This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 7f023bb31e86ca3265ea293dbd48aa2632df47c9 Author: jeffery.wsj <[email protected]> AuthorDate: Fri Dec 24 12:06:38 2021 +0800 [sdk] Add exported API for JavaEnclave programming model Summary: Add JavaEnclave exported API, such as enclave create and destroy. Test Plan: all tests pass Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/38705062 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/7341839 --- sdk/enclave/pom.xml | 61 +++++++++++++++++ .../exception/ConfidentialComputingException.java | 23 +++++++ sdk/host/pom.xml | 20 ++++++ .../confidentialcomputing/host/Enclave.java | 80 ++++++++++++++++++++++ .../confidentialcomputing/host/EnclaveFactory.java | 48 +++++++++++++ .../confidentialcomputing/host/EnclaveType.java | 26 +++++++ .../exception/ConfidentialComputingException.java | 23 +++++++ .../host/exception/EnclaveCreatingException.java | 22 ++++++ .../host/exception/EnclaveDestroyingException.java | 22 ++++++ .../host/exception/ServicesLoadingException.java | 22 ++++++ sdk/pom.xml | 45 ++++++++++++ 11 files changed, 392 insertions(+) diff --git a/sdk/enclave/pom.xml b/sdk/enclave/pom.xml new file mode 100644 index 0000000..ebc8afa --- /dev/null +++ b/sdk/enclave/pom.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>com.alibaba.confidentialcomputing</groupId> + <parent> + <groupId>com.alibaba.confidentialcomputing</groupId> + <artifactId>JavaEnclave</artifactId> + <version>0.1.0</version> + </parent> + <artifactId>enclave</artifactId> + <packaging>jar</packaging> + <name>JavaEnclave-Enclave</name> + <url></url> + <build> + <plugins> + <!--plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <version>0.8.3</version> + <configuration> + <includes> + <include>com/alibaba/confidentialcomputing/**/*</include> + </includes> + </configuration> + <executions> + <execution> + <id>pre-test</id> + <goals> + <goal>prepare-agent</goal> + </goals> + </execution> + <execution> + <id>post-test</id> + <phase>test</phase> + <goals> + <goal>report</goal> + </goals> + </execution> + </executions> + </plugin--> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.22.1</version> + </plugin> + </plugins> + </build> + <dependencies> + <dependency> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-engine</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> \ No newline at end of file diff --git a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java new file mode 100644 index 0000000..51b4c93 --- /dev/null +++ b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java @@ -0,0 +1,23 @@ +package com.alibaba.confidentialcomputing.enclave.exception; + +/** + * ConfidentialComputingException {@link ConfidentialComputingException} is base exception in + * JavaEnclave's enclave. All exceptions thrown in JavaEnclave enclave will inherit this + * base exception. + * Programmers need to handle ConfidentialComputingException seriously. + */ +public class ConfidentialComputingException extends Exception { + /** + * @param info exception information. + */ + public ConfidentialComputingException(String info) { + super(info); + } + + /** + * @param e exception. + */ + public ConfidentialComputingException(Throwable e) { + super(e); + } +} \ No newline at end of file diff --git a/sdk/host/pom.xml b/sdk/host/pom.xml new file mode 100644 index 0000000..d017234 --- /dev/null +++ b/sdk/host/pom.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>com.alibaba.confidentialcomputing</groupId> + <parent> + <groupId>com.alibaba.confidentialcomputing</groupId> + <artifactId>JavaEnclave</artifactId> + <version>0.1.0</version> + </parent> + <artifactId>host</artifactId> + <packaging>jar</packaging> + <name>JavaEnclave-Host</name> + <url></url> + <build> + <plugins> + </plugins> + </build> + <dependencies> + </dependencies> +</project> \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java new file mode 100644 index 0000000..b1db930 --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java @@ -0,0 +1,80 @@ +package com.alibaba.confidentialcomputing.host; + +import java.util.Iterator; + +import com.alibaba.confidentialcomputing.host.exception.ServicesLoadingException; +import com.alibaba.confidentialcomputing.host.exception.EnclaveDestroyingException; + +/** + * A {@code Enclave} is a TEE(Trust Execution Environment) instance. + * It was created by EnclaveFactory class {@link EnclaveFactory}, + * Enclave provides a confidential computing environment to process + * the work which it's very privacy and don't hope it was monitored + * by any others, especially public cloud platform and os kernel. + * + * <pre> + * +-------------------------------+ +-----------------------------+ + * | Host | | Enclave | + * | | | | + * | EnclaveFactory.create() +----->| | + * | | | | + * | Enclave.load() +-------------------> providers loaded | + * | | | | + * | proxy.providers <-------------------+ | + * | | | | + * | proxy.invoker() +-------------------> provider call | + * | | | | + * | result <-------------------+ | + * | ... ... ... | | ... ... ... | + * | ... ... ... | | ... ... ... | + * | Enclave.destroy() +---------->| | + * | | | | + * +-------------------------------+ +-----------------------------+ + * </pre> + * <p> + * The figure above describes an enclave's usual work flow. + * <p> + * In most cases, an enclave will be created first, then load services + * from enclave, next you could invoke the service's method in the enclave. + * the method's running middle-state data and its algorithm will be protected. + * At last, don't forget to destroy the enclave instance. + * + * <pre> + * try { + * Enclave enclave = EnclaveFactory.create(); + * ... ... ... + * Service provider = enclave.load(Service); + * ... ... ... + * Object result = provider.invoke(); + * ... ... ... + * ... ... ... + * enclave.destroy(); + * } catch(ConfidentialComputingException e) { + * // exception handle. + * } + * </pre> + */ +public interface Enclave { + + /** + * Returns all providers which implement service interface. It's similar to SPI + * ServiceLoader mechanism. It returns proxy providers which are mirrors to real + * services loaded in enclave. + * <p> + * + * @param <T> Service interface type + * @param service Must be a service interface + * @return An iterator of providers were discovered. + * @throws ServicesLoadingException {@link ServicesLoadingException} If proxy providers created + * failed or mirrors services loaded failed in enclave. + */ + <T> Iterator<T> load(Class<T> service) throws ServicesLoadingException; + + /** + * This method destroy the enclave instance, all the resources in the enclave will be released. + * <p> + * + * @throws EnclaveDestroyingException If underlying c/c++ enclave destroy failed. + */ + void destroy() throws EnclaveDestroyingException; +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java new file mode 100644 index 0000000..9999de6 --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java @@ -0,0 +1,48 @@ +package com.alibaba.confidentialcomputing.host; + +import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException; + +/** + * Factory class for {@link Enclave}. + * <p> + * TEE is an abstract concept, it contains many kinds of confidential compute technology. + * From hardware's point, there are Intel's SGX/TDX, Arm's TrustZone and so on. + * From software's point, there are SGX-SDK, OpenEnclave, TeeSDK and so on. + * JavaEnclave is committed to make java enclave development easy and efficient. + * <p> + * Java developer don't need to care too much about enclave's underlying technology stack. + * And JavaEnclave will help java programmer develop a java enclave service as the same as + * a common java service. + * <pre> + * try { + * Enclave enclave = EnclaveFactory.create(); + * ... ... ... + * ... ... ... + * ... ... ... + * } catch (EnclaveCreatingException e) { + * // exception handle. + * } + * </pre> + */ +public final class EnclaveFactory { + /** + * TeeSDK type enclave will be created by default. + * + * @return An enclave instance. + * @throws EnclaveCreatingException {@link EnclaveCreatingException} If underlying c/c++ enclave + * create failed. + */ + public static Enclave create() throws EnclaveCreatingException { + return null; + } + + /** + * @param type explicitly indicate which type of enclave will be created. + * @return An enclave instance. + * @throws EnclaveCreatingException {@link EnclaveCreatingException} If underlying c/c++ enclave + * create failed. + */ + public static Enclave create(EnclaveType type) throws EnclaveCreatingException { + return null; + } +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java new file mode 100644 index 0000000..8e7f098 --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java @@ -0,0 +1,26 @@ +package com.alibaba.confidentialcomputing.host; + +/** + * An enumeration of enclave type. + * JavaEnclave supports three kinds of enclave, they are mock_jvm、mock_svm and tee_sdk. + */ +public enum EnclaveType { + NONE, + /** + * A mock enclave environment, both host and enclave application run in the same + * jvm environment, enclave services were discovered and loaded by SPI in host. + */ + MOCK_IN_JVM, + /** + * A mock enclave environment, enclave application was compiled to machine code + * by graalvm svm compiler, host application runs in jvm environment, and enclave + * package was loaded by host. + */ + MOCK_IN_SVM, + /** + * An enclave based on Intel's SGX2, with Alibaba Cloud's TEESdk. Enclave application + * was compiled to machine code and lint together with TEESdk's underlying libs, + * host application runs in jvm environment, and enclave package were loaded by host. + */ + TEE_SDK, +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java new file mode 100644 index 0000000..3bedccf --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java @@ -0,0 +1,23 @@ +package com.alibaba.confidentialcomputing.host.exception; + +/** + * ConfidentialComputingException {@link ConfidentialComputingException} is base exception in + * JavaEnclave's host. All exceptions thrown in JavaEnclave host will inherit this + * base exception. + * Programmers need to handle ConfidentialComputingException seriously. + */ +public class ConfidentialComputingException extends Exception { + /** + * @param info exception information. + */ + public ConfidentialComputingException(String info) { + super(info); + } + + /** + * @param e exception. + */ + public ConfidentialComputingException(Throwable e) { + super(e); + } +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java new file mode 100644 index 0000000..82cda63 --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java @@ -0,0 +1,22 @@ +package com.alibaba.confidentialcomputing.host.exception; + +/** + * EnclaveCreatingException {@link EnclaveCreatingException} is thrown when exception happen + * during an enclave was creating. + * Programmers need to handle EnclaveCreatingException seriously. + */ +public class EnclaveCreatingException extends ConfidentialComputingException { + /** + * @param info exception information. + */ + public EnclaveCreatingException(String info) { + super(info); + } + + /** + * @param e exception. + */ + public EnclaveCreatingException(Throwable e) { + super(e); + } +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java new file mode 100644 index 0000000..e83aedf --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java @@ -0,0 +1,22 @@ +package com.alibaba.confidentialcomputing.host.exception; + +/** + * EnclaveDestroyingException {@link EnclaveDestroyingException} is thrown when exception happen + * during an enclave was destroying. + * Programmers need to handle EnclaveDestroyingException seriously. + */ +public class EnclaveDestroyingException extends ConfidentialComputingException { + /** + * @param info exception information. + */ + public EnclaveDestroyingException(String info) { + super(info); + } + + /** + * @param e exception. + */ + public EnclaveDestroyingException(Throwable e) { + super(e); + } +} \ No newline at end of file diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java new file mode 100644 index 0000000..dfb187c --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java @@ -0,0 +1,22 @@ +package com.alibaba.confidentialcomputing.host.exception; + +/** + * ServicesLoadingException {@link ServicesLoadingException} is thrown when exception happen + * during an enclave's service was loading. + * Programmers need to handle ServicesLoadingException seriously. + */ +public class ServicesLoadingException extends ConfidentialComputingException { + /** + * @param info exception information. + */ + public ServicesLoadingException(String info) { + super(info); + } + + /** + * @param e exception. + */ + public ServicesLoadingException(Throwable e) { + super(e); + } +} \ No newline at end of file diff --git a/sdk/pom.xml b/sdk/pom.xml new file mode 100644 index 0000000..82b4dc3 --- /dev/null +++ b/sdk/pom.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>com.alibaba.confidentialcomputing</groupId> + <artifactId>JavaEnclave</artifactId> + <packaging>pom</packaging> + <version>0.1.0</version> + <name>JavaEnclave</name> + <url></url> + <properties> + <maven.compiler.source>11</maven.compiler.source> + <maven.compiler.target>11</maven.compiler.target> + </properties> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>com.alibaba.confidentialcomputing</groupId> + <artifactId>enclave</artifactId> + <version>0.1.0</version> + </dependency> + <dependency> + <groupId>com.alibaba.confidentialcomputing</groupId> + <artifactId>host</artifactId> + <version>0.1.0</version> + </dependency> + <dependency> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <version>0.8.3</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-engine</artifactId> + <version>5.4.0</version> + <scope>test</scope> + </dependency> + </dependencies> + </dependencyManagement> + <modules> + <module>log</module> + <module>enclave</module> + <module>host</module> + </modules> +</project> \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
