1# mls-rs   [![Build Status]][actions] [![Latest Version]][crates.io] [![API Documentation]][docs.rs] [](https://codecov.io/gh/awslabs/mls-rs) 2 3[build status]: https://img.shields.io/github/checks-status/awslabs/mls-rs/main 4[actions]: https://github.com/awslabs/mls-rs/actions?query=branch%3Amain++ 5[latest version]: https://img.shields.io/crates/v/mls-rs.svg 6[crates.io]: https://crates.io/crates/mls-rs 7[api documentation]: https://docs.rs/mls-rs/badge.svg 8[docs.rs]: https://docs.rs/mls-rs 9 10<!-- cargo-sync-readme start --> 11 12An implementation of the [IETF Messaging Layer Security](https://messaginglayersecurity.rocks) 13end-to-end encryption (E2EE) protocol. 14 15## What is MLS? 16 17MLS is a new IETF end-to-end encryption standard that is designed to 18provide transport agnostic, asynchronous, and highly performant 19communication between a group of clients. 20 21## MLS Protocol Features 22 23- Multi-party E2EE [group evolution](https://www.rfc-editor.org/rfc/rfc9420.html#name-cryptographic-state-and-evo) 24 via a propose-then-commit mechanism. 25- Asynchronous by design with pre-computed [key packages](https://www.rfc-editor.org/rfc/rfc9420.html#name-key-packages), 26 allowing members to be added to a group while offline. 27- Customizable credential system with built in support for X.509 certificates. 28- [Extension system](https://www.rfc-editor.org/rfc/rfc9420.html#name-extensions) 29 allowing for application specific data to be negotiated via the protocol. 30- Strong forward secrecy and post compromise security. 31- Crypto agility via support for multiple [cipher suites](https://www.rfc-editor.org/rfc/rfc9420.html#name-cipher-suites). 32- Pre-shared key support. 33- Subgroup branching. 34- Group reinitialization for breaking changes such as protocol upgrades. 35 36## Features 37 38- Easy to use client interface that can manage multiple MLS identities and groups. 39- 100% RFC 9420 conformance with support for all default credential, proposal, 40 and extension types. 41- Support for WASM builds. 42- Configurable storage for key packages, secrets and group state 43 via traits along with provided "in memory" and SQLite implementations. 44- Support for custom user proposal and extension types. 45- Ability to create user defined credentials with custom validation 46 routines that can bridge to existing credential schemes. 47- OpenSSL and Rust Crypto based cipher suite implementations. 48- Crypto agility with support for user defined cipher suite. 49- Extensive test suite including security and interop focused tests against 50 pre-computed test vectors. 51 52## Crypto Providers 53 54For cipher suite descriptions see the RFC documentation [here](https://www.rfc-editor.org/rfc/rfc9420.html#name-mls-cipher-suites) 55 56| Name | Cipher Suites | X509 Support | 57| ----------- | ------------- | --------------- | 58| OpenSSL | 1-7 | Stable | 59| AWS-LC | 1,2,3,5,7 | Stable | 60| Rust Crypto | 1,2,3 | ⚠️ Experimental | 61| Web Crypto | ⚠️ Experimental 2,5,7 | Unsupported | 62 63## Security Notice 64 65This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party. 66 67<!-- cargo-sync-readme end --> 68 69## License 70 71This library is licensed under the Apache-2.0 or the MIT License. 72