c615142 Migrate 25 crates to monorepo by James Farrell · 4 months ago main
9b22caf Add patch for license and make crate match archive contents. by James Farrell · 4 months ago
c131112 Update Android.bp by running cargo_embargo am: 332a75e471 by James Farrell · 6 months ago
332a75e Update Android.bp by running cargo_embargo by James Farrell · 6 months ago
42c6149 Update Android.bp by running cargo_embargo am: 2415580c0a am: 119cd42728 by James Farrell · 8 months ago android15-tests-dev aml_art_350913340 aml_art_351011240 aml_art_351011340 aml_art_351110180 aml_cbr_350910020 aml_cbr_351011020 aml_doc_350915120 aml_doc_351012120 aml_ext_350912020 aml_hef_350921160 aml_hef_351016140 aml_med_350914000 aml_med_351010060 aml_net_350911020 aml_net_351010000 aml_net_351010020 aml_per_350910080 aml_per_351014000 aml_res_351011000 aml_rkp_350910000 aml_rkp_351011000 aml_sdk_350910000 aml_sta_350911020 aml_tet_350911120 aml_tet_351010220 aml_uwb_350911040 aml_uwb_351011040 aml_wif_350912040 aml_wif_351010040

mls-rs

An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.

What is MLS?

MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.

MLS Protocol Features

Multi-party E2EE group evolution via a propose-then-commit mechanism.
Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
Customizable credential system with built in support for X.509 certificates.
Extension system allowing for application specific data to be negotiated via the protocol.
Strong forward secrecy and post compromise security.
Crypto agility via support for multiple cipher suites.
Pre-shared key support.
Subgroup branching.
Group reinitialization for breaking changes such as protocol upgrades.

Features

Easy to use client interface that can manage multiple MLS identities and groups.
100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
Support for WASM builds.
Configurable storage for key packages, secrets and group state via traits along with provided “in memory” and SQLite implementations.
Support for custom user proposal and extension types.
Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
OpenSSL and Rust Crypto based cipher suite implementations.
Crypto agility with support for user defined cipher suite.
Extensive test suite including security and interop focused tests against pre-computed test vectors.

Crypto Providers

For cipher suite descriptions see the RFC documentation here

Name	Cipher Suites	X509 Support
OpenSSL	1-7	Stable
AWS-LC	1,2,3,5,7	Stable
Rust Crypto	1,2,3	⚠️ Experimental
Web Crypto	⚠️ Experimental 2,5,7	Unsupported

Security Notice

This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.

License

This library is licensed under the Apache-2.0 or the MIT License.

Bug: 330708876

Branches

Tags