Minimize headers that include crypto_formats and x25519 stuff

src/lib/crypt_ops/crypto_curve25519.h

@@ -8,13 +8,7 @@
 #include "lib/cc/torint.h"
 #include "lib/crypt_ops/crypto_digest.h"
 #include "lib/crypt_ops/crypto_openssl_mgt.h"
-
-/** Length of a curve25519 public key when encoded. */
-#define CURVE25519_PUBKEY_LEN 32
-/** Length of a curve25519 secret key when encoded. */
-#define CURVE25519_SECKEY_LEN 32
-/** Length of the result of a curve25519 handshake. */
-#define CURVE25519_OUTPUT_LEN 32
+#include "lib/defs/x25519_sizes.h"
 
 /** Wrapper type for a curve25519 public key.
  *
@@ -75,8 +69,6 @@ STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
 STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
 #endif /* defined(CRYPTO_CURVE25519_PRIVATE) */
 
-#define CURVE25519_BASE64_PADDED_LEN 44
-
 int curve25519_public_from_base64(curve25519_public_key_t *pkey,
                                   const char *input);
 int curve25519_public_to_base64(char *output,
@@ -86,4 +78,3 @@ void curve25519_set_impl_params(int use_ed);
 void curve25519_init(void);
 
 #endif /* !defined(TOR_CRYPTO_CURVE25519_H) */
-

src/lib/crypt_ops/crypto_ed25519.h

@@ -7,24 +7,20 @@
 #include "lib/testsupport/testsupport.h"
 #include "lib/cc/torint.h"
 #include "lib/crypt_ops/crypto_curve25519.h"
-
-#define ED25519_PUBKEY_LEN 32
-#define ED25519_SECKEY_LEN 64
-#define ED25519_SECKEY_SEED_LEN 32
-#define ED25519_SIG_LEN 64
+#include "lib/defs/x25519_sizes.h"
 
 /** An Ed25519 signature. */
-typedef struct {
+typedef struct ed25519_signature_t {
   uint8_t sig[ED25519_SIG_LEN];
 } ed25519_signature_t;
 
 /** An Ed25519 public key */
-typedef struct {
+typedef struct ed25519_public_key_t {
   uint8_t pubkey[ED25519_PUBKEY_LEN];
 } ed25519_public_key_t;
 
 /** An Ed25519 secret key */
-typedef struct {
+typedef struct ed25519_secret_key_t {
   /** Note that we store secret keys in an expanded format that doesn't match
    * the format from standard ed25519.  Ed25519 stores a 32-byte value k and
    * expands it into a 64-byte H(k), using the first 32 bytes for a multiplier
@@ -35,7 +31,7 @@ typedef struct {
 } ed25519_secret_key_t;
 
 /** An Ed25519 keypair. */
-typedef struct {
+typedef struct ed25519_keypair_t {
   ed25519_public_key_t pubkey;
   ed25519_secret_key_t seckey;
 } ed25519_keypair_t;

src/lib/crypt_ops/crypto_format.h

@@ -9,7 +9,10 @@
 
 #include "lib/testsupport/testsupport.h"
 #include "lib/cc/torint.h"
-#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/defs/x25519_sizes.h"
+
+struct ed25519_public_key_t;
+struct ed25519_signature_t;
 
 int crypto_write_tagged_contents_to_file(const char *fname,
                                          const char *typestring,
@@ -23,20 +26,16 @@ ssize_t crypto_read_tagged_contents_from_file(const char *fname,
                                               uint8_t *data_out,
                                               ssize_t data_out_len);
 
-#define ED25519_BASE64_LEN 43
-int ed25519_public_from_base64(ed25519_public_key_t *pkey,
+int ed25519_public_from_base64(struct ed25519_public_key_t *pkey,
                                const char *input);
 int ed25519_public_to_base64(char *output,
-                             const ed25519_public_key_t *pkey);
-const char *ed25519_fmt(const ed25519_public_key_t *pkey);
-
-/* XXXX move these to crypto_format.h */
-#define ED25519_SIG_BASE64_LEN 86
+                             const struct ed25519_public_key_t *pkey);
+const char *ed25519_fmt(const struct ed25519_public_key_t *pkey);
 
-int ed25519_signature_from_base64(ed25519_signature_t *sig,
+int ed25519_signature_from_base64(struct ed25519_signature_t *sig,
                                   const char *input);
 int ed25519_signature_to_base64(char *output,
-                                const ed25519_signature_t *sig);
+                                const struct ed25519_signature_t *sig);
 
 int digest_to_base64(char *d64, const char *digest);
 int digest_from_base64(char *digest, const char *d64);
@@ -44,4 +43,3 @@ int digest256_to_base64(char *d64, const char *digest);
 int digest256_from_base64(char *digest, const char *d64);
 
 #endif /* !defined(TOR_CRYPTO_FORMAT_H) */
-

src/lib/defs/include.am

@@ -1,4 +1,5 @@
 
 noinst_HEADERS += 			\
 	src/lib/defs/dh_sizes.h 	\
-	src/lib/defs/digest_sizes.h
+	src/lib/defs/digest_sizes.h	\
+	src/lib/defs/x25519_sizes.h

src/lib/defs/x25519_sizes.h

@@ -0,0 +1,27 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_X25519_SIZES_H
+#define TOR_X25519_SIZES_H
+
+/** Length of a curve25519 public key when encoded. */
+#define CURVE25519_PUBKEY_LEN 32
+/** Length of a curve25519 secret key when encoded. */
+#define CURVE25519_SECKEY_LEN 32
+/** Length of the result of a curve25519 handshake. */
+#define CURVE25519_OUTPUT_LEN 32
+
+#define ED25519_PUBKEY_LEN 32
+#define ED25519_SECKEY_LEN 64
+#define ED25519_SECKEY_SEED_LEN 32
+#define ED25519_SIG_LEN 64
+
+#define CURVE25519_BASE64_PADDED_LEN 44
+
+#define ED25519_BASE64_LEN 43
+#define ED25519_SIG_BASE64_LEN 86
+
+#endif

src/or/bridges.h

@@ -13,6 +13,7 @@
 #define TOR_BRIDGES_H
 
 struct bridge_line_t;
+struct ed25519_public_key_t;
 
 /* Opaque handle to a configured bridge */
 typedef struct bridge_info_t bridge_info_t;
@@ -38,7 +39,7 @@ int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
 int node_is_a_configured_bridge(const node_t *node);
 void learned_router_identity(const tor_addr_t *addr, uint16_t port,
                              const char *digest,
-                             const ed25519_public_key_t *ed_id);
+                             const struct ed25519_public_key_t *ed_id);
 
 void bridge_add_from_config(struct bridge_line_t *bridge_line);
 void retry_bridge_descriptor_fetch_directly(const char *digest);
@@ -77,4 +78,3 @@ STATIC void bridge_resolve_conflicts(const tor_addr_t *addr,
 #endif /* defined(TOR_BRIDGES_PRIVATE) */
 
 #endif /* !defined(TOR_BRIDGES_H) */
-

src/or/channel.h

@@ -12,6 +12,7 @@
 #include "or/or.h"
 #include "or/circuitmux.h"
 #include "common/handles.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 #include "tor_queue.h"
 
@@ -255,7 +256,7 @@ struct channel_s {
    * necessarily its true identity.  Don't believe this identity unless
    * authentication has happened.
    */
-  ed25519_public_key_t ed25519_identity;
+  struct ed25519_public_key_t ed25519_identity;
 
   /**
    * Linked list of channels with the same RSA identity digest, for use with
@@ -474,8 +475,8 @@ void channel_mark_incoming(channel_t *chan);
 void channel_mark_outgoing(channel_t *chan);
 void channel_mark_remote(channel_t *chan);
 void channel_set_identity_digest(channel_t *chan,
-                                 const char *identity_digest,
-                                 const ed25519_public_key_t *ed_identity);
+                             const char *identity_digest,
+                             const struct ed25519_public_key_t *ed_identity);
 
 void channel_listener_change_state(channel_listener_t *chan_l,
                                    channel_listener_state_t to_state);
@@ -525,10 +526,10 @@ int channel_send_destroy(circid_t circ_id, channel_t *chan,
 
 channel_t * channel_connect(const tor_addr_t *addr, uint16_t port,
                             const char *rsa_id_digest,
-                            const ed25519_public_key_t *ed_id);
+                            const struct ed25519_public_key_t *ed_id);
 
 channel_t * channel_get_for_extend(const char *rsa_id_digest,
-                                   const ed25519_public_key_t *ed_id,
+                                   const struct ed25519_public_key_t *ed_id,
                                    const tor_addr_t *target_addr,
                                    const char **msg_out,
                                    int *launch_out);
@@ -541,7 +542,7 @@ int channel_is_better(channel_t *a, channel_t *b);
 
 channel_t * channel_find_by_global_id(uint64_t global_identifier);
 channel_t * channel_find_by_remote_identity(const char *rsa_id_digest,
-                                            const ed25519_public_key_t *ed_id);
+                                    const struct ed25519_public_key_t *ed_id);
 
 /** For things returned by channel_find_by_remote_digest(), walk the list.
  * The RSA key will match for all returned elements; the Ed25519 key might not.

src/or/channeltls.h

@@ -12,6 +12,9 @@
 #include "or/or.h"
 #include "or/channel.h"
 
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
 #define BASE_CHAN_TO_TLS(c) (channel_tls_from_base((c)))
 #define TLS_CHAN_TO_BASE(c) (channel_tls_to_base((c)))
 
@@ -30,7 +33,7 @@ struct channel_tls_s {
 
 channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port,
                                 const char *id_digest,
-                                const ed25519_public_key_t *ed_id);
+                                const struct ed25519_public_key_t *ed_id);
 channel_listener_t * channel_tls_get_listener(void);
 channel_listener_t * channel_tls_start_listener(void);
 channel_t * channel_tls_handle_incoming(or_connection_t *orconn);
@@ -72,4 +75,3 @@ STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell,
 #endif /* defined(CHANNELTLS_PRIVATE) */
 
 #endif /* !defined(TOR_CHANNELTLS_H) */
-

src/or/circuitbuild.h

@@ -12,6 +12,9 @@
 #ifndef TOR_CIRCUITBUILD_H
 #define TOR_CIRCUITBUILD_H
 
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
 int route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei);
 char *circuit_list_path(origin_circuit_t *circ, int verbose);
 char *circuit_list_path_for_controller(origin_circuit_t *circ);
@@ -52,9 +55,9 @@ int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info);
 void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop);
 extend_info_t *extend_info_new(const char *nickname,
                                const char *rsa_id_digest,
-                               const ed25519_public_key_t *ed_id,
+                               const struct ed25519_public_key_t *ed_id,
                                crypto_pk_t *onion_key,
-                               const curve25519_public_key_t *ntor_key,
+                               const struct curve25519_public_key_t *ntor_key,
                                const tor_addr_t *addr, uint16_t port);
 extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect);
 extend_info_t *extend_info_dup(extend_info_t *info);
@@ -100,4 +103,3 @@ unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
 #endif /* defined(CIRCUITBUILD_PRIVATE) */
 
 #endif /* !defined(TOR_CIRCUITBUILD_H) */
-

src/or/connection_or.c

@@ -68,6 +68,7 @@
 #include "or/or_handshake_state_st.h"
 #include "or/routerinfo_st.h"
 #include "or/var_cell_st.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #include "lib/tls/tortls.h"
 

src/or/connection_or.h

@@ -12,6 +12,9 @@
 #ifndef TOR_CONNECTION_OR_H
 #define TOR_CONNECTION_OR_H
 
+struct ed25519_public_key_t;
+struct ed25519_keypair_t;
+
 or_connection_t *TO_OR_CONN(connection_t *);
 
 void connection_or_clear_identity(or_connection_t *conn);
@@ -42,7 +45,7 @@ MOCK_DECL(or_connection_t *,
           connection_or_connect,
           (const tor_addr_t *addr, uint16_t port,
            const char *id_digest,
-           const ed25519_public_key_t *ed_id,
+           const struct ed25519_public_key_t *ed_id,
            channel_tls_t *chan));
 
 void connection_or_close_normally(or_connection_t *orconn, int flush);
@@ -60,14 +63,14 @@ void connection_or_set_canonical(or_connection_t *or_conn,
 int connection_init_or_handshake_state(or_connection_t *conn,
                                        int started_here);
 void connection_or_init_conn_from_address(or_connection_t *conn,
-                                          const tor_addr_t *addr,
-                                          uint16_t port,
-                                          const char *rsa_id_digest,
-                                          const ed25519_public_key_t *ed_id,
-                                          int started_here);
+                                    const tor_addr_t *addr,
+                                    uint16_t port,
+                                    const char *rsa_id_digest,
+                                    const struct ed25519_public_key_t *ed_id,
+                                    int started_here);
 int connection_or_client_learned_peer_id(or_connection_t *conn,
                               const uint8_t *rsa_peer_id,
-                              const ed25519_public_key_t *ed_peer_id);
+                              const struct ed25519_public_key_t *ed_peer_id);
 time_t connection_or_client_used(or_connection_t *conn);
 MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn));
 void or_handshake_state_free_(or_handshake_state_t *state);
@@ -94,11 +97,12 @@ int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int authchallenge_type_is_supported(uint16_t challenge_type);
 int authchallenge_type_is_better(uint16_t challenge_type_a,
                                  uint16_t challenge_type_b);
-var_cell_t *connection_or_compute_authenticate_cell_body(or_connection_t *conn,
-                                       const int authtype,
-                                       crypto_pk_t *signing_key,
-                                       const ed25519_keypair_t *ed_signing_key,
-                                       int server);
+var_cell_t *connection_or_compute_authenticate_cell_body(
+                              or_connection_t *conn,
+                              const int authtype,
+                              crypto_pk_t *signing_key,
+                              const struct ed25519_keypair_t *ed_signing_key,
+                              int server);
 MOCK_DECL(int,connection_or_send_authenticate_cell,
           (or_connection_t *conn, int type));
 
@@ -132,4 +136,3 @@ extern int certs_cell_ed25519_disabled_for_testing;
 #endif
 
 #endif /* !defined(TOR_CONNECTION_OR_H) */
-

src/or/control.h

@@ -162,6 +162,8 @@ void control_event_hs_descriptor_content(const char *onion_address,
 void control_free_all(void);
 
 #ifdef CONTROL_PRIVATE
+#include "lib/crypt_ops/crypto_ed25519.h"
+
 /* Recognized asynchronous event types.  It's okay to expand this list
  * because it is used both as a list of v0 event types, and as indices
  * into the bitfield to determine which controllers want which events.

src/or/dirauth/dirvote.c

@@ -45,6 +45,7 @@
 
 #include "lib/container/order.h"
 #include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 /**
  * \file dirvote.c

src/or/directory.c

@@ -44,6 +44,7 @@
 #include "or/routerparse.h"
 #include "or/routerset.h"
 #include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #if defined(EXPORTMALLINFO) && defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
 #if !defined(OpenBSD)

src/or/dirserv.c

@@ -48,6 +48,7 @@
 
 #include "lib/compress/compress.h"
 #include "lib/container/order.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/encoding/confline.h"
 
 /**

src/or/dirserv.h

@@ -12,6 +12,8 @@
 #ifndef TOR_DIRSERV_H
 #define TOR_DIRSERV_H
 
+struct ed25519_public_key_t;
+
 #include "lib/testsupport/testsupport.h"
 
 /** What fraction (1 over this number) of the relay ID space do we
@@ -138,7 +140,7 @@ int dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
 void dirserv_orconn_tls_done(const tor_addr_t *addr,
                              uint16_t or_port,
                              const char *digest_rcvd,
-                             const ed25519_public_key_t *ed_id_rcvd);
+                             const struct ed25519_public_key_t *ed_id_rcvd);
 int dirserv_should_launch_reachability_test(const routerinfo_t *ri,
                                             const routerinfo_t *ri_old);
 void dirserv_single_reachability_test(time_t now, routerinfo_t *router);
@@ -220,4 +222,3 @@ void dirserv_spool_sort(dir_connection_t *conn);
 void dir_conn_clear_spool(dir_connection_t *conn);
 
 #endif /* !defined(TOR_DIRSERV_H) */
-

src/or/entrynodes.h

@@ -64,6 +64,8 @@ typedef struct guard_pathbias_t {
 } guard_pathbias_t;
 
 #if defined(ENTRYNODES_PRIVATE)
+#include "lib/crypt_ops/crypto_ed25519.h"
+
 /**
  * @name values for entry_guard_t.is_reachable.
  *
@@ -635,4 +637,3 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
                                   uint32_t guardfraction_percentage);
 
 #endif /* !defined(TOR_ENTRYNODES_H) */
-

src/or/extend_info_st.h

@@ -7,6 +7,9 @@
 #ifndef EXTEND_INFO_ST_H
 #define EXTEND_INFO_ST_H
 
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
 /** Information on router used when extending a circuit. We don't need a
  * full routerinfo_t to extend: we only need addr:port:keyid to build an OR
  * connection, and onion_key to create the onionskin. Note that for onehop
@@ -25,4 +28,3 @@ struct extend_info_t {
 };
 
 #endif
-

src/or/hs_cache.c

@@ -11,6 +11,7 @@
 
 #include "or/or.h"
 #include "or/config.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "or/hs_ident.h"
 #include "or/hs_common.h"
@@ -976,4 +977,3 @@ hs_cache_free_all(void)
                     cache_client_intro_state_free_void);
   hs_cache_client_intro_state = NULL;
 }
-

src/or/hs_cache.h

@@ -11,12 +11,13 @@
 
 #include <stdint.h>
 
-#include "lib/crypt_ops/crypto_ed25519.h"
 #include "or/hs_common.h"
 #include "or/hs_descriptor.h"
 #include "or/rendcommon.h"
 #include "or/torcert.h"
 
+struct ed25519_public_key_t;
+
 /* This is the maximum time an introduction point state object can stay in the
  * client cache in seconds (2 mins or 120 seconds). */
 #define HS_CACHE_CLIENT_INTRO_STATE_MAX_AGE (2 * 60)
@@ -79,30 +80,32 @@ int hs_cache_lookup_as_dir(uint32_t version, const char *query,
                            const char **desc_out);
 
 const hs_descriptor_t *
-hs_cache_lookup_as_client(const ed25519_public_key_t *key);
+hs_cache_lookup_as_client(const struct ed25519_public_key_t *key);
 const char *
-hs_cache_lookup_encoded_as_client(const ed25519_public_key_t *key);
+hs_cache_lookup_encoded_as_client(const struct ed25519_public_key_t *key);
 int hs_cache_store_as_client(const char *desc_str,
-                             const ed25519_public_key_t *identity_pk);
+                             const struct ed25519_public_key_t *identity_pk);
 void hs_cache_clean_as_client(time_t now);
 void hs_cache_purge_as_client(void);
 
 /* Client failure cache. */
-void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk,
-                                      const ed25519_public_key_t *auth_key,
-                                      rend_intro_point_failure_t failure);
+void hs_cache_client_intro_state_note(
+                              const struct ed25519_public_key_t *service_pk,
+                              const struct ed25519_public_key_t *auth_key,
+                              rend_intro_point_failure_t failure);
 const hs_cache_intro_state_t *hs_cache_client_intro_state_find(
-                                       const ed25519_public_key_t *service_pk,
-                                       const ed25519_public_key_t *auth_key);
+                              const struct ed25519_public_key_t *service_pk,
+                              const struct ed25519_public_key_t *auth_key);
 void hs_cache_client_intro_state_clean(time_t now);
 void hs_cache_client_intro_state_purge(void);
 
 #ifdef HS_CACHE_PRIVATE
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 /** Represents a locally cached HS descriptor on a hidden service client. */
 typedef struct hs_cache_client_descriptor_t {
   /* This object is indexed using the service identity public key */
-  ed25519_public_key_t key;
+  struct ed25519_public_key_t key;
 
   /* When will this entry expire? We expire cached client descriptors in the
    * start of the next time period, since that's when clients need to start
@@ -125,4 +128,3 @@ lookup_v3_desc_as_client(const uint8_t *key);
 #endif /* defined(HS_CACHE_PRIVATE) */
 
 #endif /* !defined(TOR_HS_CACHE_H) */
-

src/or/hs_client.c

@@ -16,6 +16,7 @@
 #include "or/config.h"
 #include "or/connection.h"
 #include "or/connection_edge.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "or/directory.h"

src/or/hs_common.c

@@ -1823,4 +1823,3 @@ hs_inc_rdv_stream_counter(origin_circuit_t *circ)
     tor_assert_nonfatal_unreached();
   }
 }
-

src/or/hs_common.h

@@ -10,6 +10,11 @@
 #define TOR_HS_COMMON_H
 
 #include "or/or.h"
+#include "lib/defs/x25519_sizes.h"
+
+struct curve25519_public_key_t;
+struct ed25519_public_key_t;
+struct ed25519_keypair_t;
 
 /* Trunnel */
 #include "trunnel/ed25519_cert.h"
@@ -167,20 +172,20 @@ int hs_check_service_private_dir(const char *username, const char *path,
 int hs_get_service_max_rend_failures(void);
 
 char *hs_path_from_filename(const char *directory, const char *filename);
-void hs_build_address(const ed25519_public_key_t *key, uint8_t version,
+void hs_build_address(const struct ed25519_public_key_t *key, uint8_t version,
                       char *addr_out);
 int hs_address_is_valid(const char *address);
-int hs_parse_address(const char *address, ed25519_public_key_t *key_out,
+int hs_parse_address(const char *address, struct ed25519_public_key_t *key_out,
                      uint8_t *checksum_out, uint8_t *version_out);
 
-void hs_build_blinded_pubkey(const ed25519_public_key_t *pubkey,
+void hs_build_blinded_pubkey(const struct ed25519_public_key_t *pubkey,
                              const uint8_t *secret, size_t secret_len,
                              uint64_t time_period_num,
-                             ed25519_public_key_t *pubkey_out);
-void hs_build_blinded_keypair(const ed25519_keypair_t *kp,
+                             struct ed25519_public_key_t *pubkey_out);
+void hs_build_blinded_keypair(const struct ed25519_keypair_t *kp,
                               const uint8_t *secret, size_t secret_len,
                               uint64_t time_period_num,
-                              ed25519_keypair_t *kp_out);
+                              struct ed25519_keypair_t *kp_out);
 int hs_service_requires_uptime_circ(const smartlist_t *ports);
 
 void rend_data_free_(rend_data_t *data);
@@ -203,8 +208,8 @@ const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data,
 
 routerstatus_t *pick_hsdir(const char *desc_id, const char *desc_id_base32);
 
-void hs_get_subcredential(const ed25519_public_key_t *identity_pk,
-                          const ed25519_public_key_t *blinded_pk,
+void hs_get_subcredential(const struct ed25519_public_key_t *identity_pk,
+                          const struct ed25519_public_key_t *blinded_pk,
                           uint8_t *subcred_out);
 
 uint64_t hs_get_previous_time_period_num(time_t now);
@@ -222,18 +227,18 @@ uint8_t *hs_get_current_srv(uint64_t time_period_num,
 uint8_t *hs_get_previous_srv(uint64_t time_period_num,
                              const networkstatus_t *ns);
 
-void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
+void hs_build_hsdir_index(const struct ed25519_public_key_t *identity_pk,
                           const uint8_t *srv, uint64_t period_num,
                           uint8_t *hsdir_index_out);
 void hs_build_hs_index(uint64_t replica,
-                       const ed25519_public_key_t *blinded_pk,
+                       const struct ed25519_public_key_t *blinded_pk,
                        uint64_t period_num, uint8_t *hs_index_out);
 
 int32_t hs_get_hsdir_n_replicas(void);
 int32_t hs_get_hsdir_spread_fetch(void);
 int32_t hs_get_hsdir_spread_store(void);
 
-void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
+void hs_get_responsible_hsdirs(const struct ed25519_public_key_t *blinded_pk,
                               uint64_t time_period_num,
                               int use_second_hsdir_index,
                               int for_fetching, smartlist_t *responsible_dirs);
@@ -254,8 +259,8 @@ void hs_inc_rdv_stream_counter(origin_circuit_t *circ);
 void hs_dec_rdv_stream_counter(origin_circuit_t *circ);
 
 extend_info_t *hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
-                                  const curve25519_public_key_t *onion_key,
-                                  int direct_conn);
+                          const struct curve25519_public_key_t *onion_key,
+                          int direct_conn);
 
 #ifdef HS_COMMON_PRIVATE
 
@@ -281,4 +286,3 @@ STATIC uint8_t *get_second_cached_disaster_srv(void);
 #endif /* defined(HS_COMMON_PRIVATE) */
 
 #endif /* !defined(TOR_HS_COMMON_H) */
-

src/or/hs_control.c

@@ -8,6 +8,7 @@
 
 #include "or/or.h"
 #include "or/control.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "or/hs_common.h"
 #include "or/hs_control.h"
@@ -258,4 +259,3 @@ hs_control_hspost_command(const char *body, const char *onion_address,
   smartlist_free(hsdirs);
   return ret;
 }
-

src/or/hs_descriptor.c

@@ -67,6 +67,7 @@
 #include "or/hs_config.h"
 #include "or/torcert.h" /* tor_cert_encode_ed22519() */
 #include "lib/memarea/memarea.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #include "or/extend_info_st.h"
 

src/or/hs_intropoint.c

@@ -15,6 +15,7 @@
 #include "or/relay.h"
 #include "or/rendmid.h"
 #include "or/rephist.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 /* Trunnel */
 #include "trunnel/ed25519_cert.h"
@@ -611,4 +612,3 @@ hs_intropoint_clear(hs_intropoint_t *ip)
   smartlist_free(ip->link_specifiers);
   memset(ip, 0, sizeof(hs_intropoint_t));
 }
-

src/or/hs_ntor.c

@@ -26,6 +26,8 @@
 
 #include "or/or.h"
 #include "lib/crypt_ops/crypto_util.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "or/hs_ntor.h"
 
 /* String constants used by the ntor HS protocol */
@@ -616,4 +618,3 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
 
   return 0;
 }
-

src/or/hs_ntor.h

@@ -5,6 +5,9 @@
 #define TOR_HS_NTOR_H
 
 #include "or/or.h"
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+struct curve25519_keypair_t;
 
 /* Output length of KDF for key expansion */
 #define HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN \
@@ -28,32 +31,32 @@ typedef struct {
 } hs_ntor_rend_cell_keys_t;
 
 int hs_ntor_client_get_introduce1_keys(
-                      const ed25519_public_key_t *intro_auth_pubkey,
-                      const curve25519_public_key_t *intro_enc_pubkey,
-                      const curve25519_keypair_t *client_ephemeral_enc_keypair,
-                      const uint8_t *subcredential,
-                      hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
+              const struct ed25519_public_key_t *intro_auth_pubkey,
+              const struct curve25519_public_key_t *intro_enc_pubkey,
+              const struct curve25519_keypair_t *client_ephemeral_enc_keypair,
+              const uint8_t *subcredential,
+              hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
 
 int hs_ntor_client_get_rendezvous1_keys(
-                  const ed25519_public_key_t *intro_auth_pubkey,
-                  const curve25519_keypair_t *client_ephemeral_enc_keypair,
-                  const curve25519_public_key_t *intro_enc_pubkey,
-                  const curve25519_public_key_t *service_ephemeral_rend_pubkey,
-                  hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
+          const struct ed25519_public_key_t *intro_auth_pubkey,
+          const struct curve25519_keypair_t *client_ephemeral_enc_keypair,
+          const struct curve25519_public_key_t *intro_enc_pubkey,
+          const struct curve25519_public_key_t *service_ephemeral_rend_pubkey,
+          hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
 
 int hs_ntor_service_get_introduce1_keys(
-                  const ed25519_public_key_t *intro_auth_pubkey,
-                  const curve25519_keypair_t *intro_enc_keypair,
-                  const curve25519_public_key_t *client_ephemeral_enc_pubkey,
-                  const uint8_t *subcredential,
-                  hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
+            const struct ed25519_public_key_t *intro_auth_pubkey,
+            const struct curve25519_keypair_t *intro_enc_keypair,
+            const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
+            const uint8_t *subcredential,
+            hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
 
 int hs_ntor_service_get_rendezvous1_keys(
-                  const ed25519_public_key_t *intro_auth_pubkey,
-                  const curve25519_keypair_t *intro_enc_keypair,
-                  const curve25519_keypair_t *service_ephemeral_rend_keypair,
-                  const curve25519_public_key_t *client_ephemeral_enc_pubkey,
-                  hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
+            const struct ed25519_public_key_t *intro_auth_pubkey,
+            const struct curve25519_keypair_t *intro_enc_keypair,
+            const struct curve25519_keypair_t *service_ephemeral_rend_keypair,
+            const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
+            hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
 
 int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
                                   size_t seed_len,
@@ -64,4 +67,3 @@ int hs_ntor_client_rendezvous2_mac_is_good(
                         const uint8_t *rcvd_mac);
 
 #endif /* !defined(TOR_HS_NTOR_H) */
-

src/or/hs_service.c

@@ -48,6 +48,7 @@
 #include "or/routerstatus_st.h"
 
 #include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 /* Trunnel */
 #include "trunnel/ed25519_cert.h"

src/or/microdesc_st.h

@@ -7,6 +7,9 @@
 #ifndef MICRODESC_ST_H
 #define MICRODESC_ST_H
 
+struct curve25519_public_key_t;
+struct ed25519_public_key_t;
+
 /** A microdescriptor is the smallest amount of information needed to build a
  * circuit through a router.  They are generated by the directory authorities,
  * using information from the uploaded routerinfo documents.  They are not
@@ -52,9 +55,9 @@ struct microdesc_t {
   /** As routerinfo_t.onion_pkey */
   crypto_pk_t *onion_pkey;
   /** As routerinfo_t.onion_curve25519_pkey */
-  curve25519_public_key_t *onion_curve25519_pkey;
+  struct curve25519_public_key_t *onion_curve25519_pkey;
   /** Ed25519 identity key, if included. */
-  ed25519_public_key_t *ed25519_identity_pkey;
+  struct ed25519_public_key_t *ed25519_identity_pkey;
   /** As routerinfo_t.ipv6_addr */
   tor_addr_t ipv6_addr;
   /** As routerinfo_t.ipv6_orport */
@@ -68,4 +71,3 @@ struct microdesc_t {
 };
 
 #endif
-

src/or/node_st.h

@@ -8,6 +8,7 @@
 #define NODE_ST_H
 
 #include "or/hsdir_index_st.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 /** A node_t represents a Tor router.
  *
@@ -99,4 +100,3 @@ struct node_t {
 };
 
 #endif
-

src/or/nodelist.h

@@ -12,15 +12,19 @@
 #ifndef TOR_NODELIST_H
 #define TOR_NODELIST_H
 
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
 #define node_assert_ok(n) STMT_BEGIN {                          \
     tor_assert((n)->ri || (n)->rs);                             \
   } STMT_END
 
 MOCK_DECL(node_t *, node_get_mutable_by_id,(const char *identity_digest));
 MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
-node_t *node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id);
+node_t *node_get_mutable_by_ed25519_id(
+                            const struct ed25519_public_key_t *ed_id);
 MOCK_DECL(const node_t *, node_get_by_ed25519_id,
-          (const ed25519_public_key_t *ed_id));
+          (const struct ed25519_public_key_t *ed_id));
 
 #define NNF_NO_WARN_UNNAMED (1u<<0)
 
@@ -65,9 +69,9 @@ uint32_t node_get_prim_addr_ipv4h(const node_t *node);
 void node_get_address_string(const node_t *node, char *cp, size_t len);
 long node_get_declared_uptime(const node_t *node);
 const smartlist_t *node_get_declared_family(const node_t *node);
-const ed25519_public_key_t *node_get_ed25519_id(const node_t *node);
+const struct ed25519_public_key_t *node_get_ed25519_id(const node_t *node);
 int node_ed25519_id_matches(const node_t *node,
-                            const ed25519_public_key_t *id);
+                            const struct ed25519_public_key_t *id);
 int node_supports_ed25519_link_authentication(const node_t *node,
                                               int compatible_with_us);
 int node_supports_v3_hsdir(const node_t *node);
@@ -89,7 +93,7 @@ void node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out);
 void node_get_pref_dirport(const node_t *node, tor_addr_port_t *ap_out);
 void node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out);
 int node_has_curve25519_onion_key(const node_t *node);
-const curve25519_public_key_t *node_get_curve25519_onion_key(
+const struct curve25519_public_key_t *node_get_curve25519_onion_key(
                                   const node_t *node);
 
 MOCK_DECL(smartlist_t *, nodelist_get_list, (void));
@@ -162,4 +166,3 @@ node_set_hsdir_index(node_t *node, const networkstatus_t *ns);
 MOCK_DECL(int, get_estimated_address_per_node, (void));
 
 #endif /* !defined(TOR_NODELIST_H) */
-

src/or/onion.h

@@ -13,6 +13,10 @@
 #define TOR_ONION_H
 
 struct create_cell_t;
+struct curve25519_keypair_t;
+struct curve25519_public_key_t;
+#include "lib/crypt_ops/crypto_ed25519.h"
+
 int onion_pending_add(or_circuit_t *circ, struct create_cell_t *onionskin);
 or_circuit_t *onion_next_task(struct create_cell_t **onionskin_out);
 int onion_num_pending(uint16_t handshake_type);
@@ -23,8 +27,8 @@ typedef struct server_onion_keys_t {
   uint8_t my_identity[DIGEST_LEN];
   crypto_pk_t *onion_key;
   crypto_pk_t *last_onion_key;
-  di_digest256_map_t *curve25519_key_map;
-  curve25519_keypair_t *junk_keypair;
+  struct di_digest256_map_t *curve25519_key_map;
+  struct curve25519_keypair_t *junk_keypair;
 } server_onion_keys_t;
 
 #define MAX_ONIONSKIN_CHALLENGE_LEN 255
@@ -88,7 +92,7 @@ typedef struct extend_cell_t {
   /** Identity fingerprint of the node we're conecting to.*/
   uint8_t node_id[DIGEST_LEN];
   /** Ed25519 public identity key. Zero if not set. */
-  ed25519_public_key_t ed_pubkey;
+  struct ed25519_public_key_t ed_pubkey;
   /** The "create cell" embedded in this extend cell. Note that unlike the
    * create cells we generate ourself, this once can have a handshake type we
    * don't recognize. */
@@ -122,4 +126,3 @@ int extended_cell_format(uint8_t *command_out, uint16_t *len_out,
                          uint8_t *payload_out, const extended_cell_t *cell_in);
 
 #endif /* !defined(TOR_ONION_H) */
-

src/or/onion_ntor.h

@@ -5,9 +5,10 @@
 #define TOR_ONION_NTOR_H
 
 #include "lib/cc/torint.h"
-#include "lib/crypt_ops/crypto_curve25519.h"
 
 struct di_digest256_map_t;
+struct curve25519_public_key_t;
+struct curve25519_keypair_t;
 
 /** State to be maintained by a client between sending an ntor onionskin
  * and receiving a reply. */
@@ -23,17 +24,17 @@ void ntor_handshake_state_free_(ntor_handshake_state_t *state);
   FREE_AND_NULL(ntor_handshake_state_t, ntor_handshake_state_free_, (state))
 
 int onion_skin_ntor_create(const uint8_t *router_id,
-                           const curve25519_public_key_t *router_key,
+                           const struct curve25519_public_key_t *router_key,
                            ntor_handshake_state_t **handshake_state_out,
                            uint8_t *onion_skin_out);
 
 int onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
-                                 const struct di_digest256_map_t *private_keys,
-                                 const curve25519_keypair_t *junk_keypair,
-                                 const uint8_t *my_node_id,
-                                 uint8_t *handshake_reply_out,
-                                 uint8_t *key_out,
-                                 size_t key_out_len);
+                           const struct di_digest256_map_t *private_keys,
+                           const struct curve25519_keypair_t *junk_keypair,
+                           const uint8_t *my_node_id,
+                           uint8_t *handshake_reply_out,
+                           uint8_t *key_out,
+                           size_t key_out_len);
 
 int onion_skin_ntor_client_handshake(
                              const ntor_handshake_state_t *handshake_state,
@@ -43,6 +44,7 @@ int onion_skin_ntor_client_handshake(
                              const char **msg_out);
 
 #ifdef ONION_NTOR_PRIVATE
+#include "lib/crypt_ops/crypto_curve25519.h"
 
 /** Storage held by a client while waiting for an ntor reply from a server. */
 struct ntor_handshake_state_t {

src/or/or.h

@@ -68,7 +68,6 @@
 #include "lib/container/map.h"
 #include "lib/container/smartlist.h"
 #include "lib/crypt_ops/crypto.h"
-#include "lib/crypt_ops/crypto_format.h"
 #include "lib/defs/dh_sizes.h"
 #include "lib/encoding/binascii.h"
 #include "lib/net/address.h"
@@ -79,6 +78,9 @@
 // definitions working. We should remove them when we minimize our includes.
 #include "or/entry_port_cfg_st.h"
 
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
 /* These signals are defined to help handle_control_signal work.
  */
 #ifndef SIGHUP

src/or/router.c

@@ -53,6 +53,7 @@
 #include "lib/osinfo/uname.h"
 #include "lib/tls/tortls.h"
 #include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 /**
  * \file router.c

src/or/router.h

@@ -14,6 +14,9 @@
 
 #include "lib/testsupport/testsupport.h"
 
+struct curve25519_keypair_t;
+struct ed25519_keypair_t;
+
 #define TOR_ROUTERINFO_ERROR_NO_EXT_ADDR     (-1)
 #define TOR_ROUTERINFO_ERROR_CANNOT_PARSE    (-2)
 #define TOR_ROUTERINFO_ERROR_NOT_A_SERVER    (-3)
@@ -107,10 +110,10 @@ MOCK_DECL(int,router_pick_published_address,(const or_options_t *options,
 int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e);
 int router_rebuild_descriptor(int force);
 char *router_dump_router_to_string(routerinfo_t *router,
-                                   const crypto_pk_t *ident_key,
-                                   const crypto_pk_t *tap_key,
-                                   const curve25519_keypair_t *ntor_keypair,
-                                   const ed25519_keypair_t *signing_keypair);
+                             const crypto_pk_t *ident_key,
+                             const crypto_pk_t *tap_key,
+                             const struct curve25519_keypair_t *ntor_keypair,
+                             const struct ed25519_keypair_t *signing_keypair);
 char *router_dump_exit_policy_to_string(const routerinfo_t *router,
                                          int include_ipv4,
                                          int include_ipv6);
@@ -126,7 +129,7 @@ int router_has_orport(const routerinfo_t *router,
                       const tor_addr_port_t *orport);
 int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
                              crypto_pk_t *ident_key,
-                             const ed25519_keypair_t *signing_keypair);
+                             const struct ed25519_keypair_t *signing_keypair);
 int is_legal_nickname(const char *s);
 int is_legal_nickname_or_hexdigest(const char *s);
 int is_legal_hexdigest(const char *s);
@@ -156,4 +159,3 @@ STATIC int router_write_fingerprint(int hashed);
 #endif
 
 #endif /* !defined(TOR_ROUTER_H) */
-

src/or/routerinfo_st.h

@@ -9,6 +9,8 @@
 
 #include "or/signed_descriptor_st.h"
 
+struct curve25519_public_key_t;
+
 /** Information about another onion router in the network. */
 struct routerinfo_t {
   signed_descriptor_t cache_info;
@@ -28,7 +30,7 @@ struct routerinfo_t {
   crypto_pk_t *onion_pkey; /**< Public RSA key for onions. */
   crypto_pk_t *identity_pkey;  /**< Public RSA key for signing. */
   /** Public curve25519 key for onions */
-  curve25519_public_key_t *onion_curve25519_pkey;
+  struct curve25519_public_key_t *onion_curve25519_pkey;
   /** What's the earliest expiration time on all the certs in this
    * routerinfo? */
   time_t cert_expiration_time;
@@ -104,4 +106,3 @@ struct routerinfo_t {
 };
 
 #endif
-

src/or/routerkeys.c

@@ -24,6 +24,7 @@
 #include "lib/crypt_ops/crypto_util.h"
 #include "lib/term/getpass.h"
 #include "lib/tls/tortls.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #define ENC_KEY_HEADER "Boxed Ed25519 key"
 #define ENC_KEY_TAG "master"

src/or/routerlist.c

@@ -95,6 +95,7 @@
 #include "lib/err/backtrace.h"
 #include "or/bridges.h"
 #include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "or/circuitstats.h"
 #include "or/config.h"
 #include "or/connection.h"
@@ -5841,4 +5842,3 @@ refresh_all_country_info(void)
 
   nodelist_refresh_countries();
 }
-

src/or/routerparse.c

@@ -58,6 +58,7 @@
 #include "or/or.h"
 #include "or/circuitstats.h"
 #include "or/config.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "or/dirauth/shared_random.h"
 #include "or/dirserv.h"

src/or/vote_routerstatus_st.h

@@ -8,6 +8,7 @@
 #define VOTE_ROUTERSTATUS_ST_H
 
 #include "or/routerstatus_st.h"
+#include "lib/defs/x25519_sizes.h"
 
 /** The claim about a single router, made in a vote. */
 struct vote_routerstatus_t {
@@ -38,4 +39,3 @@ struct vote_routerstatus_t {
 };
 
 #endif
-

src/test/fuzz/fuzz_consensus.c

@@ -4,6 +4,7 @@
 #include "or/or.h"
 #include "or/routerparse.h"
 #include "or/networkstatus.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "test/fuzz/fuzzing.h"
 
 static void
@@ -75,4 +76,3 @@ fuzz_main(const uint8_t *data, size_t sz)
   tor_free(str);
   return 0;
 }
-

src/test/fuzz/fuzz_hsdescv2.c

@@ -4,6 +4,7 @@
 #include "or/or.h"
 #include "or/routerparse.h"
 #include "or/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "test/fuzz/fuzzing.h"
 
 static void
@@ -49,4 +50,3 @@ fuzz_main(const uint8_t *data, size_t sz)
   tor_free(str);
   return 0;
 }
-

src/test/fuzz/fuzz_iptsv2.c

@@ -4,6 +4,7 @@
 #include "or/or.h"
 #include "or/routerparse.h"
 #include "or/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 #include "or/rend_service_descriptor_st.h"
 
@@ -46,4 +47,3 @@ fuzz_main(const uint8_t *data, size_t sz)
   rend_service_descriptor_free(desc);
   return 0;
 }
-

src/test/fuzz/fuzz_microdesc.c

@@ -4,6 +4,8 @@
 #include "or/or.h"
 #include "or/routerparse.h"
 #include "or/microdesc.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
 #include "test/fuzz/fuzzing.h"
 
 static void
@@ -44,4 +46,3 @@ fuzz_main(const uint8_t *data, size_t sz)
   }
   return 0;
 }
-

src/test/fuzz/fuzz_vrs.c

@@ -10,6 +10,7 @@
 
 #include "or/networkstatus_st.h"
 #include "or/vote_routerstatus_st.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 #include "test/fuzz/fuzzing.h"
 
@@ -83,4 +84,3 @@ fuzz_main(const uint8_t *data, size_t sz)
   tor_free(str);
   return 0;
 }
-

src/test/test_controller.c

@@ -3,6 +3,7 @@
 
 #define CONTROL_PRIVATE
 #include "or/or.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "or/bridges.h"
 #include "or/control.h"
 #include "or/entrynodes.h"
@@ -1625,4 +1626,3 @@ struct testcase_t controller_tests[] = {
   { "getinfo_md_all", test_getinfo_md_all, 0, NULL, NULL },
   END_OF_TESTCASES
 };
-

src/test/test_crypto.c

@@ -14,6 +14,7 @@
 #include "lib/crypt_ops/crypto_curve25519.h"
 #include "lib/crypt_ops/crypto_dh.h"
 #include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_hkdf.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "ed25519_vectors.inc"

src/test/test_crypto_slow.c

@@ -7,6 +7,8 @@
 #define CRYPTO_S2K_PRIVATE
 #include "or/or.h"
 #include "test/test.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "lib/crypt_ops/crypto_s2k.h"
 #include "lib/crypt_ops/crypto_pwbox.h"
 #include "lib/crypt_ops/crypto_rand.h"
@@ -615,4 +617,3 @@ struct testcase_t slow_crypto_tests[] = {
   ED25519_TEST(fuzz_donna, TT_FORK),
   END_OF_TESTCASES
 };
-

src/test/test_dir.c

@@ -23,6 +23,7 @@
 #include "or/config.h"
 #include "or/control.h"
 #include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "or/directory.h"
 #include "or/dirserv.h"

src/test/test_hs_cache.c

@@ -17,6 +17,7 @@
 #include "or/networkstatus.h"
 #include "or/connection.h"
 #include "or/proto_http.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #include "or/dir_connection_st.h"
 #include "or/networkstatus_st.h"
@@ -561,4 +562,3 @@ struct testcase_t hs_cache[] = {
 
   END_OF_TESTCASES
 };
-

src/test/test_hs_common.c

@@ -17,6 +17,7 @@
 #include "test/hs_test_helpers.h"
 
 #include "or/connection_edge.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "or/hs_common.h"
 #include "or/hs_client.h"
@@ -1832,4 +1833,3 @@ struct testcase_t hs_common_tests[] = {
 
   END_OF_TESTCASES
 };
-

src/test/test_hs_control.c

@@ -18,6 +18,7 @@
 
 #include "or/node_st.h"
 #include "or/routerstatus_st.h"
+#include "lib/crypt_ops/crypto_format.h"
 
 #include "test/test_helpers.h"
 
@@ -191,4 +192,3 @@ struct testcase_t hs_control_tests[] = {
 
   END_OF_TESTCASES
 };
-

src/test/test_hs_descriptor.c

@@ -9,6 +9,7 @@
 #define HS_DESCRIPTOR_PRIVATE
 
 #include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_digest.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "trunnel/ed25519_cert.h"
@@ -896,4 +897,3 @@ struct testcase_t hs_descriptor[] = {
 
   END_OF_TESTCASES
 };
-

src/test/test_hs_ntor.c

@@ -9,6 +9,8 @@
 #include "test/test.h"
 #include "test/test_helpers.h"
 #include "test/log_test_helpers.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 
 #include "or/hs_ntor.h"
 
@@ -111,4 +113,3 @@ struct testcase_t hs_ntor_tests[] = {
 
   END_OF_TESTCASES
 };
-

src/test/test_hs_ntor_cl.c

@@ -17,6 +17,8 @@
 #include "common/util.h"
 #include "lib/crypt_ops/crypto.h"
 #include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "or/hs_ntor.h"
 #include "or/onion_ntor.h"
 
@@ -251,4 +253,3 @@ main(int argc, char **argv)
     return 1;
   }
 }
-

src/test/test_routerkeys.c

@@ -11,6 +11,7 @@
 #include "or/routerkeys.h"
 #include "common/util.h"
 #include "lib/crypt_ops/crypto.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "or/torcert.h"
 #include "test/test.h"
 
@@ -695,4 +696,3 @@ struct testcase_t routerkeys_tests[] = {
   TEST(rsa_ed_crosscert, 0),
   END_OF_TESTCASES
 };
-

src/test/test_util.c

@@ -17,6 +17,7 @@
 #include "or/config.h"
 #include "or/control.h"
 #include "or/transports.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "test/test.h"
 #include "lib/memarea/memarea.h"

src/test/testing_common.c

@@ -14,6 +14,7 @@
 #include "or/control.h"
 #include "or/config.h"
 #include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "or/rephist.h"
 #include "lib/err/backtrace.h"