Skip to main content

Crate saorsa_mls

Crate saorsa_mls 

Source
Expand description

§Saorsa MLS - Message Layer Security Protocol (RFC 9420) with Post-Quantum Cryptography

This crate implements the Message Layer Security (MLS) protocol as specified in RFC 9420 for secure group communication, enhanced with post-quantum cryptographic algorithms for quantum resistance.

MLS provides:

  • End-to-end encryption for group messaging
  • Forward secrecy - past messages remain secure even if keys are compromised
  • Post-compromise security - the group can heal after a compromise
  • Asynchronous group management - members can join/leave without real-time coordination
  • Scalable tree-based key derivation using TreeKEM

§Core Components

  • protocol: MLS protocol message structures and state machines
  • crypto: Cryptographic primitives and key derivation
  • group: Group state management and TreeKEM operations
  • member: Member identity and authentication

§Example Usage

use saorsa_mls::{MlsGroup, MemberIdentity, MemberId, GroupConfig};

// Create a new MLS group
let config = GroupConfig::default();
let creator_identity = MemberIdentity::generate(MemberId::generate())?;
let mut group = MlsGroup::new(config, creator_identity).await?;

// Add members to the group
let new_member = MemberIdentity::generate(MemberId::generate())?;
let welcome = group.add_member(&new_member).await?;

// Send encrypted messages
let message = group.encrypt_message(b"Hello, secure group!")?;
let decrypted = group.decrypt_message(&message)?;

Re-exports§

pub use api::add_member;
pub use api::group_new;
pub use api::group_new_with_config;
pub use api::recv;
pub use api::remove_member;
pub use api::send;
pub use api::Ciphertext;
pub use api::CommitOptions;
pub use api::GroupId as SimpleGroupId;
pub use api::Identity;
pub use crypto::AeadCipher;
pub use crypto::CipherSuite;
pub use crypto::CipherSuiteId;
pub use crypto::Hash;
pub use crypto::HpkeContext;
pub use crypto::KeyPair;
pub use crypto::KeySchedule;
pub use crypto::MlsAead;
pub use crypto::MlsHash;
pub use crypto::MlsKem;
pub use crypto::MlsSignature;
pub use group::GroupConfig;
pub use group::GroupId;
pub use group::GroupState;
pub use group::MlsGroup;
pub use member::Credential;
pub use member::CredentialType;
pub use member::GroupMember;
pub use member::KeyPackage;
pub use member::MemberId;
pub use member::MemberIdentity;
pub use member::MemberState;
pub use member::TrustStore;
pub use protocol::AuditLogEntry;
pub use protocol::*;

Modules§

api
Simplified API for MLS group messaging with QUIC stream integration
crypto
Cryptographic primitives for MLS using saorsa-pqc
group
member
Member identity and key management for MLS groups
protocol
MLS protocol messages and state machine
quic_integration
QUIC stream mapping for MLS messages

Structs§

MlsConfig
MLS configuration parameters
MlsStats
MLS statistics for monitoring
WireFormat
Wire format version for backwards compatibility

Enums§

MlsError
Errors that can occur in MLS operations

Constants§

DEFAULT_KEY_ROTATION_INTERVAL
Key rotation interval
MAX_GROUP_SIZE
Maximum group size (TreeKEM limitation)
MLS_VERSION
MLS protocol version

Type Aliases§

EpochNumber
Epoch number for group state versioning
MessageSequence
Message sequence number type
Result