An implementation of Messaging Layer Security (RFC 9420)

Related tags

Miscellaneous mls-rs
Overview

mls-rs   Build Status Latest Version API Documentation

An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.

What is MLS?

MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.

MLS Protocol Features

  • Multi-party E2EE group evolution via a propose-then-commit mechanism.
  • Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
  • Customizable credential system with built in support for X.509 certificates.
  • Extension system allowing for application specific data to be negotiated via the protocol.
  • Strong forward secrecy and post compromise security.
  • Crypto agility via support for multiple cipher suites.
  • Pre-shared key support.
  • Subgroup branching.
  • Group reinitialization for breaking changes such as protocol upgrades.

Features

  • Easy to use client interface that can manage multiple MLS identities and groups.
  • 100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
  • Support for WASM builds.
  • Configurable storage for key packages, secrets and group state via traits along with provided "in memory" and SQLite implementations.
  • Support for custom user proposal and extension types.
  • Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
  • OpenSSL and Rust Crypto based cipher suite implementations.
  • Crypto agility with support for user defined cipher suite.
  • Extensive test suite including security and interop focused tests against pre-computed test vectors.

Crypto Providers

For cipher suite descriptions see the RFC documentation here

Name Cipher Suites X509 Support
OpenSSL 1-7 Stable
AWS-LC 1,2,3,5,7 Stable
Rust Crypto 1,2,3 ⚠️ Experimental

Security Notice

This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.

License

This library is licensed under the Apache-2.0 or the MIT License.

Comments
  • Remove features deemed unnecessary

    Remove features deemed unnecessary

    Issues:

    Resolves #5

    Description of changes:

    There is no behavior change. This PR removes some cargo features which are now considered always on (if their dependencies are on too).

    • external_proposal was replaced by the by_ref_proposal feature it depends on in mls-rs. In other crates, the guards were removed.
    • external_commit was removed.
    • all_extensions was removed.

    Call-outs:

    N/A

    Testing:

    Parts of CI run locally, including tests.

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT license.

    opened by stefunctional 1
  • Crates.io build issues

    Crates.io build issues

    1. Readme is out of date due to not syncing with lib.rs
    2. Circular dependency in duplicate tests between the HPKE crate and the crypto crates that implement it
    3. Invalid metadata in the rust crypto provider
    4. Invalid link in build badge
    opened by tomleavy 0
  • Remove wildcard versions and ensure all dependencies have a version requirement

    Remove wildcard versions and ensure all dependencies have a version requirement

    In preparation to publish to crates.io.

    Issues:

    Resolves #12

    Description of changes:

    Just a version requirement update.

    Call-outs:

    N/A

    Testing:

    Built.

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT license.

    opened by stefunctional 0
  • Dependencies with a wildcard version requirement need to specify a version number

    Dependencies with a wildcard version requirement need to specify a version number

    Problem:

    crates.io does not allow dependency versions specified as *. E.g. in mls-rs/Cargo.toml:

    mls-rs-core = { path = "../mls-rs-core", default-features = false, version = "*" }
    

    Solution:

    Wildcard version requirements need to be changed to version numbers.

    Requirements / Acceptance Criteria:

    Our crates can be published to crates.io.

    Out of scope:

    N/A

    opened by stefunctional 0
  • Update docs.rs configuration and readme

    Update docs.rs configuration and readme

    Issues:

    Resolves #6

    Description of changes:

    Added the necessary flags to support docs.rs + feature flags for the mls-rs crate

    Call-outs:

    Specifically did not look at the other crates, maybe some follow up work there later.

    Testing:

    The documentation with feature labeling can be generated following the instructions here

    opened by tomleavy 0
  • Use rayon when generating welcome message

    Use rayon when generating welcome message

    Description of changes:

    • Group secrets are encrypted in parallel.
    • The group_add benchmark doesn't encrypt the tree in the welcome message, which is a more common use case.
    • The group_add benchmark is added to CI.

    Testing:

    Run cargo bench --features benchmark_util --bench group_add locally on an M1 MAC. For 1000 adds the result is

    • main : 419.84 ms
    • after this PR but encrypting the tree : 174.00 ms (= 42% of 419.84ms)
    • after this PR : 155.88ms

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT license.

    opened by mulmarta 0
  • Add tests for interoperability between different sets of features

    Add tests for interoperability between different sets of features

    Description of changes:

    Also fix 2 bugs found by the tests:

    • The context extensions were not updated without the by_ref_proposal feature
    • The GroupSecrets struct was serialized incorrectly without the psk feature -- the psks list was omitted instead of set to empty list. (Trying to process a commit/welcome with PSKs while not using the psk feature will always fail, at latest with "invalid confirmation tag".)

    configs were adjusted from https://github.com/mlswg/mls-implementations/tree/main/interop/configs to work with all feature sets.

    Testing:

    The CI runs the new tests.

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT license.

    opened by mulmarta 0
  • Remove some features deemed not worth it

    Remove some features deemed not worth it

    Description of feature:

    The size reduction offered by turning off the features external_proposal, external_commit or all_extensions, was not deemed worth the added complexity.

    Use case:

    Somewhat simpler code and easier maintenance.

    opened by stefunctional 0
  • Add issue templates, codeowners and code of conduct

    Add issue templates, codeowners and code of conduct

    Issue #, if available: Resolves #1

    Description of changes:

    Added codeowners, issue temples, and code of conduct

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tomleavy 0
  • Adjust HPKE tests in mls-rs-core

    Adjust HPKE tests in mls-rs-core

    We had a set of duplicate tests, one in HPKE and another in core which is used to determine if a crypto provider is meeting the standard properly. We should replace the test vector data in the currently active test within mls-rs-core with the one that was previously used in mls-rs-hpke

    opened by tomleavy 0
Owner
Amazon Web Services - Labs
AWS Labs
Amazon Web Services - Labs
Use explicit container types with Scrypto! Leverage the Rust compiler's type checking to increase security and productivity when developing Radix blueprints.

Scrypto Static Types Use explicit container types with Scrypto! Leverage the Rust compiler's type checking to increase security and productivity when

null 7 Aug 5, 2022
unFlow is a Design as Code implementation, a DSL for UX & backend modeling. DSL to Sketch file, Sketch to DSL, DSL to code.

unflow 是一个低代码、无代码设计语言。unFlow is a Design as Code implementation, a DSL for UX & backend modeling. DSL to Sketch file, Sketch to DSL, DSL to code.

Inherd OS Team (硬核开源小组) 70 Nov 27, 2022
The official rust implementation of the SpamProtectionBot API

SpamProtection-rs Table of contents About Supported Rust version Features How to use Credits License About SpamProtection-Rust is a Rust wrapper for I

Intellivoid 0 Feb 26, 2022
RusTiny -- A Rust implementation of Tiny+ language

RusTiny -- A Rust implementation of Tiny+ language 编译器实践 基本要求: 参考《编译原理及实践》的TINY语言编译器(已上传到群中)完成TINY+ 语言(见附录 A)的解释器:即给定满足 TINY+语言的源代码输入,你的解 释器可以给出对其的解释执

M4tsuri 2 May 22, 2022
kindly is a simple Rust implementation of a set-user-ID-root program, similar to sudo but in a much reduced way.

kindly is a simple Rust implementation of a set-user-ID-root program, similar to sudo but in a much reduced way.

Vinícius Miguel 26 Dec 5, 2022
A minimal RedDSA implementation for use in Zebra and zcashd.

A minimal RedDSA implementation for use in Zcash. Two specializations of RedDSA are used in Zcash: RedJubjub and RedPallas. For each of these, two par

Zcash Foundation 3 Jul 30, 2022
An implementation of Joker Calculus in Rust

Joker Calculus An implementation of Joker Calculus in Rust Based on paper Joker Calculus, by Daniel Fischer, William Alexander Morris and Sven Nilsen

AdvancedResearch 4 Jan 17, 2022
A language server implementation for the WGSL shading language

wgsl-analyzer wgsl-analyzer is a language server plugin for the WGSL Shading language. It comes with a VS Code plugin located in ./editors/code, but d

null 155 Jan 2, 2023
dustls, a pure-rust DTLS implementation

dustls, a pure-rust DTLS implementation A DTLSv1.2 implementation in Rust, reusing rustls for cryptographic primitives and most message payload format

Jonathan de Jong 10 Nov 28, 2022
Default implementation of the Wayland protocol for use with wl

Wayland An implementation of core Wayland interfaces and convenience functions for accelerating the development of Wayland clients and servers using t

AidoP 1 Jan 24, 2022
Mild RSA implementation written in Rust for a class.

rust_rsa About this repo This is my Rust implementation of the RSA encryption standard, based on this book. This is for my CS 3000 - Advanced Algorith

Star 0 May 6, 2022
A clean implementation of Reso using Rust.

A clean implementation of Reso using Rust. The principle of Reso Rust is almost identical to Reso, only missing some functionality

Matas Minelga 12 Nov 26, 2022
An experimental implementation of gitbom in Rust

gitbom-rs "An experimental implementation of GitBOM in Rust" NOTICE: This project is still a work in progress and is not ready for any use beyond expe

GitBOM 9 Sep 1, 2022
RusTTS is an unofficial Coqui TTS implementation

RusTTS RusTTS is an unofficial Coqui TTS implementation. Currently, only the YourTTS for VC has been implemented. So, feel free to contribute us to ma

Ho Kim 13 Sep 12, 2022
An implementation of Code Generation and Factoring for Fast Evaluation of Low-order Spherical Harmonic Products and Squares

sh_product An implementation of Code Generation and Factoring for Fast Evaluation of Low-order Spherical Harmonic Products and Squares (paper by John

Simon Brown 7 Dec 2, 2022
Rust implementation for parsing StarCraft .chk files.

bwmap Rust implementation for parsing StarCraft .chk files. bounding.net uses this library to parse StarCraft and StarCraft: Brood War maps and store

null 8 Dec 19, 2022
🦀🚀🔥 A blazingly fast and memory-efficient implementation of `if err != nil` 🔥🚀🦀

?????? A blazingly fast and memory-efficient implementation of `if err != nil` ??????

Federico Damián Schonborn 6 Dec 30, 2022
A Litecord compatible/inspired OSS implementation of Discord's backend for fun and profit.

A Litecord compatible/inspired OSS implementation of Discord's backend for fun and profit.

Evie Viau 3 May 9, 2022
A simple, stable and thread-safe implementation of a lazy value

Laizy Laizy is a Rust library that provides a simple, stable and thread-safe implementation of a Lazy Features Name Description Dependencies nightly A

Alex 5 May 15, 2022