OpenMLS

OpenMLS saw some significant improvements last month! We tackled several bugs and introduced two key features: a helper to streamline fork resolution (#1731) and the much-requested ability to rotate signature keys (#1735). Additionally, a big thank you to @wysiwys for contributing a new set of helpers that will make writing tests significantly easier. We’re particularly excited about the fork resolution helper, and we’ll be diving deeper into the intricacies of this issue and its solution in a dedicated blog post coming soon. ...

February was as quiet month with some bug fixes and new tests. We are also happy to welcome 2 new contributors @wysiwys, and @shishkin 🎉 Merged PRs February 2025 #1719: add cname to gh-pages action #1717: Test duplicate signature key detection is not bypassed #1715: Fix x25519-dalek crate link in README #1704: Add support for SelfRemove proposals Contributors @franziskuskiefer @kkohbrok @wysiwys @shishkin

January was focused on bug fixes and finishing the implementation and description of validation checks #1702. We are also happy to welcome 3 new contributors @Gusted, @sandr01d, and @rozbb. Merged PRs January 2025 #1713: Drop dead code in signature.rs #1706: Update labeler.yml #1705: Add annotations for valn0306 #1703: fix: clear update proposals when a remove proposal is present for a given leaf #1702: Annotate and fix missing validation checks, including ones we hadn’t catalogued before #1701: fix: use “?” instead of match statement in cli #1700: Change error in MemoryStorage and result handling in OpenMLS #1699: Fixed openmls_rust_crypto build with test-utils feature #1698: fix: typos in quick start #1697: update dependencies #1696: Delete .github/workflows/interop.yml #1693: Improve log2 function #1682: Sqlite storage provider crate Contributors @Gusted @sandr01d @keks @rozbb @franziskuskiefer @kkohbrok

Happy new year! 🍾 In the last month of 2024 we merged 4 PRs into OpenMLS. We fixed a bug where credential lookup may have failed in certain cases (#1691) and improved semantic message validation to make OpenMLS even safer. Merged PRs December 2024 #1694: Add Validation Comments and Fix Application Message Epoch #1692: update dependencies #1691: Correctly Look Up Credentials and Public Keys for Members for Previous Epochs #1688: Fix Typo and add GroupContextExtension example for Unknown Extensions Contributors @franziskuskiefer @raphaelrobert @keks

In November we merged 9 PRs into OpenMLS. A major change has been the addition of a commit builder in #1675. The commit builder makes creating commits more convenient as you can see in the example below. let message_bundle = alice_group .commit_builder() .propose_adds(Some(bob_key_package.key_package().clone())) .load_psks(provider.storage()) .expect("error loading psks") .build( provider.rand(), provider.crypto(), &alice_signature_keys, |_proposal| true, ) .expect("error validating data and building commit") .stage_commit(provider) .expect("error staging commit"); let (mls_message_out, welcome, group_info) = message_bundle.into_contents(); Merged PRs November 2024 #1687: Clippy fixes #1684: Add validation annotations and a check #1683: ci: Fix coverage #1679: Fixing a few typos in the book #1678: Update README.md ciphersuite names #1676: Fix docs link #1675: Add Commit Builder #1673: Feat: Better error when attempting to decrypt own messages #1672: VerifiableGroupInfo::epoch() added to public API Contributors @franziskuskiefer @kkohbrok @raphaelrobert @josephlukefahr @keks

The OpenMLS currently focuses on stabilising and improving APIs, as well as improving the semantic validation checks in OpenMLS. Merged PRs October 2024 #1669: Box PublicMessage in ProtocolMessage and allow some large enum variants #1668: Add log messages for unsupported extension errors #1667: Validation Progress #1666: Add members and group_context getters to StagedWelcome #1664: Add test for incorrect max_past_epochs value #1661: Upstream some changes from XMTP #1659: Fix a broken link in CONTRIBUTING.md #1657: Fix checks for leaf node validation (valn01xx) and valn1207 Contributors @erskingardner @W95Psp @neekolas @kkohbrok @keks @franziskuskiefer

OpenMLS Development Update - September 2024 Welcome to the inaugural post in our new series, designed to keep you informed about the latest developments on OpenMLS. Each month, we’ll highlight significant changes, share key milestones, and provide insights into our ongoing work. At the beginning of September we released OpenMLS v0.6 | 📦. The month has been pretty quiet after the release while we started to complete the semantic validation checks in OpenMLS to ensure that OpenMLS is always safe to use. Read more about it in Jan’s blog post. ...

When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks… all kinds of vulnerabilities. To give an example, you might remember the “goto fail” vulnerability, a bug in the TLS implementation used in iOS. Here, the verification function of signatures sent along with the ServerKeyExchange message, which ties the server identity to the transcript and ephemeral key material. Due to a hard-to-spot slipup, it returned success early and never really checked the signature, which would allow an attacker to man-in-the-middle the connection. While in this case they didn’t just forget to do the check, it does demonstrate why these checks are important. ...

Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release. New Storage Provider To make it easier to persist group state, the KeyStoreProvider was replaced with the more powerful StorageProvider trait for tracking the state of a group or a party. This includes keys, but also other group state like the ratchet tree and the group context. OpenMLS writes to the storage at the end of any successful operation. This means that if the provider is backed by some persistent memory, the entire long-lived state of OpenMLS is automatically persisted. ...

OpenMLS now offers security against harvest-now-decrypt-later (HNDL) quantum adversaries. In #1546 we merged support for the X-Wing KEM draft, which is an early draft for securely combining elliptic-curve-based Diffie-Hellman with ML-KEM. In particular, OpenMLS now supports the ciphersuite MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519 with ciphersuite 0x004D. There is no IANA code-point for this ciphersuite yet, such that interoperability may not be guaranteed. We work with other implementers towards interoperability of this ciphersuite. The implementation uses Cryspen’s formally verified ML-KEM and x25519 implementations from libcrux. The implementations are not only formally verified for correctness, secret independence, and memory safety, but also amongst the fastest implementations. Users should not notice any significant performance differences when using this new ciphersuite. The threat of HNDL attackers requires applications to switch to post-quantum secure mechanisms now, just like Signal and iMessage did already. OpenMLS offers a simple way to achieve security against HNDL attackers and is ready to use. ...