Expand description
An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.
§What is MLS?
MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.
§MLS Protocol Features
- Multi-party E2EE group evolution via a propose-then-commit mechanism.
- Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
- Customizable credential system with built in support for X.509 certificates.
- Extension system allowing for application specific data to be negotiated via the protocol.
- Strong forward secrecy and post compromise security.
- Crypto agility via support for multiple cipher suites.
- Pre-shared key support.
- Subgroup branching.
- Group reinitialization for breaking changes such as protocol upgrades.
§Features
- Easy to use client interface that can manage multiple MLS identities and groups.
- 100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
- Support for WASM builds.
- Configurable storage for key packages, secrets and group state via traits along with provided “in memory” and SQLite implementations.
- Support for custom user proposal and extension types.
- Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
- OpenSSL and Rust Crypto based cipher suite implementations.
- Crypto agility with support for user defined cipher suite.
- Extensive test suite including security and interop focused tests against pre-computed test vectors.
§Crypto Providers
For cipher suite descriptions see the RFC documentation here
Name | Cipher Suites | X509 Support |
---|---|---|
OpenSSL | 1-7 | Stable |
AWS-LC | 1,2,3,5,7 | Stable |
Rust Crypto | 1,2,3 | ⚠️ Experimental |
§Security Notice
This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.
Re-exports§
pub use crate::client::Client;
pub use crate::group::mls_rules::MlsRules;
pub use crate::group::Group;
pub use mls_rs_codec;
Modules§
- Definitions to build a
Client
. - Dependencies of
CryptoProvider
andCipherSuiteProvider
- Error types.
- Extension utilities and built-in extension types.
- external_
client external_client
Tools to observe groups without being a member, useful for server implementations. - E2EE group created by a
Client
. - Identity providers to use with
ClientBuilder
. - Dependencies of
MlsRules
. - Pre-shared key support.
- Storage providers to use with
ClientBuilder
. - WASM compatible timestamp.
Structs§
- Wrapper type representing a ciphersuite identifier along with default values defined by the MLS RFC. Custom ciphersuites can be defined using a custom
CryptoProvider
. - An MLS protocol extension.
- A collection of MLS Extensions.
- A MLS protocol message for sending data over the wire.
- Wrapper type representing a protocol version identifier.
Enums§
- Content description of an
MlsMessage
Traits§
- Provides all cryptographic operations required by MLS for a given cipher suite.
- Provides implementations for several ciphersuites via
CipherSuiteProvider
. - Storage that can persist and reload a group state.
- Identity system that can be used to validate a
SigningIdentity
- Storage trait that maintains key package secrets.
- Storage trait to maintain a set of pre-shared key values.