WIP: Working TLS over TEE

[saberistic]

Overview

We need to update TLS Notary to run in a Trusted Execution Environment (TEE) mode. This involves introducing a new tls-tee package, updating the configuration and initialization process for both prover and verifier, and modifying the core functionality to support the new mode.

Detailed Requirements

• [x] Create a new tls-tee package
• [x] Develop the TLS handshake process in the tls-tee library as outlined in the provided diagram.
• [x] Update Prover Flow
• [x] Update Verifier Flow
• [x] Ensure proper communication between Client (Browser Extension), WebSocket Connection, Notary (AWS Nitro Enclave), and Target Server.
• [ ] Adopt remote attestation for verifying correct execution of follower
• [x] Modify the proving process to accommodate TEE-specific requirements.
• [ ] Update all relevant documentation to reflect the new TEE mode option.
• [ ] Create comprehensive test cases for the TEE mode, ensuring it works alongside the existing MPC mode without conflicts.

Technical Considerations

• Consider performance implications of introducing the TEE mode.
• Address any security considerations specific to TEE implementation.

Acceptance Criteria

• Prover and Verifier correctly handle their respective flows.
• TLS handshake works as depicted in the provided diagram.
• All existing tests pass, and new tests for TEE mode are implemented and passing.
• Documentation is updated to reflect the new functionality.

Related Diagram

sequenceDiagram
    participant L as Leader
    participant F as Follower (TEE)
    participant S as Server

    L->>F: RequestTeeSession
    F->>L: InitiateTeeSession (TeeQuote)
    L->>F: VerifyAttestationProof
    F->>L: ProvideAttestationProof
    Note over L,F: Leader verifies attestation

    L->>F: InitiateTlsHandshake
    F->>F: Generate key material
    F->>L: PerformTlsHandshake (Client Hello)
    L->>S: Client Hello
    S->>L: Server Hello, Certificate, Server Key Exchange, Server Hello Done
    L->>F: PerformTlsHandshake (Server messages)
    F->>F: Process server messages, prepare client response
    F->>L: PerformTlsHandshake (Client Key Exchange, Change Cipher Spec, Finished)
    L->>S: Client Key Exchange, Change Cipher Spec, Finished
    S->>L: Change Cipher Spec, Finished
    L->>F: PerformTlsHandshake (Server Finished)
    F->>F: Verify server finished
    F->>L: PerformTlsHandshake (Handshake Complete)

    loop Application Data Exchange
        L->>F: RequestEncryption (plaintext)
        F->>F: Encrypt data
        F->>L: EncryptApplicationData (ciphertext)
        L->>S: Send Encrypted Data
        S->>L: Send Encrypted Response
        L->>F: RequestDecryption (ciphertext)
        F->>F: Decrypt data
        F->>L: DecryptApplicationData (plaintext)
    end

    L->>F: RequestSignature (data)
    F->>F: Sign data
    F->>L: SignData (signature)

    L->>F: CloseConnection
    F->>L: CloseConnection
    L->>S: Close TLS Connection
    L->>F: Finalize
    F->>L: Commit

[saberistic]

I made mostly cosmetic comments, a cleanup could be done (see warnings produced when compiling) need to discuss about the notarization part at the end great job !

Thanks for feedback, fixed most of lints, I guess next is to do notarization