openmls 1.1.0
openmls: ^1.1.0 copied to clipboard
Dart wrapper for OpenMLS — a Rust implementation of the Messaging Layer Security (MLS) protocol (RFC 9420)
1.1.0 - 2026-02-15 #
For Users #
Highlights
- openmls_frb v1.0.0 → v1.2.0 — Rust FFI bindings with engine close/reopen support and openmls v0.8.1
Added
MlsEngine.close()andMlsEngine.isClosed()— allow closing the engine (wiping the encryption key from RAM and closing the DB connection) when the app goes to background or the screen is locked. After close, all operations fail with "MlsEngine is closed". Close is idempotent
Changed
- Update openmls native library to v0.8.1 (release notes)
- Relaxed WASM size limit to improve compatibility
- Exposed
full_leavesandparentsin TreeSync for tree traversal - Updated libcrux and hpke-rs dependencies
Fixed
- README: Correct iOS minimum version from 12.0 to 13.0 and macOS from 10.14 to 10.15 in platform support table
For Contributors #
Added
make check-targets: Unified deployment target consistency checker for iOS, macOS, and Android — verifies all project files (podspec, CI workflow, Xcode project, plist, build.gradle, README) match.copier-answers.yml. Supports--updateto fix mismatches and--set <version>to change a platform target everywhere in one command
Changed
- CI: Add Rust dependency caching (
Swatinem/rust-cache) to speed up builds, especially Windows where vendored OpenSSL compilation took ~10 minutes
1.0.0 - 2026-02-11 #
Added #
- MLS Protocol (RFC 9420): Full group key agreement with forward secrecy and post-compromise security
- MlsEngine: Rust-owned encrypted database with 61 API functions (58 async + 3 sync):
- Group creation, join (Welcome, external commit), leave
- Member management (add, remove, swap)
- Encrypted messaging with additional authenticated data (AAD)
- Proposals (add, remove, self-update with custom leaf node parameters, PSK, custom, group context extensions)
- Commit handling (pending, flexible, merge/clear)
- State queries (members, epoch, extensions, configuration, epoch authenticator, ratchet tree, group info, secrets)
- Key package creation with options (lifetime, last-resort)
- Storage cleanup (delete group, delete key package, remove pending proposal)
- Basic and X.509 credential support (optional credential bytes on all creation functions)
- 3 sync message utilities (extract group ID, epoch, content type)
- Encrypted storage: All MLS state encrypted at rest
- Native: SQLCipher (AES-256 transparent full-database encryption)
- Web: IndexedDB + AES-256-GCM per-value encryption via Web Crypto API
- SecureBytes: Wrapper for sensitive byte data with automatic zeroing on disposal
- SecureUint8List: Extension with
zeroize()method for manual zeroing ofUint8List - Cross-platform support: Android, iOS, macOS, Linux, Windows, Web (WASM)
- Automatic native library download via Dart Build Hooks
- SHA256 checksum verification for supply chain security
- Based on OpenMLS v0.8.0
Security #
- All cryptographic operations run in Rust (OpenMLS with RustCrypto backend)
- Memory safety via Rust's ownership model
- No
unsafecode in the wrapper layer - Web Crypto API on WASM: Encryption key imported as non-extractable
CryptoKeyviacrypto.subtle.importKey()— raw key bytes zeroized from WASM memory immediately after import. Defensive error handling (nounwrap()) in encrypt/decrypt paths SerializableSignerderivesZeroizeOnDrop— private key bytes zeroed on drop- Eliminated clone-then-zeroize pattern in
from_raw()andserialize_signer()— private keys moved, not copied signer_from_bytes()zeroizes input bytes on all code paths, including deserialization errors- X.509
x509()documents that application layer must validate certificate chains - SECURITY.md: sensitive API table, known limitations, web deployment recommendations, vulnerability reporting via GitHub Security Advisories