3 stable releases

Uses new Rust 2024

new 1.0.2	Apr 14, 2025
1.0.0	Apr 10, 2025

#409 in Cryptography

115 downloads per month

MIT/Apache

185KB
5K SLoC

MLS Spec

Description

This crate is a repository of MLS / RFC9420-related data structures.

It is designed to be used as a base for implementations, and contains all the wire-format related structures to be able to build a RFC9420-compliant implementation.

Documentation

Here: https://docs.rs/mls-spec

Details

All sensitive pieces of data are wrapped in a SensitiveBytes newtype, which takes care of being zeroization-on-drop and has constant-time equality checks using subtle to make a best-effort attempt at protecting against side-channel attacks.

There's also some definitions for the follwing drafted extensions, enabled by the matching feature:

draft-ietf-mls-extensions @ draft-06
- mls-extensions has content-advertisement parsing, this pulls an additional dependency (mediatype) with this feature flag: draft-ietf-mls-extensions-content-advertisement-parse. If you do the MIME parsing yourself, you can ignore this flag.
draft-mahy-mls-ratchet-tree-options @ draft-01
draft-mahy-mls-sd-cwt-credential @ draft-00
draft-mularczyk-mls-splitcommit @ draft-00
draft-kiefer-mls-light @ draft-02

The following drafts were modified by extrapolating the current status of mls-extensions and the current status of the respective drafts:

The following are assumed that they will move from Safe Extensions to a Safe Applications Component and associated cryptographic operations (DeriveExtensionSecret => DeriveApplicationSecret etc)
- draft-kohbrok-mls-associated-parties @ draft-00++
- draft-ietf-mls-combiner @ draft-00++
The following assumes that with the disappearance of Safe WireFormats & the introduction of WireFormat negociation through [supported|required]_wire_formats, those drafts will fall back to de facto WireFormats and have been modified in accordance
- draft-mahy-mls-semiprivatemessage @ draft-04++
- draft-pham-mls-additional-wire-formats @ draft-00++

Additionally, this crate makes use of RustCrypto's tls_codec crate, and has a mls-rs compatibility layer (gated under the mls-rs-compat feature) that allows to transcode mls-spec to mls-rs types and vice-versa.

License

Licensed under either of these:

Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

Dependencies

~2–8MB
~62K SLoC