Version v0.3.46 - -m Fix directory decryption default filename - remove .tar.gz.otp extension

.gitignore

@@ -1,10 +1,33 @@
-otp
+# Build artifacts
+build/
+*.o
+src/*.o
+
+# Runtime directories
 pads/
 files/
+
+# Personal files
 Gemini.md
 TropicOfCancer-HenryMiller.txt
 .gitea_token
 true_rng/
-swiftrng/
+Trash/
 
-# Auto-generated files (none currently)
+# Test binaries
+debug
+test_swiftrng
+test_swiftrng_debug
+test_swiftrng_detailed
+test_truerng
+
+# Temporary files
+*.pad
+*.state
+
+# Downloaded dependencies (source)
+miniz/
+microtar/
+
+# Test directories
+test_dir/

Makefile

@@ -1,29 +1,49 @@
 CC = gcc
-CFLAGS = -Wall -Wextra -std=c99 -Iinclude
+CFLAGS = -Wall -Wextra -std=c99 -Isrc -Isrc/miniz -Isrc/microtar
+CFLAGS_MINIZ = -Wall -Wextra -std=c99 -D_POSIX_C_SOURCE=200112L -Isrc -Isrc/miniz -Isrc/microtar -Wno-unused-function -Wno-implicit-function-declaration
 LIBS = -lm
 LIBS_STATIC = -static -lm
-TARGET = otp
-SOURCES = $(wildcard src/*.c) nostr_chacha20.c otp.c
+ARCH = $(shell uname -m)
+TARGET = build/otp-$(ARCH)
+SOURCES = $(wildcard src/*.c)
+MINIZ_SOURCES = $(wildcard src/miniz/*.c)
+MICROTAR_SOURCES = $(wildcard src/microtar/*.c)
 OBJS = $(SOURCES:.c=.o)
+MINIZ_OBJS = $(MINIZ_SOURCES:.c=.o)
+MICROTAR_OBJS = $(MICROTAR_SOURCES:.c=.o)
+ALL_OBJS = $(OBJS) $(MINIZ_OBJS) $(MICROTAR_OBJS)
 
 # Default build target
-$(TARGET): $(OBJS)
-	$(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LIBS)
+$(TARGET): $(ALL_OBJS)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o $(TARGET) $(ALL_OBJS) $(LIBS)
+	@rm -f $(ALL_OBJS)
 
 # Static linking target
-static: $(OBJS)
-	$(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LIBS_STATIC)
+static: $(ALL_OBJS)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o $(TARGET) $(ALL_OBJS) $(LIBS_STATIC)
+	@rm -f $(ALL_OBJS)
 
-%.o: %.c
+# Compile main source files with full warnings
+src/%.o: src/%.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+# Compile miniz library files with reduced warnings
+src/miniz/%.o: src/miniz/%.c
+	$(CC) $(CFLAGS_MINIZ) -c $< -o $@
+
+# Compile microtar library files normally
+src/microtar/%.o: src/microtar/%.c
 	$(CC) $(CFLAGS) -c $< -o $@
 
 clean:
-	rm -f $(TARGET) $(OBJS) *.pad *.state
+	rm -f $(OBJS) src/*.o build/otp-* *.pad *.state
 
 install:
-	sudo cp $(TARGET) /usr/local/bin/
+	sudo cp $(TARGET) /usr/local/bin/otp
 
 uninstall:
-	sudo rm -f /usr/local/bin/$(TARGET)
+	sudo rm -f /usr/local/bin/otp
 
 .PHONY: clean install uninstall static

README.md

@@ -1,9 +1,8 @@
 # OTP Cipher - One Time Pad Implementation
 
-
 ## Introduction
 
-A secure one-time pad (OTP) cipher implementation in C.
+A secure one-time pad (OTP) cipher implementation in C99.
 
 ## Why One-Time Pads
 
@@ -41,120 +40,148 @@ To address this problem, we can use Nostr to share among devices the place in th
 One-time pads can be trivially encrypted and decrypted using pencil and paper, making them accessible even without electronic devices.
 
 
-
-
 ## Features
 
 - **Perfect Security**: Implements true one-time pad encryption with information-theoretic security
 - **Text & File Encryption**: Supports both inline text and file encryption
 - **Multiple Output Formats**: Binary (.otp) and ASCII armored (.otp.asc) file formats
+- **Hardware RNG Support**: Direct entropy collection from TrueRNG USB devices with automatic detection
 - **Keyboard Entropy**: Optional keyboard entropy collection for enhanced randomness
+- **Modular Architecture**: Clean separation of concerns across multiple source modules
 - **Short Command Flags**: Convenient single-character flags for all operations
 - **Automatic Versioning**: Built-in semantic versioning with automatic patch increment
 - **Multiple Build Options**: Standard and static linking builds
 - **Cross-Platform**: Works on Linux and other UNIX-like systems
 
 
-## Building
+## Quick Start
+
+### Download Pre-Built Binaries
+
+**[Download Current Linux x86](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.45/otp-v0.3.45-linux-x86_64)**
+
+**[Download Current Raspberry Pi 64](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.45/otp-v0.3.45-linux-arm64)**
+
+After downloading:
+```bash
+# Rename for convenience, then make executable
+mv otp-v0.3.45-linux-x86_64 otp
+chmod +x otp
+
+# Run it
+./otp
+```
+### First Steps
+
+1. **Generate your first pad:**
+   ```bash
+   ./otp generate 1GB
+   ```
+
+2. **Encrypt a message:**
+   ```bash
+   ./otp encrypt
+   # Follow the interactive prompts
+   ```
+
+3. **Decrypt a message:**
+   ```bash
+   ./otp decrypt
+   # Paste the encrypted message
+   ```
+
+
+
+## Building from Source
 
 ### Prerequisites
 
 - GCC compiler
-- Git (for version tracking)
 - Make
 
-
-
 ### Build Commands
 
-Use the included build script for automatic versioning:
-
 ```bash
-# Standard build (default)
-./build.sh build
-
-# Static linking build
-./build.sh static
-
-# Clean build artifacts
-./build.sh clean
-
-# Generate version files only
-./build.sh version
-
-# Install to system
-./build.sh install
-
-# Remove from system
-./build.sh uninstall
-
-# Show usage
-./build.sh help
+make            # Build for current architecture
+make static     # Static linking (standalone binary)
+make clean      # Clean build artifacts
+make install    # Install to /usr/local/bin/otp
+make uninstall  # Remove from system
 ```
 
-### Traditional Make
-
-You can also use make directly (without automatic versioning):
+Output: `build/otp-$(ARCH)` (e.g., `build/otp-x86_64`)
 
+After building, run with:
 ```bash
-make            # Standard build
-make static     # Static linking
-make clean      # Clean artifacts
-make install    # Install to /usr/local/bin/
-make uninstall  # Remove from system
+./build/otp-x86_64
 ```
 
 ## Usage
 
+The OTP Cipher operates in two modes:
+
+**Interactive Mode**: Run without arguments to access a menu-driven interface. Best for exploring features, managing pads, and performing operations step-by-step with prompts and guidance.
+
+**Command Line Mode**: Provide arguments to execute specific operations directly. Ideal for scripting, automation, and quick one-off tasks.
+
 ### Interactive Mode
+
+Launch the menu-driven interface:
+
 ```bash
 ./otp
 ```
 
+Navigate through menus to generate pads, encrypt/decrypt messages, manage pads, and configure settings.
+
 ### Command Line Mode
+
+Execute operations directly with arguments:
+
 ```bash
 # Generate a new pad
 ./otp generate 1GB
 
-# Encrypt text (interactive input)
+# Encrypt text (will prompt for input)
 ./otp encrypt <pad_hash_or_prefix>
 
-# Decrypt message (interactive input)  
+# Decrypt message (will prompt for input)
 ./otp decrypt <pad_hash_or_prefix>
 
 # List available pads
 ./otp list
 ```
 
-## Version System Details
+## Version System
+
+### Centralized Version Management
+Version is defined in a single location: `src/main.h`
+```c
+#define OTP_VERSION "v0.3.24"
+```
+
+All code references this constant, ensuring consistency across:
+- Main menu display
+- ASCII armor output
+- Help/usage text
 
 ### Automatic Version Increment
-Every build automatically increments the patch version:
-- v0.1.0 → v0.1.1 → v0.1.2, etc.
-- Creates git tags for each version
-- Embeds detailed build information
+The `build.sh` script automatically:
+1. Increments patch version (v0.3.24 → v0.3.25)
+2. Updates `OTP_VERSION` in `src/main.h`
+3. Creates git commit and tag
+4. Pushes to remote repository
 
 ### Manual Version Control
 For major/minor releases, create tags manually:
 ```bash
 # Feature release (minor bump)
-git tag v0.2.0    # Next build: v0.2.1
+git tag v0.4.0    # Next build: v0.4.1
 
-# Breaking change (major bump)  
+# Breaking change (major bump)
 git tag v1.0.0    # Next build: v1.0.1
 ```
 
-### Version Information Available
-- Version number (major.minor.patch)
-- Git commit hash and branch
-- Build date and time
-- Full version display with metadata
-
-### Generated Files
-The build system automatically manages Git versioning by incrementing tags.
-
-These files are excluded from git (.gitignore) and regenerated on each build.
-
 ## Security Features
 
 - Uses `/dev/urandom` for cryptographically secure random number generation
@@ -164,19 +191,128 @@ These files are excluded from git (.gitignore) and regenerated on each build.
 - State tracking to prevent pad reuse
 - **Zero external crypto dependencies** - completely self-contained implementation
 
-## File Structure
+## Project Structure
 
 ```
 otp/
-├── build.sh          # Build script with automatic versioning
-├── Makefile         # Traditional make build system  
-├── otp.c            # Main source code
-├── README.md        # This file
-├── .gitignore       # Git ignore rules
-├── pads/            # OTP pad storage directory (created at runtime)
-└── VERSION          # Plain text version (generated)
+├── build.sh              # Build script with automatic versioning
+├── Makefile             # Traditional make build system
+├── README.md            # This file
+├── .gitignore           # Git ignore rules
+├── src/
+│   ├── main.h           # Main header with all prototypes and OTP_VERSION
+│   ├── main.c           # Application entry point and command line handling
+│   ├── ui.c             # Interactive user interface and menu system
+│   ├── state.c          # Global state management (pads directory, preferences)
+│   ├── crypto.c         # Core cryptographic operations (XOR, base64)
+│   ├── pads.c           # Pad management and file operations
+│   ├── entropy.c        # Entropy collection from various sources
+│   ├── trng.c           # Hardware RNG device detection and collection
+│   ├── util.c           # Utility functions and helpers
+│   ├── nostr_chacha20.c # ChaCha20 implementation for entropy expansion
+│   └── nostr_chacha20.h # ChaCha20 header
+├── build/
+│   ├── otp-x86_64       # Native x86_64 binary (created by build)
+│   └── otp-arm64        # ARM64 binary (created by cross-compilation)
+├── pads/                # OTP pad storage directory (created at runtime)
+├── files/               # Encrypted file storage (created at runtime)
+└── tests/               # Test scripts and utilities
 ```
 
+## Architecture
+
+The OTP cipher uses a modular architecture with clean separation of concerns:
+
+- **main.c**: Application entry point, command line parsing, and mode selection
+- **ui.c**: Interactive user interface, menus, and terminal management
+- **state.c**: Global state management (pads directory, terminal dimensions, preferences)
+- **crypto.c**: Core cryptographic operations (XOR encryption, base64 encoding)
+- **pads.c**: Pad file management, checksums, and state tracking
+- **entropy.c**: Entropy collection from keyboard, dice, files, and hardware RNG
+- **trng.c**: Hardware RNG device detection and entropy collection from USB devices
+- **util.c**: Utility functions, file operations, and helper routines
+- **nostr_chacha20.c**: ChaCha20 stream cipher for entropy expansion
+
+All modules share a common header (`src/main.h`) that defines the public API, data structures, and version constant.
+
+## Hardware RNG Device Support
+
+The OTP cipher includes comprehensive support for hardware random number generators (RNGs) to enhance entropy quality for pad generation and entropy addition operations.
+
+### Supported Devices
+
+The system automatically detects and supports the following hardware RNG devices:
+
+| Device | VID:PID | Status | Notes |
+|--------|---------|--------|-------|
+| **TrueRNG** | 04d8:f5fe | ✅ Working | Original TrueRNG device |
+| **TrueRNG (Alt)** | 1fc9:8111 | ✅ Working | Alternative VID/PID combination |
+| **TrueRNG Pro** | 04d8:f5fe | ✅ Working | Professional version |
+| **TrueRNG Pro V2** | 04d8:f5fe | ✅ Working | Latest professional version |
+
+### Device Detection
+
+The system automatically scans `/dev/ttyACM*` ports and identifies hardware RNG devices by:
+
+1. **USB VID/PID Detection**: Reading vendor and product IDs from sysfs
+2. **Device Type Classification**: Identifying specific device variants
+3. **Port Configuration**: Applying device-specific serial port settings
+4. **Interactive Selection**: Presenting available devices for user selection
+
+### Testing Hardware Devices
+
+A comprehensive test script is included to verify hardware RNG functionality:
+
+```bash
+# Run hardware device tests
+./test.sh
+```
+
+The test script performs:
+- **Device Detection**: Scans for and identifies all connected hardware RNG devices
+- **Connectivity Testing**: Verifies each device can be opened and read from
+- **Configuration Testing**: Validates serial port configuration for each device type
+- **Entropy Quality Analysis**: Measures Shannon entropy of collected random data
+
+### Current Test Results
+
+Based on testing with actual hardware devices:
+
+**✅ Working Devices:**
+- TrueRNG (Type 1): Full functionality confirmed
+- TrueRNG Pro V2 (Type 3): Full functionality confirmed
+
+  - Device is detected and identified correctly
+  - Serial port configuration may need adjustment for this device variant
+
+### Usage in Entropy Collection
+
+When generating pads or adding entropy, the system will:
+
+1. **Auto-detect** all connected hardware RNG devices
+2. **Present a menu** of available devices if multiple are found
+3. **Test connectivity** before beginning entropy collection
+4. **Estimate completion time** based on device speed testing
+5. **Collect entropy** with progress indicators and quality metrics
+
+### Device Configuration
+
+Each device type uses optimized serial port settings:
+
+- **TrueRNG devices**: 3Mbps baud rate, 8N1, no flow control
+- **Automatic timeout protection**: Prevents hanging on unresponsive devices
+- **Error recovery**: Graceful handling of device disconnection during operation
+
+### Troubleshooting
+
+If hardware RNG devices are not detected:
+
+1. **Check USB connections**: Ensure devices are properly connected
+2. **Verify permissions**: User must have access to `/dev/ttyACM*` devices
+3. **Check device enumeration**: Use `lsusb` to verify USB device recognition
+4. **Review sysfs entries**: Ensure VID/PID information is available in `/sys/bus/usb/devices/`
+
+
 ## File Formats
 
 ### .otp File Format (Binary)
@@ -295,13 +431,48 @@ No.  ChkSum (first 16 chars) Size         Used         % Used
 # Select "S" for show pad info, enter checksum or prefix
 ```
 
+## Important Notes
+
+### Size Units: Decimal (SI) vs Binary (IEC)
+
+**This program uses decimal (SI) units for all size specifications**, matching the behavior of most system tools like `ls -lh`, `df -h`, and file managers:
+
+- **1 KB** = 1,000 bytes (not 1,024)
+- **1 MB** = 1,000,000 bytes (not 1,048,576)
+- **1 GB** = 1,000,000,000 bytes (not 1,073,741,824)
+- **1 TB** = 1,000,000,000,000 bytes (not 1,099,511,627,776)
+
+**Why decimal units?**
+- Consistency with system tools (`ls`, `df`, file managers)
+- Matches storage device marketing (a "1TB" USB drive has ~1,000,000,000,000 bytes)
+- Avoids confusion when comparing sizes across different tools
+- Industry standard for storage devices and file systems
+
+**Example:** When you request a 100GB pad, the program creates exactly 100,000,000,000 bytes, which will display as "100GB" in `ls -lh` and your file manager.
+
+**Note:** Some technical tools may use binary units (GiB, MiB) where 1 GiB = 1,024³ bytes. This program intentionally uses decimal units for user-friendliness and consistency with common tools.
+
+
 ## License
 
 This project includes automatic versioning system based on the Generic Automatic Version Increment System.
 
+## State Files
+
+Pad state files (`.state`) use a human-readable text format:
+```
+offset=1234567890
+```
+
+This tracks how many bytes of each pad have been used. The format is:
+- **Human-readable**: Can inspect with `cat checksum.state`
+- **Backward compatible**: Automatically reads old binary format
+- **Easy to debug**: Can manually edit if needed
+
 ## Contributing
 
 When contributing:
-1. The version will automatically increment on builds
-2. For major features, consider manually creating minor version tags
-3. Generated version files (`src/version.*`, `VERSION`) should not be committed
+1. The version will automatically increment on builds via `build.sh`
+2. Version is centralized in `src/main.h` as `OTP_VERSION`
+3. For major features, manually create minor/major version tags
+4. Build artifacts in `build/` and object files are auto-cleaned

TODO.md

@@ -1,3 +0,0 @@
-# TODO
-
-## The pad menu in interactive encrypt mode gives numbers instead of checksum selection

build.sh

@@ -146,20 +146,53 @@ increment_version() {
 update_source_version() {
     local NEW_VERSION="$1"
     
-    print_status "Updating version strings in source code..."
+    print_status "Updating version constant in source code..."
     
-    # Replace hardcoded version strings in otp.c with the current git tag
-    if [ -f "otp.c" ]; then
-        # Update main menu version
-        sed -i "s/OTP v[0-9]\+\.[0-9]\+\.[0-9]\+/OTP $NEW_VERSION/g" otp.c
-        # Update ASCII output version
-        sed -i "s/Version: v[0-9]\+\.[0-9]\+\.[0-9]\+/Version: $NEW_VERSION/g" otp.c
-        # Update usage/help text version
-        sed -i "s/Implementation v[0-9]\+\.[0-9]\+\.[0-9]\+/Implementation $NEW_VERSION/g" otp.c
-        
-        print_success "Updated version strings in otp.c to $NEW_VERSION"
+    # Update OTP_VERSION constant in src/main.h
+    if [ -f "src/main.h" ]; then
+        sed -i "s/#define OTP_VERSION \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/#define OTP_VERSION \"$NEW_VERSION\"/g" src/main.h
+        print_success "Updated OTP_VERSION in src/main.h to $NEW_VERSION"
     else
-        print_warning "otp.c not found - skipping version string updates"
+        print_warning "src/main.h not found - skipping version update"
+    fi
+    
+    # Update README.md with direct download links
+    if [ -f "README.md" ]; then
+        print_status "Updating README.md with download links for $NEW_VERSION..."
+        
+        # Create the new download section with direct download links
+        local NEW_DOWNLOAD_SECTION="### Download Pre-Built Binaries
+
+**[Download Current Linux x86](https://git.laantungir.net/laantungir/otp/releases/download/${NEW_VERSION}/otp-${NEW_VERSION}-linux-x86_64)**
+
+**[Download Current Raspberry Pi 64](https://git.laantungir.net/laantungir/otp/releases/download/${NEW_VERSION}/otp-${NEW_VERSION}-linux-arm64)**
+
+After downloading:
+\`\`\`bash
+# Rename for convenience, then make executable
+mv otp-${NEW_VERSION}-linux-x86_64 otp
+chmod +x otp
+
+# Run it
+./otp
+\`\`\`"
+        
+        # Use awk to replace the section between "### Download Pre-Built Binaries" and "### First Steps"
+        awk -v new_section="$NEW_DOWNLOAD_SECTION" '
+            /^### Download Pre-Built Binaries/ {
+                print new_section
+                skip=1
+                next
+            }
+            /^### First Steps/ {
+                skip=0
+            }
+            !skip
+        ' README.md > README.md.tmp && mv README.md.tmp README.md
+        
+        print_success "Updated README.md with download links for $NEW_VERSION"
+    else
+        print_warning "README.md not found - skipping README update"
     fi
 }
 
@@ -235,16 +268,16 @@ create_gitea_release() {
     if echo "$response" | grep -q '"id"'; then
         print_success "Created release $version"
         
-        # Upload binaries with descriptive names
-        upload_release_asset "$api_url" "$token" "$version" "otp-x86_64" "otp-${version}-linux-x86_64"
-        upload_release_asset "$api_url" "$token" "$version" "otp-arm64" "otp-${version}-linux-arm64"
+        # Upload binaries with descriptive names from build directory
+        upload_release_asset "$api_url" "$token" "$version" "build/otp-x86_64" "otp-${version}-linux-x86_64"
+        upload_release_asset "$api_url" "$token" "$version" "build/otp-arm64" "otp-${version}-linux-arm64"
     else
         print_warning "Release may already exist or creation failed"
         print_status "Response: $response"
         
         # Try to upload to existing release anyway
-        upload_release_asset "$api_url" "$token" "$version" "otp-x86_64" "otp-${version}-linux-x86_64"
-        upload_release_asset "$api_url" "$token" "$version" "otp-arm64" "otp-${version}-linux-arm64"
+        upload_release_asset "$api_url" "$token" "$version" "build/otp-x86_64" "otp-${version}-linux-x86_64"
+        upload_release_asset "$api_url" "$token" "$version" "build/otp-arm64" "otp-${version}-linux-arm64"
     fi
 }
 
@@ -259,9 +292,8 @@ build_project() {
         
         # Build x86_64 only
         print_status "Building OTP project for x86_64..."
-        make CC=gcc
+        make CC=gcc ARCH=x86_64
         if [ $? -eq 0 ]; then
-            mv otp otp-x86_64
             print_success "x86_64 build completed successfully"
         else
             print_error "x86_64 build failed"
@@ -270,10 +302,8 @@ build_project() {
     else
         # Build both architectures
         print_status "Building OTP project for x86_64..."
-        make clean
-        make CC=gcc
+        make CC=gcc ARCH=x86_64
         if [ $? -eq 0 ]; then
-            mv otp otp-x86_64
             print_success "x86_64 build completed successfully"
         else
             print_error "x86_64 build failed"
@@ -281,10 +311,10 @@ build_project() {
         fi
         
         print_status "Building OTP project for ARM64/AArch64..."
-        make clean
-        make CC=aarch64-linux-gnu-gcc
+        # Clean only object files, not the x86_64 binary
+        rm -f src/*.o
+        make CC=aarch64-linux-gnu-gcc ARCH=arm64
         if [ $? -eq 0 ]; then
-            mv otp otp-arm64
             print_success "ARM64/AArch64 build completed successfully"
         else
             print_error "ARM64/AArch64 build failed"
@@ -292,6 +322,10 @@ build_project() {
         fi
     fi
     
+    # Clean up object files after successful build
+    print_status "Cleaning up object files..."
+    rm -f src/*.o
+    
     # Create Gitea release with binaries
     if [ -f "$HOME/.gitea_token" ]; then
         create_gitea_release "$NEW_VERSION"
@@ -306,8 +340,8 @@ build_project() {
 clean_project() {
     print_status "Cleaning build artifacts..."
     make clean
-    # Remove cross-compiled binaries
-    rm -f otp-x86_64 otp-arm64
+    # Remove build directory
+    rm -rf build
     print_success "Clean completed"
 }
 
@@ -362,8 +396,8 @@ case "$COMMAND" in
         echo "  uninstall - Remove from system"
         echo ""
         echo "Build Output:"
-        echo "  otp-x86_64  - Native x86_64 binary"
-        echo "  otp-arm64   - ARM64/AArch64 binary for Raspberry Pi (if cross-compiler available)"
+        echo "  build/otp-x86_64  - Native x86_64 binary"
+        echo "  build/otp-arm64   - ARM64/AArch64 binary for Raspberry Pi (if cross-compiler available)"
         echo ""
         echo "Gitea Integration:"
         echo "  - Automatically creates releases with binaries if ~/.gitea_token exists"

debug.c

@@ -1 +0,0 @@
-int main() { printf("Testing direct filename: %d\n", strncmp("97d9d82b5414a9439102f3811fb90ab1d6368a00d33229a18b306476f9d04f82.pad", "97", 2)); return 0; }

manual_test.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-
-echo "Manual OTP Test"
-echo "==============="
-
-# Generate a test pad
-echo "Generating test pad..."
-./otp generate demo 1
-echo
-
-# Create a test message file for encryption
-echo "Creating test message..."
-echo "This is a secret message for testing OTP encryption!" > test_message.txt
-
-# Test encryption interactively
-echo "Testing encryption (will prompt for input):"
-echo "Please enter: This is a secret message for testing OTP encryption!"
-./otp encrypt demo
-
-echo
-echo "Files created:"
-ls -la demo.*

otp

@@ -0,0 +1 @@
+./build/otp-x86_64

otp.c

@@ -1,35 +0,0 @@
-#define _POSIX_C_SOURCE 200809L
-#define _DEFAULT_SOURCE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/statvfs.h>
-#include <sys/ioctl.h>
-#include <dirent.h>
-#include <time.h>
-#include <ctype.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <math.h>
-#include "nostr_chacha20.h"
-#include "otp.h"
-
-
-#define MAX_INPUT_SIZE 4096
-#define MAX_LINE_LENGTH 1024
-#define MAX_HASH_LENGTH 65
-#define PROGRESS_UPDATE_INTERVAL (64 * 1024 * 1024)  // 64MB intervals
-#define DEFAULT_PADS_DIR "pads"
-#define FILES_DIR "files"
-
-////////////////////////////////////////////////////////////////////////////////
-////////////////////////////////////////////////////////////////////////////////
-//      GLOBAL VARIABLES
-///////////////////////////////////////////////////////////////////////////////
-////////////////////////////////////////////////////////////////////////////////
-
-char current_pads_dir[512] = DEFAULT_PADS_DIR;

otp.h

@@ -1,329 +0,0 @@
-#ifndef OTP_H
-#define OTP_H
-
-////////////////////////////////////////////////////////////////////////////////
-//      OTP CIPHER - FUNCTION PROTOTYPES HEADER
-//      One Time Pad Implementation v0.2.109
-//      
-//      This header file contains all function prototypes extracted from otp.c
-//      Organized by functional categories for better maintainability
-////////////////////////////////////////////////////////////////////////////////
-
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <termios.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <time.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <string.h>
-#include <ctype.h>
-
-// Constants
-#define MAX_INPUT_SIZE 4096
-#define MAX_LINE_LENGTH 1024
-#define MAX_HASH_LENGTH 65
-#define PROGRESS_UPDATE_INTERVAL (64 * 1024 * 1024)  // 64MB intervals
-#define DEFAULT_PADS_DIR "pads"
-#define FILES_DIR "files"
-#define MAX_ENTROPY_BUFFER (4 * 1024 * 1024)  // 4MB entropy buffer for large operations
-
-////////////////////////////////////////////////////////////////////////////////
-//      TYPE DEFINITIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Decrypt operation modes for universal decrypt function
-typedef enum {
-    DECRYPT_MODE_INTERACTIVE,    // Interactive text decryption with prompts
-    DECRYPT_MODE_SILENT,         // Silent text decryption (no prompts/labels)
-    DECRYPT_MODE_FILE_TO_TEXT,   // File to text output with prompts
-    DECRYPT_MODE_FILE_TO_FILE    // File to file output (binary)
-} decrypt_mode_t;
-
-// Pad filter types for selection functions
-typedef enum {
-    PAD_FILTER_ALL,           // Show all pads
-    PAD_FILTER_UNUSED_ONLY    // Show only unused pads (0% usage)
-} pad_filter_type_t;
-
-// Enhanced entropy system state structure
-typedef struct {
-    size_t target_bytes;           // Target entropy to collect
-    size_t collected_bytes;        // Bytes collected so far
-    size_t unique_keys;           // Number of unique keys pressed
-    double collection_start_time; // Start timestamp
-    double last_keypress_time;    // Last keypress timestamp
-    unsigned char quality_score;  // Entropy quality (0-100)
-    int auto_complete_enabled;    // Allow auto-complete at minimum
-    unsigned char key_histogram[256]; // Track key frequency
-} entropy_collection_state_t;
-
-////////////////////////////////////////////////////////////////////////////////
-//      CORE APPLICATION FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Main application entry points
-int main(int argc, char* argv[]);
-int interactive_mode(void);
-int command_line_mode(int argc, char* argv[]);
-int pipe_mode(int argc, char* argv[], const char* piped_text);
-
-////////////////////////////////////////////////////////////////////////////////
-//      INPUT/OUTPUT DETECTION FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Stdin detection functions
-int has_stdin_data(void);
-char* read_stdin_text(void);
-
-////////////////////////////////////////////////////////////////////////////////
-//      PREFERENCES MANAGEMENT FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Configuration and preferences handling
-int load_preferences(void);
-int save_preferences(void);
-char* get_preference(const char* key);
-int set_preference(const char* key, const char* value);
-char* get_default_pad_path(void);
-int set_default_pad_path(const char* pad_path);
-
-////////////////////////////////////////////////////////////////////////////////
-//      HARDWARE DETECTION FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// OTP thumb drive detection function
-int detect_otp_thumb_drive(char* otp_drive_path, size_t path_size);
-
-////////////////////////////////////////////////////////////////////////////////
-//      USB DRIVE MANAGEMENT FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-
-////////////////////////////////////////////////////////////////////////////////
-//      EXTERNAL TOOL INTEGRATION FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Editor and file manager functions
-char* get_preferred_editor(void);
-char* get_preferred_file_manager(void);
-int launch_text_editor(const char* initial_content, char* result_buffer, size_t buffer_size);
-int launch_file_manager(const char* start_directory, char* selected_file, size_t buffer_size);
-
-////////////////////////////////////////////////////////////////////////////////
-//      CORE CRYPTOGRAPHIC OPERATIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Primary encryption/decryption functions
-int generate_pad(uint64_t size_bytes, int show_progress);
-int encrypt_text(const char* pad_identifier, const char* input_text);
-int decrypt_text(const char* pad_identifier, const char* encrypted_message);
-int encrypt_file(const char* pad_identifier, const char* input_file, const char* output_file, int ascii_armor);
-int decrypt_file(const char* input_file, const char* output_file);
-int decrypt_binary_file(FILE* input_fp, const char* output_file);
-int decrypt_ascii_file(const char* input_file, const char* output_file);
-
-////////////////////////////////////////////////////////////////////////////////
-//      ENHANCED ENTROPY SYSTEM FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Entropy source types
-typedef enum {
-    ENTROPY_SOURCE_KEYBOARD = 1,
-    ENTROPY_SOURCE_DICE = 2,
-    ENTROPY_SOURCE_TRUERNG = 3,
-    ENTROPY_SOURCE_FILE = 4
-} entropy_source_t;
-
-// Terminal control for entropy collection
-int setup_raw_terminal(struct termios* original_termios);
-void restore_terminal(struct termios* original_termios);
-
-// Entropy collection and feedback
-int collect_entropy_with_feedback(unsigned char* entropy_buffer, size_t target_bytes,
-                                 size_t* collected_bytes, int allow_early_exit);
-void display_entropy_progress(const entropy_collection_state_t* state);
-void draw_progress_bar(double percentage, int width);
-void draw_quality_bar(double quality, int width, const char* label);
-
-// TrueRNG Device Constants (updated to match otp.c implementation)
-#define TRUERNG_VID "04D8"
-#define TRUERNG_PID "F5FE"
-#define TRUERNGPRO_VID "16D0"
-#define TRUERNGPRO_PID "0AA0"
-#define TRUERNGPROV2_VID "04D8"
-#define TRUERNGPROV2_PID "EBB5"
-
-// SwiftRNG Device Constants (same VID/PID as TrueRNG devices)
-#define SWIFT_RNG_VID "04D8"
-#define SWIFT_RNG_PID "F5FE"
-#define SWIFT_RNG_PRO_VID "16D0"
-#define SWIFT_RNG_PRO_PID "0AA0"
-#define SWIFT_RNG_PRO_V2_VID "04D8"
-#define SWIFT_RNG_PRO_V2_PID "EBB5"
-
-// TrueRNG/SwiftRNG Device Type enumeration
-typedef enum {
-    TRUERNG_ORIGINAL = 1,
-    TRUERNG_PRO = 2,
-    TRUERNG_PRO_V2 = 3,
-    SWIFT_RNG = 4,
-    SWIFT_RNG_PRO = 5,
-    SWIFT_RNG_PRO_V2 = 6
-} truerng_device_type_t;
-
-// Hardware RNG device information structure
-typedef struct {
-    char port_path[256];              // Device port path (e.g., /dev/ttyUSB0)
-    truerng_device_type_t device_type; // Device type identifier
-    char friendly_name[64];           // Human-readable device name
-    int is_working;                   // 1 if device passes basic test, 0 otherwise
-} hardware_rng_device_t;
-
-// Hardware RNG device detection and selection functions
-int detect_all_hardware_rng_devices(hardware_rng_device_t* devices, int max_devices, int* num_devices_found);
-int test_hardware_rng_device(const hardware_rng_device_t* device);
-int select_hardware_rng_device_interactive(hardware_rng_device_t* devices, int num_devices, hardware_rng_device_t* selected_device);
-int find_truerng_port(char* port_path, size_t port_path_size, truerng_device_type_t* device_type); // Legacy function for backward compatibility
-
-// TrueRNG entropy collection functions (updated to match implementation)
-int setup_truerng_serial_port(const char* port_path);
-int collect_truerng_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
-int collect_truerng_entropy_from_device(const hardware_rng_device_t* device, unsigned char* entropy_buffer,
-                                       size_t target_bytes, size_t* collected_bytes, int display_progress);
-int collect_truerng_entropy_streaming_from_device(const hardware_rng_device_t* device, const char* pad_chksum,
-                                                 size_t total_bytes, int display_progress, int entropy_mode);
-const char* get_truerng_device_name(truerng_device_type_t device_type);
-int read_usb_device_info(const char* port_name, char* vid, char* pid);
-
-// Dice entropy collection functions (updated to match implementation)
-int collect_dice_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
-
-// Unified entropy collection interface (updated to match implementation)
-int collect_entropy_by_source(entropy_source_t source, unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
-
-// Entropy quality calculation
-double calculate_timing_quality(const entropy_collection_state_t* state);
-double calculate_variety_quality(const entropy_collection_state_t* state);
-unsigned char calculate_overall_quality(const entropy_collection_state_t* state);
-double get_precise_time(void);
-
-// Entropy processing and application
-int derive_chacha20_params(const unsigned char* entropy_data, size_t entropy_size,
-                           unsigned char key[32], unsigned char nonce[12]);
-int add_entropy_to_pad(const char* pad_chksum, const unsigned char* entropy_data,
-                       size_t entropy_size, int show_progress);
-int add_entropy_direct_xor(const char* pad_chksum, const unsigned char* entropy_data,
-                          size_t entropy_size, uint64_t pad_size, int display_progress);
-int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_data,
-                        size_t entropy_size, uint64_t pad_size, int display_progress);
-int handle_add_entropy_to_pad(const char* pad_chksum);
-
-// Enhanced entropy system helper functions
-int update_pad_checksum_after_entropy(const char* old_chksum, char* new_chksum);
-int rename_pad_files_safely(const char* old_chksum, const char* new_chksum);
-int is_pad_unused(const char* pad_chksum);
-
-////////////////////////////////////////////////////////////////////////////////
-//      DIRECTORY MANAGEMENT FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Directory handling and path management
-int ensure_pads_directory(void);
-void get_pad_path(const char* chksum, char* pad_path, char* state_path);
-const char* get_files_directory(void);
-void get_default_file_path(const char* filename, char* result_path, size_t result_size);
-void get_directory_display(const char* file_path, char* result, size_t result_size);
-
-////////////////////////////////////////////////////////////////////////////////
-//      UTILITY FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// General utility and helper functions
-uint64_t parse_size_string(const char* size_str);
-char* find_pad_by_prefix(const char* prefix);
-int show_pad_info(const char* chksum);
-void show_progress(uint64_t current, uint64_t total, time_t start_time);
-
-////////////////////////////////////////////////////////////////////////////////
-//      FILE OPERATIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// File state and checksum operations
-int read_state_offset(const char* pad_chksum, uint64_t* offset);
-int write_state_offset(const char* pad_chksum, uint64_t offset);
-int calculate_checksum(const char* filename, char* checksum_hex);
-int calculate_checksum_with_progress(const char* filename, char* checksum_hex, int display_progress, uint64_t file_size);
-
-////////////////////////////////////////////////////////////////////////////////
-//      UNIVERSAL CORE FUNCTIONS FOR CODE CONSOLIDATION
-////////////////////////////////////////////////////////////////////////////////
-
-// Consolidated cryptographic operations
-int universal_xor_operation(const unsigned char* data, size_t data_len,
-                           const unsigned char* pad_data, unsigned char* result);
-int parse_ascii_message(const char* message, char* chksum, uint64_t* offset, char* base64_data);
-int load_pad_data(const char* pad_chksum, uint64_t offset, size_t length, unsigned char** pad_data);
-int generate_ascii_armor(const char* chksum, uint64_t offset, const unsigned char* encrypted_data,
-                        size_t data_length, char** ascii_output);
-int validate_pad_integrity(const char* pad_path, const char* expected_chksum);
-
-// Universal decrypt function - consolidates all decrypt operations
-int universal_decrypt(const char* input_data, const char* output_target, decrypt_mode_t mode);
-
-////////////////////////////////////////////////////////////////////////////////
-//      BASE64 ENCODING FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Custom base64 implementation
-char* custom_base64_encode(const unsigned char* input, int length);
-unsigned char* custom_base64_decode(const char* input, int* output_length);
-
-////////////////////////////////////////////////////////////////////////////////
-//      TERMINAL UI FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Terminal dimension and UI functions
-void init_terminal_dimensions(void);
-void print_centered_header(const char* text, int pause_before_clear);
-
-////////////////////////////////////////////////////////////////////////////////
-//      MENU SYSTEM FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Interactive menu interface functions
-void show_main_menu(void);
-int handle_generate_menu(void);
-int handle_encrypt_menu(void);
-int handle_decrypt_menu(void);
-int handle_pads_menu(void);
-int handle_text_encrypt(void);
-int handle_file_encrypt(void);
-int handle_verify_pad(const char* pad_chksum);
-int handle_delete_pad(const char* pad_chksum);
-
-////////////////////////////////////////////////////////////////////////////////
-//      ENHANCED INPUT FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Advanced input handling
-int get_filename_with_default(const char* prompt, const char* default_path, char* result, size_t result_size);
-
-////////////////////////////////////////////////////////////////////////////////
-//      PAD SELECTION FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Unified pad selection interface
-char* select_pad_interactive(const char* title, const char* prompt, pad_filter_type_t filter_type, int allow_cancel);
-
-////////////////////////////////////////////////////////////////////////////////
-//      USAGE AND HELP FUNCTIONS
-////////////////////////////////////////////////////////////////////////////////
-
-// Help and usage display
-void print_usage(const char* program_name);
-
-#endif // OTP_H

src/archive.c

@@ -0,0 +1,493 @@
+#define _POSIX_C_SOURCE 200809L
+#define _DEFAULT_SOURCE
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#include <time.h>
+#include "main.h"
+#include "microtar/microtar.h"
+
+// Suppress warnings from miniz header
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
+#include "miniz/miniz.h"
+#pragma GCC diagnostic pop
+
+////////////////////////////////////////////////////////////////////////////////
+//      DIRECTORY ARCHIVING FUNCTIONS
+////////////////////////////////////////////////////////////////////////////////
+
+// Helper function to recursively add directory contents to TAR archive
+static int add_directory_to_tar(mtar_t* tar, const char* base_path, const char* relative_path) {
+    DIR* dir = opendir(base_path);
+    if (!dir) {
+        printf("Error: Cannot open directory '%s'\n", base_path);
+        return 1;
+    }
+
+    struct dirent* entry;
+    while ((entry = readdir(dir)) != NULL) {
+        // Skip . and ..
+        if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) {
+            continue;
+        }
+
+        // Build full path
+        char full_path[2048];
+        snprintf(full_path, sizeof(full_path), "%s/%s", base_path, entry->d_name);
+
+        // Build relative path for TAR
+        char tar_path[2048];
+        if (strlen(relative_path) > 0) {
+            snprintf(tar_path, sizeof(tar_path), "%s/%s", relative_path, entry->d_name);
+        } else {
+            snprintf(tar_path, sizeof(tar_path), "%s", entry->d_name);
+        }
+
+        struct stat st;
+        if (stat(full_path, &st) != 0) {
+            printf("Warning: Cannot stat '%s', skipping\n", full_path);
+            continue;
+        }
+
+        if (S_ISDIR(st.st_mode)) {
+            // Recursively add subdirectory
+            if (add_directory_to_tar(tar, full_path, tar_path) != 0) {
+                closedir(dir);
+                return 1;
+            }
+        } else if (S_ISREG(st.st_mode)) {
+            // Add regular file
+            FILE* fp = fopen(full_path, "rb");
+            if (!fp) {
+                printf("Warning: Cannot open '%s', skipping\n", full_path);
+                continue;
+            }
+
+            // Get file size
+            fseek(fp, 0, SEEK_END);
+            size_t file_size = ftell(fp);
+            fseek(fp, 0, SEEK_SET);
+
+            // Read file data
+            unsigned char* file_data = malloc(file_size);
+            if (!file_data) {
+                printf("Error: Memory allocation failed for '%s'\n", full_path);
+                fclose(fp);
+                closedir(dir);
+                return 1;
+            }
+
+            size_t bytes_read = fread(file_data, 1, file_size, fp);
+            fclose(fp);
+
+            if (bytes_read != file_size) {
+                printf("Warning: Could not read entire file '%s', skipping\n", full_path);
+                free(file_data);
+                continue;
+            }
+
+            // Write to TAR
+            if (mtar_write_file_header(tar, tar_path, file_size) != MTAR_ESUCCESS) {
+                printf("Error: Failed to write TAR header for '%s'\n", tar_path);
+                free(file_data);
+                closedir(dir);
+                return 1;
+            }
+
+            if (mtar_write_data(tar, file_data, file_size) != MTAR_ESUCCESS) {
+                printf("Error: Failed to write TAR data for '%s'\n", tar_path);
+                free(file_data);
+                closedir(dir);
+                return 1;
+            }
+
+            free(file_data);
+        }
+    }
+
+    closedir(dir);
+    return 0;
+}
+
+// Create TAR archive from directory
+int create_tar_archive(const char* dir_path, const char* tar_output_path) {
+    mtar_t tar;
+    
+    if (mtar_open(&tar, tar_output_path, "w") != MTAR_ESUCCESS) {
+        printf("Error: Cannot create TAR file '%s'\n", tar_output_path);
+        return 1;
+    }
+
+    // Get directory name for relative paths
+    char dir_name[512];
+    const char* last_slash = strrchr(dir_path, '/');
+    if (last_slash) {
+        strncpy(dir_name, last_slash + 1, sizeof(dir_name) - 1);
+    } else {
+        strncpy(dir_name, dir_path, sizeof(dir_name) - 1);
+    }
+    dir_name[sizeof(dir_name) - 1] = '\0';
+
+    // Add directory contents to TAR
+    int result = add_directory_to_tar(&tar, dir_path, dir_name);
+
+    // Finalize and close TAR
+    mtar_finalize(&tar);
+    mtar_close(&tar);
+
+    return result;
+}
+
+// Extract TAR archive to directory
+int extract_tar_archive(const char* tar_path, const char* output_dir) {
+    mtar_t tar;
+    mtar_header_t header;
+
+    if (mtar_open(&tar, tar_path, "r") != MTAR_ESUCCESS) {
+        printf("Error: Cannot open TAR file '%s'\n", tar_path);
+        return 1;
+    }
+
+    // Create output directory if it doesn't exist
+    mkdir(output_dir, 0755);
+
+    // Extract each file
+    while (mtar_read_header(&tar, &header) == MTAR_ESUCCESS) {
+        char output_path[2048];
+        snprintf(output_path, sizeof(output_path), "%s/%s", output_dir, header.name);
+
+        // Create parent directories
+        char* last_slash = strrchr(output_path, '/');
+        if (last_slash) {
+            char parent_dir[2048];
+            strncpy(parent_dir, output_path, last_slash - output_path);
+            parent_dir[last_slash - output_path] = '\0';
+            
+            // Create directories recursively
+            char* p = parent_dir;
+            while (*p) {
+                if (*p == '/') {
+                    *p = '\0';
+                    mkdir(parent_dir, 0755);
+                    *p = '/';
+                }
+                p++;
+            }
+            mkdir(parent_dir, 0755);
+        }
+
+        // Extract file data
+        unsigned char* data = malloc(header.size);
+        if (!data) {
+            printf("Error: Memory allocation failed\n");
+            mtar_close(&tar);
+            return 1;
+        }
+
+        if (mtar_read_data(&tar, data, header.size) != MTAR_ESUCCESS) {
+            printf("Error: Failed to read data for '%s'\n", header.name);
+            free(data);
+            mtar_close(&tar);
+            return 1;
+        }
+
+        // Write to file
+        FILE* fp = fopen(output_path, "wb");
+        if (!fp) {
+            printf("Error: Cannot create file '%s'\n", output_path);
+            free(data);
+            mtar_close(&tar);
+            return 1;
+        }
+
+        fwrite(data, 1, header.size, fp);
+        fclose(fp);
+        free(data);
+
+        mtar_next(&tar);
+    }
+
+    mtar_close(&tar);
+    return 0;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//      COMPRESSION FUNCTIONS
+////////////////////////////////////////////////////////////////////////////////
+
+// Compress file with gzip (miniz)
+int compress_file_gzip(const char* input_path, const char* output_path) {
+    // Read input file
+    FILE* in = fopen(input_path, "rb");
+    if (!in) {
+        printf("Error: Cannot open input file '%s'\n", input_path);
+        return 1;
+    }
+
+    fseek(in, 0, SEEK_END);
+    size_t input_size = ftell(in);
+    fseek(in, 0, SEEK_SET);
+
+    unsigned char* input_data = malloc(input_size);
+    if (!input_data) {
+        printf("Error: Memory allocation failed\n");
+        fclose(in);
+        return 1;
+    }
+
+    size_t bytes_read = fread(input_data, 1, input_size, in);
+    fclose(in);
+
+    if (bytes_read != input_size) {
+        printf("Error: Failed to read input file\n");
+        free(input_data);
+        return 1;
+    }
+
+    // Compress with miniz
+    mz_ulong compressed_size = compressBound(input_size);
+    unsigned char* compressed_data = malloc(compressed_size);
+    if (!compressed_data) {
+        printf("Error: Memory allocation failed\n");
+        free(input_data);
+        return 1;
+    }
+
+    int result = compress2(compressed_data, &compressed_size,
+                          input_data, input_size,
+                          MZ_BEST_COMPRESSION);
+
+    free(input_data);
+
+    if (result != MZ_OK) {
+        printf("Error: Compression failed (error code: %d)\n", result);
+        free(compressed_data);
+        return 1;
+    }
+
+    // Write compressed data
+    FILE* out = fopen(output_path, "wb");
+    if (!out) {
+        printf("Error: Cannot create output file '%s'\n", output_path);
+        free(compressed_data);
+        return 1;
+    }
+
+    fwrite(compressed_data, 1, compressed_size, out);
+    fclose(out);
+    free(compressed_data);
+
+    return 0;
+}
+
+// Decompress gzip file (miniz)
+int decompress_file_gzip(const char* input_path, const char* output_path) {
+    // Read compressed file
+    FILE* in = fopen(input_path, "rb");
+    if (!in) {
+        printf("Error: Cannot open compressed file '%s'\n", input_path);
+        return 1;
+    }
+
+    fseek(in, 0, SEEK_END);
+    size_t compressed_size = ftell(in);
+    fseek(in, 0, SEEK_SET);
+
+    unsigned char* compressed_data = malloc(compressed_size);
+    if (!compressed_data) {
+        printf("Error: Memory allocation failed\n");
+        fclose(in);
+        return 1;
+    }
+
+    size_t bytes_read = fread(compressed_data, 1, compressed_size, in);
+    fclose(in);
+
+    if (bytes_read != compressed_size) {
+        printf("Error: Failed to read compressed file\n");
+        free(compressed_data);
+        return 1;
+    }
+
+    // Estimate decompressed size (try multiple times if needed)
+    mz_ulong output_size = compressed_size * 10;
+    unsigned char* output_data = NULL;
+    int result;
+
+    for (int attempt = 0; attempt < 3; attempt++) {
+        output_data = realloc(output_data, output_size);
+        if (!output_data) {
+            printf("Error: Memory allocation failed\n");
+            free(compressed_data);
+            return 1;
+        }
+
+        mz_ulong temp_size = output_size;
+        result = uncompress(output_data, &temp_size, compressed_data, compressed_size);
+
+        if (result == MZ_OK) {
+            output_size = temp_size;
+            break;
+        } else if (result == MZ_BUF_ERROR) {
+            // Buffer too small, try larger
+            output_size *= 2;
+        } else {
+            printf("Error: Decompression failed (error code: %d)\n", result);
+            free(compressed_data);
+            free(output_data);
+            return 1;
+        }
+    }
+
+    free(compressed_data);
+
+    if (result != MZ_OK) {
+        printf("Error: Decompression failed after multiple attempts\n");
+        free(output_data);
+        return 1;
+    }
+
+    // Write decompressed data
+    FILE* out = fopen(output_path, "wb");
+    if (!out) {
+        printf("Error: Cannot create output file '%s'\n", output_path);
+        free(output_data);
+        return 1;
+    }
+
+    fwrite(output_data, 1, output_size, out);
+    fclose(out);
+    free(output_data);
+
+    return 0;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//      HIGH-LEVEL DIRECTORY ENCRYPTION/DECRYPTION
+////////////////////////////////////////////////////////////////////////////////
+
+// Encrypt directory: TAR → GZIP → Encrypt
+int encrypt_directory(const char* dir_path, const char* pad_identifier, const char* output_file) {
+    char temp_tar[512];
+    char temp_gz[512];
+    int result = 0;
+
+    // Generate temporary file paths
+    snprintf(temp_tar, sizeof(temp_tar), "/tmp/otp_tar_%d.tar", getpid());
+    snprintf(temp_gz, sizeof(temp_gz), "/tmp/otp_gz_%d.tar.gz", getpid());
+
+    printf("Creating TAR archive...\n");
+    if (create_tar_archive(dir_path, temp_tar) != 0) {
+        printf("Error: Failed to create TAR archive\n");
+        return 1;
+    }
+
+    printf("Compressing archive...\n");
+    if (compress_file_gzip(temp_tar, temp_gz) != 0) {
+        printf("Error: Failed to compress archive\n");
+        unlink(temp_tar);
+        return 1;
+    }
+
+    printf("Encrypting compressed archive...\n");
+    result = encrypt_file(pad_identifier, temp_gz, output_file, 0);
+
+    // Cleanup temporary files
+    unlink(temp_tar);
+    unlink(temp_gz);
+
+    if (result == 0) {
+        printf("Directory encrypted successfully: %s\n", output_file);
+    }
+
+    return result;
+}
+
+// Detect if file is a compressed TAR archive
+int is_compressed_tar_archive(const char* file_path) {
+    FILE* fp = fopen(file_path, "rb");
+    if (!fp) {
+        return 0;
+    }
+
+    unsigned char magic[512];
+    size_t bytes_read = fread(magic, 1, sizeof(magic), fp);
+    fclose(fp);
+
+    if (bytes_read < 2) {
+        return 0;
+    }
+
+    // Check for GZIP magic bytes (0x1f 0x8b)
+    if (magic[0] == 0x1f && magic[1] == 0x8b) {
+        return 1;
+    }
+
+    // Check for TAR magic ("ustar" at offset 257)
+    if (bytes_read >= 262 && memcmp(magic + 257, "ustar", 5) == 0) {
+        return 1;
+    }
+
+    return 0;
+}
+
+// Decrypt and extract directory: Decrypt → GUNZIP → Extract TAR
+int decrypt_and_extract_directory(const char* encrypted_file, const char* output_dir) {
+    char temp_decrypted[512];
+    char temp_tar[512];
+    int result = 0;
+
+    // Generate temporary file paths
+    snprintf(temp_decrypted, sizeof(temp_decrypted), "/tmp/otp_decrypt_%d", getpid());
+    snprintf(temp_tar, sizeof(temp_tar), "/tmp/otp_tar_%d.tar", getpid());
+
+    printf("Decrypting file...\n");
+    if (decrypt_file(encrypted_file, temp_decrypted) != 0) {
+        printf("Error: Failed to decrypt file\n");
+        return 1;
+    }
+
+    // Check if it's compressed
+    FILE* fp = fopen(temp_decrypted, "rb");
+    if (!fp) {
+        printf("Error: Cannot open decrypted file\n");
+        unlink(temp_decrypted);
+        return 1;
+    }
+
+    unsigned char magic[2];
+    fread(magic, 1, 2, fp);
+    fclose(fp);
+
+    if (magic[0] == 0x1f && magic[1] == 0x8b) {
+        // GZIP compressed
+        printf("Decompressing archive...\n");
+        if (decompress_file_gzip(temp_decrypted, temp_tar) != 0) {
+            printf("Error: Failed to decompress archive\n");
+            unlink(temp_decrypted);
+            return 1;
+        }
+        unlink(temp_decrypted);
+    } else {
+        // Not compressed, assume it's already TAR
+        rename(temp_decrypted, temp_tar);
+    }
+
+    printf("Extracting archive...\n");
+    result = extract_tar_archive(temp_tar, output_dir);
+
+    // Cleanup
+    unlink(temp_tar);
+
+    if (result == 0) {
+        printf("Directory extracted successfully to: %s\n", output_dir);
+    }
+
+    return result;
+}

src/crypto.c

@@ -5,7 +5,7 @@
 #include <stdio.h>
 #include <time.h>
 #include <unistd.h>
-#include "../include/otp.h"
+#include "main.h"
 
 #define PROGRESS_UPDATE_INTERVAL (64 * 1024 * 1024)  // 64MB intervals
 
@@ -198,7 +198,7 @@ int generate_ascii_armor(const char* chksum, uint64_t offset, const unsigned cha
     strcpy(*ascii_output, "-----BEGIN OTP MESSAGE-----\n");
     
     char temp_line[256];
-    snprintf(temp_line, sizeof(temp_line), "Version: v0.3.16\n");
+    snprintf(temp_line, sizeof(temp_line), "Version: %s\n", OTP_VERSION);
     strcat(*ascii_output, temp_line);
     
     snprintf(temp_line, sizeof(temp_line), "Pad-ChkSum: %s\n", chksum);
@@ -297,7 +297,6 @@ int encrypt_text(const char* pad_identifier, const char* input_text) {
     }
 
     char text_buffer[MAX_INPUT_SIZE];
-    char chksum_hex[MAX_HASH_LENGTH];
     uint64_t current_offset;
 
     char pad_path[MAX_HASH_LENGTH + 20];
@@ -327,12 +326,8 @@ int encrypt_text(const char* pad_identifier, const char* input_text) {
         }
     }
 
-    // Calculate XOR checksum of pad file
-    if (calculate_checksum(pad_path, chksum_hex) != 0) {
-        printf("Error: Cannot calculate pad checksum\n");
-        free(pad_chksum);
-        return 1;
-    }
+    // Use pad_chksum directly - it's already the checksum from the filename
+    // No need to recalculate by reading the entire pad file
 
     // Get input text - either from parameter or user input
     if (input_text != NULL) {
@@ -464,7 +459,7 @@ int encrypt_text(const char* pad_identifier, const char* input_text) {
 
     // Use universal ASCII armor generator
     char* ascii_output;
-    if (generate_ascii_armor(chksum_hex, current_offset, ciphertext, input_len, &ascii_output) != 0) {
+    if (generate_ascii_armor(pad_chksum, current_offset, ciphertext, input_len, &ascii_output) != 0) {
         printf("Error: Failed to generate ASCII armor\n");
         free(pad_data);
         free(ciphertext);
@@ -592,36 +587,14 @@ int universal_decrypt(const char* input_data, const char* output_target, decrypt
         return 1;
     }
 
-    // Validate pad integrity
-    int integrity_result = validate_pad_integrity(pad_path, stored_chksum);
-    if (integrity_result == 3) {
-        if (mode == DECRYPT_MODE_SILENT) {
-            fprintf(stderr, "Error: Pad integrity check failed!\n");
-            return 1;
-        } else if (mode == DECRYPT_MODE_INTERACTIVE) {
-            printf("Warning: Pad integrity check failed!\n");
-            printf("Expected: %s\n", stored_chksum);
-            printf("Continue anyway? (y/N): ");
-            fflush(stdout);
-
-            char response[10];
-            if (fgets(response, sizeof(response), stdin) == NULL ||
-                (response[0] != 'y' && response[0] != 'Y')) {
-                printf("Decryption aborted.\n");
-                return 1;
-            }
-        }
-    } else if (integrity_result != 0) {
-        if (mode == DECRYPT_MODE_SILENT) {
-            fprintf(stderr, "Error: Cannot verify pad integrity\n");
-        } else {
-            printf("Error: Cannot verify pad integrity\n");
-        }
-        return 1;
-    } else {
-        if (mode == DECRYPT_MODE_INTERACTIVE || mode == DECRYPT_MODE_FILE_TO_TEXT) {
-            printf("Pad integrity: VERIFIED\n");
-        }
+    // Pad integrity validation disabled for performance
+    // The checksum is already verified by matching the filename
+    // If you need to verify pad integrity, the pad file would need to be read entirely
+    // which is very slow for large pads (multi-GB files)
+    
+    // Skip integrity check - trust the filename checksum
+    if (mode == DECRYPT_MODE_INTERACTIVE || mode == DECRYPT_MODE_FILE_TO_TEXT) {
+        printf("Using pad: %s\n", stored_chksum);
     }
 
     // Decode base64 ciphertext
@@ -746,7 +719,6 @@ int encrypt_file(const char* pad_identifier, const char* input_file, const char*
         return 1;
     }
 
-    char chksum_hex[MAX_HASH_LENGTH];
     uint64_t current_offset;
 
     char pad_path[MAX_HASH_LENGTH + 20];
@@ -791,12 +763,8 @@ int encrypt_file(const char* pad_identifier, const char* input_file, const char*
         }
     }
 
-    // Calculate XOR checksum of pad file
-    if (calculate_checksum(pad_path, chksum_hex) != 0) {
-        printf("Error: Cannot calculate pad checksum\n");
-        free(pad_chksum);
-        return 1;
-    }
+    // Use pad_chksum directly - it's already the checksum from the filename
+    // No need to recalculate by reading the entire pad file
 
     // Check if we have enough pad space
     struct stat pad_stat;
@@ -927,7 +895,7 @@ int encrypt_file(const char* pad_identifier, const char* input_file, const char*
 
         // Use universal ASCII armor generator
         char* ascii_output;
-        if (generate_ascii_armor(chksum_hex, current_offset, encrypted_data, file_size, &ascii_output) != 0) {
+        if (generate_ascii_armor(pad_chksum, current_offset, encrypted_data, file_size, &ascii_output) != 0) {
             printf("Error: Failed to generate ASCII armor\n");
             fclose(output_fp);
             free(encrypted_data);
@@ -961,7 +929,7 @@ int encrypt_file(const char* pad_identifier, const char* input_file, const char*
         // Pad checksum: 32 bytes (binary)
         unsigned char pad_chksum_bin[32];
         for (int i = 0; i < 32; i++) {
-            sscanf(chksum_hex + i*2, "%2hhx", &pad_chksum_bin[i]);
+            sscanf(pad_chksum + i*2, "%2hhx", &pad_chksum_bin[i]);
         }
         fwrite(pad_chksum_bin, 1, 32, output_fp);
 

src/entropy.c

@@ -15,8 +15,8 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../nostr_chacha20.h"
-#include "../include/otp.h"
+#include "nostr_chacha20.h"
+#include "main.h"
 
 
 // In-place pad entropy addition using Chacha20 or direct XOR
@@ -82,7 +82,7 @@ int add_entropy_direct_xor(const char* pad_chksum, const unsigned char* entropy_
 
     if (display_progress) {
         printf("Adding entropy to pad using direct XOR...\n");
-        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1024.0*1024.0*1024.0), pad_size);
+        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1000.0*1000.0*1000.0), pad_size);
         printf("Entropy size: %zu bytes\n", entropy_size);
     }
 
@@ -212,15 +212,29 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
 
     if (display_progress) {
         printf("Adding entropy to pad using Chacha20...\n");
-        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1024.0*1024.0*1024.0), pad_size);
+        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1000.0*1000.0*1000.0), pad_size);
     }
 
     // Process pad in chunks
     unsigned char buffer[64 * 1024]; // 64KB chunks
     unsigned char keystream[64 * 1024];
     uint64_t offset = 0;
-    uint32_t counter = 0;
+    uint32_t counter_low = 0;
+    uint32_t counter_high = 0;
     time_t start_time = time(NULL);
+    
+    // Use extended counter for pads larger than 256GB
+    // 256GB = 2^32 blocks * 64 bytes = 274,877,906,944 bytes
+    int use_extended = (pad_size > 274877906944ULL);
+    
+    // For extended mode, use reduced 8-byte nonce
+    unsigned char nonce_reduced[8];
+    if (use_extended) {
+        memcpy(nonce_reduced, nonce + 4, 8);
+        if (display_progress) {
+            printf("Using extended counter mode for large pad (>256GB)\n");
+        }
+    }
 
     while (offset < pad_size) {
         size_t chunk_size = sizeof(buffer);
@@ -237,7 +251,15 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
         }
 
         // Generate keystream for this chunk
-        if (chacha20_encrypt(key, counter, nonce, buffer, keystream, chunk_size) != 0) {
+        int chacha_result;
+        if (use_extended) {
+            chacha_result = chacha20_encrypt_extended(key, counter_low, counter_high,
+                                                      nonce_reduced, buffer, keystream, chunk_size);
+        } else {
+            chacha_result = chacha20_encrypt(key, counter_low, nonce, buffer, keystream, chunk_size);
+        }
+        
+        if (chacha_result != 0) {
             printf("Error: Chacha20 keystream generation failed\n");
             fclose(pad_file);
             chmod(pad_path, S_IRUSR);
@@ -265,7 +287,16 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
         }
 
         offset += chunk_size;
-        counter += (chunk_size + 63) / 64; // Round up for block count
+        
+        // Update counters
+        uint32_t blocks = (chunk_size + 63) / 64; // Round up for block count
+        uint32_t old_counter_low = counter_low;
+        counter_low += blocks;
+        
+        // Check for overflow and increment high counter
+        if (counter_low < old_counter_low) {
+            counter_high++;
+        }
 
         // Show progress for large pads
         if (display_progress && offset % (64 * 1024 * 1024) == 0) { // Every 64MB
@@ -282,7 +313,8 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
 
     if (display_progress) {
         show_progress(pad_size, pad_size, start_time);
-        printf("\n✓ Entropy successfully added to pad using Chacha20\n");
+        printf("\n✓ Entropy successfully added to pad using Chacha20%s\n",
+               use_extended ? " (extended counter)" : "");
         printf("✓ Pad integrity maintained\n");
         printf("✓ %zu bytes of entropy distributed across entire pad\n", entropy_size);
         printf("✓ Pad restored to read-only mode\n");
@@ -457,20 +489,17 @@ int derive_chacha20_params(const unsigned char* entropy_data, size_t entropy_siz
     return 0; // Success
 }
 
-// Collect entropy from binary file
-int collect_file_entropy(unsigned char* entropy_buffer, size_t target_bytes,
-                        size_t* collected_bytes, int display_progress) {
+// Get file path and size information for entropy collection
+int get_file_entropy_info(char* file_path, size_t max_path_len, size_t* file_size, int display_progress) {
     if (display_progress) {
         print_centered_header("File Entropy Collection", 0);
         printf("Load entropy from binary file (.bin format)\n");
-        printf("Target: %zu bytes\n", target_bytes);
     }
 
     printf("Enter path to binary entropy file: ");
     fflush(stdout);
 
-    char file_path[512];
-    if (!fgets(file_path, sizeof(file_path), stdin)) {
+    if (!fgets(file_path, max_path_len, stdin)) {
         printf("Error: Failed to read input\n");
         return 1;
     }
@@ -490,12 +519,31 @@ int collect_file_entropy(unsigned char* entropy_buffer, size_t target_bytes,
         return 1;
     }
 
-    size_t file_size = file_stat.st_size;
-    if (file_size == 0) {
+    *file_size = file_stat.st_size;
+    if (*file_size == 0) {
         printf("Error: File is empty\n");
         return 1;
     }
 
+    if (display_progress) {
+        printf("✓ File found: %s\n", file_path);
+        printf("  Size: %zu bytes\n", *file_size);
+    }
+
+    return 0; // Success
+}
+
+// Collect entropy from binary file (legacy function for backward compatibility)
+int collect_file_entropy(unsigned char* entropy_buffer, size_t target_bytes,
+                        size_t* collected_bytes, int display_progress) {
+    char file_path[512];
+    size_t file_size;
+
+    // Get file path and size first
+    if (get_file_entropy_info(file_path, sizeof(file_path), &file_size, display_progress) != 0) {
+        return 1;
+    }
+
     if (file_size < target_bytes) {
         printf("Warning: File size (%zu bytes) is smaller than target (%zu bytes)\n",
                file_size, target_bytes);
@@ -544,6 +592,131 @@ int collect_file_entropy(unsigned char* entropy_buffer, size_t target_bytes,
     return 0; // Success
 }
 
+// Add file entropy directly to pad using streaming (for large files)
+int add_file_entropy_streaming(const char* pad_chksum, const char* file_path, size_t file_size, int display_progress) {
+    // Get pad file path
+    char pad_path[1024];
+    char state_path[1024];
+    get_pad_path(pad_chksum, pad_path, state_path);
+
+    // Check if pad exists and get size
+    struct stat pad_stat;
+    if (stat(pad_path, &pad_stat) != 0) {
+        printf("Error: Pad file not found: %s\n", pad_path);
+        return 1;
+    }
+
+    uint64_t pad_size = pad_stat.st_size;
+
+    // Open entropy file for reading
+    FILE* entropy_file = fopen(file_path, "rb");
+    if (!entropy_file) {
+        printf("Error: Cannot open entropy file '%s' for reading\n", file_path);
+        return 1;
+    }
+
+    // Open pad file for read/write
+    FILE* pad_file = fopen(pad_path, "r+b");
+    if (!pad_file) {
+        printf("Error: Cannot open pad file for modification: %s\n", pad_path);
+        fclose(entropy_file);
+        return 1;
+    }
+
+    if (display_progress) {
+        printf("Adding entropy to pad using streaming direct XOR...\n");
+        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1000.0*1000.0*1000.0), pad_size);
+        printf("Entropy file: %.2f GB (%zu bytes)\n", (double)file_size / (1000.0*1000.0*1000.0), file_size);
+    }
+
+    // Process in chunks
+    unsigned char pad_buffer[64 * 1024];
+    unsigned char entropy_buffer[64 * 1024];
+    uint64_t offset = 0;
+    size_t entropy_offset = 0;
+    time_t start_time = time(NULL);
+
+    while (offset < pad_size) {
+        size_t chunk_size = sizeof(pad_buffer);
+        if (pad_size - offset < chunk_size) {
+            chunk_size = pad_size - offset;
+        }
+
+        // Read current pad data
+        if (fread(pad_buffer, 1, chunk_size, pad_file) != chunk_size) {
+            printf("Error: Cannot read pad data at offset %lu\n", offset);
+            fclose(entropy_file);
+            fclose(pad_file);
+            return 1;
+        }
+
+        // Read entropy data (wrap around if file smaller than pad)
+        size_t entropy_read = 0;
+        while (entropy_read < chunk_size) {
+            size_t to_read = chunk_size - entropy_read;
+            if (to_read > sizeof(entropy_buffer)) {
+                to_read = sizeof(entropy_buffer);
+            }
+
+            size_t read_bytes = fread(entropy_buffer, 1, to_read, entropy_file);
+            if (read_bytes == 0) {
+                // Reached end of entropy file, wrap around
+                fseek(entropy_file, 0, SEEK_SET);
+                entropy_offset = 0;
+                read_bytes = fread(entropy_buffer, 1, to_read, entropy_file);
+                if (read_bytes == 0) {
+                    printf("Error: Cannot read from entropy file\n");
+                    fclose(entropy_file);
+                    fclose(pad_file);
+                    return 1;
+                }
+            }
+
+            // XOR this chunk
+            for (size_t i = 0; i < read_bytes; i++) {
+                pad_buffer[entropy_read + i] ^= entropy_buffer[i];
+            }
+
+            entropy_read += read_bytes;
+            entropy_offset += read_bytes;
+        }
+
+        // Seek back and write modified data
+        if (fseek(pad_file, offset, SEEK_SET) != 0) {
+            printf("Error: Cannot seek to offset %lu\n", offset);
+            fclose(entropy_file);
+            fclose(pad_file);
+            return 1;
+        }
+
+        if (fwrite(pad_buffer, 1, chunk_size, pad_file) != chunk_size) {
+            printf("Error: Cannot write modified pad data\n");
+            fclose(entropy_file);
+            fclose(pad_file);
+            return 1;
+        }
+
+        offset += chunk_size;
+
+        // Show progress for large pads
+        if (display_progress && offset % (64 * 1024 * 1024) == 0) {
+            show_progress(offset, pad_size, start_time);
+        }
+    }
+
+    fclose(entropy_file);
+    fclose(pad_file);
+
+    if (display_progress) {
+        show_progress(pad_size, pad_size, start_time);
+        printf("\n✓ Entropy successfully added to pad using streaming direct XOR\n");
+        printf("✓ Pad integrity maintained\n");
+        printf("✓ %zu bytes of entropy distributed across entire pad\n", file_size);
+    }
+
+    return 0;
+}
+
 // Collect entropy by source type with unified interface
 int collect_entropy_by_source(entropy_source_t source, unsigned char* entropy_buffer,
                               size_t target_bytes, size_t* collected_bytes, int display_progress) {

src/main.c

@@ -15,7 +15,7 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../include/otp.h"
+#include "main.h"
 
 int main(int argc, char* argv[]) {
     // Initialize terminal dimensions first
@@ -241,7 +241,7 @@ int command_line_mode(int argc, char* argv[]) {
 }
 
 void print_usage(const char* program_name) {
-    printf("OTP Cipher - One Time Pad Implementation v0.3.16\n");
+    printf("OTP Cipher - One Time Pad Implementation %s\n", OTP_VERSION);
     printf("Built for testing entropy system\n");
     printf("Usage:\n");
     printf("  %s                                         - Interactive mode\n", program_name);

src/main.h

@@ -1,12 +1,12 @@
-#ifndef OTP_H
-#define OTP_H
+#ifndef MAIN_H
+#define MAIN_H
 
 ////////////////////////////////////////////////////////////////////////////////
-//      OTP CIPHER - FUNCTION PROTOTYPES HEADER
-//      One Time Pad Implementation v0.2.109
-//      
-//      This header file contains all function prototypes extracted from otp.c
-//      Organized by functional categories for better maintainability
+//      OTP CIPHER - MAIN HEADER FILE
+//      One Time Pad Implementation
+//
+//      This header file contains all function prototypes and type definitions
+//      for the OTP Cipher project
 ////////////////////////////////////////////////////////////////////////////////
 
 #include <stdio.h>
@@ -22,6 +22,9 @@
 #include <string.h>
 #include <ctype.h>
 
+// Version - Updated automatically by build.sh
+#define OTP_VERSION "v0.3.45"
+
 // Constants
 #define MAX_INPUT_SIZE 4096
 #define MAX_LINE_LENGTH 1024
@@ -127,6 +130,7 @@ char* get_preferred_editor(void);
 char* get_preferred_file_manager(void);
 int launch_text_editor(const char* initial_content, char* result_buffer, size_t buffer_size);
 int launch_file_manager(const char* start_directory, char* selected_file, size_t buffer_size);
+int launch_directory_manager(const char* start_directory, char* selected_dir, size_t buffer_size);
 
 ////////////////////////////////////////////////////////////////////////////////
 //      CORE CRYPTOGRAPHIC OPERATIONS
@@ -164,36 +168,23 @@ void display_entropy_progress(const entropy_collection_state_t* state);
 void draw_progress_bar(double percentage, int width);
 void draw_quality_bar(double quality, int width, const char* label);
 
-// TrueRNG Device Constants (updated to match otp.c implementation)
-#define TRUERNG_VID "04D8"
-#define TRUERNG_PID "F5FE"
-#define TRUERNGPRO_VID "16D0"
-#define TRUERNGPRO_PID "0AA0"
-#define TRUERNGPROV2_VID "04D8"
-#define TRUERNGPROV2_PID "EBB5"
+// Hardware RNG Device Constants (lowercase to match sysfs output)
+#define TRUERNG_VID "04d8"
+#define TRUERNG_ORIGINAL_PID "f5fe"
+#define TRUERNG_PRO_PID "0aa0"
+#define TRUERNG_PRO_V2_PID "ebb5"
 
-// SwiftRNG Device Constants (same VID/PID as TrueRNG devices)
-#define SWIFT_RNG_VID "04D8"
-#define SWIFT_RNG_PID "F5FE"
-#define SWIFT_RNG_PRO_VID "16D0"
-#define SWIFT_RNG_PRO_PID "0AA0"
-#define SWIFT_RNG_PRO_V2_VID "04D8"
-#define SWIFT_RNG_PRO_V2_PID "EBB5"
-
-// TrueRNG/SwiftRNG Device Type enumeration
+// Hardware RNG Device Type enumeration
 typedef enum {
     TRUERNG_ORIGINAL = 1,
     TRUERNG_PRO = 2,
-    TRUERNG_PRO_V2 = 3,
-    SWIFT_RNG = 4,
-    SWIFT_RNG_PRO = 5,
-    SWIFT_RNG_PRO_V2 = 6
-} truerng_device_type_t;
+    TRUERNG_PRO_V2 = 3
+} hardware_rng_device_type_t;
 
 // Hardware RNG device information structure
 typedef struct {
     char port_path[256];              // Device port path (e.g., /dev/ttyUSB0)
-    truerng_device_type_t device_type; // Device type identifier
+    hardware_rng_device_type_t device_type; // Device type identifier
     char friendly_name[64];           // Human-readable device name
     int is_working;                   // 1 if device passes basic test, 0 otherwise
 } hardware_rng_device_t;
@@ -202,21 +193,27 @@ typedef struct {
 int detect_all_hardware_rng_devices(hardware_rng_device_t* devices, int max_devices, int* num_devices_found);
 int test_hardware_rng_device(const hardware_rng_device_t* device);
 int select_hardware_rng_device_interactive(hardware_rng_device_t* devices, int num_devices, hardware_rng_device_t* selected_device);
-int find_truerng_port(char* port_path, size_t port_path_size, truerng_device_type_t* device_type); // Legacy function for backward compatibility
+int find_truerng_port(char* port_path, size_t port_path_size, hardware_rng_device_type_t* device_type); // Legacy function for backward compatibility
 
 // TrueRNG entropy collection functions (updated to match implementation)
+int configure_rng_serial_port(int fd, hardware_rng_device_type_t device_type);
 int setup_truerng_serial_port(const char* port_path);
 int collect_truerng_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
 int collect_truerng_entropy_from_device(const hardware_rng_device_t* device, unsigned char* entropy_buffer,
                                        size_t target_bytes, size_t* collected_bytes, int display_progress);
 int collect_truerng_entropy_streaming_from_device(const hardware_rng_device_t* device, const char* pad_chksum,
                                                  size_t total_bytes, int display_progress, int entropy_mode);
-const char* get_truerng_device_name(truerng_device_type_t device_type);
+const char* get_truerng_device_name(hardware_rng_device_type_t device_type);
 int read_usb_device_info(const char* port_name, char* vid, char* pid);
 
 // Dice entropy collection functions (updated to match implementation)
 int collect_dice_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
 
+// File entropy collection functions
+int get_file_entropy_info(char* file_path, size_t max_path_len, size_t* file_size, int display_progress);
+int collect_file_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
+int add_file_entropy_streaming(const char* pad_chksum, const char* file_path, size_t file_size, int display_progress);
+
 // Unified entropy collection interface (updated to match implementation)
 int collect_entropy_by_source(entropy_source_t source, unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress);
 
@@ -242,6 +239,23 @@ int update_pad_checksum_after_entropy(const char* old_chksum, char* new_chksum);
 int rename_pad_files_safely(const char* old_chksum, const char* new_chksum);
 int is_pad_unused(const char* pad_chksum);
 
+////////////////////////////////////////////////////////////////////////////////
+//      DIRECTORY ARCHIVING AND COMPRESSION FUNCTIONS
+////////////////////////////////////////////////////////////////////////////////
+
+// Directory encryption/decryption (TAR + GZIP + OTP)
+int encrypt_directory(const char* dir_path, const char* pad_identifier, const char* output_file);
+int decrypt_and_extract_directory(const char* encrypted_file, const char* output_dir);
+int is_compressed_tar_archive(const char* file_path);
+
+// TAR archive operations
+int create_tar_archive(const char* dir_path, const char* tar_output_path);
+int extract_tar_archive(const char* tar_path, const char* output_dir);
+
+// Compression operations
+int compress_file_gzip(const char* input_path, const char* output_path);
+int decompress_file_gzip(const char* input_path, const char* output_path);
+
 ////////////////////////////////////////////////////////////////////////////////
 //      DIRECTORY MANAGEMENT FUNCTIONS
 ////////////////////////////////////////////////////////////////////////////////
@@ -318,6 +332,7 @@ int handle_decrypt_menu(void);
 int handle_pads_menu(void);
 int handle_text_encrypt(void);
 int handle_file_encrypt(void);
+int handle_directory_encrypt(void);
 int handle_verify_pad(const char* pad_chksum);
 int handle_delete_pad(const char* pad_chksum);
 
@@ -342,4 +357,4 @@ char* select_pad_interactive(const char* title, const char* prompt, pad_filter_t
 // Help and usage display
 void print_usage(const char* program_name);
 
-#endif // OTP_H
+#endif // MAIN_H

src/nostr_chacha20.c

@@ -129,8 +129,8 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
     return 0;
 }
 
-int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
-                     const uint8_t nonce[12], const uint8_t* input, 
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
+                     const uint8_t nonce[12], const uint8_t* input,
                      uint8_t* output, size_t length) {
     uint8_t keystream[CHACHA20_BLOCK_SIZE];
     size_t offset = 0;
@@ -161,3 +161,45 @@ int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
     
     return 0;
 }
+
+int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
+                               uint32_t counter_high, const uint8_t nonce[8],
+                               const uint8_t* input, uint8_t* output, size_t length) {
+    uint8_t keystream[CHACHA20_BLOCK_SIZE];
+    uint8_t extended_nonce[12];
+    size_t offset = 0;
+    
+    while (length > 0) {
+        /* Build extended 12-byte nonce: [counter_high (4 bytes)][nonce (8 bytes)] */
+        u32_to_bytes_le(counter_high, extended_nonce);
+        memcpy(extended_nonce + 4, nonce, 8);
+        
+        /* Generate keystream block using extended nonce */
+        int ret = chacha20_block(key, counter_low, extended_nonce, keystream);
+        if (ret != 0) {
+            return ret;
+        }
+        
+        /* XOR with input to produce output */
+        size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
+        for (size_t i = 0; i < block_len; i++) {
+            output[offset + i] = input[offset + i] ^ keystream[i];
+        }
+        
+        /* Move to next block */
+        offset += block_len;
+        length -= block_len;
+        counter_low++;
+        
+        /* Check for counter_low overflow and increment counter_high */
+        if (counter_low == 0) {
+            counter_high++;
+            /* Check for counter_high overflow (extremely unlikely - > 1 exabyte) */
+            if (counter_high == 0) {
+                return -1; /* Extended counter wrapped around */
+            }
+        }
+    }
+    
+    return 0;
+}

src/nostr_chacha20.h

@@ -63,10 +63,10 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
 
 /**
  * ChaCha20 encryption/decryption
- * 
+ *
  * Encrypts or decrypts data using ChaCha20 stream cipher.
  * Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
- * 
+ *
  * @param key[in]           32-byte key
  * @param counter[in]       Initial 32-bit counter value
  * @param nonce[in]         12-byte nonce
@@ -75,10 +75,29 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
  * @param length[in]        Length of input data in bytes
  * @return                  0 on success, negative on error
  */
-int chacha20_encrypt(const uint8_t key[32], uint32_t counter, 
-                     const uint8_t nonce[12], const uint8_t* input, 
+int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
+                     const uint8_t nonce[12], const uint8_t* input,
                      uint8_t* output, size_t length);
 
+/**
+ * ChaCha20 encryption/decryption with extended counter (64-bit)
+ *
+ * Extended version that supports files larger than 256GB by using
+ * part of the nonce as a high-order counter extension.
+ *
+ * @param key[in]           32-byte key
+ * @param counter_low[in]   Initial 32-bit counter value (low bits)
+ * @param counter_high[in]  Initial 32-bit counter value (high bits)
+ * @param nonce[in]         8-byte reduced nonce (instead of 12)
+ * @param input[in]         Input data to encrypt/decrypt
+ * @param output[out]       Output buffer (can be same as input)
+ * @param length[in]        Length of input data in bytes
+ * @return                  0 on success, negative on error
+ */
+int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
+                               uint32_t counter_high, const uint8_t nonce[8],
+                               const uint8_t* input, uint8_t* output, size_t length);
+
 /*
  * ============================================================================
  * UTILITY FUNCTIONS

src/pads.c

@@ -15,17 +15,20 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../include/otp.h"
+#include <errno.h>
+#include "main.h"
 
 
 // Extracted pad management functions from otp.c
 
 int show_pad_info(const char* chksum) {
-    char pad_filename[MAX_HASH_LENGTH + 10];
-    char state_filename[MAX_HASH_LENGTH + 10];
+    char pad_filename[1024];
+    char state_filename[1024];
 
-    snprintf(pad_filename, sizeof(pad_filename), "%s.pad", chksum);
-    snprintf(state_filename, sizeof(state_filename), "%s.state", chksum);
+    // Use full paths with pads directory
+    const char* pads_dir = get_current_pads_dir();
+    snprintf(pad_filename, sizeof(pad_filename), "%s/%s.pad", pads_dir, chksum);
+    snprintf(state_filename, sizeof(state_filename), "%s/%s.state", pads_dir, chksum);
 
     struct stat st;
     if (stat(pad_filename, &st) != 0) {
@@ -40,9 +43,9 @@ int show_pad_info(const char* chksum) {
     printf("ChkSum: %s\n", chksum);
     printf("File: %s\n", pad_filename);
 
-    double size_gb = (double)st.st_size / (1024.0 * 1024.0 * 1024.0);
-    double used_gb = (double)used_bytes / (1024.0 * 1024.0 * 1024.0);
-    double remaining_gb = (double)(st.st_size - used_bytes) / (1024.0 * 1024.0 * 1024.0);
+    double size_gb = (double)st.st_size / (1000.0 * 1000.0 * 1000.0);
+    double used_gb = (double)used_bytes / (1000.0 * 1000.0 * 1000.0);
+    double remaining_gb = (double)(st.st_size - used_bytes) / (1000.0 * 1000.0 * 1000.0);
 
     printf("Total size: %.2f GB (%lu bytes)\n", size_gb, st.st_size);
     printf("Used: %.2f GB (%lu bytes)\n", used_gb, used_bytes);
@@ -82,13 +85,40 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
         return 1;
     }
 
+    // Check available disk space before starting
+    const char* pads_dir = get_current_pads_dir();
+    struct statvfs stat;
+    if (statvfs(pads_dir, &stat) == 0) {
+        // Use f_bavail (available to non-root users) for accurate space reporting
+        // This accounts for filesystem reserved space (e.g., 5% on ext4)
+        uint64_t available_bytes = stat.f_bavail * stat.f_frsize;
+        double available_gb = (double)available_bytes / (1000.0 * 1000.0 * 1000.0);
+        double required_gb = (double)size_bytes / (1000.0 * 1000.0 * 1000.0);
+        
+        if (available_bytes < size_bytes) {
+            printf("\n⚠ WARNING: Insufficient disk space!\n");
+            printf("  Required: %.2f GB (%lu bytes)\n", required_gb, size_bytes);
+            printf("  Available: %.2f GB (%lu bytes)\n", available_gb, available_bytes);
+            printf("  Shortfall: %.2f GB\n", required_gb - available_gb);
+            printf("  Location: %s\n", pads_dir);
+            printf("\nContinue anyway? (y/N): ");
+            
+            char response[10];
+            if (!fgets(response, sizeof(response), stdin) ||
+                (toupper(response[0]) != 'Y')) {
+                printf("Pad generation cancelled.\n");
+                return 1;
+            }
+            printf("\n");
+        }
+    }
+
     char temp_filename[1024];
     char pad_path[MAX_HASH_LENGTH + 20];
     char state_path[MAX_HASH_LENGTH + 20];
     char chksum_hex[MAX_HASH_LENGTH];
 
     // Create temporary filename in the pads directory to avoid cross-filesystem issues
-    const char* pads_dir = get_current_pads_dir();
     snprintf(temp_filename, sizeof(temp_filename), "%s/temp_%ld.pad", pads_dir, time(NULL));
 
     FILE* urandom = fopen("/dev/urandom", "rb");
@@ -99,11 +129,54 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
 
     FILE* pad_file = fopen(temp_filename, "wb");
     if (!pad_file) {
-        printf("Error: Cannot create temporary pad file %s\n", temp_filename);
+        printf("Error: Cannot create temporary pad file '%s': %s (errno %d)\n",
+               temp_filename, strerror(errno), errno);
         fclose(urandom);
         return 1;
     }
 
+    // Preallocate full file size using posix_fallocate for guaranteed space reservation
+    // This actually allocates disk blocks (unlike ftruncate which creates sparse files)
+    int fd = fileno(pad_file);
+    double size_gb = (double)size_bytes / (1000.0 * 1000.0 * 1000.0);
+    
+    if (display_progress) {
+        printf("Allocating %.2f GB on disk...\n", size_gb);
+    }
+    
+    int alloc_result = posix_fallocate(fd, 0, (off_t)size_bytes);
+    if (alloc_result != 0) {
+        printf("Error: Failed to allocate %.2f GB temp file: %s (errno %d)\n",
+               size_gb, strerror(alloc_result), alloc_result);
+        printf("  Temp file: %s\n", temp_filename);
+        printf("  Location: %s\n", pads_dir);
+        
+        if (alloc_result == ENOSPC) {
+            printf("  Cause: No space left on device\n");
+            printf("  This means the actual available space is less than reported\n");
+        } else if (alloc_result == EOPNOTSUPP) {
+            printf("  Cause: Filesystem doesn't support posix_fallocate\n");
+            printf("  Falling back to ftruncate (sparse file)...\n");
+            if (ftruncate(fd, (off_t)size_bytes) != 0) {
+                printf("  Fallback failed: %s\n", strerror(errno));
+                fclose(pad_file);
+                fclose(urandom);
+                unlink(temp_filename);
+                return 1;
+            }
+        } else {
+            printf("  Possible causes: quota limits, filesystem restrictions\n");
+            fclose(pad_file);
+            fclose(urandom);
+            unlink(temp_filename);
+            return 1;
+        }
+    }
+
+    if (display_progress && alloc_result == 0) {
+        printf("✓ Allocated %.2f GB on disk (guaranteed space)\n", size_gb);
+    }
+
     unsigned char buffer[64 * 1024]; // 64KB buffer
     uint64_t bytes_written = 0;
     time_t start_time = time(NULL);
@@ -119,7 +192,8 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
         }
 
         if (fread(buffer, 1, (size_t)chunk_size, urandom) != (size_t)chunk_size) {
-            printf("Error: Failed to read from /dev/urandom\n");
+            printf("Error: Failed to read %lu bytes from /dev/urandom at position %lu: %s (errno %d)\n",
+                   chunk_size, bytes_written, strerror(errno), errno);
             fclose(urandom);
             fclose(pad_file);
             unlink(temp_filename);
@@ -127,7 +201,11 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
         }
 
         if (fwrite(buffer, 1, (size_t)chunk_size, pad_file) != (size_t)chunk_size) {
-            printf("Error: Failed to write to pad file\n");
+            printf("Error: fwrite failed for %lu bytes at position %lu/%lu (%.1f%%): %s (errno %d)\n",
+                   chunk_size, bytes_written, size_bytes,
+                   (double)bytes_written / size_bytes * 100.0, strerror(errno), errno);
+            printf("  Temp file: %s\n", temp_filename);
+            printf("  Disk space was checked - possible causes: fragmentation, I/O timeout, quota\n");
             fclose(urandom);
             fclose(pad_file);
             unlink(temp_filename);
@@ -175,10 +253,10 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
     }
 
     // Initialize state file with offset 32 (first 32 bytes reserved for checksum encryption)
-    FILE* state_file = fopen(state_path, "wb");
+    FILE* state_file = fopen(state_path, "w");
     if (state_file) {
         uint64_t reserved_bytes = 32;
-        fwrite(&reserved_bytes, sizeof(uint64_t), 1, state_file);
+        fprintf(state_file, "offset=%lu\n", reserved_bytes);
         fclose(state_file);
     } else {
         printf("Error: Failed to create state file\n");
@@ -186,8 +264,10 @@ int generate_pad(uint64_t size_bytes, int display_progress) {
         return 1;
     }
 
-    double size_gb = (double)size_bytes / (1024.0 * 1024.0 * 1024.0);
-    printf("Generated pad: %s (%.2f GB)\n", pad_path, size_gb);
+    if (display_progress) {
+        double final_size_gb = (double)size_bytes / (1000.0 * 1000.0 * 1000.0);
+        printf("Generated pad: %s (%.2f GB)\n", pad_path, final_size_gb);
+    }
     printf("Pad checksum: %s\n", chksum_hex);
     printf("State file: %s\n", state_path);
     printf("Pad file set to read-only\n");
@@ -206,19 +286,33 @@ int read_state_offset(const char* pad_chksum, uint64_t* offset) {
     const char* pads_dir = get_current_pads_dir();
     snprintf(state_filename, sizeof(state_filename), "%s/%s.state", pads_dir, pad_chksum);
 
-    FILE* state_file = fopen(state_filename, "rb");
+    FILE* state_file = fopen(state_filename, "r");
     if (!state_file) {
         *offset = 0;
         return 0;
     }
 
-    if (fread(offset, sizeof(uint64_t), 1, state_file) != 1) {
+    // Read text format only (required format: "offset=<number>")
+    char line[128];
+    if (fgets(line, sizeof(line), state_file)) {
+        // Check if it's text format (starts with "offset=")
+        if (strncmp(line, "offset=", 7) == 0) {
+            *offset = strtoull(line + 7, NULL, 10);
+            fclose(state_file);
+            return 0;
+        }
+        
+        // Not in proper text format - error
         fclose(state_file);
+        fprintf(stderr, "Error: State file '%s' is not in proper text format\n", state_filename);
+        fprintf(stderr, "Expected format: offset=<number>\n");
+        fprintf(stderr, "Please convert old binary state files to text format\n");
         *offset = 0;
-        return 0;
+        return 1;
     }
 
     fclose(state_file);
+    *offset = 0;
     return 0;
 }
 
@@ -227,12 +321,13 @@ int write_state_offset(const char* pad_chksum, uint64_t offset) {
     const char* pads_dir = get_current_pads_dir();
     snprintf(state_filename, sizeof(state_filename), "%s/%s.state", pads_dir, pad_chksum);
 
-    FILE* state_file = fopen(state_filename, "wb");
+    FILE* state_file = fopen(state_filename, "w");
     if (!state_file) {
         return 1;
     }
 
-    if (fwrite(&offset, sizeof(uint64_t), 1, state_file) != 1) {
+    // Write in text format for human readability
+    if (fprintf(state_file, "offset=%lu\n", offset) < 0) {
         fclose(state_file);
         return 1;
     }
@@ -331,25 +426,25 @@ char* select_pad_interactive(const char* title, const char* prompt, pad_filter_t
                 }
 
                 // Format total size
-                if (st.st_size < 1024) {
+                if (st.st_size < 1000) {
                     snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%luB", st.st_size);
-                } else if (st.st_size < 1024 * 1024) {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fKB", (double)st.st_size / 1024.0);
-                } else if (st.st_size < 1024 * 1024 * 1024) {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fMB", (double)st.st_size / (1024.0 * 1024.0));
+                } else if (st.st_size < 1000 * 1000) {
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fKB", (double)st.st_size / 1000.0);
+                } else if (st.st_size < 1000 * 1000 * 1000) {
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fMB", (double)st.st_size / (1000.0 * 1000.0));
                 } else {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.2fGB", (double)st.st_size / (1024.0 * 1024.0 * 1024.0));
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.2fGB", (double)st.st_size / (1000.0 * 1000.0 * 1000.0));
                 }
 
                 // Format used size
-                if (used_bytes < 1024) {
+                if (used_bytes < 1000) {
                     snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%luB", used_bytes);
-                } else if (used_bytes < 1024 * 1024) {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fKB", (double)used_bytes / 1024.0);
-                } else if (used_bytes < 1024 * 1024 * 1024) {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fMB", (double)used_bytes / (1024.0 * 1024.0));
+                } else if (used_bytes < 1000 * 1000) {
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fKB", (double)used_bytes / 1000.0);
+                } else if (used_bytes < 1000 * 1000 * 1000) {
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fMB", (double)used_bytes / (1000.0 * 1000.0));
                 } else {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.2fGB", (double)used_bytes / (1024.0 * 1024.0 * 1024.0));
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.2fGB", (double)used_bytes / (1000.0 * 1000.0 * 1000.0));
                 }
 
                 // Calculate percentage
@@ -375,6 +470,13 @@ char* select_pad_interactive(const char* title, const char* prompt, pad_filter_t
         return NULL;
     }
 
+    // If only one pad available, auto-select it
+    if (pad_count == 1) {
+        printf("\n%s\n", title);
+        printf("Only one pad available - auto-selecting: %.16s...\n\n", pads[0].chksum);
+        return strdup(pads[0].chksum);
+    }
+
     // Calculate minimal unique prefixes for each pad
     char prefixes[100][65];
     int prefix_lengths[100];
@@ -531,6 +633,27 @@ int handle_pads_menu(void) {
 
     // Get list of pads from current directory
     const char* pads_dir = get_current_pads_dir();
+    
+    // Display directory and space information
+    printf("Pads Directory: %s\n", pads_dir);
+    
+    // Get filesystem space information
+    struct statvfs vfs_stat;
+    if (statvfs(pads_dir, &vfs_stat) == 0) {
+        uint64_t total_bytes = vfs_stat.f_blocks * vfs_stat.f_frsize;
+        uint64_t available_bytes = vfs_stat.f_bavail * vfs_stat.f_frsize;
+        uint64_t used_bytes = total_bytes - (vfs_stat.f_bfree * vfs_stat.f_frsize);
+        
+        double total_gb = (double)total_bytes / (1000.0 * 1000.0 * 1000.0);
+        double available_gb = (double)available_bytes / (1000.0 * 1000.0 * 1000.0);
+        double used_gb = (double)used_bytes / (1000.0 * 1000.0 * 1000.0);
+        double used_percent = (double)used_bytes / total_bytes * 100.0;
+        
+        printf("Drive Space: %.2f GB total, %.2f GB used (%.1f%%), %.2f GB available\n",
+               total_gb, used_gb, used_percent, available_gb);
+    }
+    printf("\n");
+    
     DIR* dir = opendir(pads_dir);
     if (!dir) {
         printf("Error: Cannot open pads directory %s\n", pads_dir);
@@ -566,25 +689,25 @@ int handle_pads_menu(void) {
                 read_state_offset(pads[pad_count].chksum, &used_bytes);
 
                 // Format total size
-                if (st.st_size < 1024) {
+                if (st.st_size < 1000) {
                     snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%luB", st.st_size);
-                } else if (st.st_size < 1024 * 1024) {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fKB", (double)st.st_size / 1024.0);
-                } else if (st.st_size < 1024 * 1024 * 1024) {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fMB", (double)st.st_size / (1024.0 * 1024.0));
+                } else if (st.st_size < 1000 * 1000) {
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fKB", (double)st.st_size / 1000.0);
+                } else if (st.st_size < 1000 * 1000 * 1000) {
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.1fMB", (double)st.st_size / (1000.0 * 1000.0));
                 } else {
-                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.2fGB", (double)st.st_size / (1024.0 * 1024.0 * 1024.0));
+                    snprintf(pads[pad_count].size_str, sizeof(pads[pad_count].size_str), "%.2fGB", (double)st.st_size / (1000.0 * 1000.0 * 1000.0));
                 }
 
                 // Format used size
-                if (used_bytes < 1024) {
+                if (used_bytes < 1000) {
                     snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%luB", used_bytes);
-                } else if (used_bytes < 1024 * 1024) {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fKB", (double)used_bytes / 1024.0);
-                } else if (used_bytes < 1024 * 1024 * 1024) {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fMB", (double)used_bytes / (1024.0 * 1024.0));
+                } else if (used_bytes < 1000 * 1000) {
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fKB", (double)used_bytes / 1000.0);
+                } else if (used_bytes < 1000 * 1000 * 1000) {
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.1fMB", (double)used_bytes / (1000.0 * 1000.0));
                 } else {
-                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.2fGB", (double)used_bytes / (1024.0 * 1024.0 * 1024.0));
+                    snprintf(pads[pad_count].used_str, sizeof(pads[pad_count].used_str), "%.2fGB", (double)used_bytes / (1000.0 * 1000.0 * 1000.0));
                 }
 
                 // Calculate percentage
@@ -874,12 +997,14 @@ int update_pad_checksum_after_entropy(const char* old_chksum, char* new_chksum)
 
 // Verify pad integrity by checking its checksum
 int handle_verify_pad(const char* chksum) {
-    char pad_filename[MAX_HASH_LENGTH + 10];
-    char state_filename[MAX_HASH_LENGTH + 10];
+    char pad_filename[1024];
+    char state_filename[1024];
     char calculated_chksum[MAX_HASH_LENGTH];
 
-    snprintf(pad_filename, sizeof(pad_filename), "%s.pad", chksum);
-    snprintf(state_filename, sizeof(state_filename), "%s.state", chksum);
+    // Use full paths with pads directory
+    const char* pads_dir = get_current_pads_dir();
+    snprintf(pad_filename, sizeof(pad_filename), "%s/%s.pad", pads_dir, chksum);
+    snprintf(state_filename, sizeof(state_filename), "%s/%s.state", pads_dir, chksum);
 
     struct stat st;
     if (stat(pad_filename, &st) != 0) {
@@ -894,9 +1019,9 @@ int handle_verify_pad(const char* chksum) {
     printf("ChkSum: %s\n", chksum);
     printf("File: %s\n", pad_filename);
 
-    double size_gb = (double)st.st_size / (1024.0 * 1024.0 * 1024.0);
-    double used_gb = (double)used_bytes / (1024.0 * 1024.0 * 1024.0);
-    double remaining_gb = (double)(st.st_size - used_bytes) / (1024.0 * 1024.0 * 1024.0);
+    double size_gb = (double)st.st_size / (1000.0 * 1000.0 * 1000.0);
+    double used_gb = (double)used_bytes / (1000.0 * 1000.0 * 1000.0);
+    double remaining_gb = (double)(st.st_size - used_bytes) / (1000.0 * 1000.0 * 1000.0);
 
     printf("Total size: %.2f GB (%lu bytes)\n", size_gb, st.st_size);
     printf("Used: %.2f GB (%lu bytes)\n", used_gb, used_bytes);
@@ -927,11 +1052,13 @@ int handle_verify_pad(const char* chksum) {
 
 // Delete a pad and its associated state file
 int handle_delete_pad(const char* chksum) {
-    char pad_filename[MAX_HASH_LENGTH + 10];
-    char state_filename[MAX_HASH_LENGTH + 10];
+    char pad_filename[1024];
+    char state_filename[1024];
 
-    snprintf(pad_filename, sizeof(pad_filename), "%s.pad", chksum);
-    snprintf(state_filename, sizeof(state_filename), "%s.state", chksum);
+    // Use full paths with pads directory
+    const char* pads_dir = get_current_pads_dir();
+    snprintf(pad_filename, sizeof(pad_filename), "%s/%s.pad", pads_dir, chksum);
+    snprintf(state_filename, sizeof(state_filename), "%s/%s.state", pads_dir, chksum);
 
     // Check if pad exists
     if (access(pad_filename, F_OK) != 0) {
@@ -960,7 +1087,7 @@ int handle_delete_pad(const char* chksum) {
         uint64_t used_bytes;
         read_state_offset(chksum, &used_bytes);
 
-        double size_gb = (double)st.st_size / (1024.0 * 1024.0 * 1024.0);
+        double size_gb = (double)st.st_size / (1000.0 * 1000.0 * 1000.0);
         printf("\nPad to delete:\n");
         printf("Checksum: %s\n", chksum);
         printf("Size: %.2f GB\n", size_gb);
@@ -1021,6 +1148,61 @@ int handle_delete_pad(const char* chksum) {
     return 0;
 }
 
+// Helper function to temporarily make pad writable and store original permissions
+static int make_pad_temporarily_writable(const char* pad_path, mode_t* original_mode) {
+    struct stat st;
+    
+    // Get current permissions
+    if (stat(pad_path, &st) != 0) {
+        printf("Error: Cannot get pad file permissions: %s\n", strerror(errno));
+        return 1;
+    }
+    
+    // Store original permissions
+    *original_mode = st.st_mode;
+    
+    // Check if already writable
+    if (st.st_mode & S_IWUSR) {
+        return 0; // Already writable, no change needed
+    }
+    
+    // Make writable by adding write permission for owner
+    mode_t new_mode = st.st_mode | S_IWUSR;
+    if (chmod(pad_path, new_mode) != 0) {
+        printf("Error: Cannot make pad file writable: %s\n", strerror(errno));
+        return 1;
+    }
+    
+    printf("✓ Temporarily made pad writable for entropy addition\n");
+    return 0;
+}
+
+// Helper function to restore original pad permissions
+static int restore_pad_permissions(const char* pad_path, mode_t original_mode) {
+    struct stat st;
+    
+    // Get current permissions to check if they changed
+    if (stat(pad_path, &st) != 0) {
+        printf("Warning: Cannot check current pad permissions: %s\n", strerror(errno));
+        return 1;
+    }
+    
+    // Only restore if permissions are different from original
+    if (st.st_mode != original_mode) {
+        if (chmod(pad_path, original_mode) != 0) {
+            printf("Warning: Cannot restore original pad permissions: %s\n", strerror(errno));
+            return 1;
+        }
+        
+        // Check if we restored to read-only
+        if (!(original_mode & S_IWUSR)) {
+            printf("✓ Restored pad to read-only protection\n");
+        }
+    }
+    
+    return 0;
+}
+
 int handle_add_entropy_to_pad(const char* pad_chksum) {
     char header_text[128];
     snprintf(header_text, sizeof(header_text), "Add Entropy to Pad: %.16s...", pad_chksum);
@@ -1075,11 +1257,13 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
 
     size_t target_bytes;
 
+    // Declare variables that may be used later
+    char pad_path[1024] = "";
+    char state_path[1024] = "";
+
     // For TrueRNG, automatically use the full pad size
     if (entropy_source == ENTROPY_SOURCE_TRUERNG) {
         // Get the pad file size
-        char pad_path[1024];
-        char state_path[1024];
         get_pad_path(pad_chksum, pad_path, state_path);
 
         struct stat pad_stat;
@@ -1089,17 +1273,98 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
         }
 
         target_bytes = (size_t)pad_stat.st_size;
-        printf("\nTrueRNG selected - will enhance entire pad with hardware entropy\n");
+        printf("\nHardware RNG selected - will enhance entire pad with hardware entropy\n");
         printf("Pad size: %.2f GB (%zu bytes)\n",
-               (double)target_bytes / (1024.0 * 1024.0 * 1024.0), target_bytes);
+                (double)target_bytes / (1000.0 * 1000.0 * 1000.0), target_bytes);
+    } else if (entropy_source == ENTROPY_SOURCE_FILE) {
+        // Special handling for file entropy - ask for file path first
+        char file_path[512];
+        size_t file_size;
+
+        if (get_file_entropy_info(file_path, sizeof(file_path), &file_size, 1) != 0) {
+            return 1;
+        }
+
+        // Get pad size for comparison
+        get_pad_path(pad_chksum, pad_path, state_path);
+        struct stat pad_stat;
+        if (stat(pad_path, &pad_stat) != 0) {
+            printf("Error: Cannot get pad file size\n");
+            return 1;
+        }
+        uint64_t pad_size = pad_stat.st_size;
+
+        printf("\nFile vs Pad Size Analysis:\n");
+        printf("  Entropy file: %zu bytes\n", file_size);
+        printf("  Target pad: %.2f GB (%lu bytes)\n",
+               (double)pad_size / (1000.0 * 1000.0 * 1000.0), pad_size);
+
+        // Smart method selection based on file size vs pad size
+        if (file_size >= pad_size) {
+            printf("✓ Using Streaming Direct XOR method (file ≥ pad size)\n");
+            printf("  Method: Streaming XOR - entropy file will be distributed across entire pad\n");
+            printf("  Processing: File will be streamed in chunks (no memory limit)\n");
+            
+            // Store original permissions and make pad temporarily writable
+            mode_t original_mode;
+            if (make_pad_temporarily_writable(pad_path, &original_mode) != 0) {
+                printf("Error: Cannot make pad file writable for entropy addition\n");
+                return 1;
+            }
+            
+            // Use streaming method for large files
+            int result = add_file_entropy_streaming(pad_chksum, file_path, file_size, 1);
+            
+            if (result != 0) {
+                printf("Error: Failed to add file entropy to pad\n");
+                restore_pad_permissions(pad_path, original_mode);
+                return 1;
+            }
+            
+            // Update checksum after entropy addition
+            printf("\n🔄 Updating pad checksum...\n");
+            char new_chksum[65];
+            int checksum_result = update_pad_checksum_after_entropy(pad_chksum, new_chksum);
+            
+            if (checksum_result == 0) {
+                printf("✓ Pad checksum updated successfully\n");
+                printf("  Old checksum: %.16s...\n", pad_chksum);
+                printf("  New checksum: %.16s...\n", new_chksum);
+                printf("✓ Pad files renamed to new checksum\n");
+                
+                // Restore permissions on the new pad file
+                char new_pad_path[1024];
+                const char* pads_dir = get_current_pads_dir();
+                snprintf(new_pad_path, sizeof(new_pad_path), "%s/%s.pad", pads_dir, new_chksum);
+                restore_pad_permissions(new_pad_path, original_mode);
+            } else if (checksum_result == 2) {
+                printf("ℹ Checksum unchanged (unusual but not an error)\n");
+                restore_pad_permissions(pad_path, original_mode);
+            } else {
+                printf("⚠ Warning: Checksum update failed (entropy was added successfully)\n");
+                printf("  You may need to manually handle the checksum update\n");
+                restore_pad_permissions(pad_path, original_mode);
+                return 1;
+            }
+            
+            printf("\n🎉 SUCCESS! Your pad now has enhanced randomness from the entropy file!\n");
+            print_centered_header("Entropy Enhancement Complete", 1);
+            
+            return 0; // Success - exit early, don't continue to buffer-based method
+        } else {
+            printf("✓ Using ChaCha20 method (file < pad size)\n");
+            printf("  Method: ChaCha20 - entropy will be expanded to fill entire pad\n");
+            target_bytes = file_size; // Use entire file, ChaCha20 will expand it
+        }
+
+        printf("  Target entropy: %zu bytes\n", target_bytes);
     } else {
         // For other entropy sources, show the selection menu
         printf("\nEntropy collection options:\n");
         printf(" 1. Recommended (2048 bytes) - Optimal security\n");
         printf(" 2. Minimum (1024 bytes) - Good security\n");
-        printf(" 3. Maximum (4096 bytes) - Maximum security\n");
-        printf(" 4. Custom amount\n");
-        printf("Enter choice (1-4): ");
+        printf(" 3. Custom amount\n");
+        printf("Enter choice (1-3): ");
 
         char amount_input[10];
         if (!fgets(amount_input, sizeof(amount_input), stdin)) {
@@ -1118,10 +1383,7 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
                 target_bytes = 1024;
                 break;
             case 3:
-                target_bytes = 4096;
-                break;
-            case 4:
-                printf("Enter custom amount (512-8192 bytes): ");
+                printf("Enter custom amount (512+ bytes): ");
                 char custom_input[32];
                 if (!fgets(custom_input, sizeof(custom_input), stdin)) {
                     printf("Error: Failed to read input\n");
@@ -1129,8 +1391,8 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
                 }
 
                 size_t custom_amount = (size_t)atoi(custom_input);
-                if (custom_amount < 512 || custom_amount > 8192) {
-                    printf("Error: Invalid amount. Must be between 512 and 8192 bytes.\n");
+                if (custom_amount < 512) {
+                    printf("Error: Invalid amount. Must be at least 512 bytes.\n");
                     return 1;
                 }
                 target_bytes = custom_amount;
@@ -1143,11 +1405,146 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
 
     // For TrueRNG, detect all devices and present selection menu
     if (entropy_source == ENTROPY_SOURCE_TRUERNG) {
+        // Detect available hardware RNG devices
+        hardware_rng_device_t devices[10];
+        int num_devices_found = 0;
+
+        if (detect_all_hardware_rng_devices(devices, 10, &num_devices_found) != 0) {
+            printf("Error: Failed to detect hardware RNG devices\n");
+            return 1;
+        }
+
+        if (num_devices_found == 0) {
+            printf("No hardware RNG devices found.\n");
+            printf("\nSupported devices:\n");
+            printf("  - TrueRNG Original (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_ORIGINAL_PID);
+            printf("  - TrueRNG Pro (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_PRO_PID);
+            printf("  - TrueRNG Pro V2 (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_PRO_V2_PID);
+            printf("\nPlease connect a TrueRNG or SwiftRNG device and try again.\n");
+            return 1;
+        }
+
+        // Select device interactively
+        hardware_rng_device_t selected_device;
+        if (select_hardware_rng_device_interactive(devices, num_devices_found, &selected_device) != 0) {
+            printf("Device selection cancelled.\n");
+            return 1;
+        }
+
+        // Test device speed and estimate completion time
+        printf("\nTesting %s connection and speed...\n", selected_device.friendly_name);
+        printf("Device: %s (Type: %d)\n", selected_device.port_path, selected_device.device_type);
+
+        // Test with smaller amount (10KB) to avoid hanging on slow/unresponsive devices
+        const size_t test_bytes = 10 * 1024; // 10KB test (reduced from 100KB)
+        unsigned char* test_buffer = malloc(test_bytes);
+        if (!test_buffer) {
+            printf("Error: Cannot allocate test buffer\n");
+            return 1;
+        }
+
+        size_t test_collected = 0;
+        time_t test_start = time(NULL);
+
+        // Use non-blocking test to avoid hanging
+        int test_result = collect_truerng_entropy_from_device(&selected_device, test_buffer, test_bytes, &test_collected, 0);
+
+        time_t test_end = time(NULL);
+        double test_time = difftime(test_end, test_start);
+
+        free(test_buffer);
+
+        if (test_result != 0) {
+            printf("Error: Device test failed - cannot establish connection\n");
+            printf("This may be due to:\n");
+            printf("  - Device not properly connected\n");
+            printf("  - Incorrect device type identification\n");
+            printf("  - Serial port configuration issues\n");
+            printf("  - Device requires different baud rate or settings\n");
+            return 1;
+        }
+
+        if (test_collected == 0) {
+            printf("Error: Device returned no data - check device connection and type\n");
+            return 1;
+        }
+
+        if (test_time < 1.0) {
+            test_time = 1.0; // Minimum 1 second to avoid division by zero
+        }
+
+        // Calculate speed and estimate completion time
+        double bytes_per_second = test_collected / test_time;
+        double estimated_seconds = target_bytes / bytes_per_second;
+        double estimated_minutes = estimated_seconds / 60.0;
+        double estimated_hours = estimated_minutes / 60.0;
+
+        printf("✓ Device test successful!\n");
+        printf("  Test collected: %zu bytes in %.1f seconds\n", test_collected, test_time);
+        printf("  Speed: %.1f KB/s (%.1f MB/s)\n", bytes_per_second / 1000.0, bytes_per_second / (1000.0 * 1000.0));
+
+        printf("\nPad enhancement estimate:\n");
+        printf("  Pad size: %.2f GB (%zu bytes)\n", (double)target_bytes / (1000.0 * 1000.0 * 1000.0), target_bytes);
+
+        if (estimated_hours >= 1.0) {
+            printf("  Estimated time: %.1f hours\n", estimated_hours);
+        } else if (estimated_minutes >= 1.0) {
+            printf("  Estimated time: %.1f minutes\n", estimated_minutes);
+        } else {
+            printf("  Estimated time: %.1f seconds\n", estimated_seconds);
+        }
+
+        // Store original permissions and make pad temporarily writable
+        mode_t original_mode;
+        if (make_pad_temporarily_writable(pad_path, &original_mode) != 0) {
+            // If we can't make it writable, check if it's a filesystem issue
+            if (access(pad_path, F_OK) == 0 && access(pad_path, W_OK) != 0) {
+                printf("\nError: Cannot make pad file writable: %s\n", pad_path);
+                printf("Reason: %s\n", strerror(errno));
+
+                if (errno == EROFS) {
+                    printf("The filesystem appears to be read-only.\n");
+                    printf("This commonly occurs with:\n");
+                    printf("  - USB drives mounted read-only\n");
+                    printf("  - CD-ROM/DVD drives\n");
+                    printf("  - Network filesystems with read-only access\n");
+                } else if (errno == EACCES) {
+                    printf("Permission denied. Check file permissions.\n");
+                }
+
+                printf("\nTo fix this issue:\n");
+                printf("1. Remount the drive read-write: sudo mount -o remount,rw %s\n", pad_path);
+                printf("2. Copy the pad to local storage, enhance it, then copy back\n");
+                printf("3. Check file permissions: ls -la '%s'\n", pad_path);
+            }
+            return 1;
+        }
+
+        // Ask user for confirmation
+        printf("\n⚠ This will modify the entire pad file and update its checksum.\n");
+        printf("The process cannot be interrupted once started.\n");
+        printf("\nDo you want to continue with hardware entropy enhancement? (y/N): ");
+
+        char confirm_input[10];
+        if (!fgets(confirm_input, sizeof(confirm_input), stdin)) {
+            printf("Error: Failed to read input\n");
+            return 1;
+        }
+
+        if (toupper(confirm_input[0]) != 'Y') {
+            printf("Hardware entropy enhancement cancelled.\n");
+            return 0;
+        }
+
+        printf("\nStarting hardware entropy enhancement...\n");
+
         // Use streaming collection with selected device
-        int result = collect_truerng_entropy_streaming_from_device(NULL, pad_chksum, target_bytes, 1, 1);
+        int result = collect_truerng_entropy_streaming_from_device(&selected_device, pad_chksum, target_bytes, 1, 1);
 
         if (result != 0) {
             printf("Error: TrueRNG streaming entropy collection failed\n");
+            // Restore original permissions before returning
+            restore_pad_permissions(pad_path, original_mode);
             return 1;
         }
 
@@ -1161,11 +1558,21 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
             printf("  Old checksum: %.16s...\n", pad_chksum);
             printf("  New checksum: %.16s...\n", new_chksum);
             printf("✓ Pad files renamed to new checksum\n");
+            
+            // Restore permissions on the new pad file
+            char new_pad_path[1024];
+            const char* pads_dir = get_current_pads_dir();
+            snprintf(new_pad_path, sizeof(new_pad_path), "%s/%s.pad", pads_dir, new_chksum);
+            restore_pad_permissions(new_pad_path, original_mode);
         } else if (checksum_result == 2) {
             printf("ℹ Checksum unchanged (unusual but not an error)\n");
+            // Restore original permissions
+            restore_pad_permissions(pad_path, original_mode);
         } else {
             printf("⚠ Warning: Checksum update failed (entropy was added successfully)\n");
             printf("  You may need to manually handle the checksum update\n");
+            // Restore original permissions before returning
+            restore_pad_permissions(pad_path, original_mode);
             return 1;
         }
 
@@ -1205,6 +1612,21 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
 
     printf("\nProcessing entropy and modifying pad...\n");
 
+    // Get pad path and manage permissions for traditional entropy addition
+    if (strlen(pad_path) == 0) {
+        get_pad_path(pad_chksum, pad_path, state_path);
+    }
+    
+    // Store original permissions and make pad temporarily writable
+    mode_t original_mode;
+    if (make_pad_temporarily_writable(pad_path, &original_mode) != 0) {
+        printf("Error: Cannot make pad file writable for entropy addition\n");
+        // Clear entropy buffer for security
+        memset(entropy_buffer, 0, MAX_ENTROPY_BUFFER);
+        free(entropy_buffer);
+        return 1;
+    }
+
     // Add entropy to pad
     result = add_entropy_to_pad(pad_chksum, entropy_buffer, collected_bytes, 1);
 
@@ -1214,6 +1636,36 @@ int handle_add_entropy_to_pad(const char* pad_chksum) {
 
     if (result != 0) {
         printf("Error: Failed to add entropy to pad\n");
+        // Restore original permissions before returning
+        restore_pad_permissions(pad_path, original_mode);
+        return 1;
+    }
+
+    // Update checksum after entropy addition for traditional methods
+    printf("\n🔄 Updating pad checksum...\n");
+    char new_chksum[65];
+    int checksum_result = update_pad_checksum_after_entropy(pad_chksum, new_chksum);
+
+    if (checksum_result == 0) {
+        printf("✓ Pad checksum updated successfully\n");
+        printf("  Old checksum: %.16s...\n", pad_chksum);
+        printf("  New checksum: %.16s...\n", new_chksum);
+        printf("✓ Pad files renamed to new checksum\n");
+        
+        // Restore permissions on the new pad file
+        char new_pad_path[1024];
+        const char* pads_dir = get_current_pads_dir();
+        snprintf(new_pad_path, sizeof(new_pad_path), "%s/%s.pad", pads_dir, new_chksum);
+        restore_pad_permissions(new_pad_path, original_mode);
+    } else if (checksum_result == 2) {
+        printf("ℹ Checksum unchanged (unusual but not an error)\n");
+        // Restore original permissions
+        restore_pad_permissions(pad_path, original_mode);
+    } else {
+        printf("⚠ Warning: Checksum update failed (entropy was added successfully)\n");
+        printf("  You may need to manually handle the checksum update\n");
+        // Restore original permissions before returning
+        restore_pad_permissions(pad_path, original_mode);
         return 1;
     }
 

src/state.c

@@ -1,6 +1,6 @@
 #include <string.h>
 #include <stdlib.h>
-#include "../include/otp.h"
+#include "main.h"
 
 // Global state variables
 static char current_pads_dir[512] = DEFAULT_PADS_DIR;

src/trng.c

@@ -15,8 +15,9 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../nostr_chacha20.h"
-#include "../include/otp.h"
+#include <errno.h>
+#include "nostr_chacha20.h"
+#include "main.h"
 
 // Basic TrueRNG entropy collection function
 int collect_truerng_entropy(unsigned char* entropy_buffer, size_t target_bytes, size_t* collected_bytes, int display_progress) {
@@ -35,10 +36,10 @@ int collect_truerng_entropy(unsigned char* entropy_buffer, size_t target_bytes,
         if (display_progress) {
             printf("No hardware RNG devices found.\n");
             printf("\nSupported devices:\n");
-            printf("  - TrueRNG/SwiftRNG (PID: %s, VID: %s)\n", TRUERNG_VID, TRUERNG_PID);
-            printf("  - TrueRNGpro/SwiftRNGpro (PID: %s, VID: %s)\n", TRUERNGPRO_VID, TRUERNGPRO_PID);
-            printf("  - TrueRNGproV2/SwiftRNGproV2 (PID: %s, VID: %s)\n", TRUERNGPROV2_VID, TRUERNGPROV2_PID);
-            printf("\nPlease connect a TrueRNG or SwiftRNG device and try again.\n");
+            printf("  - TrueRNG Original (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_ORIGINAL_PID);
+            printf("  - TrueRNG Pro (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_PRO_PID);
+            printf("  - TrueRNG Pro V2 (VID: %s, PID: %s)\n", TRUERNG_VID, TRUERNG_PRO_V2_PID);
+            printf("\nPlease connect a TrueRNG device and try again.\n");
         }
         return 1;
     }
@@ -68,47 +69,504 @@ int collect_truerng_entropy(unsigned char* entropy_buffer, size_t target_bytes,
     return 0;
 }
 
-// Wrapper function to match the header declaration
-// Note: Full implementation moved to otp.c during modularization
-// This is a placeholder that should be implemented when the full streaming
-// functionality is moved to the trng module
+// Streaming entropy collection directly to pad file
 int collect_truerng_entropy_streaming_from_device(const hardware_rng_device_t* device, const char* pad_chksum,
                                                   size_t total_bytes, int display_progress, int entropy_mode) {
-    // For now, return an error - full implementation needs to be moved from otp.c
-    (void)device; // Suppress unused parameter warning
-    (void)pad_chksum;
-    (void)total_bytes;
-    (void)display_progress;
-    (void)entropy_mode;
+    (void)entropy_mode; // Suppress unused parameter warning
+    if (!device || !pad_chksum || total_bytes == 0) {
+        return 1; // Invalid parameters
+    }
 
-    fprintf(stderr, "Error: collect_truerng_entropy_streaming_from_device not yet implemented in modular version\n");
-    return 1; // Error
+
+    // Get pad file path
+    char pad_path[1024];
+    char state_path[1024];
+    get_pad_path(pad_chksum, pad_path, state_path);
+
+    // Check if pad exists and get size
+    struct stat pad_stat;
+    if (stat(pad_path, &pad_stat) != 0) {
+        if (display_progress) {
+            printf("Error: Pad file not found: %s\n", pad_path);
+        }
+        return 1;
+    }
+
+    uint64_t pad_size = pad_stat.st_size;
+    if (total_bytes > pad_size) {
+        if (display_progress) {
+            printf("Error: Requested entropy (%zu bytes) exceeds pad size (%lu bytes)\n", total_bytes, pad_size);
+        }
+        return 1;
+    }
+
+    // Open the RNG device
+    int device_fd = open(device->port_path, O_RDONLY | O_NOCTTY);
+    if (device_fd < 0) {
+        if (display_progress) {
+            printf("Error: Cannot open RNG device %s: %s\n", device->port_path, strerror(errno));
+        }
+        return 1;
+    }
+
+    // Configure serial port for this device type
+    if (configure_rng_serial_port(device_fd, device->device_type) != 0) {
+        if (display_progress) {
+            printf("Error: Failed to configure serial port for %s\n", device->friendly_name);
+        }
+        close(device_fd);
+        return 1;
+    }
+
+    // Standard delay for TrueRNG devices
+    usleep(100000); // 100ms
+
+    // Open pad file for read/write
+    FILE* pad_file = fopen(pad_path, "r+b");
+    if (!pad_file) {
+        if (display_progress) {
+            printf("Error: Cannot open pad file for modification: %s\n", pad_path);
+            printf("Reason: %s\n", strerror(errno));
+
+            // Provide additional diagnostics
+            if (errno == EROFS) {
+                printf("The filesystem appears to be read-only. Check if the drive is mounted read-only.\n");
+            } else if (errno == EACCES) {
+                printf("Permission denied. Check file permissions and mount options.\n");
+            } else if (errno == ENOENT) {
+                printf("File not found. The pad file may have been moved or deleted.\n");
+            } else if (errno == EISDIR) {
+                printf("Path is a directory, not a file.\n");
+            } else {
+                printf("This may be due to filesystem limitations or mount options.\n");
+            }
+
+            printf("\nTroubleshooting suggestions:\n");
+            printf("1. Ensure the external drive is mounted read-write: mount -o remount,rw /media/teknari/OTP_01\n");
+            printf("2. Check file permissions: ls -la '%s'\n", pad_path);
+            printf("3. Verify the drive supports the required operations\n");
+            printf("4. Try copying the pad to local storage, enhancing it, then copying back\n");
+        }
+        close(device_fd);
+        return 1;
+    }
+
+    if (display_progress) {
+        printf("Streaming entropy from %s to pad...\n", device->friendly_name);
+        printf("Pad size: %.2f GB (%lu bytes)\n", (double)pad_size / (1000.0*1000.0*1000.0), pad_size);
+        printf("Enhancing entire pad with hardware entropy\n");
+    }
+
+    // Process pad in chunks
+    unsigned char buffer[64 * 1024]; // 64KB chunks
+    size_t bytes_processed = 0;
+    time_t start_time = time(NULL);
+    int error_occurred = 0;
+
+    while (bytes_processed < total_bytes && !error_occurred) {
+        size_t chunk_size = sizeof(buffer);
+        if (total_bytes - bytes_processed < chunk_size) {
+            chunk_size = total_bytes - bytes_processed;
+        }
+
+        // Read entropy from device
+        ssize_t entropy_read = read(device_fd, buffer, chunk_size);
+        if (entropy_read < 0) {
+            if (errno == EINTR) {
+                continue; // Interrupted, try again
+            }
+            if (display_progress) {
+                printf("Error: Failed to read from TrueRNG device: %s\n", strerror(errno));
+                printf("Device may have been disconnected during operation.\n");
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        if (entropy_read == 0) {
+            if (display_progress) {
+                printf("Error: TrueRNG device returned no data (device disconnected?)\n");
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        // Read current pad data at this position
+        if (fseek(pad_file, bytes_processed, SEEK_SET) != 0) {
+            if (display_progress) {
+                printf("Error: Cannot seek to position %zu in pad file\n", bytes_processed);
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        unsigned char pad_data[64 * 1024];
+        size_t pad_read = fread(pad_data, 1, entropy_read, pad_file);
+        if (pad_read != (size_t)entropy_read) {
+            if (display_progress) {
+                printf("Error: Cannot read pad data at position %zu\n", bytes_processed);
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        // XOR entropy with existing pad data
+        for (size_t i = 0; i < (size_t)entropy_read; i++) {
+            pad_data[i] ^= buffer[i];
+        }
+
+        // Seek back and write modified data
+        if (fseek(pad_file, bytes_processed, SEEK_SET) != 0) {
+            if (display_progress) {
+                printf("Error: Cannot seek back to position %zu in pad file\n", bytes_processed);
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        if (fwrite(pad_data, 1, entropy_read, pad_file) != (size_t)entropy_read) {
+            if (display_progress) {
+                printf("Error: Cannot write modified pad data\n");
+            }
+            error_occurred = 1;
+            break;
+        }
+
+        bytes_processed += entropy_read;
+
+        // Show progress for large pads
+        if (display_progress && bytes_processed % (64 * 1024 * 1024) == 0) { // Every 64MB
+            show_progress(bytes_processed, total_bytes, start_time);
+        }
+    }
+
+    close(device_fd);
+    fclose(pad_file);
+
+    if (error_occurred) {
+        return 1;
+    }
+
+    if (display_progress) {
+        show_progress(total_bytes, total_bytes, start_time);
+        printf("\n✓ Successfully streamed %zu bytes of hardware entropy to pad\n", bytes_processed);
+    }
+
+    return 0;
 }
 
 // Detect all available hardware RNG devices
 int detect_all_hardware_rng_devices(hardware_rng_device_t* devices, int max_devices, int* num_devices_found) {
     *num_devices_found = 0;
 
-    // For now, return empty list - full implementation would scan /dev for TrueRNG devices
-    // This is a placeholder that should be implemented when the full TRNG functionality
-    // is moved to the trng module
+    // Scan /dev directory for serial devices (ttyUSB*, ttyACM*)
+    DIR* dev_dir = opendir("/dev");
+    if (!dev_dir) {
+        return 1; // Error opening /dev
+    }
 
-    (void)devices; // Suppress unused parameter warning
-    (void)max_devices;
+    struct dirent* entry;
+    while ((entry = readdir(dev_dir)) != NULL && *num_devices_found < max_devices) {
+        // Check for serial device patterns
+        if (strncmp(entry->d_name, "ttyUSB", 6) == 0 || strncmp(entry->d_name, "ttyACM", 6) == 0) {
+            char device_path[512]; // Increased buffer size to prevent truncation
+            int ret = snprintf(device_path, sizeof(device_path), "/dev/%s", entry->d_name);
+            if (ret >= (int)sizeof(device_path)) {
+                continue; // Skip if path would be truncated
+            }
 
-    return 0; // Success but no devices found
+            // Check if this is a TrueRNG/SwiftRNG device by reading VID/PID
+            char vid[5], pid[5];
+            if (read_usb_device_info(device_path, vid, pid) == 0) {
+                hardware_rng_device_type_t device_type = 0;
+
+                // Check against known TrueRNG VID/PID combinations
+                if (strcmp(vid, TRUERNG_VID) == 0 && strcmp(pid, TRUERNG_ORIGINAL_PID) == 0) {
+                    device_type = TRUERNG_ORIGINAL;
+                } else if (strcmp(vid, TRUERNG_VID) == 0 && strcmp(pid, TRUERNG_PRO_PID) == 0) {
+                    device_type = TRUERNG_PRO;
+                } else if (strcmp(vid, TRUERNG_VID) == 0 && strcmp(pid, TRUERNG_PRO_V2_PID) == 0) {
+                    device_type = TRUERNG_PRO_V2;
+                }
+
+                if (device_type != 0) {
+                    // Found a TrueRNG/SwiftRNG device
+                    hardware_rng_device_t* device = &devices[*num_devices_found];
+
+                    strncpy(device->port_path, device_path, sizeof(device->port_path) - 1);
+                    device->device_type = device_type;
+                    strncpy(device->friendly_name, get_truerng_device_name(device_type), sizeof(device->friendly_name) - 1);
+
+                    // Assume device is working if VID/PID matches (no test needed)
+                    device->is_working = 1;
+
+                    (*num_devices_found)++;
+                }
+            }
+        }
+    }
+
+    closedir(dev_dir);
+    return 0; // Success
+}
+
+// Configure serial port for different RNG device types
+int configure_rng_serial_port(int fd, hardware_rng_device_type_t device_type) {
+    (void)device_type; // Suppress unused parameter warning - all TrueRNG devices use same config
+    struct termios tty;
+
+    if (tcgetattr(fd, &tty) != 0) {
+        return 1; // Error getting terminal attributes
+    }
+
+    // TrueRNG configuration - traditional serial settings
+    // TrueRNG devices: 115200 baud, 8N1, no flow control
+    cfsetospeed(&tty, B115200);
+    cfsetispeed(&tty, B115200);
+    tty.c_cflag = (tty.c_cflag & ~CSIZE) | CS8;     // 8-bit chars
+    tty.c_cflag |= CLOCAL | CREAD;                   // ignore modem controls, enable reading
+    tty.c_cflag &= ~(PARENB | PARODD);              // no parity
+    tty.c_cflag &= ~CSTOPB;                          // 1 stop bit
+    tty.c_cflag &= ~CRTSCTS;                         // no hardware flow control
+    tty.c_iflag &= ~(IXON | IXOFF | IXANY);          // no software flow control
+    tty.c_iflag &= ~(ICANON | ECHO | ECHOE | ISIG);  // raw mode
+    tty.c_oflag &= ~OPOST;                           // raw output
+
+    // Set timeouts for TrueRNG
+    tty.c_cc[VMIN] = 1;   // read at least 1 character
+    tty.c_cc[VTIME] = 10; // 1 second timeout
+
+    if (tcsetattr(fd, TCSANOW, &tty) != 0) {
+        return 1; // Error setting terminal attributes
+    }
+
+    // Flush any existing data
+    tcflush(fd, TCIOFLUSH);
+
+    return 0; // Success
 }
 
 // Collect entropy from a specific TrueRNG device
 int collect_truerng_entropy_from_device(const hardware_rng_device_t* device, unsigned char* entropy_buffer,
                                        size_t target_bytes, size_t* collected_bytes, int display_progress) {
-    // For now, return an error - full implementation needs to be moved from otp.c
-    (void)device; // Suppress unused parameter warning
-    (void)entropy_buffer;
-    (void)target_bytes;
-    (void)collected_bytes;
-    (void)display_progress;
+    if (!device || !entropy_buffer || !collected_bytes || target_bytes == 0) {
+        return 1; // Invalid parameters
+    }
 
-    fprintf(stderr, "Error: collect_truerng_entropy_from_device not yet implemented in modular version\n");
-    return 1; // Error
-}
+
+    // Open the TrueRNG device
+    int device_fd = open(device->port_path, O_RDONLY | O_NOCTTY);
+    if (device_fd < 0) {
+        if (display_progress) {
+            printf("Error: Cannot open RNG device %s: %s\n", device->port_path, strerror(errno));
+        }
+        return 1;
+    }
+
+    // Configure serial port for this device type
+    if (configure_rng_serial_port(device_fd, device->device_type) != 0) {
+        if (display_progress) {
+            printf("Error: Failed to configure serial port for %s\n", device->friendly_name);
+        }
+        close(device_fd);
+        return 1;
+    }
+
+    // Standard delay for TrueRNG devices
+    usleep(100000); // 100ms
+
+    if (display_progress) {
+        printf("Collecting %zu bytes from %s...\n", target_bytes, device->friendly_name);
+    }
+
+    // Read entropy data with timeout protection
+    size_t total_read = 0;
+    time_t start_time = time(NULL);
+    time_t last_progress_time = start_time;
+
+    while (total_read < target_bytes) {
+        // Check for overall timeout (5 minutes max for large collections)
+        time_t current_time = time(NULL);
+        if (difftime(current_time, start_time) > 300) { // 5 minutes timeout
+            if (display_progress) {
+                printf("Error: Collection timeout - device may be unresponsive\n");
+            }
+            close(device_fd);
+            return 1;
+        }
+
+        size_t remaining = target_bytes - total_read;
+        size_t chunk_size = (remaining > 4096) ? 4096 : remaining; // Read in 4KB chunks
+
+        ssize_t bytes_read = read(device_fd, entropy_buffer + total_read, chunk_size);
+        if (bytes_read < 0) {
+            if (errno == EINTR) {
+                continue; // Interrupted, try again
+            }
+            if (errno == EAGAIN || errno == EWOULDBLOCK) {
+                // Timeout occurred, check if we have enough data for a test
+                if (total_read > 0 && target_bytes > 1024) {
+                    // For testing purposes, we have enough data
+                    break;
+                }
+                // For small collections, this is an error
+                if (display_progress) {
+                    printf("Error: Device read timeout - no data received\n");
+                }
+                close(device_fd);
+                return 1;
+            }
+            if (display_progress) {
+                printf("Error: Failed to read from TrueRNG device: %s\n", strerror(errno));
+                printf("Device may have been disconnected.\n");
+            }
+            close(device_fd);
+            return 1;
+        }
+
+        if (bytes_read == 0) {
+            // End of data - this shouldn't happen for RNG devices
+            if (total_read == 0) {
+                if (display_progress) {
+                    printf("Error: TrueRNG device returned no data (device disconnected or misconfigured?)\n");
+                }
+                close(device_fd);
+                return 1;
+            } else {
+                // We have some data, might be enough for testing
+                break;
+            }
+        }
+
+        total_read += bytes_read;
+
+        // Show progress
+        if (display_progress && (total_read % 1024 == 0 || difftime(current_time, last_progress_time) >= 1)) {
+            show_progress(total_read, target_bytes, start_time);
+            last_progress_time = current_time;
+        }
+    }
+
+    close(device_fd);
+
+    if (display_progress) {
+        show_progress(target_bytes, target_bytes, start_time);
+        printf("\n✓ Successfully collected %zu bytes from TrueRNG device\n", total_read);
+    }
+
+    *collected_bytes = total_read;
+    return 0;
+}
+
+// Read USB device VID/PID information from sysfs
+int read_usb_device_info(const char* device_path, char* vid, char* pid) {
+    // Extract device name from path (e.g., /dev/ttyUSB0 -> ttyUSB0)
+    const char* device_name = strrchr(device_path, '/');
+    if (!device_name) device_name = device_path;
+    else device_name++; // Skip the '/'
+
+    // Construct sysfs path for USB device info
+    char sysfs_path[256];
+    snprintf(sysfs_path, sizeof(sysfs_path), "/sys/class/tty/%s/device/../idVendor", device_name);
+
+    FILE* vid_file = fopen(sysfs_path, "r");
+    if (!vid_file) {
+        return 1; // Cannot read VID
+    }
+
+    if (fscanf(vid_file, "%4s", vid) != 1) {
+        fclose(vid_file);
+        return 1; // Cannot parse VID
+    }
+    fclose(vid_file);
+
+    // Read PID
+    snprintf(sysfs_path, sizeof(sysfs_path), "/sys/class/tty/%s/device/../idProduct", device_name);
+    FILE* pid_file = fopen(sysfs_path, "r");
+    if (!pid_file) {
+        return 1; // Cannot read PID
+    }
+
+    if (fscanf(pid_file, "%4s", pid) != 1) {
+        fclose(pid_file);
+        return 1; // Cannot parse PID
+    }
+    fclose(pid_file);
+
+    return 0; // Success
+}
+
+// Get friendly name for hardware RNG device type
+const char* get_truerng_device_name(hardware_rng_device_type_t device_type) {
+    switch (device_type) {
+        case TRUERNG_ORIGINAL:
+            return "TrueRNG";
+        case TRUERNG_PRO:
+            return "TrueRNG Pro";
+        case TRUERNG_PRO_V2:
+            return "TrueRNG Pro V2";
+        default:
+            return "Unknown Hardware RNG Device";
+    }
+}
+
+// Test if a hardware RNG device is working by attempting to read from it
+int test_hardware_rng_device(const hardware_rng_device_t* device) {
+    int fd = open(device->port_path, O_RDONLY | O_NONBLOCK);
+    if (fd < 0) {
+        return 1; // Cannot open device
+    }
+
+    // Try to read a small amount of data
+    unsigned char test_buffer[16];
+    ssize_t bytes_read = read(fd, test_buffer, sizeof(test_buffer));
+
+    close(fd);
+
+    if (bytes_read <= 0) {
+        return 1; // Cannot read from device
+    }
+
+    return 0; // Device appears to be working
+}
+
+// Interactive device selection for hardware RNG
+int select_hardware_rng_device_interactive(hardware_rng_device_t* devices, int num_devices, hardware_rng_device_t* selected_device) {
+    if (num_devices == 0) {
+        printf("No hardware RNG devices found.\n");
+        return 1; // No devices available
+    }
+
+    if (num_devices == 1) {
+        // Only one device, use it automatically
+        *selected_device = devices[0];
+        printf("Using %s (%s)\n\n", devices[0].friendly_name, devices[0].port_path);
+        return 0;
+    }
+
+    // Multiple devices - let user choose
+    printf("\nAvailable Hardware RNG Devices:\n");
+    for (int i = 0; i < num_devices; i++) {
+        printf("%d. %s (%s)\n",
+               i + 1,
+               devices[i].friendly_name,
+               devices[i].port_path);
+    }
+
+    printf("\nSelect device (1-%d): ", num_devices);
+
+    char input[10];
+    if (fgets(input, sizeof(input), stdin) == NULL) {
+        return 1; // Input error
+    }
+
+    int choice = atoi(input);
+    if (choice < 1 || choice > num_devices) {
+        printf("Invalid selection.\n");
+        return 1;
+    }
+
+    *selected_device = devices[choice - 1];
+    printf("Selected: %s (%s)\n", selected_device->friendly_name, selected_device->port_path);
+    return 0;
+}

src/ui.c

@@ -15,7 +15,7 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../include/otp.h"
+#include "main.h"
 
 // Initialize terminal dimensions
 void init_terminal_dimensions(void) {
@@ -99,6 +99,9 @@ int interactive_mode(void) {
             case 'F':
                 handle_file_encrypt();
                 break;
+            case 'R':
+                handle_directory_encrypt();
+                break;
             case 'D':
                 handle_decrypt_menu();
                 break;
@@ -120,14 +123,17 @@ int interactive_mode(void) {
 
 void show_main_menu(void) {
     printf("\n");
-    print_centered_header("Main Menu - OTP v0.3.16", 0);
+    char header[64];
+    snprintf(header, sizeof(header), "Main Menu - OTP %s", OTP_VERSION);
+    print_centered_header(header, 0);
     printf("\n");
 
-    printf(" \033[4mT\033[0mext encrypt\n");    //TEXT ENCRYPT
-    printf(" \033[4mF\033[0mile encrypt\n");    //FILE ENCRYPT
-    printf(" \033[4mD\033[0mecrypt\n");         //DECRYPT
-    printf(" \033[4mP\033[0mads\n");            //PADS
-    printf(" E\033[4mx\033[0mit\n");            //EXIT
+    printf(" \033[4mT\033[0mext encrypt\n");       //TEXT ENCRYPT
+    printf(" \033[4mF\033[0mile encrypt\n");       //FILE ENCRYPT
+    printf(" Di\033[4mr\033[0mectory encrypt\n");  //DIRECTORY ENCRYPT
+    printf(" \033[4mD\033[0mecrypt\n");            //DECRYPT
+    printf(" \033[4mP\033[0mads\n");               //PADS
+    printf(" E\033[4mx\033[0mit\n");               //EXIT
     printf("\nSelect option: ");
 }
 
@@ -150,7 +156,7 @@ int handle_generate_menu(void) {
         return 1;
     }
 
-    double size_gb = (double)size / (1024.0 * 1024.0 * 1024.0);
+    double size_gb = (double)size / (1000.0 * 1000.0 * 1000.0);
     printf("Generating %.2f GB pad...\n", size_gb);
     printf("Note: Use 'Add entropy' in Pads menu to enhance randomness after creation.\n");
 
@@ -328,7 +334,15 @@ int handle_decrypt_menu(void) {
         temp_default[sizeof(temp_default) - 1] = '\0';
 
         // Remove common encrypted extensions to get a better default
-        if (strstr(temp_default, ".otp.asc")) {
+        if (strstr(temp_default, ".tar.gz.otp")) {
+            // Directory archive - remove .tar.gz.otp to get original directory name
+            char* ext_pos = strstr(temp_default, ".tar.gz.otp");
+            *ext_pos = '\0';
+        } else if (strstr(temp_default, ".tar.otp")) {
+            // Directory archive without compression - remove .tar.otp
+            char* ext_pos = strstr(temp_default, ".tar.otp");
+            *ext_pos = '\0';
+        } else if (strstr(temp_default, ".otp.asc")) {
             // Replace .otp.asc with original extension or no extension
             char* ext_pos = strstr(temp_default, ".otp.asc");
             *ext_pos = '\0';
@@ -350,7 +364,23 @@ int handle_decrypt_menu(void) {
             return 1;
         }
 
-        return decrypt_file(selected_file, output_file);
+        // Check if it's a directory archive
+        if (strstr(selected_file, ".tar.gz.otp") || strstr(selected_file, ".tar.otp")) {
+            // It's a directory archive - extract to directory
+            char extract_dir[512];
+            strncpy(extract_dir, output_file, sizeof(extract_dir) - 1);
+            extract_dir[sizeof(extract_dir) - 1] = '\0';
+            
+            // Remove .tar.gz.otp or .tar.otp extension to get directory name
+            char* ext = strstr(extract_dir, ".tar.gz.otp");
+            if (!ext) ext = strstr(extract_dir, ".tar.otp");
+            if (ext) *ext = '\0';
+            
+            printf("Extracting directory archive to: %s/\n", extract_dir);
+            return decrypt_and_extract_directory(selected_file, extract_dir);
+        } else {
+            return decrypt_file(selected_file, output_file);
+        }
     }
     else if (strncmp(input_line, "-----BEGIN OTP MESSAGE-----", 27) == 0) {
         // Looks like ASCII armor - collect the full message
@@ -380,7 +410,15 @@ int handle_decrypt_menu(void) {
             temp_default[sizeof(temp_default) - 1] = '\0';
 
             // Remove common encrypted extensions to get a better default
-            if (strstr(temp_default, ".otp.asc")) {
+            if (strstr(temp_default, ".tar.gz.otp")) {
+                // Directory archive - remove .tar.gz.otp to get original directory name
+                char* ext_pos = strstr(temp_default, ".tar.gz.otp");
+                *ext_pos = '\0';
+            } else if (strstr(temp_default, ".tar.otp")) {
+                // Directory archive without compression - remove .tar.otp
+                char* ext_pos = strstr(temp_default, ".tar.otp");
+                *ext_pos = '\0';
+            } else if (strstr(temp_default, ".otp.asc")) {
                 // Replace .otp.asc with original extension or no extension
                 char* ext_pos = strstr(temp_default, ".otp.asc");
                 *ext_pos = '\0';
@@ -402,7 +440,23 @@ int handle_decrypt_menu(void) {
                 return 1;
             }
 
-            return decrypt_file(input_line, output_file);
+            // Check if it's a directory archive
+            if (strstr(input_line, ".tar.gz.otp") || strstr(input_line, ".tar.otp")) {
+                // It's a directory archive - extract to directory
+                char extract_dir[512];
+                strncpy(extract_dir, output_file, sizeof(extract_dir) - 1);
+                extract_dir[sizeof(extract_dir) - 1] = '\0';
+                
+                // Remove .tar.gz.otp or .tar.otp extension to get directory name
+                char* ext = strstr(extract_dir, ".tar.gz.otp");
+                if (!ext) ext = strstr(extract_dir, ".tar.otp");
+                if (ext) *ext = '\0';
+                
+                printf("Extracting directory archive to: %s/\n", extract_dir);
+                return decrypt_and_extract_directory(input_line, extract_dir);
+            } else {
+                return decrypt_file(input_line, output_file);
+            }
         } else {
             printf("Input not recognized as ASCII armor or valid file path.\n");
             return 1;
@@ -499,5 +553,79 @@ int handle_file_encrypt(void) {
 
     int result = encrypt_file(selected_pad, input_file, output_filename, ascii_armor);
     free(selected_pad);
+    return result;
+}
+
+int handle_directory_encrypt(void) {
+    printf("\n");
+    print_centered_header("Directory Encrypt", 0);
+
+    // Directory selection options
+    printf("\nDirectory selection options:\n");
+    printf(" 1. Type directory path directly\n");
+    printf(" 2. Use file manager (navigate to directory)\n");
+    printf("Enter choice (1-2): ");
+
+    char choice_input[10];
+    char dir_path[512];
+
+    if (!fgets(choice_input, sizeof(choice_input), stdin)) {
+        printf("Error: Failed to read input\n");
+        return 1;
+    }
+
+    if (atoi(choice_input) == 2) {
+        // Use directory manager
+        if (launch_directory_manager(".", dir_path, sizeof(dir_path)) != 0) {
+            printf("Falling back to manual directory path entry.\n");
+            printf("Enter directory path to encrypt: ");
+            if (!fgets(dir_path, sizeof(dir_path), stdin)) {
+                printf("Error: Failed to read input\n");
+                return 1;
+            }
+            dir_path[strcspn(dir_path, "\n")] = 0;
+        }
+    } else {
+        // Direct directory path input
+        printf("Enter directory path to encrypt: ");
+        if (!fgets(dir_path, sizeof(dir_path), stdin)) {
+            printf("Error: Failed to read input\n");
+            return 1;
+        }
+        dir_path[strcspn(dir_path, "\n")] = 0;
+    }
+
+    // Check if directory exists
+    struct stat st;
+    if (stat(dir_path, &st) != 0 || !S_ISDIR(st.st_mode)) {
+        printf("Error: '%s' is not a valid directory\n", dir_path);
+        return 1;
+    }
+
+    // Select pad
+    char* selected_pad = select_pad_interactive("Select Pad for Directory Encryption",
+                                              "Select pad (by prefix)",
+                                              PAD_FILTER_ALL, 1);
+    if (!selected_pad) {
+        printf("Directory encryption cancelled.\n");
+        return 1;
+    }
+
+    // Generate default output filename - append .tar.gz.otp to the directory path
+    char default_output[1024];
+    snprintf(default_output, sizeof(default_output), "%s.tar.gz.otp", dir_path);
+
+    // Get output filename
+    char output_file[512];
+    if (get_filename_with_default("Output filename:", default_output, output_file, sizeof(output_file)) != 0) {
+        printf("Error: Failed to read input\n");
+        free(selected_pad);
+        return 1;
+    }
+
+    // Encrypt directory
+    int result = encrypt_directory(dir_path, selected_pad, output_file);
+    free(selected_pad);
+    
     return result;
 }

src/util.c

@@ -15,10 +15,9 @@
 #include <termios.h>
 #include <fcntl.h>
 #include <math.h>
-#include "../include/otp.h"
+#include "main.h"
 
 // Global variables for preferences
-extern char current_pads_dir[512];
 static char default_pad_path[1024] = "";
 
 void show_progress(uint64_t current, uint64_t total, time_t start_time) {
@@ -241,6 +240,83 @@ int launch_file_manager(const char* start_directory, char* selected_file, size_t
     return 1; // Fall back to manual entry
 }
 
+int launch_directory_manager(const char* start_directory, char* selected_dir, size_t buffer_size) {
+    char* fm = get_preferred_file_manager();
+    if (!fm) {
+        printf("No file manager found. Please install ranger, fzf, nnn, or lf.\n");
+        printf("Falling back to manual directory path entry.\n");
+        return 1; // Fall back to manual entry
+    }
+
+    char temp_filename[64];
+    snprintf(temp_filename, sizeof(temp_filename), "/tmp/otp_dir_%ld.tmp", time(NULL));
+
+    char command[512];
+    int result = 1;
+
+    printf("Opening %s for directory selection...\n", fm);
+    printf("Navigate INTO the directory you want to encrypt, then press 'q' to quit and select it.\n");
+
+    if (strcmp(fm, "ranger") == 0) {
+        snprintf(command, sizeof(command), "cd '%s' && ranger --choosedir=%s",
+                start_directory ? start_directory : ".", temp_filename);
+    } else if (strcmp(fm, "fzf") == 0) {
+        // fzf doesn't have directory-only mode easily, use find
+        snprintf(command, sizeof(command), "cd '%s' && find . -type d | fzf > %s",
+                start_directory ? start_directory : ".", temp_filename);
+    } else if (strcmp(fm, "nnn") == 0) {
+        snprintf(command, sizeof(command), "cd '%s' && nnn -p %s",
+                start_directory ? start_directory : ".", temp_filename);
+    } else if (strcmp(fm, "lf") == 0) {
+        snprintf(command, sizeof(command), "cd '%s' && lf -selection-path=%s",
+                start_directory ? start_directory : ".", temp_filename);
+    }
+
+    result = system(command);
+
+    if (result == 0 || result == 256) { // Some file managers return 256 on success
+        // Read selected directory from temp file
+        FILE* temp_file = fopen(temp_filename, "r");
+        if (temp_file) {
+            if (fgets(selected_dir, buffer_size, temp_file)) {
+                // Remove trailing newline
+                selected_dir[strcspn(selected_dir, "\n\r")] = 0;
+
+                // For relative paths, make absolute if needed
+                if (selected_dir[0] == '.' && selected_dir[1] == '/') {
+                    char current_dir[512];
+                    if (getcwd(current_dir, sizeof(current_dir))) {
+                        char abs_path[1024];
+                        snprintf(abs_path, sizeof(abs_path), "%s/%s", current_dir, selected_dir + 2);
+                        strncpy(selected_dir, abs_path, buffer_size - 1);
+                        selected_dir[buffer_size - 1] = '\0';
+                    }
+                } else if (selected_dir[0] != '/') {
+                    // Relative path without ./
+                    char current_dir[512];
+                    if (getcwd(current_dir, sizeof(current_dir))) {
+                        char abs_path[1024];
+                        snprintf(abs_path, sizeof(abs_path), "%s/%s", current_dir, selected_dir);
+                        strncpy(selected_dir, abs_path, buffer_size - 1);
+                        selected_dir[buffer_size - 1] = '\0';
+                    }
+                }
+
+                fclose(temp_file);
+                unlink(temp_filename);
+                free(fm);
+                return 0; // Success
+            }
+            fclose(temp_file);
+        }
+    }
+
+    // Clean up and indicate failure
+    unlink(temp_filename);
+    free(fm);
+    return 1; // Fall back to manual entry
+}
+
 // Stdin detection functions implementation
 int has_stdin_data(void) {
     // Check if stdin is a pipe/redirect (not a terminal)
@@ -355,7 +431,7 @@ int load_preferences(void) {
         }
 
         // Find the first available pad to set as default
-        DIR* dir = opendir(current_pads_dir);
+        DIR* dir = opendir(get_current_pads_dir());
         if (dir) {
             struct dirent* entry;
             char first_pad_path[1024];
@@ -364,9 +440,10 @@ int load_preferences(void) {
             while ((entry = readdir(dir)) != NULL && !found_pad) {
                 if (strstr(entry->d_name, ".pad") && strlen(entry->d_name) == 68) {
                     // Found a pad file - construct full absolute path
-                    if (current_pads_dir[0] == '/') {
+                    const char* pads_dir = get_current_pads_dir();
+                    if (pads_dir[0] == '/') {
                         // Already absolute path
-                        int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s", current_pads_dir, entry->d_name);
+                        int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s", pads_dir, entry->d_name);
                         if (ret >= (int)sizeof(first_pad_path)) {
                             // Path was truncated, skip this entry
                             continue;
@@ -375,14 +452,14 @@ int load_preferences(void) {
                         // Relative path - make it absolute
                         char current_dir[512];
                         if (getcwd(current_dir, sizeof(current_dir))) {
-                            int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s/%s", current_dir, current_pads_dir, entry->d_name);
+                            int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s/%s", current_dir, pads_dir, entry->d_name);
                             if (ret >= (int)sizeof(first_pad_path)) {
                                 // Path was truncated, skip this entry
                                 continue;
                             }
                         } else {
                             // Fallback to relative path
-                            int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s", current_pads_dir, entry->d_name);
+                            int ret = snprintf(first_pad_path, sizeof(first_pad_path), "%s/%s", pads_dir, entry->d_name);
                             if (ret >= (int)sizeof(first_pad_path)) {
                                 // Path was truncated, skip this entry
                                 continue;
@@ -519,13 +596,13 @@ uint64_t parse_size_string(const char* size_str) {
         }
 
         if (strcmp(unit, "K") == 0 || strcmp(unit, "KB") == 0) {
-            multiplier = 1024ULL;
+            multiplier = 1000ULL;
         } else if (strcmp(unit, "M") == 0 || strcmp(unit, "MB") == 0) {
-            multiplier = 1024ULL * 1024ULL;
+            multiplier = 1000ULL * 1000ULL;
         } else if (strcmp(unit, "G") == 0 || strcmp(unit, "GB") == 0) {
-            multiplier = 1024ULL * 1024ULL * 1024ULL;
+            multiplier = 1000ULL * 1000ULL * 1000ULL;
         } else if (strcmp(unit, "T") == 0 || strcmp(unit, "TB") == 0) {
-            multiplier = 1024ULL * 1024ULL * 1024ULL * 1024ULL;
+            multiplier = 1000ULL * 1000ULL * 1000ULL * 1000ULL;
         } else {
             return 0; // Invalid unit
         }
@@ -641,7 +718,7 @@ void get_directory_display(const char* file_path, char* result, size_t result_si
     }
 
     // Current working directory
-    if (strcmp(dir_path, ".") == 0 || strcmp(dir_path, current_pads_dir) == 0) {
+    if (strcmp(dir_path, ".") == 0 || strcmp(dir_path, get_current_pads_dir()) == 0) {
         strncpy(result, "pads", result_size - 1);
         result[result_size - 1] = '\0';
         return;

test.sh

@@ -1,27 +0,0 @@
-#!/bin/bash
-
-echo "Testing OTP Cipher Implementation"
-echo "================================="
-
-# Test 1: Generate a pad
-echo "Test 1: Generating pad..."
-./otp generate test 2
-echo
-
-# Test 2: Check if files were created
-echo "Test 2: Checking generated files..."
-ls -la test.pad test.state
-echo
-
-# Test 3: Test encryption
-echo "Test 3: Testing encryption..."
-echo "Secret Message" | ./otp encrypt test > encrypted_output.txt
-cat encrypted_output.txt
-echo
-
-# Test 4: Test decryption
-echo "Test 4: Testing decryption..."
-cat encrypted_output.txt | ./otp decrypt test
-echo
-
-echo "Tests completed!"

tests/temp_device_test.c

@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "include/otp.h"
+
+int main(int argc, char* argv[]) {
+    (void)argc; (void)argv;
+    
+    hardware_rng_device_t devices[10];
+    int num_devices_found = 0;
+    
+    if (detect_all_hardware_rng_devices(devices, 10, &num_devices_found) != 0) {
+        printf("ERROR: Device detection failed\n");
+        return 1;
+    }
+    
+    printf("DEVICES_FOUND:%d\n", num_devices_found);
+    
+    for (int i = 0; i < num_devices_found; i++) {
+        printf("DEVICE:%d:%s:%d:%s\n", i, devices[i].port_path, devices[i].device_type, devices[i].friendly_name);
+    }
+    
+    return 0;
+}

tests/test.sh

@@ -0,0 +1,499 @@
+#!/bin/bash
+
+# Hardware RNG Device Testing Script
+# Tests all three detected hardware RNG devices for functionality
+# Author: OTP Cipher Implementation
+# Version: 1.0
+
+set -e  # Exit on any error
+
+echo "========================================================================"
+echo "Hardware RNG Device Testing Script - OTP Cipher v0.3.16"
+echo "========================================================================"
+echo
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Test counters
+TOTAL_TESTS=0
+PASSED_TESTS=0
+FAILED_TESTS=0
+
+# Function to print test results
+print_result() {
+    local test_name="$1"
+    local result="$2"
+    local details="$3"
+    
+    TOTAL_TESTS=$((TOTAL_TESTS + 1))
+    
+    if [ "$result" = "PASS" ]; then
+        echo -e "${GREEN}✓ PASS${NC}: $test_name"
+        PASSED_TESTS=$((PASSED_TESTS + 1))
+    elif [ "$result" = "FAIL" ]; then
+        echo -e "${RED}✗ FAIL${NC}: $test_name"
+        FAILED_TESTS=$((FAILED_TESTS + 1))
+        if [ -n "$details" ]; then
+            echo -e "  ${RED}Error:${NC} $details"
+        fi
+    elif [ "$result" = "SKIP" ]; then
+        echo -e "${YELLOW}⚠ SKIP${NC}: $test_name"
+        if [ -n "$details" ]; then
+            echo -e "  ${YELLOW}Reason:${NC} $details"
+        fi
+    fi
+}
+
+# Function to test device detection
+test_device_detection() {
+    echo -e "${BLUE}=== Device Detection Tests ===${NC}"
+    echo
+    
+    # Test 1: Check if devices are detected
+    echo "Scanning for hardware RNG devices..."
+    
+    # Create a temporary test program to check device detection
+    cat > temp_device_test.c << 'EOF'
+#include <stdio.h>
+#include <stdlib.h>
+#include "include/otp.h"
+
+int main(int argc, char* argv[]) {
+    (void)argc; (void)argv; // Suppress unused parameter warnings
+    
+    hardware_rng_device_t devices[10];
+    int num_devices_found = 0;
+    
+    if (detect_all_hardware_rng_devices(devices, 10, &num_devices_found) != 0) {
+        printf("ERROR: Device detection failed\n");
+        return 1;
+    }
+    
+    printf("DEVICES_FOUND:%d\n", num_devices_found);
+    
+    for (int i = 0; i < num_devices_found; i++) {
+        printf("DEVICE:%d:%s:%d:%s\n", i, devices[i].port_path, devices[i].device_type, devices[i].friendly_name);
+    }
+    
+    return 0;
+}
+EOF
+
+    # Compile the test program
+    if gcc -Wall -Wextra -std=c99 -Iinclude -o temp_device_test temp_device_test.c src/trng.o src/util.o src/state.o src/pads.o src/crypto.o src/entropy.o src/ui.o nostr_chacha20.o -lm 2>/dev/null; then
+        # Run device detection
+        DEVICE_OUTPUT=$(./temp_device_test 2>/dev/null)
+        DEVICE_COUNT=$(echo "$DEVICE_OUTPUT" | grep "DEVICES_FOUND:" | cut -d: -f2)
+        
+        if [ "$DEVICE_COUNT" -gt 0 ]; then
+            print_result "Hardware RNG device detection" "PASS" "Found $DEVICE_COUNT devices"
+            
+            # Parse device information
+            echo "$DEVICE_OUTPUT" | grep "DEVICE:" | while IFS=: read -r prefix index port_path device_type friendly_name; do
+                echo "  Device $index: $friendly_name at $port_path (Type: $device_type)"
+            done
+            echo
+            
+            # Store device info for later tests
+            echo "$DEVICE_OUTPUT" > temp_devices.txt
+        else
+            print_result "Hardware RNG device detection" "FAIL" "No devices found"
+            echo "  Expected devices: TrueRNG, SwiftRNG variants"
+            echo "  Check USB connections and device permissions"
+            echo
+        fi
+        
+        # Clean up
+        rm -f temp_device_test temp_device_test.c
+    else
+        print_result "Device detection compilation" "FAIL" "Could not compile test program"
+    fi
+}
+
+# Function to test individual device connectivity
+test_device_connectivity() {
+    echo -e "${BLUE}=== Device Connectivity Tests ===${NC}"
+    echo
+    
+    if [ ! -f temp_devices.txt ]; then
+        print_result "Device connectivity tests" "SKIP" "No devices detected in previous test"
+        return
+    fi
+    
+    DEVICE_COUNT=$(grep "DEVICES_FOUND:" temp_devices.txt | cut -d: -f2)
+    
+    if [ "$DEVICE_COUNT" -eq 0 ]; then
+        print_result "Device connectivity tests" "SKIP" "No devices available for testing"
+        return
+    fi
+    
+    # Test each detected device
+    grep "DEVICE:" temp_devices.txt | while IFS=: read -r prefix index port_path device_type friendly_name; do
+        echo "Testing device: $friendly_name at $port_path"
+        
+        # Create device-specific test
+        cat > temp_connectivity_test.c << 'EOF'
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <time.h>
+#include "include/otp.h"
+
+int main(int argc, char* argv[]) {
+    if (argc != 4) {
+        printf("Usage: %s <port_path> <device_type> <friendly_name>\n", argv[0]);
+        return 1;
+    }
+    
+    hardware_rng_device_t device;
+    snprintf(device.port_path, sizeof(device.port_path), "%s", argv[1]);
+    device.device_type = atoi(argv[2]);
+    snprintf(device.friendly_name, sizeof(device.friendly_name), "%s", argv[3]);
+    device.is_working = 0;
+    
+    // Test with small buffer (1KB) and short timeout
+    const size_t test_bytes = 1024;
+    unsigned char* test_buffer = malloc(test_bytes);
+    if (!test_buffer) {
+        printf("ERROR: Cannot allocate test buffer\n");
+        return 1;
+    }
+    
+    size_t collected = 0;
+    time_t start_time = time(NULL);
+    
+    printf("TESTING:%s\n", device.friendly_name);
+    
+    // Test device connectivity with timeout
+    int result = collect_truerng_entropy_from_device(&device, test_buffer, test_bytes, &collected, 0);
+    
+    time_t end_time = time(NULL);
+    double test_duration = difftime(end_time, start_time);
+    
+    if (result == 0 && collected > 0) {
+        double speed_kbps = (collected / 1024.0) / (test_duration > 0 ? test_duration : 1.0);
+        printf("SUCCESS:%zu:%0.2f:%0.2f\n", collected, test_duration, speed_kbps);
+    } else {
+        printf("FAILED:%d:%zu:%0.2f\n", result, collected, test_duration);
+    }
+    
+    free(test_buffer);
+    return 0;
+}
+EOF
+
+        # Compile and run connectivity test
+        if gcc -Wall -Wextra -std=c99 -Iinclude -o temp_connectivity_test temp_connectivity_test.c src/trng.o src/util.o src/state.o src/pads.o src/crypto.o src/entropy.o src/ui.o nostr_chacha20.o -lm 2>/dev/null; then
+            
+            # Run test with timeout to prevent hanging
+            CONNECTIVITY_OUTPUT=$(timeout 30s ./temp_connectivity_test "$port_path" "$device_type" "$friendly_name" 2>/dev/null || echo "TIMEOUT")
+            
+            if echo "$CONNECTIVITY_OUTPUT" | grep -q "SUCCESS:"; then
+                # Parse success output
+                SUCCESS_LINE=$(echo "$CONNECTIVITY_OUTPUT" | grep "SUCCESS:")
+                COLLECTED=$(echo "$SUCCESS_LINE" | cut -d: -f2)
+                DURATION=$(echo "$SUCCESS_LINE" | cut -d: -f3)
+                SPEED=$(echo "$SUCCESS_LINE" | cut -d: -f4)
+                
+                print_result "Device connectivity: $friendly_name" "PASS" "Collected ${COLLECTED} bytes in ${DURATION}s (${SPEED} KB/s)"
+                
+            elif echo "$CONNECTIVITY_OUTPUT" | grep -q "FAILED:"; then
+                # Parse failure output
+                FAILED_LINE=$(echo "$CONNECTIVITY_OUTPUT" | grep "FAILED:")
+                ERROR_CODE=$(echo "$FAILED_LINE" | cut -d: -f2)
+                COLLECTED=$(echo "$FAILED_LINE" | cut -d: -f3)
+                
+                print_result "Device connectivity: $friendly_name" "FAIL" "Error code $ERROR_CODE, collected $COLLECTED bytes"
+                
+            elif echo "$CONNECTIVITY_OUTPUT" | grep -q "TIMEOUT"; then
+                print_result "Device connectivity: $friendly_name" "FAIL" "Test timed out after 30 seconds"
+                
+            else
+                print_result "Device connectivity: $friendly_name" "FAIL" "Unexpected test output"
+            fi
+            
+        else
+            print_result "Device connectivity test compilation: $friendly_name" "FAIL" "Could not compile test program"
+        fi
+        
+        echo
+    done
+    
+    # Clean up
+    rm -f temp_connectivity_test temp_connectivity_test.c
+}
+
+# Function to test device configuration
+test_device_configuration() {
+    echo -e "${BLUE}=== Device Configuration Tests ===${NC}"
+    echo
+    
+    if [ ! -f temp_devices.txt ]; then
+        print_result "Device configuration tests" "SKIP" "No devices detected"
+        return
+    fi
+    
+    # Test serial port configuration for each device type
+    grep "DEVICE:" temp_devices.txt | while IFS=: read -r prefix index port_path device_type friendly_name; do
+        echo "Testing serial configuration for: $friendly_name"
+        
+        # Create configuration test
+        cat > temp_config_test.c << 'EOF'
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <termios.h>
+#include "include/otp.h"
+
+int main(int argc, char* argv[]) {
+    if (argc != 3) {
+        printf("Usage: %s <port_path> <device_type>\n", argv[0]);
+        return 1;
+    }
+    
+    const char* port_path = argv[1];
+    hardware_rng_device_type_t device_type = atoi(argv[2]);
+    
+    printf("TESTING_CONFIG:%s:%d\n", port_path, device_type);
+    
+    // Test opening the device
+    int fd = open(port_path, O_RDONLY | O_NOCTTY | O_NONBLOCK);
+    if (fd < 0) {
+        printf("FAILED:Cannot open device\n");
+        return 1;
+    }
+    
+    // Test configuring the serial port
+    int config_result = configure_rng_serial_port(fd, device_type);
+    
+    if (config_result == 0) {
+        printf("SUCCESS:Serial port configured successfully\n");
+    } else {
+        printf("FAILED:Serial port configuration failed\n");
+    }
+    
+    close(fd);
+    return 0;
+}
+EOF
+
+        # Compile and run configuration test
+        if gcc -Wall -Wextra -std=c99 -Iinclude -o temp_config_test temp_config_test.c src/trng.o src/util.o src/state.o src/ui.o -lm 2>/dev/null; then
+            
+            CONFIG_OUTPUT=$(./temp_config_test "$port_path" "$device_type" 2>/dev/null || echo "ERROR")
+            
+            if echo "$CONFIG_OUTPUT" | grep -q "SUCCESS:"; then
+                print_result "Serial configuration: $friendly_name" "PASS" "Port configured successfully"
+            elif echo "$CONFIG_OUTPUT" | grep -q "FAILED:"; then
+                REASON=$(echo "$CONFIG_OUTPUT" | grep "FAILED:" | cut -d: -f2)
+                print_result "Serial configuration: $friendly_name" "FAIL" "$REASON"
+            else
+                print_result "Serial configuration: $friendly_name" "FAIL" "Unexpected configuration result"
+            fi
+            
+        else
+            print_result "Configuration test compilation: $friendly_name" "FAIL" "Could not compile test program"
+        fi
+    done
+    
+    echo
+    # Clean up
+    rm -f temp_config_test temp_config_test.c
+}
+
+# Function to test entropy quality
+test_entropy_quality() {
+    echo -e "${BLUE}=== Entropy Quality Tests ===${NC}"
+    echo
+    
+    if [ ! -f temp_devices.txt ]; then
+        print_result "Entropy quality tests" "SKIP" "No devices detected"
+        return
+    fi
+    
+    # Test entropy quality for working devices
+    grep "DEVICE:" temp_devices.txt | while IFS=: read -r prefix index port_path device_type friendly_name; do
+        echo "Testing entropy quality for: $friendly_name"
+        
+        # Create entropy quality test
+        cat > temp_quality_test.c << 'EOF'
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "include/otp.h"
+
+// Simple entropy quality check
+double calculate_byte_entropy(unsigned char* data, size_t length) {
+    int counts[256] = {0};
+    double entropy = 0.0;
+    
+    // Count byte frequencies
+    for (size_t i = 0; i < length; i++) {
+        counts[data[i]]++;
+    }
+    
+    // Calculate Shannon entropy
+    for (int i = 0; i < 256; i++) {
+        if (counts[i] > 0) {
+            double p = (double)counts[i] / length;
+            entropy -= p * log2(p);
+        }
+    }
+    
+    return entropy;
+}
+
+int main(int argc, char* argv[]) {
+    if (argc != 4) {
+        printf("Usage: %s <port_path> <device_type> <friendly_name>\n", argv[0]);
+        return 1;
+    }
+    
+    hardware_rng_device_t device;
+    snprintf(device.port_path, sizeof(device.port_path), "%s", argv[1]);
+    device.device_type = atoi(argv[2]);
+    snprintf(device.friendly_name, sizeof(device.friendly_name), "%s", argv[3]);
+    
+    // Test with 4KB sample
+    const size_t test_bytes = 4096;
+    unsigned char* test_buffer = malloc(test_bytes);
+    if (!test_buffer) {
+        printf("ERROR: Cannot allocate test buffer\n");
+        return 1;
+    }
+    
+    size_t collected = 0;
+    printf("TESTING_QUALITY:%s\n", device.friendly_name);
+    
+    // Collect entropy sample
+    int result = collect_truerng_entropy_from_device(&device, test_buffer, test_bytes, &collected, 0);
+    
+    if (result == 0 && collected >= 1024) {  // Need at least 1KB for meaningful analysis
+        double entropy = calculate_byte_entropy(test_buffer, collected);
+        double entropy_percentage = (entropy / 8.0) * 100.0;  // Max entropy is 8 bits per byte
+        
+        if (entropy_percentage >= 95.0) {
+            printf("EXCELLENT:%0.2f:%zu\n", entropy_percentage, collected);
+        } else if (entropy_percentage >= 85.0) {
+            printf("GOOD:%0.2f:%zu\n", entropy_percentage, collected);
+        } else if (entropy_percentage >= 70.0) {
+            printf("FAIR:%0.2f:%zu\n", entropy_percentage, collected);
+        } else {
+            printf("POOR:%0.2f:%zu\n", entropy_percentage, collected);
+        }
+    } else {
+        printf("FAILED:%d:%zu\n", result, collected);
+    }
+    
+    free(test_buffer);
+    return 0;
+}
+EOF
+
+        # Compile and run quality test
+        if gcc -Wall -Wextra -std=c99 -Iinclude -o temp_quality_test temp_quality_test.c src/trng.o src/util.o src/state.o src/ui.o -lm 2>/dev/null; then
+            
+            QUALITY_OUTPUT=$(timeout 30s ./temp_quality_test "$port_path" "$device_type" "$friendly_name" 2>/dev/null || echo "TIMEOUT")
+            
+            if echo "$QUALITY_OUTPUT" | grep -q "EXCELLENT:"; then
+                QUALITY_LINE=$(echo "$QUALITY_OUTPUT" | grep "EXCELLENT:")
+                PERCENTAGE=$(echo "$QUALITY_LINE" | cut -d: -f2)
+                BYTES=$(echo "$QUALITY_LINE" | cut -d: -f3)
+                print_result "Entropy quality: $friendly_name" "PASS" "Excellent quality (${PERCENTAGE}% entropy, ${BYTES} bytes)"
+                
+            elif echo "$QUALITY_OUTPUT" | grep -q "GOOD:"; then
+                QUALITY_LINE=$(echo "$QUALITY_OUTPUT" | grep "GOOD:")
+                PERCENTAGE=$(echo "$QUALITY_LINE" | cut -d: -f2)
+                BYTES=$(echo "$QUALITY_LINE" | cut -d: -f3)
+                print_result "Entropy quality: $friendly_name" "PASS" "Good quality (${PERCENTAGE}% entropy, ${BYTES} bytes)"
+                
+            elif echo "$QUALITY_OUTPUT" | grep -q "FAIR:"; then
+                QUALITY_LINE=$(echo "$QUALITY_OUTPUT" | grep "FAIR:")
+                PERCENTAGE=$(echo "$QUALITY_LINE" | cut -d: -f2)
+                BYTES=$(echo "$QUALITY_LINE" | cut -d: -f3)
+                print_result "Entropy quality: $friendly_name" "PASS" "Fair quality (${PERCENTAGE}% entropy, ${BYTES} bytes)"
+                
+            elif echo "$QUALITY_OUTPUT" | grep -q "POOR:"; then
+                QUALITY_LINE=$(echo "$QUALITY_OUTPUT" | grep "POOR:")
+                PERCENTAGE=$(echo "$QUALITY_LINE" | cut -d: -f2)
+                BYTES=$(echo "$QUALITY_LINE" | cut -d: -f3)
+                print_result "Entropy quality: $friendly_name" "FAIL" "Poor quality (${PERCENTAGE}% entropy, ${BYTES} bytes)"
+                
+            elif echo "$QUALITY_OUTPUT" | grep -q "FAILED:"; then
+                print_result "Entropy quality: $friendly_name" "FAIL" "Could not collect sufficient entropy for analysis"
+                
+            elif echo "$QUALITY_OUTPUT" | grep -q "TIMEOUT"; then
+                print_result "Entropy quality: $friendly_name" "FAIL" "Quality test timed out"
+                
+            else
+                print_result "Entropy quality: $friendly_name" "FAIL" "Unexpected quality test output"
+            fi
+            
+        else
+            print_result "Quality test compilation: $friendly_name" "FAIL" "Could not compile test program"
+        fi
+    done
+    
+    echo
+    # Clean up
+    rm -f temp_quality_test temp_quality_test.c
+}
+
+# Function to print final summary
+print_summary() {
+    echo
+    echo "========================================================================"
+    echo -e "${BLUE}Test Summary${NC}"
+    echo "========================================================================"
+    echo "Total tests run: $TOTAL_TESTS"
+    echo -e "Passed: ${GREEN}$PASSED_TESTS${NC}"
+    echo -e "Failed: ${RED}$FAILED_TESTS${NC}"
+    echo -e "Success rate: $(( (PASSED_TESTS * 100) / (TOTAL_TESTS > 0 ? TOTAL_TESTS : 1) ))%"
+    echo
+    
+    if [ $FAILED_TESTS -eq 0 ]; then
+        echo -e "${GREEN}🎉 All tests passed! Hardware RNG devices are working correctly.${NC}"
+    elif [ $PASSED_TESTS -gt $FAILED_TESTS ]; then
+        echo -e "${YELLOW}⚠ Some tests failed, but most devices are working.${NC}"
+        echo "Check the failed tests above for specific device issues."
+    else
+        echo -e "${RED}❌ Multiple test failures detected.${NC}"
+        echo "Hardware RNG devices may have connectivity or configuration issues."
+    fi
+    echo
+}
+
+# Main test execution
+main() {
+    echo "Starting comprehensive hardware RNG device testing..."
+    echo "This will test device detection, connectivity, configuration, and entropy quality."
+    echo
+    
+    # Ensure the OTP binary exists
+    if [ ! -f "./otp" ]; then
+        echo -e "${RED}Error: OTP binary not found. Please run 'make' first.${NC}"
+        exit 1
+    fi
+    
+    # Run all test suites
+    test_device_detection
+    test_device_connectivity
+    test_device_configuration
+    test_entropy_quality
+    
+    # Clean up temporary files
+    rm -f temp_devices.txt
+    
+    # Print final summary
+    print_summary
+}
+
+# Run main function
+main "$@"

tests/test_chacha20_extended.c

@@ -0,0 +1,263 @@
+/*
+ * test_chacha20_extended.c - Test ChaCha20 extended counter implementation
+ * 
+ * This test verifies that the extended counter properly handles:
+ * 1. Counter overflow at 2^32 blocks (256GB boundary)
+ * 2. Correct keystream generation across the overflow boundary
+ * 3. No duplicate keystream blocks
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../src/nostr_chacha20.h"
+
+#define TEST_BLOCK_SIZE 64
+#define BLOCKS_NEAR_OVERFLOW 10  // Test blocks around overflow point
+
+// Test helper: Compare two blocks for equality
+int blocks_equal(const uint8_t* block1, const uint8_t* block2, size_t len) {
+    return memcmp(block1, block2, len) == 0;
+}
+
+// Test 1: Verify extended counter handles overflow correctly
+int test_counter_overflow() {
+    printf("Test 1: Counter overflow handling\n");
+    printf("  Testing counter transition from 0xFFFFFFFF to 0x00000000...\n");
+    
+    uint8_t key[32];
+    uint8_t nonce[8];
+    uint8_t input[TEST_BLOCK_SIZE];
+    uint8_t output1[TEST_BLOCK_SIZE];
+    uint8_t output2[TEST_BLOCK_SIZE];
+    uint8_t output3[TEST_BLOCK_SIZE];
+    
+    // Initialize test data
+    memset(key, 0xAA, 32);
+    memset(nonce, 0xBB, 8);
+    memset(input, 0, TEST_BLOCK_SIZE);
+    
+    // Test at counter_low = 0xFFFFFFFE, counter_high = 0
+    uint32_t counter_low = 0xFFFFFFFE;
+    uint32_t counter_high = 0;
+    
+    printf("  Block at counter_low=0xFFFFFFFE, counter_high=0...\n");
+    if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce, 
+                                   input, output1, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Error at counter_low=0xFFFFFFFE\n");
+        return 1;
+    }
+    
+    // Test at counter_low = 0xFFFFFFFF, counter_high = 0
+    counter_low = 0xFFFFFFFF;
+    printf("  Block at counter_low=0xFFFFFFFF, counter_high=0...\n");
+    if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce, 
+                                   input, output2, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Error at counter_low=0xFFFFFFFF\n");
+        return 1;
+    }
+    
+    // Test at counter_low = 0x00000000, counter_high = 1 (after overflow)
+    counter_low = 0x00000000;
+    counter_high = 1;
+    printf("  Block at counter_low=0x00000000, counter_high=1...\n");
+    if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce, 
+                                   input, output3, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Error at counter_low=0x00000000, counter_high=1\n");
+        return 1;
+    }
+    
+    // Verify all three blocks are different (no keystream reuse)
+    if (blocks_equal(output1, output2, TEST_BLOCK_SIZE)) {
+        printf("  ❌ FAILED: Blocks at 0xFFFFFFFE and 0xFFFFFFFF are identical!\n");
+        return 1;
+    }
+    
+    if (blocks_equal(output2, output3, TEST_BLOCK_SIZE)) {
+        printf("  ❌ FAILED: Blocks at 0xFFFFFFFF,0 and 0x00000000,1 are identical!\n");
+        return 1;
+    }
+    
+    if (blocks_equal(output1, output3, TEST_BLOCK_SIZE)) {
+        printf("  ❌ FAILED: Blocks at 0xFFFFFFFE,0 and 0x00000000,1 are identical!\n");
+        return 1;
+    }
+    
+    printf("  ✓ All blocks are unique across overflow boundary\n");
+    printf("  ✓ PASSED\n\n");
+    return 0;
+}
+
+// Test 2: Simulate processing data that crosses 256GB boundary
+int test_large_file_simulation() {
+    printf("Test 2: Large file simulation (256GB+ boundary)\n");
+    printf("  Simulating processing across 256GB boundary...\n");
+    
+    uint8_t key[32];
+    uint8_t nonce[8];
+    uint8_t input[1024];
+    uint8_t output[1024];
+    
+    // Initialize test data
+    memset(key, 0x55, 32);
+    memset(nonce, 0x77, 8);
+    for (int i = 0; i < 1024; i++) {
+        input[i] = i & 0xFF;
+    }
+    
+    // Simulate being at 256GB - 512 bytes (just before overflow)
+    // 256GB = 2^32 blocks * 64 bytes = 274,877,906,944 bytes
+    // Block number at 256GB - 512 bytes = 2^32 - 8 blocks
+    uint32_t counter_low = 0xFFFFFFF8;  // 2^32 - 8
+    uint32_t counter_high = 0;
+    
+    printf("  Processing 1KB starting at block 0xFFFFFFF8 (256GB - 512 bytes)...\n");
+    
+    // This should cross the overflow boundary
+    int result = chacha20_encrypt_extended(key, counter_low, counter_high, nonce, 
+                                           input, output, 1024);
+    
+    if (result != 0) {
+        printf("  ❌ FAILED: Error processing data across 256GB boundary\n");
+        return 1;
+    }
+    
+    printf("  ✓ Successfully processed data across 256GB boundary\n");
+    printf("  ✓ PASSED\n\n");
+    return 0;
+}
+
+// Test 3: Verify extended vs standard ChaCha20 compatibility
+int test_compatibility() {
+    printf("Test 3: Compatibility with standard ChaCha20\n");
+    printf("  Verifying extended mode matches standard mode when counter_high=0...\n");
+    
+    uint8_t key[32];
+    uint8_t nonce_standard[12];
+    uint8_t nonce_reduced[8];
+    uint8_t input[TEST_BLOCK_SIZE];
+    uint8_t output_standard[TEST_BLOCK_SIZE];
+    uint8_t output_extended[TEST_BLOCK_SIZE];
+    
+    // Initialize test data
+    memset(key, 0x33, 32);
+    memset(nonce_standard, 0x44, 12);
+    memcpy(nonce_reduced, nonce_standard + 4, 8);  // Extract last 8 bytes
+    memset(input, 0, TEST_BLOCK_SIZE);
+    
+    uint32_t counter = 42;
+    
+    // Standard ChaCha20
+    if (chacha20_encrypt(key, counter, nonce_standard, input, 
+                        output_standard, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Standard ChaCha20 error\n");
+        return 1;
+    }
+    
+    // Extended ChaCha20 with counter_high=0 and matching nonce
+    // The extended version builds nonce as [counter_high][nonce_reduced]
+    // So we need to ensure the first 4 bytes of nonce_standard are 0
+    uint8_t nonce_standard_zero[12] = {0};
+    memcpy(nonce_standard_zero + 4, nonce_reduced, 8);
+    
+    if (chacha20_encrypt(key, counter, nonce_standard_zero, input, 
+                        output_standard, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Standard ChaCha20 error\n");
+        return 1;
+    }
+    
+    if (chacha20_encrypt_extended(key, counter, 0, nonce_reduced, input, 
+                                  output_extended, TEST_BLOCK_SIZE) != 0) {
+        printf("  ❌ FAILED: Extended ChaCha20 error\n");
+        return 1;
+    }
+    
+    // Compare outputs
+    if (!blocks_equal(output_standard, output_extended, TEST_BLOCK_SIZE)) {
+        printf("  ❌ FAILED: Extended mode output differs from standard mode\n");
+        printf("  First 16 bytes of standard: ");
+        for (int i = 0; i < 16; i++) printf("%02x ", output_standard[i]);
+        printf("\n  First 16 bytes of extended: ");
+        for (int i = 0; i < 16; i++) printf("%02x ", output_extended[i]);
+        printf("\n");
+        return 1;
+    }
+    
+    printf("  ✓ Extended mode matches standard mode when counter_high=0\n");
+    printf("  ✓ PASSED\n\n");
+    return 0;
+}
+
+// Test 4: Stress test - verify no errors at extreme counter values
+int test_extreme_values() {
+    printf("Test 4: Extreme counter values\n");
+    printf("  Testing at various extreme counter positions...\n");
+    
+    uint8_t key[32];
+    uint8_t nonce[8];
+    uint8_t input[TEST_BLOCK_SIZE];
+    uint8_t output[TEST_BLOCK_SIZE];
+    
+    memset(key, 0x99, 32);
+    memset(nonce, 0x66, 8);
+    memset(input, 0, TEST_BLOCK_SIZE);
+    
+    // Test various extreme positions
+    struct {
+        uint32_t counter_low;
+        uint32_t counter_high;
+        const char* description;
+    } test_cases[] = {
+        {0x00000000, 0, "Start of first 256GB segment"},
+        {0xFFFFFFFF, 0, "End of first 256GB segment"},
+        {0x00000000, 1, "Start of second 256GB segment"},
+        {0xFFFFFFFF, 1, "End of second 256GB segment"},
+        {0x00000000, 0xFFFF, "Start of segment 65535"},
+        {0xFFFFFFFF, 0xFFFF, "End of segment 65535"},
+    };
+    
+    for (size_t i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
+        printf("  Testing: %s (0x%08X, 0x%08X)...\n", 
+               test_cases[i].description,
+               test_cases[i].counter_low,
+               test_cases[i].counter_high);
+        
+        if (chacha20_encrypt_extended(key, test_cases[i].counter_low, 
+                                      test_cases[i].counter_high, nonce,
+                                      input, output, TEST_BLOCK_SIZE) != 0) {
+            printf("  ❌ FAILED at %s\n", test_cases[i].description);
+            return 1;
+        }
+    }
+    
+    printf("  ✓ All extreme values handled correctly\n");
+    printf("  ✓ PASSED\n\n");
+    return 0;
+}
+
+int main() {
+    printf("=================================================================\n");
+    printf("ChaCha20 Extended Counter Test Suite\n");
+    printf("=================================================================\n\n");
+    
+    int failures = 0;
+    
+    failures += test_counter_overflow();
+    failures += test_large_file_simulation();
+    failures += test_compatibility();
+    failures += test_extreme_values();
+    
+    printf("=================================================================\n");
+    if (failures == 0) {
+        printf("✓ ALL TESTS PASSED\n");
+        printf("=================================================================\n");
+        printf("\nThe extended counter implementation is working correctly.\n");
+        printf("It can now handle pads larger than 256GB without overflow errors.\n");
+        return 0;
+    } else {
+        printf("❌ %d TEST(S) FAILED\n", failures);
+        printf("=================================================================\n");
+        return 1;
+    }
+}

tests/test_truerng.c

@@ -0,0 +1,55 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <time.h>
+#include "include/otp.h"
+
+int main(int argc, char* argv[]) {
+    (void)argc; (void)argv; // Suppress unused parameter warnings
+    
+    hardware_rng_device_t device;
+    snprintf(device.port_path, sizeof(device.port_path), "/dev/ttyUSB0");
+    device.device_type = TRUERNG_ORIGINAL;
+    snprintf(device.friendly_name, sizeof(device.friendly_name), "TrueRNG");
+    device.is_working = 1;
+    
+    printf("Debug: Device type set to: %d (TRUERNG_ORIGINAL should be %d)\n", device.device_type, TRUERNG_ORIGINAL);
+    printf("Debug: Comparison result: device.device_type == SWIFTRNG is %s\n", 
+           (device.device_type == SWIFTRNG) ? "TRUE" : "FALSE");
+    
+    // Test with small buffer (1KB) and short timeout
+    const size_t test_bytes = 1024;
+    unsigned char* test_buffer = malloc(test_bytes);
+    if (!test_buffer) {
+        printf("ERROR: Cannot allocate test buffer\n");
+        return 1;
+    }
+    
+    size_t collected = 0;
+    time_t start_time = time(NULL);
+    
+    printf("Testing TrueRNG device at %s...\n", device.port_path);
+    
+    // Test device connectivity with timeout
+    int result = collect_truerng_entropy_from_device(&device, test_buffer, test_bytes, &collected, 1);
+    
+    time_t end_time = time(NULL);
+    double test_duration = difftime(end_time, start_time);
+    
+    if (result == 0 && collected > 0) {
+        double speed_kbps = (collected / 1024.0) / (test_duration > 0 ? test_duration : 1.0);
+        printf("SUCCESS: Collected %zu bytes in %.2f seconds (%.2f KB/s)\n", collected, test_duration, speed_kbps);
+        
+        // Show first few bytes as hex
+        printf("First 16 bytes: ");
+        for (int i = 0; i < 16 && i < (int)collected; i++) {
+            printf("%02x ", test_buffer[i]);
+        }
+        printf("\n");
+    } else {
+        printf("FAILED: Error code %d, collected %zu bytes in %.2f seconds\n", result, collected, test_duration);
+    }
+    
+    free(test_buffer);
+    return result;
+}