Skip to main content

Crate saorsa_mls

Crate saorsa_mls 

Source
Expand description

§Saorsa MLS - Message Layer Security Protocol (RFC 9420) with Post-Quantum Cryptography

This crate implements the Message Layer Security (MLS) protocol as specified in RFC 9420 for secure group communication, enhanced with post-quantum cryptographic algorithms for quantum resistance.

Two group planes are provided:

  • treekem_group::TreeKemGroup — the real TreeKEM plane (RFC 9420 subset): a ratchet tree with per-node ML-KEM keypairs, UpdatePath commits, key-schedule chaining and parent hashes. This delivers forward secrecy (past messages stay secure after a key compromise) and post-compromise security (the group heals after a compromise). Use this for new code.
  • MlsGroup — a legacy per-epoch group-shared-secret (GSS) plane that does not provide FS/PCS (every epoch member shares one secret). Retained for backward compatibility; see ADR-002 for the migration plan.

Both planes are post-quantum (ML-KEM, ML-DSA/SLH-DSA, ChaCha20-Poly1305, HKDF) and support end-to-end encryption and asynchronous join/leave.

§Core Components

  • treekem / key_schedule / treekem_group: the real TreeKEM stack (ratchet tree, MLS key schedule, and the TreeKemGroup API)
  • protocol: MLS protocol message structures and state machines
  • crypto: Cryptographic primitives and key derivation
  • group: the legacy GSS MlsGroup
  • member: Member identity and authentication

§Example Usage

use saorsa_mls::{MlsGroup, MemberIdentity, MemberId, GroupConfig};

// Create a new MLS group
let config = GroupConfig::default();
let creator_identity = MemberIdentity::generate(MemberId::generate())?;
let mut group = MlsGroup::new(config, creator_identity).await?;

// Add members to the group
let new_member = MemberIdentity::generate(MemberId::generate())?;
let welcome = group.add_member(&new_member).await?;

// Send encrypted messages
let message = group.encrypt_message(b"Hello, secure group!")?;
let decrypted = group.decrypt_message(&message)?;

Re-exports§

pub use api::add_member;
pub use api::group_new;
pub use api::group_new_with_config;
pub use api::recv;
pub use api::remove_member;
pub use api::send;
pub use api::Ciphertext;
pub use api::CommitOptions;
pub use api::GroupId as SimpleGroupId;
pub use api::Identity;
pub use crypto::AeadCipher;
pub use crypto::CipherSuite;
pub use crypto::CipherSuiteId;
pub use crypto::Hash;
pub use crypto::HpkeContext;
pub use crypto::KeyPair;
pub use crypto::KeySchedule;
pub use crypto::MlsAead;
pub use crypto::MlsHash;
pub use crypto::MlsKem;
pub use crypto::MlsSignature;
pub use group::GroupConfig;
pub use group::GroupId;
pub use group::GroupState;
pub use group::MlsGroup;
pub use member::Credential;
pub use member::CredentialType;
pub use member::GroupMember;
pub use member::KeyPackage;
pub use member::MemberId;
pub use member::MemberIdentity;
pub use member::MemberState;
pub use member::TrustStore;
pub use protocol::AuditLogEntry;
pub use protocol::*;

Modules§

api
Simplified API for MLS group messaging with QUIC stream integration
crypto
Cryptographic primitives for MLS using saorsa-pqc
group
key_schedule
MLS key schedule with epoch chaining (RFC 9420 §8 subset, post-quantum).
member
Member identity and key management for MLS groups
protocol
MLS protocol messages and state machine
quic_integration
QUIC stream mapping for MLS messages
treekem
Real TreeKEM ratchet tree (RFC 9420 subset, post-quantum).
treekem_group
Real TreeKEM group (phase P5 of ADR-002).

Structs§

MlsConfig
MLS configuration parameters
MlsStats
MLS statistics for monitoring
WireFormat
Wire format version for backwards compatibility

Enums§

MlsError
Errors that can occur in MLS operations

Constants§

DEFAULT_KEY_ROTATION_INTERVAL
Key rotation interval
MAX_GROUP_SIZE
Maximum group size (TreeKEM limitation)
MLS_VERSION
MLS protocol version

Type Aliases§

EpochNumber
Epoch number for group state versioning
MessageSequence
Message sequence number type
Result