openmls 1.0.0

Dart wrapper for OpenMLS — a Rust implementation of the Messaging Layer Security (MLS) protocol (RFC 9420)

1.0.0 - 2026-02-08

Added

• MLS Protocol (RFC 9420): Full group key agreement with forward secrecy and post-compromise security
• MlsEngine: Rust-owned encrypted database with 61 API functions (58 async + 3 sync):
  • Group creation, join (Welcome, external commit), leave
  • Member management (add, remove, swap)
  • Encrypted messaging with additional authenticated data (AAD)
  • Proposals (add, remove, self-update with custom leaf node parameters, PSK, custom, group context extensions)
  • Commit handling (pending, flexible, merge/clear)
  • State queries (members, epoch, extensions, configuration, epoch authenticator, ratchet tree, group info, secrets)
  • Key package creation with options (lifetime, last-resort)
  • Storage cleanup (delete group, delete key package, remove pending proposal)
  • Basic and X.509 credential support (optional credential bytes on all creation functions)
  • 3 sync message utilities (extract group ID, epoch, content type)
• Encrypted storage: All MLS state encrypted at rest
  • Native: SQLCipher (AES-256 transparent full-database encryption)
  • Web: IndexedDB + AES-256-GCM per-value encryption via Web Crypto API
• SecureBytes: Wrapper for sensitive byte data with automatic zeroing on disposal
• SecureUint8List: Extension with zeroize() method for manual zeroing of Uint8List
• Cross-platform support: Android, iOS, macOS, Linux, Windows, Web (WASM)
• Automatic native library download via Dart Build Hooks
• SHA256 checksum verification for supply chain security
• Based on OpenMLS v0.8.0

Security

• All cryptographic operations run in Rust (OpenMLS with RustCrypto backend)
• Memory safety via Rust's ownership model
• No unsafe code in the wrapper layer
• Web Crypto API on WASM: Encryption key imported as non-extractable CryptoKey via crypto.subtle.importKey() — raw key bytes zeroized from WASM memory immediately after import. Defensive error handling (no unwrap()) in encrypt/decrypt paths
• SerializableSigner derives ZeroizeOnDrop — private key bytes zeroed on drop
• Eliminated clone-then-zeroize pattern in from_raw() and serialize_signer() — private keys moved, not copied
• signer_from_bytes() zeroizes input bytes on all code paths, including deserialization errors
• X.509 x509() documents that application layer must validate certificate chains
• SECURITY.md: sensitive API table, known limitations, web deployment recommendations, vulnerability reporting via GitHub Security Advisories