const char *system_get_version(enum system_image_copy_t copy)
{
uintptr_t addr;
const struct version_struct *v;
/* Handle version of current image */
if (copy == system_get_image_copy() || copy == SYSTEM_IMAGE_UNKNOWN)
return &RO(version_data).version[0];
addr = get_base(copy);
if (addr == 0xffffffff)
return "";
/* The version string is always located after the reset vectors, so
* it's the same as in the current image. */
addr += ((uintptr_t)&version_data - get_base(system_get_image_copy()));
/* Make sure the version struct cookies match before returning the
* version string. */
v = (const struct version_struct *)addr;
if (v->cookie1 == RO(version_data).cookie1 &&
v->cookie2 == RO(version_data).cookie2)
return v->version;
return "";
}
// <loop> -> LOOP [ <expr> <RO> <expr> ] <block>
APTNode* LOOP(void)
{
if (strcmp(currentTok.sym, "LOOPtk") == 0)
{
scanner();
if (strcmp(currentTok.sym, "LBRACKtk") == 0)
{
scanner();
APTNode* lExprNode = EXPR();
APTNode* roNode = RO();
APTNode* rExprNode = EXPR();
if (strcmp(currentTok.sym, "RBRACKtk") == 0)
{
scanner();
APTNode* blockNode = BLOCK();
APTNode* loopNode = createNonIdAPTNode("<LOOPtk>");
addChildNode(loopNode, lExprNode);
addChildNode(loopNode, roNode);
addChildNode(loopNode, rExprNode);
addChildNode(loopNode, blockNode);
return loopNode;
} else errMsg("RBRACKtk");
} else errMsg("LBRACKtk");
} else errMsg("LOOPtk");
}
static void MuxDispatch_m(IDCServerStubs_clp self)
{
MuxServer_t *st = self->st;
ShmConnection_t *conn = st->conn;
word_t *id;
/* If it's been smoked, then let dispatch return happily */
if(DCB_EPRW(RO(Pvs(vp)), conn->eps.tx)->state == Channel_State_Dead)
return;
while(conn->call < VP$Poll (Pvs(vp), conn->eps.rx)) {
/* Unmarshall the binding id (first in the buf) */
id = conn->rxbuf.base;
/* Frob the rxbuf so that the servers underneath us are happy.
We will frob them back when we leave. */
conn->rxbuf.base += sizeof(*id);
conn->rxsize -= sizeof(*id);
conn->rxbuf.space = conn->rxsize;
/* We hijack the rx event count as marker so that the
ServerBinding knows it is being called from the
muxed dispatcher (rather than via the while {..}
in the Dispatch method of the stubs. */
conn->evs.rx = NULL_EVENT;
TRC(eprintf("call=%x, rx ep is %x (current val is %x).\n",
conn->call, conn->eps.rx,
VP$Poll(Pvs(vp), conn->eps.rx)));
if(*id >= st->nstubs) {
eprintf("Critical Error: got binding_id as %d (nstubs is %d)!\n",
*id, st->nstubs);
ntsc_dbgstop();
}
TRC(eprintf("=> server stubs are at %p\n", st->stubs[binding_id]));
TRC(eprintf("=> op = %p, st = %p, op->Dispatch = %p\n",
st->stubs[*id]->op,
st->stubs[*id]->st,
st->stubs[*id]->op->Dispatch));
IDCServerStubs$Dispatch(st->stubs[*id]);
TRC(eprintf("done dispatch!\n"));
/* Now we frob the rxbuf back again */
conn->rxbuf.base -= sizeof(*id);
conn->rxsize += sizeof(*id);
conn->rxbuf.space = conn->rxsize;
}
return;
}
static Channel_Endpoint AllocChannel_m(VP_cl *self)
{
dcb_rw_t *rwp = RW(self);
dcb_ro_t *rop = RO(self);
ep_rw_t *eprw;
Channel_EP ept;
if ( !(eprw = rwp->free_eps) ) {
#ifdef __SMP__
DB(eprintf("VP$AllocChannel: no end-points free in domain %qx\n", INFO_PAGE_PCPU(smp_cpuid()).dcb_ro->id));
#else
DB(eprintf("VP$AllocChannel: no end-points free in domain %qx\n", rop->id));
#endif
RAISE_Channel$NoSlots( rop->id );
}
ept = eprw - rop->eprws;
rwp->free_eps = (ep_rw_t *)eprw->ack;
eprw->state = Channel_State_Local;
eprw->ack = 0;
return ept;
}
static void FreeChannel_m(VP_cl *self, Channel_Endpoint ep )
{
dcb_rw_t *rwp = RW(self);
dcb_ro_t *rop = RO(self);
ep_rw_t *eprw;
ep_ro_t *epro;
if ( ep >= rop->num_eps ) {
DB(eprintf("VP$FreeChannel: invalid EP.\n"));
RAISE_Channel$Invalid( ep );
}
epro = DCB_EPRO(rop,ep);
eprw = DCB_EPRW(rop,ep);
if ( epro->peer_dcb != NULL || eprw->state == Channel_State_Free ) {
DB(eprintf("VP$FreeChannel: Bad State.\n"));
RAISE_Channel$BadState( ep, eprw->state );
}
eprw->state = Channel_State_Free;
eprw->ack = (word_t)(rwp->free_eps);
rwp->free_eps = eprw;
}
static bool_t
NextEvent_m (VP_cl *self,
/* RETURNS */
Channel_Endpoint *ep,
Channel_EPType *type,
Event_Val *val,
Channel_State *state)
{
dcb_rw_t *rwp = RW(self);
dcb_ro_t *rop = RO(self);
ep_ro_t *epro;
ep_rw_t *eprw;
TRC (eprintf ("VP$NextEvent(dom=%lx): rop=%x rwp=%x head=%x tail=%x "
"n=%x mask=%x\n",
rop->id, rop, rwp, rwp->ep_head, rwp->ep_tail,
rop->num_eps, rop->ep_mask));
if (EP_FIFO_EMPTY (rwp))
return False;
/* Pull the first end-point out of the FIFO */
*ep = rop->ep_fifo [rwp->ep_tail & rop->ep_mask];
rwp->ep_tail++;
/* Here, "ept" is to be returned. */
epro = rop->epros + *ep;
eprw = rop->eprws + *ep;
*type = epro->type;
*val = epro->val;
*state = eprw->state;
TRC (eprintf ("VP$NextEvent(dom=%lx): rop=%x rwp=%x\n", rop, rwp));
return True;
}
/*
* local optimizations, most of which are probably
* machine independent
*/
NODE *
optim(NODE *p)
{
int o, ty;
NODE *sp, *q;
OFFSZ sz;
int i;
if (odebug) return(p);
ty = coptype(p->n_op);
if( ty == LTYPE ) return(p);
if( ty == BITYPE ) p->n_right = optim(p->n_right);
p->n_left = optim(p->n_left);
/* collect constants */
again: o = p->n_op;
switch(o){
case SCONV:
if (concast(p->n_left, p->n_type)) {
q = p->n_left;
nfree(p);
p = q;
break;
}
/* FALLTHROUGH */
case PCONV:
if (p->n_type != VOID)
p = clocal(p);
break;
case FORTCALL:
p->n_right = fortarg( p->n_right );
break;
case ADDROF:
if (LO(p) == TEMP)
break;
if( LO(p) != NAME ) cerror( "& error" );
if( !andable(p->n_left) && !statinit)
break;
LO(p) = ICON;
setuleft:
/* paint over the type of the left hand side with the type of the top */
p->n_left->n_type = p->n_type;
p->n_left->n_df = p->n_df;
p->n_left->n_ap = p->n_ap;
q = p->n_left;
nfree(p);
p = q;
break;
case NOT:
case UMINUS:
case COMPL:
if (LCON(p) && conval(p->n_left, o, p->n_left))
p = nfree(p);
break;
case UMUL:
/* Do not discard ADDROF TEMP's */
if (LO(p) == ADDROF && LO(p->n_left) != TEMP) {
q = p->n_left->n_left;
nfree(p->n_left);
nfree(p);
p = q;
break;
}
if( LO(p) != ICON ) break;
LO(p) = NAME;
goto setuleft;
case RS:
if (LCON(p) && RCON(p) && conval(p->n_left, o, p->n_right))
goto zapright;
sz = tsize(p->n_type, p->n_df, p->n_ap);
if (LO(p) == RS && RCON(p->n_left) && RCON(p) &&
(RV(p) + RV(p->n_left)) < sz) {
/* two right-shift by constants */
RV(p) += RV(p->n_left);
p->n_left = zapleft(p->n_left);
}
#if 0
else if (LO(p) == LS && RCON(p->n_left) && RCON(p)) {
RV(p) -= RV(p->n_left);
if (RV(p) < 0)
o = p->n_op = LS, RV(p) = -RV(p);
p->n_left = zapleft(p->n_left);
}
#endif
if (RO(p) == ICON) {
if (RV(p) < 0) {
RV(p) = -RV(p);
p->n_op = LS;
goto again;
}
#ifdef notyet /* must check for side effects, --a >> 32; */
if (RV(p) >= tsize(p->n_type, p->n_df, p->n_sue) &&
ISUNSIGNED(p->n_type)) { /* ignore signed shifts */
/* too many shifts */
tfree(p->n_left);
nfree(p->n_right);
p->n_op = ICON; p->n_lval = 0; p->n_sp = NULL;
} else
#endif
/* avoid larger shifts than type size */
if (RV(p) >= sz) {
RV(p) = RV(p) % sz;
werror("shift larger than type");
}
if (RV(p) == 0)
p = zapleft(p);
}
break;
case LS:
if (LCON(p) && RCON(p) && conval(p->n_left, o, p->n_right))
goto zapright;
sz = tsize(p->n_type, p->n_df, p->n_ap);
if (LO(p) == LS && RCON(p->n_left) && RCON(p)) {
/* two left-shift by constants */
RV(p) += RV(p->n_left);
p->n_left = zapleft(p->n_left);
}
#if 0
else if (LO(p) == RS && RCON(p->n_left) && RCON(p)) {
RV(p) -= RV(p->n_left);
p->n_left = zapleft(p->n_left);
}
#endif
if (RO(p) == ICON) {
if (RV(p) < 0) {
RV(p) = -RV(p);
p->n_op = RS;
goto again;
}
#ifdef notyet /* must check for side effects */
if (RV(p) >= tsize(p->n_type, p->n_df, p->n_sue)) {
/* too many shifts */
tfree(p->n_left);
nfree(p->n_right);
p->n_op = ICON; p->n_lval = 0; p->n_sp = NULL;
} else
#endif
/* avoid larger shifts than type size */
if (RV(p) >= sz) {
RV(p) = RV(p) % sz;
werror("shift larger than type");
}
if (RV(p) == 0)
p = zapleft(p);
}
break;
case MINUS:
if (LCON(p) && RCON(p) && p->n_left->n_sp == p->n_right->n_sp) {
/* link-time constants, but both are the same */
/* solve it now by forgetting the symbols */
p->n_left->n_sp = p->n_right->n_sp = NULL;
}
if( !nncon(p->n_right) ) break;
RV(p) = -RV(p);
o = p->n_op = PLUS;
case MUL:
/*
* Check for u=(x-y)+z; where all vars are pointers to
* the same struct. This has two advantages:
* 1: avoid a mul+div
* 2: even if not allowed, people may get surprised if this
* calculation do not give correct result if using
* unaligned structs.
*/
if (p->n_type == INTPTR && RCON(p) &&
LO(p) == DIV && RCON(p->n_left) &&
RV(p) == RV(p->n_left) &&
LO(p->n_left) == MINUS) {
q = p->n_left->n_left;
if (q->n_left->n_type == PTR+STRTY &&
q->n_right->n_type == PTR+STRTY &&
strmemb(q->n_left->n_ap) ==
strmemb(q->n_right->n_ap)) {
p = zapleft(p);
p = zapleft(p);
}
}
/* FALLTHROUGH */
case PLUS:
case AND:
case OR:
case ER:
/* commutative ops; for now, just collect constants */
/* someday, do it right */
if( nncon(p->n_left) || ( LCON(p) && !RCON(p) ) )
SWAP( p->n_left, p->n_right );
/* make ops tower to the left, not the right */
if( RO(p) == o ){
NODE *t1, *t2, *t3;
t1 = p->n_left;
sp = p->n_right;
t2 = sp->n_left;
t3 = sp->n_right;
/* now, put together again */
p->n_left = sp;
sp->n_left = t1;
sp->n_right = t2;
sp->n_type = p->n_type;
p->n_right = t3;
}
if(o == PLUS && LO(p) == MINUS && RCON(p) && RCON(p->n_left) &&
conval(p->n_right, MINUS, p->n_left->n_right)){
zapleft:
q = p->n_left->n_left;
nfree(p->n_left->n_right);
nfree(p->n_left);
p->n_left = q;
}
if( RCON(p) && LO(p)==o && RCON(p->n_left) &&
conval( p->n_right, o, p->n_left->n_right ) ){
goto zapleft;
}
else if( LCON(p) && RCON(p) && conval( p->n_left, o, p->n_right ) ){
zapright:
nfree(p->n_right);
q = makety(p->n_left, p->n_type, p->n_qual,
p->n_df, p->n_ap);
nfree(p);
p = clocal(q);
break;
}
/* change muls to shifts */
if( o == MUL && nncon(p->n_right) && (i=ispow2(RV(p)))>=0){
if( i == 0 ) { /* multiplication by 1 */
goto zapright;
}
o = p->n_op = LS;
p->n_right->n_type = INT;
p->n_right->n_df = NULL;
RV(p) = i;
}
/* change +'s of negative consts back to - */
if( o==PLUS && nncon(p->n_right) && RV(p)<0 ){
RV(p) = -RV(p);
o = p->n_op = MINUS;
}
/* remove ops with RHS 0 */
if ((o == PLUS || o == MINUS || o == OR || o == ER) &&
nncon(p->n_right) && RV(p) == 0) {
goto zapright;
}
break;
case DIV:
if( nncon( p->n_right ) && p->n_right->n_lval == 1 )
goto zapright;
if (LCON(p) && RCON(p) && conval(p->n_left, DIV, p->n_right))
goto zapright;
if (RCON(p) && ISUNSIGNED(p->n_type) && (i=ispow2(RV(p))) > 0) {
p->n_op = RS;
RV(p) = i;
q = p->n_right;
if(tsize(q->n_type, q->n_df, q->n_ap) > SZINT)
p->n_right = makety(q, INT, 0, 0, 0);
break;
}
break;
case MOD:
if (RCON(p) && ISUNSIGNED(p->n_type) && ispow2(RV(p)) > 0) {
p->n_op = AND;
RV(p) = RV(p) -1;
break;
}
break;
case EQ:
case NE:
case LT:
case LE:
case GT:
case GE:
case ULT:
case ULE:
case UGT:
case UGE:
if( !LCON(p) ) break;
/* exchange operands */
sp = p->n_left;
p->n_left = p->n_right;
p->n_right = sp;
p->n_op = revrel[p->n_op - EQ ];
break;
#ifdef notyet
case ASSIGN:
/* Simple test to avoid two branches */
if (RO(p) != NE)
break;
q = p->n_right;
if (RCON(q) && RV(q) == 0 && LO(q) == AND &&
RCON(q->n_left) && (i = ispow2(RV(q->n_left))) &&
q->n_left->n_type == INT) {
q->n_op = RS;
RV(q) = i;
}
break;
#endif
}
return(p);
}
bool proofOfShuffle(proofStruct &pfStr,
const Node &w,
const Node &w_prime,
const Node &mu,
const Node &tau_pos,
const Node &sigma_pos)
{
// Byte trees that will be used in this function
Node u;
IntLeaf A_prime;
IntLeaf C_prime;
IntLeaf D_prime;
Node F_prime;
Node B;
Node B_prime;
IntLeaf kA;
IntLeaf kC;
IntLeaf kD;
Node kF;
Node kB;
Node kE;
// Save p,q,g for convenience
const IntLeaf &p = pfStr.Gq.getIntLeafChild(0);
const IntLeaf &q = pfStr.Gq.getIntLeafChild(1);
const IntLeaf &g = pfStr.Gq.getIntLeafChild(2);
// Step 1
// a) assert that mu is array of Pdersen commitments in pfStr.Gq
u = mu;
// Loop through all children and make sure each one is
// a Pedersen commitment in Gq
for(unsigned int i=0; i < pfStr.N; ++i)
{
try {
if(!isPedersenCommitment(pfStr.Gq, u.getIntLeafChild(i)))
{
// u is not a N-array of Pedersen Commitments
return false;
}
}
catch(...)
{
// u is not a N-array of Pedersen Commitments
return false;
}
}
// b) assert that tau_pos is a Node (B, A', B', C', D', F'), where
// A',C',D' is in G_q, F' is in Cw and B and B' are arrays of N
// elements in Gq
try
{
A_prime = tau_pos.getIntLeafChild(1);
C_prime = tau_pos.getIntLeafChild(3);
D_prime = tau_pos.getIntLeafChild(4);
if(!isElemOfGq(pfStr.Gq, A_prime))
{
return false;
}
if(!isElemOfGq(pfStr.Gq, C_prime))
{
return false;
}
if(!isElemOfGq(pfStr.Gq, D_prime))
{
return false;
}
F_prime = tau_pos.getNodeChild(5);
if(pfStr.width == 1) {
Node u;
Node v;
u.addChild(F_prime.getIntLeafChild(0));
v.addChild(F_prime.getIntLeafChild(1));
Node uv;
uv.addChild(u);
uv.addChild(v);
F_prime = uv;
}
if(!isElemOfCw(pfStr, F_prime))
{
return false;
}
B = tau_pos.getNodeChild(0);
B_prime = tau_pos.getNodeChild(2);
for(unsigned int i=0; i<pfStr.N; ++i)
{
if(!isElemOfGq(pfStr.Gq, B.getIntLeafChild(i)))
{
return false;
}
if(!isElemOfGq(pfStr.Gq, B_prime.getIntLeafChild(i)))
{
return false;
}
}
}
catch(...)
{
// tau_pos could not be interpreted as needed
return false;
}
// c) assert that sigma_pos is a Node (kA, kB, kC, kD, kE, kF),
// where kA, kC, kD, kF is in Z_q, kB is an array of N elements in
// Rw and kE is an array of N elements in G_q
try
{
kA = sigma_pos.getIntLeafChild(0);
kC = sigma_pos.getIntLeafChild(2);
kD = sigma_pos.getIntLeafChild(3);
if(pfStr.width == 1) {
kF.addChild(sigma_pos.getNodeChild(5));
} else {
kF = sigma_pos.getNodeChild(5);
}
kB = sigma_pos.getNodeChild(1);
kE = sigma_pos.getNodeChild(4);
if(!isElemOfZn(q, kA) ||
!isElemOfZn(q, kC) ||
!isElemOfZn(q, kD) ||
!isElemOfRw(pfStr, kF))
{
return false;
}
for(unsigned int i=0; i<pfStr.N; ++i)
{
if(!isElemOfZn(q, kB.getIntLeafChild(i)))
{
return false;
}
if(!isElemOfZn(q, kE.getIntLeafChild(i)))
{
return false;
}
}
}
catch(...)
{
return false;
}
// Get random array h - (TODO: could be moved outside of ProofOfShuffle)
DataLeaf generators = DataLeaf("generators");
bytevector seed_data = pfStr.rho;
bytevector seed_data2 = generators.serialize();
seed_data.insert(seed_data.end(), seed_data2.begin(), seed_data2.end());
RO RO_seed = RO(pfStr.hash, pfStr.nH);
IntLeaf s = RO_seed(seed_data);
Node h = RandomArray(pfStr.Gq, pfStr.N, pfStr.hash, s.toVector(), pfStr.nR);
print_debug("ProofOfShuffle: h", h.serializeString());
// Step 2, compute a seed by creating the node/array Node(g,h,u,pk,w,w')
Node seed_gen;
// TODO: Fix h-vector
// Does not work with correct h-vector either
seed_gen.addChild(g);
seed_gen.addChild(h);
seed_gen.addChild(u);
seed_gen.addChild(pfStr.pk);
seed_gen.addChild(w);
seed_gen.addChild(w_prime);
// Concatenate byte representation of rho with seed_gen
bytevector gen = pfStr.rho;
bytevector gen2 = seed_gen.serialize();
gen.insert(gen.end(), gen2.begin(), gen2.end());
print_debug("ProofOfShuffle: s_hash", gen);
// Create a random oracle to be used to generate a seed, seedlen specified
RO rs = RO(pfStr.hash, pfStr.nE);
// Generate the seed
IntLeaf seed = rs(gen);
print_debug("ProofOfShuffle: s", seed.toVector());
// Step 3 - TODO: Runda upp nE/8
PRG prg = PRG(pfStr.hash, seed.serialize(), (pfStr.nE/8)*8);
Node t;
for(unsigned int i=0; i<pfStr.N; ++i)
{
t.addChild(prg.next());
}
// e_i = t_i mod 2^(nE)
IntLeaf exp(2);
exp.expTo(pfStr.nE);
Node e = t.mod(exp);
// compute A and F
IntLeaf A = u.expMultMod(e, p);
Node F;
{
Node u = w.getNodeChild(0);
Node v = w.getNodeChild(1);
if(pfStr.width == 1) {
F.addChild(u.expMultMod(e, p));
F.addChild(v.expMultMod(e, p));
} else {
Node a, b;
for(unsigned int i = 0; i < pfStr.width; i++) {
a.addChild(u.getNodeChild(i).expMultMod(e, p));
b.addChild(v.getNodeChild(i).expMultMod(e, p));
}
F.addChild(a);
F.addChild(b);
}
}
print_debug("ProofOfShuffle: A", A.serializeString());
print_debug("ProofOfShuffle: F", F.serializeString());
print_debug("ProofOfShuffle: B", B.serializeString());
print_debug("ProofOfShuffle: Ap", A_prime.serializeString());
print_debug("ProofOfShuffle: Bp", B_prime.serializeString());
print_debug("ProofOfShuffle: Cp", C_prime.serializeString());
print_debug("ProofOfShuffle: Dp", D_prime.serializeString());
print_debug("ProofOfShuffle: Fp", F_prime.serializeString());
// Step 4, compute a challenge
// challenge_gen = Node(seed, tau_pos)
Node challenge_gen;
challenge_gen.addChild(seed);
challenge_gen.addChild(tau_pos);
// concatenate rho with the Node above
gen = pfStr.rho;
gen2 = challenge_gen.serialize();
gen.insert(gen.end(), gen2.begin(), gen2.end());
// create a challenge RO
RO RO_challenge = RO(pfStr.hash, pfStr.nV);
// use the seed above to generate v, interpret v as non-negative integer
IntLeaf v = RO_challenge(gen);
// Step 5 - Compute C, D and check that equalities hold as specified
IntLeaf C = u.prodMod(p).multMod(h.prodMod(p).inverse(p), p);
IntLeaf D = B.getIntLeafChild(pfStr.N - 1).multMod(h.getIntLeafChild(0).expMod(e.prodMod(p), p).inverse(p),p);
print_debug("ProofOfShuffle: v", v.toVector());
print_debug("ProofOfShuffle: C", C.serializeString());
print_debug("ProofOfShuffle: D", D.serializeString());
print_debug("ProofOfShuffle: k_A", kA.serializeString());
print_debug("ProofOfShuffle: k_B", kB.serializeString());
print_debug("ProofOfShuffle: k_C", kC.serializeString());
print_debug("ProofOfShuffle: k_D", kD.serializeString());
print_debug("ProofOfShuffle: k_F", kF.serializeString());
// Check A^v * A' == g^kA * prod h_i^kE_i
IntLeaf left = A.expMod(v, p).multMod(A_prime, p);
IntLeaf right = g.expMod(kA, p).multMod(h.expMultMod(kE, p), p);
if(A.expMod(v, p).multMod(A_prime, p) != g.expMod(kA, p).multMod(h.expMultMod(kE, p), p))
{
return false;
}
// Check B_i^v * B'_i == g^kB_i * B_{i-1}^kE_i for i = 1,...,N-1
for(unsigned int i=1; i<pfStr.N; ++i)
{
if(B.getIntLeafChild(i).expMod(v, p).multMod(B_prime.getIntLeafChild(i), p) !=
g.expMod(kB.getIntLeafChild(i),p).multMod(B.getIntLeafChild(i-1).expMod(kE.getIntLeafChild(i),p), p))
{
return false;
}
}
// Handling case: B.getChild(i-1) = h_0, i.e i == 0
if(B.getIntLeafChild(0).expMod(v,p).multMod(B_prime.getIntLeafChild(0), p) !=
g.expMod(kB.getIntLeafChild(0),p).multMod(h.getIntLeafChild(0).expMod(kE.getIntLeafChild(0),p),p))
{
return false;
}
// Check C^v * C' == g^kC
if(C.expMod(v, p).multMod(C_prime,p) != g.expMod(kC, p))
{
return false;
}
// Check D^v * D' == g^kD
if(D.expMod(v, p).multMod(D_prime, p) != g.expMod(kD, p))
{
return false;
}
// Check F^v * F' = Enc_pk(1, -kF)* prod (w'_i)^kE_i
/*if(pfStr.width == 1) {
}*/
//TODO: Fixa denna kodrad
/*if(F.expMod(v, p) * F_prime != Enc(pfStr.pk, IntLeaf(1), -kF, p) * w_prime.expMultMod(kE, p))
{
return false;
}*/
// All equalities holds, return true
return true;
}
static IDCOffer_clp BinderOffer_m (VP_clp self)
{
return RO(self)->binder_offer;
}
