Make NaCl ge25519() kludge compile on Debian Linux

Android.mk

@@ -88,7 +88,8 @@ LOCAL_CFLAGS += \
         -DHAVE_ERRNO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_UNISTD_H=1 \
         -DHAVE_STRING_H=1 -DHAVE_ARPA_INET_H=1 -DHAVE_SYS_SOCKET_H=1 \
         -DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_POLL_H=1 -DHAVE_NETDB_H=1 \
-	-DHAVE_JNI_H=1 -DHAVE_STRUCT_UCRED=1 -DBYTE_ORDER=_BYTE_ORDER \
+	-DHAVE_JNI_H=1 -DHAVE_STRUCT_UCRED=1 -DHAVE_CRYPTO_SIGN_NACL_GE25519_H=1 \
+        -DBYTE_ORDER=_BYTE_ORDER \
 	-I$(NACL_INC) \
 	-I$(SQLITE3_INC)
 LOCAL_LDLIBS := -L$(SYSROOT)/usr/lib -llog 

configure.in

@@ -95,8 +95,23 @@ echo " but fortunately it only needs to happen once.)"
 cd nacl
 ./nacl-gcc-prep
 cd ..
-CFLAGS="$CFLAGS -Inacl/"`cat nacl/naclinc.txt`
-LDFLAGS="$LDFLAGS nacl/"`cat nacl/nacllib.txt`
+NACL_INC=`cat nacl/naclinc.txt`
+NACL_LIB=`cat nacl/nacllib.txt`
+CPPFLAGS="$CPPFLAGS -Inacl/$NACL_INC"
+LDFLAGS="$LDFLAGS nacl/$NACL_LIB"
+AC_CHECK_HEADER(crypto_sign_edwards25519sha512batch_ref/ge25519.h,
+        AC_DEFINE([HAVE_CRYPTO_SIGN_NACL_GE25519_H]),
+        [
+            dnl A kludge to get to the NaCl ge25519 functions, which are not included in the public API
+            dnl in a native build (but are available in the Android build).
+            oCPPFLAGS="$CPPFLAGS"
+            CPPFLAGS="$CPPFLAGS -Inacl/$NACL_INC -Inacl/${NACL_INC%%/*}/crypto_sign"
+            AC_CHECK_HEADER([edwards25519sha512batch/ref/ge25519.h],
+                    AC_DEFINE([HAVE_KLUDGE_NACL_GE25519_H]),
+                    CPPFLAGS="$oCPPFLAGS"
+                )
+        ]
+    )
 
 AC_CHECK_LIB(m,sqrtf,[LDFLAGS="$LDFLAGS -lm"])
 AC_CHECK_LIB(nsl,callrpc,[LDFLAGS="$LDFLAGS -lnsl"])

rhizome_crypto.c

@@ -152,21 +152,32 @@ int rhizome_extract_privatekey(rhizome_manifest *m,const char *authorHex)
      XXX This is a pretty ugly way to do it, but NaCl offers no API to
      do this cleanly. */
   {
-#include "nacl-source/nacl-20110221/nacl-source/crypto_sign_edwards25519sha512batch_ref/ge25519.h"
+#ifdef HAVE_CRYPTO_SIGN_NACL_GE25519_H
+#  include "crypto_sign_edwards25519sha512batch_ref/ge25519.h"
+#else
+#  ifdef HAVE_KLUDGE_NACL_GE25519_H
+#    include "edwards25519sha512batch/ref/ge25519.h"
+#  endif
+#endif
+#ifdef ge25519
     unsigned char *sk=m->cryptoSignSecret;
     unsigned char pk[crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES];
     sc25519 scsk;
     ge25519 gepk;
-        
     sc25519_from32bytes(&scsk,sk);
-    
     ge25519_scalarmult_base(&gepk, &scsk);
     ge25519_pack(pk, &gepk);
     bzero(&scsk,sizeof(scsk));
-    if (bcmp(pk,m->cryptoSignPublic,
-	     crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES))
+    if (memcmp(pk, m->cryptoSignPublic, crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES))
       return WHY("BID secret key decoded from BK was not valid");     
-    else return 0;
+    else
+      return 0;
+#else //!ge25519
+    /* XXX Need to test key by signing and testing signature validity. */
+    /* For the time being barf so that the caller does not think we have a validated BK
+       when in fact we do not. */
+    return WHY("ge25519 function not available");
+#endif //!ge25519
   }
 }