Picocrypt/src/Picocrypt.go

package main

/*

Picocrypt v1.28
Copyright (c) Evan Su (https://evansu.cc)
Released under a GNU GPL v3 License
https://github.com/HACKERALERT/Picocrypt

~ In cryptography we trust ~

*/

import (
	_ "embed"

	"archive/zip"
	"bytes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/rand"
	"crypto/subtle"
	"fmt"
	"hash"
	"image"
	"image/color"
	"io"
	"math"
	"math/big"
	"os"
	"path/filepath"
	"regexp"
	"strconv"
	"strings"
	"time"

	"github.com/HACKERALERT/clipboard"
	"github.com/HACKERALERT/crypto/argon2"
	"github.com/HACKERALERT/crypto/blake2b"
	"github.com/HACKERALERT/crypto/chacha20"
	"github.com/HACKERALERT/crypto/hkdf"
	"github.com/HACKERALERT/crypto/sha3"
	"github.com/HACKERALERT/dialog"
	"github.com/HACKERALERT/giu"
	"github.com/HACKERALERT/infectious"
	"github.com/HACKERALERT/serpent"
	"github.com/HACKERALERT/zxcvbn-go"
)

// Generic variables
var version = "v1.28"
var window *giu.MasterWindow
var dpi float32
var mode string
var working bool
var recombine bool

// Popup modals
var modalId int           // A hack to keep modals centered
var showPassgen bool      // Password generator
var showKeyfile bool      // Keyfile manager
var showProgress bool     // Encryption/decryption progress
var showConfirmation bool // Confirm overwriting an existing file

// Input and output files
var onlyFiles []string
var onlyFolders []string
var allFiles []string
var inputLabel = "Drop files and folders into this window."
var inputFile string
var outputFile string

// Password and generator variables
var password string
var cpassword string
var passwordStrength int
var passwordState = giu.InputTextFlagsPassword
var passwordStateLabel = "Show"
var passgenCopy = true
var passgenLength int32 = 32
var passgenUpper = true
var passgenLower = true
var passgenNums = true
var passgenSymbols = true

// Keyfile variables
var keyfile bool
var keyfiles []string
var keyfileOrderMatters bool
var keyfilePrompt = "None selected."

// Comments variables
var comments string
var commentsPrompt = "Comments:"
var commentsDisabled bool

// Advanced options
var paranoid bool
var reedsolo bool
var deleteWhenDone bool
var split bool
var splitSize string
var splitUnits = []string{"KiB", "MiB", "GiB", "TiB", "Total"}
var splitSelected int32 = 1
var compress bool
var keep bool
var kept bool

// Status variables
var startLabel = "Start"
var mainStatus = "Ready."
var mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
var popupStatus string

// Progress variables
var progress float32
var progressInfo string

// Reed-Solomon codecs
var rs1, _ = infectious.NewFEC(1, 3) // 1 data shard, 3 total -> 2 parity shards
var rs5, _ = infectious.NewFEC(5, 15)
var rs16, _ = infectious.NewFEC(16, 48)
var rs24, _ = infectious.NewFEC(24, 72)
var rs32, _ = infectious.NewFEC(32, 96)
var rs64, _ = infectious.NewFEC(64, 192)
var rs128, _ = infectious.NewFEC(128, 136) // Used for full Reed-Solomon on files

// A passthrough and related helpers to get compression progress
var compressDone int64
var compressTotal int64

type compressorProgress struct {
	io.Reader
}

func (p *compressorProgress) Read(data []byte) (int, error) {
	read, err := p.Reader.Read(data)
	compressDone += int64(read)
	progress = float32(compressDone) / float32(compressTotal)
	giu.Update()
	return read, err
}

// The graphical user interface
func draw() {
	giu.SingleWindow().Flags(524351).Layout(
		giu.Custom(func() {
			if showPassgen {
				giu.PopupModal("Generate password:##"+strconv.Itoa(modalId)).Flags(6).Layout(
					giu.Row(
						giu.Label("Length:"),
						giu.SliderInt(&passgenLength, 4, 64).Size(giu.Auto),
					),
					giu.Checkbox("Uppercase", &passgenUpper),
					giu.Checkbox("Lowercase", &passgenLower),
					giu.Checkbox("Numbers", &passgenNums),
					giu.Checkbox("Symbols", &passgenSymbols),
					giu.Checkbox("Copy to clipboard", &passgenCopy),
					giu.Row(
						giu.Button("Cancel").Size(100, 0).OnClick(func() {
							giu.CloseCurrentPopup()
							showPassgen = false
						}),
						giu.Button("Generate").Size(100, 0).OnClick(func() {
							password = genPassword()
							cpassword = password
							passwordStrength = zxcvbn.PasswordStrength(password, nil).Score
							giu.CloseCurrentPopup()
							showPassgen = false
						}),
					),
				).Build()
				giu.OpenPopup("Generate password:##" + strconv.Itoa(modalId))
				giu.Update()
			}

			if showKeyfile {
				giu.PopupModal("Manage keyfiles:##"+strconv.Itoa(modalId)).Flags(70).Layout(
					giu.Label("Drag and drop your keyfiles here."),
					giu.Custom(func() {
						if mode != "decrypt" {
							giu.Checkbox("Require correct order", &keyfileOrderMatters).Build()
							giu.Tooltip("Decryption will require the correct keyfile order.").Build()
						} else if keyfileOrderMatters {
							giu.Label("Correct order is required.").Build()
						}
					}),
					giu.Separator(),
					giu.Custom(func() {
						for _, i := range keyfiles {
							giu.Label(filepath.Base(i)).Build()
						}
					}),
					giu.Row(
						giu.Button("Clear").Size(100, 0).OnClick(func() {
							keyfiles = nil
							if keyfile {
								keyfilePrompt = "Keyfiles required."
							} else {
								keyfilePrompt = "None selected."
							}
							modalId++
						}),
						giu.Tooltip("Remove all keyfiles."),

						giu.Button("Done").Size(100, 0).OnClick(func() {
							giu.CloseCurrentPopup()
							showKeyfile = false
						}),
					),
				).Build()
				giu.OpenPopup("Manage keyfiles:##" + strconv.Itoa(modalId))
				giu.Update()
			}

			if showConfirmation {
				giu.PopupModal("Warning:##"+strconv.Itoa(modalId)).Flags(6).Layout(
					giu.Label("Output already exists. Overwrite?"),
					giu.Row(
						giu.Button("No").Size(100, 0).OnClick(func() {
							giu.CloseCurrentPopup()
							showConfirmation = false
						}),
						giu.Button("Yes").Size(100, 0).OnClick(func() {
							giu.CloseCurrentPopup()
							showConfirmation = false
							modalId++
							showProgress = true
							giu.Update()
							go func() {
								work()
								working = false
								showProgress = false
								giu.Update()
							}()
						}),
					),
				).Build()
				giu.OpenPopup("Warning:##" + strconv.Itoa(modalId))
				giu.Update()
			}

			if showProgress {
				giu.PopupModal(" ##"+strconv.Itoa(modalId)).Flags(6).Layout(
					giu.Row(
						giu.ProgressBar(progress).Size(180, 0).Overlay(progressInfo),
						giu.Button("Cancel").Size(58, 0).OnClick(func() {
							working = false
						}),
					),
					giu.Label(popupStatus),
				).Build()
				giu.OpenPopup(" ##" + strconv.Itoa(modalId))
				giu.Update()
			}
		}),

		giu.Row(
			giu.Label(inputLabel),
			giu.Custom(func() {
				bw, _ := giu.CalcTextSize("Clear")
				p, _ := giu.GetWindowPadding()
				bw += p * 2
				giu.Dummy((bw+p)/-dpi, 0).Build()
				giu.SameLine()
				giu.Style().SetDisabled(len(allFiles) == 0 && len(onlyFiles) == 0).To(
					giu.Button("Clear").Size(bw/dpi, 0).OnClick(resetUI),
					giu.Tooltip("Clear all input files and reset UI state."),
				).Build()
			}),
		),

		giu.Separator(),
		giu.Style().SetDisabled(len(allFiles) == 0 && len(onlyFiles) == 0).To(
			giu.Label("Password:"),
			giu.Row(
				giu.Button(passwordStateLabel).Size(54, 0).OnClick(func() {
					if passwordState == giu.InputTextFlagsPassword {
						passwordState = giu.InputTextFlagsNone
						passwordStateLabel = "Hide"
					} else {
						passwordState = giu.InputTextFlagsPassword
						passwordStateLabel = "Show"
					}
				}),
				giu.Tooltip("Toggle the visibility of password entries."),

				giu.Button("Clear").Size(54, 0).OnClick(func() {
					password = ""
					cpassword = ""
				}),
				giu.Tooltip("Clear the password entries."),

				giu.Button("Copy").Size(54, 0).OnClick(func() {
					clipboard.WriteAll(password)
				}),
				giu.Tooltip("Copy the password into your clipboard."),

				giu.Button("Paste").Size(54, 0).OnClick(func() {
					tmp, _ := clipboard.ReadAll()
					password = tmp
					if mode != "decrypt" {
						cpassword = tmp
					}
					passwordStrength = zxcvbn.PasswordStrength(password, nil).Score
					giu.Update()
				}),
				giu.Tooltip("Paste a password from your clipboard."),

				giu.Style().SetDisabled(mode == "decrypt").To(
					giu.Button("Create").Size(54, 0).OnClick(func() {
						modalId++
						showPassgen = true
					}),
				),
				giu.Tooltip("Generate a cryptographically secure password."),
			),
			giu.Row(
				giu.InputText(&password).Flags(passwordState).Size(302/dpi).OnChange(func() {
					passwordStrength = zxcvbn.PasswordStrength(password, nil).Score
				}),
				giu.Custom(func() {
					c := giu.GetCanvas()
					p := giu.GetCursorScreenPos()

					col := color.RGBA{
						uint8(0xc8 - 31*passwordStrength),
						uint8(0x4c + 31*passwordStrength), 0x4b, 0xff,
					}
					if password == "" || mode == "decrypt" {
						col = color.RGBA{0xff, 0xff, 0xff, 0x00}
					}

					path := p.Add(image.Pt(
						int(math.Round(-20*float64(dpi))),
						int(math.Round(12*float64(dpi))),
					))
					c.PathArcTo(path, 6*dpi, -math.Pi/2, math.Pi*(.4*float32(passwordStrength)-.1), -1)
					c.PathStroke(col, false, 2)
				}),
			),

			giu.Dummy(0, 0),
			giu.Style().SetDisabled(password == "" || mode == "decrypt").To(
				giu.Label("Confirm password:"),
				giu.Row(
					giu.InputText(&cpassword).Flags(passwordState).Size(302/dpi),
					giu.Custom(func() {
						c := giu.GetCanvas()
						p := giu.GetCursorScreenPos()
						col := color.RGBA{0x4c, 0xc8, 0x4b, 0xff}

						if cpassword != password {
							col = color.RGBA{0xc8, 0x4c, 0x4b, 0xff}
						}
						if password == "" || cpassword == "" || mode == "decrypt" {
							col = color.RGBA{0xff, 0xff, 0xff, 0x00}
						}

						path := p.Add(image.Pt(
							int(math.Round(-20*float64(dpi))),
							int(math.Round(12*float64(dpi))),
						))
						c.PathArcTo(path, 6*dpi, 0, 2*math.Pi, -1)
						c.PathStroke(col, false, 2)
					}),
				),
			),

			giu.Dummy(0, 0),
			giu.Style().SetDisabled(mode == "decrypt" && !keyfile).To(
				giu.Row(
					giu.Label("Keyfiles:"),
					giu.Button("Edit").Size(54, 0).OnClick(func() {
						modalId++
						showKeyfile = true
					}),
					giu.Tooltip("Manage your keyfiles."),

					giu.Style().SetDisabled(mode == "decrypt").To(
						giu.Button("Create").Size(54, 0).OnClick(func() {
							f := dialog.File().Title("Choose where to save the keyfile.")
							f.SetStartDir(func() string {
								if len(onlyFiles) > 0 {
									return filepath.Dir(onlyFiles[0])
								}
								return filepath.Dir(onlyFolders[0])
							}())
							f.SetInitFilename("Keyfile")
							file, err := f.Save()
							if file == "" || err != nil {
								return
							}

							fout, _ := os.Create(file)
							data := make([]byte, 1<<20)
							rand.Read(data)
							fout.Write(data)
							fout.Close()
						}),
						giu.Tooltip("Generate a cryptographically secure keyfile."),
					),
					giu.Style().SetDisabled(true).To(
						giu.InputText(&keyfilePrompt).Size(giu.Auto),
					),
				),
			),
		),

		giu.Separator(),
		giu.Style().SetDisabled((mode == "decrypt" && comments == "") ||
			(mode != "decrypt" && ((len(keyfiles) == 0 && password == "") || (password != cpassword)))).To(
			giu.Style().SetDisabled(mode == "decrypt" && comments == "").To(
				giu.Label(commentsPrompt),
				giu.InputText(&comments).Size(giu.Auto).Flags(func() giu.InputTextFlags {
					if commentsDisabled {
						return giu.InputTextFlagsReadOnly
					}
					return giu.InputTextFlagsNone
				}()),
			),
		),
		giu.Style().SetDisabled((len(keyfiles) == 0 && password == "") ||
			(mode == "encrypt" && password != cpassword)).To(
			giu.Label("Advanced:"),
			giu.Custom(func() {
				if mode != "decrypt" {
					giu.Row(
						giu.Checkbox("Paranoid mode", &paranoid),
						giu.Tooltip("Provides the highest level of security attainable."),
						giu.Dummy(-170, 0),
						giu.Style().SetDisabled(!(len(allFiles) > 1 || len(onlyFolders) > 0)).To(
							giu.Checkbox("Compress files", &compress),
							giu.Tooltip("Compress files with Deflate before encrypting."),
						),
					).Build()

					giu.Row(
						giu.Checkbox("Reed-Solomon", &reedsolo),
						giu.Tooltip("Prevent file corruption by erasure coding (slow)."),
						giu.Dummy(-170, 0),
						giu.Checkbox("Delete files", &deleteWhenDone),
						giu.Tooltip("Delete the input files after encryption."),
					).Build()

					giu.Row(
						giu.Checkbox("Split into chunks:", &split),
						giu.Tooltip("Split the output file into smaller chunks."),
						giu.Dummy(-170, 0),
						giu.InputText(&splitSize).Size(86/dpi).Flags(1).OnChange(func() {
							split = splitSize != ""
						}),
						giu.Tooltip("Choose the chunk size."),
						giu.Combo("##splitter", splitUnits[splitSelected], splitUnits, &splitSelected).Size(68),
						giu.Tooltip("Choose the chunk size units."),
					).Build()
				} else {
					giu.Row(
						giu.Checkbox("Force decrypt", &keep),
						giu.Tooltip("Override security measures when decrypting."),
						giu.Dummy(-170, 0),
						giu.Checkbox("Delete volume", &deleteWhenDone),
						giu.Tooltip("Delete the volume after a successful decryption."),
					).Build()
				}
			}),

			giu.Label("Save output as:"),
			giu.Custom(func() {
				w, _ := giu.GetAvailableRegion()
				bw, _ := giu.CalcTextSize("Change")
				p, _ := giu.GetWindowPadding()
				bw += p * 2
				dw := w - bw - p
				giu.Style().SetDisabled(true).To(
					giu.InputText(func() *string {
						tmp := ""
						if outputFile == "" {
							return &tmp
						}
						tmp = filepath.Base(outputFile)
						return &tmp
					}()).Size(dw / dpi / dpi).Flags(16384),
				).Build()

				giu.SameLine()
				giu.Button("Change").Size(bw/dpi, 0).OnClick(func() {
					f := dialog.File().Title("Choose where to save the output. Don't include extensions.")
					f.SetStartDir(func() string {
						if len(onlyFiles) > 0 {
							return filepath.Dir(onlyFiles[0])
						}
						return filepath.Dir(onlyFolders[0])
					}())

					// Prefill the filename
					tmp := strings.TrimSuffix(filepath.Base(outputFile), ".pcv")
					f.SetInitFilename(strings.TrimSuffix(tmp, filepath.Ext(tmp)))
					if mode == "encrypt" && (len(allFiles) > 1 || len(onlyFolders) > 0) {
						f.SetInitFilename("Encrypted")
					}

					file, err := f.Save()
					if file == "" || err != nil {
						return
					}

					// Add the correct extensions
					if mode == "encrypt" {
						if len(allFiles) > 1 || len(onlyFolders) > 0 {
							file += ".zip.pcv"
						} else {
							file += filepath.Ext(inputFile) + ".pcv"
						}
					} else {
						if strings.HasSuffix(inputFile, ".zip.pcv") {
							file += ".zip"
						} else {
							tmp := strings.TrimSuffix(filepath.Base(inputFile), ".pcv")
							file += filepath.Ext(tmp)
						}
					}
					outputFile = file
				}).Build()
				giu.Tooltip("Save the output with a custom name and path.").Build()
			}),

			giu.Dummy(0, 0),
			giu.Separator(),
			giu.Dummy(0, 0),
			giu.Button(startLabel).Size(giu.Auto, 34).OnClick(func() {
				if keyfile && keyfiles == nil {
					mainStatus = "Please select your keyfiles."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					return
				}
				tmp, err := strconv.Atoi(splitSize)
				if split && (splitSize == "" || tmp <= 0 || err != nil) {
					mainStatus = "Invalid split size."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					return
				}
				_, err = os.Stat(outputFile)
				if err == nil {
					modalId++
					showConfirmation = true
					giu.Update()
				} else {
					modalId++
					showProgress = true
					giu.Update()
					go func() {
						work()
						working = false
						showProgress = false
						giu.Update()
					}()
				}
			}),
			giu.Style().SetColor(giu.StyleColorText, mainStatusColor).To(
				giu.Label(mainStatus),
			),
		),

		giu.Custom(func() {
			window.SetSize(int(318*dpi), giu.GetCursorPos().Y+1)
		}),
	)
}

func onDrop(names []string) {
	if showKeyfile {
		keyfiles = append(keyfiles, names...)

		// Remove duplicate keyfiles
		var tmp []string
		for _, i := range keyfiles {
			duplicate := false
			for _, j := range tmp {
				if i == j {
					duplicate = true
				}
			}
			stat, _ := os.Stat(i)
			if !duplicate && !stat.IsDir() {
				tmp = append(tmp, i)
			}
		}
		keyfiles = tmp

		// Update the keyfile status
		if len(keyfiles) == 1 {
			keyfilePrompt = "Using 1 keyfile."
		} else {
			keyfilePrompt = fmt.Sprintf("Using %d keyfiles.", len(keyfiles))
		}

		// Recenter the keyfile modal
		modalId++
		return
	}

	// Clear variables and UI state
	recombine = false
	onlyFiles = nil
	onlyFolders = nil
	allFiles = nil
	files, folders := 0, 0
	size := 0
	resetUI()

	// One item dropped
	if len(names) == 1 {
		stat, _ := os.Stat(names[0])

		// A folder was dropped
		if stat.IsDir() {
			folders++
			mode = "encrypt"
			inputLabel = "1 folder selected."
			startLabel = "Encrypt"
			onlyFolders = append(onlyFolders, names[0])
			inputFile = filepath.Join(filepath.Dir(names[0]), "Encrypted") + ".zip"
			outputFile = inputFile + ".pcv"
		} else { // A file was dropped
			files++
			name := filepath.Base(names[0])

			// Is the file a part of a split volume?
			nums := []string{"0", "1", "2", "3", "4", "5", "6", "7", "8", "9"}
			endsNum := false
			for _, i := range nums {
				if strings.HasSuffix(names[0], i) {
					endsNum = true
				}
			}
			isSplit := strings.Contains(names[0], ".pcv.") && endsNum

			// Decide if encrypting or decrypting
			if strings.HasSuffix(names[0], ".pcv") || isSplit {
				mode = "decrypt"
				inputLabel = name
				startLabel = "Decrypt"
				commentsPrompt = "Comments (read-only):"
				commentsDisabled = true

				if isSplit {
					ind := strings.Index(names[0], ".pcv")
					names[0] = names[0][:ind+4]
					inputFile = names[0]
					outputFile = names[0][:ind]
					recombine = true
				} else {
					outputFile = names[0][:len(names[0])-4]
				}

				// Open the input file in read-only mode
				var fin *os.File
				if isSplit {
					fin, _ = os.Open(names[0] + ".0")
				} else {
					fin, _ = os.Open(names[0])
				}

				// Use regex to test if the input is a valid Picocrypt volume
				tmp := make([]byte, 30)
				fin.Read(tmp)
				if string(tmp[:5]) == "v1.13" {
					resetUI()
					mainStatus = "Please use v1.13 to decrypt this file."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					fin.Close()
					return
				}
				if valid, _ := regexp.Match(`^v\d\.\d{2}.{10}0?\d+`, tmp); !valid && !isSplit {
					resetUI()
					mainStatus = "This doesn't seem like a Picocrypt volume."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					fin.Close()
					return
				}

				// Use regex to test if the volume is compatible
				fin.Seek(0, 0)
				tmp = make([]byte, 15)
				fin.Read(tmp)
				tmp, _ = rsDecode(rs5, tmp)
				if valid, _ := regexp.Match(`^v1.1[456]$`, tmp); valid {
					resetUI()
					mainStatus = "Please use v1.16 to decrypt this file."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					fin.Close()
					return
				}
				if valid, _ := regexp.Match(`^(v1.1[789])|(v1.2[01])$`, tmp); valid {
					resetUI()
					mainStatus = "Please use v1.21 to decrypt this file."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					fin.Close()
					return
				}

				// Read comments from file and check for corruption
				var err error
				tmp = make([]byte, 15)
				fin.Read(tmp)
				tmp, err = rsDecode(rs5, tmp)
				if err == nil {
					commentsLength, _ := strconv.Atoi(string(tmp))
					tmp = make([]byte, commentsLength*3)
					fin.Read(tmp)
					comments = ""
					for i := 0; i < commentsLength*3; i += 3 {
						t, err := rsDecode(rs1, tmp[i:i+3])
						if err != nil {
							comments = "Comments are corrupted."
							break
						}
						comments += string(t)
					}
				} else {
					comments = "Comments are corrupted."
				}

				// Read flags from file and check for corruption
				flags := make([]byte, 15)
				fin.Read(flags)
				fin.Close()
				flags, err = rsDecode(rs5, flags)
				if err != nil {
					mainStatus = "The volume header is damaged."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					return
				}

				// Update UI and variables according to flags
				if flags[1] == 1 {
					keyfile = true
					keyfilePrompt = "Keyfiles required."
				} else {
					keyfilePrompt = "Not applicable."
				}
				if flags[2] == 1 {
					keyfileOrderMatters = true
				}
			} else { // One file that is not a Picocrypt volume was dropped
				mode = "encrypt"
				inputLabel = name
				startLabel = "Encrypt"
				inputFile = names[0]
				outputFile = names[0] + ".pcv"
			}

			// Add the file
			onlyFiles = append(onlyFiles, names[0])
			inputFile = names[0]
			size += int(stat.Size())
		}
	} else { // There are multiple dropped items
		mode = "encrypt"

		// Go through each dropped item and add to corresponding slices
		for _, name := range names {
			stat, _ := os.Stat(name)
			if stat.IsDir() {
				folders++
				onlyFolders = append(onlyFolders, name)
			} else {
				files++
				onlyFiles = append(onlyFiles, name)
				allFiles = append(allFiles, name)
				size += int(stat.Size())
			}
		}

		// Update UI with the number of files and folders selected
		if folders == 0 {
			inputLabel = fmt.Sprintf("%d files selected.", files)
		} else if files == 0 {
			inputLabel = fmt.Sprintf("%d folders selected.", folders)
		} else {
			if files == 1 && folders > 1 {
				inputLabel = fmt.Sprintf("1 file and %d folders selected.", folders)
			} else if folders == 1 && files > 1 {
				inputLabel = fmt.Sprintf("%d files and 1 folder selected.", files)
			} else if folders == 1 && files == 1 {
				inputLabel = "1 file and 1 folder selected."
			} else {
				inputLabel = fmt.Sprintf("%d files and %d folders selected.", files, folders)
			}
		}
		startLabel = "Encrypt"

		// Set the input and output paths
		inputFile = filepath.Join(filepath.Dir(names[0]), "Encrypted") + ".zip"
		outputFile = inputFile + ".pcv"
	}

	// Recursively add all files in 'onlyFolders' to 'allFiles'
	for _, name := range onlyFolders {
		filepath.Walk(name, func(path string, _ os.FileInfo, _ error) error {
			stat, _ := os.Stat(path)
			if !stat.IsDir() {
				allFiles = append(allFiles, path)
				size += int(stat.Size())
			}
			return nil
		})
	}

	inputLabel = fmt.Sprintf("%s (%s)", inputLabel, sizeify(int64(size)))
}

func work() {
	// Show that Picocrypt is encrypting/decrypting
	popupStatus = "Starting..."
	mainStatus = "Working..."
	mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
	working = true
	padded := false
	giu.Update()

	// Cryptography!
	var salt []byte                           // Argon2 salt, 16 bytes
	var hkdfSalt []byte                       // HKDF-SHA3 salt, 32 bytes
	var serpentSalt []byte                    // Serpent salt, 16 bytes
	var nonce []byte                          // 24-byte XChaCha20 nonce
	var keyHash []byte                        // SHA3-512 hash of encryption key
	var _keyHash []byte                       // Same as 'keyHash', but used for comparison
	var keyfileKey []byte                     // The SHA3-256 hashes of keyfiles
	var keyfileHash []byte = make([]byte, 32) // The SHA3-256 of 'keyfileKey'
	var _keyfileHash []byte                   // Same as 'keyfileHash', but used for comparison
	var dataMac []byte                        // 64-byte authentication tag (BLAKE2b or HMAC-SHA3)

	if mode == "encrypt" {
		if compress {
			popupStatus = "Compressing files..."
		} else {
			popupStatus = "Combining files..."
		}

		// Combine/compress all files into a .zip file
		if len(allFiles) > 1 || len(onlyFolders) > 0 {
			var rootDir string
			if len(onlyFolders) > 0 {
				rootDir = filepath.Dir(onlyFolders[0])
			} else {
				rootDir = filepath.Dir(onlyFiles[0])
			}

			file, err := os.Create(inputFile)
			if err != nil {
				mainStatus = "Access denied by operating system."
				mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
				return
			}

			compressTotal = 0
			for _, path := range allFiles {
				stat, _ := os.Stat(path)
				compressTotal += stat.Size()
			}

			w := zip.NewWriter(file)
			for i, path := range allFiles {
				if !working {
					mainStatus = "Operation cancelled by user."
					mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
					w.Close()
					file.Close()
					os.Remove(inputFile)
					compressDone = 0
					return
				}
				progressInfo = fmt.Sprintf("%d/%d", i+1, len(allFiles))
				giu.Update()

				// Don't add the volume to itself
				if path == inputFile {
					continue
				}

				stat, _ := os.Stat(path)
				header, _ := zip.FileInfoHeader(stat)
				header.Name = strings.TrimPrefix(path, rootDir)
				header.Name = filepath.ToSlash(header.Name)
				header.Name = strings.TrimPrefix(header.Name, "/")

				if compress {
					header.Method = zip.Deflate
				} else {
					header.Method = zip.Store
				}
				writer, _ := w.CreateHeader(header)
				file, err := os.Open(path)
				if err != nil {
					mainStatus = "Access denied by operating system."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					os.Remove(inputFile)
					compressDone = 0
					return
				}

				// Use a passthrough to catch compression progress
				prg := &compressorProgress{Reader: file}
				io.Copy(writer, prg)
				file.Close()
			}
			w.Close()
			file.Close()
			compressDone = 0
		}
	}

	// Recombine a split file if necessary
	if recombine {
		popupStatus = "Recombining file..."
		total := 0
		totalBytes := int64(0)
		done := 0

		// Find out the number of splitted chunks
		for {
			stat, err := os.Stat(fmt.Sprintf("%s.%d", inputFile, total))
			if err != nil {
				break
			}
			total++
			totalBytes += stat.Size()
		}

		// Merge all chunks into one file
		fout, _ := os.Create(inputFile)
		for i := 0; i < total; i++ {
			fin, _ := os.Open(fmt.Sprintf("%s.%d", inputFile, i))
			for {
				data := make([]byte, 1<<20)
				read, err := fin.Read(data)
				if err != nil {
					break
				}
				data = data[:read]
				fout.Write(data)
				done += read
				progressInfo = fmt.Sprintf("%d/%d", i+1, total)
				progress = float32(done) / float32(totalBytes)
				giu.Update()
			}
			fin.Close()
		}
		fout.Close()
		progressInfo = ""
	}

	// Subtract the header size from the total size if decrypting
	stat, _ := os.Stat(inputFile)
	total := stat.Size()
	if mode == "decrypt" {
		total -= 789
	}

	// Open input file in read-only mode
	fin, err := os.Open(inputFile)
	if err != nil {
		mainStatus = "Access denied by operating system."
		mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
		if recombine {
			os.Remove(inputFile)
		}
		if len(allFiles) > 1 || len(onlyFolders) > 0 {
			os.Remove(inputFile)
		}
		return
	}
	var fout *os.File

	// If encrypting, generate values and write to file
	if mode == "encrypt" {
		popupStatus = "Generating values..."
		giu.Update()

		// Create the output file
		var err error
		fout, err = os.Create(outputFile)
		if err != nil {
			mainStatus = "Access denied by operating system."
			mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
			fin.Close()
			if len(allFiles) > 1 || len(onlyFolders) > 0 {
				os.Remove(inputFile)
			}
			return
		}

		// Set up cryptographic values
		salt = make([]byte, 16)
		hkdfSalt = make([]byte, 32)
		serpentSalt = make([]byte, 16)
		nonce = make([]byte, 24)

		// Write the program version to file
		fout.Write(rsEncode(rs5, []byte(version)))

		// Encode and write the comment length to file
		commentsLength := []byte(fmt.Sprintf("%05d", len(comments)))
		commentsLength = rsEncode(rs5, commentsLength)
		fout.Write(commentsLength)

		// Encode the comment and write to file
		for _, i := range []byte(comments) {
			fout.Write(rsEncode(rs1, []byte{i}))
		}

		// Configure flags and write to file
		flags := make([]byte, 5)
		if paranoid { // Paranoid mode selected
			flags[0] = 1
		}
		if len(keyfiles) > 0 { // Keyfiles are being used
			flags[1] = 1
		}
		if keyfileOrderMatters { // Order of keyfiles matter
			flags[2] = 1
		}
		if reedsolo { // Full Reed-Solomon encoding is selected
			flags[3] = 1
		}
		if total%(1<<20) >= 1<<20-128 { // Reed-Solomon internals
			flags[4] = 1
		}
		flags = rsEncode(rs5, flags)
		fout.Write(flags)

		// Fill values with Go's CSPRNG
		rand.Read(salt)
		rand.Read(hkdfSalt)
		rand.Read(serpentSalt)
		rand.Read(nonce)

		// Encode values with Reed-Solomon and write to file
		fout.Write(rsEncode(rs16, salt))
		fout.Write(rsEncode(rs32, hkdfSalt))
		fout.Write(rsEncode(rs16, serpentSalt))
		fout.Write(rsEncode(rs24, nonce))

		// Write placeholders for future use
		fout.Write(make([]byte, 192)) // Hash of encryption key
		fout.Write(make([]byte, 96))  // Hash of keyfile key
		fout.Write(make([]byte, 192)) // BLAKE2b/HMAC-SHA3 tag
	} else { // Decrypting, read values from file and decode
		popupStatus = "Reading values..."
		giu.Update()
		errs := make([]error, 10)

		version := make([]byte, 15)
		fin.Read(version)
		_, errs[0] = rsDecode(rs5, version)

		tmp := make([]byte, 15)
		fin.Read(tmp)
		tmp, errs[1] = rsDecode(rs5, tmp)
		commentsLength, _ := strconv.Atoi(string(tmp))
		fin.Read(make([]byte, commentsLength*3))
		total -= int64(commentsLength) * 3

		flags := make([]byte, 15)
		fin.Read(flags)
		flags, errs[2] = rsDecode(rs5, flags)
		paranoid = flags[0] == 1
		reedsolo = flags[3] == 1
		padded = flags[4] == 1

		salt = make([]byte, 48)
		fin.Read(salt)
		salt, errs[3] = rsDecode(rs16, salt)

		hkdfSalt = make([]byte, 96)
		fin.Read(hkdfSalt)
		hkdfSalt, errs[4] = rsDecode(rs32, hkdfSalt)

		serpentSalt = make([]byte, 48)
		fin.Read(serpentSalt)
		serpentSalt, errs[5] = rsDecode(rs16, serpentSalt)

		nonce = make([]byte, 72)
		fin.Read(nonce)
		nonce, errs[6] = rsDecode(rs24, nonce)

		_keyHash = make([]byte, 192)
		fin.Read(_keyHash)
		_keyHash, errs[7] = rsDecode(rs64, _keyHash)

		_keyfileHash = make([]byte, 96)
		fin.Read(_keyfileHash)
		_keyfileHash, errs[8] = rsDecode(rs32, _keyfileHash)

		dataMac = make([]byte, 192)
		fin.Read(dataMac)
		dataMac, errs[9] = rsDecode(rs64, dataMac)

		// If there was an issue during decoding, the header is corrupted
		for _, err := range errs {
			if err != nil {
				if keep { // If the user chooses to force decrypt
					kept = true
				} else {
					mainStatus = "The volume header is damaged."
					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
					fin.Close()
					if recombine {
						os.Remove(inputFile)
					}
					return
				}
			}
		}
	}

	popupStatus = "Deriving key..."
	progress = 0
	progressInfo = ""
	giu.Update()

	// Derive encryption keys and subkeys
	var key []byte
	if paranoid { // Overkilled parameters for paranoid mode
		key = argon2.IDKey(
			[]byte(password),
			salt,
			8,     // 8 passes
			1<<20, // 1 GiB memory
			8,     // 8 threads
			32,    // 32-byte output key
		)
	} else { // High Argon2 parameters by default
		key = argon2.IDKey(
			[]byte(password),
			salt,
			4,
			1<<20,
			4,
			32,
		)
	}

	// If the 'Cancel' button was pressed, cancel and clean up
	if !working {
		mainStatus = "Operation cancelled by user."
		mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
		fin.Close()
		if mode == "encrypt" {
			fout.Close()
		}
		if recombine {
			os.Remove(inputFile)
		}
		if len(allFiles) > 1 || len(onlyFolders) > 0 {
			os.Remove(inputFile)
		}
		os.Remove(outputFile)
		return
	}

	// If keyfiles are being used
	if len(keyfiles) > 0 || keyfile {
		if keyfileOrderMatters { // If order matters, hash progressively
			var keysum = sha3.New256()
			for _, path := range keyfiles {
				kin, _ := os.Open(path)
				kstat, _ := os.Stat(path)
				kbytes := make([]byte, kstat.Size())
				kin.Read(kbytes)
				kin.Close()
				keysum.Write(kbytes)
			}
			keyfileKey = keysum.Sum(nil)
			keyfileSha3 := sha3.New256()
			keyfileSha3.Write(keyfileKey)
			keyfileHash = keyfileSha3.Sum(nil)
		} else { // If order doesn't matter, hash individually and combine
			var keysum []byte
			for _, path := range keyfiles {
				kin, _ := os.Open(path)
				kstat, _ := os.Stat(path)
				kbytes := make([]byte, kstat.Size())
				kin.Read(kbytes)
				kin.Close()
				ksha3 := sha3.New256()
				ksha3.Write(kbytes)
				keyfileKey := ksha3.Sum(nil)
				if keysum == nil {
					keysum = keyfileKey
				} else {
					for i, j := range keyfileKey {
						keysum[i] ^= j
					}
				}
			}
			keyfileKey = keysum
			keyfileSha3 := sha3.New256()
			keyfileSha3.Write(keysum)
			keyfileHash = keyfileSha3.Sum(nil)
		}
	}

	// Hash the encryption key (used to check if a password is correct when decrypting)
	sha3_512 := sha3.New512()
	sha3_512.Write(key)
	keyHash = sha3_512.Sum(nil)

	// Validate the password and/or keyfiles
	if mode == "decrypt" {
		incorrect := false
		keyCorrect := true
		keyfileCorrect := true
		keyCorrect = subtle.ConstantTimeCompare(keyHash, _keyHash) == 1
		if keyfile {
			keyfileCorrect = subtle.ConstantTimeCompare(keyfileHash, _keyfileHash) == 1
			incorrect = !keyCorrect || !keyfileCorrect
		} else {
			incorrect = !keyCorrect
		}

		// If there's an issue with the password and/or keyfiles
		if incorrect {
			if keep {
				kept = true
			} else {
				if !keyCorrect {
					mainStatus = "The provided password is incorrect."
				} else {
					if keyfileOrderMatters {
						mainStatus = "Incorrect keyfiles or order."
					} else {
						mainStatus = "Incorrect keyfiles."
					}
				}
				mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
				fin.Close()
				if recombine {
					os.Remove(inputFile)
				}
				return
			}
		}

		// Create the output file for decryption
		var err error
		fout, err = os.Create(outputFile)
		if err != nil {
			mainStatus = "Access denied by operating system."
			mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
			fin.Close()
			if recombine {
				os.Remove(inputFile)
			}
			return
		}
	}

	if len(keyfiles) > 0 || keyfile {
		// XOR the encryption key with the keyfile to make the master key
		tmp := key
		key = make([]byte, 32)
		for i := range key {
			key[i] = tmp[i] ^ keyfileKey[i]
		}
	}

	done := 0
	counterDone := 0
	counter := 0
	startTime := time.Now()
	chacha, _ := chacha20.NewUnauthenticatedCipher(key, nonce)

	// Use HKDF-SHA3 to generate a subkey
	var mac hash.Hash
	subkey := make([]byte, 32)
	hkdf := hkdf.New(sha3.New256, key, hkdfSalt, nil)
	hkdf.Read(subkey)
	if paranoid {
		mac = hmac.New(sha3.New512, subkey) // HMAC-SHA3
	} else {
		mac, _ = blake2b.New512(subkey) // Keyed BLAKE2b
	}

	// Generate another subkey and cipher (not used unless paranoid mode is checked)
	serpentKey := make([]byte, 32)
	hkdf.Read(serpentKey)
	s, _ := serpent.NewCipher(serpentKey)
	serpent := cipher.NewCTR(s, serpentSalt)

	for {
		// If the user cancels the process, stop and clean up
		if !working {
			mainStatus = "Operation cancelled by user."
			mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
			fin.Close()
			fout.Close()
			if recombine {
				os.Remove(inputFile)
			}
			if len(allFiles) > 1 || len(onlyFolders) > 0 {
				os.Remove(inputFile)
			}
			os.Remove(outputFile)
			return
		}

		// Read in data from the file
		var src []byte
		if mode == "decrypt" && reedsolo {
			src = make([]byte, 1<<20/128*136)
		} else {
			src = make([]byte, 1<<20)
		}
		size, err := fin.Read(src)
		if err != nil {
			break
		}
		src = src[:size]
		dst := make([]byte, len(src))

		// Do the actual encryption
		if mode == "encrypt" {
			if paranoid {
				serpent.XORKeyStream(dst, src)
				copy(src, dst)
			}

			chacha.XORKeyStream(dst, src)
			mac.Write(dst)

			if reedsolo {
				copy(src, dst)
				dst = nil
				// If a full MiB is available
				if len(src) == 1<<20 {
					// Encode every chunk
					for i := 0; i < 1<<20; i += 128 {
						dst = append(dst, rsEncode(rs128, src[i:i+128])...)
					}
				} else {
					// Encode the full chunks
					chunks := math.Floor(float64(len(src)) / 128)
					for i := 0; float64(i) < chunks; i++ {
						dst = append(dst, rsEncode(rs128, src[i*128:(i+1)*128])...)
					}

					// Pad and encode the final partial chunk
					dst = append(dst, rsEncode(rs128, pad(src[int(chunks*128):]))...)
				}
			}
		} else { // Decryption
			if reedsolo {
				copy(dst, src)
				src = nil
				// If a complete 1 MiB block is available
				if len(dst) == 1<<20/128*136 {
					// Decode every chunk
					for i := 0; i < 1<<20/128*136; i += 136 {
						tmp, err := rsDecode(rs128, dst[i:i+136])
						if err != nil {
							if keep {
								kept = true
							} else {
								fin.Close()
								fout.Close()
								broken()
								mainStatus = "The input file is irrecoverably damaged."
								return
							}
						}
						if i == 1113976 && done+1114112 >= int(total) && padded {
							tmp = unpad(tmp)
						}
						src = append(src, tmp...)
					}
				} else {
					// Decode the full chunks
					chunks := len(dst)/136 - 1
					for i := 0; i < chunks; i++ {
						tmp, err := rsDecode(rs128, dst[i*136:(i+1)*136])
						if err != nil {
							if keep {
								kept = true
							} else {
								fin.Close()
								fout.Close()
								broken()
								mainStatus = "The input file is irrecoverably damaged."
								return
							}
						}
						src = append(src, tmp...)
					}

					// Unpad and decode the final partial chunk
					tmp, err := rsDecode(rs128, dst[int(chunks)*136:])
					if err != nil {
						if keep {
							kept = true
						} else {
							fin.Close()
							fout.Close()
							broken()
							mainStatus = "The input file is irrecoverably damaged."
							return
						}
					}
					src = append(src, unpad(tmp)...)
				}
				dst = make([]byte, len(src))
			}

			mac.Write(src)
			chacha.XORKeyStream(dst, src)

			if paranoid {
				copy(src, dst)
				serpent.XORKeyStream(dst, src)
			}
		}
		fout.Write(dst)

		// Update stats
		if mode == "decrypt" && reedsolo {
			done += 1 << 20 / 128 * 136
		} else {
			done += 1 << 20
		}
		counterDone += 1 << 20
		counter++
		progress = float32(done) / float32(total)
		elapsed := float64(time.Since(startTime)) / (1 << 20) / 1000
		speed := float64(done) / elapsed / (1 << 20)
		eta := int(math.Floor(float64(total-int64(done)) / (speed * (1 << 20))))
		progress = float32(math.Min(float64(progress), 1)) // Cap progress to 100%
		progressInfo = fmt.Sprintf("%.2f%%", progress*100)
		popupStatus = fmt.Sprintf("Working at %.2f MiB/s (ETA: %s)", speed, humanize(eta))
		giu.Update()

		// If more than 256 GiB passed, change the nonce to prevent counter overflow
		blocks := counterDone/64 + 1
		if blocks+(1<<20/64) > 1<<32 {
			nonce = make([]byte, 24)
			hkdf.Read(nonce)
			chacha, _ = chacha20.NewUnauthenticatedCipher(key, nonce)
			counterDone = 0
		}
	}

	if mode == "encrypt" {
		// Seek back to header to write important values
		fout.Seek(int64(309+len(comments)*3), 0)
		fout.Write(rsEncode(rs64, keyHash))
		fout.Write(rsEncode(rs32, keyfileHash))
		fout.Write(rsEncode(rs64, mac.Sum(nil)))
	} else {
		// Validate the authenticity of decrypted data
		if subtle.ConstantTimeCompare(mac.Sum(nil), dataMac) == 0 {
			if keep {
				kept = true
			} else {
				fin.Close()
				fout.Close()
				broken()
				return
			}
		}
	}

	fin.Close()
	fout.Close()

	// Split files into chunks
	if split {
		var splitted []string
		popupStatus = "Splitting file..."
		stat, _ := os.Stat(outputFile)
		size := stat.Size()
		finished := 0
		finishedRaw := 0
		chunkSize, _ := strconv.Atoi(splitSize)

		// User can choose KiB, MiB, GiB, TiB, or custom number of chunks
		if splitSelected == 0 {
			chunkSize *= 1 << 10
		} else if splitSelected == 1 {
			chunkSize *= 1 << 20
		} else if splitSelected == 2 {
			chunkSize *= 1 << 30
		} else if splitSelected == 3 {
			chunkSize *= 1 << 40
		} else {
			chunkSize = int(math.Ceil(float64(size) / float64(chunkSize)))
		}

		// Get the number of required chunks
		chunks := int(math.Ceil(float64(size) / float64(chunkSize)))
		progressInfo = fmt.Sprintf("%d/%d", finished+1, chunks)
		giu.Update()
		fin, _ := os.Open(outputFile)

		for i := 0; i < chunks; i++ { // Make the chunks
			fout, _ := os.Create(fmt.Sprintf("%s.%d", outputFile, i))
			done := 0

			// Copy data into the chunk
			for {
				data := make([]byte, 1<<20)
				for done+len(data) > chunkSize {
					data = make([]byte, int(math.Ceil(float64(len(data))/2)))
				}

				read, err := fin.Read(data)
				if err != nil {
					break
				}
				if !working {
					fin.Close()
					fout.Close()
					if len(allFiles) > 1 || len(onlyFolders) > 0 {
						os.Remove(inputFile)
					}
					mainStatus = "Operation cancelled by user."
					mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}

					// If user cancels, remove the unfinished files
					for _, j := range splitted {
						os.Remove(j)
					}
					os.Remove(fmt.Sprintf("%s.%d", outputFile, i))
					os.Remove(outputFile)
					return
				}
				data = data[:read]
				fout.Write(data)
				done += read
				if done >= chunkSize {
					break
				}

				finishedRaw += read
				progress = float32(finishedRaw) / float32(size)
				giu.Update()
			}
			fout.Close()

			// Update stats
			finished++
			if finished == chunks {
				finished--
			}
			splitted = append(splitted, fmt.Sprintf("%s.%d", outputFile, i))
			progressInfo = fmt.Sprintf("%d/%d", finished+1, chunks)
			giu.Update()
		}

		fin.Close()
		os.Remove(outputFile)
	}

	// Remove the temporary file used to combine a splitted volume
	if recombine {
		os.Remove(inputFile)
	}

	// Delete the temporary zip file used to encrypt files
	if len(allFiles) > 1 || len(onlyFolders) > 0 {
		os.Remove(inputFile)
	}

	// Delete the input file(s) if the user chooses
	if deleteWhenDone {
		progressInfo = ""
		popupStatus = "Deleting files..."
		giu.Update()
		if mode == "decrypt" {
			if recombine {
				total := 0
				for {
					_, err := os.Stat(fmt.Sprintf("%s.%d", inputFile, total))
					if err != nil {
						break
					}
					os.Remove(fmt.Sprintf("%s.%d", inputFile, total))
					total++
				}
			} else {
				os.Remove(inputFile)
			}
		} else {
			for _, i := range onlyFiles {
				os.Remove(i)
			}
			for _, i := range onlyFolders {
				os.RemoveAll(i)
			}
		}
	}

	// All done, reset the UI
	resetUI()

	// If the user chose to keep a corrupted/modified file, let them know
	if kept {
		mainStatus = "The input file was modified. Please be careful."
		mainStatusColor = color.RGBA{0xff, 0xff, 0x00, 0xff}
	} else {
		mainStatus = "Completed."
		mainStatusColor = color.RGBA{0x00, 0xff, 0x00, 0xff}
	}

	// Clear some variables
	working = false
	kept = false
	key = nil
	popupStatus = "Ready."
}

// This function is run if an issue occurs during decryption
func broken() {
	mainStatus = "The input file is damaged or modified."
	mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}

	// Clean up files since decryption failed
	if recombine {
		os.Remove(inputFile)
	}
	os.Remove(outputFile)
}

// Reset the UI to a clean state with nothing selected or checked
func resetUI() {
	mode = ""
	onlyFiles = nil
	onlyFolders = nil
	allFiles = nil
	inputLabel = "Drop files and folders into this window."
	startLabel = "Start"
	password = ""
	cpassword = ""
	keyfiles = nil
	keyfile = false
	keyfileOrderMatters = false
	keyfilePrompt = "None selected."
	comments = ""
	commentsPrompt = "Comments:"
	commentsDisabled = false
	keep = false
	reedsolo = false
	split = false
	splitSize = ""
	splitSelected = 1
	deleteWhenDone = false
	paranoid = false
	compress = false
	inputFile = ""
	outputFile = ""
	progress = 0
	progressInfo = ""
	mainStatus = "Ready."
	mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff}
	giu.Update()
}

// Reed-Solomon encoder
func rsEncode(rs *infectious.FEC, data []byte) []byte {
	res := make([]byte, rs.Total())
	rs.Encode(data, func(s infectious.Share) {
		res[s.Number] = s.Data[0]
	})
	return res
}

// Reed-Solomon decoder
func rsDecode(rs *infectious.FEC, data []byte) ([]byte, error) {
	tmp := make([]infectious.Share, rs.Total())
	for i := 0; i < rs.Total(); i++ {
		tmp[i].Number = i
		tmp[i].Data = append(tmp[i].Data, data[i])
	}
	res, err := rs.Decode(nil, tmp)

	// Force decode for the "Force decrypt" option
	if err != nil {
		if rs.Total() == 136 {
			return data[:128], err
		}
		return data[:rs.Total()/3], err
	}
	return res, nil
}

// PKCS#7 pad (for use with Reed-Solomon)
func pad(data []byte) []byte {
	padLen := 128 - len(data)%128
	padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
	return append(data, padding...)
}

// PKCS#7 unpad
func unpad(data []byte) []byte {
	length := len(data)
	padLen := int(data[length-1])
	return data[:length-padLen]
}

// Generate a cryptographically secure password
func genPassword() string {
	chars := ""
	if passgenUpper {
		chars += "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	}
	if passgenLower {
		chars += "abcdefghijklmnopqrstuvwxyz"
	}
	if passgenNums {
		chars += "1234567890"
	}
	if passgenSymbols {
		chars += "-=!@#$^&()_+?"
	}
	if chars == "" {
		return chars
	}
	tmp := make([]byte, passgenLength)
	for i := 0; i < int(passgenLength); i++ {
		j, _ := rand.Int(rand.Reader, new(big.Int).SetUint64(uint64(len(chars))))
		tmp[i] = chars[j.Int64()]
	}
	if passgenCopy {
		clipboard.WriteAll(string(tmp))
	}
	return string(tmp)
}

// Convert seconds to HH:MM:SS
func humanize(seconds int) string {
	hours := int(math.Floor(float64(seconds) / 3600))
	seconds %= 3600
	minutes := int(math.Floor(float64(seconds) / 60))
	seconds %= 60
	hours = int(math.Max(float64(hours), 0))
	minutes = int(math.Max(float64(minutes), 0))
	seconds = int(math.Max(float64(seconds), 0))
	return fmt.Sprintf("%02d:%02d:%02d", hours, minutes, seconds)
}

// Convert bytes to KiB, MiB, etc.
func sizeify(size int64) string {
	if size >= int64(1<<40) {
		return fmt.Sprintf("%.2fT", float64(size)/(1<<40))
	} else if size >= int64(1<<30) {
		return fmt.Sprintf("%.2fG", float64(size)/(1<<30))
	} else if size >= int64(1<<20) {
		return fmt.Sprintf("%.0fM", float64(size)/(1<<20))
	} else {
		return fmt.Sprintf("%.0fK", float64(size)/(1<<10))
	}
}

func main() {
	// Create the main window
	window = giu.NewMasterWindow("Picocrypt", 318, 479, giu.MasterWindowFlagsNotResizable)

	// Start the dialog module
	dialog.Init()

	// Set callbacks
	window.SetDropCallback(onDrop)
	window.SetCloseCallback(func() bool {
		return !working
	})

	// Set universal DPI
	dpi = giu.Context.GetPlatform().GetContentScale()

	// Start the UI
	window.Run(draw)
}