a) debug3_buf a
53 #endif /* SCHNORR_DEBUG */
54
55 /*
56 * Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
57 * using the hash function defined by "evp_md". Returns signature as
58 * bignum or NULL on error.
59 */
60 static BIGNUM *
61 schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
62 const EVP_MD *evp_md, const BIGNUM *g_v, const BIGNUM *g_x,
63 const u_char *id, u_int idlen)
64 {
65 u_char *digest;
66 u_int digest_len;
67 BIGNUM *h;
68 Buffer b;
69 int success = -1;
70
71 if ((h = BN_new()) == NULL) {
72 error("%s: BN_new", __func__);
73 return NULL;
74 }
75
76 buffer_init(&b);
77
78 /* h = H(g || p || q || g^v || g^x || id) */
79 buffer_put_bignum2(&b, g);
80 buffer_put_bignum2(&b, p);
81 buffer_put_bignum2(&b, q);
82 buffer_put_bignum2(&b, g_v);
83 buffer_put_bignum2(&b, g_x);
84 buffer_put_string(&b, id, idlen);
85
86 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
87 "%s: hashblob", __func__));
88 if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_md,
89 &digest, &digest_len) != 0) {
90 error("%s: hash_buffer", __func__);
91 goto out;
92 }
93 if (BN_bin2bn(digest, (int)digest_len, h) == NULL) {
94 error("%s: BN_bin2bn", __func__);
95 goto out;
96 }
97 success = 0;
98 SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
99 out:
100 buffer_free(&b);
101 bzero(digest, digest_len);
102 xfree(digest);
103 digest_len = 0;
104 if (success == 0)
105 return h;
106 BN_clear_free(h);
107 return NULL;
108 }
109
110 /*
111 * Generate Schnorr signature to prove knowledge of private value 'x' used
112 * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
113 * using the hash function "evp_md".
114 * 'idlen' bytes from 'id' will be included in the signature hash as an anti-
115 * replay salt.
116 *
117 * On success, 0 is returned. The signature values are returned as *e_p
118 * (g^v mod p) and *r_p (v - xh mod q). The caller must free these values.
119 * On failure, -1 is returned.
120 */
121 int
122 schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
123 const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x,
124 const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p)
125 {
126 int success = -1;
127 BIGNUM *h, *tmp, *v, *g_v, *r;
128 BN_CTX *bn_ctx;
129
130 SCHNORR_DEBUG_BN((x, "%s: x = ", __func__));
131 SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
132
133 /* Avoid degenerate cases: g^0 yields a spoofable signature */
134 if (BN_cmp(g_x, BN_value_one()) <= 0) {
135 error("%s: g_x < 1", __func__);
136 return -1;
137 }
138
139 h = g_v = r = tmp = v = NULL;
140 if ((bn_ctx = BN_CTX_new()) == NULL) {
141 error("%s: BN_CTX_new", __func__);
142 goto out;
143 }
144 if ((g_v = BN_new()) == NULL ||
145 (r = BN_new()) == NULL ||
146 (tmp = BN_new()) == NULL) {
147 error("%s: BN_new", __func__);
148 goto out;
149 }
150
151 /*
152 * v must be a random element of Zq, so 1 <= v < q
153 * we also exclude v = 1, since g^1 looks dangerous
154 */
155 if ((v = bn_rand_range_gt_one(grp_p)) == NULL) {
156 error("%s: bn_rand_range2", __func__);
157 goto out;
158 }
159 SCHNORR_DEBUG_BN((v, "%s: v = ", __func__));
160
161 /* g_v = g^v mod p */
162 if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) {
163 error("%s: BN_mod_exp (g^v mod p)", __func__);
164 goto out;
165 }
166 SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
167
168 /* h = H(g || g^v || g^x || id) */
169 if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, g_v, g_x,
170 id, idlen)) == NULL) {
171 error("%s: schnorr_hash failed", __func__);
172 goto out;
173 }
174
175 /* r = v - xh mod q */
176 if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) {
177 error("%s: BN_mod_mul (tmp = xv mod q)", __func__);
178 goto out;
179 }
180 if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) {
181 error("%s: BN_mod_mul (r = v - tmp)", __func__);
182 goto out;
183 }
184 SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__));
185 SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
186
187 *e_p = g_v;
188 *r_p = r;
189
190 success = 0;
191 out:
192 BN_CTX_free(bn_ctx);
193 if (h != NULL)
194 BN_clear_free(h);
195 if (v != NULL)
196 BN_clear_free(v);
197 BN_clear_free(tmp);
198
199 return success;
200 }
201
202 /*
203 * Generate Schnorr signature to prove knowledge of private value 'x' used
204 * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
205 * using a SHA256 hash.
206 * 'idlen' bytes from 'id' will be included in the signature hash as an anti-
207 * replay salt.
208 * On success, 0 is returned and *siglen bytes of signature are returned in
209 * *sig (caller to free). Returns -1 on failure.
210 */
211 int
212 schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
213 const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
214 u_char **sig, u_int *siglen)
215 {
216 Buffer b;
217 BIGNUM *r, *e;
218
219 if (schnorr_sign(grp_p, grp_q, grp_g, EVP_sha256(),
220 x, g_x, id, idlen, &r, &e) != 0)
221 return -1;
222
223 /* Signature is (e, r) */
224 buffer_init(&b);
225 /* XXX sigtype-hash as string? */
226 buffer_put_bignum2(&b, e);
227 buffer_put_bignum2(&b, r);
228 *siglen = buffer_len(&b);
229 *sig = xmalloc(*siglen);
230 memcpy(*sig, buffer_ptr(&b), *siglen);
231 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
232 "%s: sigblob", __func__));
233 buffer_free(&b);
234
235 BN_clear_free(r);
236 BN_clear_free(e);
237
238 return 0;
239 }
240
241 /*
242 * Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against
243 * public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and
244 * 'grp_g' using hash "evp_md".
245 * Signature hash will be salted with 'idlen' bytes from 'id'.
246 * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
247 */
248 int
249 schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
250 const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen,
251 const BIGNUM *r, const BIGNUM *e)
252 {
253 int success = -1;
254 BIGNUM *h, *g_xh, *g_r, *expected;
255 BN_CTX *bn_ctx;
256
257 SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
258
259 /* Avoid degenerate cases: g^0 yields a spoofable signature */
260 if (BN_cmp(g_x, BN_value_one()) <= 0) {
261 error("%s: g_x < 1", __func__);
262 return -1;
263 }
264
265 h = g_xh = g_r = expected = NULL;
266 if ((bn_ctx = BN_CTX_new()) == NULL) {
267 error("%s: BN_CTX_new", __func__);
268 goto out;
269 }
270 if ((g_xh = BN_new()) == NULL ||
271 (g_r = BN_new()) == NULL ||
272 (expected = BN_new()) == NULL) {
273 error("%s: BN_new", __func__);
274 goto out;
275 }
276
277 SCHNORR_DEBUG_BN((e, "%s: e = ", __func__));
278 SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
279
280 /* h = H(g || g^v || g^x || id) */
281 if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x,
282 id, idlen)) == NULL) {
283 error("%s: schnorr_hash failed", __func__);
284 goto out;
285 }
286
287 /* g_xh = (g^x)^h */
288 if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) {
289 error("%s: BN_mod_exp (g_x^h mod p)", __func__);
290 goto out;
291 }
292 SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
293
294 /* g_r = g^r */
295 if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) {
296 error("%s: BN_mod_exp (g_x^h mod p)", __func__);
297 goto out;
298 }
299 SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__));
300
301 /* expected = g^r * g_xh */
302 if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) {
303 error("%s: BN_mod_mul (expected = g_r mod p)", __func__);
304 goto out;
305 }
306 SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__));
307
308 /* Check e == expected */
309 success = BN_cmp(expected, e) == 0;
310 out:
311 BN_CTX_free(bn_ctx);
312 if (h != NULL)
313 BN_clear_free(h);
314 BN_clear_free(g_xh);
315 BN_clear_free(g_r);
316 BN_clear_free(expected);
317 return success;
318 }
319
320 /*
321 * Verify Schnorr signature 'sig' of length 'siglen' against public exponent
322 * g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a
323 * SHA256 hash.
324 * Signature hash will be salted with 'idlen' bytes from 'id'.
325 * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
326 */
327 int
328 schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
329 const BIGNUM *grp_g,
330 const BIGNUM *g_x, const u_char *id, u_int idlen,
331 const u_char *sig, u_int siglen)
332 {
333 Buffer b;
334 int ret = -1;
335 u_int rlen;
336 BIGNUM *r, *e;
337
338 e = r = NULL;
339 if ((e = BN_new()) == NULL ||
340 (r = BN_new()) == NULL) {
341 error("%s: BN_new", __func__);
342 goto out;
343 }
344
345 /* Extract g^v and r from signature blob */
346 buffer_init(&b);
347 buffer_append(&b, sig, siglen);
348 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
349 "%s: sigblob", __func__));
350 buffer_get_bignum2(&b, e);
351 buffer_get_bignum2(&b, r);
352 rlen = buffer_len(&b);
353 buffer_free(&b);
354 if (rlen != 0) {
355 error("%s: remaining bytes in signature %d", __func__, rlen);
356 goto out;
357 }
358
359 ret = schnorr_verify(grp_p, grp_q, grp_g, EVP_sha256(),
360 g_x, id, idlen, r, e);
361 out:
362 BN_clear_free(e);
363 BN_clear_free(r);
364
365 return ret;
366 }
367
368 /* Helper functions */
369
370 /*
371 * Generate uniformly distributed random number in range (1, high).
372 * Return number on success, NULL on failure.
373 */
374 BIGNUM *
375 bn_rand_range_gt_one(const BIGNUM *high)
376 {
377 BIGNUM *r, *tmp;
378 int success = -1;
379
380 if ((tmp = BN_new()) == NULL) {
381 error("%s: BN_new", __func__);
382 return NULL;
383 }
384 if ((r = BN_new()) == NULL) {
385 error("%s: BN_new failed", __func__);
386 goto out;
387 }
388 if (BN_set_word(tmp, 2) != 1) {
389 error("%s: BN_set_word(tmp, 2)", __func__);
390 goto out;
391 }
392 if (BN_sub(tmp, high, tmp) == -1) {
393 error("%s: BN_sub failed (tmp = high - 2)", __func__);
394 goto out;
395 }
396 if (BN_rand_range(r, tmp) == -1) {
397 error("%s: BN_rand_range failed", __func__);
398 goto out;
399 }
400 if (BN_set_word(tmp, 2) != 1) {
401 error("%s: BN_set_word(tmp, 2)", __func__);
402 goto out;
403 }
404 if (BN_add(r, r, tmp) == -1) {
405 error("%s: BN_add failed (r = r + 2)", __func__);
406 goto out;
407 }
408 success = 0;
409 out:
410 BN_clear_free(tmp);
411 if (success == 0)
412 return r;
413 BN_clear_free(r);
414 return NULL;
415 }
416
417 /*
418 * Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
419 * with digest via 'digestp' (caller to free) and length via 'lenp'.
420 * Returns -1 on failure.
421 */
422 int
423 hash_buffer(const u_char *buf, u_int len, const EVP_MD *md,
424 u_char **digestp, u_int *lenp)
425 {
426 u_char digest[EVP_MAX_MD_SIZE];
427 u_int digest_len;
428 EVP_MD_CTX evp_md_ctx;
429 int success = -1;
430
431 EVP_MD_CTX_init(&evp_md_ctx);
432
433 if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) {
434 error("%s: EVP_DigestInit_ex", __func__);
435 goto out;
436 }
437 if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) {
438 error("%s: EVP_DigestUpdate", __func__);
439 goto out;
440 }
441 if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) {
442 error("%s: EVP_DigestFinal_ex", __func__);
443 goto out;
444 }
445 *digestp = xmalloc(digest_len);
446 *lenp = digest_len;
447 memcpy(*digestp, digest, *lenp);
448 success = 0;
449 out:
450 EVP_MD_CTX_cleanup(&evp_md_ctx);
451 bzero(digest, sizeof(digest));
452 digest_len = 0;
453 return success;
454 }
455
456 /* print formatted string followed by bignum */
457 void
458 debug3_bn(const BIGNUM *n, const char *fmt, ...)
459 {
460 char *out, *h;
461 va_list args;
462
463 out = NULL;
464 va_start(args, fmt);
465 vasprintf(&out, fmt, args);
466 va_end(args);
467 if (out == NULL)
468 fatal("%s: vasprintf failed", __func__);
469
470 if (n == NULL)
471 debug3("%s(null)", out);
472 else {
473 h = BN_bn2hex(n);
474 debug3("%s0x%s", out, h);
475 free(h);
476 }
477 free(out);
478 }
479
480 /* print formatted string followed by buffer contents in hex */
481 void
482 debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
483 {
484 char *out, h[65];
485 u_int i, j;
486 va_list args;
487
488 out = NULL;
489 va_start(args, fmt);
490 vasprintf(&out, fmt, args);
491 va_end(args);
492 if (out == NULL)
493 fatal("%s: vasprintf failed", __func__);
494
495 debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
496 free(out);
497 if (buf == NULL)
498 return;
499
500 *h = '\0';
501 for (i = j = 0; i < len; i++) {
502 snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
503 j += 2;
504 if (j >= sizeof(h) - 1 || i == len - 1) {
505 debug3(" %s", h);
506 *h = '\0';
507 j = 0;
508 }
509 }
510 }
511
512 /*
513 * Construct a MODP group from hex strings p (which must be a safe
514 * prime) and g, automatically calculating subgroup q as (p / 2)
515 */
516 struct modp_group *
517 modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p)
518 {
519 struct modp_group *ret;
520
521 ret = xmalloc(sizeof(*ret));
522 ret->p = ret->q = ret->g = NULL;
523 if (BN_hex2bn(&ret->p, grp_p) == 0 ||
524 BN_hex2bn(&ret->g, grp_g) == 0)
525 fatal("%s: BN_hex2bn", __func__);
526 /* Subgroup order is p/2 (p is a safe prime) */
527 if ((ret->q = BN_new()) == NULL)
528 fatal("%s: BN_new", __func__);
529 if (BN_rshift1(ret->q, ret->p) != 1)
530 fatal("%s: BN_rshift1", __func__);
531
532 return ret;
533 }
534
535 void
536 modp_group_free(struct modp_group *grp)
537 {
538 if (grp->g != NULL)
539 BN_clear_free(grp->g);
540 if (grp->p != NULL)
541 BN_clear_free(grp->p);
542 if (grp->q != NULL)
543 BN_clear_free(grp->q);
544 bzero(grp, sizeof(*grp));
545 xfree(grp);
546 }
547
548 /* main() function for self-test */
549
550 #ifdef SCHNORR_MAIN
551 static void
552 schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
553 const BIGNUM *grp_g, const BIGNUM *x)
554 {
555 BIGNUM *g_x;
556 u_char *sig;
557 u_int siglen;
558 BN_CTX *bn_ctx;
559
560 if ((bn_ctx = BN_CTX_new()) == NULL)
561 fatal("%s: BN_CTX_new", __func__);
562 if ((g_x = BN_new()) == NULL)
563 fatal("%s: BN_new", __func__);
564
565 if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1)
566 fatal("%s: g_x", __func__);
567 if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4,
568 &sig, &siglen))
569 fatal("%s: schnorr_sign", __func__);
570 if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
571 sig, siglen) != 1)
572 fatal("%s: verify fail", __func__);
573 if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
574 sig, siglen) != 0)
575 fatal("%s: verify should have failed (bad ID)", __func__);
576 sig[4] ^= 1;
577 if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
578 sig, siglen) != 0)
579 fatal("%s: verify should have failed (bit error)", __func__);
580 xfree(sig);
581 BN_free(g_x);
582 BN_CTX_free(bn_ctx);
583 }
584
585 static void
586 schnorr_selftest(void)
587 {
588 BIGNUM *x;
589 struct modp_group *grp;
590 u_int i;
591 char *hh;
592
593 grp = jpake_default_group();
594 if ((x = BN_new()) == NULL)
595 fatal("%s: BN_new", __func__);
596 SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__));
597 SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__));
598 SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__));
599
600 /* [1, 20) */
601 for (i = 1; i < 20; i++) {
602 printf("x = %u\n", i);
603 fflush(stdout);
604 if (BN_set_word(x, i) != 1)
605 fatal("%s: set x word", __func__);
606 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
607 }
608
609 /* 100 x random [0, p) */
610 for (i = 0; i < 100; i++) {
611 if (BN_rand_range(x, grp->p) != 1)
612 fatal("%s: BN_rand_range", __func__);
613 hh = BN_bn2hex(x);
614 printf("x = (random) 0x%s\n", hh);
615 free(hh);
616 fflush(stdout);
617 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
618 }
619
620 /* [q-20, q) */
621 if (BN_set_word(x, 20) != 1)
622 fatal("%s: BN_set_word (x = 20)", __func__);
623 if (BN_sub(x, grp->q, x) != 1)
624 fatal("%s: BN_sub (q - x)", __func__);
625 for (i = 0; i < 19; i++) {
626 hh = BN_bn2hex(x);
627 printf("x = (q - %d) 0x%s\n", 20 - i, hh);
628 free(hh);
629 fflush(stdout);
630 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
631 if (BN_add(x, x, BN_value_one()) != 1)
632 fatal("%s: BN_add (x + 1)", __func__);
633 }
634 BN_free(x);
635 }
636
637 int
638 main(int argc, char **argv)
639 {
640 log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1);
641
642 schnorr_selftest();
643 return 0;
644 }
645 #endif
646
NetBSD on the FriendlyARM MINI2440