Merge pull request #222 from michael-loki/crypto_folder

Split and move crypto code to a subdirectory

CMakeLists.txt

@@ -493,8 +493,10 @@ set(LIB_SRC
   llarp/codel.cpp
   llarp/config.cpp
   llarp/context.cpp
-  llarp/crypto.cpp
-  llarp/crypto_libsodium.cpp
+  llarp/crypto/constants.cpp
+  llarp/crypto/crypto.cpp
+  llarp/crypto/crypto_libsodium.cpp
+  llarp/crypto/types.cpp
   llarp/dht.cpp
   llarp/dht/bucket.cpp
   llarp/dht/context.cpp
@@ -614,6 +616,7 @@ set(DNS_SRC
 )
 
 set(TEST_SRC
+  test/crypto/test_llarp_crypto.cpp
   test/dht/test_llarp_dht_key.cpp
   test/dht/test_llarp_dht.cpp
   test/dns/test_llarp_dns_dns.cpp
@@ -626,12 +629,11 @@ set(TEST_SRC
   test/routing/test_llarp_routing_obtainexitmessage.cpp
   test/service/test_llarp_service_address.cpp
   test/service/test_llarp_service_identity.cpp
-  test/test_llarp_crypto.cpp
   test/test_llarp_dns.cpp
   test/test_llarp_dnsd.cpp
   test/test_llarp_encrypted_frame.cpp
-  test/test_llarp_router.cpp
   test/test_llarp_router_contact.cpp
+  test/test_llarp_router.cpp
   test/util/test_llarp_util_aligned.cpp
   test/util/test_llarp_util_bencode.cpp
   test/util/test_llarp_util_encode.cpp

daemon/rcutil.cpp

@@ -1,5 +1,5 @@
 #include <buffer.hpp>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <fs.hpp>
 #include <llarp.h>
 #include <logger.hpp>

include/llarp.hpp

@@ -1,8 +1,7 @@
 #ifndef LLARP_HPP
 #define LLARP_HPP
 
-#include <crypto.hpp>
-#include <util/threading.hpp>
+#include <util/types.hpp>
 
 #include <iostream>
 #include <memory>
@@ -14,9 +13,11 @@ struct llarp_config_iterator;
 struct llarp_ev_loop;
 struct llarp_nodedb;
 struct llarp_nodedb_iter;
+struct llarp_threadpool;
 
 namespace llarp
 {
+  struct Crypto;
   class Logic;
   struct Router;
   struct RouterContact;

libabyss/src/client.cpp

@@ -1,6 +1,6 @@
 #include <abyss/client.hpp>
 #include <abyss/http.hpp>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <util/buffer.hpp>
 #include <util/logger.hpp>
 

llarp/address_info.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_AI_HPP
 #define LLARP_AI_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <net/net.h>
 #include <util/bencode.hpp>
 #include <util/mem.h>

llarp/crypto/constants.cpp

@@ -0,0 +1 @@
+#include <crypto/constants.hpp>

llarp/crypto/constants.hpp

@@ -0,0 +1,25 @@
+#ifndef LLARP_CRYPTO_CONSTANTS_HPP
+#define LLARP_CRYPTO_CONSTANTS_HPP
+
+#include <stdint.h>
+
+#include <libntrup/ntru.h>
+
+static constexpr uint32_t PUBKEYSIZE    = 32;
+static constexpr uint32_t SECKEYSIZE    = 64;
+static constexpr uint32_t NONCESIZE     = 24;
+static constexpr uint32_t SHAREDKEYSIZE = 32;
+static constexpr uint32_t HASHSIZE      = 64;
+static constexpr uint32_t SHORTHASHSIZE = 32;
+static constexpr uint32_t HMACSECSIZE   = 32;
+static constexpr uint32_t SIGSIZE       = 64;
+static constexpr uint32_t TUNNONCESIZE  = 32;
+static constexpr uint32_t HMACSIZE      = 32;
+static constexpr uint32_t PATHIDSIZE    = 16;
+
+static constexpr uint32_t PQ_CIPHERTEXTSIZE = crypto_kem_CIPHERTEXTBYTES;
+static constexpr uint32_t PQ_PUBKEYSIZE     = crypto_kem_PUBLICKEYBYTES;
+static constexpr uint32_t PQ_SECRETKEYSIZE  = crypto_kem_SECRETKEYBYTES;
+static constexpr uint32_t PQ_KEYPAIRSIZE = (PQ_SECRETKEYSIZE + PQ_PUBKEYSIZE);
+
+#endif

llarp/crypto/crypto.cpp

@@ -0,0 +1 @@
+#include <crypto/crypto.hpp>

llarp/crypto/crypto.hpp

@@ -1,12 +1,10 @@
 #ifndef LLARP_CRYPTO_HPP
 #define LLARP_CRYPTO_HPP
 
-#include <router_id.hpp>
-#include <util/aligned.hpp>
+#include <crypto/constants.hpp>
+#include <crypto/types.hpp>
+
 #include <util/buffer.h>
-#include <util/common.hpp>
-#include <util/mem.h>
-#include <util/threadpool.h>
 
 #include <functional>
 #include <stdbool.h>
@@ -19,123 +17,8 @@
  * potentially allow libssl support in the future
  */
 
-static constexpr uint32_t PUBKEYSIZE    = 32;
-static constexpr uint32_t SECKEYSIZE    = 64;
-static constexpr uint32_t NONCESIZE     = 24;
-static constexpr uint32_t SHAREDKEYSIZE = 32;
-static constexpr uint32_t HASHSIZE      = 64;
-static constexpr uint32_t SHORTHASHSIZE = 32;
-static constexpr uint32_t HMACSECSIZE   = 32;
-static constexpr uint32_t SIGSIZE       = 64;
-static constexpr uint32_t TUNNONCESIZE  = 32;
-static constexpr uint32_t HMACSIZE      = 32;
-static constexpr uint32_t PATHIDSIZE    = 16;
-
-#include <libntrup/ntru.h>
-
-#define PQ_CIPHERTEXTSIZE crypto_kem_CIPHERTEXTBYTES
-#define PQ_PUBKEYSIZE crypto_kem_PUBLICKEYBYTES
-#define PQ_SECRETKEYSIZE crypto_kem_SECRETKEYBYTES
-#define PQ_KEYPAIRSIZE (PQ_SECRETKEYSIZE + PQ_PUBKEYSIZE)
-
 namespace llarp
 {
-  using SharedSecret     = AlignedBuffer< SHAREDKEYSIZE >;
-  using KeyExchangeNonce = AlignedBuffer< 32 >;
-
-  struct PubKey final : public AlignedBuffer< PUBKEYSIZE >
-  {
-    PubKey() : AlignedBuffer< SIZE >()
-    {
-    }
-
-    explicit PubKey(const byte_t *ptr) : AlignedBuffer< SIZE >(ptr)
-    {
-    }
-
-    explicit PubKey(const Data &data) : AlignedBuffer< SIZE >(data)
-    {
-    }
-
-    explicit PubKey(const AlignedBuffer< SIZE > &other)
-        : AlignedBuffer< SIZE >(other)
-    {
-    }
-
-    std::string
-    ToString() const;
-
-    bool
-    FromString(const std::string &str);
-
-    friend std::ostream &
-    operator<<(std::ostream &out, const PubKey &k)
-    {
-      return out << k.ToString();
-    }
-
-    operator RouterID() const
-    {
-      return RouterID(as_array());
-    }
-
-    PubKey &
-    operator=(const byte_t *ptr)
-    {
-      std::copy(ptr, ptr + SIZE, begin());
-      return *this;
-    }
-  };
-
-  struct SecretKey final : public AlignedBuffer< SECKEYSIZE >
-  {
-    SecretKey() : AlignedBuffer< SECKEYSIZE >(){};
-
-    explicit SecretKey(const SecretKey &k) : AlignedBuffer< SECKEYSIZE >(k)
-    {
-    }
-
-    explicit SecretKey(const byte_t *ptr) : AlignedBuffer< SECKEYSIZE >(ptr)
-    {
-    }
-
-    friend std::ostream &
-    operator<<(std::ostream &out, const SecretKey &)
-    {
-      // make sure we never print out secret keys
-      return out << "[secretkey]";
-    }
-
-    PubKey
-    toPublic() const
-    {
-      return PubKey(data() + 32);
-    }
-
-    bool
-    LoadFromFile(const char *fname);
-
-    bool
-    SaveToFile(const char *fname) const;
-
-    SecretKey &
-    operator=(const byte_t *ptr)
-    {
-      std::copy(ptr, ptr + SIZE, begin());
-      return *this;
-    }
-  };
-
-  using ShortHash   = AlignedBuffer< SHORTHASHSIZE >;
-  using Signature   = AlignedBuffer< SIGSIZE >;
-  using TunnelNonce = AlignedBuffer< TUNNONCESIZE >;
-  using SymmNonce   = AlignedBuffer< NONCESIZE >;
-  using SymmKey     = AlignedBuffer< 32 >;
-
-  using PQCipherBlock = AlignedBuffer< PQ_CIPHERTEXTSIZE + 1 >;
-  using PQPubKey      = AlignedBuffer< PQ_PUBKEYSIZE >;
-  using PQKeyPair     = AlignedBuffer< PQ_KEYPAIRSIZE >;
-
   /// label functors
 
   /// PKE(result, publickey, secretkey, nonce)

llarp/crypto/crypto_libsodium.cpp

@@ -1,4 +1,5 @@
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
+
 #include <sodium/crypto_generichash.h>
 #include <sodium/crypto_sign.h>
 #include <sodium/crypto_scalarmult.h>
@@ -41,15 +42,14 @@ namespace llarp
     {
       llarp::SharedSecret shared;
       crypto_generichash_state h;
-      const size_t outsz = SHAREDKEYSIZE;
 
       if(crypto_scalarmult_curve25519(shared.data(), usSec.data(), themPub))
         return false;
-      crypto_generichash_blake2b_init(&h, nullptr, 0U, outsz);
+      crypto_generichash_blake2b_init(&h, nullptr, 0U, shared.size());
       crypto_generichash_blake2b_update(&h, client_pk.data(), 32);
       crypto_generichash_blake2b_update(&h, server_pk.data(), 32);
       crypto_generichash_blake2b_update(&h, shared.data(), 32);
-      crypto_generichash_blake2b_final(&h, out.data(), outsz);
+      crypto_generichash_blake2b_final(&h, out.data(), shared.size());
       return true;
     }
 

llarp/crypto/types.cpp

@@ -1,4 +1,4 @@
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 
 #include <util/buffer.hpp>
 

llarp/crypto/types.hpp

@@ -0,0 +1,111 @@
+#ifndef LLARP_CRYPTO_TYPES_HPP
+#define LLARP_CRYPTO_TYPES_HPP
+
+#include <crypto/constants.hpp>
+#include <router_id.hpp>
+#include <util/aligned.hpp>
+#include <util/types.hpp>
+
+#include <algorithm>
+#include <iostream>
+
+namespace llarp
+{
+  using SharedSecret     = AlignedBuffer< SHAREDKEYSIZE >;
+  using KeyExchangeNonce = AlignedBuffer< 32 >;
+
+  struct PubKey final : public AlignedBuffer< PUBKEYSIZE >
+  {
+    PubKey() : AlignedBuffer< SIZE >()
+    {
+    }
+
+    explicit PubKey(const byte_t *ptr) : AlignedBuffer< SIZE >(ptr)
+    {
+    }
+
+    explicit PubKey(const Data &data) : AlignedBuffer< SIZE >(data)
+    {
+    }
+
+    explicit PubKey(const AlignedBuffer< SIZE > &other)
+        : AlignedBuffer< SIZE >(other)
+    {
+    }
+
+    std::string
+    ToString() const;
+
+    bool
+    FromString(const std::string &str);
+
+    friend std::ostream &
+    operator<<(std::ostream &out, const PubKey &k)
+    {
+      return out << k.ToString();
+    }
+
+    operator RouterID() const
+    {
+      return RouterID(as_array());
+    }
+
+    PubKey &
+    operator=(const byte_t *ptr)
+    {
+      std::copy(ptr, ptr + SIZE, begin());
+      return *this;
+    }
+  };
+
+  struct SecretKey final : public AlignedBuffer< SECKEYSIZE >
+  {
+    SecretKey() : AlignedBuffer< SECKEYSIZE >(){};
+
+    explicit SecretKey(const SecretKey &k) : AlignedBuffer< SECKEYSIZE >(k)
+    {
+    }
+
+    explicit SecretKey(const byte_t *ptr) : AlignedBuffer< SECKEYSIZE >(ptr)
+    {
+    }
+
+    friend std::ostream &
+    operator<<(std::ostream &out, const SecretKey &)
+    {
+      // make sure we never print out secret keys
+      return out << "[secretkey]";
+    }
+
+    PubKey
+    toPublic() const
+    {
+      return PubKey(data() + 32);
+    }
+
+    bool
+    LoadFromFile(const char *fname);
+
+    bool
+    SaveToFile(const char *fname) const;
+
+    SecretKey &
+    operator=(const byte_t *ptr)
+    {
+      std::copy(ptr, ptr + SIZE, begin());
+      return *this;
+    }
+  };
+
+  using ShortHash   = AlignedBuffer< SHORTHASHSIZE >;
+  using Signature   = AlignedBuffer< SIGSIZE >;
+  using TunnelNonce = AlignedBuffer< TUNNONCESIZE >;
+  using SymmNonce   = AlignedBuffer< NONCESIZE >;
+  using SymmKey     = AlignedBuffer< 32 >;
+
+  using PQCipherBlock = AlignedBuffer< PQ_CIPHERTEXTSIZE + 1 >;
+  using PQPubKey      = AlignedBuffer< PQ_PUBKEYSIZE >;
+  using PQKeyPair     = AlignedBuffer< PQ_KEYPAIRSIZE >;
+}  // namespace llarp
+
+#endif

llarp/dht.h

@@ -1,7 +1,7 @@
 #ifndef LLARP_DHT_H_
 #define LLARP_DHT_H_
 
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <router_contact.hpp>
 #include <util/buffer.h>
 

llarp/dht/bucket.hpp

@@ -1,9 +1,10 @@
 #ifndef LLARP_DHT_BUCKET_HPP
 #define LLARP_DHT_BUCKET_HPP
 
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <dht/kademlia.hpp>
 #include <dht/key.hpp>
+
 #include <map>
 #include <set>
 #include <vector>

llarp/dns/server.cpp

@@ -1,5 +1,7 @@
 #include <dns/server.hpp>
 
+#include <crypto/crypto.hpp>
+
 namespace llarp
 {
   namespace dns

llarp/encrypted_frame.cpp

@@ -1,6 +1,6 @@
 #include <encrypted_frame.hpp>
 
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <util/logger.hpp>
 #include <util/mem.hpp>
 

llarp/encrypted_frame.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_ENCRYPTED_FRAME_HPP
 #define LLARP_ENCRYPTED_FRAME_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <encrypted.hpp>
 #include <util/buffer.hpp>
 #include <util/mem.h>
@@ -9,6 +9,8 @@
 
 namespace llarp
 {
+  struct Crypto;
+
   static constexpr size_t EncryptedFrameOverheadSize =
       PUBKEYSIZE + TUNNONCESIZE + SHORTHASHSIZE;
   static constexpr size_t EncryptedFrameBodySize = 512;
@@ -85,8 +87,7 @@ namespace llarp
       otherKey = other;
       if(buf.sz > EncryptedFrameBodySize)
         return;
-      memcpy(frame.data() + PUBKEYSIZE + TUNNONCESIZE + SHORTHASHSIZE, buf.base,
-             buf.sz);
+      memcpy(frame.data() + EncryptedFrameOverheadSize, buf.base, buf.sz);
       user = u;
       llarp_threadpool_queue_job(worker, {this, &Encrypt});
     }

llarp/exit/endpoint.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_EXIT_ENDPOINT_HPP
 #define LLARP_EXIT_ENDPOINT_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <ip.hpp>
 #include <path/path.hpp>
 #include <util/time.hpp>

llarp/exit_info.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_XI_HPP
 #define LLARP_XI_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <net/net.hpp>
 #include <util/bencode.hpp>
 #include <util/bits.hpp>

llarp/link/encoder.hpp

@@ -1,13 +1,13 @@
 #ifndef LLARP_LINK_ENCODER_HPP
 #define LLARP_LINK_ENCODER_HPP
 
-#include <router_contact.hpp>
-
-#include <util/bencode.h>
-#include <util/buffer.h>
+struct llarp_buffer_t;
 
 namespace llarp
 {
+  struct KeyExchangeNonce;
+  class RouterContact;
+
   /// encode Link Introduce Message onto a buffer
   /// if router is nullptr then the LIM's r member is omitted.
   bool

llarp/link/iwp_internal.hpp

@@ -1,5 +1,8 @@
 #ifndef LLARP_LINK_IWP_INTERNAL_HPP
 #define LLARP_LINK_IWP_INTERNAL_HPP
+
+#include <crypto/crypto.hpp>
+#include <crypto/types.hpp>
 #include <link/server.hpp>
 #include <link/session.hpp>
 #include <link_layer.hpp>
@@ -9,6 +12,7 @@
 
 namespace llarp
 {
+  struct Crypto;
   namespace iwp
   {
     struct LinkLayer;

llarp/link/server.cpp

@@ -1,5 +1,6 @@
 #include <link/server.hpp>
 
+#include <crypto/crypto.hpp>
 #include <util/fs.hpp>
 
 namespace llarp
@@ -131,7 +132,7 @@ namespace llarp
     Lock l_authed(m_AuthedLinksMutex);
     Lock l_pending(m_PendingMutex);
     llarp::Addr addr = s->GetRemoteEndpoint();
-    auto itr = m_Pending.find(addr);
+    auto itr         = m_Pending.find(addr);
     if(itr != m_Pending.end())
     {
       if(m_AuthedLinks.count(pk) > MaxSessionsPerKey)
@@ -163,7 +164,7 @@ namespace llarp
   }
 
   void
-  ILinkLayer::RemovePending(ILinkSession * s)
+  ILinkLayer::RemovePending(ILinkSession* s)
   {
     llarp::Addr remote = s->GetRemoteEndpoint();
     m_Pending.erase(remote);
@@ -330,10 +331,10 @@ namespace llarp
   {
     Lock lock(m_PendingMutex);
     llarp::Addr addr = s->GetRemoteEndpoint();
-    auto itr = m_Pending.find(addr);
+    auto itr         = m_Pending.find(addr);
     if(itr != m_Pending.end())
       return false;
-    m_Pending.insert(std::make_pair(addr, std::unique_ptr<ILinkSession>(s)));
+    m_Pending.insert(std::make_pair(addr, std::unique_ptr< ILinkSession >(s)));
     return true;
   }
 

llarp/link/server.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_LINK_SERVER_HPP
 #define LLARP_LINK_SERVER_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <ev/ev.h>
 #include <link/session.hpp>
 #include <net/net.hpp>

llarp/link/session.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_LINK_SESSION_HPP
 #define LLARP_LINK_SESSION_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <net/net.hpp>
 #include <router_contact.hpp>
 #include <util/types.hpp>

llarp/link/utp_internal.hpp

@@ -1,15 +1,18 @@
 #ifndef LLARP_LINK_UTP_INTERNAL_HPP
 #define LLARP_LINK_UTP_INTERNAL_HPP
-#include <link/utp.hpp>
-#include <utp.h>
+
+#include <crypto/types.hpp>
 #include <link_layer.hpp>
+#include <link/utp.hpp>
 #include <util/aligned.hpp>
+#include <utp.h>
 
 #include <tuple>
 #include <deque>
 
 namespace llarp
 {
+  struct Crypto;
   namespace utp
   {
     /// size of keyed hash

llarp/messages/exit.hpp

@@ -1,6 +1,7 @@
 #ifndef LLARP_MESSAGES_EXIT_HPP
 #define LLARP_MESSAGES_EXIT_HPP
-#include <crypto.hpp>
+
+#include <crypto/types.hpp>
 #include <exit/policy.hpp>
 #include <routing/message.hpp>
 
@@ -8,6 +9,7 @@
 
 namespace llarp
 {
+  struct Crypto;
   namespace routing
   {
     struct ObtainExitMessage final : public IMessage

llarp/messages/link_intro.hpp

@@ -1,6 +1,7 @@
 #ifndef LLARP_MESSAGES_LINK_INTRO_HPP
 #define LLARP_MESSAGES_LINK_INTRO_HPP
 
+#include <crypto/types.hpp>
 #include <link_message.hpp>
 #include <router_contact.hpp>
 

llarp/messages/path_transfer.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_MESSAGES_PATH_TRANSFER_HPP
 #define LLARP_MESSAGES_PATH_TRANSFER_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <encrypted.hpp>
 #include <routing/message.hpp>
 #include <service/protocol.hpp>

llarp/messages/relay.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_MESSAGES_RELAY_HPP
 #define LLARP_MESSAGES_RELAY_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <encrypted.hpp>
 #include <link_message.hpp>
 #include <path/path_types.hpp>

llarp/messages/relay_commit.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_RELAY_COMMIT_HPP
 #define LLARP_RELAY_COMMIT_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <encrypted_ack.hpp>
 #include <encrypted_frame.hpp>
 #include <link_message.hpp>

llarp/messages/transfer_traffic.hpp

@@ -1,7 +1,6 @@
 #ifndef LLARP_MESSAGES_TRANSFER_TRAFFIC_HPP
 #define LLARP_MESSAGES_TRANSFER_TRAFFIC_HPP
 
-#include <crypto.hpp>
 #include <encrypted.hpp>
 #include <routing/message.hpp>
 

llarp/nodedb.cpp

@@ -1,6 +1,6 @@
 #include <nodedb.hpp>
 
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <router_contact.hpp>
 #include <util/buffer.hpp>
 #include <util/encode.hpp>

llarp/nodedb.hpp

@@ -1,7 +1,6 @@
 #ifndef LLARP_NODEDB_HPP
 #define LLARP_NODEDB_HPP
 
-#include <crypto.hpp>
 #include <router_contact.hpp>
 #include <router_id.hpp>
 #include <util/common.hpp>
@@ -13,10 +12,13 @@
  * persistent storage API for router contacts
  */
 
+struct llarp_threadpool;
+
 namespace llarp
 {
+  struct Crypto;
   class Logic;
-}
+}  // namespace llarp
 
 struct llarp_nodedb_iter
 {

llarp/path/path.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_PATH_HPP
 #define LLARP_PATH_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <messages/relay_commit.hpp>
 #include <messages/relay.hpp>
 #include <path/path_types.hpp>
@@ -32,6 +32,7 @@
 
 namespace llarp
 {
+  struct Crypto;
   namespace path
   {
     struct TransitHopInfo

llarp/path/path_types.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_PATH_TYPES_HPP
 #define LLARP_PATH_TYPES_HPP
 
-#include <crypto.hpp>
+#include <crypto/constants.hpp>
 #include <util/aligned.hpp>
 
 namespace llarp

llarp/pow.hpp

@@ -1,6 +1,7 @@
 #ifndef LLARP_POW_HPP
 #define LLARP_POW_HPP
-#include <crypto.hpp>
+
+#include <crypto/crypto.hpp>
 #include <router_id.hpp>
 #include <util/bencode.hpp>
 

llarp/router.cpp

@@ -1,7 +1,7 @@
 #include <router.hpp>
 
 #include <constants/proto.hpp>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <dht/context.hpp>
 #include <link_message.hpp>
 #include <link/iwp.hpp>

llarp/router.hpp

@@ -2,7 +2,7 @@
 #define LLARP_ROUTER_HPP
 
 #include <config.h>
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <dht.h>
 #include <establish_job.hpp>
 #include <ev/ev.h>
@@ -32,6 +32,10 @@
 #include <unordered_map>
 #include <set>
 
+namespace llarp {
+  struct Crypto;
+}
+
 bool
 llarp_findOrCreateEncryption(llarp::Crypto *crypto, const fs::path &fpath,
                              llarp::SecretKey &encryption);

llarp/router_contact.cpp

@@ -1,7 +1,7 @@
 #include <router_contact.hpp>
 
 #include <constants/version.hpp>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <net/net.hpp>
 #include <util/bencode.hpp>
 #include <util/buffer.hpp>

llarp/router_contact.hpp

@@ -3,8 +3,9 @@
 
 #include <address_info.hpp>
 #include <constants/version.hpp>
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <exit_info.hpp>
+#include <util/aligned.hpp>
 #include <util/bencode.hpp>
 
 #include <vector>
@@ -14,6 +15,8 @@
 
 namespace llarp
 {
+  struct Crypto;
+
   /// NetID
   struct NetID final : public AlignedBuffer< 8 >
   {

llarp/rpc.hpp

@@ -1,7 +1,6 @@
 #ifndef LLARP_RPC_HPP
 #define LLARP_RPC_HPP
 
-#include <crypto.hpp>
 #include <ev/ev.h>
 #include <util/time.hpp>
 

llarp/service/Identity.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_IDENTITY_HPP
 #define LLARP_SERVICE_IDENTITY_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <service/Info.hpp>
 #include <service/IntroSet.hpp>
 #include <service/types.hpp>
@@ -9,6 +9,8 @@
 
 namespace llarp
 {
+  struct Crypto;
+
   namespace service
   {
     // private keys

llarp/service/Info.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_INFO_HPP
 #define LLARP_SERVICE_INFO_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <service/types.hpp>
 #include <util/bencode.hpp>
 
@@ -13,6 +13,8 @@
 
 namespace llarp
 {
+  struct Crypto;
+
   namespace service
   {
     struct ServiceInfo final : public llarp::IBEncodeMessage
@@ -59,10 +61,7 @@ namespace llarp
 
       bool
       Verify(llarp::Crypto* crypto, llarp_buffer_t payload,
-             const Signature& sig) const
-      {
-        return crypto->verify(signkey, payload, sig);
-      }
+             const Signature& sig) const;
 
       const PubKey&
       EncryptionPublicKey() const

llarp/service/Intro.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_INTRO_HPP
 #define LLARP_SERVICE_INTRO_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <path/path_types.hpp>
 #include <util/bencode.hpp>
 

llarp/service/IntroSet.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_INTROSET_HPP
 #define LLARP_SERVICE_INTROSET_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <pow.hpp>
 #include <service/Info.hpp>
 #include <service/Intro.hpp>
@@ -15,6 +15,8 @@
 
 namespace llarp
 {
+  struct Crypto;
+
   namespace service
   {
     constexpr std::size_t MAX_INTROSET_SIZE = 4096;

llarp/service/handler.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_HANDLER_HPP
 #define LLARP_SERVICE_HANDLER_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <path/path_types.hpp>
 #include <service/IntroSet.hpp>
 #include <util/aligned.hpp>

llarp/service/info.cpp

@@ -1,5 +1,6 @@
 #include <service/Info.hpp>
 
+#include <crypto/crypto.hpp>
 #include <service/address.hpp>
 #include <util/buffer.hpp>
 
@@ -11,6 +12,13 @@ namespace llarp
 {
   namespace service
   {
+    bool
+    ServiceInfo::Verify(llarp::Crypto* crypto, llarp_buffer_t payload,
+                        const Signature& sig) const
+    {
+      return crypto->verify(signkey, payload, sig);
+    }
+
     bool
     ServiceInfo::DecodeKey(llarp_buffer_t key, llarp_buffer_t* val)
     {

llarp/service/protocol.hpp

@@ -1,7 +1,7 @@
 #ifndef LLARP_SERVICE_PROTOCOL_HPP
 #define LLARP_SERVICE_PROTOCOL_HPP
 
-#include <crypto.hpp>
+#include <crypto/types.hpp>
 #include <dht/message.hpp>
 #include <encrypted.hpp>
 #include <routing/message.hpp>
@@ -14,8 +14,11 @@
 
 #include <vector>
 
+struct llarp_threadpool;
+
 namespace llarp
 {
+  struct Crypto;
   class Logic;
 
   namespace service
@@ -57,17 +60,17 @@ namespace llarp
     };
 
     /// outer message
-    struct ProtocolFrame final : public llarp::routing::IMessage
+    struct ProtocolFrame final : public routing::IMessage
     {
-      using Encrypted_t = llarp::Encrypted< 2048 >;
-      llarp::PQCipherBlock C;
+      using Encrypted_t = Encrypted< 2048 >;
+      PQCipherBlock C;
       Encrypted_t D;
-      llarp::KeyExchangeNonce N;
-      llarp::Signature Z;
-      llarp::service::ConvoTag T;
+      KeyExchangeNonce N;
+      Signature Z;
+      service::ConvoTag T;
 
       ProtocolFrame(const ProtocolFrame& other)
-          : llarp::routing::IMessage()
+          : routing::IMessage()
           , C(other.C)
           , D(other.D)
           , N(other.N)
@@ -78,7 +81,7 @@ namespace llarp
         version = other.version;
       }
 
-      ProtocolFrame() : llarp::routing::IMessage()
+      ProtocolFrame() : routing::IMessage()
       {
         Clear();
       }
@@ -98,17 +101,17 @@ namespace llarp
       operator=(const ProtocolFrame& other);
 
       bool
-      EncryptAndSign(llarp::Crypto* c, const ProtocolMessage& msg,
+      EncryptAndSign(Crypto* c, const ProtocolMessage& msg,
                      const SharedSecret& sharedkey, const Identity& localIdent);
 
       bool
-      AsyncDecryptAndVerify(llarp::Logic* logic, llarp::Crypto* c,
-                            const PathID_t& srcpath, llarp_threadpool* worker,
+      AsyncDecryptAndVerify(Logic* logic, Crypto* c, const PathID_t& srcpath,
+                            llarp_threadpool* worker,
                             const Identity& localIdent,
                             IDataHandler* handler) const;
 
       bool
-      DecryptPayloadInto(llarp::Crypto* c, const SharedSecret& sharedkey,
+      DecryptPayloadInto(Crypto* c, const SharedSecret& sharedkey,
                          ProtocolMessage& into) const;
 
       bool
@@ -128,11 +131,10 @@ namespace llarp
       }
 
       bool
-      Verify(llarp::Crypto* c, const ServiceInfo& from) const;
+      Verify(Crypto* c, const ServiceInfo& from) const;
 
       bool
-      HandleMessage(llarp::routing::IMessageHandler* h,
-                    llarp::Router* r) const override;
+      HandleMessage(routing::IMessageHandler* h, Router* r) const override;
     };
   }  // namespace service
 }  // namespace llarp

llarp/util/buffer.h

@@ -3,6 +3,7 @@
 
 #include <util/common.hpp>
 #include <util/mem.h>
+#include <util/types.hpp>
 
 #include <cassert>
 #include <stdbool.h>
@@ -16,8 +17,6 @@
  * generic memory buffer
  */
 
-typedef uint8_t byte_t;
-
 /**
   llarp_buffer_t represents a region of memory that is ONLY
   valid in the current scope.

llarp/util/types.hpp

@@ -2,6 +2,7 @@
 #define LLARP_TYPES_H
 #include <cstdint>
 
+using byte_t                = uint8_t;
 using llarp_proto_version_t = std::uint8_t;
 using llarp_time_t          = std::uint64_t;
 using llarp_seconds_t       = std::uint64_t;

test/crypto/test_llarp_crypto.cpp

@@ -1,7 +1,9 @@
-#include <gtest/gtest.h>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
+
 #include <iostream>
 
+#include <gtest/gtest.h>
+
 namespace llarp
 {
   struct PQCryptoTest : public ::testing::Test

test/routing/test_llarp_routing_obtainexitmessage.cpp

@@ -1,5 +1,6 @@
 #include <gtest/gtest.h>
 
+#include <crypto/crypto.hpp>
 #include <messages/exit.hpp>
 
 using ObtainExitMessage = llarp::routing::ObtainExitMessage;

test/service/test_llarp_service_identity.cpp

@@ -1,6 +1,6 @@
 #include <gtest/gtest.h>
 
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 #include <path/path.hpp>
 #include <service/address.hpp>
 #include <service/Identity.hpp>

test/test_llarp_encrypted_frame.cpp

@@ -1,8 +1,10 @@
-#include <gtest/gtest.h>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
+
 #include <encrypted_frame.hpp>
 #include <messages/relay_commit.hpp>
 
+#include <gtest/gtest.h>
+
 using EncryptedFrame = llarp::EncryptedFrame;
 using SecretKey      = llarp::SecretKey;
 using PubKey         = llarp::PubKey;

test/test_llarp_router.cpp

@@ -1,6 +1,5 @@
-
 #include <router.hpp>
-#include <crypto.hpp>
+#include <crypto/crypto.hpp>
 
 #include <functional>
 #include <random>

test/test_llarp_router_contact.cpp

@@ -1,7 +1,7 @@
 #include <gtest/gtest.h>
 
+#include <crypto/crypto.hpp>
 #include <router_contact.hpp>
-#include <crypto.hpp>
 
 static const byte_t DEF_VALUE[] = "unittest";