You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by sh...@apache.org on 2022/11/11 05:17:42 UTC
[incubator-teaclave-java-tee-sdk] 02/48: [sdk] Add exported API for JavaEnclave programming model
This is an automated email from the ASF dual-hosted git repository.
shaojunwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 7f023bb31e86ca3265ea293dbd48aa2632df47c9
Author: jeffery.wsj <je...@alibaba-inc.com>
AuthorDate: Fri Dec 24 12:06:38 2021 +0800
[sdk] Add exported API for JavaEnclave programming model
Summary: Add JavaEnclave exported API, such as enclave create and destroy.
Test Plan: all tests pass
Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh
Issue: https://aone.alibaba-inc.com/task/38705062
CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/7341839
---
sdk/enclave/pom.xml | 61 +++++++++++++++++
.../exception/ConfidentialComputingException.java | 23 +++++++
sdk/host/pom.xml | 20 ++++++
.../confidentialcomputing/host/Enclave.java | 80 ++++++++++++++++++++++
.../confidentialcomputing/host/EnclaveFactory.java | 48 +++++++++++++
.../confidentialcomputing/host/EnclaveType.java | 26 +++++++
.../exception/ConfidentialComputingException.java | 23 +++++++
.../host/exception/EnclaveCreatingException.java | 22 ++++++
.../host/exception/EnclaveDestroyingException.java | 22 ++++++
.../host/exception/ServicesLoadingException.java | 22 ++++++
sdk/pom.xml | 45 ++++++++++++
11 files changed, 392 insertions(+)
diff --git a/sdk/enclave/pom.xml b/sdk/enclave/pom.xml
new file mode 100644
index 0000000..ebc8afa
--- /dev/null
+++ b/sdk/enclave/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <parent>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <artifactId>JavaEnclave</artifactId>
+ <version>0.1.0</version>
+ </parent>
+ <artifactId>enclave</artifactId>
+ <packaging>jar</packaging>
+ <name>JavaEnclave-Enclave</name>
+ <url></url>
+ <build>
+ <plugins>
+ <!--plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>0.8.3</version>
+ <configuration>
+ <includes>
+ <include>com/alibaba/confidentialcomputing/**/*</include>
+ </includes>
+ </configuration>
+ <executions>
+ <execution>
+ <id>pre-test</id>
+ <goals>
+ <goal>prepare-agent</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>post-test</id>
+ <phase>test</phase>
+ <goals>
+ <goal>report</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin-->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.22.1</version>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter-engine</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file
diff --git a/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java
new file mode 100644
index 0000000..51b4c93
--- /dev/null
+++ b/sdk/enclave/src/main/java/com/alibaba/confidentialcomputing/enclave/exception/ConfidentialComputingException.java
@@ -0,0 +1,23 @@
+package com.alibaba.confidentialcomputing.enclave.exception;
+
+/**
+ * ConfidentialComputingException {@link ConfidentialComputingException} is base exception in
+ * JavaEnclave's enclave. All exceptions thrown in JavaEnclave enclave will inherit this
+ * base exception.
+ * Programmers need to handle ConfidentialComputingException seriously.
+ */
+public class ConfidentialComputingException extends Exception {
+ /**
+ * @param info exception information.
+ */
+ public ConfidentialComputingException(String info) {
+ super(info);
+ }
+
+ /**
+ * @param e exception.
+ */
+ public ConfidentialComputingException(Throwable e) {
+ super(e);
+ }
+}
\ No newline at end of file
diff --git a/sdk/host/pom.xml b/sdk/host/pom.xml
new file mode 100644
index 0000000..d017234
--- /dev/null
+++ b/sdk/host/pom.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <parent>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <artifactId>JavaEnclave</artifactId>
+ <version>0.1.0</version>
+ </parent>
+ <artifactId>host</artifactId>
+ <packaging>jar</packaging>
+ <name>JavaEnclave-Host</name>
+ <url></url>
+ <build>
+ <plugins>
+ </plugins>
+ </build>
+ <dependencies>
+ </dependencies>
+</project>
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java
new file mode 100644
index 0000000..b1db930
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/Enclave.java
@@ -0,0 +1,80 @@
+package com.alibaba.confidentialcomputing.host;
+
+import java.util.Iterator;
+
+import com.alibaba.confidentialcomputing.host.exception.ServicesLoadingException;
+import com.alibaba.confidentialcomputing.host.exception.EnclaveDestroyingException;
+
+/**
+ * A {@code Enclave} is a TEE(Trust Execution Environment) instance.
+ * It was created by EnclaveFactory class {@link EnclaveFactory},
+ * Enclave provides a confidential computing environment to process
+ * the work which it's very privacy and don't hope it was monitored
+ * by any others, especially public cloud platform and os kernel.
+ *
+ * <pre>
+ * +-------------------------------+ +-----------------------------+
+ * | Host | | Enclave |
+ * | | | |
+ * | EnclaveFactory.create() +----->| |
+ * | | | |
+ * | Enclave.load() +-------------------> providers loaded |
+ * | | | |
+ * | proxy.providers <-------------------+ |
+ * | | | |
+ * | proxy.invoker() +-------------------> provider call |
+ * | | | |
+ * | result <-------------------+ |
+ * | ... ... ... | | ... ... ... |
+ * | ... ... ... | | ... ... ... |
+ * | Enclave.destroy() +---------->| |
+ * | | | |
+ * +-------------------------------+ +-----------------------------+
+ * </pre>
+ * <p>
+ * The figure above describes an enclave's usual work flow.
+ * <p>
+ * In most cases, an enclave will be created first, then load services
+ * from enclave, next you could invoke the service's method in the enclave.
+ * the method's running middle-state data and its algorithm will be protected.
+ * At last, don't forget to destroy the enclave instance.
+ *
+ * <pre>
+ * try {
+ * Enclave enclave = EnclaveFactory.create();
+ * ... ... ...
+ * Service provider = enclave.load(Service);
+ * ... ... ...
+ * Object result = provider.invoke();
+ * ... ... ...
+ * ... ... ...
+ * enclave.destroy();
+ * } catch(ConfidentialComputingException e) {
+ * // exception handle.
+ * }
+ * </pre>
+ */
+public interface Enclave {
+
+ /**
+ * Returns all providers which implement service interface. It's similar to SPI
+ * ServiceLoader mechanism. It returns proxy providers which are mirrors to real
+ * services loaded in enclave.
+ * <p>
+ *
+ * @param <T> Service interface type
+ * @param service Must be a service interface
+ * @return An iterator of providers were discovered.
+ * @throws ServicesLoadingException {@link ServicesLoadingException} If proxy providers created
+ * failed or mirrors services loaded failed in enclave.
+ */
+ <T> Iterator<T> load(Class<T> service) throws ServicesLoadingException;
+
+ /**
+ * This method destroy the enclave instance, all the resources in the enclave will be released.
+ * <p>
+ *
+ * @throws EnclaveDestroyingException If underlying c/c++ enclave destroy failed.
+ */
+ void destroy() throws EnclaveDestroyingException;
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java
new file mode 100644
index 0000000..9999de6
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveFactory.java
@@ -0,0 +1,48 @@
+package com.alibaba.confidentialcomputing.host;
+
+import com.alibaba.confidentialcomputing.host.exception.EnclaveCreatingException;
+
+/**
+ * Factory class for {@link Enclave}.
+ * <p>
+ * TEE is an abstract concept, it contains many kinds of confidential compute technology.
+ * From hardware's point, there are Intel's SGX/TDX, Arm's TrustZone and so on.
+ * From software's point, there are SGX-SDK, OpenEnclave, TeeSDK and so on.
+ * JavaEnclave is committed to make java enclave development easy and efficient.
+ * <p>
+ * Java developer don't need to care too much about enclave's underlying technology stack.
+ * And JavaEnclave will help java programmer develop a java enclave service as the same as
+ * a common java service.
+ * <pre>
+ * try {
+ * Enclave enclave = EnclaveFactory.create();
+ * ... ... ...
+ * ... ... ...
+ * ... ... ...
+ * } catch (EnclaveCreatingException e) {
+ * // exception handle.
+ * }
+ * </pre>
+ */
+public final class EnclaveFactory {
+ /**
+ * TeeSDK type enclave will be created by default.
+ *
+ * @return An enclave instance.
+ * @throws EnclaveCreatingException {@link EnclaveCreatingException} If underlying c/c++ enclave
+ * create failed.
+ */
+ public static Enclave create() throws EnclaveCreatingException {
+ return null;
+ }
+
+ /**
+ * @param type explicitly indicate which type of enclave will be created.
+ * @return An enclave instance.
+ * @throws EnclaveCreatingException {@link EnclaveCreatingException} If underlying c/c++ enclave
+ * create failed.
+ */
+ public static Enclave create(EnclaveType type) throws EnclaveCreatingException {
+ return null;
+ }
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java
new file mode 100644
index 0000000..8e7f098
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/EnclaveType.java
@@ -0,0 +1,26 @@
+package com.alibaba.confidentialcomputing.host;
+
+/**
+ * An enumeration of enclave type.
+ * JavaEnclave supports three kinds of enclave, they are mock_jvm、mock_svm and tee_sdk.
+ */
+public enum EnclaveType {
+ NONE,
+ /**
+ * A mock enclave environment, both host and enclave application run in the same
+ * jvm environment, enclave services were discovered and loaded by SPI in host.
+ */
+ MOCK_IN_JVM,
+ /**
+ * A mock enclave environment, enclave application was compiled to machine code
+ * by graalvm svm compiler, host application runs in jvm environment, and enclave
+ * package was loaded by host.
+ */
+ MOCK_IN_SVM,
+ /**
+ * An enclave based on Intel's SGX2, with Alibaba Cloud's TEESdk. Enclave application
+ * was compiled to machine code and lint together with TEESdk's underlying libs,
+ * host application runs in jvm environment, and enclave package were loaded by host.
+ */
+ TEE_SDK,
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java
new file mode 100644
index 0000000..3bedccf
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ConfidentialComputingException.java
@@ -0,0 +1,23 @@
+package com.alibaba.confidentialcomputing.host.exception;
+
+/**
+ * ConfidentialComputingException {@link ConfidentialComputingException} is base exception in
+ * JavaEnclave's host. All exceptions thrown in JavaEnclave host will inherit this
+ * base exception.
+ * Programmers need to handle ConfidentialComputingException seriously.
+ */
+public class ConfidentialComputingException extends Exception {
+ /**
+ * @param info exception information.
+ */
+ public ConfidentialComputingException(String info) {
+ super(info);
+ }
+
+ /**
+ * @param e exception.
+ */
+ public ConfidentialComputingException(Throwable e) {
+ super(e);
+ }
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java
new file mode 100644
index 0000000..82cda63
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveCreatingException.java
@@ -0,0 +1,22 @@
+package com.alibaba.confidentialcomputing.host.exception;
+
+/**
+ * EnclaveCreatingException {@link EnclaveCreatingException} is thrown when exception happen
+ * during an enclave was creating.
+ * Programmers need to handle EnclaveCreatingException seriously.
+ */
+public class EnclaveCreatingException extends ConfidentialComputingException {
+ /**
+ * @param info exception information.
+ */
+ public EnclaveCreatingException(String info) {
+ super(info);
+ }
+
+ /**
+ * @param e exception.
+ */
+ public EnclaveCreatingException(Throwable e) {
+ super(e);
+ }
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java
new file mode 100644
index 0000000..e83aedf
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/EnclaveDestroyingException.java
@@ -0,0 +1,22 @@
+package com.alibaba.confidentialcomputing.host.exception;
+
+/**
+ * EnclaveDestroyingException {@link EnclaveDestroyingException} is thrown when exception happen
+ * during an enclave was destroying.
+ * Programmers need to handle EnclaveDestroyingException seriously.
+ */
+public class EnclaveDestroyingException extends ConfidentialComputingException {
+ /**
+ * @param info exception information.
+ */
+ public EnclaveDestroyingException(String info) {
+ super(info);
+ }
+
+ /**
+ * @param e exception.
+ */
+ public EnclaveDestroyingException(Throwable e) {
+ super(e);
+ }
+}
\ No newline at end of file
diff --git a/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java
new file mode 100644
index 0000000..dfb187c
--- /dev/null
+++ b/sdk/host/src/main/java/com/alibaba/confidentialcomputing/host/exception/ServicesLoadingException.java
@@ -0,0 +1,22 @@
+package com.alibaba.confidentialcomputing.host.exception;
+
+/**
+ * ServicesLoadingException {@link ServicesLoadingException} is thrown when exception happen
+ * during an enclave's service was loading.
+ * Programmers need to handle ServicesLoadingException seriously.
+ */
+public class ServicesLoadingException extends ConfidentialComputingException {
+ /**
+ * @param info exception information.
+ */
+ public ServicesLoadingException(String info) {
+ super(info);
+ }
+
+ /**
+ * @param e exception.
+ */
+ public ServicesLoadingException(Throwable e) {
+ super(e);
+ }
+}
\ No newline at end of file
diff --git a/sdk/pom.xml b/sdk/pom.xml
new file mode 100644
index 0000000..82b4dc3
--- /dev/null
+++ b/sdk/pom.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <artifactId>JavaEnclave</artifactId>
+ <packaging>pom</packaging>
+ <version>0.1.0</version>
+ <name>JavaEnclave</name>
+ <url></url>
+ <properties>
+ <maven.compiler.source>11</maven.compiler.source>
+ <maven.compiler.target>11</maven.compiler.target>
+ </properties>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <artifactId>enclave</artifactId>
+ <version>0.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>com.alibaba.confidentialcomputing</groupId>
+ <artifactId>host</artifactId>
+ <version>0.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>0.8.3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter-engine</artifactId>
+ <version>5.4.0</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ <modules>
+ <module>log</module>
+ <module>enclave</module>
+ <module>host</module>
+ </modules>
+</project>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org