Expand description
§MLS Spec
§Description
This crate is a repository of MLS / RFC9420-related data structures.
It is designed to be used as a base for implementations, and contains all the wire-format related structures to be able to build a RFC9420-compliant implementation.
§Documentation
Here: https://docs.rs/mls-spec
§Details
All sensitive pieces of data are wrapped in a SensitiveBytes newtype, which takes care of being zeroization-on-drop
and has constant-time equality checks using subtle to make a best-effort attempt at protecting against side-channel attacks.
There’s also some definitions for the follwing drafted extensions, enabled by the matching feature:
draft-ietf-mls-extensions@ draft-06mls-extensionshas content-advertisement parsing, this pulls an additional dependency (mediatype) with this feature flag:draft-ietf-mls-extensions-content-advertisement-parse. If you do the MIME parsing yourself, you can ignore this flag.
draft-mahy-mls-ratchet-tree-options@ draft-01draft-mahy-mls-sd-cwt-credential@ draft-00draft-mularczyk-mls-splitcommit@ draft-00draft-kiefer-mls-light@ draft-02
The following drafts were modified by extrapolating the current status of mls-extensions and the current status of the respective drafts:
- The following are assumed that they will move from Safe Extensions to a Safe Applications Component and associated cryptographic operations (
DeriveExtensionSecret=>DeriveApplicationSecretetc)draft-kohbrok-mls-associated-parties@ draft-00++draft-ietf-mls-combiner@ draft-00++
- The following assumes that with the disappearance of Safe WireFormats & the introduction of WireFormat negociation through
[supported|required]_wire_formats, those drafts will fall back to de facto WireFormats and have been modified in accordancedraft-mahy-mls-semiprivatemessage@ draft-04++draft-pham-mls-additional-wire-formats@ draft-00++
Please note that all the drafts are semver-excluded.
Additionally, this crate makes use of RustCrypto’s tls_codec crate, and has a mls-rs compatibility layer (gated under the mls-rs-compat feature)
that allows to transcode mls-spec to mls-rs types and vice-versa.
§License
Licensed under either of these:
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
Modules§
- credential
- crypto
- defs
- drafts
- group
- key_
package - key_
schedule - messages
- mls_
rs_ compat mls-rs-compat - reexports
- tlspl
tlspl-utils - tree
Structs§
- Sensitive
Bytes - Container that ser/deserializes to TLS Variable-Length bytes and implements zeroizing & constant-time equality checks
Enums§
Traits§
- Authentication
Service Delegate - Delegate trait for implementors to implement spec-compliant validation of credentials with their Authentication Service (MLS AS)
- Parsable
- Trait that exposes TLS deserialization
- Serializable
- Trait that exposes TLS serialization
- ToPrefixed
Label - This trait allows implementers to automatically get a MLS-specific representation that takes in account protocol versions and the label format.