1# mls-rs   [![Build Status]][actions] [![Latest Version]][crates.io] [![API Documentation]][docs.rs] [![codecov](https://codecov.io/gh/awslabs/mls-rs/graph/badge.svg?token=6655ESMTZT)](https://codecov.io/gh/awslabs/mls-rs)
2
3[build status]: https://img.shields.io/github/checks-status/awslabs/mls-rs/main
4[actions]: https://github.com/awslabs/mls-rs/actions?query=branch%3Amain++
5[latest version]: https://img.shields.io/crates/v/mls-rs.svg
6[crates.io]: https://crates.io/crates/mls-rs
7[api documentation]: https://docs.rs/mls-rs/badge.svg
8[docs.rs]: https://docs.rs/mls-rs
9
10<!-- cargo-sync-readme start -->
11
12An implementation of the [IETF Messaging Layer Security](https://messaginglayersecurity.rocks)
13end-to-end encryption (E2EE) protocol.
14
15## What is MLS?
16
17MLS is a new IETF end-to-end encryption standard that is designed to
18provide transport agnostic, asynchronous, and highly performant
19communication between a group of clients.
20
21## MLS Protocol Features
22
23- Multi-party E2EE [group evolution](https://www.rfc-editor.org/rfc/rfc9420.html#name-cryptographic-state-and-evo)
24  via a propose-then-commit mechanism.
25- Asynchronous by design with pre-computed [key packages](https://www.rfc-editor.org/rfc/rfc9420.html#name-key-packages),
26  allowing members to be added to a group while offline.
27- Customizable credential system with built in support for X.509 certificates.
28- [Extension system](https://www.rfc-editor.org/rfc/rfc9420.html#name-extensions)
29  allowing for application specific data to be negotiated via the protocol.
30- Strong forward secrecy and post compromise security.
31- Crypto agility via support for multiple [cipher suites](https://www.rfc-editor.org/rfc/rfc9420.html#name-cipher-suites).
32- Pre-shared key support.
33- Subgroup branching.
34- Group reinitialization for breaking changes such as protocol upgrades.
35
36## Features
37
38- Easy to use client interface that can manage multiple MLS identities and groups.
39- 100% RFC 9420 conformance with support for all default credential, proposal,
40  and extension types.
41- Support for WASM builds.
42- Configurable storage for key packages, secrets and group state
43  via traits along with provided "in memory" and SQLite implementations.
44- Support for custom user proposal and extension types.
45- Ability to create user defined credentials with custom validation
46  routines that can bridge to existing credential schemes.
47- OpenSSL and Rust Crypto based cipher suite implementations.
48- Crypto agility with support for user defined cipher suite.
49- Extensive test suite including security and interop focused tests against
50  pre-computed test vectors.
51
52## Crypto Providers
53
54For cipher suite descriptions see the RFC documentation [here](https://www.rfc-editor.org/rfc/rfc9420.html#name-mls-cipher-suites)
55
56| Name        | Cipher Suites | X509 Support    |
57| ----------- | ------------- | --------------- |
58| OpenSSL     | 1-7           | Stable          |
59| AWS-LC      | 1,2,3,5,7     | Stable          |
60| Rust Crypto | 1,2,3         | ⚠️ Experimental |
61| Web Crypto  | ⚠️ Experimental 2,5,7 | Unsupported |
62
63## Security Notice
64
65This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.
66
67<!-- cargo-sync-readme end -->
68
69## License
70
71This library is licensed under the Apache-2.0 or the MIT License.
72