Convert llarp_crypto to be a true C++ class

daemon/rcutil.cpp

@@ -263,7 +263,7 @@ main(int argc, char *argv[])
 
   if(verifyMode)
   {
-    llarp_crypto crypto;
+      llarp::Crypto crypto;
     llarp_crypto_init(&crypto);
     if(!rc.Read(rcfname))
     {
@@ -329,7 +329,7 @@ main(int argc, char *argv[])
   // this is the only one...
   if(listMode)
   {
-    llarp_crypto crypto;
+      llarp::Crypto crypto;
     llarp_crypto_init(&crypto);
     auto nodedb = llarp_nodedb_new(&crypto);
     llarp_nodedb_iter itr;
@@ -350,7 +350,7 @@ main(int argc, char *argv[])
       std::cout << "no file to import" << std::endl;
       return 1;
     }
-    llarp_crypto crypto;
+    llarp::Crypto crypto;
     llarp_crypto_init(&crypto);
     auto nodedb = llarp_nodedb_new(&crypto);
     if(!llarp_nodedb_ensure_dir(nodesdir))
@@ -391,7 +391,7 @@ main(int argc, char *argv[])
     // set updated timestamp
     rc.last_updated = llarp::time_now_ms();
     // load longterm identity
-    llarp_crypto crypt;
+    llarp::Crypto crypt;
     llarp_crypto_init(&crypt);
 
     // which is in daemon.ini config: router.encryption-privkey (defaults
@@ -440,7 +440,7 @@ main(int argc, char *argv[])
     // set updated timestamp
     rc.last_updated = llarp::time_now_ms();
     // load longterm identity
-    llarp_crypto crypt;
+    llarp::Crypto crypt;
 
     // no longer used?
     // llarp_crypto_libsodium_init(&crypt);
@@ -469,7 +469,7 @@ main(int argc, char *argv[])
 
   if(listMode)
   {
-    llarp_crypto crypto;
+      llarp::Crypto crypto;
     // no longer used?
     // llarp_crypto_libsodium_init(&crypto);
     llarp_crypto_init(&crypto);

include/llarp.hpp

@@ -1,12 +1,13 @@
 #ifndef LLARP_HPP
 #define LLARP_HPP
 
-#include <llarp.h>
 #include <iostream>
+#include <llarp.h>
+#include <llarp/crypto.h>
 #include <llarp/threading.hpp>
+#include <memory>
 #include <string>
 #include <vector>
-#include <llarp/crypto.h>
 
 struct llarp_config;
 struct llarp_config_iterator;
@@ -19,7 +20,7 @@ namespace llarp
 
     int num_nethreads   = 1;
     bool singleThreaded = false;
-    llarp_crypto crypto;
+    std::unique_ptr<llarp::Crypto> crypto;
     llarp::Router *router     = nullptr;
     llarp_threadpool *worker = nullptr;
     llarp::Logic *logic      = nullptr;

include/llarp/crypto.h

@@ -2,6 +2,7 @@
 #define LLARP_CRYPTO_H_
 #include <llarp/buffer.h>
 #include <llarp/common.hpp>
+#include <functional>
 #include <stdbool.h>
 #include <stdint.h>
 
@@ -12,17 +13,17 @@
  * potentially allow libssl support in the future
  */
 
-#define PUBKEYSIZE 32
+static constexpr uint32_t PUBKEYSIZE = 32;
-#define SECKEYSIZE 64
+static constexpr uint32_t SECKEYSIZE = 64;
-#define NONCESIZE 24
+static constexpr uint32_t NONCESIZE = 24;
-#define SHAREDKEYSIZE 32
+static constexpr uint32_t SHAREDKEYSIZE = 32;
-#define HASHSIZE 64
+static constexpr uint32_t HASHSIZE = 64;
-#define SHORTHASHSIZE 32
+static constexpr uint32_t SHORTHASHSIZE = 32;
-#define HMACSECSIZE 32
+static constexpr uint32_t HMACSECSIZE = 32;
-#define SIGSIZE 64
+static constexpr uint32_t SIGSIZE = 64;
-#define TUNNONCESIZE 32
+static constexpr uint32_t TUNNONCESIZE = 32;
-#define HMACSIZE 32
+static constexpr uint32_t HMACSIZE = 32;
-#define PATHIDSIZE 16
+static constexpr uint32_t PATHIDSIZE = 16;
 
 #include <libntrup/ntru.h>
 
@@ -31,85 +32,86 @@
 #define PQ_SECRETKEYSIZE crypto_kem_SECRETKEYBYTES
 #define PQ_KEYPAIRSIZE (PQ_SECRETKEYSIZE + PQ_PUBKEYSIZE)
 
+namespace llarp
+{
 /// label functors
 
 /// PKE(result, publickey, secretkey, nonce)
-typedef bool (*llarp_path_dh_func)(byte_t *, const byte_t *, const byte_t *,
+using path_dh_func = std::function<bool(byte_t *, const byte_t *, const byte_t *,
-                                   const byte_t *);
+                                   const byte_t *)>;
 
 /// TKE(result, publickey, secretkey, nonce)
-typedef bool (*llarp_transport_dh_func)(byte_t *, const byte_t *,
+using transport_dh_func = std::function<bool(byte_t *, const byte_t *,
-                                        const byte_t *, const byte_t *);
+                                        const byte_t *, const byte_t *)>;
 
 /// SD/SE(buffer, key, nonce)
-typedef bool (*llarp_sym_cipher_func)(llarp_buffer_t, const byte_t *,
+using sym_cipher_func = std::function<bool(llarp_buffer_t, const byte_t *,
-                                      const byte_t *);
+                                      const byte_t *)>;
 
 /// H(result, body)
-typedef bool (*llarp_hash_func)(byte_t *, llarp_buffer_t);
+using hash_func = std::function<bool(byte_t *, llarp_buffer_t)>;
 
 /// SH(result, body)
-typedef bool (*llarp_shorthash_func)(byte_t *, llarp_buffer_t);
+using shorthash_func = std::function<bool(byte_t *, llarp_buffer_t)>;
 
 /// MDS(result, body, shared_secret)
-typedef bool (*llarp_hmac_func)(byte_t *, llarp_buffer_t, const byte_t *);
+using hmac_func = std::function<bool(byte_t *, llarp_buffer_t, const byte_t *)>;
 
 /// S(sig, secretkey, body)
-typedef bool (*llarp_sign_func)(byte_t *, const byte_t *, llarp_buffer_t);
+using sign_func = std::function<bool(byte_t *, const byte_t *, llarp_buffer_t)>;
 
 /// V(pubkey, body, sig)
-typedef bool (*llarp_verify_func)(const byte_t *, llarp_buffer_t,
+using verify_func = std::function<bool(const byte_t *, llarp_buffer_t,
-                                  const byte_t *);
+                                  const byte_t *)>;
 
 /// library crypto configuration
-struct llarp_crypto
+struct Crypto
 {
   /// xchacha symettric cipher
-  llarp_sym_cipher_func xchacha20;
+  sym_cipher_func xchacha20;
   /// path dh creator's side
-  llarp_path_dh_func dh_client;
+  path_dh_func dh_client;
   /// path dh relay side
-  llarp_path_dh_func dh_server;
+  path_dh_func dh_server;
   /// transport dh client side
-  llarp_transport_dh_func transport_dh_client;
+  transport_dh_func transport_dh_client;
   /// transport dh server side
-  llarp_transport_dh_func transport_dh_server;
+  transport_dh_func transport_dh_server;
   /// blake2b 512 bit
-  llarp_hash_func hash;
+  hash_func hash;
   /// blake2b 256 bit
-  llarp_shorthash_func shorthash;
+  shorthash_func shorthash;
   /// blake2s 256 bit hmac
-  llarp_hmac_func hmac;
+  hmac_func hmac;
   /// ed25519 sign
-  llarp_sign_func sign;
+  sign_func sign;
   /// ed25519 verify
-  llarp_verify_func verify;
+  verify_func verify;
   /// randomize buffer
-  void (*randomize)(llarp_buffer_t);
+  std::function<void(llarp_buffer_t)> randomize;
   /// randomizer memory
-  void (*randbytes)(void *, size_t);
+  std::function<void(void *, size_t)> randbytes;
   /// generate signing keypair
-  void (*identity_keygen)(byte_t *);
+  std::function<void(byte_t *)> identity_keygen;
   /// generate encryption keypair
-  void (*encryption_keygen)(byte_t *);
+  std::function<void(byte_t *)> encryption_keygen;
   /// generate post quantum encrytion key
-  void (*pqe_keygen)(byte_t *);
+  std::function<void(byte_t *)> pqe_keygen;
   /// post quantum decrypt (buffer, sharedkey_dst, sec)
-  bool (*pqe_decrypt)(const byte_t *, byte_t *, const byte_t *);
+  std::function<bool(const byte_t *, byte_t *, const byte_t *)> pqe_decrypt;
   /// post quantum encrypt (buffer, sharedkey_dst,  pub)
-  bool (*pqe_encrypt)(byte_t *, byte_t *, const byte_t *);
+  std::function<bool(byte_t *, byte_t *, const byte_t *)> pqe_encrypt;
-};
 
-/// initialize crypto subsystem
+  // Give a basic type tag for the constructor to pick libsodium
-void
+  struct sodium {};
-llarp_crypto_init(struct llarp_crypto *c);
 
-/// check for initialize crypto
+  Crypto(Crypto::sodium tag);
-bool
+};
-llarp_crypto_initialized(struct llarp_crypto *c);
 
 /// return random 64bit unsigned interger
 uint64_t
-llarp_randint();
+randint();
+
+}
 
 #endif

include/llarp/dht/bucket.hpp

@@ -36,7 +36,7 @@ namespace llarp
         }
         if(candidates.size() == 0)
           return false;
-        result = candidates[llarp_randint() % candidates.size()];
+        result = candidates[llarp::randint() % candidates.size()];
         return true;
       }
 
@@ -79,7 +79,7 @@ namespace llarp
         while(N)
         {
           auto itr = nodes.begin();
-          std::advance(itr, llarp_randint() % sz);
+          std::advance(itr, llarp::randint() % sz);
           if(result.insert(itr->first).second)
             --N;
         }

include/llarp/dht/context.hpp

@@ -138,7 +138,7 @@ namespace llarp
       Context();
       ~Context();
 
-      llarp_crypto*
+      llarp::Crypto*
       Crypto();
 
       /// on behalf of whoasked request introset for target from dht router with

include/llarp/encrypted_ack.hpp

@@ -7,8 +7,8 @@ namespace llarp
   {
     bool
     DecryptInPlace(const byte_t* symkey, const byte_t* nonce,
-                   llarp_crypto* crypto);
+                   llarp::Crypto* crypto);
   };
 }  // namespace llarp
 
-#endif
+#endif

include/llarp/encrypted_frame.hpp

@@ -39,11 +39,11 @@ namespace llarp
     }
 
     bool
-    DecryptInPlace(const byte_t* seckey, llarp_crypto* crypto);
+    DecryptInPlace(const byte_t* seckey, llarp::Crypto* crypto);
 
     bool
     EncryptInPlace(const byte_t* seckey, const byte_t* other,
-                   llarp_crypto* crypto);
+                   llarp::Crypto* crypto);
   };
 
   /// TOOD: can only handle 1 frame at a time
@@ -66,14 +66,14 @@ namespace llarp
       }
     }
 
-    llarp_crypto* crypto;
+    llarp::Crypto* crypto;
     byte_t* secretkey;
     EncryptHandler handler;
     EncryptedFrame* frame;
     User* user;
     byte_t* otherKey;
 
-    AsyncFrameEncrypter(llarp_crypto* c, byte_t* seckey, EncryptHandler h)
+    AsyncFrameEncrypter(llarp::Crypto* c, byte_t* seckey, EncryptHandler h)
         : crypto(c), secretkey(seckey), handler(h)
     {
     }
@@ -114,7 +114,7 @@ namespace llarp
         ctx->result(nullptr, ctx->context);
     }
 
-    AsyncFrameDecrypter(llarp_crypto* c, const byte_t* secretkey,
+    AsyncFrameDecrypter(llarp::Crypto* c, const byte_t* secretkey,
                         DecryptHandler h)
         : result(h), crypto(c), seckey(secretkey)
     {
@@ -122,7 +122,7 @@ namespace llarp
 
     DecryptHandler result;
     User* context;
-    llarp_crypto* crypto;
+    llarp::Crypto* crypto;
     const byte_t* seckey;
     EncryptedFrame* target;
 

include/llarp/handlers/exit.hpp

@@ -47,7 +47,7 @@ namespace llarp
       llarp_time_t
       Now() const;
 
-      llarp_crypto*
+      llarp::Crypto*
       Crypto();
 
       template < typename Stats >

include/llarp/iwp.hpp

@@ -10,7 +10,7 @@ namespace llarp {
 
 struct llarp_iwp_args
 {
-  struct llarp_crypto* crypto;
+  struct llarp::Crypto* crypto;
   llarp::Logic* logic;
   struct llarp_threadpool* cryptoworker;
   struct llarp::Router* router;

include/llarp/messages/exit.hpp

@@ -32,10 +32,10 @@ namespace llarp
 
       /// populates I and signs
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c) const;
+      Verify(llarp::Crypto* c) const;
 
       bool
       BEncode(llarp_buffer_t* buf) const override;
@@ -68,10 +68,10 @@ namespace llarp
       BEncode(llarp_buffer_t* buf) const override;
 
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
+      Verify(llarp::Crypto* c, const llarp::PubKey& pk) const;
 
       bool
       DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf) override;
@@ -101,10 +101,10 @@ namespace llarp
       operator=(const RejectExitMessage& other);
 
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
+      Verify(llarp::Crypto* c, const llarp::PubKey& pk) const;
 
       bool
       BEncode(llarp_buffer_t* buf) const override;
@@ -135,10 +135,10 @@ namespace llarp
       operator=(const UpdateExitVerifyMessage& other);
 
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
+      Verify(llarp::Crypto* c, const llarp::PubKey& pk) const;
 
       bool
       BEncode(llarp_buffer_t* buf) const override;
@@ -170,10 +170,10 @@ namespace llarp
       operator=(const UpdateExitMessage& other);
 
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
+      Verify(llarp::Crypto* c, const llarp::PubKey& pk) const;
 
       bool
       BEncode(llarp_buffer_t* buf) const override;
@@ -213,10 +213,10 @@ namespace llarp
       HandleMessage(IMessageHandler* h, llarp::Router* r) const override;
 
       bool
-      Sign(llarp_crypto* c, const llarp::SecretKey& sk);
+      Sign(llarp::Crypto* c, const llarp::SecretKey& sk);
 
       bool
-      Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
+      Verify(llarp::Crypto* c, const llarp::PubKey& pk) const;
     };
 
   }  // namespace routing

include/llarp/messages/link_intro.hpp

@@ -38,10 +38,10 @@ namespace llarp
     HandleMessage(llarp::Router* router) const;
 
     bool
-    Sign(llarp_crypto* c, const SecretKey& signKeySecret);
+    Sign(llarp::Crypto* c, const SecretKey& signKeySecret);
 
     bool
-    Verify(llarp_crypto* c) const;
+    Verify(llarp::Crypto* c) const;
   };
 }  // namespace llarp
 

include/llarp/nodedb.hpp

@@ -28,7 +28,7 @@ struct llarp_nodedb_iter
 
 struct llarp_nodedb
 {
-  llarp_nodedb(llarp_crypto *c) : crypto(c)
+  llarp_nodedb(llarp::Crypto *c) : crypto(c)
   {
   }
 
@@ -37,7 +37,7 @@ struct llarp_nodedb
     Clear();
   }
 
-  llarp_crypto *crypto;
+  llarp::Crypto *crypto;
   llarp::util::Mutex access;
   std::unordered_map< llarp::RouterID, llarp::RouterContact,
                       llarp::RouterID::Hash >
@@ -118,7 +118,7 @@ struct llarp_async_verify_rc
   struct llarp_nodedb *nodedb;
   // llarp::Logic for queue_job
   llarp::Logic *logic;  // includes a llarp_threadpool
-  // struct llarp_crypto *crypto; // probably don't need this because we have
+  // struct llarp::Crypto *crypto; // probably don't need this because we have
   // it in the nodedb
   struct llarp_threadpool *cryptoworker;
   struct llarp_threadpool *diskworker;

include/llarp/path.hpp

@@ -627,7 +627,7 @@ namespace llarp
       llarp_threadpool*
       Worker();
 
-      llarp_crypto*
+      llarp::Crypto*
       Crypto();
 
       llarp::Logic*

include/llarp/pow.hpp

@@ -17,7 +17,7 @@ namespace llarp
     ~PoW();
 
     bool
-    IsValid(llarp_shorthash_func hashfunc, llarp_time_t now) const;
+    IsValid(shorthash_func hashfunc, llarp_time_t now) const;
 
     bool
     DecodeKey(llarp_buffer_t k, llarp_buffer_t* val) override;

include/llarp/router_contact.hpp

@@ -85,10 +85,10 @@ namespace llarp
     SetNick(const std::string &nick);
 
     bool
-    Verify(llarp_crypto *crypto) const;
+    Verify(llarp::Crypto *crypto) const;
 
     bool
-    Sign(llarp_crypto *crypto, const llarp::SecretKey &secret);
+    Sign(llarp::Crypto *crypto, const llarp::SecretKey &secret);
 
     bool
     OtherIsNewer(const RouterContact &other) const
@@ -104,7 +104,7 @@ namespace llarp
 
    private:
     bool
-    VerifySignature(llarp_crypto *crypto) const;
+    VerifySignature(llarp::Crypto *crypto) const;
   };
 }  // namespace llarp
 

include/llarp/service/Identity.hpp

@@ -26,7 +26,7 @@ namespace llarp
 
       // regenerate secret keys
       void
-      RegenerateKeys(llarp_crypto* c);
+      RegenerateKeys(llarp::Crypto* c);
 
       // load from file
       bool
@@ -36,20 +36,20 @@ namespace llarp
       BEncode(llarp_buffer_t* buf) const override;
 
       bool
-      EnsureKeys(const std::string& fpath, llarp_crypto* c);
+      EnsureKeys(const std::string& fpath, llarp::Crypto* c);
 
       bool
-      KeyExchange(llarp_path_dh_func dh, byte_t* sharedkey,
+      KeyExchange(llarp::path_dh_func dh, byte_t* sharedkey,
                   const ServiceInfo& other, const byte_t* N) const;
 
       bool
       DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf) override;
 
       bool
-      SignIntroSet(IntroSet& i, llarp_crypto* c, llarp_time_t now) const;
+      SignIntroSet(IntroSet& i, llarp::Crypto* c, llarp_time_t now) const;
 
       bool
-      Sign(llarp_crypto*, byte_t* sig, llarp_buffer_t buf) const;
+      Sign(llarp::Crypto*, byte_t* sig, llarp_buffer_t buf) const;
     };
   }  // namespace service
 }  // namespace llarp

include/llarp/service/Info.hpp

@@ -45,7 +45,7 @@ namespace llarp
       }
 
       bool
-      Verify(llarp_crypto* crypto, llarp_buffer_t payload,
+      Verify(llarp::Crypto* crypto, llarp_buffer_t payload,
              const Signature& sig) const
       {
         return crypto->verify(signkey, payload, sig);

include/llarp/service/IntroSet.hpp

@@ -148,7 +148,7 @@ namespace llarp
       DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf) override;
 
       bool
-      Verify(llarp_crypto* crypto, llarp_time_t now) const;
+      Verify(llarp::Crypto* crypto, llarp_time_t now) const;
     };
   }  // namespace service
 }  // namespace llarp

include/llarp/service/endpoint.hpp

@@ -58,7 +58,7 @@ namespace llarp
       llarp_ev_loop*
       EndpointNetLoop();
 
-      llarp_crypto*
+      llarp::Crypto*
       Crypto();
 
       llarp_threadpool*

include/llarp/service/protocol.hpp

@@ -94,17 +94,17 @@ namespace llarp
       operator=(const ProtocolFrame& other);
 
       bool
-      EncryptAndSign(llarp_crypto* c, const ProtocolMessage& msg,
+      EncryptAndSign(llarp::Crypto* c, const ProtocolMessage& msg,
                      const byte_t* sharedkey, const Identity& localIdent);
 
       bool
-      AsyncDecryptAndVerify(llarp::Logic* logic, llarp_crypto* c,
+      AsyncDecryptAndVerify(llarp::Logic* logic, llarp::Crypto* c,
                             const PathID_t& srcpath, llarp_threadpool* worker,
                             const Identity& localIdent,
                             IDataHandler* handler) const;
 
       bool
-      DecryptPayloadInto(llarp_crypto* c, const byte_t* sharedkey,
+      DecryptPayloadInto(llarp::Crypto* c, const byte_t* sharedkey,
                          ProtocolMessage& into) const;
 
       bool
@@ -114,7 +114,7 @@ namespace llarp
       BEncode(llarp_buffer_t* buf) const override;
 
       bool
-      Verify(llarp_crypto* c, const ServiceInfo& from) const;
+      Verify(llarp::Crypto* c, const ServiceInfo& from) const;
 
       bool
       HandleMessage(llarp::routing::IMessageHandler* h,

llarp/context.cpp

@@ -81,8 +81,8 @@ namespace llarp
   int
   Context::LoadDatabase()
   {
-    llarp_crypto_init(&crypto);
+    crypto = std::unique_ptr<llarp::Crypto>(new llarp::Crypto{llarp::Crypto::sodium{}});
-    nodedb = new llarp_nodedb(&crypto);
+    nodedb = new llarp_nodedb(crypto.get());
 
     if(!llarp_nodedb::ensure_dir(nodedb_dir.c_str()))
     {

llarp/crypto_libsodium.cpp

@@ -173,43 +173,44 @@ namespace llarp
     return k;
   }
 
-}  // namespace llarp
+  Crypto::Crypto(Crypto::sodium tag)
-
-void
-llarp_crypto_init(struct llarp_crypto *c)
 {
+  (void)tag;
   assert(sodium_init() != -1);
-  char *avx2 = getenv("AVX2_FORCE_DISABLE");
+  char *avx2 = std::getenv("AVX2_FORCE_DISABLE");
   if(avx2 && std::string(avx2) == "1")
     ntru_init(1);
   else
     ntru_init(0);
-  c->xchacha20           = llarp::sodium::xchacha20;
+  this->xchacha20           = llarp::sodium::xchacha20;
-  c->dh_client           = llarp::sodium::dh_client;
+  this->dh_client           = llarp::sodium::dh_client;
-  c->dh_server           = llarp::sodium::dh_server;
+  this->dh_server           = llarp::sodium::dh_server;
-  c->transport_dh_client = llarp::sodium::dh_client;
+  this->transport_dh_client = llarp::sodium::dh_client;
-  c->transport_dh_server = llarp::sodium::dh_server;
+  this->transport_dh_server = llarp::sodium::dh_server;
-  c->hash                = llarp::sodium::hash;
+  this->hash                = llarp::sodium::hash;
-  c->shorthash           = llarp::sodium::shorthash;
+  this->shorthash           = llarp::sodium::shorthash;
-  c->hmac                = llarp::sodium::hmac;
+  this->hmac                = llarp::sodium::hmac;
-  c->sign                = llarp::sodium::sign;
+  this->sign                = llarp::sodium::sign;
-  c->verify              = llarp::sodium::verify;
+  this->verify              = llarp::sodium::verify;
-  c->randomize           = llarp::sodium::randomize;
+  this->randomize           = llarp::sodium::randomize;
-  c->randbytes           = llarp::sodium::randbytes;
+  this->randbytes           = llarp::sodium::randbytes;
-  c->identity_keygen     = llarp::sodium::sigkeygen;
+  this->identity_keygen     = llarp::sodium::sigkeygen;
-  c->encryption_keygen   = llarp::sodium::enckeygen;
+  this->encryption_keygen   = llarp::sodium::enckeygen;
-  c->pqe_encrypt         = llarp::pq::encrypt;
+  this->pqe_encrypt         = llarp::pq::encrypt;
-  c->pqe_decrypt         = llarp::pq::decrypt;
+  this->pqe_decrypt         = llarp::pq::decrypt;
-  c->pqe_keygen          = llarp::pq::keygen;
+  this->pqe_keygen          = llarp::pq::keygen;
-  int seed;
+  int seed = 0;
-  c->randbytes(&seed, sizeof(seed));
+  this->randbytes(&seed, sizeof(seed));
   srand(seed);
 }
 
 uint64_t
-llarp_randint()
+randint()
 {
   uint64_t i;
   randombytes((byte_t *)&i, sizeof(i));
   return i;
 }
+
+
+}  // namespace llarp

llarp/dht/context.cpp

@@ -149,7 +149,7 @@ namespace llarp
       }
       auto itr = nodes.begin();
       // start at random middle point
-      auto start = llarp_randint() % nodes.size();
+      auto start = llarp::randint() % nodes.size();
       std::advance(itr, start);
       auto end            = itr;
       std::string tagname = tag.ToString();
@@ -807,7 +807,7 @@ namespace llarp
       }
     }
 
-    llarp_crypto *
+    llarp::Crypto *
     Context::Crypto()
     {
       return &router->crypto;

llarp/dns/server.cpp

@@ -59,7 +59,7 @@ namespace llarp
       if(sz == 1)
         return m_Resolvers[0];
       auto itr = m_Resolvers.begin();
-      std::advance(itr, llarp_randint() % sz);
+      std::advance(itr, llarp::randint() % sz);
       return *itr;
     }
 

llarp/encrypted_frame.cpp

@@ -41,7 +41,7 @@ namespace llarp
   bool
   EncryptedFrame::EncryptInPlace(const byte_t* ourSecretKey,
                                  const byte_t* otherPubkey,
-                                 llarp_crypto* crypto)
+                                 llarp::Crypto* crypto)
   {
     // format of frame is
     // <32 bytes keyed hash of following data>
@@ -99,7 +99,7 @@ namespace llarp
 
   bool
   EncryptedFrame::DecryptInPlace(const byte_t* ourSecretKey,
-                                 llarp_crypto* crypto)
+                                 llarp::Crypto* crypto)
   {
     if(size() <= size_t(EncryptedFrame::OverheadSize))
     {

llarp/exit/close_exit.cpp

@@ -39,7 +39,7 @@ namespace llarp
     }
 
     bool
-    CloseExitMessage::Verify(llarp_crypto* c, const llarp::PubKey& pk) const
+    CloseExitMessage::Verify(llarp::Crypto* c, const llarp::PubKey& pk) const
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);
@@ -53,7 +53,7 @@ namespace llarp
     }
 
     bool
-    CloseExitMessage::Sign(llarp_crypto* c, const llarp::SecretKey& sk)
+    CloseExitMessage::Sign(llarp::Crypto* c, const llarp::SecretKey& sk)
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/exit/grant_exit.cpp

@@ -43,7 +43,7 @@ namespace llarp
     }
 
     bool
-    GrantExitMessage::Verify(llarp_crypto* c, const llarp::PubKey& pk) const
+    GrantExitMessage::Verify(llarp::Crypto* c, const llarp::PubKey& pk) const
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);
@@ -57,7 +57,7 @@ namespace llarp
     }
 
     bool
-    GrantExitMessage::Sign(llarp_crypto* c, const llarp::SecretKey& sk)
+    GrantExitMessage::Sign(llarp::Crypto* c, const llarp::SecretKey& sk)
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/exit/obtain_exit.cpp

@@ -22,7 +22,7 @@ namespace llarp
     }
 
     bool
-    ObtainExitMessage::Sign(llarp_crypto* c, const llarp::SecretKey& sk)
+    ObtainExitMessage::Sign(llarp::Crypto* c, const llarp::SecretKey& sk)
     {
       byte_t tmp[1024] = {0};
       auto buf         = llarp::StackBuffer< decltype(tmp) >(tmp);
@@ -35,7 +35,7 @@ namespace llarp
     }
 
     bool
-    ObtainExitMessage::Verify(llarp_crypto* c) const
+    ObtainExitMessage::Verify(llarp::Crypto* c) const
     {
       byte_t tmp[1024] = {0};
       auto buf         = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/exit/reject_exit.cpp

@@ -64,7 +64,7 @@ namespace llarp
     }
 
     bool
-    RejectExitMessage::Sign(llarp_crypto* c, const llarp::SecretKey& sk)
+    RejectExitMessage::Sign(llarp::Crypto* c, const llarp::SecretKey& sk)
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);
@@ -77,7 +77,7 @@ namespace llarp
     }
 
     bool
-    RejectExitMessage::Verify(llarp_crypto* c, const llarp::PubKey& pk) const
+    RejectExitMessage::Verify(llarp::Crypto* c, const llarp::PubKey& pk) const
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/exit/session.cpp

@@ -60,7 +60,7 @@ namespace llarp
                                         std::placeholders::_2));
       llarp::routing::ObtainExitMessage obtain;
       obtain.S = p->NextSeqNo();
-      obtain.T = llarp_randint();
+      obtain.T = llarp::randint();
       PopulateRequest(obtain);
       if(!obtain.Sign(&router->crypto, m_ExitIdentity))
       {

llarp/exit/update_exit.cpp

@@ -43,7 +43,7 @@ namespace llarp
     }
 
     bool
-    UpdateExitMessage::Verify(llarp_crypto* c, const llarp::PubKey& pk) const
+    UpdateExitMessage::Verify(llarp::Crypto* c, const llarp::PubKey& pk) const
 
     {
       byte_t tmp[512] = {0};
@@ -70,7 +70,7 @@ namespace llarp
     }
 
     bool
-    UpdateExitMessage::Sign(llarp_crypto* c, const llarp::SecretKey& sk)
+    UpdateExitMessage::Sign(llarp::Crypto* c, const llarp::SecretKey& sk)
     {
       byte_t tmp[512] = {0};
       auto buf        = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/handlers/exit.cpp

@@ -114,7 +114,7 @@ namespace llarp
       return m_Router;
     }
 
-    llarp_crypto *
+    llarp::Crypto *
     ExitEndpoint::Crypto()
     {
       return &m_Router->crypto;

llarp/link/utp.cpp

@@ -207,7 +207,7 @@ namespace llarp
 
       // mix keys
       bool
-      DoKeyExchange(llarp_transport_dh_func dh, const KeyExchangeNonce& n,
+      DoKeyExchange(transport_dh_func dh, const KeyExchangeNonce& n,
                     const PubKey& other, const byte_t* secret)
       {
         ShortHash t_h;

llarp/link_intro.cpp

@@ -122,7 +122,7 @@ namespace llarp
   }
 
   bool
-  LinkIntroMessage::Sign(llarp_crypto* c, const SecretKey& k)
+  LinkIntroMessage::Sign(llarp::Crypto* c, const SecretKey& k)
   {
     Z.Zero();
     byte_t tmp[MaxSize] = {0};
@@ -135,7 +135,7 @@ namespace llarp
   }
 
   bool
-  LinkIntroMessage::Verify(llarp_crypto* c) const
+  LinkIntroMessage::Verify(llarp::Crypto* c) const
   {
     LinkIntroMessage copy;
     copy = *this;

llarp/nodedb.cpp

@@ -360,7 +360,7 @@ llarp_nodedb::select_random_exit(llarp::RouterContact &result)
   auto itr      = entries.begin();
   if(sz < 3)
     return false;
-  auto idx = llarp_randint() % sz;
+  auto idx = llarp::randint() % sz;
   if(idx)
     std::advance(itr, idx - 1);
   while(itr != entries.end())
@@ -403,7 +403,7 @@ llarp_nodedb::select_random_hop(const llarp::RouterContact &prev,
       auto itr = entries.begin();
       if(sz > 1)
       {
-        auto idx = llarp_randint() % sz;
+        auto idx = llarp::randint() % sz;
         if(idx)
           std::advance(itr, idx - 1);
       }
@@ -426,7 +426,7 @@ llarp_nodedb::select_random_hop(const llarp::RouterContact &prev,
     auto itr = entries.begin();
     if(sz > 1)
     {
-      auto idx = llarp_randint() % sz;
+      auto idx = llarp::randint() % sz;
       if(idx)
         std::advance(itr, idx - 1);
     }

llarp/path.cpp

@@ -39,7 +39,7 @@ namespace llarp
       return m_Router->tp;
     }
 
-    llarp_crypto*
+    llarp::Crypto*
     PathContext::Crypto()
     {
       return &m_Router->crypto;
@@ -442,7 +442,7 @@ namespace llarp
       if(dlt > 5000 && m_LastLatencyTestID == 0)
       {
         llarp::routing::PathLatencyMessage latency;
-        latency.T             = llarp_randint();
+        latency.T             = llarp::randint();
         m_LastLatencyTestID   = latency.T;
         m_LastLatencyTestTime = now;
         SendRoutingMessage(&latency, r);
@@ -639,7 +639,7 @@ namespace llarp
         MarkActive(now);
         // send path latency test
         llarp::routing::PathLatencyMessage latency;
-        latency.T             = llarp_randint();
+        latency.T             = llarp::randint();
         m_LastLatencyTestID   = latency.T;
         m_LastLatencyTestTime = now;
         return SendRoutingMessage(&latency, r);

llarp/pathbuilder.cpp

@@ -23,7 +23,7 @@ namespace llarp
     llarp::Router* router    = nullptr;
     llarp_threadpool* worker = nullptr;
     llarp::Logic* logic      = nullptr;
-    llarp_crypto* crypto     = nullptr;
+    llarp::Crypto* crypto     = nullptr;
     LR_CommitMessage LRCM;
 
     static void
@@ -111,7 +111,7 @@ namespace llarp
       }
     }
 
-    AsyncPathKeyExchangeContext(llarp_crypto* c) : crypto(c)
+    AsyncPathKeyExchangeContext(llarp::Crypto* c) : crypto(c)
     {
     }
 

llarp/pathset.cpp

@@ -317,7 +317,7 @@ namespace llarp
       auto sz = established.size();
       if(sz)
       {
-        return established[llarp_randint() % sz];
+        return established[llarp::randint() % sz];
       }
       else
         return nullptr;

llarp/proofofwork.cpp

@@ -26,7 +26,7 @@ namespace llarp
   }
 
   bool
-  PoW::IsValid(llarp_shorthash_func hashfunc, llarp_time_t now) const
+  PoW::IsValid(shorthash_func hashfunc, llarp_time_t now) const
   {
     if(now - timestamp > (uint64_t(extendedLifetime) * 1000))
       return false;

llarp/router.cpp

@@ -120,7 +120,7 @@ llarp_router_try_connect(llarp::Router *router,
 }
 
 bool
-llarp_findOrCreateIdentity(llarp_crypto *crypto, const char *fpath,
+llarp_findOrCreateIdentity(llarp::Crypto *crypto, const char *fpath,
                            byte_t *secretkey)
 {
   llarp::LogDebug("find or create ", fpath);
@@ -148,7 +148,7 @@ llarp_findOrCreateIdentity(llarp_crypto *crypto, const char *fpath,
 
 // C++ ...
 bool
-llarp_findOrCreateEncryption(llarp_crypto *crypto, const char *fpath,
+llarp_findOrCreateEncryption(llarp::Crypto *crypto, const char *fpath,
                              llarp::SecretKey &encryption)
 {
   llarp::LogDebug("find or create ", fpath);
@@ -190,12 +190,12 @@ namespace llarp
       , netloop(_netloop)
       , tp(_tp)
       , logic(_logic)
+      , crypto(llarp::Crypto::sodium{})
       , paths(this)
       , exitContext(this)
       , dht(llarp_dht_context_new(this))
       , inbound_link_msg_parser(this)
       , hiddenServiceContext(this)
-
   {
     // set rational defaults
     this->ip4addr.sin_family = AF_INET;
@@ -206,7 +206,6 @@ namespace llarp
 #else
     disk = llarp_init_threadpool(1, "llarp-diskio");
 #endif
-    llarp_crypto_init(&crypto);
   }
 
   Router::~Router()
@@ -786,7 +785,7 @@ namespace llarp
     {
       auto itr = validRouters.begin();
       if(sz > 1)
-        std::advance(itr, llarp_randint() % sz);
+        std::advance(itr, llarp::randint() % sz);
       result = itr->second;
       return true;
     }
@@ -1039,7 +1038,7 @@ namespace llarp
           // check if we really want to
           if(!self->ConnectionToRouterAllowed(other.pubkey))
             return want > 0;
-          if(llarp_randint() % 2 == 0
+          if(llarp::randint() % 2 == 0
              && !(self->HasSessionTo(other.pubkey)
                   || self->HasPendingConnectJob(other.pubkey)))
           {

llarp/router.hpp

@@ -33,11 +33,11 @@
 #include <str.hpp>
 
 bool
-llarp_findOrCreateEncryption(llarp_crypto *crypto, const char *fpath,
+llarp_findOrCreateEncryption(llarp::Crypto *crypto, const char *fpath,
                              llarp::SecretKey &encryption);
 
 bool
-llarp_findOrCreateIdentity(struct llarp_crypto *crypto, const char *path,
+llarp_findOrCreateIdentity(struct llarp::Crypto *crypto, const char *path,
                            byte_t *secretkey);
 
 struct TryConnectJob;
@@ -82,7 +82,7 @@ namespace llarp
     llarp_ev_loop *netloop;
     llarp_threadpool *tp;
     llarp::Logic *logic;
-    llarp_crypto crypto;
+    llarp::Crypto crypto;
     llarp::path::PathContext paths;
     llarp::exit::Context exitContext;
     llarp::SecretKey identity;

llarp/router_contact.cpp

@@ -150,7 +150,7 @@ namespace llarp
   }
 
   bool
-  RouterContact::Sign(llarp_crypto *crypto, const SecretKey &secretkey)
+  RouterContact::Sign(llarp::Crypto *crypto, const SecretKey &secretkey)
   {
     pubkey                  = llarp::seckey_topublic(secretkey);
     byte_t tmp[MAX_RC_SIZE] = {0};
@@ -165,7 +165,7 @@ namespace llarp
   }
 
   bool
-  RouterContact::Verify(llarp_crypto *crypto) const
+  RouterContact::Verify(llarp::Crypto *crypto) const
   {
     for(const auto &a : addrs)
     {
@@ -184,7 +184,7 @@ namespace llarp
   }
 
   bool
-  RouterContact::VerifySignature(llarp_crypto *crypto) const
+  RouterContact::VerifySignature(llarp::Crypto *crypto) const
   {
     RouterContact copy;
     copy = *this;

llarp/service.cpp

@@ -199,7 +199,7 @@ namespace llarp
     }
 
     void
-    Identity::RegenerateKeys(llarp_crypto* crypto)
+    Identity::RegenerateKeys(llarp::Crypto* crypto)
     {
       crypto->encryption_keygen(enckey);
       crypto->identity_keygen(signkey);
@@ -209,20 +209,20 @@ namespace llarp
     }
 
     bool
-    Identity::KeyExchange(llarp_path_dh_func dh, byte_t* result,
+    Identity::KeyExchange(path_dh_func dh, byte_t* result,
                           const ServiceInfo& other, const byte_t* N) const
     {
       return dh(result, other.EncryptionPublicKey(), enckey, N);
     }
 
     bool
-    Identity::Sign(llarp_crypto* c, byte_t* sig, llarp_buffer_t buf) const
+    Identity::Sign(llarp::Crypto* c, byte_t* sig, llarp_buffer_t buf) const
     {
       return c->sign(sig, signkey, buf);
     }
 
     bool
-    Identity::EnsureKeys(const std::string& fname, llarp_crypto* c)
+    Identity::EnsureKeys(const std::string& fname, llarp::Crypto* c)
     {
       byte_t tmp[4096];
       auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);
@@ -272,7 +272,7 @@ namespace llarp
     }
 
     bool
-    Identity::SignIntroSet(IntroSet& i, llarp_crypto* crypto,
+    Identity::SignIntroSet(IntroSet& i, llarp::Crypto* crypto,
                            llarp_time_t now) const
     {
       if(i.I.size() == 0)
@@ -297,7 +297,7 @@ namespace llarp
     }
 
     bool
-    IntroSet::Verify(llarp_crypto* crypto, llarp_time_t now) const
+    IntroSet::Verify(llarp::Crypto* crypto, llarp_time_t now) const
     {
       byte_t tmp[MAX_INTROSET_SIZE];
       auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);

llarp/service/endpoint.cpp

@@ -261,7 +261,7 @@ namespace llarp
     uint64_t
     Endpoint::GenTXID()
     {
-      uint64_t txid = llarp_randint();
+      uint64_t txid = llarp::randint();
       while(m_PendingLookups.find(txid) != m_PendingLookups.end())
         ++txid;
       return txid;
@@ -1363,7 +1363,7 @@ namespace llarp
     struct AsyncKeyExchange
     {
       llarp::Logic* logic;
-      llarp_crypto* crypto;
+      llarp::Crypto* crypto;
       SharedSecret sharedKey;
       ServiceInfo remote;
       const Identity& m_LocalIdentity;
@@ -1376,7 +1376,7 @@ namespace llarp
       IDataHandler* handler;
       ConvoTag tag;
 
-      AsyncKeyExchange(llarp::Logic* l, llarp_crypto* c, const ServiceInfo& r,
+      AsyncKeyExchange(llarp::Logic* l, llarp::Crypto* c, const ServiceInfo& r,
                        const Identity& localident,
                        const PQPubKey& introsetPubKey,
                        const Introduction& remote, IDataHandler* h,
@@ -1722,7 +1722,7 @@ namespace llarp
       return m_IsolatedLogic ? m_IsolatedLogic : m_Router->logic;
     }
 
-    llarp_crypto*
+    llarp::Crypto*
     Endpoint::Crypto()
     {
       return &m_Router->crypto;

llarp/service/protocol.cpp

@@ -153,7 +153,7 @@ namespace llarp
     }
 
     bool
-    ProtocolFrame::DecryptPayloadInto(llarp_crypto* crypto,
+    ProtocolFrame::DecryptPayloadInto(llarp::Crypto* crypto,
                                       const byte_t* sharedkey,
                                       ProtocolMessage& msg) const
     {
@@ -164,7 +164,7 @@ namespace llarp
     }
 
     bool
-    ProtocolFrame::EncryptAndSign(llarp_crypto* crypto,
+    ProtocolFrame::EncryptAndSign(llarp::Crypto* crypto,
                                   const ProtocolMessage& msg,
                                   const byte_t* sessionKey,
                                   const Identity& localIdent)
@@ -208,14 +208,14 @@ namespace llarp
 
     struct AsyncFrameDecrypt
     {
-      llarp_crypto* crypto;
+        llarp::Crypto* crypto;
       llarp::Logic* logic;
       ProtocolMessage* msg;
       const Identity& m_LocalIdentity;
       IDataHandler* handler;
       const ProtocolFrame frame;
 
-      AsyncFrameDecrypt(llarp::Logic* l, llarp_crypto* c,
+      AsyncFrameDecrypt(llarp::Logic* l, llarp::Crypto* c,
                         const Identity& localIdent, IDataHandler* h,
                         ProtocolMessage* m, const ProtocolFrame& f)
           : crypto(c)
@@ -306,7 +306,7 @@ namespace llarp
     }
 
     bool
-    ProtocolFrame::AsyncDecryptAndVerify(llarp::Logic* logic, llarp_crypto* c,
+    ProtocolFrame::AsyncDecryptAndVerify(llarp::Logic* logic, llarp::Crypto* c,
                                          const PathID_t& srcPath,
                                          llarp_threadpool* worker,
                                          const Identity& localIdent,
@@ -361,7 +361,7 @@ namespace llarp
     }
 
     bool
-    ProtocolFrame::Verify(llarp_crypto* crypto, const ServiceInfo& from) const
+    ProtocolFrame::Verify(llarp::Crypto* crypto, const ServiceInfo& from) const
     {
       ProtocolFrame copy(*this);
       // save signature

test/alignedbuffer_unittest.cpp

@@ -7,11 +7,11 @@ using Map_t    = std::unordered_map< Buffer_t, int, Buffer_t::Hash >;
 struct AlignedBufferTest : public ::testing::Test
 {
   AlignedBufferTest()
+  : crypto(llarp::Crypto::sodium{})
   {
-    llarp_crypto_init(&crypto);
   }
 
-  llarp_crypto crypto;
+  llarp::Crypto crypto;
 };
 
 TEST_F(AlignedBufferTest, TestHash)

test/base32_unittest.cpp

@@ -6,11 +6,11 @@
 struct Base32Test : public ::testing::Test
 {
   Base32Test()
+  : crypto(llarp::Crypto::sodium{})
   {
-    llarp_crypto_init(&crypto);
   }
 
-  llarp_crypto crypto;
+  llarp::Crypto crypto;
 };
 
 TEST_F(Base32Test, Serialize)

test/encrypted_frame_unittest.cpp

@@ -11,12 +11,12 @@ using LRCR           = llarp::LR_CommitRecord;
 class FrameTest : public ::testing::Test
 {
  public:
-  llarp_crypto crypto;
+     llarp::Crypto crypto;
   SecretKey alice, bob;
 
   FrameTest()
+  : crypto(llarp::Crypto::sodium{})
   {
-    llarp_crypto_init(&crypto);
   }
 
   ~FrameTest()

test/hiddenservice_unittest.cpp

@@ -5,15 +5,15 @@
 
 struct HiddenServiceTest : public ::testing::Test
 {
-  llarp_crypto crypto;
+    llarp::Crypto crypto;
   llarp::service::Identity ident;
 
   HiddenServiceTest()
+  : crypto(llarp::Crypto::sodium{})
   {
-    llarp_crypto_init(&crypto);
   }
 
-  llarp_crypto*
+  llarp::Crypto*
   Crypto()
   {
     return &crypto;

test/jsonrpc_unittest.cpp

@@ -6,7 +6,7 @@
 
 struct AbyssTestBase : public ::testing::Test
 {
-  llarp_crypto crypto;
+    llarp::Crypto crypto;
   llarp_threadpool* threadpool         = nullptr;
   llarp_ev_loop* loop                  = nullptr;
   llarp::Logic* logic                  = nullptr;
@@ -24,7 +24,7 @@ struct AbyssTestBase : public ::testing::Test
   void
   SetUp()
   {
-    // for llarp_randint
+    // for llarp::randint
     llarp_crypto_init(&crypto);
   }
 
@@ -45,7 +45,7 @@ struct AbyssTestBase : public ::testing::Test
 
     sockaddr_in addr;
     addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-    addr.sin_port        = htons((llarp_randint() % 2000) + 2000);
+    addr.sin_port        = htons((llarp::randint() % 2000) + 2000);
     addr.sin_family      = AF_INET;
     llarp::Addr a(addr);
     while(true)

test/obtain_exit_unittest.cpp

@@ -6,12 +6,12 @@ using ObtainExitMessage = llarp::routing::ObtainExitMessage;
 class ObtainExitTest : public ::testing::Test
 {
  public:
-  llarp_crypto crypto;
+     llarp::Crypto crypto;
   llarp::SecretKey alice;
 
   ObtainExitTest()
+  : crypto(llarp::Crypto::sodium{})
   {
-    llarp_crypto_init(&crypto);
   }
 
   ~ObtainExitTest()
@@ -29,11 +29,11 @@ TEST_F(ObtainExitTest, TestSignVerify)
 {
   ObtainExitMessage msg;
   msg.Z.Zero();
-  msg.S = llarp_randint();
+  msg.S = llarp::randint();
-  msg.T = llarp_randint();
+  msg.T = llarp::randint();
   ASSERT_TRUE(msg.Sign(&crypto, alice));
   ASSERT_TRUE(msg.Verify(&crypto));
   ASSERT_TRUE(msg.I == llarp::PubKey(llarp::seckey_topublic(alice)));
   ASSERT_FALSE(msg.version != LLARP_PROTO_VERSION);
   ASSERT_FALSE(msg.Z.IsZero());
-};
+};

test/pq_unittest.cpp

@@ -6,15 +6,15 @@ namespace llarp
 {
   struct PQCryptoTest : public ::testing::Test
   {
-    llarp_crypto crypto;
+      llarp::Crypto crypto;
     PQKeyPair keys;
 
     PQCryptoTest()
+    : crypto(llarp::Crypto::sodium{})
     {
-      llarp_crypto_init(&crypto);
     }
 
-    llarp_crypto*
+    llarp::Crypto*
     Crypto()
     {
       return &crypto;