From ed754367a5387518c606f73f0b3b1203011460ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Th=C3=B6ni?= <stefan.thoeni@gapfruit.com>
Date: Wed, 18 Dec 2019 16:24:39 +0100
Subject: [PATCH] grpc: enabled TLS and added example script

Issue #190
---
 lib/symbols/grpc                           |   2 +
 run/grpc_tls.run                           | 309 +++++++++++++++++++++
 src/test/grpc_tls/client/greeter_client.cc | 107 +++++++
 src/test/grpc_tls/client/target.mk         |  33 +++
 src/test/grpc_tls/server/greeter_server.cc | 104 +++++++
 src/test/grpc_tls/server/greeter_server.h  |   4 +
 src/test/grpc_tls/server/main.cc           |  43 +++
 src/test/grpc_tls/server/server.crt        |  20 ++
 src/test/grpc_tls/server/server.csr        |  17 ++
 src/test/grpc_tls/server/server.key        |  27 ++
 src/test/grpc_tls/server/target.mk         |  35 +++
 11 files changed, 701 insertions(+)
 create mode 100644 run/grpc_tls.run
 create mode 100644 src/test/grpc_tls/client/greeter_client.cc
 create mode 100644 src/test/grpc_tls/client/target.mk
 create mode 100644 src/test/grpc_tls/server/greeter_server.cc
 create mode 100644 src/test/grpc_tls/server/greeter_server.h
 create mode 100644 src/test/grpc_tls/server/main.cc
 create mode 100644 src/test/grpc_tls/server/server.crt
 create mode 100644 src/test/grpc_tls/server/server.csr
 create mode 100644 src/test/grpc_tls/server/server.key
 create mode 100644 src/test/grpc_tls/server/target.mk

diff --git a/lib/symbols/grpc b/lib/symbols/grpc
index 7f11c3e..908bc39 100644
--- a/lib/symbols/grpc
+++ b/lib/symbols/grpc
@@ -16,3 +16,5 @@ _ZN9grpc_impl25InsecureServerCredentialsEv W
 _ZN9grpc_impl26InsecureChannelCredentialsEv W
 _ZN9grpc_impl7ChannelD0Ev W
 _ZN4grpc12experimental29ChannelResetConnectionBackoffEPN9grpc_impl7ChannelE W
+_ZN9grpc_impl20SslServerCredentialsERKN4grpc27SslServerCredentialsOptionsE W
+_ZN9grpc_impl14SslCredentialsERKNS_21SslCredentialsOptionsE W
diff --git a/run/grpc_tls.run b/run/grpc_tls.run
new file mode 100644
index 0000000..54fc90e
--- /dev/null
+++ b/run/grpc_tls.run
@@ -0,0 +1,309 @@
+create_boot_directory
+
+source $gapfruit_dir/repos/gapfruit/run/corallite_functions.inc
+
+import_from_depot [depot_user]/src/[base_src]
+import_from_depot [depot_user]/src/dynamic_rom
+import_from_depot [depot_user]/src/init
+import_from_depot [depot_user]/src/libc
+import_from_depot [depot_user]/src/libcrypto
+import_from_depot [depot_user]/src/libssl
+import_from_depot [depot_user]/src/nic_router
+import_from_depot [depot_user]/src/posix
+import_from_depot [depot_user]/src/protobuf
+import_from_depot [depot_user]/src/report_rom
+import_from_depot [depot_user]/src/stdcxx
+import_from_depot [depot_user]/src/vfs
+import_from_depot [depot_user]/src/vfs_jitterentropy
+import_from_depot [depot_user]/src/vfs_lwip
+import_from_depot [depot_user]/src/zlib
+
+set build_components {
+	test/grpc_tls/server
+	test/grpc_tls/client
+}
+
+
+build $build_components
+
+
+set nic_router_reporting 0
+
+set ssl_server_key {
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAt0QT62/ez9rw4GepYLY530y2I6fdrZkQ3v3wzKI0G9t9n8Yo
+YeQkAeHuIoCxLAYzjS4alwki1DVL0hSXD95kO9+H0sBmfJ1k1x/Wn7Y2/WKpG5yK
+x8CobEC1rG4YibeED9n06kaYPtQ01HEGQ/eXEbcSISVN1xK8zTe1uzKZ36H99lkb
+hOZQ6xLOSH/4jSiPacX+3CkeJBIkAFflzDq/ycKVlO429+6F/TimxXn2ZhJtKcW9
+swMTKLas8LPJPTO8jbjv/uQS+ygh1bATWO7iNayS4XdRuyFNkknxHAX48ks59UTb
+bVe4m0yre2cq4w/2f0Rp5NibbvblPzSpMIWGoQIDAQABAoIBAQCFDppfz6M3ykAk
+zV5+Zw9xfqKnFJOwHHfRTxHroMCwkRWOUTK0kA1MiJp61nDMA9yd3iFUE0AEToW0
+C1r6HH8tsUdNzn8abrPuNKGA56zZHy6ka22fRdOCdSDyBiUup9zsHVTiW0riIvQQ
+YdcotbQrGn3BLvJq+qG1ZYM+XKi3YgxErcEQFwhH7RCr4X654NDSms5w/V5M/3nS
+jcDUH19rT180Sy2Pmbus2c51GaF3M7ZET84aPqX/zBNg8aCmXV4BxPmd+R6Kp0DZ
+T8Y1j+Mvkulc0LnP+iONHUbWtbpVL+OFgMQSmW+MSvCgrwHGr8VayVleEmW50+1M
+A/Wu6Yp5AoGBAOjqpl/Rru7PerATK5fjm/bZuUd3GaBGBRRbZBcSorGA6WlX3kOC
+ZJbJfnT0+HF6gWzhHtqxuEgAUG5p2AcP3C2tg0vGUFe7ldePK5yJc147O3FF1/fr
+GRRohHFjgD23xMctySwGVgp4JWzJom0Do+3DBxsyq0JQDmATv4/7MFqnAoGBAMlt
+vF146ofZmrgDESd+7gnBEK5r9XzX2q/5Rd6TXz5WMpw5OAM9i650KciKd1j96tIf
+JhU2ccFtk9GgWCaMxpIkDyTo8kTwc5fuFdmdo9Hi4w6bRxSDFcBqD2xEH9i3xlQw
+1h4bxc8Iggv2Fozh5jqKxTBEz1t8n0oxRaLW7OV3AoGAfNrEQtsJFhT8ZIRyOuKV
+CXde3ZNXllXShT4UYlXoBpTfCkxC5hdwym/KrPFgeJw94tquinb4HQimFPoCBo8W
+7Rl1J1pwWQdCZKHns+rugBXqYGcbRVeuQwVf8dRvuyXWgxrlGwduegA7t5xCyINK
+DbsdBRRdP5fgjNopNwpkukMCgYAoTyCB6B+u/fn7VwnIyJrkMtGexhYDXMLzskOs
+LfvCYseQAddWtqtMRwzRh/woP/ANCpS5bALJvZ72NUtOs59NQZASR9eruh63ybpv
+qR9OckQT+Tj5Pt5Mei0J8nwZB3XWBUvkDJTCQKadtCqBGPfUwU6CwVJpsX/C/ic8
+VhxkMwKBgQDQNAL/F+T4/UQ+DcayruTAUyv/mE85LpQ+pkP4bmeUbKg9L/evCDdc
+IyFb0d3QOGxtumRa3QXTJv6/YRcYT6QpjtegoxCNT4Efy4XfTg0ZSlD3fM854oKy
+inL6CnjqcXGZnm+bsmnAu0Eebhx9/wUA3msaivUY8aBTMIzhkpoVfw==
+-----END RSA PRIVATE KEY-----
+}
+set ssl_server_cert {
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk0CFE5tmzIRllqBMUbhj7lUFlOd6KXaMA0GCSqGSIb3DQEBDQUAMHQx
+CzAJBgNVBAYTAkNIMQwwCgYDVQQIDANadWcxDDAKBgNVBAcMA1p1ZzEUMBIGA1UE
+CgwLZ2FwZnJ1aXQgQUcxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBRn
+YXBmcnVpdCBEZXYvVGVzdCBDQTAeFw0xOTEyMTgxNDIxNTJaFw0yOTEyMTUxNDIx
+NTJaMGoxCzAJBgNVBAYTAkNIMQwwCgYDVQQIDANadWcxDDAKBgNVBAcMA1p1ZzEU
+MBIGA1UECgwLZ2FwZnJ1aXQgQUcxFDASBgNVBAsMC0RldmVsb3BtZW50MRMwEQYD
+VQQDDApncnBjLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+t0QT62/ez9rw4GepYLY530y2I6fdrZkQ3v3wzKI0G9t9n8YoYeQkAeHuIoCxLAYz
+jS4alwki1DVL0hSXD95kO9+H0sBmfJ1k1x/Wn7Y2/WKpG5yKx8CobEC1rG4YibeE
+D9n06kaYPtQ01HEGQ/eXEbcSISVN1xK8zTe1uzKZ36H99lkbhOZQ6xLOSH/4jSiP
+acX+3CkeJBIkAFflzDq/ycKVlO429+6F/TimxXn2ZhJtKcW9swMTKLas8LPJPTO8
+jbjv/uQS+ygh1bATWO7iNayS4XdRuyFNkknxHAX48ks59UTbbVe4m0yre2cq4w/2
+f0Rp5NibbvblPzSpMIWGoQIDAQABMA0GCSqGSIb3DQEBDQUAA4IBAQCYk7rAYBFK
+ynvDgO+wfVmHI/imxsBPBFSD/5YerUt5TSjbjFiNmCTkRfgaBjBNg8kqDxt4LwVU
+w6s5eazqHYs7B8pWDieJwvrWRRmpPD+QRvNLbFOB7n+b+7LtcUAmgOMZzCddcahN
+1bO3t+J4ULWoLgpGvfPtEZJHrgSvlCAleVH0/CVZ2cZ9ngXwYZzW+uzDLuq8t+cy
+PrQ7iWvSX9k/N2f6/MxiFdr1kjjXFLDmweFztUy2tlzbI/jA1VEyiT3MBWrPvq8z
+YXrvUx64+/4/eHjkrpTIqO2K5NMFw218WzxlnmEeVwarP0kmhoDyr75z3SUT4Ygt
+gDANZRHtzkRg
+-----END CERTIFICATE-----
+}
+set ssl_root_cert {
+-----BEGIN CERTIFICATE-----
+MIIDyTCCArGgAwIBAgIUNyy3GIyo2XwhohJyZHHC5mMyLKkwDQYJKoZIhvcNAQEN
+BQAwdDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgMA1p1ZzEMMAoGA1UEBwwDWnVnMRQw
+EgYDVQQKDAtnYXBmcnVpdCBBRzEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxHTAbBgNV
+BAMMFGdhcGZydWl0IERldi9UZXN0IENBMB4XDTE5MTIxODEzMTgxN1oXDTI5MTIx
+NTEzMTgxN1owdDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgMA1p1ZzEMMAoGA1UEBwwD
+WnVnMRQwEgYDVQQKDAtnYXBmcnVpdCBBRzEUMBIGA1UECwwLRGV2ZWxvcG1lbnQx
+HTAbBgNVBAMMFGdhcGZydWl0IERldi9UZXN0IENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAteFTvvk/p0mBsj6xyUGnu4ESlWyOM6ctXX7I0oLFgZD/
+iI8aaYs9mfmn0xHHUmQ1cwg9rQOOruYqdpF0897H2t5dOVcGYKyluPzVT95Khnag
+J/hw3oo6UH00oThLC8yY0Zu9dMTGQvsiYUKLazbsiz37IfoSrRP9LOEMecl+3kWV
+1EczZKwsOCf5QXB60nXtMnakelGhX9AdhmIx3GfigAsRAyzZKpNdlbiTYoH9cnuQ
+3RJPAnOXawnJkQGpT12CNrKhAKNlTT91CHIE08/4zbrRrNP80bZN7VS6M/8QSQRE
+7/OPXp7MiqeLEdIpUD3EIHezf+omZmVdHkM/QeYipwIDAQABo1MwUTAdBgNVHQ4E
+FgQUvDmvbNuKYAb3xMmIyd6j9OIULukwHwYDVR0jBBgwFoAUvDmvbNuKYAb3xMmI
+yd6j9OIULukwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAESOs
+duTRSzCNlBvDzP2ushB6P3JtN2eqBj/W+I1DnDAm/wpKkbAHxB26Ldm/AS/APq/D
+IOgP3OltOVBjotRi+I5z7oSq3RHzU2fT6ZS8JfiRaVOTAs9ImQwVGT/xTN79oILW
+7ivbLacF4L7BXFFq22HBK+DYnP8zdWud7g+8KTwwv2m2uijLkiw4oBqwo8SGUVU0
+xYL0iBrMfbtc2cg0mGNsfMpVMe0ZJdtyK7EzZvWi6jw3T2qsxNNTM89tYvRpcoUL
+AeOLXBSuuz5FnClb95mSVMpFYrHYwYzwx677fJjFKrLsaCSeledPSXN6GpPMl6bg
+1pr81E45WPuAQBX5jw==
+-----END CERTIFICATE-----
+}
+set server_start_node {
+						<start name="grpc_tls_server" caps="200">
+							<resource name="RAM" quantum="8M"/>
+							<config>
+								<arg value="grpc_tls_server"/>
+								<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/dev/socket" rng="/dev/random"/>
+								<vfs>
+									<dir name="dev">
+										<log/>
+										<null/>
+										<jitterentropy name="random"/>
+										<jitterentropy name="urandom"/>
+										<inline name="rtc">2019-12-19 14:22</inline>
+										<dir name="socket">
+											<lwip ip_addr="10.10.10.55" netmask="255.255.255.0" gateway="10.10.10.1"/>
+										</dir>
+									</dir>
+									<inline name="server.key">}
+append server_start_node $ssl_server_key
+append server_start_node {
+									</inline>
+									<inline name="server.crt">}
+append server_start_node $ssl_server_cert
+append server_start_node {
+									</inline>
+								</vfs>
+							</config>
+						</start>
+}
+
+set config {
+<config verbose="no">
+	<parent-provides>
+		<service name="CPU"/>
+		<service name="LOG"/>
+		<service name="PD"/>
+		<service name="ROM"/>
+		<service name="IO_PORT"/>
+	</parent-provides>
+	<default-route>
+		<any-service> <parent/> <any-child/> </any-service>
+	</default-route>
+	<default caps="100"/>
+
+	<start name="timer">
+		<resource name="RAM" quantum="1M"/>
+		<provides> <service name="Timer"/> </provides>
+	</start>
+}
+append_if $nic_router_reporting config {
+	<start name="report_rom">
+		<resource name="RAM" quantum="2M"/>
+		<provides>
+			<service name="ROM"/>
+			<service name="Report"/>
+		</provides>
+		<config verbose="yes">
+		</config>
+	</start>
+}
+append config {
+	<start name="nic_router">
+		<resource name="RAM" quantum="8M"/>
+		<provides> <service name="Nic"/> </provides>
+		<config verbose="no"
+		        verbose_packets="no"
+		        verbose_domain_state="yes"
+		        verbose_packet_drop="yes"
+		        dhcp_discover_timeout_sec="3"
+		        dhcp_request_timeout_sec="3"
+		        dhcp_offer_timeout_sec="3"
+		        udp_idle_timeout_sec="30"
+		        tcp_idle_timeout_sec="30"
+		        tcp_max_segm_lifetime_sec="15">}
+append_if $nic_router_reporting config {
+				<report bytes="yes"
+					    config="yes"
+					    quota="no"
+					    stats="no"
+					    interval_sec="2"/>}
+append config {
+			<domain name="server" interface="10.10.10.1/24">
+				<ip dst="10.10.20.0/0" domain="client"/>
+			</domain>
+			<domain name="client" interface="10.10.20.1/24">
+				<ip dst="10.10.10.0/0" domain="server"/>
+			</domain>
+			<policy label="init -> grpc_tls_server -> lwip" domain="server"/>
+			<policy label="init -> grpc_tls_client -> lwip" domain="client"/>
+		</config>
+	</start>
+
+	<start name="dynamic_rom" caps="100">
+		<resource name="RAM" quantum="4M"/>
+		<provides> <service name="ROM"/> </provides>
+		<config>
+			<rom name="init.config">
+				<inline description="server_only">
+					<config verbose="no">
+						<parent-provides>
+							<service name="CPU"/>
+							<service name="LOG"/>
+							<service name="Nic"/>
+							<service name="PD"/>
+							<service name="ROM"/>
+							<service name="Timer"/>
+						</parent-provides>
+						<default-route>
+							<any-service> <parent/> <any-child/> </any-service>
+						</default-route>
+						<default caps="100"/>}
+append config $server_start_node
+append config {
+					</config>
+				</inline>
+				<sleep milliseconds="1000"/>
+				<inline description="server_and_client">
+					<config verbose="no">
+						<parent-provides>
+							<service name="CPU"/>
+							<service name="LOG"/>
+							<service name="Nic"/>
+							<service name="PD"/>
+							<service name="ROM"/>
+							<service name="Timer"/>
+						</parent-provides>
+						<default-route>
+							<any-service> <parent/> <any-child/> </any-service>
+						</default-route>
+						<default caps="100"/>}
+append config $server_start_node
+append config {
+						<start name="grpc_tls_client" caps="200">
+							<resource name="RAM" quantum="8M"/>
+							<config>
+								<arg value="grpc_tls_client"/>
+								<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/dev/socket" rng="/dev/random"/>
+								<vfs>
+									<dir name="dev">
+										<log/>
+										<null/>
+										<jitterentropy name="random"/>
+										<jitterentropy name="urandom"/>
+										<inline name="rtc">2019-12-19 14:22</inline>
+										<dir name="socket">
+											<lwip ip_addr="10.10.20.66" netmask="255.255.255.0" gateway="10.10.20.1"/>
+										</dir>
+									</dir>
+									<dir name="etc">
+										<inline name="resolv.conf">nameserver 8.8.8.8</inline>
+										<inline name="host.conf">order hosts,bind
+multi on</inline>
+										<inline name="hosts">10.10.10.55 grpc.local</inline>
+									</dir>
+									<dir name="usr">
+										<dir name="share">
+											<dir name="grpc">
+												<inline name="roots.pem">}
+append config $ssl_root_cert
+append config {
+												</inline>
+											</dir>
+										</dir>
+									</dir>
+								</vfs>
+							</config>
+						</start>
+					</config>
+				</inline>
+				<sleep milliseconds="2000000000"/>
+			</rom>
+		</config>
+	</start>
+
+	<start name="init" caps="1500">
+		<resource name="RAM" quantum="20M" />
+		<route>
+			<service name="ROM" label="config"> <child name="dynamic_rom" label="init.config"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+	</start>
+
+</config>
+}
+
+install_config [replace_package_template_info $config]
+
+set boot_modules {
+	grpc_tls_server
+	grpc_tls_client
+	grpc.lib.so
+	libc_pipe.lib.so
+}
+
+append qemu_args " -nographic "
+
+
+build_boot_image $boot_modules
+
+
+run_genode_until {.*say hello} 200000
diff --git a/src/test/grpc_tls/client/greeter_client.cc b/src/test/grpc_tls/client/greeter_client.cc
new file mode 100644
index 0000000..43a14c3
--- /dev/null
+++ b/src/test/grpc_tls/client/greeter_client.cc
@@ -0,0 +1,107 @@
+/*
+ *
+ * Copyright 2015 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <iostream>
+#include <memory>
+#include <string>
+
+#include <grpcpp/grpcpp.h>
+
+#ifdef BAZEL_BUILD
+#include "examples/protos/helloworld.grpc.pb.h"
+#else
+#include "helloworld.grpc.pb.h"
+#endif
+
+using grpc::Channel;
+using grpc::ClientContext;
+using grpc::Status;
+using helloworld::HelloRequest;
+using helloworld::HelloReply;
+using helloworld::Greeter;
+
+class GreeterClient {
+ public:
+  GreeterClient(std::shared_ptr<Channel> channel)
+      : stub_(Greeter::NewStub(channel)) {}
+
+  // Assembles the client's payload, sends it and presents the response back
+  // from the server.
+  std::string SayHello(const std::string& user) {
+    // Data we are sending to the server.
+    HelloRequest request;
+    request.set_name(user);
+
+    // Container for the data we expect from the server.
+    HelloReply reply;
+
+    // Context for the client. It could be used to convey extra information to
+    // the server and/or tweak certain RPC behaviors.
+    ClientContext context;
+
+    // The actual RPC.
+    Status status = stub_->SayHello(&context, request, &reply);
+
+    // Act upon its status.
+    if (status.ok()) {
+      return reply.message();
+    } else {
+      std::cout << status.error_code() << ": " << status.error_message()
+                << std::endl;
+      return "RPC failed";
+    }
+  }
+
+ private:
+  std::unique_ptr<Greeter::Stub> stub_;
+};
+
+std::string read_file(const char* filename)
+{
+	const long max_size = 4096;
+
+	auto f = fopen(filename, "rb");
+
+	if (f == nullptr) {
+		throw -1;
+	}
+
+	std::string res;
+	res.resize(max_size);
+
+	// C++17 defines .data() which returns a non-const pointer
+	const long size = fread(const_cast<char*>(res.data()), 1, max_size, f);
+	res.resize(size);
+
+	fclose(f);
+
+	return res;
+}
+
+int main(int argc, char** argv) {
+	auto ssl_options = grpc::SslCredentialsOptions{};
+	auto credentials = grpc::SslCredentials(ssl_options);
+
+  GreeterClient greeter(grpc::CreateChannel(
+      "grpc.local:50051", credentials));
+  std::string user("world");
+  std::string reply = greeter.SayHello(user);
+  std::cout << "Greeter received: " << reply << std::endl;
+
+  return 0;
+}
diff --git a/src/test/grpc_tls/client/target.mk b/src/test/grpc_tls/client/target.mk
new file mode 100644
index 0000000..090ffe2
--- /dev/null
+++ b/src/test/grpc_tls/client/target.mk
@@ -0,0 +1,33 @@
+GRPC_DIR           := $(call select_from_ports,protobuf_grpc)/src/lib/grpc
+PROTO_DIR          := $(GRPC_DIR)/examples/protos
+TARGET             := grpc_tls_client
+
+LIBS               := posix
+LIBS               += protobuf
+LIBS               += stdcxx
+LIBS               += grpc
+LIBS               += libc_pipe
+
+CC_CXX_WARN_STRICT :=
+
+PROTOC             := /usr/local/genode/protobuf_grpc/current/bin/protoc
+GRPC_PLUGIN        := /usr/local/genode/protobuf_grpc/current/bin/grpc_cpp_plugin
+
+SRC_CC             := greeter_client.cc
+SRC_CC             += helloworld.pb.cc
+SRC_CC             += helloworld.grpc.pb.cc
+
+vpath helloworld.proto   $(PROTO_DIR)
+
+$(SRC_CC): helloworld.grpc.pb.h
+
+helloworld.pb.h: helloworld.proto
+	$(VERBOSE)$(PROTOC) --proto_path=$(PROTO_DIR) \
+	                    --cpp_out=. \
+	                    $<
+
+helloworld.grpc.pb.h: helloworld.proto helloworld.pb.h
+	$(VERBOSE)$(PROTOC) --plugin=protoc-gen-grpc=$(GRPC_PLUGIN) \
+	                    --proto_path=$(PROTO_DIR) \
+	                    --grpc_out=. \
+	                    $<
diff --git a/src/test/grpc_tls/server/greeter_server.cc b/src/test/grpc_tls/server/greeter_server.cc
new file mode 100644
index 0000000..eb82c12
--- /dev/null
+++ b/src/test/grpc_tls/server/greeter_server.cc
@@ -0,0 +1,104 @@
+/*
+ *
+ * Copyright 2015 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <iostream>
+#include <memory>
+#include <string>
+#include <base/log.h>
+
+
+#include <grpcpp/grpcpp.h>
+
+#ifdef BAZEL_BUILD
+#include "examples/protos/helloworld.grpc.pb.h"
+#else
+#include "helloworld.grpc.pb.h"
+#endif
+
+#include "greeter_server.h"
+
+using grpc::Server;
+using grpc::ServerBuilder;
+using grpc::ServerContext;
+using grpc::Status;
+using grpc::ServerCredentials;
+using helloworld::HelloRequest;
+using helloworld::HelloReply;
+using helloworld::Greeter;
+
+// Logic and data behind the server's behavior.
+class GreeterServiceImpl final : public Greeter::Service {
+  Status SayHello(ServerContext* context, const HelloRequest* request,
+                  HelloReply* reply) override {
+		printf("say hello\n");
+    std::string prefix("Hello ");
+    reply->set_message(prefix + request->name());
+    return Status::OK;
+  }
+};
+
+std::string read_file(const char* filename)
+{
+	const long max_size = 4096;
+
+	auto f = fopen(filename, "rb");
+
+	if (f == nullptr) {
+		Genode::error("cannot open file ", filename);
+		throw -1;
+	}
+
+	std::string res;
+	res.resize(max_size);
+
+	// C++17 defines .data() which returns a non-const pointer
+	const long size = fread(const_cast<char*>(res.data()), 1, max_size, f);
+	res.resize(size);
+
+	fclose(f);
+
+	return res;
+}
+
+void RunServer() {
+  GreeterServiceImpl service;
+
+	auto certificate = read_file("/server.crt");
+	auto private_key = read_file("/server.key");
+
+	grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = { private_key.c_str(), certificate.c_str() };
+	grpc::SslServerCredentialsOptions ssl_opts;
+	ssl_opts.pem_root_certs = "";
+	ssl_opts.pem_key_cert_pairs.push_back(pkcp);
+	std::shared_ptr<ServerCredentials> credentials = grpc::SslServerCredentials(ssl_opts);
+
+  ServerBuilder builder;
+  // Listen on the given address without any authentication mechanism.
+  builder.AddListeningPort("0.0.0.0:50051", credentials);
+  // Register "service" as the instance through which we'll communicate with
+  // clients. In this case it corresponds to an *synchronous* service.
+  builder.RegisterService(&service);
+  // Finally assemble the server.
+  std::unique_ptr<Server> server(builder.BuildAndStart());
+  std::cout << "Server listening on" << std::endl;
+
+  // Wait for the server to shutdown. Note that some other thread must be
+  // responsible for shutting down the server for this call to ever return.
+  server->Wait();
+}
+
diff --git a/src/test/grpc_tls/server/greeter_server.h b/src/test/grpc_tls/server/greeter_server.h
new file mode 100644
index 0000000..1dc0617
--- /dev/null
+++ b/src/test/grpc_tls/server/greeter_server.h
@@ -0,0 +1,4 @@
+#pragma once
+
+void RunServer();
+
diff --git a/src/test/grpc_tls/server/main.cc b/src/test/grpc_tls/server/main.cc
new file mode 100644
index 0000000..a68ffd4
--- /dev/null
+++ b/src/test/grpc_tls/server/main.cc
@@ -0,0 +1,43 @@
+#include <base/attached_rom_dataspace.h>
+#include <libc/component.h>
+#include <base/heap.h>
+#include <base/log.h>
+#include <base/thread.h>
+#include <pthread.h>
+#include "greeter_server.h"
+
+enum { STACK_SIZE = 0xF000 };
+
+namespace Grpc_server {
+	using namespace Genode;
+
+	class Server_main;
+}
+
+static void *start_func(void*)
+{
+	Libc::with_libc([&] () {
+		RunServer();
+	});
+
+	return nullptr;
+}
+
+class Grpc_server::Server_main
+{
+	private:
+		Env& _env;
+		pthread_t _t;
+
+	public:
+		Server_main(Env& env)
+			: _env(env)
+		{
+			pthread_create(&_t, 0, start_func, &env);
+		}
+};
+
+void Libc::Component::construct(Libc::Env &env)
+{
+	static Grpc_server::Server_main main(env);
+}
diff --git a/src/test/grpc_tls/server/server.crt b/src/test/grpc_tls/server/server.crt
new file mode 100644
index 0000000..133dc51
--- /dev/null
+++ b/src/test/grpc_tls/server/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAh8CFDmH0KbQjaQFqix5NuZGZ6dyIOlRMA0GCSqGSIb3DQEBCwUAMFgx
+CzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARUZXN0MQ0wCwYDVQQHDARUZXN0MQ0wCwYD
+VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDAR0ZXN0MB4XDTE5MTIx
+NDE2MDQyOVoXDTI5MTIxMTE2MDQyOVowWDELMAkGA1UEBhMCQ0gxDTALBgNVBAgM
+BFRlc3QxDTALBgNVBAcMBFRlc3QxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRl
+c3QxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCZroIEzgfq5WJQxlKf+BzovzJGtYcmIILW2e7ldc5GJDQGlTJ1/+aT+BmU/p7z
+redg3FoCIb4zV60If5/whbnL2d5sto/RKowr2Pl9WGmZ9WFP/gi92QwTfflmSMlR
+SGY0vxWKh/+XXTOxibgVnq5mBFPq1G2adMqDDjBkz+EuFyCtuiOJnwuhRmnGtckD
+UyrPo/tFgbAbd21OatqJzFPU2gPgHYBnXO0+IDcg+oMh8pUZbrglfoi3cqftcSZF
+7QtCz2ywjXTYKL4J3WGLimE5gzhcrAbridv4dJxuXuyNGOlD5kCzdhNeZpD3YiZw
+U4wY0LuQF8iTD2dp1MJY6cZRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFDQlrgD
+nUV5rgVQuVgFh6vaMQ8pWwRtIsd8CuDfNIO+eE2yqaEkZNZVQ3pg60G9L6nUKq8c
+KndYJ2Ifx7B7XpgTDqIpfk63gGHf8qAf7LHQQ/4zj9tUZLFdZEHw08pwfDSAbdEf
+UGE1cdQb58mggLi8M5iCFPdTVxzhrKdXGah/H5BuLGdqj4RN86x2X6vi9gR3oEdZ
+XKgMnTakmm63CUunVKTJng1rvxEL8CXQN2oMBgbPmYkbfkzVv+R1VtqXUiclMx6H
+QlMKGmxqsBd6vSy10LkaOTJ+GScSNtr4ySoS9TQ6Jp+K7uz9n61o9lQUDdXbusRc
+h6t9Jl5c8l8aO/8=
+-----END CERTIFICATE-----
diff --git a/src/test/grpc_tls/server/server.csr b/src/test/grpc_tls/server/server.csr
new file mode 100644
index 0000000..054f4cf
--- /dev/null
+++ b/src/test/grpc_tls/server/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFRlc3QxDTALBgNV
+BAcMBFRlc3QxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMM
+BHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZroIEzgfq5WJQ
+xlKf+BzovzJGtYcmIILW2e7ldc5GJDQGlTJ1/+aT+BmU/p7zredg3FoCIb4zV60I
+f5/whbnL2d5sto/RKowr2Pl9WGmZ9WFP/gi92QwTfflmSMlRSGY0vxWKh/+XXTOx
+ibgVnq5mBFPq1G2adMqDDjBkz+EuFyCtuiOJnwuhRmnGtckDUyrPo/tFgbAbd21O
+atqJzFPU2gPgHYBnXO0+IDcg+oMh8pUZbrglfoi3cqftcSZF7QtCz2ywjXTYKL4J
+3WGLimE5gzhcrAbridv4dJxuXuyNGOlD5kCzdhNeZpD3YiZwU4wY0LuQF8iTD2dp
+1MJY6cZRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEATDOgGwIY/10Ubdhcdafm
+BjHZdkfwYUbusT0Qz97Mhgr/zDcBQizIyKUutWjAKs4+fku1Jorx7iQnVSidh4WI
+Cbsnf+AufVdS82VdkX3vMf0jm4yADIx2E5mH/eaXNB0NNsBoENNbOm7N5vJH1GXd
+NmJnc514O13yZ6LKIo78d6AI5qPFXwo3VQq7C3f/ekb3uvhwK3u4GrJmpvEuJDHw
+jL7KB8rlJRnmgzzB2nC8zO0w+OivsD9vmfCfNUul1g/4i7JMJMIXGmP8WiLOxSo2
+IU1p3edndeMSHFs4oiFC1Slf67Oc2yWoTLdLQWE3qn0exb056mfdyRAnAyJsv+Xt
+uQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/src/test/grpc_tls/server/server.key b/src/test/grpc_tls/server/server.key
new file mode 100644
index 0000000..556a0c2
--- /dev/null
+++ b/src/test/grpc_tls/server/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAma6CBM4H6uViUMZSn/gc6L8yRrWHJiCC1tnu5XXORiQ0BpUy
+df/mk/gZlP6e863nYNxaAiG+M1etCH+f8IW5y9nebLaP0SqMK9j5fVhpmfVhT/4I
+vdkME335ZkjJUUhmNL8Viof/l10zsYm4FZ6uZgRT6tRtmnTKgw4wZM/hLhcgrboj
+iZ8LoUZpxrXJA1Mqz6P7RYGwG3dtTmraicxT1NoD4B2AZ1ztPiA3IPqDIfKVGW64
+JX6It3Kn7XEmRe0LQs9ssI102Ci+Cd1hi4phOYM4XKwG64nb+HScbl7sjRjpQ+ZA
+s3YTXmaQ92ImcFOMGNC7kBfIkw9nadTCWOnGUQIDAQABAoIBAHGbNlRU9jdn8KDj
+qurEoKJRzNnGkazWtcIcAuUvjBf/5VHEczQVwx85dbfV7i0XLodE/Wi8Bv2vX6N7
+rQFB6dJPMYTOBEzMlihH0k8dz5rXcWOP2Gh3jdzO8FHzlpb23U86vrLUzFXZuUAS
+Hbolvqh9pIdhF9Dpa1csYwvzPHQz0VrNxBjzhpusvATEM0XF0eeugLAJgS78PStL
+x6nh+g8Xj6G2ZZaKboDMs3sDCzHbuwjgSjRR8F0iPQ44v4b1ZiPlDlLH1m+jjHY/
+Yph3iR7InbNukg5W+qefserRdkVu6KtXa54Mx1Y13frN9jfDkk2L43Fbr8c+nGMN
+tJ277gECgYEAx1rN2oqRGREtFGsdeFd+a/3uqi2OpBHuxyVkrLWzzPVHwm30OlNo
+bEqjm0+oo9CsnJDfIAGctbZumT/uXTg2zTtDz470MX8HhB5vLBha9LZissrOIHPe
+VO3QeEcfeqS/jPnwuhhwjUnmYMhRPW6JRQpDcw17sq4Y7wtGN9HjseECgYEAxVlq
+omZggPQBDJkYg1ibB1HrjRN6X06jKKC0XXjR2hvGfZ1lUim/KQWlr5u0Tc3DLcHZ
+hM6/s3ZvvdQHJLlfUr3fgN9jQ3Iv6736LkkTSxqyweHuMErdobEGnlyhn58CfoX/
+MNC3fbRt0dD/lVr/c4xt5qAx4RHBFi0eN92UgnECgYBjVcvdac6DPxvHYNh+bpqA
+FTgndCvvdUAV23we0yuUpWPsbf2UUptl2otLiJXvirt4CHgl6qe7o/vYQRL1QF2O
+Rkmz0ve68iE8pC2hO0GXToo/rO6pHRNcHmQSit4UrqMEDEb3c9YhkQFKmIZipgGg
+dUzGt6E7l6S0+Fk011EuAQKBgDiN+FYT2qH5yvcuRG0Xjk3ZtxQVueLoKS+yZh3H
+SvQjM4259lhGaGa8HJAnodMOHVnWjJxXl245iaovweBPUzbl/M/0tICWj48SQUjU
+XjgOrZ2MPnMOcVct4QSu7Q5ORiu2ALyfg4X9l98h8qx9iGk3nCMUU1b5fIj7YwaF
+dFKxAoGAHhDg/WBf6oPxx9jTOCHfi8y9vEqSO+ANe0oldHWjTA9clljiypNJ9nGp
+LdEoJ3Nt6uG2OqVIag49Hs9gv7KOet/8NxZs9pVgqQqHRZhSWCK/klRCMnqmlk4K
+RfEih8s44da5hDlebF+gYS1YmmywnrGtn1nxYEhbNnG/TaQdYcA=
+-----END RSA PRIVATE KEY-----
diff --git a/src/test/grpc_tls/server/target.mk b/src/test/grpc_tls/server/target.mk
new file mode 100644
index 0000000..4ce1792
--- /dev/null
+++ b/src/test/grpc_tls/server/target.mk
@@ -0,0 +1,35 @@
+GRPC_DIR           := $(call select_from_ports,protobuf_grpc)/src/lib/grpc
+PROTO_DIR          := $(GRPC_DIR)/examples/protos
+TARGET             := grpc_tls_server
+
+LIBS               += protobuf
+LIBS               += stdcxx
+LIBS               += grpc
+LIBS               += libc_pipe
+LIBS               += vfs
+LIBS               += vfs_lwip
+
+CC_CXX_WARN_STRICT :=
+
+PROTOC             := /usr/local/genode/protobuf_grpc/current/bin/protoc
+GRPC_PLUGIN        := /usr/local/genode/protobuf_grpc/current/bin/grpc_cpp_plugin
+
+SRC_CC             := main.cc
+SRC_CC             += greeter_server.cc
+SRC_CC             += helloworld.pb.cc
+SRC_CC             += helloworld.grpc.pb.cc
+
+vpath helloworld.proto   $(PROTO_DIR)
+
+$(SRC_CC): helloworld.grpc.pb.h
+
+helloworld.pb.h: helloworld.proto
+	$(VERBOSE)$(PROTOC) --proto_path=$(PROTO_DIR) \
+	                    --cpp_out=. \
+	                    $<
+
+helloworld.grpc.pb.h: helloworld.proto helloworld.pb.h
+	$(VERBOSE)$(PROTOC) --plugin=protoc-gen-grpc=$(GRPC_PLUGIN) \
+	                    --proto_path=$(PROTO_DIR) \
+	                    --grpc_out=. \
+	                    $<