This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 512626203e046a5634c88765c2372b3a66cc5211 Author: jeffery.wsj <[email protected]> AuthorDate: Thu Aug 11 10:31:23 2022 +0800 [sdk] Optimize and refactor JavaEnclave configure mechanism Summary: 1. User does not need to provide a tee configure file. 2. Refactor JavaEnclave configure mechanism. 3. Make tee sdk enclave symbol calling be trackable. 4. Make svm isolate runtime max heap size configurable. Test Plan: all tests pass Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/44123109 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9763704 --- .../src/main/resources/embedded_libos_enclave.json | 11 - .../enclave/src/main/resources/tee_sdk_svm.conf | 12 -- .../benchmark/guomi/common/SMService.java | 6 +- benchmark/guomi/enclave/pom.xml | 3 + .../benchmark/guomi/enclave/SM2ServiceImpl.java | 62 +++--- .../benchmark/guomi/enclave/SM3ServiceImpl.java | 2 +- .../benchmark/guomi/enclave/SM4ServiceImpl.java | 6 +- .../benchmark/guomi/enclave/SMServiceImpl.java | 24 ++- .../src/main/resources/embedded_libos_enclave.json | 11 - .../src/main/resources/java_enclave_configure.json | 8 + .../benchmark/guomi/host/GuoMiBenchMark.java | 183 +++++++--------- benchmark/guomi/run.sh | 2 +- .../string/common/StringOperationMetric.java | 6 +- benchmark/string/enclave/pom.xml | 3 + .../string/enclave/StringOperationMetricImpl.java | 27 +-- .../src/main/resources/embedded_libos_enclave.json | 11 - .../src/main/resources/java_enclave_configure.json | 8 + .../enclave/src/main/resources/tee_sdk_svm.conf | 12 -- .../benchmark/string/host/StringBenchMark.java | 186 +++++++--------- benchmark/string/run.sh | 2 +- .../src/main/resources/embedded_libos_enclave.json | 11 - .../enclave/src/main/resources/tee_sdk_svm.conf | 12 -- samples/helloworld/run.sh | 2 +- .../src/main/resources/embedded_libos_enclave.json | 11 - .../enclave/src/main/resources/tee_sdk_svm.conf | 12 -- samples/springboot/run.sh | 2 +- .../platform/tee_sdk_svm/edge_routines/sgx_mmap.c | 5 +- .../tee_sdk_svm/edge_routines/tee_sdk_symbol.c | 2 + .../tee_sdk_svm/edge_routines/tee_sdk_symbol.h | 6 +- .../cpp/platform/tee_sdk_svm/wrapper/Makefile | 2 +- .../platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c | 10 +- sdk/host/docs/Configuration.md | 55 +++++ .../host/EmbeddedLibOSEnclave.java | 54 ++--- .../host/EmbeddedLibOSEnclaveConfig.java | 124 ----------- .../host/EmbeddedLibOSEnclaveConfigure.java | 151 +++++++++++++ .../host/EnclaveConfigure.java | 233 ++++++++++++--------- .../confidentialcomputing/host/EnclaveFactory.java | 49 ++++- .../confidentialcomputing/host/ExtractLibrary.java | 13 ++ .../confidentialcomputing/host/MetricTrace.java | 29 ++- .../host/MockInSvmEnclave.java | 32 ++- .../host/MockInSvmEnclaveConfigure.java | 39 ++++ .../confidentialcomputing/host/TeeSdkEnclave.java | 49 +++-- .../host/TeeSdkEnclaveConfig.java | 66 ------ .../host/TeeSdkEnclaveConfigure.java | 74 +++++++ .../libos_occlum_enclave/jni/jni_occlum_enclave.c | 4 +- .../libos_occlum_enclave/jni/jni_occlum_enclave.h | 4 +- .../cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c | 21 +- .../cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h | 4 +- .../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c | 10 +- .../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h | 4 +- .../platform/tee_sdk_svm/edl/tee_sdk_enclave.edl | 2 +- sdk/native/config/template/Occlum.json | 74 +++++++ .../native/config/template/TeeSDK.conf | 4 +- .../config/template/java_enclave_configure.json | 8 + sdk/native/include/enc_exported_symbol.h | 2 + sdk/native/script/build_app/Makefile | 7 +- .../script/build_app/create_tee_sdk_configure.sh | 17 ++ .../script/build_app/libos_occlum_enclave_build.sh | 31 ++- .../test/common/ConcurrencyCalculate.java | 2 + .../test/enclave/ConcurrencyCalculateImpl.java | 14 ++ .../src/main/resources/embedded_libos_enclave.json | 11 - test/enclave/src/main/resources/tee_sdk_svm.conf | 12 -- test/host/pom.xml | 3 + .../test/host/TestEnclaveConcurrency.java | 42 ++++ .../test/host/TestEnclaveInfo.java | 8 +- .../test/host/TestEnclaveInfoMXBean.java | 15 +- 66 files changed, 1105 insertions(+), 822 deletions(-) diff --git a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json b/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index add95b2..0000000 --- a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": true, - "agent_http_handler_thread_pool_size": 6, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 48, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf b/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf deleted file mode 100644 index b52a2e9..0000000 --- a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf +++ /dev/null @@ -1,12 +0,0 @@ -<!-- Please refer to User's Guide for the explanation of each field --> -<EnclaveConfiguration> - <ProdID>0</ProdID> - <ISVSVN>0</ISVSVN> - <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x6000000</HeapMaxSize> - <TCSNum>10</TCSNum> - <TCSPolicy>1</TCSPolicy> - <DisableDebug>0</DisableDebug> - <MiscSelect>0</MiscSelect> - <MiscMask>0xFFFFFFFF</MiscMask> -</EnclaveConfiguration> \ No newline at end of file diff --git a/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java b/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java index 858123c..543ab6a 100644 --- a/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java +++ b/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java @@ -4,7 +4,7 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService; @EnclaveService public interface SMService { - String sm2Service(String plaintext) throws Exception; - byte[] sm3Service(String plainText) throws Exception; - String sm4Service(String plaintext) throws Exception; + String sm2Service(String plaintext, int weight) throws Exception; + byte[] sm3Service(String plainText, int weight) throws Exception; + String sm4Service(String plaintext, int weight) throws Exception; } diff --git a/benchmark/guomi/enclave/pom.xml b/benchmark/guomi/enclave/pom.xml index aac6171..a32b00e 100644 --- a/benchmark/guomi/enclave/pom.xml +++ b/benchmark/guomi/enclave/pom.xml @@ -49,6 +49,8 @@ <buildArgs> <buildArg>--shared</buildArg> <buildArg>--no-fallback</buildArg> + <buildArg>-R:MaxHeapSize=2g</buildArg> + <buildArg>-H:-AllowVMInternalThreads</buildArg> <buildArg>-H:Path=svm-output</buildArg> </buildArgs> </configuration> @@ -64,6 +66,7 @@ <buildArgs> <buildArg>--shared</buildArg> <buildArg>--no-fallback</buildArg> + <buildArg>-R:MaxHeapSize=2g</buildArg> <buildArg>-H:-AllowVMInternalThreads</buildArg> <buildArg>-H:+RunInEnclave</buildArg> <buildArg>-H:Path=svm-output</buildArg> diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java index 1bfb4dc..613647e 100644 --- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java +++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java @@ -19,10 +19,11 @@ import java.util.Base64; class SM2ServiceImpl { private static BouncyCastleProvider provider; - private static ECParameterSpec ecParameterSpec; private static KeyFactory keyFactory; - private static String publicKey; - private static String privateKey; + + private ECParameterSpec ecParameterSpec; + private String publicKey; + private String privateKey; static { try { @@ -30,16 +31,19 @@ class SM2ServiceImpl { if (provider == null) { provider = new BouncyCastleProvider(); } - X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1"); - ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()); keyFactory = KeyFactory.getInstance("EC", provider); - generateSm2KeyPair(); } catch (Exception e) { e.printStackTrace(); } } - private static void generateSm2KeyPair() throws Exception { + public SM2ServiceImpl() throws Exception { + X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1"); + ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()); + generateSm2KeyPair(); + } + + private void generateSm2KeyPair() throws Exception { final ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1"); final KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider); SecureRandom random = new SecureRandom(); @@ -47,37 +51,27 @@ class SM2ServiceImpl { KeyPair keyPair = kpg.generateKeyPair(); BCECPrivateKey priKey = (BCECPrivateKey) keyPair.getPrivate(); BCECPublicKey pubKey = (BCECPublicKey) keyPair.getPublic(); - publicKey = new String(Hex.encode(pubKey.getQ().getEncoded(true))); - privateKey = priKey.getD().toString(16); + this.publicKey = new String(Hex.encode(pubKey.getQ().getEncoded(true))); + this.privateKey = priKey.getD().toString(16); } - private String encode(String input, String pubKey) { - try { - X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1"); - ECParameterSpec ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()); - ECPoint ecPoint = parameters.getCurve().decodePoint(Hex.decode(pubKey)); - KeyFactory keyFactory = KeyFactory.getInstance("EC", provider); - BCECPublicKey key = (BCECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ecPoint, ecParameterSpec)); - Cipher cipher = Cipher.getInstance("SM2", provider); - cipher.init(Cipher.ENCRYPT_MODE, key); - return Base64.getEncoder().encodeToString(cipher.doFinal(input.getBytes())); - } catch (Exception e) { - e.printStackTrace(); - } - return null; + private String encode(String input, String pubKey) throws Exception { + X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1"); + ECParameterSpec ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()); + ECPoint ecPoint = parameters.getCurve().decodePoint(Hex.decode(pubKey)); + KeyFactory keyFactory = KeyFactory.getInstance("EC", provider); + BCECPublicKey key = (BCECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ecPoint, ecParameterSpec)); + Cipher cipher = Cipher.getInstance("SM2", provider); + cipher.init(Cipher.ENCRYPT_MODE, key); + return Base64.getEncoder().encodeToString(cipher.doFinal(input.getBytes())); } - private byte[] decoder(String input, String prvKey) { - try { - Cipher cipher = Cipher.getInstance("SM2", provider); - BigInteger bigInteger = new BigInteger(prvKey, 16); - BCECPrivateKey privateKey = (BCECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(bigInteger, ecParameterSpec)); - cipher.init(Cipher.DECRYPT_MODE, privateKey); - return cipher.doFinal(Base64.getDecoder().decode(input)); - } catch (Exception e) { - e.printStackTrace(); - } - return null; + private byte[] decoder(String input, String prvKey) throws Exception { + Cipher cipher = Cipher.getInstance("SM2", provider); + BigInteger bigInteger = new BigInteger(prvKey, 16); + BCECPrivateKey privateKey = (BCECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(bigInteger, ecParameterSpec)); + cipher.init(Cipher.DECRYPT_MODE, privateKey); + return cipher.doFinal(Base64.getDecoder().decode(input)); } String sm2Service(String plaintext) throws Exception { diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java index e4e64a5..c74738a 100644 --- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java +++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java @@ -4,7 +4,7 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SM3Digest; class SM3ServiceImpl { - static byte[] sm3Service(String plainText) throws Exception { + byte[] sm3Service(String plainText) throws Exception { byte[] messages = plainText.getBytes(); Digest md = new SM3Digest(); md.update(messages, 0, messages.length); diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java index 0d13810..8bfcb78 100644 --- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java +++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java @@ -12,9 +12,9 @@ import java.security.SecureRandom; import java.security.Security; public class SM4ServiceImpl { - private static final String ALGORITHM_NAME = "SM4"; - private static final String ALGORITHM_ECB_PKCS5PADDING = "SM4/ECB/PKCS5Padding"; - private static final int DEFAULT_KEY_SIZE = 128; + private final String ALGORITHM_NAME = "SM4"; + private final String ALGORITHM_ECB_PKCS5PADDING = "SM4/ECB/PKCS5Padding"; + private final int DEFAULT_KEY_SIZE = 128; static { Provider provider = Security.getProvider("BC"); diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java index 4f46345..80f3588 100644 --- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java +++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java @@ -7,17 +7,29 @@ import com.google.auto.service.AutoService; public class SMServiceImpl implements SMService { @Override - public String sm2Service(String plaintext) throws Exception { - return new SM2ServiceImpl().sm2Service(plaintext); + public String sm2Service(String plaintext, int weight) throws Exception { + String result = null; + for (int i = 0x0; i < weight; i++) { + result = new SM2ServiceImpl().sm2Service(plaintext); + } + return result; } @Override - public byte[] sm3Service(String plainText) throws Exception { - return SM3ServiceImpl.sm3Service(plainText); + public byte[] sm3Service(String plainText, int weight) throws Exception { + byte[] result = null; + for (int i = 0x0; i < weight; i++) { + result = new SM3ServiceImpl().sm3Service(plainText); + } + return result; } @Override - public String sm4Service(String plaintext) throws Exception { - return new SM4ServiceImpl().sm4Service(plaintext); + public String sm4Service(String plaintext, int weight) throws Exception { + String result = null; + for (int i = 0x0; i < weight; i++) { + result = new SM4ServiceImpl().sm4Service(plaintext); + } + return result; } } diff --git a/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json b/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index add95b2..0000000 --- a/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": true, - "agent_http_handler_thread_pool_size": 6, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 48, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json b/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json new file mode 100644 index 0000000..32c48ff --- /dev/null +++ b/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json @@ -0,0 +1,8 @@ +{ + "debuggable": false, + "enclave_type": "TEE_SDK", + "metric_trace_enable": false, + "metric_trace_file_path": "", + "enclave_max_thread": 50, + "enclave_max_epc_memory_size_MB": 2500 +} \ No newline at end of file diff --git a/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java b/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java index a5ecc29..cbc048c 100644 --- a/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java +++ b/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java @@ -15,135 +15,106 @@ import java.util.concurrent.TimeUnit; @BenchmarkMode(Mode.AverageTime) @Warmup(iterations = 3, time = 1) -@Measurement(iterations = 5, time = 2) -@Threads(8) +@Measurement(iterations = 4, time = 1) +@Threads(4) @Fork(1) -@State(value = Scope.Benchmark) +@State(value = Scope.Thread) @OutputTimeUnit(TimeUnit.MILLISECONDS) public class GuoMiBenchMark { - - @State(Scope.Benchmark) - public static class MockJVMEnclave { - private Enclave enclave = null; - private SMService service = null; - - @Setup(Level.Trial) + private int sm2Weight = 10; + private int sm3Weight = 20_000; + private int sm4Weight = 300; + + private String sm2Context = "[email protected]"; + private String sm3Context = "Hello World!"; + private String sm4Context = "word1, word2 word3@word4?word5.word6"; + + @Param(value = {"MOCK_IN_JVM", "MOCK_IN_SVM", "TEE_SDK", "EMBEDDED_LIB_OS"}) + private String enclaveServiceInstance; + @Param(value = {"SM2", "SM3", "SM4"}) + private String smAlgo; + + @State(Scope.Thread) + public static class EnclaveBenchmark { + private Enclave mockJVMEnclave = null; + private SMService mockJVMService = null; + private Enclave mockSVMEnclave = null; + private SMService mockSVMService = null; + private Enclave teeSDKEnclave = null; + private SMService teeSDKService = null; + private Enclave embeddedLibOSEnclave = null; + private SMService embeddedLibOSService = null; + + @Setup public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM); - service = enclave.load(SMService.class).next(); + mockJVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM); + mockJVMService = mockJVMEnclave.load(SMService.class).next(); + mockSVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM); + mockSVMService = mockSVMEnclave.load(SMService.class).next(); + teeSDKEnclave = EnclaveFactory.create(EnclaveType.TEE_SDK); + teeSDKService = teeSDKEnclave.load(SMService.class).next(); + embeddedLibOSEnclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS); + embeddedLibOSService = embeddedLibOSEnclave.load(SMService.class).next(); } - public SMService getServiceInstance() { - return this.service; + @TearDown + public void destroyEnclave() throws Exception { + mockJVMEnclave.destroy(); + mockSVMEnclave.destroy(); + teeSDKEnclave.destroy(); + embeddedLibOSEnclave.destroy(); } - } - @State(Scope.Benchmark) - public static class MockSVMEnclave { - private Enclave enclave = null; - private SMService service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM); - service = enclave.load(SMService.class).next(); + public SMService getMockJVMServiceInstance() { + return mockJVMService; } - public SMService getServiceInstance() { - return this.service; + public SMService getMockSVMServiceInstance() { + return mockSVMService; } - } - @State(Scope.Benchmark) - public static class TeeSDKEnclave { - private Enclave enclave = null; - private SMService service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.TEE_SDK); - service = enclave.load(SMService.class).next(); + public SMService getTeeSDKServiceInstance() { + return teeSDKService; } - public SMService getServiceInstance() { - return this.service; + public SMService getEmbeddedLibOSServiceInstance() { + return embeddedLibOSService; } } - @State(Scope.Benchmark) - public static class EmbeddedLibOSEnclave { - private Enclave enclave = null; - private SMService service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS); - service = enclave.load(SMService.class).next(); + private void smBenchmarkImpl(EnclaveBenchmark enclave, String serviceName, String smAlgo) throws Exception { + SMService service = null; + switch (serviceName) { + case "MOCK_IN_JVM": + service = enclave.getMockJVMServiceInstance(); + break; + case "MOCK_IN_SVM": + service = enclave.getMockSVMServiceInstance(); + break; + case "TEE_SDK": + service = enclave.getTeeSDKServiceInstance(); + break; + case "EMBEDDED_LIB_OS": + service = enclave.getEmbeddedLibOSServiceInstance(); + break; } - public SMService getServiceInstance() { - return this.service; + switch (smAlgo) { + case "SM2": + service.sm2Service(sm2Context, sm2Weight); + break; + case "SM3": + service.sm3Service(sm3Context, sm3Weight); + break; + case "SM4": + service.sm4Service(sm4Context, sm4Weight); + break; } } @Benchmark - public void sm2TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception { - enclave.getServiceInstance().sm2Service("[email protected]"); - } - - @Benchmark - public void sm2MockJVMBenchMark(MockJVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm2Service("[email protected]"); - } - - @Benchmark - public void sm2MockSVMBenchMark(MockSVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm2Service("[email protected]"); - } - - @Benchmark - public void sm2EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception { - enclave.getServiceInstance().sm2Service("[email protected]"); - } - - @Benchmark - public void sm3MockJVMBenchMark(MockJVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm3Service("Hello World!"); - } - - @Benchmark - public void sm3MockSVMBenchMark(MockSVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm3Service("Hello World!"); - } - - @Benchmark - public void sm3TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception { - enclave.getServiceInstance().sm3Service("Hello World!"); - } - - @Benchmark - public void sm3EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception { - enclave.getServiceInstance().sm3Service("Hello World!"); - } - - @Benchmark - public void sm4MockJVMBenchMark(MockJVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6"); - } - - @Benchmark - public void sm4MockSVMBenchMark(MockSVMEnclave enclave) throws Exception { - enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6"); - } - - @Benchmark - public void sm4TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception { - enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6"); - } - - @Benchmark - public void sm4EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception { - enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6"); + public void smBenchMark(EnclaveBenchmark enclave) throws Exception { + smBenchmarkImpl(enclave, enclaveServiceInstance, smAlgo); } public static void main(String[] args) throws RunnerException { diff --git a/benchmark/guomi/run.sh b/benchmark/guomi/run.sh index 7f5894e..6fab631 100755 --- a/benchmark/guomi/run.sh +++ b/benchmark/guomi/run.sh @@ -2,4 +2,4 @@ mvn --settings /root/tools/settings.xml -Pnative clean package -java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.guomi.host.GuoMiBenchMark +OCCLUM_RELEASE_ENCLAVE=true java -Dcom.alibaba.enclave.metric.enable=false -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.guomi.host.GuoMiBenchMark diff --git a/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java b/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java index c0edbb0..6ced321 100644 --- a/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java +++ b/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java @@ -4,7 +4,7 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService; @EnclaveService public interface StringOperationMetric { - boolean stringRegex(String source, String pattern, int iterator); - String stringConcat(String source, String split, int iterator); - String[] stringSplit(String source, String concat, int iterator); + boolean stringRegex(String source, String pattern, int weight); + String stringConcat(String source, String split, int weight); + String[] stringSplit(String source, String concat, int weight); } diff --git a/benchmark/string/enclave/pom.xml b/benchmark/string/enclave/pom.xml index 01a79e0..97aadaf 100644 --- a/benchmark/string/enclave/pom.xml +++ b/benchmark/string/enclave/pom.xml @@ -49,6 +49,8 @@ <buildArgs> <buildArg>--shared</buildArg> <buildArg>--no-fallback</buildArg> + <buildArg>-R:MaxHeapSize=1500m</buildArg> + <buildArg>-H:-AllowVMInternalThreads</buildArg> <buildArg>-H:Path=svm-output</buildArg> </buildArgs> </configuration> @@ -65,6 +67,7 @@ <buildArg>--shared</buildArg> <buildArg>-R:-PrintGC</buildArg> <buildArg>--no-fallback</buildArg> + <buildArg>-R:MaxHeapSize=1500m</buildArg> <buildArg>-H:-AllowVMInternalThreads</buildArg> <buildArg>-H:+RunInEnclave</buildArg> <buildArg>-H:Path=svm-output</buildArg> diff --git a/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java b/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java index c17df7a..f27f974 100644 --- a/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java +++ b/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java @@ -7,38 +7,31 @@ import java.util.regex.Pattern; @AutoService(StringOperationMetric.class) public class StringOperationMetricImpl implements StringOperationMetric { - private final long INNER_MAX_ITERATOR = 50; @Override - public String stringConcat(String source, String concat, int iterator) { + public String stringConcat(String source, String concat, int weight) { String result = null; - for (int i = 0x0; i < iterator; i++) { - for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) { - result = source.concat(concat).toLowerCase().trim().replace('a', 'b'); - } + for (int i = 0x0; i < weight; i++) { + result = source.concat(concat).toLowerCase().trim().replace('a', 'b'); } return result; } @Override - public boolean stringRegex(String source, String pattern, int iterator) { + public boolean stringRegex(String source, String pattern, int weight) { boolean matched = false; - for (int i = 0x0; i < iterator; i++) { - for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) { - Pattern p = Pattern.compile(pattern); - matched = p.matcher(source).matches(); - } + for (int i = 0x0; i < weight; i++) { + Pattern p = Pattern.compile(pattern); + matched = p.matcher(source).matches(); } return matched; } @Override - public String[] stringSplit(String source, String split, int iterator) { + public String[] stringSplit(String source, String split, int weight) { String[] result = null; - for (int i = 0x0; i < iterator; i++) { - for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) { - result = source.split(split); - } + for (int i = 0x0; i < weight; i++) { + result = source.split(split); } return result; } diff --git a/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json b/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index add95b2..0000000 --- a/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": true, - "agent_http_handler_thread_pool_size": 6, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 48, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/benchmark/string/enclave/src/main/resources/java_enclave_configure.json b/benchmark/string/enclave/src/main/resources/java_enclave_configure.json new file mode 100644 index 0000000..2d2d54a --- /dev/null +++ b/benchmark/string/enclave/src/main/resources/java_enclave_configure.json @@ -0,0 +1,8 @@ +{ + "debuggable": false, + "enclave_type": "TEE_SDK", + "metric_trace_enable": false, + "metric_trace_file_path": "", + "enclave_max_thread": 50, + "enclave_max_epc_memory_size_MB": 2000 +} \ No newline at end of file diff --git a/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf b/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf deleted file mode 100644 index 6e39049..0000000 --- a/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf +++ /dev/null @@ -1,12 +0,0 @@ -<!-- Please refer to User's Guide for the explanation of each field --> -<EnclaveConfiguration> - <ProdID>0</ProdID> - <ISVSVN>0</ISVSVN> - <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x30000000</HeapMaxSize> - <TCSNum>10</TCSNum> - <TCSPolicy>1</TCSPolicy> - <DisableDebug>0</DisableDebug> - <MiscSelect>0</MiscSelect> - <MiscMask>0xFFFFFFFF</MiscMask> -</EnclaveConfiguration> \ No newline at end of file diff --git a/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java b/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java index 8455724..f035f9b 100644 --- a/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java +++ b/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java @@ -16,136 +16,108 @@ import java.util.concurrent.TimeUnit; @BenchmarkMode(Mode.AverageTime) @Warmup(iterations = 3, time = 1) @Measurement(iterations = 4, time = 2) -@Threads(8) +@Threads(4) @Fork(1) -@State(value = Scope.Benchmark) +@State(value = Scope.Thread) @OutputTimeUnit(TimeUnit.MILLISECONDS) public class StringBenchMark { - @Param(value = {"5"}) - private int iterator; - - @State(Scope.Benchmark) - public static class MockJVMEnclave { - private Enclave enclave = null; - private StringOperationMetric service = null; - - @Setup(Level.Trial) + private int regexWeight = 5000; + private int concatWeight = 50_000; + private int splitWeight = 5000; + + @Param(value = {"MOCK_IN_JVM", "MOCK_IN_SVM", "TEE_SDK", "EMBEDDED_LIB_OS"}) + private String enclaveServiceInstance; + @Param(value = {"regex", "concat", "split"}) + private String stringOpt; + + private String regexContext = "[email protected]"; + private String regexPattern = "^[\\w._]+@\\w+\\.[a-zA-Z]+$"; + private String concatContext = "Hello World!"; + private String concatPattern = "abc"; + private String splitContext = "word1, word2 word3@word4?word5.word6"; + private String splitPattern = "[, ?.@]+"; + + @State(Scope.Thread) + public static class EnclaveBenchmark { + private Enclave mockJVMEnclave = null; + private StringOperationMetric mockJVMService = null; + private Enclave mockSVMEnclave = null; + private StringOperationMetric mockSVMService = null; + private Enclave teeSDKEnclave = null; + private StringOperationMetric teeSDKService = null; + private Enclave embeddedLibOSEnclave = null; + private StringOperationMetric embeddedLibOSService = null; + + @Setup public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM); - service = enclave.load(StringOperationMetric.class).next(); + mockJVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM); + mockJVMService = mockJVMEnclave.load(StringOperationMetric.class).next(); + mockSVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM); + mockSVMService = mockSVMEnclave.load(StringOperationMetric.class).next(); + teeSDKEnclave = EnclaveFactory.create(EnclaveType.TEE_SDK); + teeSDKService = teeSDKEnclave.load(StringOperationMetric.class).next(); + embeddedLibOSEnclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS); + embeddedLibOSService = embeddedLibOSEnclave.load(StringOperationMetric.class).next(); } - public StringOperationMetric getServiceInstance() { - return this.service; + @TearDown + public void destroyEnclave() throws Exception { + mockJVMEnclave.destroy(); + mockSVMEnclave.destroy(); + teeSDKEnclave.destroy(); + embeddedLibOSEnclave.destroy(); } - } - @State(Scope.Benchmark) - public static class MockSVMEnclave { - private Enclave enclave = null; - private StringOperationMetric service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM); - service = enclave.load(StringOperationMetric.class).next(); + public StringOperationMetric getMockJVMServiceInstance() { + return mockJVMService; } - public StringOperationMetric getServiceInstance() { - return this.service; + public StringOperationMetric getMockSVMServiceInstance() { + return mockSVMService; } - } - @State(Scope.Benchmark) - public static class TeeSDKEnclave { - private Enclave enclave = null; - private StringOperationMetric service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.TEE_SDK); - service = enclave.load(StringOperationMetric.class).next(); + public StringOperationMetric getTeeSDKServiceInstance() { + return teeSDKService; } - public StringOperationMetric getServiceInstance() { - return this.service; + public StringOperationMetric getEmbeddedLibOSServiceInstance() { + return embeddedLibOSService; } } - @State(Scope.Benchmark) - public static class EmbeddedLibOSEnclave { - private Enclave enclave = null; - private StringOperationMetric service = null; - - @Setup(Level.Trial) - public void createEnclave() throws Exception { - enclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS); - service = enclave.load(StringOperationMetric.class).next(); + private void stringBenchMarkImpl(EnclaveBenchmark enclave, String enclaveServiceInstance, String stringOpt) { + StringOperationMetric service = null; + switch (enclaveServiceInstance) { + case "MOCK_IN_JVM": + service = enclave.getMockJVMServiceInstance(); + break; + case "MOCK_IN_SVM": + service = enclave.getMockSVMServiceInstance(); + break; + case "TEE_SDK": + service = enclave.getTeeSDKServiceInstance(); + break; + case "EMBEDDED_LIB_OS": + service = enclave.getEmbeddedLibOSServiceInstance(); + break; } - public StringOperationMetric getServiceInstance() { - return this.service; + switch (stringOpt) { + case "regex": + service.stringRegex(regexContext, regexPattern, regexWeight); + break; + case "concat": + service.stringConcat(concatContext, concatPattern, concatWeight); + break; + case "split": + service.stringSplit(splitContext, splitPattern, splitWeight); + break; } } @Benchmark - public void stringRegexMockJVMBenchMark(MockJVMEnclave enclave) { - enclave.getServiceInstance().stringRegex("[email protected]", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator); - } - - @Benchmark - public void stringRegexMockSVMBenchMark(MockSVMEnclave enclave) { - enclave.getServiceInstance().stringRegex("[email protected]", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator); - } - - @Benchmark - public void stringRegexTeeSDKBenchMark(TeeSDKEnclave enclave) { - enclave.getServiceInstance().stringRegex("[email protected]", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator); - } - - @Benchmark - public void stringRegexEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) { - enclave.getServiceInstance().stringRegex("[email protected]", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator); - } - - @Benchmark - public void stringConcatMockJVMBenchMark(MockJVMEnclave enclave) { - enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator); - } - - @Benchmark - public void stringConcatMockSVMBenchMark(MockSVMEnclave enclave) { - enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator); - } - - @Benchmark - public void stringConcatTeeSDKBenchMark(TeeSDKEnclave enclave) { - enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator); - } - - @Benchmark - public void stringConcatEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) { - enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator); - } - - @Benchmark - public void stringSplitMockJVMBenchMark(MockJVMEnclave enclave) { - enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator); - } - - @Benchmark - public void stringSplitMockSVMBenchMark(MockSVMEnclave enclave) { - enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator); - } - - @Benchmark - public void stringSplitTeeSDKBenchMark(TeeSDKEnclave enclave) { - enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator); - } - - @Benchmark - public void stringSplitEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) { - enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator); + public void stringBenchMark(EnclaveBenchmark enclave) { + stringBenchMarkImpl(enclave, enclaveServiceInstance, stringOpt); } public static void main(String[] args) throws RunnerException { diff --git a/benchmark/string/run.sh b/benchmark/string/run.sh index 346419d..3423a71 100755 --- a/benchmark/string/run.sh +++ b/benchmark/string/run.sh @@ -2,4 +2,4 @@ mvn --settings /root/tools/settings.xml -Pnative clean package -java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.string.host.StringBenchMark +OCCLUM_RELEASE_ENCLAVE=true java -Dcom.alibaba.enclave.metric.enable=false -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.string.host.StringBenchMark diff --git a/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json b/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index add95b2..0000000 --- a/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": true, - "agent_http_handler_thread_pool_size": 6, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 48, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf b/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf deleted file mode 100644 index b52a2e9..0000000 --- a/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf +++ /dev/null @@ -1,12 +0,0 @@ -<!-- Please refer to User's Guide for the explanation of each field --> -<EnclaveConfiguration> - <ProdID>0</ProdID> - <ISVSVN>0</ISVSVN> - <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x6000000</HeapMaxSize> - <TCSNum>10</TCSNum> - <TCSPolicy>1</TCSPolicy> - <DisableDebug>0</DisableDebug> - <MiscSelect>0</MiscSelect> - <MiscMask>0xFFFFFFFF</MiscMask> -</EnclaveConfiguration> \ No newline at end of file diff --git a/samples/helloworld/run.sh b/samples/helloworld/run.sh index dc29e4b..1d11d21 100755 --- a/samples/helloworld/run.sh +++ b/samples/helloworld/run.sh @@ -2,4 +2,4 @@ mvn --settings /root/tools/settings.xml -Pnative clean package -java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.samples.helloworld.host.Main +OCCLUM_RELEASE_ENCLAVE=true java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.samples.helloworld.host.Main diff --git a/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json b/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index add95b2..0000000 --- a/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": true, - "agent_http_handler_thread_pool_size": 6, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 48, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf b/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf deleted file mode 100644 index 5ff1791..0000000 --- a/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf +++ /dev/null @@ -1,12 +0,0 @@ -<!-- Please refer to User's Guide for the explanation of each field --> -<EnclaveConfiguration> - <ProdID>0</ProdID> - <ISVSVN>0</ISVSVN> - <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x60000000</HeapMaxSize> - <TCSNum>10</TCSNum> - <TCSPolicy>1</TCSPolicy> - <DisableDebug>0</DisableDebug> - <MiscSelect>0</MiscSelect> - <MiscMask>0xFFFFFFFF</MiscMask> -</EnclaveConfiguration> \ No newline at end of file diff --git a/samples/springboot/run.sh b/samples/springboot/run.sh index b8034ae..f77e13e 100755 --- a/samples/springboot/run.sh +++ b/samples/springboot/run.sh @@ -4,7 +4,7 @@ mvn --settings /root/tools/settings.xml -Pnative clean package # step2: startup springboot application service. -java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.samples.springboot.host.Application & +OCCLUM_RELEASE_ENCLAVE=true java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.samples.springboot.host.Application & sleep 5 # shellcheck disable=SC2006 # shellcheck disable=SC2009 diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c index 8ed5c23..7618017 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c @@ -40,14 +40,15 @@ void* mmap(void *hint, int size, int prot, int flags) { } else if (flags == 0x32) { ptr = hint; } else { - // printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); + if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); ASSERT(); } - // printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); + if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); return ptr; } int munmap(void *addr, int size) { TRACE_SYMBOL_CALL(); + if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: unmmap operation in tee sdk enclave: addr is: %p, size is: %d\n", addr, size); return _munmap(addr, size); } \ No newline at end of file diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c index d5e7ce8..a3e5b61 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c @@ -1,6 +1,8 @@ #include "tee_sdk_enclave_t.h" #include "tee_sdk_symbol.h" +int enable_trace_symbol_calling = 0x0; + void __fxstat() {TRACE_SYMBOL_CALL(); ASSERT();} void __fxstat64() {TRACE_SYMBOL_CALL(); ASSERT();} void __isnan() {TRACE_SYMBOL_CALL(); ASSERT();} diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h index 6666808..99d6905 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h @@ -5,9 +5,11 @@ #include <stdio.h> #include <assert.h> -//#define ENABLE_TRACE_SYSCALL +extern int enable_trace_symbol_calling; + +#define ENABLE_TRACE_SYSCALL #if defined(ENABLE_TRACE_SYSCALL) -#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__); +#define TRACE_SYMBOL_CALL() if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__); #else #define TRACE_SYMBOL_CALL() #endif diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile index af20bb3..c9a5474 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile @@ -6,7 +6,7 @@ include $(NATIVE_BASE_DIR)/config/platform/tee_sdk_svm/jni/config.mk all: build build: - $(CC) -g -c -I$(INCLUDE) -I$(JAVA_HOME)/lib $(TS_ENCLAVE_INCDIR) $(TS_ENCLAVE_CFLAGS) tee_sdk_wrapper.c \ + $(CC) -g -c -I$(INCLUDE) -I../edge_routines -I$(JAVA_HOME)/lib $(TS_ENCLAVE_INCDIR) $(TS_ENCLAVE_CFLAGS) tee_sdk_wrapper.c \ -o $(BIN)/platform/tee_sdk_svm/tee_sdk_wrapper.o clean: diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c index 6d651ea..b624dd4 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c @@ -8,6 +8,7 @@ #include <enc_environment.h> #include <enc_exported_symbol.h> +#include "tee_sdk_symbol.h" #include "tee_sdk_wrapper.h" typedef int (*enclave_calling_stub)(uint64_t isolate, enc_data_t* input, enc_data_t* output, callbacks_t* callback); @@ -32,12 +33,17 @@ int tee_sdk_random(void* data, long size) { return (int)sgx_read_rand(data, (size_t)size); } -int enclave_svm_isolate_create(void* isolate, void* isolateThread) { +int enclave_svm_isolate_create(void* isolate, void* isolateThread, int flag, char* args) { graal_isolate_t* isolate_t; graal_isolatethread_t* thread_t; // Implicitly set graal_create_isolate_params_t param as NULL. - int ret = graal_create_isolate(NULL, &isolate_t, &thread_t); + enable_trace_symbol_calling = flag; + int argc = 2; + char* parameters[2]; + parameters[0] = NULL; + parameters[1] = args; + int ret = create_isolate_with_params(argc, parameters, &isolate_t, &thread_t); *(uint64_t*)isolate = (uint64_t)isolate_t; *(uint64_t*)isolateThread = (uint64_t)thread_t; return ret; diff --git a/sdk/host/docs/Configuration.md b/sdk/host/docs/Configuration.md new file mode 100644 index 0000000..ef1ddf2 --- /dev/null +++ b/sdk/host/docs/Configuration.md @@ -0,0 +1,55 @@ +# JavaEnclave Configuration Illustration + +## Configure file + +JavaEnclave provides a `java_enclave_configure.json` template file for user to set customized parameters. It provides six parameters: + +| key | value(default) | illustation | +|--------------------------------| ------------ |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| debuggable | false | Allow `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave to be debuggable or not, debuggable mode help to debug. Should make it to be not debuggable when the project is online service for security. | +| enclave_type | TEE_SDK | When creating an enclave instance with method `EnclaveFactory.create()`, TEE_SDK kind of Enclave will be created by default, key `enclave_type` could be one of `MOCK_IN_JVM` `MOCK_IN_SVM` `TEE_SDK` `EMBEDDED_LIB_OS`. | +| metric_trace_enable | false | Enable JavaEnclave performance metric or not. | +| metric_trace_file_path | "" | Customized JavaEnclave metric log file path. JavaEnclave Metric feature could help to measure the cost of every service invocation and service loading/unloading. | +| enclave_max_thread | 50 | The max thread number ecalls into `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave. | +| enclave_max_epc_memory_size_MB | 1500 | The max physical epc memory size in `TEE_SDK`, `EMBEDDED_LIB_OS` Enclave | + +`debuggable`、`enclave_type`、`metric_trace_enable` and `metric_trace_file_path`could also be set by -Dproperty way. But`enclave_max_thread ` and `enclave_max_epc_memory_size_MB `could only be changed or set by java_enclave_configure.json file in enclave submodule's resource dir. + +## Property Configuration Setting + +JavaEnclave provides some customized property setting for different scene. + +| property | value | illustration | +| ------------ | ------------ | ------------ | +| com.alibaba.enclave.type | MOCK_IN_JVMMOCK_IN_SVM/TEE_SDK/EMBEDDED_LIB_OS | same as be described in Configure file | +| com.alibaba.enclave.debuggable | true/false | same as be described in Configure file | +| com.alibaba.enclave.metric.enable | true/false | same as be described in Configure file | +| com.alibaba.enclave.metric.log | customized metric log file path | same as be described in Configure file | + +### MOCK_IN_SVM Enclave Property Configuration Setting + +| property | value | illustration | +|------------------------------------------|-------------|----------------------------------------------| +| com.alibaba.enclave.mockinsvm.maxheap_MB | | gc max heap size(MB) in mock_in_svm enclave. | + +### TEE_SDK Enclave Property Configuration Setting + +| property | value | illustration | +|-----------------------------------------------|-------------|-----------------------------------------------------------------------------------| +| com.alibaba.enclave.teesdk.symbol.trace | true(false) | help to trace undefined symbols invocation in TEE_SDK, default value is unenable. | +| com.alibaba.enclave.teesdk.maxheap_MB | | gc max heap size(MB) in tee sdk enclave. | + + +### EMBEDDED_LIB_OS Enclave Property Configuration Setting + +| property | value | illustration | +|-------------------------------------------------| ------------ | ------------ | +| com.alibaba.enclave.agent.thread.pool.size | 5 | agent http server thread pool size in enclave, default value is 5. | +| com.alibaba.enclave.embedded.startup.timeout_ms | 60000 | the max startup timeout for libos enclave startup, default timeout is 60000ms. | +| com.alibaba.enclave.embedded.keepalive.timeout_s | 300 | enclave agent http long connection keep alive timeout, default timeout is 300s. | +| com.alibaba.enclave.embedded.keepalive.max | 100 | max agent http router, default number is 100. | +| com.alibaba.enclave.embedded.connect.timeout_ms | 1000 | agent http connection timeout, default is 1000ms. | +| com.alibaba.enclave.embedded.read.timeout_ms | 2000 | agent http reading timeout, default is 2000ms. | +| com.alibaba.enclave.embedded.ra.timeout_ms | 10000 | embedded libos remote attestation generation and verification timeout, default is 10000ms. | +| com.alibaba.enclave.embedded.log.level | "off" | enable enclave log or not, default is off. | +| com.alibaba.enclave.embedded.jvm.args | "-Dsun.net.httpserver.nodelay=true, -XX:-UseCompressedOops, -Xmx800m, -Dos.name=Linux" | jvm's startup args in embedded libos enclave. | diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java index 0c6a9c0..867e3c0 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java @@ -15,10 +15,7 @@ import com.alibaba.confidentialcomputing.host.exception.*; * EmbeddedLibOSEnclave object in a process. */ public class EmbeddedLibOSEnclave extends AbstractEnclave { - private static final int HTTP_CONNECT_TIMEOUT_MS = 800; // ms. - private static final int HTTP_READ_TIMEOUT_MS = 2000; // ms. - private static final int HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_MS = HTTP_READ_TIMEOUT_MS * 10; // ms. - private static final String EMBEDDED_LIB_OS_ENCLAVE_STARTUP_THREAD_NAME = "async_lib_os_enclave_startup_thread"; + private static final String EMBEDDED_LIB_OS_ENCLAVE_STARTUP_THREAD_NAME = "lib_os_enclave_agent_thread"; private static final String HTTP_SERVER_PREFIX = "http://localhost:";; private static final String HTTP_SERVER_NAME = "/enclaveAgent"; private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_embedded_lib_os_enclave.so"; @@ -44,9 +41,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { } } - private EmbeddedLibOSEnclave(EnclaveDebug mode, EnclaveSimulate sim) throws EnclaveCreatingException { - // Set EnclaveContext for this enclave instance. - super(EnclaveType.EMBEDDED_LIB_OS, mode, new EnclaveServicesRecycler()); + private void extractNativeResource() throws EnclaveCreatingException { // Extract jni .so and signed tee .so from .jar file. // Only once extract and load operation. if (extractTempPath == null) { @@ -68,7 +63,12 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { } } } + } + private EmbeddedLibOSEnclave(EnclaveDebug mode, EnclaveSimulate sim) throws EnclaveCreatingException { + // Set EnclaveContext for this enclave instance. + super(EnclaveType.EMBEDDED_LIB_OS, mode, new EnclaveServicesRecycler()); + extractNativeResource(); try { portHost = getFreePort(); portEnclave = getFreePort(); @@ -77,15 +77,11 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { // Attach to target enclave service by rmi. attachToEnclaveAgent(mode, sim); // Create enclaveInfo. - boolean isDebuggable = true; - if (EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getDebuggable().getValue() == 0x2) { - isDebuggable = false; - } enclaveInfo = new SGXEnclaveInfo( EnclaveType.EMBEDDED_LIB_OS, - isDebuggable, - EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getMaxEPCHeapSizeBytes(), - EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getMaxNumOfThreads()); + EmbeddedLibOSEnclaveConfigure.getInstance().isEnclaveDebuggable(), + EmbeddedLibOSEnclaveConfigure.getInstance().getMaxEnclaveEPCMemorySizeBytes(), + EmbeddedLibOSEnclaveConfigure.getInstance().getMaxEnclaveThreadNum()); } catch (IOException e) { throw new EnclaveCreatingException(e); } @@ -111,12 +107,8 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { }).submit(() -> { EnclaveCreatingException exception = null; try { - nativeCreateEnclave( - mode.getValue(), - sim.getValue(), - portHost, - portEnclave, - EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance(), + nativeCreateEnclave(mode.getValue(), sim.getValue(), portHost, portEnclave, + EmbeddedLibOSEnclaveConfigure.getInstance(), extractTempPath.getLibOSSignedFilePath()); } catch (EnclaveCreatingException e) { exception = e; @@ -128,7 +120,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { // wait for enclave jvm start up and notify host. private void waitForEnclaveStartup() throws IOException { try (ServerSocket server = new ServerSocket(this.portHost)) { - server.setSoTimeout(EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getEmbeddedLibOSEnclaveStartupDuration()); + server.setSoTimeout(EmbeddedLibOSEnclaveConfigure.getInstance().getEnclaveStartupTimeout()); server.accept(); } } @@ -145,7 +137,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { private static native void registerNatives(); - private native int nativeCreateEnclave(int mode, int sim, int portHost, int portEnclave, EmbeddedLibOSEnclaveConfig config, String path) throws EnclaveCreatingException; + private native int nativeCreateEnclave(int mode, int sim, int portHost, int portEnclave, EmbeddedLibOSEnclaveConfigure config, String path) throws EnclaveCreatingException; private native int nativeDestroyEnclave(long enclaveHandler) throws EnclaveDestroyingException; @@ -153,6 +145,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); conn.setRequestProperty("Connection", "Keep-Alive"); + conn.setRequestProperty( + "Keep-Alive", + "timeout=" + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpKeepAliveTimeout() + ", max=" + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpKeepAliveMax()); conn.setDoOutput(true); conn.setDoInput(true); conn.setConnectTimeout(connectTimeout); @@ -174,7 +169,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { try { SocketEnclaveInvocationContext context = new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.SERVICE_LOADING, new ServiceHandler(service)); - return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_TIMEOUT_MS); + return remoteRequest(SerializationHelper.serialize(context), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpReadTimeout()); } catch (InterruptedException | IOException e) { throw new ServicesLoadingException(e); } @@ -185,7 +182,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { try { SocketEnclaveInvocationContext context = new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.SERVICE_UNLOADING, handler); - return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_TIMEOUT_MS); + return remoteRequest(SerializationHelper.serialize(context), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpReadTimeout()); } catch (InterruptedException | IOException e) { throw new ServicesUnloadingException(e); } @@ -197,7 +196,8 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { SocketEnclaveInvocationContext context = new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.METHOD_INVOCATION, service); // Should not set http timeout parameter in method invoke, the duration is deeply depends on user service. - return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, 0x0); + return remoteRequest(SerializationHelper.serialize(context), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(), 0x0); } catch (InterruptedException | IOException e) { throw new EnclaveMethodInvokingException(e); } @@ -209,7 +209,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave { SocketEnclaveInvocationContext context = new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.REMOTE_ATTESTATION_GENERATE, userData); EnclaveInvocationResult resultWrapper = (EnclaveInvocationResult) SerializationHelper.deserialize( - remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_MS)); + remoteRequest(SerializationHelper.serialize(context), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(), + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpRATimeout())); if (resultWrapper.getException() != null) { throw resultWrapper.getException(); } diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java deleted file mode 100644 index ba176a4..0000000 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java +++ /dev/null @@ -1,124 +0,0 @@ -package com.alibaba.confidentialcomputing.host; - -import java.io.File; -import java.io.IOException; -import java.nio.charset.Charset; -import java.nio.file.Files; -import java.util.ArrayList; -import java.util.List; -import java.util.concurrent.TimeUnit; - -import com.alibaba.confidentialcomputing.common.exception.ConfidentialComputingException; -import org.json.JSONArray; -import org.json.JSONObject; - -import static com.alibaba.confidentialcomputing.host.ExtractLibrary.extractLibrary; - -class EmbeddedLibOSEnclaveConfig { - private final static String EMBEDDED_LIB_OS_ENCLAVE_CONFIG_FILE = "embedded_libos_enclave.json"; - private static String configFilePath; - private static EmbeddedLibOSEnclaveConfig config; - - private boolean debuggable = false; - private int agentHttpHandlerThreadPoolSize = 5; - private int embeddedLibOSEnclaveStartupDuration = (int) TimeUnit.MINUTES.toMillis(1); - private int maxNumOfThreads = 50; - private long maxEPCHeapSize = 1500; - private String libOSLogLevel = "off"; - private String[] enclaveJVMArgs = null; - - static { - try { - configFilePath = extractLibrary(EmbeddedLibOSEnclave.class.getClassLoader(), EMBEDDED_LIB_OS_ENCLAVE_CONFIG_FILE); - File file = new File(configFilePath); - String content = Files.readString(file.toPath(), Charset.forName("UTF-8")); - JSONObject jsonObject = new JSONObject(content); - boolean debuggable = jsonObject.getBoolean("debuggable"); - int agentHttpHandlerThreadPoolSize = jsonObject.getInt("agent_http_handler_thread_pool_size"); - int embeddedLibOSEnclaveStartupDuration = jsonObject.getInt("enclave_startup_duration_ms"); - int maxNumOfThreads = jsonObject.getInt("max_num_of_threads"); - long maxEPCHeapSize = parseHeapSize(jsonObject.getString("user_space_size")) * 1024 * 1024; // convert MB to B. - String libOSLogLevel = jsonObject.getString("log_level"); - JSONArray jvmArgs = jsonObject.getJSONArray("enclave_jvm_args"); - List<String> jvmArgsList = new ArrayList<>(); - for (int i = 0; i < jvmArgs.length(); i++) { - jvmArgsList.add(jvmArgs.getString(i)); - } - String[] enclaveJVMArgs = jvmArgsList.toArray(new String[jvmArgsList.size()]); - config = new EmbeddedLibOSEnclaveConfig( - debuggable, - maxNumOfThreads, - maxEPCHeapSize, - agentHttpHandlerThreadPoolSize, - embeddedLibOSEnclaveStartupDuration, - libOSLogLevel, - enclaveJVMArgs); - } catch (IOException | ConfidentialComputingException e) { - e.printStackTrace(); - } - } - - private static long parseHeapSize(String value) throws ConfidentialComputingException { - // check heap size dimension must be MB or mb. - if (!(value.endsWith("MB") || value.endsWith("mb"))) { - throw new ConfidentialComputingException("Embedded lib os heap size dimension must be MB."); - } - String trimValue = value.replace("MB", ""); - if (trimValue.startsWith("0x") || trimValue.startsWith("0X")) { - return Long.parseLong(trimValue.substring(2), 16); - } - return Long.parseLong(trimValue); - } - - static EmbeddedLibOSEnclaveConfig getEmbeddedLibOSEnclaveConfigInstance() { - return config; - } - - private EmbeddedLibOSEnclaveConfig( - boolean debuggable, - int maxNumOfThreads, - long maxEPCHeapSize, - int agentHttpHandlerThreadPoolSize, - int embeddedLibOSEnclaveStartupDuration, - String libOSLogLevel, - String[] jvmArgs) { - this.debuggable = debuggable; - this.maxNumOfThreads = maxNumOfThreads; - this.maxEPCHeapSize = maxEPCHeapSize; - this.agentHttpHandlerThreadPoolSize = agentHttpHandlerThreadPoolSize; - this.embeddedLibOSEnclaveStartupDuration = embeddedLibOSEnclaveStartupDuration; - this.libOSLogLevel = libOSLogLevel; - this.enclaveJVMArgs = jvmArgs; - } - - EnclaveDebug getDebuggable() { - if (this.debuggable) { - return EnclaveDebug.DEBUG; - } - return EnclaveDebug.RELEASE; - } - - int getAgentHttpHandlerThreadPoolSize() { - return this.agentHttpHandlerThreadPoolSize; - } - - int getEmbeddedLibOSEnclaveStartupDuration() { - return this.embeddedLibOSEnclaveStartupDuration; - } - - int getMaxNumOfThreads() { - return this.maxNumOfThreads; - } - - long getMaxEPCHeapSizeBytes() { - return this.maxEPCHeapSize; - } - - String getLibOSLogLevel() { - return this.libOSLogLevel; - } - - String[] getEnclaveJVMArgs() { - return this.enclaveJVMArgs; - } -} diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java new file mode 100644 index 0000000..80c3e1f --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java @@ -0,0 +1,151 @@ +package com.alibaba.confidentialcomputing.host; + +import java.io.IOException; +import java.util.Arrays; +import java.util.concurrent.TimeUnit; + +class EmbeddedLibOSEnclaveConfigure { + private final static String AGENT_HTTP_THREAD_POOL_SIZE_PROPERTY = "com.alibaba.enclave.agent.thread.pool.size"; + private final static String ENCLAVE_STARTUP_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.startup.timeout_ms"; + private final static String ENCLAVE_DEBUG_LOG_LEVEL_PROPERTY = "com.alibaba.enclave.embedded.log.level"; + private final static String ENCLAVE_JVM_ARGS_PROPERTY = "com.alibaba.enclave.embedded.jvm.args"; + private final static String AGENT_HTTP_KEEP_ALIVE_TIMEOUT_S_PROPERTY = "com.alibaba.enclave.embedded.keepalive.timeout_s"; + private final static String AGENT_HTTP_KEEP_ALIVE_POOL_SIZE_PROPERTY = "com.alibaba.enclave.embedded.keepalive.max"; + private final static String AGENT_HTTP_CONNECT_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.connect.timeout_ms"; + private final static String AGENT_HTTP_READ_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.read.timeout_ms"; + private final static String AGENT_HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_PROPERTY = "com.alibaba.enclave.embedded.ra.timeout_ms"; + + private static EnclaveConfigure enclaveConfigure; + private static EmbeddedLibOSEnclaveConfigure instance; + + private int threadPoolSize = 5; + private int startupTimeout = (int) TimeUnit.MINUTES.toMillis(1); // ms. + private String logLevel = "off"; + private String[] enclaveJVMArgs = new String[]{"-Dsun.net.httpserver.nodelay=true", "-XX:-UseCompressedOops", "-Xmx800m", "-Dos.name=Linux"}; + private int agentHttpConnectTimeout = 1000; // ms. + private int agentHttpReadTimeout = 2000; // ms. + private int agentHttpRATimeout = 10_000; // ms. + private int agentHttpKeepAliveTimeout = 60 * 5; // s. + private int agentHttpKeepAliveMax = 100; + + private EmbeddedLibOSEnclaveConfigure() throws IOException { + enclaveConfigure = EnclaveConfigure.getInstance(); + parseProperty(); + } + + static EmbeddedLibOSEnclaveConfigure getInstance() throws IOException { + if (instance != null) return instance; + synchronized (EmbeddedLibOSEnclaveConfigure.class) { + if (instance == null) instance = new EmbeddedLibOSEnclaveConfigure(); + } + return instance; + } + + private void parseProperty() { + parseThreadPoolSize(System.getProperty(AGENT_HTTP_THREAD_POOL_SIZE_PROPERTY)); + parseStartupTimeout(System.getProperty(ENCLAVE_STARTUP_TIMEOUT_MS_PROPERTY)); + parseLogLevel(System.getProperty(ENCLAVE_DEBUG_LOG_LEVEL_PROPERTY)); + parseEnclaveJVMArgs(System.getProperty(ENCLAVE_JVM_ARGS_PROPERTY)); + parseHttpConnectTimeout(System.getProperty(AGENT_HTTP_CONNECT_TIMEOUT_MS_PROPERTY)); + parseHttpReadTimeout(System.getProperty(AGENT_HTTP_READ_TIMEOUT_MS_PROPERTY)); + parseHttpRATimeout(System.getProperty(AGENT_HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_PROPERTY)); + parseHttpKeepAliveTimeout(System.getProperty(AGENT_HTTP_KEEP_ALIVE_TIMEOUT_S_PROPERTY)); + parseHttpKeepAliveMax(System.getProperty(AGENT_HTTP_KEEP_ALIVE_POOL_SIZE_PROPERTY)); + } + + private void parseThreadPoolSize(String size) { + if (size != null) this.threadPoolSize = Integer.valueOf(size); + } + + private void parseStartupTimeout(String timeout) { + if (timeout != null) this.startupTimeout = Integer.valueOf(timeout); + } + + private void parseLogLevel(String logLevel) { + if (logLevel != null) this.logLevel = logLevel; + } + + private void parseEnclaveJVMArgs(String args) { + if (args != null) this.enclaveJVMArgs = Arrays.stream(args.split(",")).map(String::trim).toArray(String[]::new); + } + + private void parseHttpConnectTimeout(String args) { + if (args != null) this.agentHttpConnectTimeout = Integer.valueOf(args); + } + + private void parseHttpReadTimeout(String args) { + if (args != null) this.agentHttpReadTimeout = Integer.valueOf(args); + } + + private void parseHttpRATimeout(String args) { + if (args != null) this.agentHttpRATimeout = Integer.valueOf(args); + } + + private void parseHttpKeepAliveTimeout(String args) { + if (args != null) this.agentHttpKeepAliveTimeout = Integer.valueOf(args); + } + + private void parseHttpKeepAliveMax(String args) { + if (args != null) this.agentHttpKeepAliveMax = Integer.valueOf(args); + } + + boolean isEnclaveDebuggable() { + return enclaveConfigure.isEnclaveDebuggable(); + } + + boolean isEnableMetricTrace() { + return enclaveConfigure.isEnableMetricTrace(); + } + + int getMaxEnclaveThreadNum() { + return enclaveConfigure.getMaxEnclaveThreadNum(); + } + + int getEnclaveAgentThreadPoolSize() { + return threadPoolSize; + } + + int getEnclaveStartupTimeout() { + return startupTimeout; + } + + int getAgentHttpConnectTimeout() { + return agentHttpConnectTimeout; + } + + int getAgentHttpReadTimeout() { + return agentHttpReadTimeout; + } + + int getAgentHttpRATimeout() { + return agentHttpRATimeout; + } + + int getAgentHttpKeepAliveTimeout() { + return agentHttpKeepAliveTimeout; + } + + int getAgentHttpKeepAliveMax() { + return agentHttpKeepAliveMax; + } + + long getMaxEnclaveEPCMemorySizeBytes() { + return enclaveConfigure.getMaxEnclaveEPCMemorySizeBytes(); + } + + String getLogLevel() { + return logLevel; + } + + String getMetricTraceFilePath() { + return enclaveConfigure.getMetricTraceFilePath(); + } + + String[] getEnclaveJVMArgs() { + return enclaveJVMArgs; + } + + EnclaveType getDefaultEnclaveType() { + return enclaveConfigure.getDefaultEnclaveType(); + } +} diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java index 00d4201..fab348c 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java @@ -1,109 +1,150 @@ package com.alibaba.confidentialcomputing.host; -import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException; -import com.alibaba.confidentialcomputing.host.exception.MetricTraceLogWriteException; +import org.json.JSONObject; +import java.io.File; import java.io.IOException; +import java.nio.charset.Charset; +import java.nio.file.Files; +import java.text.SimpleDateFormat; +import java.util.Date; -/** - * EnclaveConfigure decides a new created enclave's type and debug mode. - * If user creates an enclave with specific enclave type, that it is no - * matter what system variable is. If user creates an enclave with no - * specific enclave type, system variable is adapted to decide enclave's - * type and debug mode. Default enclave type is TEE_SDK and debug mode - * is RELEASE. - */ class EnclaveConfigure { - private static final String ENCLAVE_TYPE = "com.alibaba.enclave.type"; - private static final String ENCLAVE_DEBUG = "com.alibaba.enclave.teesdk.debug"; - private static final EnclaveType enclaveType; - private static final EnclaveDebug enclaveDebug; - - static { - // Three kinds of enclave is supported, TEE_SDK/MOCK_IN_JVM/MOCK_IN_SVM - String platform = System.getProperty(ENCLAVE_TYPE); - String mode = System.getProperty(ENCLAVE_DEBUG); - if (platform != null) { - switch (platform) { - case "TEE_SDK": - enclaveType = EnclaveType.TEE_SDK; - break; - case "EMBEDDED_LIB_OS": - enclaveType = EnclaveType.EMBEDDED_LIB_OS; - break; - case "MOCK_IN_JVM": - enclaveType = EnclaveType.MOCK_IN_JVM; - break; - case "MOCK_IN_SVM": - enclaveType = EnclaveType.MOCK_IN_SVM; - break; - case "NONE": - default: - enclaveType = EnclaveType.NONE; - } - } else { - // Default enclave type is tee sdk. - enclaveType = EnclaveType.TEE_SDK; - } + private final static double RATIO = 0.8; + private final static long KB = 1 * 1024; + private final static long MB = KB * 1024; + private final static long GB = MB * 1024; + // TEE_SDK/EMBEDDED_LIB_OS/MOCK_IN_JVM/MOCK_IN_SVM + private final static String ENCLAVE_TYPE_PROPERTY = "com.alibaba.enclave.type"; + private final static String ENCLAVE_DEBUG_PROPERTY = "com.alibaba.enclave.debuggable"; + private final static String METRIC_TRACE_LOG_FILE_PATH_PROPERTY = "com.alibaba.enclave.metric.log"; + private final static String METRIC_TRACE_ENABLE_PROPERTY = "com.alibaba.enclave.metric.enable"; + + private final static String JAVA_ENCLAVE_CONFIG_FILE_TEMPLATE = "/opt/javaenclave/config/template/java_enclave_configure.json"; + private final static String JAVA_ENCLAVE_CONFIG_FILE = "java_enclave_configure.json"; + private final static String ENCLAVE_DEBUGGABLE_CONFIG_FILE_KEY = "debuggable"; + private final static String ENCLAVE_TYPE_CONFIG_FILE_KEY = "enclave_type"; + private final static String METRIC_TRACE_LOG_FILE_PATH_CONFIG_FILE_KEY = "metric_trace_file_path"; + private final static String METRIC_TRACE_ENABLE_CONFIG_FILE_KEY = "metric_trace_enable"; + private final static String ENCLAVE_MAX_THREAD_NUMBER_CONFIG_FILE_KEY = "enclave_max_thread"; + private final static String ENCLAVE_MAX_EPC_MEMORY_SIZE_CONFIG_FILE_KEY = "enclave_max_epc_memory_size_MB"; + private final static String DEFAULT_METRIC_LOG_PATH = + "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log"; + + private static EnclaveConfigure enclaveConfigure; - if (mode != null) { - // Three kinds of enclave debug mode is supported, DEBUG/RELEASE - // If TEE_SDK enclave is created as RELEASE mode, it can't be debugged - // with GDB tool. - switch (mode) { - case "DEBUG": - enclaveDebug = EnclaveDebug.DEBUG; - break; - case "RELEASE": - enclaveDebug = EnclaveDebug.RELEASE; - break; - case "NONE": - default: - enclaveDebug = EnclaveDebug.NONE; - } - } else { - // Default debug mode is release. - enclaveDebug = EnclaveDebug.RELEASE; + // default value without giving explicitly enclave type. + // for example, EnclaveFactory.create() will create defaultEnclaveType enclave. + private EnclaveType enclaveType = EnclaveType.TEE_SDK; + // it's for TEE_SKD and EMBEDDED_LIB_OS. + private boolean debuggable = false; + // enable metric trace, default is disable. + private boolean enableMetricTrace = false; + // config metric trace file path. + private String metricTraceFilePath = DEFAULT_METRIC_LOG_PATH; + private String configFilePath; + private int maxEnclaveThreadNum = 50; + private long maxEnclaveEPCMemorySize = 1500 * MB; + private long referenceEnclaveMaxHeapSize = (long) (maxEnclaveEPCMemorySize * RATIO); + + private EnclaveConfigure() throws IOException { + // first update value from config file. + parseTemplateConfigureFile(); + // second update value form user define config file. + parseUserConfigureFile(); + // at last update value from property. + // config file is low priority then java -D property setting. + parseProperty(); + } + + static EnclaveConfigure getInstance() throws IOException { + if (enclaveConfigure != null) return enclaveConfigure; + synchronized (EnclaveConfigure.class) { + if (enclaveConfigure == null) enclaveConfigure = new EnclaveConfigure(); } + return enclaveConfigure; + } + + private void parseEnclaveType(String enclaveType) { + // parse enclave type. + if (enclaveType != null) this.enclaveType = EnclaveType.valueOf(enclaveType); + } + + private boolean parseBooleanFlag(String flag) { + return Boolean.parseBoolean(flag); + } + + private void parseMetricTracingEnable(String metricEnable) { + if (metricEnable != null) this.enableMetricTrace = parseBooleanFlag(metricEnable); + } + + private void parseEnclaveDebuggable(String debuggable) { + // parse enclave debuggable or not. + if (debuggable != null) this.debuggable = parseBooleanFlag(debuggable); + } + + private void parseMetricTracingLogPath(String filePath) { + // parse metric log file path. + if (filePath != null && !filePath.isBlank()) this.metricTraceFilePath = filePath; + } + + private void parseProperty() { + parseEnclaveType(System.getProperty(ENCLAVE_TYPE_PROPERTY)); + parseEnclaveDebuggable(System.getProperty(ENCLAVE_DEBUG_PROPERTY)); + parseMetricTracingEnable(System.getProperty(METRIC_TRACE_ENABLE_PROPERTY)); + parseMetricTracingLogPath(System.getProperty(METRIC_TRACE_LOG_FILE_PATH_PROPERTY)); } - // create an enclave without specific enclave type. - // if -Dcom.alibaba.enclave.type is not set, TEE_SDK - // type enclave will be created. - static Enclave create() throws EnclaveCreatingException { - return create(enclaveType); - } - - // create an enclave with specific enclave type. - static Enclave create(EnclaveType type) throws EnclaveCreatingException { - try (MetricTraceContext trace = new MetricTraceContext(MetricTraceContext.LogPrefix.METRIC_LOG_ENCLAVE_CREATING_PATTERN)) { - Enclave enclave; - switch (type) { - case MOCK_IN_JVM: - enclave = new MockInJvmEnclave(); - break; - case MOCK_IN_SVM: - enclave = new MockInSvmEnclave(); - break; - case TEE_SDK: - // TEE_SDK only support hardware mode, not support simulate mode. - enclave = new TeeSdkEnclave(enclaveDebug); - break; - case EMBEDDED_LIB_OS: - // EMBEDDED_LIB_OS only support hardware mode, not support simulate mode. - enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance( - EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getDebuggable(), - EnclaveSimulate.HARDWARE); - break; - case NONE: - default: - throw new EnclaveCreatingException("enclave type is not supported."); - } - trace.setEnclaveInfo(enclave.getEnclaveInfo()); - EnclaveInfoManager.getEnclaveInfoManagerInstance().addEnclave(enclave); - return enclave; - } catch (IOException | MetricTraceLogWriteException e) { - throw new EnclaveCreatingException(e); + private void parseConfigureFile(String path) throws IOException { + File file = new File(path); + String content = Files.readString(file.toPath(), Charset.forName("UTF-8")); + JSONObject jsonObject = new JSONObject(content); + this.debuggable = jsonObject.getBoolean(ENCLAVE_DEBUGGABLE_CONFIG_FILE_KEY); + parseEnclaveType(jsonObject.getString(ENCLAVE_TYPE_CONFIG_FILE_KEY)); + this.enableMetricTrace = jsonObject.getBoolean(METRIC_TRACE_ENABLE_CONFIG_FILE_KEY); + parseMetricTracingLogPath(jsonObject.getString(METRIC_TRACE_LOG_FILE_PATH_CONFIG_FILE_KEY)); + this.maxEnclaveThreadNum = jsonObject.getInt(ENCLAVE_MAX_THREAD_NUMBER_CONFIG_FILE_KEY); + this.maxEnclaveEPCMemorySize = jsonObject.getInt(ENCLAVE_MAX_EPC_MEMORY_SIZE_CONFIG_FILE_KEY) * MB; + this.referenceEnclaveMaxHeapSize = (long) (this.maxEnclaveEPCMemorySize * RATIO); + } + + private void parseTemplateConfigureFile() throws IOException { + parseConfigureFile(JAVA_ENCLAVE_CONFIG_FILE_TEMPLATE); + } + + private void parseUserConfigureFile() throws IOException { + // only parse configure file when it exists in .jar. + if (ExtractLibrary.isFileExist(EnclaveConfigure.class.getClassLoader(), JAVA_ENCLAVE_CONFIG_FILE)) { + configFilePath = ExtractLibrary.extractLibrary(EnclaveConfigure.class.getClassLoader(), JAVA_ENCLAVE_CONFIG_FILE); + parseConfigureFile(configFilePath); } } + + boolean isEnclaveDebuggable() { + return debuggable; + } + + boolean isEnableMetricTrace() { + return enableMetricTrace; + } + + int getMaxEnclaveThreadNum() { + return maxEnclaveThreadNum; + } + + long getMaxEnclaveEPCMemorySizeBytes() { + return maxEnclaveEPCMemorySize; + } + + long getReferenceEnclaveMaxHeapSize() { + return referenceEnclaveMaxHeapSize; + } + + String getMetricTraceFilePath() { + return metricTraceFilePath; + } + + EnclaveType getDefaultEnclaveType() { + return enclaveType; + } } diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java index a949d8c..7bc1078 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java @@ -1,6 +1,9 @@ package com.alibaba.confidentialcomputing.host; import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException; +import com.alibaba.confidentialcomputing.host.exception.MetricTraceLogWriteException; + +import java.io.IOException; /** * Factory class for {@link Enclave}. @@ -33,7 +36,14 @@ public final class EnclaveFactory { * create failed. */ public static Enclave create() throws EnclaveCreatingException { - return EnclaveConfigure.create(); + // create an enclave without specific enclave type. + // if -Dcom.alibaba.enclave.type is not set, TEE_SDK + // type enclave will be created. + try { + return create(EnclaveConfigure.getInstance().getDefaultEnclaveType()); + } catch (IOException e) { + throw new EnclaveCreatingException(e); + } } /** @@ -43,6 +53,41 @@ public final class EnclaveFactory { * create failed. */ public static Enclave create(EnclaveType type) throws EnclaveCreatingException { - return EnclaveConfigure.create(type); + // create an enclave with specific enclave type. + try (MetricTraceContext trace = new MetricTraceContext(MetricTraceContext.LogPrefix.METRIC_LOG_ENCLAVE_CREATING_PATTERN)) { + Enclave enclave; + switch (type) { + case MOCK_IN_JVM: + enclave = new MockInJvmEnclave(); + break; + case MOCK_IN_SVM: + enclave = new MockInSvmEnclave(); + break; + case TEE_SDK: + // TEE_SDK only support hardware mode, not support simulate mode. + if (EnclaveConfigure.getInstance().isEnclaveDebuggable()) { + enclave = new TeeSdkEnclave(EnclaveDebug.DEBUG); + } else { + enclave = new TeeSdkEnclave(EnclaveDebug.RELEASE); + } + break; + case EMBEDDED_LIB_OS: + // EMBEDDED_LIB_OS only support hardware mode, not support simulate mode. + if (EmbeddedLibOSEnclaveConfigure.getInstance().isEnclaveDebuggable()) { + enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance(EnclaveDebug.DEBUG, EnclaveSimulate.HARDWARE); + } else { + enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance(EnclaveDebug.RELEASE, EnclaveSimulate.HARDWARE); + } + break; + case NONE: + default: + throw new EnclaveCreatingException("enclave type: " + type + " is not supported."); + } + trace.setEnclaveInfo(enclave.getEnclaveInfo()); + EnclaveInfoManager.getEnclaveInfoManagerInstance().addEnclave(enclave); + return enclave; + } catch (IOException | MetricTraceLogWriteException e) { + throw new EnclaveCreatingException(e); + } } } diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java index 890c624..0ede769 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java @@ -16,6 +16,19 @@ import java.util.zip.GZIPInputStream; * it's very convenient for deployment. */ public final class ExtractLibrary { + /** + * check file exist in the .jar or not. + * + * @param classLoader define the search scope for lib .so. + * @param file lib.so's name in the jar file. + * @return exist or not. + */ + public static boolean isFileExist(ClassLoader classLoader, String file) throws IOException { + try (InputStream in = classLoader.getResourceAsStream(file)) { + return in != null; + } + } + /** * get the temp file's full path. * diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java index afb9ca2..e94a0bd 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java @@ -11,28 +11,21 @@ import java.util.Date; import java.util.concurrent.TimeUnit; public abstract class MetricTrace implements AutoCloseable { - private final static String PRIORITY_METRIC_LOG_PATH = "com.alibaba.enclave.metric.path"; - private final static String PRIORITY_ENABLE_METRIC_LOG = "com.alibaba.enclave.metric.on"; - private static boolean enableEnclaveMetricTrace = false; - private final static String DEFAULT_METRIC_LOG_PATH = - "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log"; - private static volatile String logPath; + private static volatile String logPath = "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log"; private static volatile BufferedWriter logFile; private static DecimalFormat formatter = new DecimalFormat("###,###"); private final long start = System.nanoTime(); static { - String metricLogFlag = System.getProperty(PRIORITY_ENABLE_METRIC_LOG); - if ("true".equals(metricLogFlag) || "1".equals(metricLogFlag)) { - enableEnclaveMetricTrace = true; - } - String priorityLogPath = System.getProperty(PRIORITY_METRIC_LOG_PATH); - if (priorityLogPath != null) { - logPath = priorityLogPath; - } else { - logPath = DEFAULT_METRIC_LOG_PATH; + try { + boolean enableEnclaveMetricTraceTemp = EnclaveConfigure.getInstance().isEnableMetricTrace(); + String logPathTemp = EnclaveConfigure.getInstance().getMetricTraceFilePath(); + enableEnclaveMetricTrace = enableEnclaveMetricTraceTemp; + logPath = logPathTemp; + } catch (IOException e) { + ; // if exception happen, use original init value. } } @@ -65,7 +58,11 @@ public abstract class MetricTrace implements AutoCloseable { try { if (isEnableEnclaveMetricTrace()) { if (logFile == null) { - logFile = new BufferedWriter(new FileWriter(this.logPath)); + synchronized (MetricTrace.class) { + if (logFile == null) { + logFile = new BufferedWriter(new FileWriter(this.logPath)); + } + } } metricTracing(getEnclaveInfo(), getMetricKeyName(), System.nanoTime() - start, getCostInnerEnclave()); } diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java index 4dcf169..d46d1e8 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java @@ -15,6 +15,8 @@ import java.io.IOException; * important to debug issue. */ class MockInSvmEnclave extends AbstractEnclave { + private final static long KB = 1 * 1024; + private final static long MB = KB * 1024; private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_mock_svm.so"; private final static String ENCLAVE_SVM_PACKAGE_PATH = "lib_mock_svm_load.so"; private static volatile MockInSvmExtractTempPath extractTempPath; @@ -28,9 +30,7 @@ class MockInSvmEnclave extends AbstractEnclave { private long isolateThreadHandle; private final MockEnclaveInfo enclaveInfo; - MockInSvmEnclave() throws EnclaveCreatingException { - // Set EnclaveContext for this enclave instance. - super(EnclaveType.MOCK_IN_SVM, new EnclaveServicesRecycler()); + private void extractNativeResource() throws EnclaveCreatingException { // Extract jni .so and svm sdk .so from .jar file. if (extractTempPath == null) { synchronized (MockInSvmEnclave.class) { @@ -53,12 +53,32 @@ class MockInSvmEnclave extends AbstractEnclave { } } } + } + + private String buildSVMHeapConf() throws IOException { + long enclaveMaxHeapSize = MockInSvmEnclaveConfigure.getInstance().getEnclaveSVMMaxHeapSize(); + if (enclaveMaxHeapSize > 0) { + long size = enclaveMaxHeapSize / MB; + if (size == 0) size = 1; + return "-Xmx" + size + "m"; + } + return "-Xmx" + 0 + "m"; + } + MockInSvmEnclave() throws EnclaveCreatingException { + // Set EnclaveContext for this enclave instance. + super(EnclaveType.MOCK_IN_SVM, new EnclaveServicesRecycler()); + extractNativeResource(); // Create svm sdk enclave by native call, enclaveSvmSdkHandle are set in jni in nativeHandlerContext. nativeCreateEnclave(extractTempPath.getEnclaveSvmFilePath()); // Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext. - nativeSvmAttachIsolate(enclaveSvmSdkHandle); - enclaveInfo = new MockEnclaveInfo(EnclaveType.MOCK_IN_SVM, true, -1, -1); + try { + nativeSvmAttachIsolate(enclaveSvmSdkHandle, buildSVMHeapConf()); + enclaveInfo = new MockEnclaveInfo(EnclaveType.MOCK_IN_SVM, true, -1, -1); + } catch (IOException e) { + throw new EnclaveCreatingException(e); + } + } @Override @@ -131,7 +151,7 @@ class MockInSvmEnclave extends AbstractEnclave { private native int nativeCreateEnclave(String path) throws EnclaveCreatingException; - private native int nativeSvmAttachIsolate(long enclaveSvmSdkHandle) throws EnclaveCreatingException; + private native int nativeSvmAttachIsolate(long enclaveSvmSdkHandle, String args) throws EnclaveCreatingException; private native byte[] nativeLoadService(long enclaveSvmSdkHandle, long isolateHandler, byte[] serviceHandler) throws ServicesLoadingException; diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java new file mode 100644 index 0000000..6cc95f2 --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java @@ -0,0 +1,39 @@ +package com.alibaba.confidentialcomputing.host; + +import java.io.IOException; + +public class MockInSvmEnclaveConfigure { + private final static long KB = 1 * 1024; + private final static long MB = KB * 1024; + private final static String MOCK_IN_SVM_MAX_HEAP_SIZE_PROPERTY = "com.alibaba.enclave.mockinsvm.maxheap_MB"; + private static EnclaveConfigure enclaveConfigure; + private static MockInSvmEnclaveConfigure mockInSvmEnclaveConfigure; + + private long enclaveSVMMaxHeapSize = 0; + + private MockInSvmEnclaveConfigure() throws IOException { + enclaveConfigure = EnclaveConfigure.getInstance(); + parseAndInitSVMaxHeapSize(System.getProperty(MOCK_IN_SVM_MAX_HEAP_SIZE_PROPERTY)); + } + + static MockInSvmEnclaveConfigure getInstance() throws IOException { + if (mockInSvmEnclaveConfigure != null) return mockInSvmEnclaveConfigure; + synchronized (MockInSvmEnclaveConfigure.class) { + if (mockInSvmEnclaveConfigure == null) mockInSvmEnclaveConfigure = new MockInSvmEnclaveConfigure(); + } + return mockInSvmEnclaveConfigure; + } + + private void parseAndInitSVMaxHeapSize(String heapSize) { + if (heapSize != null) { + enclaveSVMMaxHeapSize = enclaveConfigure.getReferenceEnclaveMaxHeapSize(); + long confMaxHeapSize = Long.parseLong(heapSize) * MB; + // make sure that svmMaxHeapSize should not larger than enclave_epc_memory * 0.8 + if (enclaveSVMMaxHeapSize > confMaxHeapSize) enclaveSVMMaxHeapSize = confMaxHeapSize; + } + } + + long getEnclaveSVMMaxHeapSize() { + return enclaveSVMMaxHeapSize; + } +} diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java index 7179662..a4d80d4 100644 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java @@ -11,6 +11,8 @@ import java.io.IOException; * TeeSdkEnclave is a sgx2 enclave based on Alibaba cloud's tee sdk. */ class TeeSdkEnclave extends AbstractEnclave { + private final static long KB = 1 * 1024; + private final static long MB = KB * 1024; private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_tee_sdk_svm.so"; private final static String TEE_SDK_SIGNED_PACKAGE_PATH = "lib_tee_sdk_svm_load.signed"; private static volatile TeeSdkExtractTempPath extractTempPath; @@ -24,9 +26,7 @@ class TeeSdkEnclave extends AbstractEnclave { private long isolateThreadHandle; private SGXEnclaveInfo enclaveInfo; - TeeSdkEnclave(EnclaveDebug mode) throws EnclaveCreatingException { - // Set EnclaveContext for this enclave instance. - super(EnclaveType.TEE_SDK, mode, new EnclaveServicesRecycler()); + private void extractNativeResource() throws EnclaveCreatingException { // Extract jni .so and signed tee .so from .jar file. // Only once extract and load operation. if (extractTempPath == null) { @@ -48,21 +48,40 @@ class TeeSdkEnclave extends AbstractEnclave { } } } + } + + private String buildSVMHeapConf() throws IOException { + long enclaveMaxHeapSize = TeeSdkEnclaveConfigure.getInstance().getEnclaveSVMMaxHeapSize(); + if ( enclaveMaxHeapSize > 0) { + long size = enclaveMaxHeapSize / MB; + if (size == 0) size = 1; + return "-Xmx" + size + "m"; + } + return "-Xmx" + 0 + "m"; + } + TeeSdkEnclave(EnclaveDebug mode) throws EnclaveCreatingException { + // Set EnclaveContext for this enclave instance. + super(EnclaveType.TEE_SDK, mode, new EnclaveServicesRecycler()); + extractNativeResource(); // Create tee sdk enclave by native call, enclaveHandler is set in jni in nativeHandlerContext. nativeCreateEnclave(mode.getValue(), extractTempPath.getTeeSdkSignedFilePath()); - // Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext. - nativeSvmAttachIsolate(enclaveHandle); - // Create enclave info. - boolean isDebuggable = true; - if (mode.getValue() == 0x2) { - isDebuggable = false; + try { + // Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext. + nativeSvmAttachIsolate(enclaveHandle, TeeSdkEnclaveConfigure.getInstance().isEnableTeeSDKSymbolTracing(), buildSVMHeapConf()); + // Create enclave info. + boolean isDebuggable = true; + if (mode.getValue() == 0x2) { + isDebuggable = false; + } + enclaveInfo = new SGXEnclaveInfo( + EnclaveType.TEE_SDK, + isDebuggable, + TeeSdkEnclaveConfigure.getInstance().getMaxEnclaveEPCMemorySizeBytes(), + TeeSdkEnclaveConfigure.getInstance().getMaxEnclaveThreadNum()); + } catch (IOException e) { + throw new EnclaveCreatingException(e); } - enclaveInfo = new SGXEnclaveInfo( - EnclaveType.TEE_SDK, - isDebuggable, - TeeSdkEnclaveConfig.getTeeSdkEnclaveConfigInstance().getHeapMaxSizeBytes(), - TeeSdkEnclaveConfig.getTeeSdkEnclaveConfigInstance().getThreadMaxNumber()); } private static native void registerNatives(); @@ -71,7 +90,7 @@ class TeeSdkEnclave extends AbstractEnclave { private native TeeSdkAttestationReport nativeGenerateAttestationReport(long enclaveHandler, byte[] userData) throws RemoteAttestationException; - private native int nativeSvmAttachIsolate(long enclaveHandler) throws EnclaveCreatingException; + private native int nativeSvmAttachIsolate(long enclaveHandler, int flag, String args) throws EnclaveCreatingException; private native byte[] nativeLoadService(long enclaveHandler, long isolateHandler, byte[] serviceHandler) throws ServicesLoadingException; diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java deleted file mode 100644 index 5be6bd9..0000000 --- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java +++ /dev/null @@ -1,66 +0,0 @@ -package com.alibaba.confidentialcomputing.host; - -import org.xml.sax.InputSource; - -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; -import java.io.File; -import java.io.StringReader; -import java.nio.charset.Charset; -import java.nio.file.Files; - -import static com.alibaba.confidentialcomputing.host.ExtractLibrary.extractLibrary; - -class TeeSdkEnclaveConfig { - private final static String TEE_SDK_ENCLAVE_CONFIG_FILE = "tee_sdk_svm.conf"; - private long heapMaxSize; - private int threadMaxNumber; - - private static String configFilePath; - private static TeeSdkEnclaveConfig config; - - private TeeSdkEnclaveConfig(long heapMaxSize, int threadMaxNumber) { - this.heapMaxSize = heapMaxSize; - this.threadMaxNumber = threadMaxNumber; - } - - private static long hexToDecimal(String value) { - if (value.toLowerCase().startsWith("0x")) { - return Long.parseLong(value.substring(2), 16); - } - return Long.parseLong(value); - } - - private static String parseTeeSdkConfig(String path, String content) throws XPathExpressionException { - InputSource source = new InputSource(new StringReader(content)); - XPathFactory xpathFactory = XPathFactory.newInstance(); - XPath xpath = xpathFactory.newXPath(); - return xpath.evaluate(path, source); - } - - static { - try { - configFilePath = extractLibrary(TeeSdkEnclave.class.getClassLoader(), TEE_SDK_ENCLAVE_CONFIG_FILE); - File file = new File(configFilePath); - String content = Files.readString(file.toPath(), Charset.forName("UTF-8")); - String heapMaxSize = parseTeeSdkConfig("/EnclaveConfiguration/HeapMaxSize", content); - String threadMaxSize = parseTeeSdkConfig("/EnclaveConfiguration/TCSNum", content); - config = new TeeSdkEnclaveConfig(hexToDecimal(heapMaxSize), (int) hexToDecimal(threadMaxSize)); - } catch (Exception e) { - e.printStackTrace(); - } - } - - static TeeSdkEnclaveConfig getTeeSdkEnclaveConfigInstance() { - return config; - } - - long getHeapMaxSizeBytes() { - return this.heapMaxSize; - } - - int getThreadMaxNumber() { - return this.threadMaxNumber; - } -} diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java new file mode 100644 index 0000000..0b1ebfe --- /dev/null +++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java @@ -0,0 +1,74 @@ +package com.alibaba.confidentialcomputing.host; + +import java.io.IOException; + +class TeeSdkEnclaveConfigure { + private final static long KB = 1 * 1024; + private final static long MB = KB * 1024; + private final static String TEE_SDK_SVM_MAX_HEAP_SIZE_PROPERTY = "com.alibaba.enclave.teesdk.maxheap_MB"; + private final static String TEE_SDK_SYMBOL_TRACE_ENABLE_PROPERTY = "com.alibaba.enclave.teesdk.symbol.trace"; + private static EnclaveConfigure enclaveConfigure; + private static TeeSdkEnclaveConfigure teeSdkEnclaveConfigure; + + private int flag = 0x0; + private long enclaveSVMMaxHeapSize = 0; + + private TeeSdkEnclaveConfigure() throws IOException { + enclaveConfigure = EnclaveConfigure.getInstance(); + parseSymbolTraceEnable(System.getProperty(TEE_SDK_SYMBOL_TRACE_ENABLE_PROPERTY)); + parseAndInitSVMaxHeapSize(System.getProperty(TEE_SDK_SVM_MAX_HEAP_SIZE_PROPERTY)); + } + + static TeeSdkEnclaveConfigure getInstance() throws IOException { + if (teeSdkEnclaveConfigure != null) return teeSdkEnclaveConfigure; + synchronized (TeeSdkEnclaveConfigure.class) { + if (teeSdkEnclaveConfigure == null) teeSdkEnclaveConfigure = new TeeSdkEnclaveConfigure(); + } + return teeSdkEnclaveConfigure; + } + + private void parseSymbolTraceEnable(String flag) { + this.flag = Boolean.parseBoolean(flag) ? 1 : 0; + } + + private void parseAndInitSVMaxHeapSize(String heapSize) { + // make sure that svmMaxHeapSize should not larger than enclave_epc_memory * 0.8 + if (heapSize != null) { + enclaveSVMMaxHeapSize = enclaveConfigure.getReferenceEnclaveMaxHeapSize(); + long confMaxHeapSize = Long.parseLong(heapSize) * MB; + if (enclaveSVMMaxHeapSize > confMaxHeapSize) enclaveSVMMaxHeapSize = confMaxHeapSize; + } + } + + boolean isEnclaveDebuggable() { + return enclaveConfigure.isEnclaveDebuggable(); + } + + boolean isEnableMetricTrace() { + return enclaveConfigure.isEnableMetricTrace(); + } + + int isEnableTeeSDKSymbolTracing() { + return flag; + } + + int getMaxEnclaveThreadNum() { + return enclaveConfigure.getMaxEnclaveThreadNum(); + } + + long getMaxEnclaveEPCMemorySizeBytes() { + return enclaveConfigure.getMaxEnclaveEPCMemorySizeBytes(); + } + + long getEnclaveSVMMaxHeapSize() { + return enclaveSVMMaxHeapSize; + } + + String getMetricTraceFilePath() { + return enclaveConfigure.getMetricTraceFilePath(); + } + + EnclaveType getDefaultEnclaveType() { + return enclaveConfigure.getDefaultEnclaveType(); + } +} diff --git a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c index 8099c79..e892edd 100644 --- a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c +++ b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c @@ -23,13 +23,13 @@ void set_long_field_value(JNIEnv *env, jclass class_mirror, jobject obj, const c jint parse_http_handler_thread_pool_size(JNIEnv *env, jobject config) { jclass config_class = (*env)->GetObjectClass(env, config); - jmethodID get_thread_pool_id = (*env)->GetMethodID(env, config_class, "getAgentHttpHandlerThreadPoolSize", "()I"); + jmethodID get_thread_pool_id = (*env)->GetMethodID(env, config_class, "getEnclaveAgentThreadPoolSize", "()I"); return (*env)->CallObjectMethod(env, config, get_thread_pool_id); } jstring parse_log_level(JNIEnv *env, jobject config) { jclass config_class = (*env)->GetObjectClass(env, config); - jmethodID get_log_level_id = (*env)->GetMethodID(env, config_class, "getLibOSLogLevel", "()Ljava/lang/String;"); + jmethodID get_log_level_id = (*env)->GetMethodID(env, config_class, "getLogLevel", "()Ljava/lang/String;"); return (*env)->CallObjectMethod(env, config, get_log_level_id); } diff --git a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h index c188536..dead896 100644 --- a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h +++ b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h @@ -8,7 +8,7 @@ extern "C" { #endif -#define ENCLAVE_CREATING_SIGNATURE "(IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig;Ljava/lang/String;)I" +#define ENCLAVE_CREATING_SIGNATURE "(IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure;Ljava/lang/String;)I" #define ENCLAVE_CREATING_EXCEPTION "com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException" #define ENCLAVE_DESTROYING_EXCEPTION "com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException" @@ -41,7 +41,7 @@ JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_host_EmbeddedLibOS /* * Class: com_alibaba_confidentialcomputing_host_EmbeddedLibOSEnclave * Method: nativeCreateEnclave - * Signature: (IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig;Ljava/lang/String;)I + * Signature: (IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure;Ljava/lang/String;)I */ JNIEXPORT jint JNICALL JavaEnclave_TeeLibOSNativeCreateEnclave (JNIEnv *, jobject, jint, jint, jint, jint, jobject, jstring); diff --git a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c index 5510baa..c1b6df6 100644 --- a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c +++ b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c @@ -17,7 +17,7 @@ typedef int (*mock_enclave_stub)(graal_isolate_t*, enc_data_t*, enc_data_t*, cal static JNINativeMethod mock_in_svm_methods[] = { {"nativeCreateEnclave", "(Ljava/lang/String;)I", (void *)&JavaEnclave_MockSVMNativeCreateEnclave}, - {"nativeSvmAttachIsolate", "(J)I", (void *)&JavaEnclave_MockSVMNativeSvmAttachIsolate}, + {"nativeSvmAttachIsolate", "(JLjava/lang/String;)I", (void *)&JavaEnclave_MockSVMNativeSvmAttachIsolate}, {"nativeLoadService", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeLoadService}, {"nativeInvokeMethod", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeInvokeMethod}, {"nativeUnloadService", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeUnloadService}, @@ -122,21 +122,28 @@ JavaEnclave_MockSVMNativeCreateEnclave(JNIEnv *env, jobject obj, jstring path) { } JNIEXPORT jint JNICALL -JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler) { +JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler, jstring args) { graal_isolate_t* isolate_t; - graal_create_isolate_params_t p; graal_isolatethread_t* isolate_thread_t; - int (*graal_create_isolate)(graal_create_isolate_params_t* params, graal_isolate_t** isolate, graal_isolatethread_t** thread); - graal_create_isolate = (int (*)(graal_create_isolate_params_t*, graal_isolate_t**, graal_isolatethread_t**)) dlsym((void *)enclave_handler, "graal_create_isolate"); - if (!graal_create_isolate) { + int (*create_isolate_with_params)(int argc, char** parameters, graal_isolate_t** isolate, graal_isolatethread_t** thread); + create_isolate_with_params = (int (*)(int, char**, graal_isolate_t**, graal_isolatethread_t**)) dlsym((void *)enclave_handler, "create_isolate_with_params"); + if (!create_isolate_with_params) { THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "create isolate dlsym error.") } - if (graal_create_isolate(NULL, &isolate_t, &isolate_thread_t) != 0) { + char *args_str = (*env)->GetStringUTFChars(env, args, 0); + int argc = 2; + char* parameters[2]; + parameters[0] = NULL; + parameters[1] = args_str; + + if (create_isolate_with_params(argc, parameters, &isolate_t, &isolate_thread_t) != 0) { + (*env)->ReleaseStringUTFChars(env, args, args_str); THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "graal_create_isolate create error.") } + (*env)->ReleaseStringUTFChars(env, args, args_str); // set isolate_t and isolate_thread_t back to MockInSvmEnclave.isolateHandle and MockInSvmEnclave.isolateThreadHandle jclass class_enclave = (*env)->GetObjectClass(env, obj); set_long_field_value(env, class_enclave, obj, "isolateHandle", (jlong)isolate_t); diff --git a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h index 5449a51..35f240c 100644 --- a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h +++ b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h @@ -45,9 +45,9 @@ JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeCreateEnclave(JNIEnv *, jobject, /* * Class: JavaEnclave_MockSVMNativeSvmAttachIsolate * Method: nativeSvmAttachIsolate - * Signature: (J)I + * Signature: (JLjava/lang/String;)I */ -JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong); +JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong, jstring); /* * Class: JavaEnclave_MockSVMNativeLoadService diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c index ad558d5..be4ce81 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c @@ -18,7 +18,7 @@ static JNINativeMethod tee_sdk_svm_methods[] = { {"nativeCreateEnclave", "(ILjava/lang/String;)I", (void *)&JavaEnclave_TeeSDKSVMNativeCreateEnclave}, - {"nativeSvmAttachIsolate", "(J)I", (void *)&JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate}, + {"nativeSvmAttachIsolate", "(JILjava/lang/String;)I", (void *)&JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate}, {"nativeLoadService", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeLoadService}, {"nativeInvokeMethod", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeInvokeMethod}, {"nativeUnloadService", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeUnloadService}, @@ -108,16 +108,20 @@ JavaEnclave_TeeSDKSVMNativeCreateEnclave(JNIEnv *env, jobject obj, jint mode, js } JNIEXPORT jint JNICALL -JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler) { +JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler, jint flag, jstring args) { // create an isolate in enclave. uint64_t isolate = 0; uint64_t isolateThread = 0; int ret = 0; - enclave_svm_isolate_create((size_t)enclave_handler, &ret, (void *)(&isolate), (void *)(&isolateThread)); + + char *args_str = (*env)->GetStringUTFChars(env, args, 0); + enclave_svm_isolate_create((size_t)enclave_handler, &ret, (void *)(&isolate), (void *)(&isolateThread), flag, args_str); if (ret != 0) { + (*env)->ReleaseStringUTFChars(env, args, args_str); THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "attach native svm failed when creating an enclave.") } + (*env)->ReleaseStringUTFChars(env, args, args_str); jclass enclave_class = (*env)->GetObjectClass(env, obj); // set isolate back to isolateHandle field. set_long_field_value(env, enclave_class, obj, "isolateHandle", (jlong)isolate); diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h index 2dfced4..0c3f9df 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h @@ -52,9 +52,9 @@ JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeCreateEnclave(JNIEnv *, jobjec /* * Class: com_alibaba_confidentialcomputing_host_TeeSdkEnclave * Method: nativeSvmAttachIsolate - * Signature: (J)I + * Signature: (JILjava/lang/String;)I */ -JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong); +JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong, jint, jstring); /* * Class: com_alibaba_confidentialcomputing_host_TeeSdkEnclave diff --git a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl index 4736611..cceb4f5 100644 --- a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl +++ b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl @@ -8,7 +8,7 @@ enclave { trusted { // create a graal isolate; - public int enclave_svm_isolate_create([out, size=8] void* isolate, [out, size=8] void* isolateThread); + public int enclave_svm_isolate_create([out, size=8] void* isolate, [out, size=8] void* isolateThread, int flag, [string, in] char* args); // load enclave services instance; public int load_enclave_svm_services(uint64_t isolate, [in, size=len0] void* input, size_t len0, [out, size=8] void* output, [out, size=8] size_t* len1); // invoke enclave instance's services; diff --git a/sdk/native/config/template/Occlum.json b/sdk/native/config/template/Occlum.json new file mode 100644 index 0000000..0981ed8 --- /dev/null +++ b/sdk/native/config/template/Occlum.json @@ -0,0 +1,74 @@ +{ + "resource_limits": { + "kernel_space_heap_size": "32MB", + "kernel_space_stack_size": "1MB", + "user_space_size": "1024MB", + "max_num_of_threads": 50 + }, + "process": { + "default_stack_size": "4MB", + "default_heap_size": "32MB", + "default_mmap_size": "100MB" + }, + "entry_points": [ + "/usr/lib/dragonwell11/jre/bin" + ], + "env": { + "default": [ + "LD_LIBRARY_PATH=/usr/lib/dragonwell11/jre/lib/server:/usr/lib/dragonwell11/jre/lib:/usr/lib/dragonwell11/jre/../lib" + ], + "untrusted": [ + "EXAMPLE" + ] + }, + "metadata": { + "product_id": 0, + "version_number": 0, + "debuggable": true, + "enable_kss": false, + "family_id": { + "high": "0x0", + "low": "0x0" + }, + "ext_prod_id": { + "high": "0x0", + "low": "0x0" + } + }, + "mount": [ + { + "target": "/", + "type": "unionfs", + "options": { + "layers": [ + { + "target": "/", + "type": "sefs", + "source": "./build/mount/__ROOT", + "options": { + "MAC": "" + } + }, + { + "target": "/", + "type": "sefs", + "source": "./run/mount/__ROOT" + } + ] + } + }, + { + "target": "/host", + "type": "hostfs", + "source": "." + }, + { + "target": "/proc", + "type": "procfs" + }, + { + "target": "/dev", + "type": "devfs" + } + ] +} diff --git a/benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf b/sdk/native/config/template/TeeSDK.conf similarity index 77% rename from benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf rename to sdk/native/config/template/TeeSDK.conf index ffa1b22..1436833 100644 --- a/benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf +++ b/sdk/native/config/template/TeeSDK.conf @@ -3,8 +3,8 @@ <ProdID>0</ProdID> <ISVSVN>0</ISVSVN> <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x30000000</HeapMaxSize> - <TCSNum>15</TCSNum> + <HeapMaxSize>0x40000000</HeapMaxSize> + <TCSNum>50</TCSNum> <TCSPolicy>1</TCSPolicy> <DisableDebug>0</DisableDebug> <MiscSelect>0</MiscSelect> diff --git a/sdk/native/config/template/java_enclave_configure.json b/sdk/native/config/template/java_enclave_configure.json new file mode 100644 index 0000000..5baa786 --- /dev/null +++ b/sdk/native/config/template/java_enclave_configure.json @@ -0,0 +1,8 @@ +{ + "debuggable": false, + "enclave_type": "TEE_SDK", + "metric_trace_enable": false, + "metric_trace_file_path": "", + "enclave_max_thread": 50, + "enclave_max_epc_memory_size_MB": 1500 +} \ No newline at end of file diff --git a/sdk/native/include/enc_exported_symbol.h b/sdk/native/include/enc_exported_symbol.h index 0e77dd9..345941b 100644 --- a/sdk/native/include/enc_exported_symbol.h +++ b/sdk/native/include/enc_exported_symbol.h @@ -7,6 +7,8 @@ extern "C" { #endif +int create_isolate_with_params(int argc, char** parameters, graal_isolate_t** isolate, graal_isolatethread_t** thread); + int java_loadservice_invoke(graal_isolate_t* thread, enc_data_t* input, enc_data_t* result, callbacks_t* callBacks); int java_enclave_invoke(graal_isolate_t* thread, enc_data_t* input, enc_data_t* result, callbacks_t* callBacks); diff --git a/sdk/native/script/build_app/Makefile b/sdk/native/script/build_app/Makefile index 9a6ce58..a1f2307 100644 --- a/sdk/native/script/build_app/Makefile +++ b/sdk/native/script/build_app/Makefile @@ -33,15 +33,18 @@ ifeq ($(TEE_SDK), TRUE) -fpie -ljava -lzip -lnio -lnet -l$(LIB_SUNEC) -ljvm -lfdlibm -llibchelper \ $(TS_ENCLAVE_LDFLAGS) -Wl,--version-script=/opt/javaenclave/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.lds + # create tee_sdk.conf + /bin/bash ${BUILD_SCRIPT_DIR}/create_tee_sdk_configure.sh ${ENCLAVE_BASE_DIR}/src/main/resources ${ENCLAVE_BASE_DIR}/target/enclave_workspace + ifeq ($(ENCLAVE_PRIVATE_PEM_PATH), ) openssl genrsa -out ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem -3 3072 $(SGX_ENCLAVE_SIGNER) sign -enclave ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load \ -out ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load.signed \ - -config ${ENCLAVE_BASE_DIR}/src/main/resources/tee_sdk_svm.conf -key ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem + -config ${ENCLAVE_BASE_DIR}/target/enclave_workspace/TeeSDK.conf -key ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem else $(SGX_ENCLAVE_SIGNER) sign -enclave ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load \ -out ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load.signed \ - -config ${ENCLAVE_BASE_DIR}/src/main/resources/tee_sdk_svm.conf -key $(ENCLAVE_PRIVATE_PEM_PATH) + -config ${ENCLAVE_BASE_DIR}/target/enclave_workspace/TeeSDK.conf -key $(ENCLAVE_PRIVATE_PEM_PATH) endif endif diff --git a/sdk/native/script/build_app/create_tee_sdk_configure.sh b/sdk/native/script/build_app/create_tee_sdk_configure.sh new file mode 100644 index 0000000..7a6115b --- /dev/null +++ b/sdk/native/script/build_app/create_tee_sdk_configure.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +TEE_SDK_CONFIG_FILE_PATH=$1 +TEE_SDK_BUILD_WORKSPACE=$2 + +# prepare for TeeSDK.conf +cp /opt/javaenclave/config/template/TeeSDK.conf ${TEE_SDK_BUILD_WORKSPACE} +user_tee_sdk_enclave_config_file=/opt/javaenclave/config/template/java_enclave_configure.json +if [[ -f "${TEE_SDK_CONFIG_FILE_PATH}/java_enclave_configure.json" ]]; then + user_tee_sdk_enclave_config_file=${TEE_SDK_CONFIG_FILE_PATH}/java_enclave_configure.json +fi +max_thread_num=$(< "${user_tee_sdk_enclave_config_file}" jq -r '.enclave_max_thread') +user_space_size=$(< "${user_tee_sdk_enclave_config_file}" jq -r '.enclave_max_epc_memory_size_MB') +user_space_size=$((user_space_size*1024*1024)) +user_space_size=`printf "%x" $user_space_size` +sed -i "s/<TCSNum>[0-9]*<\/TCSNum>/<TCSNum>${max_thread_num}<\/TCSNum>/g" ${TEE_SDK_BUILD_WORKSPACE}/TeeSDK.conf +sed -i "s/<HeapMaxSize>0x[0-9]*<\/HeapMaxSize>/<HeapMaxSize>0x${user_space_size}<\/HeapMaxSize>/g" ${TEE_SDK_BUILD_WORKSPACE}/TeeSDK.conf \ No newline at end of file diff --git a/sdk/native/script/build_app/libos_occlum_enclave_build.sh b/sdk/native/script/build_app/libos_occlum_enclave_build.sh index 3879514..c7b528e 100644 --- a/sdk/native/script/build_app/libos_occlum_enclave_build.sh +++ b/sdk/native/script/build_app/libos_occlum_enclave_build.sh @@ -1,7 +1,11 @@ #!/bin/bash enclave_target_path=${ENCLAVE_BASE_DIR}/target -user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/embedded_libos_enclave.json + +user_occlum_enclave_config_file=/opt/javaenclave/config/template/java_enclave_configure.json +if [ -f "${ENCLAVE_BASE_DIR}/src/main/resources/java_enclave_configure.json" ]; then + user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/java_enclave_configure.json +fi # parse enclave with dependencies jar file name. # shellcheck disable=SC2061 @@ -9,8 +13,7 @@ user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/embedded_ # shellcheck disable=SC2035 pushd "${enclave_target_path}" enclave_jar_name=$(find -name *-jar-with-dependencies.jar) -if [[ -z $enclave_jar_name ]]; -then +if [[ -z $enclave_jar_name ]]; then echo "enclave with dependencies jar file is empty." exit 1 fi @@ -26,21 +29,15 @@ occlum init # update Occlum.json according to user's config file embedded_libos_enclave.json debuggable=$(< "${user_occlum_enclave_config_file}" jq -r '.debuggable') -default_mmap_size=$(< "${user_occlum_enclave_config_file}" jq -r '.default_mmap_size') -occlum_kernel_heap_size=$(< "${user_occlum_enclave_config_file}" jq -r '.kernel_space_heap_size') -occlum_max_thread_num=$(< "${user_occlum_enclave_config_file}" jq -r '.max_num_of_threads') -user_space_size=$(< "${user_occlum_enclave_config_file}" jq -r '.user_space_size') - -new_json="$(jq --arg default_mmap_size "$default_mmap_size" \ - --arg user_space_size "$user_space_size" \ - --arg occlum_kernel_heap_size "$occlum_kernel_heap_size" \ +occlum_max_thread_num=$(< "${user_occlum_enclave_config_file}" jq -r '.enclave_max_thread') +user_space_size=$(< "${user_occlum_enclave_config_file}" jq -r '.enclave_max_epc_memory_size_MB') +user_space_size=${user_space_size}MB + +new_json="$(jq --arg user_space_size "$user_space_size" \ --argjson occlum_max_thread_num "$occlum_max_thread_num" \ --argjson debuggable "$debuggable" \ '.resource_limits.user_space_size = $user_space_size | - .resource_limits.kernel_space_heap_size = $occlum_kernel_heap_size | .resource_limits.max_num_of_threads = $occlum_max_thread_num | - .process.default_heap_size = "150MB" | - .process.default_mmap_size = $default_mmap_size | .metadata.debuggable = $debuggable | .entry_points = [ "/usr/lib/dragonwell11/jre/bin" ] | .env.default = [ "LD_LIBRARY_PATH=/usr/lib/dragonwell11/jre/lib/server:/usr/lib/dragonwell11/jre/lib:/usr/lib/dragonwell11/jre/../lib" ]' Occlum.json)" @@ -66,16 +63,14 @@ mkdir -p ./image/usr/app cp -r "${enclave_target_path}"/"${enclave_jar_name}" ./image/usr/app # prepare private.pem for image signing. -if [[ -z ${ENCLAVE_PRIVATE_PEM_PATH} ]]; -then +if [[ -z ${ENCLAVE_PRIVATE_PEM_PATH} ]]; then openssl genrsa -out private.pem -3 3072 occlum build --sign-key private.pem else occlum build --sign-key "${ENCLAVE_PRIVATE_PEM_PATH}" fi -if [ $debuggable ] -then +if [ $debuggable ]; then # occlum package --debug > /dev/null occlum package --debug > /dev/null 2>&1 else diff --git a/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java index 2b227d0..b012f68 100644 --- a/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java +++ b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java @@ -6,4 +6,6 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService; public interface ConcurrencyCalculate { void add(int delta); long sum(); + void addSync(int delta); + long sumSync(); } diff --git a/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java index 617737a..587a00f 100644 --- a/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java +++ b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java @@ -8,6 +8,7 @@ import java.util.concurrent.atomic.AtomicLong; @AutoService(ConcurrencyCalculate.class) public class ConcurrencyCalculateImpl implements ConcurrencyCalculate { private AtomicLong sum = new AtomicLong(); + private long sumSync = 0x0; @Override public void add(int delta) { @@ -18,4 +19,17 @@ public class ConcurrencyCalculateImpl implements ConcurrencyCalculate { public long sum() { return sum.get(); } + + @Override + public synchronized void addSync(int delta) { + while(delta > 0x0) { + sumSync++; + delta--; + } + } + + @Override + public synchronized long sumSync() { + return sumSync; + } } diff --git a/test/enclave/src/main/resources/embedded_libos_enclave.json b/test/enclave/src/main/resources/embedded_libos_enclave.json deleted file mode 100644 index 5ea4c10..0000000 --- a/test/enclave/src/main/resources/embedded_libos_enclave.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "debuggable": false, - "agent_http_handler_thread_pool_size": 15, - "enclave_startup_duration_ms": 60000, - "kernel_space_heap_size": "32MB", - "user_space_size": "1200MB", - "default_mmap_size": "800MB", - "max_num_of_threads": 60, - "log_level": "off", - "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"] -} \ No newline at end of file diff --git a/test/enclave/src/main/resources/tee_sdk_svm.conf b/test/enclave/src/main/resources/tee_sdk_svm.conf deleted file mode 100644 index 95d4685..0000000 --- a/test/enclave/src/main/resources/tee_sdk_svm.conf +++ /dev/null @@ -1,12 +0,0 @@ -<!-- Please refer to User's Guide for the explanation of each field --> -<EnclaveConfiguration> - <ProdID>0</ProdID> - <ISVSVN>0</ISVSVN> - <StackMaxSize>0x101000</StackMaxSize> - <HeapMaxSize>0x20000000</HeapMaxSize> - <TCSNum>15</TCSNum> - <TCSPolicy>1</TCSPolicy> - <DisableDebug>0</DisableDebug> - <MiscSelect>0</MiscSelect> - <MiscMask>0xFFFFFFFF</MiscMask> -</EnclaveConfiguration> \ No newline at end of file diff --git a/test/host/pom.xml b/test/host/pom.xml index 77bbc1c..a202260 100644 --- a/test/host/pom.xml +++ b/test/host/pom.xml @@ -56,6 +56,9 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>3.0.0-M5</version> + <configuration> + <forkCount>0</forkCount> + </configuration> </plugin> </plugins> </build> diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java index 4740f53..89f2d77 100644 --- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java +++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java @@ -48,6 +48,40 @@ public class TestEnclaveConcurrency { enclave.destroy(); } + private void enclaveConcurrencySync(EnclaveType type) throws Exception { + int concurrency = 10; + int workload = 20_000; + CountDownLatch latch0 = new CountDownLatch(1); + CountDownLatch latch1 = new CountDownLatch(concurrency); + + Enclave enclave = EnclaveFactory.create(type); + Iterator<ConcurrencyCalculate> services = enclave.load(ConcurrencyCalculate.class); + assertTrue(services.hasNext()); + ConcurrencyCalculate service = services.next(); + for (int i = 0; i < concurrency; i++) { + new Thread(new Runnable() { + @Override + public void run() { + try { + latch0.await(); + service.addSync(workload); + latch1.countDown(); + } catch (Exception e) { + e.printStackTrace(); + } + } + }).start(); + } + latch0.countDown(); + latch1.await(); + assertEquals(concurrency * workload, service.sumSync()); + + // waiting for enclave service recycle. + System.gc(); + Thread.sleep(2000); + enclave.destroy(); + } + @Test public void testEnclaveConcurrency() throws Exception { enclaveConcurrency(EnclaveType.MOCK_IN_JVM); @@ -55,4 +89,12 @@ public class TestEnclaveConcurrency { enclaveConcurrency(EnclaveType.TEE_SDK); enclaveConcurrency(EnclaveType.EMBEDDED_LIB_OS); } + + @Test + public void testEnclaveConcurrencySync() throws Exception { + enclaveConcurrencySync(EnclaveType.MOCK_IN_JVM); + enclaveConcurrencySync(EnclaveType.MOCK_IN_SVM); + enclaveConcurrencySync(EnclaveType.TEE_SDK); + enclaveConcurrencySync(EnclaveType.EMBEDDED_LIB_OS); + } } diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java index 7164035..1630d82 100644 --- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java +++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java @@ -33,8 +33,8 @@ public class TestEnclaveInfo { enclaveInfo = enclave.getEnclaveInfo(); assertEquals(enclaveInfo.getEnclaveType(), EnclaveType.TEE_SDK); assertEquals(enclaveInfo.isEnclaveDebuggable(), false); - assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 0x20000000); - assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 15); + assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024); + assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 50); enclave.destroy(); // it's related to config file in test project. @@ -42,8 +42,8 @@ public class TestEnclaveInfo { enclaveInfo = enclave.getEnclaveInfo(); assertEquals(enclaveInfo.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS); assertEquals(enclaveInfo.isEnclaveDebuggable(), false); - assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1200 * 1024 * 1024); - assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 60); + assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024); + assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 50); enclave.destroy(); } } diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java index ea3c092..622f87c 100644 --- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java +++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java @@ -60,16 +60,16 @@ public class TestEnclaveInfoMXBean { EnclaveInfo enclaveInfoTEE = enclaveTEE.getEnclaveInfo(); assertEquals(enclaveInfoTEE.getEnclaveType(), EnclaveType.TEE_SDK); assertEquals(enclaveInfoTEE.isEnclaveDebuggable(), false); - assertEquals(enclaveInfoTEE.getEnclaveEPCMemorySizeBytes(), 0x20000000); - assertEquals(enclaveInfoTEE.getEnclaveMaxThreadsNumber(), 15); + assertEquals(enclaveInfoTEE.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024); + assertEquals(enclaveInfoTEE.getEnclaveMaxThreadsNumber(), 50); // it's related to config file in test project. Enclave enclaveLIBOS = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS); EnclaveInfo enclaveInfoLIBOS = enclaveLIBOS.getEnclaveInfo(); assertEquals(enclaveInfoLIBOS.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS); assertEquals(enclaveInfoLIBOS.isEnclaveDebuggable(), false); - assertEquals(enclaveInfoLIBOS.getEnclaveEPCMemorySizeBytes(), 1200 * 1024 * 1024); - assertEquals(enclaveInfoLIBOS.getEnclaveMaxThreadsNumber(), 60); + assertEquals(enclaveInfoLIBOS.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024); + assertEquals(enclaveInfoLIBOS.getEnclaveMaxThreadsNumber(), 50); enclaveInfoMXBeanStub = new ObjectName(DOMAIN_NAME + ":name=" + ENCLAVE_MX_BEAN_STUB); mxBeanService = ManagementFactory.getPlatformMBeanServer(); @@ -120,12 +120,9 @@ public class TestEnclaveInfoMXBean { assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), -1); break; case "TEE_SDK": - assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 0x20000000); - assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 15); - break; case "EMBEDDED_LIB_OS": - assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 1200 * 1024 * 1024); - assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 60); + assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 1500 * 1024 * 1024); + assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 50); break; case "NONE": assert (false); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
