1 files changed, 295 insertions, 249 deletions
diff --git a/src/encryption.c b/src/encryption.c
index 65b8843..382f6d5 100644
--- a/src/encryption.c
+++ b/src/encryption.c
@@ -1,12 +1,12 @@
 /**
 * @file encryption.c
 * @author syxhe (https://t.me/syxhe)
- * @brief *Implementing `encryption.h`* 
+ * @brief A collection of all encryption related functions
 * @version 0.1
 * @date 2025-06-09
- * 
+ *
 * @copyright Copyright (c) 2025
- * 
+ *
 */
 // TODO: Go back and make sure every function has proper error handling
@@ -14,11 +14,16 @@
 // I need to make sure every single function in this file returns with an indicated error instead of nuking the whole program with
 //  error()
+#ifndef __VXGG_REWRITE___ENCRYPTION_C___1481879318188___
+#define __VXGG_REWRITE___ENCRYPTION_C___1481879318188___
 #define _GNU_SOURCE
-#include "shared.h"
+#define TPSIZE (1<<13)
-#include "encryption.h"
-#include "threadpool.h"
+#include "shared.c"
+#include "threadpool.c"
 #include <sodium.h>
@@ -33,16 +38,91 @@
 #include <fcntl.h>
 #include <stdio.h>
+/// Determines whether any function that calls libsodium functions also checks to make sure libsodium is actually initialized. May
+/// cause unexpected issues with early exiting due to libsodium failing to initialize properly. It's recommended that you just
+/// manually run `sodium_init()` in some main or init function of your own so that you can deal with a potential error yourself
+#define ___VXGG___ALWAYS_CHECK_LIBSODIUM___ 1
+/// Grants access to the `vxgg_setsodiumfailcb` function, which can be used to set a custom callback for what to do when libsodium
+/// fails upon initialization
+#define ___VXGG___USE_CLS_CALLBACK___ 1
+/// Chunk size for en/decryption. I originally wanted to use st_blksize from stat(), but given that those chunks may be of different
+/// sizes between computers / filesystems / architectures / files, it's easier to just have this be a consistent macro
+#define CHUNKSIZE (1 << 9)
+// Fuck reading from a file. Even if someone ran strings on the binary and got this they wouldn't be able to regenerate the key
+//! A list of possible words for password creation
+#define PASSWORD_WORDS (\
+    (const char * const []){\
+        "the", "of", "to", "and", "for", "our", "their", "has", "in", "he", "a", "them", "that", "these", "by", "have", "we", \
+        "us", "people", "which", "all", "is", "with", "laws", "be", "are", "his", "states", "on", "they", "right", "it", "from", \
+        "government", "such", "among", "powers", "most", "an", "time", "should", "new", "as", "been", "colonies", "assent", \
+        "large", "at", "independent", "free", "united", "when", "mankind", "hold", "rights", "governments", "consent", "its", \
+        "long", "themselves", "abolishing", "usurpations", "absolute", "repeated", "this", "world", "refused", "pass", "other", \
+        "others", "without", "justice", "peace", "power", "seas", "war", "do", "declaration", "america", "becomes", "necessary", \
+        "political", "equal", "declare", "causes", "separation", "men", "happiness", "any", "form", "alter", "or", "will", \
+        "forms", "same", "object", "off", "necessity", "history", "great", "britain", "tyranny", "over", "public", "good", \
+        "unless", "suspended", "so", "would", "legislature", "only", "legislative", "bodies", "purpose", "into", "dissolved", \
+        "state", "endeavoured", "refusing", "hither", "conditions", "establishing", "offices", "out", "armies", "legislatures", \
+        "render", "jurisdiction", "foreign", "acts", "pretended", "trial", "inhabitants", "cases", "transporting", "rule", \
+        "declaring", "here", "protection", "against", "lives", "circumstances", "ages", "totally", "friends", "brethren", "whose", \
+        "every", "may", "therefore", "ought", "unanimous", "thirteen", "course", "human", "events", "one", "dissolve", "bands", \
+        "connected", "another", "assume", "earth", "separate", "station", "nature", "natures", "god", "entitle", "decent", \
+        "respect", "opinions", "requires", "impel", "truths", "self", "evident", "created", "endowed", "creator", "certain", \
+        "unalienable", "life", "liberty", "pursuit", "secure", "instituted", "deriving", "just", "governed", "whenever", \
+        "destructive", "ends", "abolish", "institute", "laying", "foundation", "principles", "organizing", "shall", "seem", \
+        "likely", "effect", "safety", "prudence", "indeed", "dictate", "established", "not", "changed", "light", "transient", \
+        "accordingly", "experience", "hath", "shewn", "more", "disposed", "suffer", "while", "evils", "sufferable", "than", \
+        "accustomed", "but", "train", "abuses", "pursuing", "invariably", "evinces", "design", "reduce", "under", "despotism", \
+        "duty", "throw", "provide", "guards", "future", "security", "patient", "sufferance", "now", "constrains", "former", \
+        "systems", "present", "king", "injuries", "having", "direct", "establishment", "prove", "let", "facts", "submitted", \
+        "candid", "wholesome", "forbidden", "governors", "immediate", "pressing", "importance", "operation", "till", "obtained", \
+        "utterly", "neglected", "attend", "accommodation", "districts", "those", "relinquish", "representation", "inestimable", \
+        "formidable", "tyrants", "called", "together", "places", "unusual", "uncomfortable", "distant", "depository", "records", \
+        "sole", "fatiguing", "compliance", "measures", "representative", "houses", "repeatedly", "opposing", "manly", "firmness", \
+        "invasions", "after", "dissolutions", "cause", "elected", "whereby", "incapable", "annihilation", "returned", "exercise", \
+        "remaining", "mean", "exposed", "dangers", "invasion", "convulsions", "within", "prevent", "population", "obstructing", \
+        "naturalization", "foreigners", "encourage", "migrations", "raising", "appropriations", "lands", "obstructed", \
+        "administration", "judiciary", "made", "judges", "dependent", "alone", "tenure", "amount", "payment", "salaries", \
+        "erected", "multitude", "sent", "swarms", "officers", "harrass", "eat", "substance", "kept", "times", "standing", \
+        "affected", "military", "superior", "civil", "combined", "subject", "constitution", "unacknowledged", "giving", \
+        "legislation", "quartering", "armed", "troops", "protecting", "mock", "punishment", "murders", "commit", "cutting", \
+        "trade", "parts", "imposing", "taxes", "depriving", "many", "benefits", "jury", "beyond", "tried", "offences", "system", \
+        "english", "neighbouring", "province", "therein", "arbitrary", "enlarging", "boundaries", "once", "example", "fit", \
+        "instrument", "introducing", "taking", "away", "charters", "valuable", "altering", "fundamentally", "suspending", "own", \
+        "invested", "legislate", "whatsoever", "abdicated", "waging", "plundered", "ravaged", "coasts", "burnt", "towns", \
+        "destroyed", "mercenaries", "compleat", "works", "death", "desolation", "already", "begun", "cruelty", "perfidy", \
+        "scarcely", "paralleled", "barbarous", "unworthy", "head", "civilized", "nation", "constrained", "fellow", "citizens", \
+        "taken", "captive", "high", "bear", "arms", "country", "become", "executioners", "fall", "hands", "excited", "domestic", \
+        "insurrections", "amongst", "bring", "frontiers", "merciless", "indian", "savages", "known", "warfare", "undistinguished", \
+        "destruction", "sexes", "stage", "oppressions", "petitioned", "redress", "humble", "terms", "petitions", "answered", \
+        "injury", "prince", "character", "thus", "marked", "act", "define", "tyrant", "unfit", "ruler", "nor", "wanting", \
+        "attentions", "brittish", "warned", "attempts", "extend", "unwarrantable", "reminded", "emigration", "settlement", \
+        "appealed", "native", "magnanimity", "conjured", "ties", "common", "kindred", "disavow", "inevitably", "interrupt", \
+        "connections", "correspondence", "too", "deaf", "voice", "consanguinity", "must", "acquiesce", "denounces", "rest", \
+        "enemies", "representatives", "general", "congress", "assembled", "appealing", "supreme", "judge", "rectitude", \
+        "intentions", "name", "authority", "solemnly", "publish", "absolved", "allegiance", "british", "crown", "connection", \
+        "between", "full", "levy", "conclude", "contract", "alliances", "establish", "commerce", "things", "support", "firm", \
+        "reliance", "divine", "providence", "mutually", "pledge", "each", "fortunes", "sacred", "honor"\
+    }\
+)
+//! Short macro for getting the `PASSWORD_WORDS` array size
+#define PASSWORD_WORDS_LEN (STATIC_ARRAY_LEN(PASSWORD_WORDS))
 #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
 #if ___VXGG___USE_CLS_CALLBACK___ > 0
+//! Definition for the callback function that fires when a call to checksodium fails
+typedef void (*vxgg_naclfailcb)(void*);
 /**
 * @brief Default sodium init fail callback for use in `checksodiumcb()`
- * 
+ *
 * @param none Unused param to fit callback spec
 */
 static void naclfaildefault(void *none) {
-    none = none; // Makes gcc happy    
+    none = none; // Makes gcc happy
    if(___VXGG___VERBOSE_ERRORS___)
        error(1, ENOTSUP, "<naclfaildefault> Couldn't initialize sodium for some reason. Quitting...");
    exit(EXIT_FAILURE);
@@ -50,7 +130,7 @@ static void naclfaildefault(void *none) {
 /**
 * @brief Internal function to deal with the `___VXGG___USE_CLS_CALLBACK___` macro
- * 
+ *
 * `checksodiumcb()` runs the sodium function `sodium_init()` and on error calls the provided callback with the provided data. The
 * callback and data default to `naclfaildefault` and `NULL`, but can be changed when the `set` parameter is non-zero. When `set`
 * is zero, the sodium init check is preformed
@@ -59,11 +139,11 @@ static void naclfaildefault(void *none) {
 * macros are both greater than 0 when compiling, and 2: a function in `encryption.c` calls a function originating from sodium. This
 * function exists as a way to deal with sodium failing yourself, instead of instantly calling `exit()`. If you don't care to handle
 * it, or are initializing sodium yourself, this is unnecessary
- * 
+ *
 * @param callback A callback to be ran when sodium fails to initialize itself. Ignored if `set` is zero. Must be non-null when `set` is non-zero
 * @param data Data to be passed to the callback when it is fired. Ignored if `set` is zero. May be null
 * @param set Flag on whether to check sodium or to set a new callback and data pair. Checks sodium when zero, sets callback & data when non-zero
- * @retval int 
+ * @retval int
 */
 static int checksodiumcb(vxgg_naclfailcb const callback, void *data, unsigned char set) {
    static vxgg_naclfailcb cb = naclfaildefault;
@@ -97,9 +177,9 @@ void vxgg_setsodiumfailcb(vxgg_naclfailcb cb, void *data) {
 * @brief Simple function to check if sodium has been properly initialized
 *
 * `checksodium()` will run in functions located in `encryption.h` only when the macro `___VXGG___ALWAYS_CHECK_LIBSODIUM___` is greater
- * than zero when compiling. It will call the `checksodiumcb()` function if compiled with the `___VXGG___USE_CLS_CALLBACK___` macro. 
+ * than zero when compiling. It will call the `checksodiumcb()` function if compiled with the `___VXGG___USE_CLS_CALLBACK___` macro.
- * When called, checksodium will run `sodium_init()`, and will either run the user-defined callback or `XALLOC_EXIT`. 
+ * When called, checksodium will run `sodium_init()`, and will either run the user-defined callback or `XALLOC_EXIT`.
- * 
+ *
 */
 static void checksodium(void) {
    #if ___VXGG___USE_CLS_CALLBACK___ > 0
@@ -112,17 +192,30 @@ static void checksodium(void) {
    }
    #endif
-    
    return;
 }
 #endif
+/**
+ * @brief open() with the flags O_TMPFILE, O_WRONLY, O_CLOEXEC, and O_SYNC. Opened with mode S_IRUSR, S_IWUSR
+ *
+ * @param dest The filename the new descriptor should have. Must be non-null
+ * @retval (int)[-1,int] A new file descriptor. -1 on error
+ */
 int maketmp(const char * const dest) {
    if(!dest) ERRRET(EINVAL, -1);
    return open(dest, (O_TMPFILE | O_WRONLY | O_CLOEXEC | O_SYNC), (S_IRUSR | S_IWUSR));
 }
+/**
+ * @brief Link a file descriptor into the filesystem
+ *
+ * @param target New filename the descriptor should have
+ * @param tgfd The file descriptor to link
+ * @retval (int)[-1, 0] 0 on success, -1 on error
+ */
 int linkto(const char * const target, int tgfd) {
    if(!target) ERRRET(EINVAL, -1);
@@ -131,6 +224,9 @@ int linkto(const char * const target, int tgfd) {
    if(!path)
        ERROR(1, errno, "<linkto> Couldn't get path to move file into system",);
    remove(target); // Make sure an old version isn't sticking around (it's not catastrophic if this fails, but it should be noted or logged somewhere)
+    // TODO: This is bad. If a file gets deleted and the program crashes before the new one can get linked into the fs, the data is lost.
+    // I really should write a function entirely dedicated to dealing with linking
    int res = linkat(AT_FDCWD, path, AT_FDCWD, target, AT_SYMLINK_FOLLOW);
    free(path);
    return res;
@@ -150,6 +246,132 @@ static void __ucl_fclose(void *file) {
    return;
 }
+/**
+ * @brief Encrypt src to dst using libsodium's xchacha encryption suite
+ *
+ * @param src File to encrypt
+ * @param dst Destination to write encrypted file
+ * @param key Key for encryption
+ * @retval (int)[-1, 0] Returns 0 on success, sets errno and returns -1 on error
+ */
+int encrypttofile(FILE *src, FILE *dst, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
+    if(!src || !dst || !key) ERRRET(EINVAL, -1);
+    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
+        checksodium();
+    #endif
+    unsigned char  buf[CHUNKSIZE], cbuf[CHUNKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES];
+    unsigned char  header[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
+    crypto_secretstream_xchacha20poly1305_state state;
+    unsigned long long cbuflen;
+    unsigned char tag;
+    size_t bytesread;
+    int eof;
+    // Write the header
+    crypto_secretstream_xchacha20poly1305_init_push(&state, header, key);
+    if(fwrite(header, 1, sizeof(header), dst) < sizeof(header)) {
+        if(ferror(dst)) {
+            WARN(errno, "<encrypttofile> Could not write header",);
+            return -1;
+        }
+    }
+    // Encrypt each chunk
+    do {
+        if((bytesread = fread(buf, 1, sizeof(buf), src)) < sizeof(buf))
+            if(ferror(src)) {
+                WARN(errno, "<encrypttofile> Could not read from source",);
+                return -1;
+            }
+        eof = feof(src);
+        tag = eof ? crypto_secretstream_xchacha20poly1305_TAG_FINAL : 0;
+        crypto_secretstream_xchacha20poly1305_push(&state, cbuf, &cbuflen, buf, bytesread, NULL, 0, tag);
+        if(fwrite(cbuf, 1, (size_t)cbuflen, dst) < (size_t)cbuflen)
+            if(ferror(dst)) {
+                WARN(errno, "<encrypttofile> Could not write to target",);
+                return -1;
+            }
+    } while (!eof);
+    return 0;
+}
+/**
+ * @brief Decrypt src to dst using libsodium's xchacha encryption suite
+ *
+ * @param src File to decrypt
+ * @param dst Destination to write decrypted file
+ * @param key Key used to encrypt
+ * @retval (int)[-1, 0] Returns 0 on success, sets errno and returns -1 on error
+ */
+int decrypttofile(FILE *src, FILE *dst, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
+    if(!src || !dst || !key) ERRRET(EINVAL, -1);
+    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
+        checksodium();
+    #endif
+    unsigned char  cbuf[CHUNKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES], buf[CHUNKSIZE];
+    unsigned char  header[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
+    crypto_secretstream_xchacha20poly1305_state state;
+    unsigned long long buflen;
+    unsigned char  tag;
+    size_t bytesread;
+    int eof;
+    // Read the header
+    if(fread(header, 1, sizeof(header), src) < sizeof(header)) {
+        if(ferror(src)) {
+            WARN(errno, "<decrypttofile> Couldn't read header", );
+            return -1;
+        }
+    }
+    // Make sure the header isn't fuckey
+    if(crypto_secretstream_xchacha20poly1305_init_pull(&state, header, key) != 0) {
+        WARN(errno, "<decrypttofile> Incomplete header", );
+        return -1;
+    }
+    // Decrypt each chunk
+    do {
+        if((bytesread = fread(cbuf, 1, sizeof(cbuf), src)) < sizeof(cbuf)) {
+            if(ferror(src)) {
+                WARN(errno, "<decrypttofile> Ran into problem reading for decryption", );
+                return -1;
+            }
+        }
+        eof = feof(src);
+        if (crypto_secretstream_xchacha20poly1305_pull(&state, buf, &buflen, &tag, cbuf, bytesread, NULL, 0) != 0) {
+            WARN(errno, "<decrypttofile> Corrupted chunk", );
+            return -1;
+        }
+        if(tag == crypto_secretstream_xchacha20poly1305_TAG_FINAL && !eof) {
+            WARN(errno, "<decrypttofile> End of stream before end of file", );
+            return -1;
+        }
+        if(eof && tag != crypto_secretstream_xchacha20poly1305_TAG_FINAL) {
+            WARN(errno, "<decrypttofile> End of file before end of stream", );
+            return -1;
+        }
+        fwrite(buf, 1, (size_t)buflen, dst);
+    } while(! eof);
+    return 0;
+}
+/**
+ * @brief Encrypt file at `target` to `output` using Linux's named temp file system to do it in the background
+ *
+ * @param target
+ * @param output
+ * @param key
+ * @retval (int)[,]
+ */
 int encryptviatmp(const char * const target, const char * const output, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
        checksodium();
@@ -203,7 +425,7 @@ int encryptviatmp(const char * const target, const char * const output, const un
        // Not going to bother changing this, it probably is catastrophic if an error happens when it shouldn't
        if(encrypttofile(src, dst, key) < 0)
            ERROR(1, ENOTRECOVERABLE, "<encryptviatmp> I don't even have a way to cause an error here. How did you do it?",);
-        
        // Link the temp file into the system
        if(linkto(output, tfd) < 0)
            WARN(errno, "<encryptviatmp> Could not link \"%s\" into system after encryption", , output);
@@ -213,21 +435,29 @@ int encryptviatmp(const char * const target, const char * const output, const un
        fclose(src);
        // fclose alco closes fd and tfd, as fdopen does not dup the file descriptors
    );
-    
    cleanup_CNDFIRE();
    if(cleanup_ERRORFLAGGED)
        return -1;
-    
    return 0;
 }
+/**
+ * @brief Decrypt the file at `encrypted` to `target`
+ *
+ * @param encrypted
+ * @param target
+ * @param key
+ * @retval (int)[,]
+ */
 int decryptto(const char * const target, const char * const output, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
    if(!target || !output || !key) ERRRET(EINVAL, -1);
    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
        checksodium();
    #endif
-    
    cleanup_CREATE(10);
    FILE *src, *dst;
    int fdst;
@@ -276,7 +506,7 @@ int decryptto(const char * const target, const char * const output, const unsign
    if(cleanup_ERRORFLAGGED)
        return -1;
-    // Note: If an error were to theoretically occur, which shouldn't be possible but I'm covering my bases here, after the 
+    // Note: If an error were to theoretically occur, which shouldn't be possible but I'm covering my bases here, after the
    // `dst = fdopen` line, a double close on the temp file descriptor would occur. I've been told that this is not catastrophic,
    // and considering how my multithreading works it *should* be fine, but it very well could cause problems. The easy solution is
    // to man up and just write another cleanup function to pop the last thing off the stack, but again this is an error I can't
@@ -285,108 +515,13 @@ int decryptto(const char * const target, const char * const output, const unsign
    return 0;
 }
-int encrypttofile(FILE *src, FILE *dst, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
+/**
-    if(!src || !dst || !key) ERRRET(EINVAL, -1);
+ * @brief Generate a password viable for use in the derivation of a key
-    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
+ *
-        checksodium();
+ * @param str Pointer to a string. This will be filled by a malloc'ed string of words (the password). Must be non-null
-    #endif
+ * @param words The number of words to include in the password. A password of at least 20 words and probably not more than 40 is recommended
+ * @retval (int)[-1, words] On success, returns the number of words requested. On error, returns -1 and sets errno
-    unsigned char  buf[CHUNKSIZE], cbuf[CHUNKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES];
+ */
-    unsigned char  header[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
-    crypto_secretstream_xchacha20poly1305_state state;
-    unsigned long long cbuflen;
-    unsigned char tag;
-    size_t bytesread;
-    int eof;
-    // Write the header
-    crypto_secretstream_xchacha20poly1305_init_push(&state, header, key);
-    if(fwrite(header, 1, sizeof(header), dst) < sizeof(header)) {
-        if(ferror(dst)) {
-            WARN(errno, "<encrypttofile> Could not write header",);
-            return -1;
-        }
-    }
-    // Encrypt each chunk
-    do {
-        if((bytesread = fread(buf, 1, sizeof(buf), src)) < sizeof(buf))
-            if(ferror(src)) {
-                WARN(errno, "<encrypttofile> Could not read from source",);
-                return -1;
-            }
-        eof = feof(src);
-        tag = eof ? crypto_secretstream_xchacha20poly1305_TAG_FINAL : 0;
-        crypto_secretstream_xchacha20poly1305_push(&state, cbuf, &cbuflen, buf, bytesread, NULL, 0, tag);
-        if(fwrite(cbuf, 1, (size_t)cbuflen, dst) < (size_t)cbuflen)
-            if(ferror(dst)) {
-                WARN(errno, "<encrypttofile> Could not write to target",);
-                return -1;
-            }
-    } while (!eof);
-    
-    return 0;
-}
-int decrypttofile(FILE *src, FILE *dst, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {    
-    if(!src || !dst || !key) ERRRET(EINVAL, -1);    
-    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
-        checksodium();
-    #endif
-    unsigned char  cbuf[CHUNKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES], buf[CHUNKSIZE];
-    unsigned char  header[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
-    crypto_secretstream_xchacha20poly1305_state state;
-    unsigned long long buflen;
-    unsigned char  tag;
-    size_t bytesread;
-    int eof;
-    
-    // Read the header
-    if(fread(header, 1, sizeof(header), src) < sizeof(header)) {
-        if(ferror(src)) {
-            WARN(errno, "<decrypttofile> Couldn't read header", );
-            return -1;
-        }
-    }
-    // Make sure the header isn't fuckey
-    if(crypto_secretstream_xchacha20poly1305_init_pull(&state, header, key) != 0) {
-        WARN(errno, "<decrypttofile> Incomplete header", );
-        return -1;
-    }
-    // Decrypt each chunk
-    do {
-        if((bytesread = fread(cbuf, 1, sizeof(cbuf), src)) < sizeof(cbuf)) {
-            if(ferror(src)) {
-                WARN(errno, "<decrypttofile> Ran into problem reading for decryption", );
-                return -1;
-            }
-        }
-        eof = feof(src);
-        if (crypto_secretstream_xchacha20poly1305_pull(&state, buf, &buflen, &tag, cbuf, bytesread, NULL, 0) != 0) {
-            WARN(errno, "<decrypttofile> Corrupted chunk", );
-            return -1;
-        }
-        if(tag == crypto_secretstream_xchacha20poly1305_TAG_FINAL && !eof) {
-            WARN(errno, "<decrypttofile> End of stream before end of file", );
-            return -1;
-        }
-        if(eof && tag != crypto_secretstream_xchacha20poly1305_TAG_FINAL) {
-            WARN(errno, "<decrypttofile> End of file before end of stream", );
-            return -1;
-        }
-        
-        fwrite(buf, 1, (size_t)buflen, dst);
-    } while(! eof);
-    return 0;
-}
 int genpassword(char **str, unsigned int words) {
    // Early returns
    if(words < 1) return 0;
@@ -402,7 +537,7 @@ int genpassword(char **str, unsigned int words) {
    // Concat the rest of the words into the password (without leaking memory)
    int ret;
-    for(unsigned int i = 1; i < words; i++) {    
+    for(unsigned int i = 1; i < words; i++) {
        ret = asprintf(&tmp, "%s %s", lstr, PASSWORD_WORDS[randombytes_uniform(PASSWORD_WORDS_LEN)]);
        sodium_memzero(lstr, strlen(lstr) + 1);
        free(lstr);
@@ -416,6 +551,14 @@ int genpassword(char **str, unsigned int words) {
    return words;
 }
+/**
+ * @brief sodium_malloc wrapper.
+ *
+ * Calls `error()` or `abort()` depnding on the value of `___VXGG___XALLOC_EXIT_ON_ERROR___`. Will make sure libsodium is initialized if `___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0`
+ *
+ * @param size
+ * @retval (void*) A pointer to some data allocated via `sodium_malloc()`
+ */
 void* xsodium_malloc(size_t size) {
    #if ___VXGG___ALWAYS_CHECK_LIBSODIUM___ > 0
        checksodium();
@@ -436,7 +579,7 @@ void* xsodium_malloc(size_t size) {
 // dlinkedlist * scandirlist(const char * const dir, int (*selector)(const struct dirent *), int (*cmp)(const struct dirent **, const struct dirent **)) {
 //     if(!dir || selector == NULL || cmp == NULL) ERRRET(EINVAL, NULL);
-    
 //     struct dirent **namelist = NULL;
 //     dlinkedlist *list = NULL;
 //     int numentries = -1;
@@ -459,137 +602,38 @@ void* xsodium_malloc(size_t size) {
 //     return list;
 // }
+// Above implementation is flawed and would not actually scan the entire system. The process must be recursive:
+    // Step 1 - Create directory list
+    // Step 2 - Create --cryption ctq
+    // Step 3 - Scan initial starting dir. This will be /home/
+    // Step 4 - Iterate over scan results
+        // Step 4.1 - For all directory dirent objects, add them to the directory list
+        // Step 4.2 - For all file dirent objects, add them to the --cryption ctq
+    // Step 5 - Scan next entry in the dirlist, removing it once done. Repeat Step 4
+    // Step 6 - Free dirlist once empty, return newly populated --cryption ctq
+// Idea: Create 2 ctqs. Use one for the actual scanning, and the other as the return result. That way, not only will scanning be
+// fast, but I can also just reuse code I've already written and not make some absolute spaghetti mess trying to do everything
+// linearly
-struct __FLC_FKP {
+int __cscan_worker(void *data) {
-    char *target;
+    if(!data) return -1;
-    char *output;
-    const unsigned char *key;
-};
-struct __FLC_FKP * fkp_init(char * const target, char * const output, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
-    if(!target || !output || !key) ERRRET(EINVAL, NULL);
-    struct __FLC_FKP *fkp = calloc(1, sizeof(*fkp));
-    if(!fkp)
-        return NULL;
-    fkp->key = key;
-    fkp->output = output;
-    fkp->target = target;
-    return fkp;
-}
-void fkp_free(void *fkp) {
-    if(!fkp) return;
-    struct __FLC_FKP *real = (struct __FLC_FKP *)fkp;
-    free(real->output);
-    free(real->target);
-    free(real);
-    return;
-}
-static int __FLC_TASK_ENCRYPT(void *fkp) {
-    if(!fkp)
-        return -1;
-    struct __FLC_FKP *real = (struct __FLC_FKP *)fkp;
-    return encryptviatmp(real->target, real->output, real->key);
-}
-static int __FLC_TASK_DECRYPT(void *fkp) {
-    if(!fkp)
-        return -1;
-    struct __FLC_FKP *real = (struct __FLC_FKP *)fkp;
-    return decryptto(real->target, real->output, real->key);
-}
-enum VXGG_FLC {
+    return 0;
-    VXGG_FLC__INVALID,
-    VXGG_FLC__ENCRYPT,
-    VXGG_FLC__DECRYPT,
-    VXGG_FLC__TOOBIG
-};
-struct __ucl_namelist_vals {
-    struct dirent **namelist;
-    int entries;
-};
-static void __ucl_namelist(void *namelist) {
-    if(!namelist) return;
-    struct __ucl_namelist_vals *real = namelist;
-    for(int i = 0; i > real->entries; i++)
-        free(real->namelist[i]);
-    free(real->namelist);
-    return;
 }
-// TODO: Write these
+ctqueue * cryptscan() {
-static int encryption_filter(const struct dirent *de) {
+    ctqueue *res = ctqueue_init(TPSIZE), *working = ctqueue_init(TPSIZE);
+    if(!res || !working) ERRRET(errno, NULL);
-}
+    task *start = task_init(__cscan_worker, free, void *data);
-static int decryption_filter(const struct dirent *de) {
+    if(!start) ERRRET(errno, NULL);
+    ctqueue_waitpush(working, start);
-}
-ctqueue * getfilelist(enum VXGG_FLC mode, const char  * const dir, int threads, const unsigned char key[crypto_secretstream_xchacha20poly1305_KEYBYTES]) {
+    return res;
-    if(mode <= VXGG_FLC__INVALID || mode >= VXGG_FLC__TOOBIG || !dir || threads <= 0 || !key) ERRRET(EINVAL, NULL);
-    
-    cleanup_CREATE(10);
-    ctqueue *ctq = NULL;
-    int files = -1;
-    
-    // Create the ctqueue for later
-    ctq = ctqueue_init(threads);
-    if(!ctq)
-        return NULL;
-    cleanup_REGISTER(ctqueue_free, ctq);
-    // Get the scandir list
-    struct dirent **namelist;
-    if((files = scandir(dir, &namelist, ((mode == VXGG_FLC__ENCRYPT) ? encryption_filter : decryption_filter), alphasort)) < 0)
-        cleanup_MARK();
-    cleanup_CNDREGISTER(__ucl_namelist, (void*)(&(struct __ucl_namelist_vals){.namelist = namelist, .entries = files}));
-    // Push everything onto the ctqueue
-        // TODO: Write task* compatible callbacks for encryption and decryption, then populate the ctqueue based on the specified mode
-    cleanup_CNDEXEC(
-        for(int i = 0; i < files; i++) {
-            
-            // Target is either "filename" or "filename.vxggr"
-            // Output is either "filename.vxggr" or "filename"
-            struct __FLC_FKP *fkp = fkp_init(target, output, key);
-            if(!fkp) {
-                WARN(errno, "<getfilelist> Could not create file-key pair for \"%s\"'s %scryption task, skipping...",, namelist[i]->d_name, ((mode == VXGG_FLC__ENCRYPT) ? "en" : "de"));
-                free(target);
-                free(output);
-            }
-            task *ctask = task_init((mode == VXGG_FLC__ENCRYPT) ? __FLC_TASK_ENCRYPT : __FLC_TASK_DECRYPT, fkp_free, fkp);
-            if(!ctask) {
-                WARN(errno, "<getfilelist> Could not push \"%s\"'s %scryption task, skipping...",, namelist[i]->d_name, ((mode == VXGG_FLC__ENCRYPT) ? "en" : "de"));
-                free(namelist[i]);
-                continue;
-            }
-            ctqueue_waitpush(ctq, ctask);
-        }
-        free(namelist);
-        // namelist is the array that holds each pointer to each dirent, so it needs to be free'd separately from the other elements
-    );
-    cleanup_CNDFIRE();
-    if(cleanup_ERRORFLAGGED)
-        return NULL;
-    return ctq;
 }
 /*
 int main(void) {
    // Example code for creating a temp file, writing to it, then linking it back into the fs
@@ -602,7 +646,7 @@ int main(void) {
    if(write(fd, testmsg, strlen(testmsg)) < 0)
        error(1, errno, "write broke");
-    
    asprintf(&path, "/proc/self/fd/%d", fd);
    linkat(AT_FDCWD, path, AT_FDCWD, "./test", AT_SYMLINK_FOLLOW);
    free(path);
@@ -623,7 +667,7 @@ int main(void) {
    //*///
    /*// Example code for generating a password, derriving a secret key from it, and storing things properly
-    
    // Initialization
    checksodium();
    char *pass = NULL, hpass[crypto_pwhash_STRBYTES];
@@ -638,7 +682,7 @@ int main(void) {
    // Store the password
    if(crypto_pwhash_str(hpass, pass, strlen(pass) + 1, crypto_pwhash_OPSLIMIT_MODERATE, crypto_pwhash_MEMLIMIT_MODERATE) != 0)
        error(1, errno, "Couldn't generate password, quitting...");
-        // Don't know if I want to use MODERATE or SENSITIVE for this. SENSITIVE takes a little bit on my laptop, which honestly 
+        // Don't know if I want to use MODERATE or SENSITIVE for this. SENSITIVE takes a little bit on my laptop, which honestly
        // shouldn't be a problem, but it annoys me. MODERATE is quick and snappy, or at least quick enough that the slowdown is
        // barely noticable. I might do MODERATE for testing and SENSITIVE for release
@@ -661,4 +705,6 @@ int main(void) {
    return 0;
 }
-*/
-\ No newline at end of file
+*/
+#endif
+\ No newline at end of file