You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by sh...@apache.org on 2022/11/11 05:18:19 UTC
[incubator-teaclave-java-tee-sdk] 39/48: [sdk] Optimize and refactor JavaEnclave configure mechanism
This is an automated email from the ASF dual-hosted git repository.
shaojunwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 512626203e046a5634c88765c2372b3a66cc5211
Author: jeffery.wsj <je...@alibaba-inc.com>
AuthorDate: Thu Aug 11 10:31:23 2022 +0800
[sdk] Optimize and refactor JavaEnclave configure mechanism
Summary:
1. User does not need to provide a tee configure file.
2. Refactor JavaEnclave configure mechanism.
3. Make tee sdk enclave symbol calling be trackable.
4. Make svm isolate runtime max heap size configurable.
Test Plan: all tests pass
Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh
Issue: https://aone.alibaba-inc.com/task/44123109
CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9763704
---
.../src/main/resources/embedded_libos_enclave.json | 11 -
.../enclave/src/main/resources/tee_sdk_svm.conf | 12 --
.../benchmark/guomi/common/SMService.java | 6 +-
benchmark/guomi/enclave/pom.xml | 3 +
.../benchmark/guomi/enclave/SM2ServiceImpl.java | 62 +++---
.../benchmark/guomi/enclave/SM3ServiceImpl.java | 2 +-
.../benchmark/guomi/enclave/SM4ServiceImpl.java | 6 +-
.../benchmark/guomi/enclave/SMServiceImpl.java | 24 ++-
.../src/main/resources/embedded_libos_enclave.json | 11 -
.../src/main/resources/java_enclave_configure.json | 8 +
.../benchmark/guomi/host/GuoMiBenchMark.java | 183 +++++++---------
benchmark/guomi/run.sh | 2 +-
.../string/common/StringOperationMetric.java | 6 +-
benchmark/string/enclave/pom.xml | 3 +
.../string/enclave/StringOperationMetricImpl.java | 27 +--
.../src/main/resources/embedded_libos_enclave.json | 11 -
.../src/main/resources/java_enclave_configure.json | 8 +
.../enclave/src/main/resources/tee_sdk_svm.conf | 12 --
.../benchmark/string/host/StringBenchMark.java | 186 +++++++---------
benchmark/string/run.sh | 2 +-
.../src/main/resources/embedded_libos_enclave.json | 11 -
.../enclave/src/main/resources/tee_sdk_svm.conf | 12 --
samples/helloworld/run.sh | 2 +-
.../src/main/resources/embedded_libos_enclave.json | 11 -
.../enclave/src/main/resources/tee_sdk_svm.conf | 12 --
samples/springboot/run.sh | 2 +-
.../platform/tee_sdk_svm/edge_routines/sgx_mmap.c | 5 +-
.../tee_sdk_svm/edge_routines/tee_sdk_symbol.c | 2 +
.../tee_sdk_svm/edge_routines/tee_sdk_symbol.h | 6 +-
.../cpp/platform/tee_sdk_svm/wrapper/Makefile | 2 +-
.../platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c | 10 +-
sdk/host/docs/Configuration.md | 55 +++++
.../host/EmbeddedLibOSEnclave.java | 54 ++---
.../host/EmbeddedLibOSEnclaveConfig.java | 124 -----------
.../host/EmbeddedLibOSEnclaveConfigure.java | 151 +++++++++++++
.../host/EnclaveConfigure.java | 233 ++++++++++++---------
.../confidentialcomputing/host/EnclaveFactory.java | 49 ++++-
.../confidentialcomputing/host/ExtractLibrary.java | 13 ++
.../confidentialcomputing/host/MetricTrace.java | 29 ++-
.../host/MockInSvmEnclave.java | 32 ++-
.../host/MockInSvmEnclaveConfigure.java | 39 ++++
.../confidentialcomputing/host/TeeSdkEnclave.java | 49 +++--
.../host/TeeSdkEnclaveConfig.java | 66 ------
.../host/TeeSdkEnclaveConfigure.java | 74 +++++++
.../libos_occlum_enclave/jni/jni_occlum_enclave.c | 4 +-
.../libos_occlum_enclave/jni/jni_occlum_enclave.h | 4 +-
.../cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c | 21 +-
.../cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h | 4 +-
.../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c | 10 +-
.../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h | 4 +-
.../platform/tee_sdk_svm/edl/tee_sdk_enclave.edl | 2 +-
sdk/native/config/template/Occlum.json | 74 +++++++
.../native/config/template/TeeSDK.conf | 4 +-
.../config/template/java_enclave_configure.json | 8 +
sdk/native/include/enc_exported_symbol.h | 2 +
sdk/native/script/build_app/Makefile | 7 +-
.../script/build_app/create_tee_sdk_configure.sh | 17 ++
.../script/build_app/libos_occlum_enclave_build.sh | 31 ++-
.../test/common/ConcurrencyCalculate.java | 2 +
.../test/enclave/ConcurrencyCalculateImpl.java | 14 ++
.../src/main/resources/embedded_libos_enclave.json | 11 -
test/enclave/src/main/resources/tee_sdk_svm.conf | 12 --
test/host/pom.xml | 3 +
.../test/host/TestEnclaveConcurrency.java | 42 ++++
.../test/host/TestEnclaveInfo.java | 8 +-
.../test/host/TestEnclaveInfoMXBean.java | 15 +-
66 files changed, 1105 insertions(+), 822 deletions(-)
diff --git a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json b/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index add95b2..0000000
--- a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": true,
- "agent_http_handler_thread_pool_size": 6,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 48,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf b/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf
deleted file mode 100644
index b52a2e9..0000000
--- a/archetype/src/main/resources/archetype-resources/enclave/src/main/resources/tee_sdk_svm.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- Please refer to User's Guide for the explanation of each field -->
-<EnclaveConfiguration>
- <ProdID>0</ProdID>
- <ISVSVN>0</ISVSVN>
- <StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x6000000</HeapMaxSize>
- <TCSNum>10</TCSNum>
- <TCSPolicy>1</TCSPolicy>
- <DisableDebug>0</DisableDebug>
- <MiscSelect>0</MiscSelect>
- <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
\ No newline at end of file
diff --git a/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java b/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java
index 858123c..543ab6a 100644
--- a/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java
+++ b/benchmark/guomi/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/common/SMService.java
@@ -4,7 +4,7 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService;
@EnclaveService
public interface SMService {
- String sm2Service(String plaintext) throws Exception;
- byte[] sm3Service(String plainText) throws Exception;
- String sm4Service(String plaintext) throws Exception;
+ String sm2Service(String plaintext, int weight) throws Exception;
+ byte[] sm3Service(String plainText, int weight) throws Exception;
+ String sm4Service(String plaintext, int weight) throws Exception;
}
diff --git a/benchmark/guomi/enclave/pom.xml b/benchmark/guomi/enclave/pom.xml
index aac6171..a32b00e 100644
--- a/benchmark/guomi/enclave/pom.xml
+++ b/benchmark/guomi/enclave/pom.xml
@@ -49,6 +49,8 @@
<buildArgs>
<buildArg>--shared</buildArg>
<buildArg>--no-fallback</buildArg>
+ <buildArg>-R:MaxHeapSize=2g</buildArg>
+ <buildArg>-H:-AllowVMInternalThreads</buildArg>
<buildArg>-H:Path=svm-output</buildArg>
</buildArgs>
</configuration>
@@ -64,6 +66,7 @@
<buildArgs>
<buildArg>--shared</buildArg>
<buildArg>--no-fallback</buildArg>
+ <buildArg>-R:MaxHeapSize=2g</buildArg>
<buildArg>-H:-AllowVMInternalThreads</buildArg>
<buildArg>-H:+RunInEnclave</buildArg>
<buildArg>-H:Path=svm-output</buildArg>
diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java
index 1bfb4dc..613647e 100644
--- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java
+++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM2ServiceImpl.java
@@ -19,10 +19,11 @@ import java.util.Base64;
class SM2ServiceImpl {
private static BouncyCastleProvider provider;
- private static ECParameterSpec ecParameterSpec;
private static KeyFactory keyFactory;
- private static String publicKey;
- private static String privateKey;
+
+ private ECParameterSpec ecParameterSpec;
+ private String publicKey;
+ private String privateKey;
static {
try {
@@ -30,16 +31,19 @@ class SM2ServiceImpl {
if (provider == null) {
provider = new BouncyCastleProvider();
}
- X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1");
- ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH());
keyFactory = KeyFactory.getInstance("EC", provider);
- generateSm2KeyPair();
} catch (Exception e) {
e.printStackTrace();
}
}
- private static void generateSm2KeyPair() throws Exception {
+ public SM2ServiceImpl() throws Exception {
+ X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1");
+ ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH());
+ generateSm2KeyPair();
+ }
+
+ private void generateSm2KeyPair() throws Exception {
final ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1");
final KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider);
SecureRandom random = new SecureRandom();
@@ -47,37 +51,27 @@ class SM2ServiceImpl {
KeyPair keyPair = kpg.generateKeyPair();
BCECPrivateKey priKey = (BCECPrivateKey) keyPair.getPrivate();
BCECPublicKey pubKey = (BCECPublicKey) keyPair.getPublic();
- publicKey = new String(Hex.encode(pubKey.getQ().getEncoded(true)));
- privateKey = priKey.getD().toString(16);
+ this.publicKey = new String(Hex.encode(pubKey.getQ().getEncoded(true)));
+ this.privateKey = priKey.getD().toString(16);
}
- private String encode(String input, String pubKey) {
- try {
- X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1");
- ECParameterSpec ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH());
- ECPoint ecPoint = parameters.getCurve().decodePoint(Hex.decode(pubKey));
- KeyFactory keyFactory = KeyFactory.getInstance("EC", provider);
- BCECPublicKey key = (BCECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ecPoint, ecParameterSpec));
- Cipher cipher = Cipher.getInstance("SM2", provider);
- cipher.init(Cipher.ENCRYPT_MODE, key);
- return Base64.getEncoder().encodeToString(cipher.doFinal(input.getBytes()));
- } catch (Exception e) {
- e.printStackTrace();
- }
- return null;
+ private String encode(String input, String pubKey) throws Exception {
+ X9ECParameters parameters = GMNamedCurves.getByName("sm2p256v1");
+ ECParameterSpec ecParameterSpec = new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH());
+ ECPoint ecPoint = parameters.getCurve().decodePoint(Hex.decode(pubKey));
+ KeyFactory keyFactory = KeyFactory.getInstance("EC", provider);
+ BCECPublicKey key = (BCECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ecPoint, ecParameterSpec));
+ Cipher cipher = Cipher.getInstance("SM2", provider);
+ cipher.init(Cipher.ENCRYPT_MODE, key);
+ return Base64.getEncoder().encodeToString(cipher.doFinal(input.getBytes()));
}
- private byte[] decoder(String input, String prvKey) {
- try {
- Cipher cipher = Cipher.getInstance("SM2", provider);
- BigInteger bigInteger = new BigInteger(prvKey, 16);
- BCECPrivateKey privateKey = (BCECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(bigInteger, ecParameterSpec));
- cipher.init(Cipher.DECRYPT_MODE, privateKey);
- return cipher.doFinal(Base64.getDecoder().decode(input));
- } catch (Exception e) {
- e.printStackTrace();
- }
- return null;
+ private byte[] decoder(String input, String prvKey) throws Exception {
+ Cipher cipher = Cipher.getInstance("SM2", provider);
+ BigInteger bigInteger = new BigInteger(prvKey, 16);
+ BCECPrivateKey privateKey = (BCECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(bigInteger, ecParameterSpec));
+ cipher.init(Cipher.DECRYPT_MODE, privateKey);
+ return cipher.doFinal(Base64.getDecoder().decode(input));
}
String sm2Service(String plaintext) throws Exception {
diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java
index e4e64a5..c74738a 100644
--- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java
+++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM3ServiceImpl.java
@@ -4,7 +4,7 @@ import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SM3Digest;
class SM3ServiceImpl {
- static byte[] sm3Service(String plainText) throws Exception {
+ byte[] sm3Service(String plainText) throws Exception {
byte[] messages = plainText.getBytes();
Digest md = new SM3Digest();
md.update(messages, 0, messages.length);
diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java
index 0d13810..8bfcb78 100644
--- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java
+++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SM4ServiceImpl.java
@@ -12,9 +12,9 @@ import java.security.SecureRandom;
import java.security.Security;
public class SM4ServiceImpl {
- private static final String ALGORITHM_NAME = "SM4";
- private static final String ALGORITHM_ECB_PKCS5PADDING = "SM4/ECB/PKCS5Padding";
- private static final int DEFAULT_KEY_SIZE = 128;
+ private final String ALGORITHM_NAME = "SM4";
+ private final String ALGORITHM_ECB_PKCS5PADDING = "SM4/ECB/PKCS5Padding";
+ private final int DEFAULT_KEY_SIZE = 128;
static {
Provider provider = Security.getProvider("BC");
diff --git a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java
index 4f46345..80f3588 100644
--- a/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java
+++ b/benchmark/guomi/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/enclave/SMServiceImpl.java
@@ -7,17 +7,29 @@ import com.google.auto.service.AutoService;
public class SMServiceImpl implements SMService {
@Override
- public String sm2Service(String plaintext) throws Exception {
- return new SM2ServiceImpl().sm2Service(plaintext);
+ public String sm2Service(String plaintext, int weight) throws Exception {
+ String result = null;
+ for (int i = 0x0; i < weight; i++) {
+ result = new SM2ServiceImpl().sm2Service(plaintext);
+ }
+ return result;
}
@Override
- public byte[] sm3Service(String plainText) throws Exception {
- return SM3ServiceImpl.sm3Service(plainText);
+ public byte[] sm3Service(String plainText, int weight) throws Exception {
+ byte[] result = null;
+ for (int i = 0x0; i < weight; i++) {
+ result = new SM3ServiceImpl().sm3Service(plainText);
+ }
+ return result;
}
@Override
- public String sm4Service(String plaintext) throws Exception {
- return new SM4ServiceImpl().sm4Service(plaintext);
+ public String sm4Service(String plaintext, int weight) throws Exception {
+ String result = null;
+ for (int i = 0x0; i < weight; i++) {
+ result = new SM4ServiceImpl().sm4Service(plaintext);
+ }
+ return result;
}
}
diff --git a/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json b/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index add95b2..0000000
--- a/benchmark/guomi/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": true,
- "agent_http_handler_thread_pool_size": 6,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 48,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json b/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json
new file mode 100644
index 0000000..32c48ff
--- /dev/null
+++ b/benchmark/guomi/enclave/src/main/resources/java_enclave_configure.json
@@ -0,0 +1,8 @@
+{
+ "debuggable": false,
+ "enclave_type": "TEE_SDK",
+ "metric_trace_enable": false,
+ "metric_trace_file_path": "",
+ "enclave_max_thread": 50,
+ "enclave_max_epc_memory_size_MB": 2500
+}
\ No newline at end of file
diff --git a/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java b/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java
index a5ecc29..cbc048c 100644
--- a/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java
+++ b/benchmark/guomi/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/guomi/host/GuoMiBenchMark.java
@@ -15,135 +15,106 @@ import java.util.concurrent.TimeUnit;
@BenchmarkMode(Mode.AverageTime)
@Warmup(iterations = 3, time = 1)
-@Measurement(iterations = 5, time = 2)
-@Threads(8)
+@Measurement(iterations = 4, time = 1)
+@Threads(4)
@Fork(1)
-@State(value = Scope.Benchmark)
+@State(value = Scope.Thread)
@OutputTimeUnit(TimeUnit.MILLISECONDS)
public class GuoMiBenchMark {
-
- @State(Scope.Benchmark)
- public static class MockJVMEnclave {
- private Enclave enclave = null;
- private SMService service = null;
-
- @Setup(Level.Trial)
+ private int sm2Weight = 10;
+ private int sm3Weight = 20_000;
+ private int sm4Weight = 300;
+
+ private String sm2Context = "abcd_ed123.t12y@haha.com";
+ private String sm3Context = "Hello World!";
+ private String sm4Context = "word1, word2 word3@word4?word5.word6";
+
+ @Param(value = {"MOCK_IN_JVM", "MOCK_IN_SVM", "TEE_SDK", "EMBEDDED_LIB_OS"})
+ private String enclaveServiceInstance;
+ @Param(value = {"SM2", "SM3", "SM4"})
+ private String smAlgo;
+
+ @State(Scope.Thread)
+ public static class EnclaveBenchmark {
+ private Enclave mockJVMEnclave = null;
+ private SMService mockJVMService = null;
+ private Enclave mockSVMEnclave = null;
+ private SMService mockSVMService = null;
+ private Enclave teeSDKEnclave = null;
+ private SMService teeSDKService = null;
+ private Enclave embeddedLibOSEnclave = null;
+ private SMService embeddedLibOSService = null;
+
+ @Setup
public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM);
- service = enclave.load(SMService.class).next();
+ mockJVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM);
+ mockJVMService = mockJVMEnclave.load(SMService.class).next();
+ mockSVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM);
+ mockSVMService = mockSVMEnclave.load(SMService.class).next();
+ teeSDKEnclave = EnclaveFactory.create(EnclaveType.TEE_SDK);
+ teeSDKService = teeSDKEnclave.load(SMService.class).next();
+ embeddedLibOSEnclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS);
+ embeddedLibOSService = embeddedLibOSEnclave.load(SMService.class).next();
}
- public SMService getServiceInstance() {
- return this.service;
+ @TearDown
+ public void destroyEnclave() throws Exception {
+ mockJVMEnclave.destroy();
+ mockSVMEnclave.destroy();
+ teeSDKEnclave.destroy();
+ embeddedLibOSEnclave.destroy();
}
- }
- @State(Scope.Benchmark)
- public static class MockSVMEnclave {
- private Enclave enclave = null;
- private SMService service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM);
- service = enclave.load(SMService.class).next();
+ public SMService getMockJVMServiceInstance() {
+ return mockJVMService;
}
- public SMService getServiceInstance() {
- return this.service;
+ public SMService getMockSVMServiceInstance() {
+ return mockSVMService;
}
- }
- @State(Scope.Benchmark)
- public static class TeeSDKEnclave {
- private Enclave enclave = null;
- private SMService service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.TEE_SDK);
- service = enclave.load(SMService.class).next();
+ public SMService getTeeSDKServiceInstance() {
+ return teeSDKService;
}
- public SMService getServiceInstance() {
- return this.service;
+ public SMService getEmbeddedLibOSServiceInstance() {
+ return embeddedLibOSService;
}
}
- @State(Scope.Benchmark)
- public static class EmbeddedLibOSEnclave {
- private Enclave enclave = null;
- private SMService service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS);
- service = enclave.load(SMService.class).next();
+ private void smBenchmarkImpl(EnclaveBenchmark enclave, String serviceName, String smAlgo) throws Exception {
+ SMService service = null;
+ switch (serviceName) {
+ case "MOCK_IN_JVM":
+ service = enclave.getMockJVMServiceInstance();
+ break;
+ case "MOCK_IN_SVM":
+ service = enclave.getMockSVMServiceInstance();
+ break;
+ case "TEE_SDK":
+ service = enclave.getTeeSDKServiceInstance();
+ break;
+ case "EMBEDDED_LIB_OS":
+ service = enclave.getEmbeddedLibOSServiceInstance();
+ break;
}
- public SMService getServiceInstance() {
- return this.service;
+ switch (smAlgo) {
+ case "SM2":
+ service.sm2Service(sm2Context, sm2Weight);
+ break;
+ case "SM3":
+ service.sm3Service(sm3Context, sm3Weight);
+ break;
+ case "SM4":
+ service.sm4Service(sm4Context, sm4Weight);
+ break;
}
}
@Benchmark
- public void sm2TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm2Service("abcd_ed123.t12y@haha.com");
- }
-
- @Benchmark
- public void sm2MockJVMBenchMark(MockJVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm2Service("abcd_ed123.t12y@haha.com");
- }
-
- @Benchmark
- public void sm2MockSVMBenchMark(MockSVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm2Service("abcd_ed123.t12y@haha.com");
- }
-
- @Benchmark
- public void sm2EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm2Service("abcd_ed123.t12y@haha.com");
- }
-
- @Benchmark
- public void sm3MockJVMBenchMark(MockJVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm3Service("Hello World!");
- }
-
- @Benchmark
- public void sm3MockSVMBenchMark(MockSVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm3Service("Hello World!");
- }
-
- @Benchmark
- public void sm3TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm3Service("Hello World!");
- }
-
- @Benchmark
- public void sm3EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm3Service("Hello World!");
- }
-
- @Benchmark
- public void sm4MockJVMBenchMark(MockJVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6");
- }
-
- @Benchmark
- public void sm4MockSVMBenchMark(MockSVMEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6");
- }
-
- @Benchmark
- public void sm4TeeSDKBenchMark(TeeSDKEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6");
- }
-
- @Benchmark
- public void sm4EmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) throws Exception {
- enclave.getServiceInstance().sm4Service("word1, word2 word3@word4?word5.word6");
+ public void smBenchMark(EnclaveBenchmark enclave) throws Exception {
+ smBenchmarkImpl(enclave, enclaveServiceInstance, smAlgo);
}
public static void main(String[] args) throws RunnerException {
diff --git a/benchmark/guomi/run.sh b/benchmark/guomi/run.sh
index 7f5894e..6fab631 100755
--- a/benchmark/guomi/run.sh
+++ b/benchmark/guomi/run.sh
@@ -2,4 +2,4 @@
mvn --settings /root/tools/settings.xml -Pnative clean package
-java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.guomi.host.GuoMiBenchMark
+OCCLUM_RELEASE_ENCLAVE=true java -Dcom.alibaba.enclave.metric.enable=false -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.guomi.host.GuoMiBenchMark
diff --git a/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java b/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java
index c0edbb0..6ced321 100644
--- a/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java
+++ b/benchmark/string/common/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/common/StringOperationMetric.java
@@ -4,7 +4,7 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService;
@EnclaveService
public interface StringOperationMetric {
- boolean stringRegex(String source, String pattern, int iterator);
- String stringConcat(String source, String split, int iterator);
- String[] stringSplit(String source, String concat, int iterator);
+ boolean stringRegex(String source, String pattern, int weight);
+ String stringConcat(String source, String split, int weight);
+ String[] stringSplit(String source, String concat, int weight);
}
diff --git a/benchmark/string/enclave/pom.xml b/benchmark/string/enclave/pom.xml
index 01a79e0..97aadaf 100644
--- a/benchmark/string/enclave/pom.xml
+++ b/benchmark/string/enclave/pom.xml
@@ -49,6 +49,8 @@
<buildArgs>
<buildArg>--shared</buildArg>
<buildArg>--no-fallback</buildArg>
+ <buildArg>-R:MaxHeapSize=1500m</buildArg>
+ <buildArg>-H:-AllowVMInternalThreads</buildArg>
<buildArg>-H:Path=svm-output</buildArg>
</buildArgs>
</configuration>
@@ -65,6 +67,7 @@
<buildArg>--shared</buildArg>
<buildArg>-R:-PrintGC</buildArg>
<buildArg>--no-fallback</buildArg>
+ <buildArg>-R:MaxHeapSize=1500m</buildArg>
<buildArg>-H:-AllowVMInternalThreads</buildArg>
<buildArg>-H:+RunInEnclave</buildArg>
<buildArg>-H:Path=svm-output</buildArg>
diff --git a/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java b/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java
index c17df7a..f27f974 100644
--- a/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java
+++ b/benchmark/string/enclave/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/enclave/StringOperationMetricImpl.java
@@ -7,38 +7,31 @@ import java.util.regex.Pattern;
@AutoService(StringOperationMetric.class)
public class StringOperationMetricImpl implements StringOperationMetric {
- private final long INNER_MAX_ITERATOR = 50;
@Override
- public String stringConcat(String source, String concat, int iterator) {
+ public String stringConcat(String source, String concat, int weight) {
String result = null;
- for (int i = 0x0; i < iterator; i++) {
- for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) {
- result = source.concat(concat).toLowerCase().trim().replace('a', 'b');
- }
+ for (int i = 0x0; i < weight; i++) {
+ result = source.concat(concat).toLowerCase().trim().replace('a', 'b');
}
return result;
}
@Override
- public boolean stringRegex(String source, String pattern, int iterator) {
+ public boolean stringRegex(String source, String pattern, int weight) {
boolean matched = false;
- for (int i = 0x0; i < iterator; i++) {
- for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) {
- Pattern p = Pattern.compile(pattern);
- matched = p.matcher(source).matches();
- }
+ for (int i = 0x0; i < weight; i++) {
+ Pattern p = Pattern.compile(pattern);
+ matched = p.matcher(source).matches();
}
return matched;
}
@Override
- public String[] stringSplit(String source, String split, int iterator) {
+ public String[] stringSplit(String source, String split, int weight) {
String[] result = null;
- for (int i = 0x0; i < iterator; i++) {
- for (int j = 0x0; j < INNER_MAX_ITERATOR; j++) {
- result = source.split(split);
- }
+ for (int i = 0x0; i < weight; i++) {
+ result = source.split(split);
}
return result;
}
diff --git a/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json b/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index add95b2..0000000
--- a/benchmark/string/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": true,
- "agent_http_handler_thread_pool_size": 6,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 48,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/benchmark/string/enclave/src/main/resources/java_enclave_configure.json b/benchmark/string/enclave/src/main/resources/java_enclave_configure.json
new file mode 100644
index 0000000..2d2d54a
--- /dev/null
+++ b/benchmark/string/enclave/src/main/resources/java_enclave_configure.json
@@ -0,0 +1,8 @@
+{
+ "debuggable": false,
+ "enclave_type": "TEE_SDK",
+ "metric_trace_enable": false,
+ "metric_trace_file_path": "",
+ "enclave_max_thread": 50,
+ "enclave_max_epc_memory_size_MB": 2000
+}
\ No newline at end of file
diff --git a/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf b/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf
deleted file mode 100644
index 6e39049..0000000
--- a/benchmark/string/enclave/src/main/resources/tee_sdk_svm.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- Please refer to User's Guide for the explanation of each field -->
-<EnclaveConfiguration>
- <ProdID>0</ProdID>
- <ISVSVN>0</ISVSVN>
- <StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x30000000</HeapMaxSize>
- <TCSNum>10</TCSNum>
- <TCSPolicy>1</TCSPolicy>
- <DisableDebug>0</DisableDebug>
- <MiscSelect>0</MiscSelect>
- <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
\ No newline at end of file
diff --git a/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java b/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java
index 8455724..f035f9b 100644
--- a/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java
+++ b/benchmark/string/host/src/main/java/com/alibaba/confidentialcomputing/benchmark/string/host/StringBenchMark.java
@@ -16,136 +16,108 @@ import java.util.concurrent.TimeUnit;
@BenchmarkMode(Mode.AverageTime)
@Warmup(iterations = 3, time = 1)
@Measurement(iterations = 4, time = 2)
-@Threads(8)
+@Threads(4)
@Fork(1)
-@State(value = Scope.Benchmark)
+@State(value = Scope.Thread)
@OutputTimeUnit(TimeUnit.MILLISECONDS)
public class StringBenchMark {
- @Param(value = {"5"})
- private int iterator;
-
- @State(Scope.Benchmark)
- public static class MockJVMEnclave {
- private Enclave enclave = null;
- private StringOperationMetric service = null;
-
- @Setup(Level.Trial)
+ private int regexWeight = 5000;
+ private int concatWeight = 50_000;
+ private int splitWeight = 5000;
+
+ @Param(value = {"MOCK_IN_JVM", "MOCK_IN_SVM", "TEE_SDK", "EMBEDDED_LIB_OS"})
+ private String enclaveServiceInstance;
+ @Param(value = {"regex", "concat", "split"})
+ private String stringOpt;
+
+ private String regexContext = "abcd_ed123.t12y@haha.com";
+ private String regexPattern = "^[\\w._]+@\\w+\\.[a-zA-Z]+$";
+ private String concatContext = "Hello World!";
+ private String concatPattern = "abc";
+ private String splitContext = "word1, word2 word3@word4?word5.word6";
+ private String splitPattern = "[, ?.@]+";
+
+ @State(Scope.Thread)
+ public static class EnclaveBenchmark {
+ private Enclave mockJVMEnclave = null;
+ private StringOperationMetric mockJVMService = null;
+ private Enclave mockSVMEnclave = null;
+ private StringOperationMetric mockSVMService = null;
+ private Enclave teeSDKEnclave = null;
+ private StringOperationMetric teeSDKService = null;
+ private Enclave embeddedLibOSEnclave = null;
+ private StringOperationMetric embeddedLibOSService = null;
+
+ @Setup
public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM);
- service = enclave.load(StringOperationMetric.class).next();
+ mockJVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_JVM);
+ mockJVMService = mockJVMEnclave.load(StringOperationMetric.class).next();
+ mockSVMEnclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM);
+ mockSVMService = mockSVMEnclave.load(StringOperationMetric.class).next();
+ teeSDKEnclave = EnclaveFactory.create(EnclaveType.TEE_SDK);
+ teeSDKService = teeSDKEnclave.load(StringOperationMetric.class).next();
+ embeddedLibOSEnclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS);
+ embeddedLibOSService = embeddedLibOSEnclave.load(StringOperationMetric.class).next();
}
- public StringOperationMetric getServiceInstance() {
- return this.service;
+ @TearDown
+ public void destroyEnclave() throws Exception {
+ mockJVMEnclave.destroy();
+ mockSVMEnclave.destroy();
+ teeSDKEnclave.destroy();
+ embeddedLibOSEnclave.destroy();
}
- }
- @State(Scope.Benchmark)
- public static class MockSVMEnclave {
- private Enclave enclave = null;
- private StringOperationMetric service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.MOCK_IN_SVM);
- service = enclave.load(StringOperationMetric.class).next();
+ public StringOperationMetric getMockJVMServiceInstance() {
+ return mockJVMService;
}
- public StringOperationMetric getServiceInstance() {
- return this.service;
+ public StringOperationMetric getMockSVMServiceInstance() {
+ return mockSVMService;
}
- }
- @State(Scope.Benchmark)
- public static class TeeSDKEnclave {
- private Enclave enclave = null;
- private StringOperationMetric service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.TEE_SDK);
- service = enclave.load(StringOperationMetric.class).next();
+ public StringOperationMetric getTeeSDKServiceInstance() {
+ return teeSDKService;
}
- public StringOperationMetric getServiceInstance() {
- return this.service;
+ public StringOperationMetric getEmbeddedLibOSServiceInstance() {
+ return embeddedLibOSService;
}
}
- @State(Scope.Benchmark)
- public static class EmbeddedLibOSEnclave {
- private Enclave enclave = null;
- private StringOperationMetric service = null;
-
- @Setup(Level.Trial)
- public void createEnclave() throws Exception {
- enclave = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS);
- service = enclave.load(StringOperationMetric.class).next();
+ private void stringBenchMarkImpl(EnclaveBenchmark enclave, String enclaveServiceInstance, String stringOpt) {
+ StringOperationMetric service = null;
+ switch (enclaveServiceInstance) {
+ case "MOCK_IN_JVM":
+ service = enclave.getMockJVMServiceInstance();
+ break;
+ case "MOCK_IN_SVM":
+ service = enclave.getMockSVMServiceInstance();
+ break;
+ case "TEE_SDK":
+ service = enclave.getTeeSDKServiceInstance();
+ break;
+ case "EMBEDDED_LIB_OS":
+ service = enclave.getEmbeddedLibOSServiceInstance();
+ break;
}
- public StringOperationMetric getServiceInstance() {
- return this.service;
+ switch (stringOpt) {
+ case "regex":
+ service.stringRegex(regexContext, regexPattern, regexWeight);
+ break;
+ case "concat":
+ service.stringConcat(concatContext, concatPattern, concatWeight);
+ break;
+ case "split":
+ service.stringSplit(splitContext, splitPattern, splitWeight);
+ break;
}
}
@Benchmark
- public void stringRegexMockJVMBenchMark(MockJVMEnclave enclave) {
- enclave.getServiceInstance().stringRegex("abcd_ed123.t12y@haha.com", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator);
- }
-
- @Benchmark
- public void stringRegexMockSVMBenchMark(MockSVMEnclave enclave) {
- enclave.getServiceInstance().stringRegex("abcd_ed123.t12y@haha.com", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator);
- }
-
- @Benchmark
- public void stringRegexTeeSDKBenchMark(TeeSDKEnclave enclave) {
- enclave.getServiceInstance().stringRegex("abcd_ed123.t12y@haha.com", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator);
- }
-
- @Benchmark
- public void stringRegexEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) {
- enclave.getServiceInstance().stringRegex("abcd_ed123.t12y@haha.com", "^[\\w._]+@\\w+\\.[a-zA-Z]+$", iterator);
- }
-
- @Benchmark
- public void stringConcatMockJVMBenchMark(MockJVMEnclave enclave) {
- enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator);
- }
-
- @Benchmark
- public void stringConcatMockSVMBenchMark(MockSVMEnclave enclave) {
- enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator);
- }
-
- @Benchmark
- public void stringConcatTeeSDKBenchMark(TeeSDKEnclave enclave) {
- enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator);
- }
-
- @Benchmark
- public void stringConcatEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) {
- enclave.getServiceInstance().stringConcat("Hello World!", "abc", iterator);
- }
-
- @Benchmark
- public void stringSplitMockJVMBenchMark(MockJVMEnclave enclave) {
- enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator);
- }
-
- @Benchmark
- public void stringSplitMockSVMBenchMark(MockSVMEnclave enclave) {
- enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator);
- }
-
- @Benchmark
- public void stringSplitTeeSDKBenchMark(TeeSDKEnclave enclave) {
- enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator);
- }
-
- @Benchmark
- public void stringSplitEmbeddedLibOSBenchMark(EmbeddedLibOSEnclave enclave) {
- enclave.getServiceInstance().stringSplit("word1, word2 word3@word4?word5.word6", "[, ?.@]+", iterator);
+ public void stringBenchMark(EnclaveBenchmark enclave) {
+ stringBenchMarkImpl(enclave, enclaveServiceInstance, stringOpt);
}
public static void main(String[] args) throws RunnerException {
diff --git a/benchmark/string/run.sh b/benchmark/string/run.sh
index 346419d..3423a71 100755
--- a/benchmark/string/run.sh
+++ b/benchmark/string/run.sh
@@ -2,4 +2,4 @@
mvn --settings /root/tools/settings.xml -Pnative clean package
-java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.string.host.StringBenchMark
+OCCLUM_RELEASE_ENCLAVE=true java -Dcom.alibaba.enclave.metric.enable=false -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.benchmark.string.host.StringBenchMark
diff --git a/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json b/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index add95b2..0000000
--- a/samples/helloworld/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": true,
- "agent_http_handler_thread_pool_size": 6,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 48,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf b/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf
deleted file mode 100644
index b52a2e9..0000000
--- a/samples/helloworld/enclave/src/main/resources/tee_sdk_svm.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- Please refer to User's Guide for the explanation of each field -->
-<EnclaveConfiguration>
- <ProdID>0</ProdID>
- <ISVSVN>0</ISVSVN>
- <StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x6000000</HeapMaxSize>
- <TCSNum>10</TCSNum>
- <TCSPolicy>1</TCSPolicy>
- <DisableDebug>0</DisableDebug>
- <MiscSelect>0</MiscSelect>
- <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
\ No newline at end of file
diff --git a/samples/helloworld/run.sh b/samples/helloworld/run.sh
index dc29e4b..1d11d21 100755
--- a/samples/helloworld/run.sh
+++ b/samples/helloworld/run.sh
@@ -2,4 +2,4 @@
mvn --settings /root/tools/settings.xml -Pnative clean package
-java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.samples.helloworld.host.Main
+OCCLUM_RELEASE_ENCLAVE=true java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.samples.helloworld.host.Main
diff --git a/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json b/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index add95b2..0000000
--- a/samples/springboot/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": true,
- "agent_http_handler_thread_pool_size": 6,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 48,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf b/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf
deleted file mode 100644
index 5ff1791..0000000
--- a/samples/springboot/enclave/src/main/resources/tee_sdk_svm.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- Please refer to User's Guide for the explanation of each field -->
-<EnclaveConfiguration>
- <ProdID>0</ProdID>
- <ISVSVN>0</ISVSVN>
- <StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x60000000</HeapMaxSize>
- <TCSNum>10</TCSNum>
- <TCSPolicy>1</TCSPolicy>
- <DisableDebug>0</DisableDebug>
- <MiscSelect>0</MiscSelect>
- <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
\ No newline at end of file
diff --git a/samples/springboot/run.sh b/samples/springboot/run.sh
index b8034ae..f77e13e 100755
--- a/samples/springboot/run.sh
+++ b/samples/springboot/run.sh
@@ -4,7 +4,7 @@
mvn --settings /root/tools/settings.xml -Pnative clean package
# step2: startup springboot application service.
-java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.samples.springboot.host.Application &
+OCCLUM_RELEASE_ENCLAVE=true java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.alibaba.confidentialcomputing.samples.springboot.host.Application &
sleep 5
# shellcheck disable=SC2006
# shellcheck disable=SC2009
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
index 8ed5c23..7618017 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
@@ -40,14 +40,15 @@ void* mmap(void *hint, int size, int prot, int flags) {
} else if (flags == 0x32) {
ptr = hint;
} else {
- // printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
+ if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
ASSERT();
}
- // printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
+ if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
return ptr;
}
int munmap(void *addr, int size) {
TRACE_SYMBOL_CALL();
+ if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: unmmap operation in tee sdk enclave: addr is: %p, size is: %d\n", addr, size);
return _munmap(addr, size);
}
\ No newline at end of file
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
index d5e7ce8..a3e5b61 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
@@ -1,6 +1,8 @@
#include "tee_sdk_enclave_t.h"
#include "tee_sdk_symbol.h"
+int enable_trace_symbol_calling = 0x0;
+
void __fxstat() {TRACE_SYMBOL_CALL(); ASSERT();}
void __fxstat64() {TRACE_SYMBOL_CALL(); ASSERT();}
void __isnan() {TRACE_SYMBOL_CALL(); ASSERT();}
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
index 6666808..99d6905 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
@@ -5,9 +5,11 @@
#include <stdio.h>
#include <assert.h>
-//#define ENABLE_TRACE_SYSCALL
+extern int enable_trace_symbol_calling;
+
+#define ENABLE_TRACE_SYSCALL
#if defined(ENABLE_TRACE_SYSCALL)
-#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__);
+#define TRACE_SYMBOL_CALL() if(enable_trace_symbol_calling == 0x1) printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__);
#else
#define TRACE_SYMBOL_CALL()
#endif
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile
index af20bb3..c9a5474 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/Makefile
@@ -6,7 +6,7 @@ include $(NATIVE_BASE_DIR)/config/platform/tee_sdk_svm/jni/config.mk
all: build
build:
- $(CC) -g -c -I$(INCLUDE) -I$(JAVA_HOME)/lib $(TS_ENCLAVE_INCDIR) $(TS_ENCLAVE_CFLAGS) tee_sdk_wrapper.c \
+ $(CC) -g -c -I$(INCLUDE) -I../edge_routines -I$(JAVA_HOME)/lib $(TS_ENCLAVE_INCDIR) $(TS_ENCLAVE_CFLAGS) tee_sdk_wrapper.c \
-o $(BIN)/platform/tee_sdk_svm/tee_sdk_wrapper.o
clean:
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c
index 6d651ea..b624dd4 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/wrapper/tee_sdk_wrapper.c
@@ -8,6 +8,7 @@
#include <enc_environment.h>
#include <enc_exported_symbol.h>
+#include "tee_sdk_symbol.h"
#include "tee_sdk_wrapper.h"
typedef int (*enclave_calling_stub)(uint64_t isolate, enc_data_t* input, enc_data_t* output, callbacks_t* callback);
@@ -32,12 +33,17 @@ int tee_sdk_random(void* data, long size) {
return (int)sgx_read_rand(data, (size_t)size);
}
-int enclave_svm_isolate_create(void* isolate, void* isolateThread) {
+int enclave_svm_isolate_create(void* isolate, void* isolateThread, int flag, char* args) {
graal_isolate_t* isolate_t;
graal_isolatethread_t* thread_t;
// Implicitly set graal_create_isolate_params_t param as NULL.
- int ret = graal_create_isolate(NULL, &isolate_t, &thread_t);
+ enable_trace_symbol_calling = flag;
+ int argc = 2;
+ char* parameters[2];
+ parameters[0] = NULL;
+ parameters[1] = args;
+ int ret = create_isolate_with_params(argc, parameters, &isolate_t, &thread_t);
*(uint64_t*)isolate = (uint64_t)isolate_t;
*(uint64_t*)isolateThread = (uint64_t)thread_t;
return ret;
diff --git a/sdk/host/docs/Configuration.md b/sdk/host/docs/Configuration.md
new file mode 100644
index 0000000..ef1ddf2
--- /dev/null
+++ b/sdk/host/docs/Configuration.md
@@ -0,0 +1,55 @@
+# JavaEnclave Configuration Illustration
+
+## Configure file
+
+JavaEnclave provides a `java_enclave_configure.json` template file for user to set customized parameters. It provides six parameters:
+
+| key | value(default) | illustation |
+|--------------------------------| ------------ |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| debuggable | false | Allow `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave to be debuggable or not, debuggable mode help to debug. Should make it to be not debuggable when the project is online service for security. |
+| enclave_type | TEE_SDK | When creating an enclave instance with method `EnclaveFactory.create()`, TEE_SDK kind of Enclave will be created by default, key `enclave_type` could be one of `MOCK_IN_JVM` `MOCK_IN_SVM` `TEE_SDK` `EMBEDDED_LIB_OS`. |
+| metric_trace_enable | false | Enable JavaEnclave performance metric or not. |
+| metric_trace_file_path | "" | Customized JavaEnclave metric log file path. JavaEnclave Metric feature could help to measure the cost of every service invocation and service loading/unloading. |
+| enclave_max_thread | 50 | The max thread number ecalls into `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave. |
+| enclave_max_epc_memory_size_MB | 1500 | The max physical epc memory size in `TEE_SDK`, `EMBEDDED_LIB_OS` Enclave |
+
+`debuggable`、`enclave_type`、`metric_trace_enable` and `metric_trace_file_path`could also be set by -Dproperty way. But`enclave_max_thread ` and `enclave_max_epc_memory_size_MB `could only be changed or set by java_enclave_configure.json file in enclave submodule's resource dir.
+
+## Property Configuration Setting
+
+JavaEnclave provides some customized property setting for different scene.
+
+| property | value | illustration |
+| ------------ | ------------ | ------------ |
+| com.alibaba.enclave.type | MOCK_IN_JVMMOCK_IN_SVM/TEE_SDK/EMBEDDED_LIB_OS | same as be described in Configure file |
+| com.alibaba.enclave.debuggable | true/false | same as be described in Configure file |
+| com.alibaba.enclave.metric.enable | true/false | same as be described in Configure file |
+| com.alibaba.enclave.metric.log | customized metric log file path | same as be described in Configure file |
+
+### MOCK_IN_SVM Enclave Property Configuration Setting
+
+| property | value | illustration |
+|------------------------------------------|-------------|----------------------------------------------|
+| com.alibaba.enclave.mockinsvm.maxheap_MB | | gc max heap size(MB) in mock_in_svm enclave. |
+
+### TEE_SDK Enclave Property Configuration Setting
+
+| property | value | illustration |
+|-----------------------------------------------|-------------|-----------------------------------------------------------------------------------|
+| com.alibaba.enclave.teesdk.symbol.trace | true(false) | help to trace undefined symbols invocation in TEE_SDK, default value is unenable. |
+| com.alibaba.enclave.teesdk.maxheap_MB | | gc max heap size(MB) in tee sdk enclave. |
+
+
+### EMBEDDED_LIB_OS Enclave Property Configuration Setting
+
+| property | value | illustration |
+|-------------------------------------------------| ------------ | ------------ |
+| com.alibaba.enclave.agent.thread.pool.size | 5 | agent http server thread pool size in enclave, default value is 5. |
+| com.alibaba.enclave.embedded.startup.timeout_ms | 60000 | the max startup timeout for libos enclave startup, default timeout is 60000ms. |
+| com.alibaba.enclave.embedded.keepalive.timeout_s | 300 | enclave agent http long connection keep alive timeout, default timeout is 300s. |
+| com.alibaba.enclave.embedded.keepalive.max | 100 | max agent http router, default number is 100. |
+| com.alibaba.enclave.embedded.connect.timeout_ms | 1000 | agent http connection timeout, default is 1000ms. |
+| com.alibaba.enclave.embedded.read.timeout_ms | 2000 | agent http reading timeout, default is 2000ms. |
+| com.alibaba.enclave.embedded.ra.timeout_ms | 10000 | embedded libos remote attestation generation and verification timeout, default is 10000ms. |
+| com.alibaba.enclave.embedded.log.level | "off" | enable enclave log or not, default is off. |
+| com.alibaba.enclave.embedded.jvm.args | "-Dsun.net.httpserver.nodelay=true, -XX:-UseCompressedOops, -Xmx800m, -Dos.name=Linux" | jvm's startup args in embedded libos enclave. |
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java
index 0c6a9c0..867e3c0 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclave.java
@@ -15,10 +15,7 @@ import com.alibaba.confidentialcomputing.host.exception.*;
* EmbeddedLibOSEnclave object in a process.
*/
public class EmbeddedLibOSEnclave extends AbstractEnclave {
- private static final int HTTP_CONNECT_TIMEOUT_MS = 800; // ms.
- private static final int HTTP_READ_TIMEOUT_MS = 2000; // ms.
- private static final int HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_MS = HTTP_READ_TIMEOUT_MS * 10; // ms.
- private static final String EMBEDDED_LIB_OS_ENCLAVE_STARTUP_THREAD_NAME = "async_lib_os_enclave_startup_thread";
+ private static final String EMBEDDED_LIB_OS_ENCLAVE_STARTUP_THREAD_NAME = "lib_os_enclave_agent_thread";
private static final String HTTP_SERVER_PREFIX = "http://localhost:";
private static final String HTTP_SERVER_NAME = "/enclaveAgent";
private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_embedded_lib_os_enclave.so";
@@ -44,9 +41,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
}
}
- private EmbeddedLibOSEnclave(EnclaveDebug mode, EnclaveSimulate sim) throws EnclaveCreatingException {
- // Set EnclaveContext for this enclave instance.
- super(EnclaveType.EMBEDDED_LIB_OS, mode, new EnclaveServicesRecycler());
+ private void extractNativeResource() throws EnclaveCreatingException {
// Extract jni .so and signed tee .so from .jar file.
// Only once extract and load operation.
if (extractTempPath == null) {
@@ -68,7 +63,12 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
}
}
}
+ }
+ private EmbeddedLibOSEnclave(EnclaveDebug mode, EnclaveSimulate sim) throws EnclaveCreatingException {
+ // Set EnclaveContext for this enclave instance.
+ super(EnclaveType.EMBEDDED_LIB_OS, mode, new EnclaveServicesRecycler());
+ extractNativeResource();
try {
portHost = getFreePort();
portEnclave = getFreePort();
@@ -77,15 +77,11 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
// Attach to target enclave service by rmi.
attachToEnclaveAgent(mode, sim);
// Create enclaveInfo.
- boolean isDebuggable = true;
- if (EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getDebuggable().getValue() == 0x2) {
- isDebuggable = false;
- }
enclaveInfo = new SGXEnclaveInfo(
EnclaveType.EMBEDDED_LIB_OS,
- isDebuggable,
- EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getMaxEPCHeapSizeBytes(),
- EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getMaxNumOfThreads());
+ EmbeddedLibOSEnclaveConfigure.getInstance().isEnclaveDebuggable(),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getMaxEnclaveEPCMemorySizeBytes(),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getMaxEnclaveThreadNum());
} catch (IOException e) {
throw new EnclaveCreatingException(e);
}
@@ -111,12 +107,8 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
}).submit(() -> {
EnclaveCreatingException exception = null;
try {
- nativeCreateEnclave(
- mode.getValue(),
- sim.getValue(),
- portHost,
- portEnclave,
- EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance(),
+ nativeCreateEnclave(mode.getValue(), sim.getValue(), portHost, portEnclave,
+ EmbeddedLibOSEnclaveConfigure.getInstance(),
extractTempPath.getLibOSSignedFilePath());
} catch (EnclaveCreatingException e) {
exception = e;
@@ -128,7 +120,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
// wait for enclave jvm start up and notify host.
private void waitForEnclaveStartup() throws IOException {
try (ServerSocket server = new ServerSocket(this.portHost)) {
- server.setSoTimeout(EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getEmbeddedLibOSEnclaveStartupDuration());
+ server.setSoTimeout(EmbeddedLibOSEnclaveConfigure.getInstance().getEnclaveStartupTimeout());
server.accept();
}
}
@@ -145,7 +137,7 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
private static native void registerNatives();
- private native int nativeCreateEnclave(int mode, int sim, int portHost, int portEnclave, EmbeddedLibOSEnclaveConfig config, String path) throws EnclaveCreatingException;
+ private native int nativeCreateEnclave(int mode, int sim, int portHost, int portEnclave, EmbeddedLibOSEnclaveConfigure config, String path) throws EnclaveCreatingException;
private native int nativeDestroyEnclave(long enclaveHandler) throws EnclaveDestroyingException;
@@ -153,6 +145,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Connection", "Keep-Alive");
+ conn.setRequestProperty(
+ "Keep-Alive",
+ "timeout=" + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpKeepAliveTimeout() + ", max=" + EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpKeepAliveMax());
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setConnectTimeout(connectTimeout);
@@ -174,7 +169,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
try {
SocketEnclaveInvocationContext context =
new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.SERVICE_LOADING, new ServiceHandler(service));
- return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_TIMEOUT_MS);
+ return remoteRequest(SerializationHelper.serialize(context),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpReadTimeout());
} catch (InterruptedException | IOException e) {
throw new ServicesLoadingException(e);
}
@@ -185,7 +182,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
try {
SocketEnclaveInvocationContext context =
new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.SERVICE_UNLOADING, handler);
- return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_TIMEOUT_MS);
+ return remoteRequest(SerializationHelper.serialize(context),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpReadTimeout());
} catch (InterruptedException | IOException e) {
throw new ServicesUnloadingException(e);
}
@@ -197,7 +196,8 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
SocketEnclaveInvocationContext context =
new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.METHOD_INVOCATION, service);
// Should not set http timeout parameter in method invoke, the duration is deeply depends on user service.
- return remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, 0x0);
+ return remoteRequest(SerializationHelper.serialize(context),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(), 0x0);
} catch (InterruptedException | IOException e) {
throw new EnclaveMethodInvokingException(e);
}
@@ -209,7 +209,9 @@ public class EmbeddedLibOSEnclave extends AbstractEnclave {
SocketEnclaveInvocationContext context =
new SocketEnclaveInvocationContext(SocketEnclaveInvocationContext.REMOTE_ATTESTATION_GENERATE, userData);
EnclaveInvocationResult resultWrapper = (EnclaveInvocationResult) SerializationHelper.deserialize(
- remoteRequest(SerializationHelper.serialize(context), HTTP_CONNECT_TIMEOUT_MS, HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_MS));
+ remoteRequest(SerializationHelper.serialize(context),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpConnectTimeout(),
+ EmbeddedLibOSEnclaveConfigure.getInstance().getAgentHttpRATimeout()));
if (resultWrapper.getException() != null) {
throw resultWrapper.getException();
}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java
deleted file mode 100644
index ba176a4..0000000
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig.java
+++ /dev/null
@@ -1,124 +0,0 @@
-package com.alibaba.confidentialcomputing.host;
-
-import java.io.File;
-import java.io.IOException;
-import java.nio.charset.Charset;
-import java.nio.file.Files;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import com.alibaba.confidentialcomputing.common.exception.ConfidentialComputingException;
-import org.json.JSONArray;
-import org.json.JSONObject;
-
-import static com.alibaba.confidentialcomputing.host.ExtractLibrary.extractLibrary;
-
-class EmbeddedLibOSEnclaveConfig {
- private final static String EMBEDDED_LIB_OS_ENCLAVE_CONFIG_FILE = "embedded_libos_enclave.json";
- private static String configFilePath;
- private static EmbeddedLibOSEnclaveConfig config;
-
- private boolean debuggable = false;
- private int agentHttpHandlerThreadPoolSize = 5;
- private int embeddedLibOSEnclaveStartupDuration = (int) TimeUnit.MINUTES.toMillis(1);
- private int maxNumOfThreads = 50;
- private long maxEPCHeapSize = 1500;
- private String libOSLogLevel = "off";
- private String[] enclaveJVMArgs = null;
-
- static {
- try {
- configFilePath = extractLibrary(EmbeddedLibOSEnclave.class.getClassLoader(), EMBEDDED_LIB_OS_ENCLAVE_CONFIG_FILE);
- File file = new File(configFilePath);
- String content = Files.readString(file.toPath(), Charset.forName("UTF-8"));
- JSONObject jsonObject = new JSONObject(content);
- boolean debuggable = jsonObject.getBoolean("debuggable");
- int agentHttpHandlerThreadPoolSize = jsonObject.getInt("agent_http_handler_thread_pool_size");
- int embeddedLibOSEnclaveStartupDuration = jsonObject.getInt("enclave_startup_duration_ms");
- int maxNumOfThreads = jsonObject.getInt("max_num_of_threads");
- long maxEPCHeapSize = parseHeapSize(jsonObject.getString("user_space_size")) * 1024 * 1024; // convert MB to B.
- String libOSLogLevel = jsonObject.getString("log_level");
- JSONArray jvmArgs = jsonObject.getJSONArray("enclave_jvm_args");
- List<String> jvmArgsList = new ArrayList<>();
- for (int i = 0; i < jvmArgs.length(); i++) {
- jvmArgsList.add(jvmArgs.getString(i));
- }
- String[] enclaveJVMArgs = jvmArgsList.toArray(new String[jvmArgsList.size()]);
- config = new EmbeddedLibOSEnclaveConfig(
- debuggable,
- maxNumOfThreads,
- maxEPCHeapSize,
- agentHttpHandlerThreadPoolSize,
- embeddedLibOSEnclaveStartupDuration,
- libOSLogLevel,
- enclaveJVMArgs);
- } catch (IOException | ConfidentialComputingException e) {
- e.printStackTrace();
- }
- }
-
- private static long parseHeapSize(String value) throws ConfidentialComputingException {
- // check heap size dimension must be MB or mb.
- if (!(value.endsWith("MB") || value.endsWith("mb"))) {
- throw new ConfidentialComputingException("Embedded lib os heap size dimension must be MB.");
- }
- String trimValue = value.replace("MB", "");
- if (trimValue.startsWith("0x") || trimValue.startsWith("0X")) {
- return Long.parseLong(trimValue.substring(2), 16);
- }
- return Long.parseLong(trimValue);
- }
-
- static EmbeddedLibOSEnclaveConfig getEmbeddedLibOSEnclaveConfigInstance() {
- return config;
- }
-
- private EmbeddedLibOSEnclaveConfig(
- boolean debuggable,
- int maxNumOfThreads,
- long maxEPCHeapSize,
- int agentHttpHandlerThreadPoolSize,
- int embeddedLibOSEnclaveStartupDuration,
- String libOSLogLevel,
- String[] jvmArgs) {
- this.debuggable = debuggable;
- this.maxNumOfThreads = maxNumOfThreads;
- this.maxEPCHeapSize = maxEPCHeapSize;
- this.agentHttpHandlerThreadPoolSize = agentHttpHandlerThreadPoolSize;
- this.embeddedLibOSEnclaveStartupDuration = embeddedLibOSEnclaveStartupDuration;
- this.libOSLogLevel = libOSLogLevel;
- this.enclaveJVMArgs = jvmArgs;
- }
-
- EnclaveDebug getDebuggable() {
- if (this.debuggable) {
- return EnclaveDebug.DEBUG;
- }
- return EnclaveDebug.RELEASE;
- }
-
- int getAgentHttpHandlerThreadPoolSize() {
- return this.agentHttpHandlerThreadPoolSize;
- }
-
- int getEmbeddedLibOSEnclaveStartupDuration() {
- return this.embeddedLibOSEnclaveStartupDuration;
- }
-
- int getMaxNumOfThreads() {
- return this.maxNumOfThreads;
- }
-
- long getMaxEPCHeapSizeBytes() {
- return this.maxEPCHeapSize;
- }
-
- String getLibOSLogLevel() {
- return this.libOSLogLevel;
- }
-
- String[] getEnclaveJVMArgs() {
- return this.enclaveJVMArgs;
- }
-}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java
new file mode 100644
index 0000000..80c3e1f
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure.java
@@ -0,0 +1,151 @@
+package com.alibaba.confidentialcomputing.host;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
+
+class EmbeddedLibOSEnclaveConfigure {
+ private final static String AGENT_HTTP_THREAD_POOL_SIZE_PROPERTY = "com.alibaba.enclave.agent.thread.pool.size";
+ private final static String ENCLAVE_STARTUP_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.startup.timeout_ms";
+ private final static String ENCLAVE_DEBUG_LOG_LEVEL_PROPERTY = "com.alibaba.enclave.embedded.log.level";
+ private final static String ENCLAVE_JVM_ARGS_PROPERTY = "com.alibaba.enclave.embedded.jvm.args";
+ private final static String AGENT_HTTP_KEEP_ALIVE_TIMEOUT_S_PROPERTY = "com.alibaba.enclave.embedded.keepalive.timeout_s";
+ private final static String AGENT_HTTP_KEEP_ALIVE_POOL_SIZE_PROPERTY = "com.alibaba.enclave.embedded.keepalive.max";
+ private final static String AGENT_HTTP_CONNECT_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.connect.timeout_ms";
+ private final static String AGENT_HTTP_READ_TIMEOUT_MS_PROPERTY = "com.alibaba.enclave.embedded.read.timeout_ms";
+ private final static String AGENT_HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_PROPERTY = "com.alibaba.enclave.embedded.ra.timeout_ms";
+
+ private static EnclaveConfigure enclaveConfigure;
+ private static EmbeddedLibOSEnclaveConfigure instance;
+
+ private int threadPoolSize = 5;
+ private int startupTimeout = (int) TimeUnit.MINUTES.toMillis(1); // ms.
+ private String logLevel = "off";
+ private String[] enclaveJVMArgs = new String[]{"-Dsun.net.httpserver.nodelay=true", "-XX:-UseCompressedOops", "-Xmx800m", "-Dos.name=Linux"};
+ private int agentHttpConnectTimeout = 1000; // ms.
+ private int agentHttpReadTimeout = 2000; // ms.
+ private int agentHttpRATimeout = 10_000; // ms.
+ private int agentHttpKeepAliveTimeout = 60 * 5; // s.
+ private int agentHttpKeepAliveMax = 100;
+
+ private EmbeddedLibOSEnclaveConfigure() throws IOException {
+ enclaveConfigure = EnclaveConfigure.getInstance();
+ parseProperty();
+ }
+
+ static EmbeddedLibOSEnclaveConfigure getInstance() throws IOException {
+ if (instance != null) return instance;
+ synchronized (EmbeddedLibOSEnclaveConfigure.class) {
+ if (instance == null) instance = new EmbeddedLibOSEnclaveConfigure();
+ }
+ return instance;
+ }
+
+ private void parseProperty() {
+ parseThreadPoolSize(System.getProperty(AGENT_HTTP_THREAD_POOL_SIZE_PROPERTY));
+ parseStartupTimeout(System.getProperty(ENCLAVE_STARTUP_TIMEOUT_MS_PROPERTY));
+ parseLogLevel(System.getProperty(ENCLAVE_DEBUG_LOG_LEVEL_PROPERTY));
+ parseEnclaveJVMArgs(System.getProperty(ENCLAVE_JVM_ARGS_PROPERTY));
+ parseHttpConnectTimeout(System.getProperty(AGENT_HTTP_CONNECT_TIMEOUT_MS_PROPERTY));
+ parseHttpReadTimeout(System.getProperty(AGENT_HTTP_READ_TIMEOUT_MS_PROPERTY));
+ parseHttpRATimeout(System.getProperty(AGENT_HTTP_READ_REMOTE_ATTESTATION_TIMEOUT_PROPERTY));
+ parseHttpKeepAliveTimeout(System.getProperty(AGENT_HTTP_KEEP_ALIVE_TIMEOUT_S_PROPERTY));
+ parseHttpKeepAliveMax(System.getProperty(AGENT_HTTP_KEEP_ALIVE_POOL_SIZE_PROPERTY));
+ }
+
+ private void parseThreadPoolSize(String size) {
+ if (size != null) this.threadPoolSize = Integer.valueOf(size);
+ }
+
+ private void parseStartupTimeout(String timeout) {
+ if (timeout != null) this.startupTimeout = Integer.valueOf(timeout);
+ }
+
+ private void parseLogLevel(String logLevel) {
+ if (logLevel != null) this.logLevel = logLevel;
+ }
+
+ private void parseEnclaveJVMArgs(String args) {
+ if (args != null) this.enclaveJVMArgs = Arrays.stream(args.split(",")).map(String::trim).toArray(String[]::new);
+ }
+
+ private void parseHttpConnectTimeout(String args) {
+ if (args != null) this.agentHttpConnectTimeout = Integer.valueOf(args);
+ }
+
+ private void parseHttpReadTimeout(String args) {
+ if (args != null) this.agentHttpReadTimeout = Integer.valueOf(args);
+ }
+
+ private void parseHttpRATimeout(String args) {
+ if (args != null) this.agentHttpRATimeout = Integer.valueOf(args);
+ }
+
+ private void parseHttpKeepAliveTimeout(String args) {
+ if (args != null) this.agentHttpKeepAliveTimeout = Integer.valueOf(args);
+ }
+
+ private void parseHttpKeepAliveMax(String args) {
+ if (args != null) this.agentHttpKeepAliveMax = Integer.valueOf(args);
+ }
+
+ boolean isEnclaveDebuggable() {
+ return enclaveConfigure.isEnclaveDebuggable();
+ }
+
+ boolean isEnableMetricTrace() {
+ return enclaveConfigure.isEnableMetricTrace();
+ }
+
+ int getMaxEnclaveThreadNum() {
+ return enclaveConfigure.getMaxEnclaveThreadNum();
+ }
+
+ int getEnclaveAgentThreadPoolSize() {
+ return threadPoolSize;
+ }
+
+ int getEnclaveStartupTimeout() {
+ return startupTimeout;
+ }
+
+ int getAgentHttpConnectTimeout() {
+ return agentHttpConnectTimeout;
+ }
+
+ int getAgentHttpReadTimeout() {
+ return agentHttpReadTimeout;
+ }
+
+ int getAgentHttpRATimeout() {
+ return agentHttpRATimeout;
+ }
+
+ int getAgentHttpKeepAliveTimeout() {
+ return agentHttpKeepAliveTimeout;
+ }
+
+ int getAgentHttpKeepAliveMax() {
+ return agentHttpKeepAliveMax;
+ }
+
+ long getMaxEnclaveEPCMemorySizeBytes() {
+ return enclaveConfigure.getMaxEnclaveEPCMemorySizeBytes();
+ }
+
+ String getLogLevel() {
+ return logLevel;
+ }
+
+ String getMetricTraceFilePath() {
+ return enclaveConfigure.getMetricTraceFilePath();
+ }
+
+ String[] getEnclaveJVMArgs() {
+ return enclaveJVMArgs;
+ }
+
+ EnclaveType getDefaultEnclaveType() {
+ return enclaveConfigure.getDefaultEnclaveType();
+ }
+}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java
index 00d4201..fab348c 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveConfigure.java
@@ -1,109 +1,150 @@
package com.alibaba.confidentialcomputing.host;
-import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException;
-import com.alibaba.confidentialcomputing.host.exception.MetricTraceLogWriteException;
+import org.json.JSONObject;
+import java.io.File;
import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.text.SimpleDateFormat;
+import java.util.Date;
-/**
- * EnclaveConfigure decides a new created enclave's type and debug mode.
- * If user creates an enclave with specific enclave type, that it is no
- * matter what system variable is. If user creates an enclave with no
- * specific enclave type, system variable is adapted to decide enclave's
- * type and debug mode. Default enclave type is TEE_SDK and debug mode
- * is RELEASE.
- */
class EnclaveConfigure {
- private static final String ENCLAVE_TYPE = "com.alibaba.enclave.type";
- private static final String ENCLAVE_DEBUG = "com.alibaba.enclave.teesdk.debug";
- private static final EnclaveType enclaveType;
- private static final EnclaveDebug enclaveDebug;
-
- static {
- // Three kinds of enclave is supported, TEE_SDK/MOCK_IN_JVM/MOCK_IN_SVM
- String platform = System.getProperty(ENCLAVE_TYPE);
- String mode = System.getProperty(ENCLAVE_DEBUG);
- if (platform != null) {
- switch (platform) {
- case "TEE_SDK":
- enclaveType = EnclaveType.TEE_SDK;
- break;
- case "EMBEDDED_LIB_OS":
- enclaveType = EnclaveType.EMBEDDED_LIB_OS;
- break;
- case "MOCK_IN_JVM":
- enclaveType = EnclaveType.MOCK_IN_JVM;
- break;
- case "MOCK_IN_SVM":
- enclaveType = EnclaveType.MOCK_IN_SVM;
- break;
- case "NONE":
- default:
- enclaveType = EnclaveType.NONE;
- }
- } else {
- // Default enclave type is tee sdk.
- enclaveType = EnclaveType.TEE_SDK;
- }
+ private final static double RATIO = 0.8;
+ private final static long KB = 1 * 1024;
+ private final static long MB = KB * 1024;
+ private final static long GB = MB * 1024;
+ // TEE_SDK/EMBEDDED_LIB_OS/MOCK_IN_JVM/MOCK_IN_SVM
+ private final static String ENCLAVE_TYPE_PROPERTY = "com.alibaba.enclave.type";
+ private final static String ENCLAVE_DEBUG_PROPERTY = "com.alibaba.enclave.debuggable";
+ private final static String METRIC_TRACE_LOG_FILE_PATH_PROPERTY = "com.alibaba.enclave.metric.log";
+ private final static String METRIC_TRACE_ENABLE_PROPERTY = "com.alibaba.enclave.metric.enable";
+
+ private final static String JAVA_ENCLAVE_CONFIG_FILE_TEMPLATE = "/opt/javaenclave/config/template/java_enclave_configure.json";
+ private final static String JAVA_ENCLAVE_CONFIG_FILE = "java_enclave_configure.json";
+ private final static String ENCLAVE_DEBUGGABLE_CONFIG_FILE_KEY = "debuggable";
+ private final static String ENCLAVE_TYPE_CONFIG_FILE_KEY = "enclave_type";
+ private final static String METRIC_TRACE_LOG_FILE_PATH_CONFIG_FILE_KEY = "metric_trace_file_path";
+ private final static String METRIC_TRACE_ENABLE_CONFIG_FILE_KEY = "metric_trace_enable";
+ private final static String ENCLAVE_MAX_THREAD_NUMBER_CONFIG_FILE_KEY = "enclave_max_thread";
+ private final static String ENCLAVE_MAX_EPC_MEMORY_SIZE_CONFIG_FILE_KEY = "enclave_max_epc_memory_size_MB";
+ private final static String DEFAULT_METRIC_LOG_PATH =
+ "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log";
+
+ private static EnclaveConfigure enclaveConfigure;
- if (mode != null) {
- // Three kinds of enclave debug mode is supported, DEBUG/RELEASE
- // If TEE_SDK enclave is created as RELEASE mode, it can't be debugged
- // with GDB tool.
- switch (mode) {
- case "DEBUG":
- enclaveDebug = EnclaveDebug.DEBUG;
- break;
- case "RELEASE":
- enclaveDebug = EnclaveDebug.RELEASE;
- break;
- case "NONE":
- default:
- enclaveDebug = EnclaveDebug.NONE;
- }
- } else {
- // Default debug mode is release.
- enclaveDebug = EnclaveDebug.RELEASE;
+ // default value without giving explicitly enclave type.
+ // for example, EnclaveFactory.create() will create defaultEnclaveType enclave.
+ private EnclaveType enclaveType = EnclaveType.TEE_SDK;
+ // it's for TEE_SKD and EMBEDDED_LIB_OS.
+ private boolean debuggable = false;
+ // enable metric trace, default is disable.
+ private boolean enableMetricTrace = false;
+ // config metric trace file path.
+ private String metricTraceFilePath = DEFAULT_METRIC_LOG_PATH;
+ private String configFilePath;
+ private int maxEnclaveThreadNum = 50;
+ private long maxEnclaveEPCMemorySize = 1500 * MB;
+ private long referenceEnclaveMaxHeapSize = (long) (maxEnclaveEPCMemorySize * RATIO);
+
+ private EnclaveConfigure() throws IOException {
+ // first update value from config file.
+ parseTemplateConfigureFile();
+ // second update value form user define config file.
+ parseUserConfigureFile();
+ // at last update value from property.
+ // config file is low priority then java -D property setting.
+ parseProperty();
+ }
+
+ static EnclaveConfigure getInstance() throws IOException {
+ if (enclaveConfigure != null) return enclaveConfigure;
+ synchronized (EnclaveConfigure.class) {
+ if (enclaveConfigure == null) enclaveConfigure = new EnclaveConfigure();
}
+ return enclaveConfigure;
+ }
+
+ private void parseEnclaveType(String enclaveType) {
+ // parse enclave type.
+ if (enclaveType != null) this.enclaveType = EnclaveType.valueOf(enclaveType);
+ }
+
+ private boolean parseBooleanFlag(String flag) {
+ return Boolean.parseBoolean(flag);
+ }
+
+ private void parseMetricTracingEnable(String metricEnable) {
+ if (metricEnable != null) this.enableMetricTrace = parseBooleanFlag(metricEnable);
+ }
+
+ private void parseEnclaveDebuggable(String debuggable) {
+ // parse enclave debuggable or not.
+ if (debuggable != null) this.debuggable = parseBooleanFlag(debuggable);
+ }
+
+ private void parseMetricTracingLogPath(String filePath) {
+ // parse metric log file path.
+ if (filePath != null && !filePath.isBlank()) this.metricTraceFilePath = filePath;
+ }
+
+ private void parseProperty() {
+ parseEnclaveType(System.getProperty(ENCLAVE_TYPE_PROPERTY));
+ parseEnclaveDebuggable(System.getProperty(ENCLAVE_DEBUG_PROPERTY));
+ parseMetricTracingEnable(System.getProperty(METRIC_TRACE_ENABLE_PROPERTY));
+ parseMetricTracingLogPath(System.getProperty(METRIC_TRACE_LOG_FILE_PATH_PROPERTY));
}
- // create an enclave without specific enclave type.
- // if -Dcom.alibaba.enclave.type is not set, TEE_SDK
- // type enclave will be created.
- static Enclave create() throws EnclaveCreatingException {
- return create(enclaveType);
- }
-
- // create an enclave with specific enclave type.
- static Enclave create(EnclaveType type) throws EnclaveCreatingException {
- try (MetricTraceContext trace = new MetricTraceContext(MetricTraceContext.LogPrefix.METRIC_LOG_ENCLAVE_CREATING_PATTERN)) {
- Enclave enclave;
- switch (type) {
- case MOCK_IN_JVM:
- enclave = new MockInJvmEnclave();
- break;
- case MOCK_IN_SVM:
- enclave = new MockInSvmEnclave();
- break;
- case TEE_SDK:
- // TEE_SDK only support hardware mode, not support simulate mode.
- enclave = new TeeSdkEnclave(enclaveDebug);
- break;
- case EMBEDDED_LIB_OS:
- // EMBEDDED_LIB_OS only support hardware mode, not support simulate mode.
- enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance(
- EmbeddedLibOSEnclaveConfig.getEmbeddedLibOSEnclaveConfigInstance().getDebuggable(),
- EnclaveSimulate.HARDWARE);
- break;
- case NONE:
- default:
- throw new EnclaveCreatingException("enclave type is not supported.");
- }
- trace.setEnclaveInfo(enclave.getEnclaveInfo());
- EnclaveInfoManager.getEnclaveInfoManagerInstance().addEnclave(enclave);
- return enclave;
- } catch (IOException | MetricTraceLogWriteException e) {
- throw new EnclaveCreatingException(e);
+ private void parseConfigureFile(String path) throws IOException {
+ File file = new File(path);
+ String content = Files.readString(file.toPath(), Charset.forName("UTF-8"));
+ JSONObject jsonObject = new JSONObject(content);
+ this.debuggable = jsonObject.getBoolean(ENCLAVE_DEBUGGABLE_CONFIG_FILE_KEY);
+ parseEnclaveType(jsonObject.getString(ENCLAVE_TYPE_CONFIG_FILE_KEY));
+ this.enableMetricTrace = jsonObject.getBoolean(METRIC_TRACE_ENABLE_CONFIG_FILE_KEY);
+ parseMetricTracingLogPath(jsonObject.getString(METRIC_TRACE_LOG_FILE_PATH_CONFIG_FILE_KEY));
+ this.maxEnclaveThreadNum = jsonObject.getInt(ENCLAVE_MAX_THREAD_NUMBER_CONFIG_FILE_KEY);
+ this.maxEnclaveEPCMemorySize = jsonObject.getInt(ENCLAVE_MAX_EPC_MEMORY_SIZE_CONFIG_FILE_KEY) * MB;
+ this.referenceEnclaveMaxHeapSize = (long) (this.maxEnclaveEPCMemorySize * RATIO);
+ }
+
+ private void parseTemplateConfigureFile() throws IOException {
+ parseConfigureFile(JAVA_ENCLAVE_CONFIG_FILE_TEMPLATE);
+ }
+
+ private void parseUserConfigureFile() throws IOException {
+ // only parse configure file when it exists in .jar.
+ if (ExtractLibrary.isFileExist(EnclaveConfigure.class.getClassLoader(), JAVA_ENCLAVE_CONFIG_FILE)) {
+ configFilePath = ExtractLibrary.extractLibrary(EnclaveConfigure.class.getClassLoader(), JAVA_ENCLAVE_CONFIG_FILE);
+ parseConfigureFile(configFilePath);
}
}
+
+ boolean isEnclaveDebuggable() {
+ return debuggable;
+ }
+
+ boolean isEnableMetricTrace() {
+ return enableMetricTrace;
+ }
+
+ int getMaxEnclaveThreadNum() {
+ return maxEnclaveThreadNum;
+ }
+
+ long getMaxEnclaveEPCMemorySizeBytes() {
+ return maxEnclaveEPCMemorySize;
+ }
+
+ long getReferenceEnclaveMaxHeapSize() {
+ return referenceEnclaveMaxHeapSize;
+ }
+
+ String getMetricTraceFilePath() {
+ return metricTraceFilePath;
+ }
+
+ EnclaveType getDefaultEnclaveType() {
+ return enclaveType;
+ }
}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java
index a949d8c..7bc1078 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java
@@ -1,6 +1,9 @@
package com.alibaba.confidentialcomputing.host;
import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException;
+import com.alibaba.confidentialcomputing.host.exception.MetricTraceLogWriteException;
+
+import java.io.IOException;
/**
* Factory class for {@link Enclave}.
@@ -33,7 +36,14 @@ public final class EnclaveFactory {
* create failed.
*/
public static Enclave create() throws EnclaveCreatingException {
- return EnclaveConfigure.create();
+ // create an enclave without specific enclave type.
+ // if -Dcom.alibaba.enclave.type is not set, TEE_SDK
+ // type enclave will be created.
+ try {
+ return create(EnclaveConfigure.getInstance().getDefaultEnclaveType());
+ } catch (IOException e) {
+ throw new EnclaveCreatingException(e);
+ }
}
/**
@@ -43,6 +53,41 @@ public final class EnclaveFactory {
* create failed.
*/
public static Enclave create(EnclaveType type) throws EnclaveCreatingException {
- return EnclaveConfigure.create(type);
+ // create an enclave with specific enclave type.
+ try (MetricTraceContext trace = new MetricTraceContext(MetricTraceContext.LogPrefix.METRIC_LOG_ENCLAVE_CREATING_PATTERN)) {
+ Enclave enclave;
+ switch (type) {
+ case MOCK_IN_JVM:
+ enclave = new MockInJvmEnclave();
+ break;
+ case MOCK_IN_SVM:
+ enclave = new MockInSvmEnclave();
+ break;
+ case TEE_SDK:
+ // TEE_SDK only support hardware mode, not support simulate mode.
+ if (EnclaveConfigure.getInstance().isEnclaveDebuggable()) {
+ enclave = new TeeSdkEnclave(EnclaveDebug.DEBUG);
+ } else {
+ enclave = new TeeSdkEnclave(EnclaveDebug.RELEASE);
+ }
+ break;
+ case EMBEDDED_LIB_OS:
+ // EMBEDDED_LIB_OS only support hardware mode, not support simulate mode.
+ if (EmbeddedLibOSEnclaveConfigure.getInstance().isEnclaveDebuggable()) {
+ enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance(EnclaveDebug.DEBUG, EnclaveSimulate.HARDWARE);
+ } else {
+ enclave = EmbeddedLibOSEnclave.getEmbeddedLibOSEnclaveInstance(EnclaveDebug.RELEASE, EnclaveSimulate.HARDWARE);
+ }
+ break;
+ case NONE:
+ default:
+ throw new EnclaveCreatingException("enclave type: " + type + " is not supported.");
+ }
+ trace.setEnclaveInfo(enclave.getEnclaveInfo());
+ EnclaveInfoManager.getEnclaveInfoManagerInstance().addEnclave(enclave);
+ return enclave;
+ } catch (IOException | MetricTraceLogWriteException e) {
+ throw new EnclaveCreatingException(e);
+ }
}
}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java
index 890c624..0ede769 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/ExtractLibrary.java
@@ -16,6 +16,19 @@ import java.util.zip.GZIPInputStream;
* it's very convenient for deployment.
*/
public final class ExtractLibrary {
+ /**
+ * check file exist in the .jar or not.
+ *
+ * @param classLoader define the search scope for lib .so.
+ * @param file lib.so's name in the jar file.
+ * @return exist or not.
+ */
+ public static boolean isFileExist(ClassLoader classLoader, String file) throws IOException {
+ try (InputStream in = classLoader.getResourceAsStream(file)) {
+ return in != null;
+ }
+ }
+
/**
* get the temp file's full path.
*
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java
index afb9ca2..e94a0bd 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MetricTrace.java
@@ -11,28 +11,21 @@ import java.util.Date;
import java.util.concurrent.TimeUnit;
public abstract class MetricTrace implements AutoCloseable {
- private final static String PRIORITY_METRIC_LOG_PATH = "com.alibaba.enclave.metric.path";
- private final static String PRIORITY_ENABLE_METRIC_LOG = "com.alibaba.enclave.metric.on";
-
private static boolean enableEnclaveMetricTrace = false;
- private final static String DEFAULT_METRIC_LOG_PATH =
- "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log";
- private static volatile String logPath;
+ private static volatile String logPath = "JavaEnclave_Metric_Log_" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + ".log";
private static volatile BufferedWriter logFile;
private static DecimalFormat formatter = new DecimalFormat("###,###");
private final long start = System.nanoTime();
static {
- String metricLogFlag = System.getProperty(PRIORITY_ENABLE_METRIC_LOG);
- if ("true".equals(metricLogFlag) || "1".equals(metricLogFlag)) {
- enableEnclaveMetricTrace = true;
- }
- String priorityLogPath = System.getProperty(PRIORITY_METRIC_LOG_PATH);
- if (priorityLogPath != null) {
- logPath = priorityLogPath;
- } else {
- logPath = DEFAULT_METRIC_LOG_PATH;
+ try {
+ boolean enableEnclaveMetricTraceTemp = EnclaveConfigure.getInstance().isEnableMetricTrace();
+ String logPathTemp = EnclaveConfigure.getInstance().getMetricTraceFilePath();
+ enableEnclaveMetricTrace = enableEnclaveMetricTraceTemp;
+ logPath = logPathTemp;
+ } catch (IOException e) {
+ ; // if exception happen, use original init value.
}
}
@@ -65,7 +58,11 @@ public abstract class MetricTrace implements AutoCloseable {
try {
if (isEnableEnclaveMetricTrace()) {
if (logFile == null) {
- logFile = new BufferedWriter(new FileWriter(this.logPath));
+ synchronized (MetricTrace.class) {
+ if (logFile == null) {
+ logFile = new BufferedWriter(new FileWriter(this.logPath));
+ }
+ }
}
metricTracing(getEnclaveInfo(), getMetricKeyName(), System.nanoTime() - start, getCostInnerEnclave());
}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java
index 4dcf169..d46d1e8 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclave.java
@@ -15,6 +15,8 @@ import java.io.IOException;
* important to debug issue.
*/
class MockInSvmEnclave extends AbstractEnclave {
+ private final static long KB = 1 * 1024;
+ private final static long MB = KB * 1024;
private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_mock_svm.so";
private final static String ENCLAVE_SVM_PACKAGE_PATH = "lib_mock_svm_load.so";
private static volatile MockInSvmExtractTempPath extractTempPath;
@@ -28,9 +30,7 @@ class MockInSvmEnclave extends AbstractEnclave {
private long isolateThreadHandle;
private final MockEnclaveInfo enclaveInfo;
- MockInSvmEnclave() throws EnclaveCreatingException {
- // Set EnclaveContext for this enclave instance.
- super(EnclaveType.MOCK_IN_SVM, new EnclaveServicesRecycler());
+ private void extractNativeResource() throws EnclaveCreatingException {
// Extract jni .so and svm sdk .so from .jar file.
if (extractTempPath == null) {
synchronized (MockInSvmEnclave.class) {
@@ -53,12 +53,32 @@ class MockInSvmEnclave extends AbstractEnclave {
}
}
}
+ }
+
+ private String buildSVMHeapConf() throws IOException {
+ long enclaveMaxHeapSize = MockInSvmEnclaveConfigure.getInstance().getEnclaveSVMMaxHeapSize();
+ if (enclaveMaxHeapSize > 0) {
+ long size = enclaveMaxHeapSize / MB;
+ if (size == 0) size = 1;
+ return "-Xmx" + size + "m";
+ }
+ return "-Xmx" + 0 + "m";
+ }
+ MockInSvmEnclave() throws EnclaveCreatingException {
+ // Set EnclaveContext for this enclave instance.
+ super(EnclaveType.MOCK_IN_SVM, new EnclaveServicesRecycler());
+ extractNativeResource();
// Create svm sdk enclave by native call, enclaveSvmSdkHandle are set in jni in nativeHandlerContext.
nativeCreateEnclave(extractTempPath.getEnclaveSvmFilePath());
// Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext.
- nativeSvmAttachIsolate(enclaveSvmSdkHandle);
- enclaveInfo = new MockEnclaveInfo(EnclaveType.MOCK_IN_SVM, true, -1, -1);
+ try {
+ nativeSvmAttachIsolate(enclaveSvmSdkHandle, buildSVMHeapConf());
+ enclaveInfo = new MockEnclaveInfo(EnclaveType.MOCK_IN_SVM, true, -1, -1);
+ } catch (IOException e) {
+ throw new EnclaveCreatingException(e);
+ }
+
}
@Override
@@ -131,7 +151,7 @@ class MockInSvmEnclave extends AbstractEnclave {
private native int nativeCreateEnclave(String path) throws EnclaveCreatingException;
- private native int nativeSvmAttachIsolate(long enclaveSvmSdkHandle) throws EnclaveCreatingException;
+ private native int nativeSvmAttachIsolate(long enclaveSvmSdkHandle, String args) throws EnclaveCreatingException;
private native byte[] nativeLoadService(long enclaveSvmSdkHandle, long isolateHandler, byte[] serviceHandler) throws ServicesLoadingException;
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java
new file mode 100644
index 0000000..6cc95f2
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/MockInSvmEnclaveConfigure.java
@@ -0,0 +1,39 @@
+package com.alibaba.confidentialcomputing.host;
+
+import java.io.IOException;
+
+public class MockInSvmEnclaveConfigure {
+ private final static long KB = 1 * 1024;
+ private final static long MB = KB * 1024;
+ private final static String MOCK_IN_SVM_MAX_HEAP_SIZE_PROPERTY = "com.alibaba.enclave.mockinsvm.maxheap_MB";
+ private static EnclaveConfigure enclaveConfigure;
+ private static MockInSvmEnclaveConfigure mockInSvmEnclaveConfigure;
+
+ private long enclaveSVMMaxHeapSize = 0;
+
+ private MockInSvmEnclaveConfigure() throws IOException {
+ enclaveConfigure = EnclaveConfigure.getInstance();
+ parseAndInitSVMaxHeapSize(System.getProperty(MOCK_IN_SVM_MAX_HEAP_SIZE_PROPERTY));
+ }
+
+ static MockInSvmEnclaveConfigure getInstance() throws IOException {
+ if (mockInSvmEnclaveConfigure != null) return mockInSvmEnclaveConfigure;
+ synchronized (MockInSvmEnclaveConfigure.class) {
+ if (mockInSvmEnclaveConfigure == null) mockInSvmEnclaveConfigure = new MockInSvmEnclaveConfigure();
+ }
+ return mockInSvmEnclaveConfigure;
+ }
+
+ private void parseAndInitSVMaxHeapSize(String heapSize) {
+ if (heapSize != null) {
+ enclaveSVMMaxHeapSize = enclaveConfigure.getReferenceEnclaveMaxHeapSize();
+ long confMaxHeapSize = Long.parseLong(heapSize) * MB;
+ // make sure that svmMaxHeapSize should not larger than enclave_epc_memory * 0.8
+ if (enclaveSVMMaxHeapSize > confMaxHeapSize) enclaveSVMMaxHeapSize = confMaxHeapSize;
+ }
+ }
+
+ long getEnclaveSVMMaxHeapSize() {
+ return enclaveSVMMaxHeapSize;
+ }
+}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java
index 7179662..a4d80d4 100644
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclave.java
@@ -11,6 +11,8 @@ import java.io.IOException;
* TeeSdkEnclave is a sgx2 enclave based on Alibaba cloud's tee sdk.
*/
class TeeSdkEnclave extends AbstractEnclave {
+ private final static long KB = 1 * 1024;
+ private final static long MB = KB * 1024;
private final static String JNI_EXTRACTED_PACKAGE_PATH = "jni/lib_jni_tee_sdk_svm.so";
private final static String TEE_SDK_SIGNED_PACKAGE_PATH = "lib_tee_sdk_svm_load.signed";
private static volatile TeeSdkExtractTempPath extractTempPath;
@@ -24,9 +26,7 @@ class TeeSdkEnclave extends AbstractEnclave {
private long isolateThreadHandle;
private SGXEnclaveInfo enclaveInfo;
- TeeSdkEnclave(EnclaveDebug mode) throws EnclaveCreatingException {
- // Set EnclaveContext for this enclave instance.
- super(EnclaveType.TEE_SDK, mode, new EnclaveServicesRecycler());
+ private void extractNativeResource() throws EnclaveCreatingException {
// Extract jni .so and signed tee .so from .jar file.
// Only once extract and load operation.
if (extractTempPath == null) {
@@ -48,21 +48,40 @@ class TeeSdkEnclave extends AbstractEnclave {
}
}
}
+ }
+
+ private String buildSVMHeapConf() throws IOException {
+ long enclaveMaxHeapSize = TeeSdkEnclaveConfigure.getInstance().getEnclaveSVMMaxHeapSize();
+ if ( enclaveMaxHeapSize > 0) {
+ long size = enclaveMaxHeapSize / MB;
+ if (size == 0) size = 1;
+ return "-Xmx" + size + "m";
+ }
+ return "-Xmx" + 0 + "m";
+ }
+ TeeSdkEnclave(EnclaveDebug mode) throws EnclaveCreatingException {
+ // Set EnclaveContext for this enclave instance.
+ super(EnclaveType.TEE_SDK, mode, new EnclaveServicesRecycler());
+ extractNativeResource();
// Create tee sdk enclave by native call, enclaveHandler is set in jni in nativeHandlerContext.
nativeCreateEnclave(mode.getValue(), extractTempPath.getTeeSdkSignedFilePath());
- // Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext.
- nativeSvmAttachIsolate(enclaveHandle);
- // Create enclave info.
- boolean isDebuggable = true;
- if (mode.getValue() == 0x2) {
- isDebuggable = false;
+ try {
+ // Create svm attach isolate and isolateThread, and they are set in jni in nativeHandlerContext.
+ nativeSvmAttachIsolate(enclaveHandle, TeeSdkEnclaveConfigure.getInstance().isEnableTeeSDKSymbolTracing(), buildSVMHeapConf());
+ // Create enclave info.
+ boolean isDebuggable = true;
+ if (mode.getValue() == 0x2) {
+ isDebuggable = false;
+ }
+ enclaveInfo = new SGXEnclaveInfo(
+ EnclaveType.TEE_SDK,
+ isDebuggable,
+ TeeSdkEnclaveConfigure.getInstance().getMaxEnclaveEPCMemorySizeBytes(),
+ TeeSdkEnclaveConfigure.getInstance().getMaxEnclaveThreadNum());
+ } catch (IOException e) {
+ throw new EnclaveCreatingException(e);
}
- enclaveInfo = new SGXEnclaveInfo(
- EnclaveType.TEE_SDK,
- isDebuggable,
- TeeSdkEnclaveConfig.getTeeSdkEnclaveConfigInstance().getHeapMaxSizeBytes(),
- TeeSdkEnclaveConfig.getTeeSdkEnclaveConfigInstance().getThreadMaxNumber());
}
private static native void registerNatives();
@@ -71,7 +90,7 @@ class TeeSdkEnclave extends AbstractEnclave {
private native TeeSdkAttestationReport nativeGenerateAttestationReport(long enclaveHandler, byte[] userData) throws RemoteAttestationException;
- private native int nativeSvmAttachIsolate(long enclaveHandler) throws EnclaveCreatingException;
+ private native int nativeSvmAttachIsolate(long enclaveHandler, int flag, String args) throws EnclaveCreatingException;
private native byte[] nativeLoadService(long enclaveHandler, long isolateHandler, byte[] serviceHandler) throws ServicesLoadingException;
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java
deleted file mode 100644
index 5be6bd9..0000000
--- a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfig.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package com.alibaba.confidentialcomputing.host;
-
-import org.xml.sax.InputSource;
-
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-import java.io.File;
-import java.io.StringReader;
-import java.nio.charset.Charset;
-import java.nio.file.Files;
-
-import static com.alibaba.confidentialcomputing.host.ExtractLibrary.extractLibrary;
-
-class TeeSdkEnclaveConfig {
- private final static String TEE_SDK_ENCLAVE_CONFIG_FILE = "tee_sdk_svm.conf";
- private long heapMaxSize;
- private int threadMaxNumber;
-
- private static String configFilePath;
- private static TeeSdkEnclaveConfig config;
-
- private TeeSdkEnclaveConfig(long heapMaxSize, int threadMaxNumber) {
- this.heapMaxSize = heapMaxSize;
- this.threadMaxNumber = threadMaxNumber;
- }
-
- private static long hexToDecimal(String value) {
- if (value.toLowerCase().startsWith("0x")) {
- return Long.parseLong(value.substring(2), 16);
- }
- return Long.parseLong(value);
- }
-
- private static String parseTeeSdkConfig(String path, String content) throws XPathExpressionException {
- InputSource source = new InputSource(new StringReader(content));
- XPathFactory xpathFactory = XPathFactory.newInstance();
- XPath xpath = xpathFactory.newXPath();
- return xpath.evaluate(path, source);
- }
-
- static {
- try {
- configFilePath = extractLibrary(TeeSdkEnclave.class.getClassLoader(), TEE_SDK_ENCLAVE_CONFIG_FILE);
- File file = new File(configFilePath);
- String content = Files.readString(file.toPath(), Charset.forName("UTF-8"));
- String heapMaxSize = parseTeeSdkConfig("/EnclaveConfiguration/HeapMaxSize", content);
- String threadMaxSize = parseTeeSdkConfig("/EnclaveConfiguration/TCSNum", content);
- config = new TeeSdkEnclaveConfig(hexToDecimal(heapMaxSize), (int) hexToDecimal(threadMaxSize));
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-
- static TeeSdkEnclaveConfig getTeeSdkEnclaveConfigInstance() {
- return config;
- }
-
- long getHeapMaxSizeBytes() {
- return this.heapMaxSize;
- }
-
- int getThreadMaxNumber() {
- return this.threadMaxNumber;
- }
-}
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java
new file mode 100644
index 0000000..0b1ebfe
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/TeeSdkEnclaveConfigure.java
@@ -0,0 +1,74 @@
+package com.alibaba.confidentialcomputing.host;
+
+import java.io.IOException;
+
+class TeeSdkEnclaveConfigure {
+ private final static long KB = 1 * 1024;
+ private final static long MB = KB * 1024;
+ private final static String TEE_SDK_SVM_MAX_HEAP_SIZE_PROPERTY = "com.alibaba.enclave.teesdk.maxheap_MB";
+ private final static String TEE_SDK_SYMBOL_TRACE_ENABLE_PROPERTY = "com.alibaba.enclave.teesdk.symbol.trace";
+ private static EnclaveConfigure enclaveConfigure;
+ private static TeeSdkEnclaveConfigure teeSdkEnclaveConfigure;
+
+ private int flag = 0x0;
+ private long enclaveSVMMaxHeapSize = 0;
+
+ private TeeSdkEnclaveConfigure() throws IOException {
+ enclaveConfigure = EnclaveConfigure.getInstance();
+ parseSymbolTraceEnable(System.getProperty(TEE_SDK_SYMBOL_TRACE_ENABLE_PROPERTY));
+ parseAndInitSVMaxHeapSize(System.getProperty(TEE_SDK_SVM_MAX_HEAP_SIZE_PROPERTY));
+ }
+
+ static TeeSdkEnclaveConfigure getInstance() throws IOException {
+ if (teeSdkEnclaveConfigure != null) return teeSdkEnclaveConfigure;
+ synchronized (TeeSdkEnclaveConfigure.class) {
+ if (teeSdkEnclaveConfigure == null) teeSdkEnclaveConfigure = new TeeSdkEnclaveConfigure();
+ }
+ return teeSdkEnclaveConfigure;
+ }
+
+ private void parseSymbolTraceEnable(String flag) {
+ this.flag = Boolean.parseBoolean(flag) ? 1 : 0;
+ }
+
+ private void parseAndInitSVMaxHeapSize(String heapSize) {
+ // make sure that svmMaxHeapSize should not larger than enclave_epc_memory * 0.8
+ if (heapSize != null) {
+ enclaveSVMMaxHeapSize = enclaveConfigure.getReferenceEnclaveMaxHeapSize();
+ long confMaxHeapSize = Long.parseLong(heapSize) * MB;
+ if (enclaveSVMMaxHeapSize > confMaxHeapSize) enclaveSVMMaxHeapSize = confMaxHeapSize;
+ }
+ }
+
+ boolean isEnclaveDebuggable() {
+ return enclaveConfigure.isEnclaveDebuggable();
+ }
+
+ boolean isEnableMetricTrace() {
+ return enclaveConfigure.isEnableMetricTrace();
+ }
+
+ int isEnableTeeSDKSymbolTracing() {
+ return flag;
+ }
+
+ int getMaxEnclaveThreadNum() {
+ return enclaveConfigure.getMaxEnclaveThreadNum();
+ }
+
+ long getMaxEnclaveEPCMemorySizeBytes() {
+ return enclaveConfigure.getMaxEnclaveEPCMemorySizeBytes();
+ }
+
+ long getEnclaveSVMMaxHeapSize() {
+ return enclaveSVMMaxHeapSize;
+ }
+
+ String getMetricTraceFilePath() {
+ return enclaveConfigure.getMetricTraceFilePath();
+ }
+
+ EnclaveType getDefaultEnclaveType() {
+ return enclaveConfigure.getDefaultEnclaveType();
+ }
+}
diff --git a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c
index 8099c79..e892edd 100644
--- a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c
+++ b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.c
@@ -23,13 +23,13 @@ void set_long_field_value(JNIEnv *env, jclass class_mirror, jobject obj, const c
jint parse_http_handler_thread_pool_size(JNIEnv *env, jobject config) {
jclass config_class = (*env)->GetObjectClass(env, config);
- jmethodID get_thread_pool_id = (*env)->GetMethodID(env, config_class, "getAgentHttpHandlerThreadPoolSize", "()I");
+ jmethodID get_thread_pool_id = (*env)->GetMethodID(env, config_class, "getEnclaveAgentThreadPoolSize", "()I");
return (*env)->CallObjectMethod(env, config, get_thread_pool_id);
}
jstring parse_log_level(JNIEnv *env, jobject config) {
jclass config_class = (*env)->GetObjectClass(env, config);
- jmethodID get_log_level_id = (*env)->GetMethodID(env, config_class, "getLibOSLogLevel", "()Ljava/lang/String;");
+ jmethodID get_log_level_id = (*env)->GetMethodID(env, config_class, "getLogLevel", "()Ljava/lang/String;");
return (*env)->CallObjectMethod(env, config, get_log_level_id);
}
diff --git a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h
index c188536..dead896 100644
--- a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h
+++ b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h
@@ -8,7 +8,7 @@
extern "C" {
#endif
-#define ENCLAVE_CREATING_SIGNATURE "(IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig;Ljava/lang/String;)I"
+#define ENCLAVE_CREATING_SIGNATURE "(IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure;Ljava/lang/String;)I"
#define ENCLAVE_CREATING_EXCEPTION "com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException"
#define ENCLAVE_DESTROYING_EXCEPTION "com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException"
@@ -41,7 +41,7 @@ JNIEXPORT void JNICALL Java_com_alibaba_confidentialcomputing_host_EmbeddedLibOS
/*
* Class: com_alibaba_confidentialcomputing_host_EmbeddedLibOSEnclave
* Method: nativeCreateEnclave
- * Signature: (IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfig;Ljava/lang/String;)I
+ * Signature: (IIIILcom/alibaba/confidentialcomputing/host/EmbeddedLibOSEnclaveConfigure;Ljava/lang/String;)I
*/
JNIEXPORT jint JNICALL JavaEnclave_TeeLibOSNativeCreateEnclave
(JNIEnv *, jobject, jint, jint, jint, jint, jobject, jstring);
diff --git a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c
index 5510baa..c1b6df6 100644
--- a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c
+++ b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.c
@@ -17,7 +17,7 @@ typedef int (*mock_enclave_stub)(graal_isolate_t*, enc_data_t*, enc_data_t*, cal
static JNINativeMethod mock_in_svm_methods[] = {
{"nativeCreateEnclave", "(Ljava/lang/String;)I", (void *)&JavaEnclave_MockSVMNativeCreateEnclave},
- {"nativeSvmAttachIsolate", "(J)I", (void *)&JavaEnclave_MockSVMNativeSvmAttachIsolate},
+ {"nativeSvmAttachIsolate", "(JLjava/lang/String;)I", (void *)&JavaEnclave_MockSVMNativeSvmAttachIsolate},
{"nativeLoadService", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeLoadService},
{"nativeInvokeMethod", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeInvokeMethod},
{"nativeUnloadService", "(JJ[B)[B", (void *)&JavaEnclave_MockSVMNativeUnloadService},
@@ -122,21 +122,28 @@ JavaEnclave_MockSVMNativeCreateEnclave(JNIEnv *env, jobject obj, jstring path) {
}
JNIEXPORT jint JNICALL
-JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler) {
+JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler, jstring args) {
graal_isolate_t* isolate_t;
- graal_create_isolate_params_t p;
graal_isolatethread_t* isolate_thread_t;
- int (*graal_create_isolate)(graal_create_isolate_params_t* params, graal_isolate_t** isolate, graal_isolatethread_t** thread);
- graal_create_isolate = (int (*)(graal_create_isolate_params_t*, graal_isolate_t**, graal_isolatethread_t**)) dlsym((void *)enclave_handler, "graal_create_isolate");
- if (!graal_create_isolate) {
+ int (*create_isolate_with_params)(int argc, char** parameters, graal_isolate_t** isolate, graal_isolatethread_t** thread);
+ create_isolate_with_params = (int (*)(int, char**, graal_isolate_t**, graal_isolatethread_t**)) dlsym((void *)enclave_handler, "create_isolate_with_params");
+ if (!create_isolate_with_params) {
THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "create isolate dlsym error.")
}
- if (graal_create_isolate(NULL, &isolate_t, &isolate_thread_t) != 0) {
+ char *args_str = (*env)->GetStringUTFChars(env, args, 0);
+ int argc = 2;
+ char* parameters[2];
+ parameters[0] = NULL;
+ parameters[1] = args_str;
+
+ if (create_isolate_with_params(argc, parameters, &isolate_t, &isolate_thread_t) != 0) {
+ (*env)->ReleaseStringUTFChars(env, args, args_str);
THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "graal_create_isolate create error.")
}
+ (*env)->ReleaseStringUTFChars(env, args, args_str);
// set isolate_t and isolate_thread_t back to MockInSvmEnclave.isolateHandle and MockInSvmEnclave.isolateThreadHandle
jclass class_enclave = (*env)->GetObjectClass(env, obj);
set_long_field_value(env, class_enclave, obj, "isolateHandle", (jlong)isolate_t);
diff --git a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h
index 5449a51..35f240c 100644
--- a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h
+++ b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h
@@ -45,9 +45,9 @@ JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeCreateEnclave(JNIEnv *, jobject,
/*
* Class: JavaEnclave_MockSVMNativeSvmAttachIsolate
* Method: nativeSvmAttachIsolate
- * Signature: (J)I
+ * Signature: (JLjava/lang/String;)I
*/
-JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong);
+JNIEXPORT jint JNICALL JavaEnclave_MockSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong, jstring);
/*
* Class: JavaEnclave_MockSVMNativeLoadService
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c
index ad558d5..be4ce81 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c
@@ -18,7 +18,7 @@
static JNINativeMethod tee_sdk_svm_methods[] = {
{"nativeCreateEnclave", "(ILjava/lang/String;)I", (void *)&JavaEnclave_TeeSDKSVMNativeCreateEnclave},
- {"nativeSvmAttachIsolate", "(J)I", (void *)&JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate},
+ {"nativeSvmAttachIsolate", "(JILjava/lang/String;)I", (void *)&JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate},
{"nativeLoadService", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeLoadService},
{"nativeInvokeMethod", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeInvokeMethod},
{"nativeUnloadService", TEE_SDK_SVM_NATIVE_CALL_SIGNATURE, (void *)&JavaEnclave_TeeSDKSVMNativeUnloadService},
@@ -108,16 +108,20 @@ JavaEnclave_TeeSDKSVMNativeCreateEnclave(JNIEnv *env, jobject obj, jint mode, js
}
JNIEXPORT jint JNICALL
-JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler) {
+JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *env, jobject obj, jlong enclave_handler, jint flag, jstring args) {
// create an isolate in enclave.
uint64_t isolate = 0;
uint64_t isolateThread = 0;
int ret = 0;
- enclave_svm_isolate_create((size_t)enclave_handler, &ret, (void *)(&isolate), (void *)(&isolateThread));
+
+ char *args_str = (*env)->GetStringUTFChars(env, args, 0);
+ enclave_svm_isolate_create((size_t)enclave_handler, &ret, (void *)(&isolate), (void *)(&isolateThread), flag, args_str);
if (ret != 0) {
+ (*env)->ReleaseStringUTFChars(env, args, args_str);
THROW_EXCEPTION(env, ENCLAVE_CREATING_EXCEPTION, "attach native svm failed when creating an enclave.")
}
+ (*env)->ReleaseStringUTFChars(env, args, args_str);
jclass enclave_class = (*env)->GetObjectClass(env, obj);
// set isolate back to isolateHandle field.
set_long_field_value(env, enclave_class, obj, "isolateHandle", (jlong)isolate);
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h
index 2dfced4..0c3f9df 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h
@@ -52,9 +52,9 @@ JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeCreateEnclave(JNIEnv *, jobjec
/*
* Class: com_alibaba_confidentialcomputing_host_TeeSdkEnclave
* Method: nativeSvmAttachIsolate
- * Signature: (J)I
+ * Signature: (JILjava/lang/String;)I
*/
-JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong);
+JNIEXPORT jint JNICALL JavaEnclave_TeeSDKSVMNativeSvmAttachIsolate(JNIEnv *, jobject, jlong, jint, jstring);
/*
* Class: com_alibaba_confidentialcomputing_host_TeeSdkEnclave
diff --git a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
index 4736611..cceb4f5 100644
--- a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
+++ b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
@@ -8,7 +8,7 @@ enclave {
trusted {
// create a graal isolate;
- public int enclave_svm_isolate_create([out, size=8] void* isolate, [out, size=8] void* isolateThread);
+ public int enclave_svm_isolate_create([out, size=8] void* isolate, [out, size=8] void* isolateThread, int flag, [string, in] char* args);
// load enclave services instance;
public int load_enclave_svm_services(uint64_t isolate, [in, size=len0] void* input, size_t len0, [out, size=8] void* output, [out, size=8] size_t* len1);
// invoke enclave instance's services;
diff --git a/sdk/native/config/template/Occlum.json b/sdk/native/config/template/Occlum.json
new file mode 100644
index 0000000..0981ed8
--- /dev/null
+++ b/sdk/native/config/template/Occlum.json
@@ -0,0 +1,74 @@
+{
+ "resource_limits": {
+ "kernel_space_heap_size": "32MB",
+ "kernel_space_stack_size": "1MB",
+ "user_space_size": "1024MB",
+ "max_num_of_threads": 50
+ },
+ "process": {
+ "default_stack_size": "4MB",
+ "default_heap_size": "32MB",
+ "default_mmap_size": "100MB"
+ },
+ "entry_points": [
+ "/usr/lib/dragonwell11/jre/bin"
+ ],
+ "env": {
+ "default": [
+ "LD_LIBRARY_PATH=/usr/lib/dragonwell11/jre/lib/server:/usr/lib/dragonwell11/jre/lib:/usr/lib/dragonwell11/jre/../lib"
+ ],
+ "untrusted": [
+ "EXAMPLE"
+ ]
+ },
+ "metadata": {
+ "product_id": 0,
+ "version_number": 0,
+ "debuggable": true,
+ "enable_kss": false,
+ "family_id": {
+ "high": "0x0",
+ "low": "0x0"
+ },
+ "ext_prod_id": {
+ "high": "0x0",
+ "low": "0x0"
+ }
+ },
+ "mount": [
+ {
+ "target": "/",
+ "type": "unionfs",
+ "options": {
+ "layers": [
+ {
+ "target": "/",
+ "type": "sefs",
+ "source": "./build/mount/__ROOT",
+ "options": {
+ "MAC": ""
+ }
+ },
+ {
+ "target": "/",
+ "type": "sefs",
+ "source": "./run/mount/__ROOT"
+ }
+ ]
+ }
+ },
+ {
+ "target": "/host",
+ "type": "hostfs",
+ "source": "."
+ },
+ {
+ "target": "/proc",
+ "type": "procfs"
+ },
+ {
+ "target": "/dev",
+ "type": "devfs"
+ }
+ ]
+}
diff --git a/benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf b/sdk/native/config/template/TeeSDK.conf
similarity index 77%
rename from benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf
rename to sdk/native/config/template/TeeSDK.conf
index ffa1b22..1436833 100644
--- a/benchmark/guomi/enclave/src/main/resources/tee_sdk_svm.conf
+++ b/sdk/native/config/template/TeeSDK.conf
@@ -3,8 +3,8 @@
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x30000000</HeapMaxSize>
- <TCSNum>15</TCSNum>
+ <HeapMaxSize>0x40000000</HeapMaxSize>
+ <TCSNum>50</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
diff --git a/sdk/native/config/template/java_enclave_configure.json b/sdk/native/config/template/java_enclave_configure.json
new file mode 100644
index 0000000..5baa786
--- /dev/null
+++ b/sdk/native/config/template/java_enclave_configure.json
@@ -0,0 +1,8 @@
+{
+ "debuggable": false,
+ "enclave_type": "TEE_SDK",
+ "metric_trace_enable": false,
+ "metric_trace_file_path": "",
+ "enclave_max_thread": 50,
+ "enclave_max_epc_memory_size_MB": 1500
+}
\ No newline at end of file
diff --git a/sdk/native/include/enc_exported_symbol.h b/sdk/native/include/enc_exported_symbol.h
index 0e77dd9..345941b 100644
--- a/sdk/native/include/enc_exported_symbol.h
+++ b/sdk/native/include/enc_exported_symbol.h
@@ -7,6 +7,8 @@
extern "C" {
#endif
+int create_isolate_with_params(int argc, char** parameters, graal_isolate_t** isolate, graal_isolatethread_t** thread);
+
int java_loadservice_invoke(graal_isolate_t* thread, enc_data_t* input, enc_data_t* result, callbacks_t* callBacks);
int java_enclave_invoke(graal_isolate_t* thread, enc_data_t* input, enc_data_t* result, callbacks_t* callBacks);
diff --git a/sdk/native/script/build_app/Makefile b/sdk/native/script/build_app/Makefile
index 9a6ce58..a1f2307 100644
--- a/sdk/native/script/build_app/Makefile
+++ b/sdk/native/script/build_app/Makefile
@@ -33,15 +33,18 @@ ifeq ($(TEE_SDK), TRUE)
-fpie -ljava -lzip -lnio -lnet -l$(LIB_SUNEC) -ljvm -lfdlibm -llibchelper \
$(TS_ENCLAVE_LDFLAGS) -Wl,--version-script=/opt/javaenclave/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.lds
+ # create tee_sdk.conf
+ /bin/bash ${BUILD_SCRIPT_DIR}/create_tee_sdk_configure.sh ${ENCLAVE_BASE_DIR}/src/main/resources ${ENCLAVE_BASE_DIR}/target/enclave_workspace
+
ifeq ($(ENCLAVE_PRIVATE_PEM_PATH), )
openssl genrsa -out ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem -3 3072
$(SGX_ENCLAVE_SIGNER) sign -enclave ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load \
-out ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load.signed \
- -config ${ENCLAVE_BASE_DIR}/src/main/resources/tee_sdk_svm.conf -key ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem
+ -config ${ENCLAVE_BASE_DIR}/target/enclave_workspace/TeeSDK.conf -key ${ENCLAVE_BASE_DIR}/target/enclave_workspace/private.pem
else
$(SGX_ENCLAVE_SIGNER) sign -enclave ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load \
-out ${ENCLAVE_BASE_DIR}/target/svm-output/lib_tee_sdk_svm_load.signed \
- -config ${ENCLAVE_BASE_DIR}/src/main/resources/tee_sdk_svm.conf -key $(ENCLAVE_PRIVATE_PEM_PATH)
+ -config ${ENCLAVE_BASE_DIR}/target/enclave_workspace/TeeSDK.conf -key $(ENCLAVE_PRIVATE_PEM_PATH)
endif
endif
diff --git a/sdk/native/script/build_app/create_tee_sdk_configure.sh b/sdk/native/script/build_app/create_tee_sdk_configure.sh
new file mode 100644
index 0000000..7a6115b
--- /dev/null
+++ b/sdk/native/script/build_app/create_tee_sdk_configure.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+TEE_SDK_CONFIG_FILE_PATH=$1
+TEE_SDK_BUILD_WORKSPACE=$2
+
+# prepare for TeeSDK.conf
+cp /opt/javaenclave/config/template/TeeSDK.conf ${TEE_SDK_BUILD_WORKSPACE}
+user_tee_sdk_enclave_config_file=/opt/javaenclave/config/template/java_enclave_configure.json
+if [[ -f "${TEE_SDK_CONFIG_FILE_PATH}/java_enclave_configure.json" ]]; then
+ user_tee_sdk_enclave_config_file=${TEE_SDK_CONFIG_FILE_PATH}/java_enclave_configure.json
+fi
+max_thread_num=$(< "${user_tee_sdk_enclave_config_file}" jq -r '.enclave_max_thread')
+user_space_size=$(< "${user_tee_sdk_enclave_config_file}" jq -r '.enclave_max_epc_memory_size_MB')
+user_space_size=$((user_space_size*1024*1024))
+user_space_size=`printf "%x" $user_space_size`
+sed -i "s/<TCSNum>[0-9]*<\/TCSNum>/<TCSNum>${max_thread_num}<\/TCSNum>/g" ${TEE_SDK_BUILD_WORKSPACE}/TeeSDK.conf
+sed -i "s/<HeapMaxSize>0x[0-9]*<\/HeapMaxSize>/<HeapMaxSize>0x${user_space_size}<\/HeapMaxSize>/g" ${TEE_SDK_BUILD_WORKSPACE}/TeeSDK.conf
\ No newline at end of file
diff --git a/sdk/native/script/build_app/libos_occlum_enclave_build.sh b/sdk/native/script/build_app/libos_occlum_enclave_build.sh
index 3879514..c7b528e 100644
--- a/sdk/native/script/build_app/libos_occlum_enclave_build.sh
+++ b/sdk/native/script/build_app/libos_occlum_enclave_build.sh
@@ -1,7 +1,11 @@
#!/bin/bash
enclave_target_path=${ENCLAVE_BASE_DIR}/target
-user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/embedded_libos_enclave.json
+
+user_occlum_enclave_config_file=/opt/javaenclave/config/template/java_enclave_configure.json
+if [ -f "${ENCLAVE_BASE_DIR}/src/main/resources/java_enclave_configure.json" ]; then
+ user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/java_enclave_configure.json
+fi
# parse enclave with dependencies jar file name.
# shellcheck disable=SC2061
@@ -9,8 +13,7 @@ user_occlum_enclave_config_file=${ENCLAVE_BASE_DIR}/src/main/resources/embedded_
# shellcheck disable=SC2035
pushd "${enclave_target_path}"
enclave_jar_name=$(find -name *-jar-with-dependencies.jar)
-if [[ -z $enclave_jar_name ]];
-then
+if [[ -z $enclave_jar_name ]]; then
echo "enclave with dependencies jar file is empty."
exit 1
fi
@@ -26,21 +29,15 @@ occlum init
# update Occlum.json according to user's config file embedded_libos_enclave.json
debuggable=$(< "${user_occlum_enclave_config_file}" jq -r '.debuggable')
-default_mmap_size=$(< "${user_occlum_enclave_config_file}" jq -r '.default_mmap_size')
-occlum_kernel_heap_size=$(< "${user_occlum_enclave_config_file}" jq -r '.kernel_space_heap_size')
-occlum_max_thread_num=$(< "${user_occlum_enclave_config_file}" jq -r '.max_num_of_threads')
-user_space_size=$(< "${user_occlum_enclave_config_file}" jq -r '.user_space_size')
-
-new_json="$(jq --arg default_mmap_size "$default_mmap_size" \
- --arg user_space_size "$user_space_size" \
- --arg occlum_kernel_heap_size "$occlum_kernel_heap_size" \
+occlum_max_thread_num=$(< "${user_occlum_enclave_config_file}" jq -r '.enclave_max_thread')
+user_space_size=$(< "${user_occlum_enclave_config_file}" jq -r '.enclave_max_epc_memory_size_MB')
+user_space_size=${user_space_size}MB
+
+new_json="$(jq --arg user_space_size "$user_space_size" \
--argjson occlum_max_thread_num "$occlum_max_thread_num" \
--argjson debuggable "$debuggable" \
'.resource_limits.user_space_size = $user_space_size |
- .resource_limits.kernel_space_heap_size = $occlum_kernel_heap_size |
.resource_limits.max_num_of_threads = $occlum_max_thread_num |
- .process.default_heap_size = "150MB" |
- .process.default_mmap_size = $default_mmap_size |
.metadata.debuggable = $debuggable |
.entry_points = [ "/usr/lib/dragonwell11/jre/bin" ] |
.env.default = [ "LD_LIBRARY_PATH=/usr/lib/dragonwell11/jre/lib/server:/usr/lib/dragonwell11/jre/lib:/usr/lib/dragonwell11/jre/../lib" ]' Occlum.json)"
@@ -66,16 +63,14 @@ mkdir -p ./image/usr/app
cp -r "${enclave_target_path}"/"${enclave_jar_name}" ./image/usr/app
# prepare private.pem for image signing.
-if [[ -z ${ENCLAVE_PRIVATE_PEM_PATH} ]];
-then
+if [[ -z ${ENCLAVE_PRIVATE_PEM_PATH} ]]; then
openssl genrsa -out private.pem -3 3072
occlum build --sign-key private.pem
else
occlum build --sign-key "${ENCLAVE_PRIVATE_PEM_PATH}"
fi
-if [ $debuggable ]
-then
+if [ $debuggable ]; then
# occlum package --debug > /dev/null
occlum package --debug > /dev/null 2>&1
else
diff --git a/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java
index 2b227d0..b012f68 100644
--- a/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java
+++ b/test/common/src/main/java/com/alibaba/confidentialcomputing/test/common/ConcurrencyCalculate.java
@@ -6,4 +6,6 @@ import com.alibaba.confidentialcomputing.common.annotations.EnclaveService;
public interface ConcurrencyCalculate {
void add(int delta);
long sum();
+ void addSync(int delta);
+ long sumSync();
}
diff --git a/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java
index 617737a..587a00f 100644
--- a/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java
+++ b/test/enclave/src/main/java/com/alibaba/confidentialcomputing/test/enclave/ConcurrencyCalculateImpl.java
@@ -8,6 +8,7 @@ import java.util.concurrent.atomic.AtomicLong;
@AutoService(ConcurrencyCalculate.class)
public class ConcurrencyCalculateImpl implements ConcurrencyCalculate {
private AtomicLong sum = new AtomicLong();
+ private long sumSync = 0x0;
@Override
public void add(int delta) {
@@ -18,4 +19,17 @@ public class ConcurrencyCalculateImpl implements ConcurrencyCalculate {
public long sum() {
return sum.get();
}
+
+ @Override
+ public synchronized void addSync(int delta) {
+ while(delta > 0x0) {
+ sumSync++;
+ delta--;
+ }
+ }
+
+ @Override
+ public synchronized long sumSync() {
+ return sumSync;
+ }
}
diff --git a/test/enclave/src/main/resources/embedded_libos_enclave.json b/test/enclave/src/main/resources/embedded_libos_enclave.json
deleted file mode 100644
index 5ea4c10..0000000
--- a/test/enclave/src/main/resources/embedded_libos_enclave.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "debuggable": false,
- "agent_http_handler_thread_pool_size": 15,
- "enclave_startup_duration_ms": 60000,
- "kernel_space_heap_size": "32MB",
- "user_space_size": "1200MB",
- "default_mmap_size": "800MB",
- "max_num_of_threads": 60,
- "log_level": "off",
- "enclave_jvm_args": ["-XX:-UseCompressedOops", "-Xmx512m", "-Dos.name=Linux"]
-}
\ No newline at end of file
diff --git a/test/enclave/src/main/resources/tee_sdk_svm.conf b/test/enclave/src/main/resources/tee_sdk_svm.conf
deleted file mode 100644
index 95d4685..0000000
--- a/test/enclave/src/main/resources/tee_sdk_svm.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- Please refer to User's Guide for the explanation of each field -->
-<EnclaveConfiguration>
- <ProdID>0</ProdID>
- <ISVSVN>0</ISVSVN>
- <StackMaxSize>0x101000</StackMaxSize>
- <HeapMaxSize>0x20000000</HeapMaxSize>
- <TCSNum>15</TCSNum>
- <TCSPolicy>1</TCSPolicy>
- <DisableDebug>0</DisableDebug>
- <MiscSelect>0</MiscSelect>
- <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
\ No newline at end of file
diff --git a/test/host/pom.xml b/test/host/pom.xml
index 77bbc1c..a202260 100644
--- a/test/host/pom.xml
+++ b/test/host/pom.xml
@@ -56,6 +56,9 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M5</version>
+ <configuration>
+ <forkCount>0</forkCount>
+ </configuration>
</plugin>
</plugins>
</build>
diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java
index 4740f53..89f2d77 100644
--- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java
+++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveConcurrency.java
@@ -48,6 +48,40 @@ public class TestEnclaveConcurrency {
enclave.destroy();
}
+ private void enclaveConcurrencySync(EnclaveType type) throws Exception {
+ int concurrency = 10;
+ int workload = 20_000;
+ CountDownLatch latch0 = new CountDownLatch(1);
+ CountDownLatch latch1 = new CountDownLatch(concurrency);
+
+ Enclave enclave = EnclaveFactory.create(type);
+ Iterator<ConcurrencyCalculate> services = enclave.load(ConcurrencyCalculate.class);
+ assertTrue(services.hasNext());
+ ConcurrencyCalculate service = services.next();
+ for (int i = 0; i < concurrency; i++) {
+ new Thread(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ latch0.await();
+ service.addSync(workload);
+ latch1.countDown();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }).start();
+ }
+ latch0.countDown();
+ latch1.await();
+ assertEquals(concurrency * workload, service.sumSync());
+
+ // waiting for enclave service recycle.
+ System.gc();
+ Thread.sleep(2000);
+ enclave.destroy();
+ }
+
@Test
public void testEnclaveConcurrency() throws Exception {
enclaveConcurrency(EnclaveType.MOCK_IN_JVM);
@@ -55,4 +89,12 @@ public class TestEnclaveConcurrency {
enclaveConcurrency(EnclaveType.TEE_SDK);
enclaveConcurrency(EnclaveType.EMBEDDED_LIB_OS);
}
+
+ @Test
+ public void testEnclaveConcurrencySync() throws Exception {
+ enclaveConcurrencySync(EnclaveType.MOCK_IN_JVM);
+ enclaveConcurrencySync(EnclaveType.MOCK_IN_SVM);
+ enclaveConcurrencySync(EnclaveType.TEE_SDK);
+ enclaveConcurrencySync(EnclaveType.EMBEDDED_LIB_OS);
+ }
}
diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java
index 7164035..1630d82 100644
--- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java
+++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfo.java
@@ -33,8 +33,8 @@ public class TestEnclaveInfo {
enclaveInfo = enclave.getEnclaveInfo();
assertEquals(enclaveInfo.getEnclaveType(), EnclaveType.TEE_SDK);
assertEquals(enclaveInfo.isEnclaveDebuggable(), false);
- assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 0x20000000);
- assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 15);
+ assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024);
+ assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 50);
enclave.destroy();
// it's related to config file in test project.
@@ -42,8 +42,8 @@ public class TestEnclaveInfo {
enclaveInfo = enclave.getEnclaveInfo();
assertEquals(enclaveInfo.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS);
assertEquals(enclaveInfo.isEnclaveDebuggable(), false);
- assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1200 * 1024 * 1024);
- assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 60);
+ assertEquals(enclaveInfo.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024);
+ assertEquals(enclaveInfo.getEnclaveMaxThreadsNumber(), 50);
enclave.destroy();
}
}
diff --git a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java
index ea3c092..622f87c 100644
--- a/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java
+++ b/test/host/src/test/java/com/alibaba/confidentialcomputing/test/host/TestEnclaveInfoMXBean.java
@@ -60,16 +60,16 @@ public class TestEnclaveInfoMXBean {
EnclaveInfo enclaveInfoTEE = enclaveTEE.getEnclaveInfo();
assertEquals(enclaveInfoTEE.getEnclaveType(), EnclaveType.TEE_SDK);
assertEquals(enclaveInfoTEE.isEnclaveDebuggable(), false);
- assertEquals(enclaveInfoTEE.getEnclaveEPCMemorySizeBytes(), 0x20000000);
- assertEquals(enclaveInfoTEE.getEnclaveMaxThreadsNumber(), 15);
+ assertEquals(enclaveInfoTEE.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024);
+ assertEquals(enclaveInfoTEE.getEnclaveMaxThreadsNumber(), 50);
// it's related to config file in test project.
Enclave enclaveLIBOS = EnclaveFactory.create(EnclaveType.EMBEDDED_LIB_OS);
EnclaveInfo enclaveInfoLIBOS = enclaveLIBOS.getEnclaveInfo();
assertEquals(enclaveInfoLIBOS.getEnclaveType(), EnclaveType.EMBEDDED_LIB_OS);
assertEquals(enclaveInfoLIBOS.isEnclaveDebuggable(), false);
- assertEquals(enclaveInfoLIBOS.getEnclaveEPCMemorySizeBytes(), 1200 * 1024 * 1024);
- assertEquals(enclaveInfoLIBOS.getEnclaveMaxThreadsNumber(), 60);
+ assertEquals(enclaveInfoLIBOS.getEnclaveEPCMemorySizeBytes(), 1500 * 1024 * 1024);
+ assertEquals(enclaveInfoLIBOS.getEnclaveMaxThreadsNumber(), 50);
enclaveInfoMXBeanStub = new ObjectName(DOMAIN_NAME + ":name=" + ENCLAVE_MX_BEAN_STUB);
mxBeanService = ManagementFactory.getPlatformMBeanServer();
@@ -120,12 +120,9 @@ public class TestEnclaveInfoMXBean {
assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), -1);
break;
case "TEE_SDK":
- assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 0x20000000);
- assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 15);
- break;
case "EMBEDDED_LIB_OS":
- assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 1200 * 1024 * 1024);
- assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 60);
+ assertEquals((long)enclaveInfo.get("enclaveEPCMemorySizeBytes"), 1500 * 1024 * 1024);
+ assertEquals((int)enclaveInfo.get("enclaveMaxThreadsNumber"), 50);
break;
case "NONE":
assert (false);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org