stuff

Change-Id: I7636aedc2b55f8d013c1c7e5009e8f80c5314d2f
diff --git a/examples/grpc-fortune/fortune_client/main.go b/examples/grpc-fortune/fortune_client/main.go
index 57ed14a..60023ba 100644
--- a/examples/grpc-fortune/fortune_client/main.go
+++ b/examples/grpc-fortune/fortune_client/main.go
@@ -30,6 +30,7 @@
 	c := pb.NewFortuneClient(conn)
 
 	if *get {
+		log.Printf("Calling Get now.")
 		r, err := c.Get(context.Background(), &pb.FortuneGetRequest{})
 		if err != nil {
 			log.Fatalf("could not get: %v", err)
diff --git a/examples/grpc-fortune/fortune_server/main.go b/examples/grpc-fortune/fortune_server/main.go
index 9c47dc5..6db8338 100644
--- a/examples/grpc-fortune/fortune_server/main.go
+++ b/examples/grpc-fortune/fortune_server/main.go
@@ -29,6 +29,7 @@
 type server struct{}
 
 func (s *server) Get(ctx context.Context, in *pb.FortuneGetRequest) (*pb.FortuneGetResponse, error) {
+	log.Printf("Returing from Get now.")
 	return &pb.FortuneGetResponse{
 		Fortune: fortunes[random.Intn(len(fortunes))],
 	}, nil
diff --git a/examples/secure-tcp/client/.client.go.swp b/examples/secure-tcp/client/.client.go.swp
new file mode 100644
index 0000000..1fd0ba4
--- /dev/null
+++ b/examples/secure-tcp/client/.client.go.swp
Binary files differ
diff --git a/examples/secure-tcp/client/client.go b/examples/secure-tcp/client/client.go
new file mode 100644
index 0000000..4fb6f99
--- /dev/null
+++ b/examples/secure-tcp/client/client.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"net"
+	"time"
+
+	"v.io/x/ref/examples/grpc-fortune/vgrpc"
+)
+
+const (
+	secure = true
+)
+
+func main() {
+	conn, err := net.Dial("tcp", "localhost:8080")
+	if err != nil {
+		panic(err)
+	}
+
+	if secure {
+		vcred := &vgrpc.VanadiumCred{}
+		secureConn, _, _ := vcred.ClientHandshake("", conn, time.Minute)
+		conn = secureConn
+	}
+
+	fmt.Fprintf(conn, "Hello.")
+	status, err := bufio.NewReader(conn).ReadString('\n')
+	log.Printf("Client received: %s\n", status)
+}
diff --git a/examples/secure-tcp/server/.server.go.swp b/examples/secure-tcp/server/.server.go.swp
new file mode 100644
index 0000000..12e89fb
--- /dev/null
+++ b/examples/secure-tcp/server/.server.go.swp
Binary files differ
diff --git a/examples/secure-tcp/server/server.go b/examples/secure-tcp/server/server.go
new file mode 100644
index 0000000..db23317
--- /dev/null
+++ b/examples/secure-tcp/server/server.go
@@ -0,0 +1,37 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	_ "log"
+	"net"
+
+	"v.io/x/ref/examples/grpc-fortune/vgrpc"
+)
+
+const (
+	secure = true
+)
+
+func main() {
+	ln, err := net.Listen("tcp", ":8080")
+	if err != nil {
+		// handle error
+	}
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			panic(err)
+		}
+
+		if secure {
+			vcred := &vgrpc.VanadiumCred{}
+			secureConn, _, _ := vcred.ServerHandshake(conn)
+			conn = secureConn
+		}
+
+		status, err := bufio.NewReader(conn).ReadString('.')
+		// log.Printf("Server received: %s\n", status)
+		fmt.Fprintf(conn, "I heard: '%s'\n", status)
+	}
+}
diff --git a/runtime/internal/flow/conn/grpc/conn.go b/runtime/internal/flow/conn/grpc/conn.go
index 11cbd0c..28834f8 100644
--- a/runtime/internal/flow/conn/grpc/conn.go
+++ b/runtime/internal/flow/conn/grpc/conn.go
@@ -10,6 +10,7 @@
 	"errors"
 	"fmt"
 	"io"
+	_ "io/ioutil"
 	"log"
 	"net"
 	"runtime/debug"
@@ -43,6 +44,7 @@
 	defer c.mu.Unlock()
 	log.Printf("Beginning to Read.\n")
 	resBuf := make([]byte, 4096*4096) // TODO better (dynamic) size or way of reading?
+
 	bytesRead, err := c.rawConn.Read(resBuf)
 	log.Printf("Read %d bytes: %v\n", bytesRead, resBuf[:bytesRead])
 	if err != nil {
@@ -73,8 +75,17 @@
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	log.Printf("Beginning to write.\n")
-	// tmp := make([]byte, 0, len(b)+box.Overhead) // TODO: is this enough? Also, why do we need both of tmp and out?
-	out := box.SealAfterPrecomputation(nil, b, c.currentNonce(), c.sharedKey)
+	tmp := make([]byte, 3, 3+len(b)+box.Overhead) // TODO: is this enough? Also, why do we need both of tmp and out?
+	tmp[0] = 5
+	tmp[1] = 7
+	tmp[2] = 14
+	out := box.SealAfterPrecomputation(tmp, b, c.currentNonce(), c.sharedKey)
+	log.Printf("tmp: %v", tmp)
+	log.Printf("out: %v", out)
+	log.Printf("tmp[0]: %p", &tmp[0])
+	log.Printf("tmp[1]: %p", &tmp[1])
+	log.Printf("tmp[2]: %p", &tmp[2])
+	log.Printf("out[0]: %p", &out[0])
 	c.advanceNonce()
 	bytesCopied, err := io.Copy(c.rawConn, bytes.NewReader(out))
 	log.Printf("Wrote %d bytes.\n", bytesCopied)
@@ -96,6 +107,25 @@
 	return len(b), nil
 }
 
+// TODO: understand this stuff
+const maxPacketSize = 0xffffff
+
+func write3ByteUint(dst []byte, n int) error {
+	if n > maxPacketSize || n < 0 {
+		// return NewErrLargerThan3ByteUInt(nil)
+		return errors.New("TOOO BIG")
+	}
+	n = maxPacketSize - n
+	dst[0] = byte((n & 0xff0000) >> 16)
+	dst[1] = byte((n & 0x00ff00) >> 8)
+	dst[2] = byte(n & 0x0000ff)
+	return nil
+}
+
+func read3ByteUint(src [3]byte) int {
+	return maxPacketSize - (int(src[0])<<16 | int(src[1])<<8 | int(src[2]))
+}
+
 // TODO: cover these up with an interface?
 // TODO: remove all these useless mutex locks and unlocks
 func (c *conn) Close() error {
diff --git a/runtime/internal/flow/conn/grpc/grpc.go b/runtime/internal/flow/conn/grpc/grpc.go
index 37923b2..11b67aa 100644
--- a/runtime/internal/flow/conn/grpc/grpc.go
+++ b/runtime/internal/flow/conn/grpc/grpc.go
@@ -148,6 +148,7 @@
 
 	// TODO: maybe this should use a constructor. Also, we can just read the keys directly into this.
 	// Declare this at the beginning.
+	log.Printf("rawConn is of type: %T", rawConn)
 	secureConn := &conn{
 		rawConn:   rawConn,
 		publicKey: pk,