feat: Integrate caratls TEE TLS networking (#376)

This PR integrates caratls into the web-prover networking stack. While the integration is not yet fully functional, the remaining components can be implemented independently within the caratls repository.

Cargo.toml

@@ -16,7 +16,7 @@ tracing="0.1.40"
 tracing-subscriber={ version="0.3.18", features=["env-filter"] }
 tlsn-verifier={ git="https://github.com/tlsnotary/tlsn.git", tag="v0.1.0-alpha.4" }
 tlsn-prover={ git="https://github.com/tlsnotary/tlsn.git", tag="v0.1.0-alpha.4", features=[
-  "tracing",
+	"tracing",
 ] }
 tlsn-core={ git="https://github.com/tlsnotary/tlsn.git", tag="v0.1.0-alpha.4" }
 tls-client={ git="https://github.com/tlsnotary/tlsn.git", tag="v0.1.0-alpha.4", package="tlsn-tls-client" }
@@ -26,6 +26,7 @@ tls-core          ={ git="https://github.com/pluto/tls-origo-legacy", package="t
 rayon             ="1.10.0"
 wasm-bindgen-rayon="=1.2.1"
 futures           ="0.3"
+caratls           ={ git="https://github.com/pluto/caratls.git", rev="e440cc71ece67fa3a53d7fd37d06d64d44840f01" }
 
 # CLI
 clap={ version="4.5.13", features=["derive"] }

client/Cargo.toml

@@ -24,6 +24,8 @@ tls-core   ={ workspace=true }
 tlsn-prover={ workspace=true }
 tlsn-core  ={ workspace=true }
 
+caratls = {workspace = true}
+
 bytes ="1"
 proofs={ workspace=true }
 
@@ -67,9 +69,9 @@ clap ={ workspace=true }
 # Web
 hyper-util={ workspace=true }
 # Async
-tokio-rustls={ version="0.24", default-features=false, features=["logging", "tls12"] }
+tokio-rustls={ version="0.26", default-features=false, features=["logging", "tls12"] }
 tokio       ={ workspace=true, features=["rt", "rt-multi-thread", "macros", "net", "io-std", "fs"] }
-rustls      ={ version="0.21", default-features=false }
+rustls      ={ version="0.23", default-features=false, features = ["ring"]}
 # TLSN
 async-tungstenite    ={ version="0.25.1", features=["async-std-runtime", "async-tls"] }
 ws_stream_tungstenite={ version="0.13.0", features=["tokio_io"] }
@@ -80,7 +82,7 @@ reqwest              ={ version="0.12", features=["json", "rustls-tls"] }
 # Web
 hyper-util={ version="0.1", features=["http1"] }
 ## Use the patched ws_stream_wasm to fix the issue https://github.com/najamelan/ws_stream_wasm/issues/12#issuecomment-1711902958
-ws_stream_wasm={ version="0.7.4", git="https://github.com/tlsnotary/ws_stream_wasm", rev="2ed12aad9f0236e5321f577672f309920b2aef51" }
+ws_stream_wasm={ version="0.7.4", git="https://github.com/tlsnotary/ws_stream_wasm", rev="2ed12aad9f0236e5321f577672f309920b2aef51", features = ["tokio_io"]}
 # Serde
 serde-wasm-bindgen="0.6.5"
 reqwest           ={ version="0.12", features=["json"] }

client/src/config.rs

@@ -20,6 +20,8 @@ pub enum NotaryMode {
   Origo,
   /// TLS notary MPC-TLS mode
   TLSN,
+  // TEE proxy mode
+  TEE,
 }
 
 /// Proving data containing [`Manifest`] and serialized witnesses used for WASM

client/src/errors.rs

@@ -20,6 +20,9 @@ pub enum ClientErrors {
   #[error(transparent)]
   Io(#[from] std::io::Error),
 
+  #[error(transparent)]
+  TeeTlsConnectorError(#[from] caratls::client::TeeTlsConnectorError),
+
   #[error("TLS error: {0}")]
   TlsCrypto(String),
 
@@ -85,7 +88,7 @@ pub enum ClientErrors {
 
   #[cfg(not(target_arch = "wasm32"))]
   #[error(transparent)]
-  InvalidDnsNameError(#[from] rustls::client::InvalidDnsNameError),
+  InvalidDnsNameError(#[from] rustls::pki_types::InvalidDnsNameError),
 
   #[error(transparent)]
   Error(#[from] tls_client2::Error),