12 finished(int hand, int isclient)
15 uchar buf[500], buf2[500];
18 buf[1] = TLSFinishedLen>>16;
19 buf[2] = TLSFinishedLen>>8;
20 buf[3] = TLSFinishedLen;
25 memmove(buf+4, "client finished", TLSFinishedLen);
27 memmove(buf+4, "server finished", TLSFinishedLen);
29 if(write(hand, buf, n) != n)
32 if(readn(hand, buf2, n) != n || memcmp(buf,buf2,n) != 0)
40 // given a plain fd and secrets established beforehand, return encrypted connection
42 pushtls(int fd, char *hashalg, char *encalg, int isclient, char *secret, char *dir)
46 int n, data, ctl, hand;
48 // open a new filter; get ctl fd
50 // /net/tls uses decimal file descriptors to name channels, hence a
51 // user-level file server can't stand in for #a; may as well hard-code it.
52 ctl = open("#a/tls/clone", ORDWR|OCEXEC);
55 n = read(ctl, buf, sizeof(buf)-1);
60 sprint(dir, "#a/tls/%s", buf);
63 snprint(dname, sizeof(dname), "#a/tls/%s/data", buf);
64 data = open(dname, ORDWR);
69 snprint(dname, sizeof(dname), "#a/tls/%s/hand", buf);
70 hand = open(dname, ORDWR|OCEXEC);
74 // speak a minimal handshake
75 if(fprint(ctl, "fd %d 0x301", fd) < 0 ||
76 fprint(ctl, "version 0x301") < 0 ||
77 fprint(ctl, "secret %s %s %d %s", hashalg, encalg, isclient, secret) < 0 ||
78 fprint(ctl, "changecipher") < 0 ||
79 finished(hand, isclient) < 0 ||
80 fprint(ctl, "opened") < 0){