1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
//! End-to-end encrypted, mutually authenticated, secure communication.
//!
//! _[A hands-on guide 👉][e2ee-rust-guide]_.
//!
//! Data, within modern distributed applications, are rarely exchanged over a single point-to-point
//! transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol
//! routes — _across data centers, through queues and caches, via gateways and brokers_ — before reaching
//! their end destination.
//!
//! Transport layer security protocols are unable to protect application messages because their protection
//! is constrained by the length and duration of the underlying transport connection.
//!
//! Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity,
//! and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine
//! or application within the same, usually porous, network boundary. Our application's messages don't have
//! to be vulnerable at every point, along their journey, where a transport connection terminates.
//!
//! Instead, our application can have a strikingly smaller vulnerability surface and easily make
//! _granular authorization decisions about all incoming information and commands._
//!
//! ## Features
//!
//! * End-to-end encrypted, mutually authenticated _secure channels_.
//! * Multi-hop, multi-transport, application layer routing.
//! * Key establishment, rotation, and revocation - _for fleets, at scale_.
//! * Lightweight, Concurrent, Stateful Workers that enable _simple APIs_.
//! * Attribute-based Access Control - credentials with _selective disclosure_.
//! * Add-ons for a variety of operating environments, transport protocols, and _cryptographic hardware_.
//!
//! ## Documentation
//!
//! Tutorials, examples and reference guides are available at [docs.ockam.io](https://docs.ockam.io).
//!
//! [e2ee-rust-guide]: https://docs.ockam.io/reference/libraries/rust
#![deny(unsafe_code)]
#![warn(
missing_docs,
trivial_casts,
trivial_numeric_casts,
unused_import_braces,
unused_qualifications
)]
#![cfg_attr(not(feature = "std"), no_std)]
#[cfg(feature = "alloc")]
#[macro_use]
extern crate alloc;
#[cfg(feature = "std")]
extern crate core;
#[macro_use]
extern crate tracing;
pub use error::OckamError;
pub use metadata::OckamMessage;
pub use node::*;
#[cfg(feature = "std")]
pub use ockam_abac as abac;
/// Mark an Ockam Processor implementation.
///
/// This is currently implemented as a re-export of the `async_trait` macro, but
/// may be changed in the future to a [`Processor`](crate::Processor)-specific macro.
pub use ockam_core::processor;
/// Mark an Ockam Worker implementation.
///
/// This is currently implemented as a re-export of the `async_trait` macro, but
/// may be changed in the future to a [`Worker`](crate::Worker)-specific macro.
pub use ockam_core::worker;
pub use ockam_core::{
allow, deny, errcode, route, Address, Any, AsyncTryClone, Encoded, Error, LocalMessage,
Mailbox, Mailboxes, Message, Processor, ProtocolId, Result, Route, Routed, TransportMessage,
Worker,
};
pub use ockam_identity as identity;
// ---
// Export the ockam macros that aren't coming from ockam_core.
pub use ockam_macros::{node, test};
// Export node implementation
#[cfg(feature = "std")]
pub use ockam_node::database::*;
pub use ockam_node::{
debugger, Context, DelayedEvent, Executor, MessageReceiveOptions, MessageSendReceiveOptions,
NodeBuilder, WorkerBuilder,
};
#[cfg(feature = "ockam_transport_tcp")]
pub use ockam_transport_tcp::{
TcpConnectionOptions, TcpInletOptions, TcpListenerOptions, TcpOutletOptions, TcpTransport,
TcpTransportExtension,
};
pub use relay_service::{RelayService, RelayServiceOptions};
pub use system::{SystemBuilder, SystemHandler, WorkerSystem};
pub use unique::unique_with_prefix;
// ---
// ---
mod delay;
mod error;
mod metadata;
mod monotonic;
mod relay_service;
mod system;
mod unique;
pub mod channel;
pub mod pipe;
pub mod pipe2;
pub mod protocols;
pub mod remote;
pub mod stream;
pub mod workers;
/// Access Control
pub mod access_control {
pub use ockam_core::access_control::*;
pub use ockam_identity::secure_channel::access_control::*;
}
/// Flow Controls
pub mod flow_control {
pub use ockam_core::flow_control::*;
}
// TODO: think about how to handle this more. Probably extract these into an
// `ockam_compat` crate.
pub mod compat {
//! Compatibility adapter, mostly for `no_std` use.
//!
//! Most user code should not use these types.
pub use ockam_core::compat::*;
pub use ockam_node::compat::*;
pub use ockam_node::tokio;
}
#[cfg(feature = "ockam_vault")]
pub mod vault {
//! Types and traits relating to ockam vaults.
pub use ockam_vault::*;
#[cfg(feature = "storage")]
/// Storage
pub mod storage {
pub use ockam_vault::storage::*;
}
}
/// List of all top-level services
pub mod node;