22 releases (9 breaking)

new 0.43.0 Nov 20, 2024
0.42.0 Oct 23, 2024
0.41.0 Jul 24, 2024
0.39.0 Mar 26, 2024
0.35.0 Nov 20, 2023

#277 in Cryptography

Download history 124/week @ 2024-07-31 54/week @ 2024-08-07 118/week @ 2024-08-14 120/week @ 2024-08-21 44/week @ 2024-08-28 83/week @ 2024-09-11 197/week @ 2024-09-18 86/week @ 2024-09-25 9/week @ 2024-10-02 3/week @ 2024-10-09 2/week @ 2024-10-16 134/week @ 2024-10-23 11/week @ 2024-10-30 232/week @ 2024-11-06 62/week @ 2024-11-13

440 downloads per month
Used in 2 crates

Apache-2.0 OR MIT

1.5MB
37K SLoC

mls-rs   Build Status Latest Version API Documentation codecov

An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.

What is MLS?

MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.

MLS Protocol Features

  • Multi-party E2EE group evolution via a propose-then-commit mechanism.
  • Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
  • Customizable credential system with built in support for X.509 certificates.
  • Extension system allowing for application specific data to be negotiated via the protocol.
  • Strong forward secrecy and post compromise security.
  • Crypto agility via support for multiple cipher suites.
  • Pre-shared key support.
  • Subgroup branching.
  • Group reinitialization for breaking changes such as protocol upgrades.

Features

  • Easy to use client interface that can manage multiple MLS identities and groups.
  • 100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
  • Support for WASM builds.
  • Configurable storage for key packages, secrets and group state via traits along with provided "in memory" and SQLite implementations.
  • Support for custom user proposal and extension types.
  • Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
  • OpenSSL and Rust Crypto based cipher suite implementations.
  • Crypto agility with support for user defined cipher suite.
  • Extensive test suite including security and interop focused tests against pre-computed test vectors.

Crypto Providers

For cipher suite descriptions see the RFC documentation here

Name Cipher Suites X509 Support
OpenSSL 1-7 Stable
AWS-LC 1,2,3,5,7 Stable
Rust Crypto 1,2,3 ⚠️ Experimental
Web Crypto ⚠️ Experimental 2,5,7 Unsupported
CryptoKit 1,2,3,5,7 Unsupported

Security Notice

This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.

License

This library is licensed under the Apache-2.0 or the MIT License.

Dependencies

~2.3–8.5MB
~152K SLoC