Expand description
An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.
§What is MLS?
MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.
§MLS Protocol Features
- Multi-party E2EE group evolution via a propose-then-commit mechanism.
- Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
- Customizable credential system with built in support for X.509 certificates.
- Extension system allowing for application specific data to be negotiated via the protocol.
- Strong forward secrecy and post compromise security.
- Crypto agility via support for multiple cipher suites.
- Pre-shared key support.
- Subgroup branching.
- Group reinitialization for breaking changes such as protocol upgrades.
§Features
- Easy to use client interface that can manage multiple MLS identities and groups.
- 100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
- Support for WASM builds.
- Configurable storage for key packages, secrets and group state via traits along with provided “in memory” and SQLite implementations.
- Support for custom user proposal and extension types.
- Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
- OpenSSL and Rust Crypto based cipher suite implementations.
- Crypto agility with support for user defined cipher suite.
- Extensive test suite including security and interop focused tests against pre-computed test vectors.
§Crypto Providers
For cipher suite descriptions see the RFC documentation here
| Name | Cipher Suites | X509 Support |
|---|---|---|
| OpenSSL | 1-7 | Stable |
| AWS-LC | 1,2,3,5,7 | Stable |
| Rust Crypto | 1,2,3 | ⚠️ Experimental |
§Security Notice
This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.
Re-exports§
pub use crate::client::Client;pub use crate::group::mls_rules::MlsRules;pub use crate::group::Group;pub use mls_rs_codec;
Modules§
- client
- client_
builder - Definitions to build a
Client. - crypto
- Dependencies of
CryptoProviderandCipherSuiteProvider - error
- Error types.
- extension
- Extension utilities and built-in extension types.
- external_
client external_client - Tools to observe groups without being a member, useful for server implementations.
- group
- E2EE group created by a
Client. - identity
- Identity providers to use with
ClientBuilder. - mls_
rules - Dependencies of
MlsRules. - psk
- Pre-shared key support.
- storage_
provider - Storage providers to use with
ClientBuilder. - time
- WASM compatible timestamp.
Structs§
- Cipher
Suite - Wrapper type representing a ciphersuite identifier
along with default values defined by the MLS RFC. Custom ciphersuites
can be defined using a custom
CryptoProvider. - Extension
- An MLS protocol extension.
- Extension
List - A collection of MLS Extensions.
- KeyPackage
- KeyPackage
Ref - MlsMessage
- A MLS protocol message for sending data over the wire.
- Protocol
Version - Wrapper type representing a protocol version identifier.
Enums§
- MlsMessage
Description - Wire
Format - Content description of an
MlsMessage
Traits§
- Cipher
Suite Provider - Provides all cryptographic operations required by MLS for a given cipher suite.
- Crypto
Provider - Provides implementations for several ciphersuites via
CipherSuiteProvider. - Group
State Storage - Storage that can persist and reload a group state.
- Identity
Provider - Identity system that can be used to validate a
SigningIdentity - KeyPackage
Storage - Storage trait that maintains key package secrets.
- PreShared
KeyStorage - Storage trait to maintain a set of pre-shared key values.