This directory contains TLS configuration over an attested TLS connection, providing trusted channels to send and handle requests.
Re-export Tonic to support the general
Tonic is a gRPC over HTTP/2 implementation focused on high
performance, interoperability, and flexibility.
# Channel and Client
A channel in gRPC represents a connection to the target service. Clients can
use the channel to send requests. When constructing a client, you can use the
SgxTrustedTlsClientConfig to set up TLS and attestation configurations so
that we can establish and attest to a remote connection. For example, to
connect the management service, you need to establish a trusted channel with
the service first. Then, create a client for the management service with the
channel. At last, you can use this client to send requests like
# Server and Service
A server is an entity that listens to a network address, processes incoming
messages, and forwards requests to certain services. Similar to the client, you
SgxTrustedTlsServerConfig to set up TLS and attestation
configurations for the channel with clients.
In Teaclave, we implement
CredentialService based on the
to add a credential to the MetadataMap of each request before it is sent, so
servers can check the authentication credential of each request.