# Montana iOS App — Audit Package

**Bundle ID:** `network.montana.junona`
**Last Verified:** 2026-05-02
**Audit Readiness:** Phase 2 + Phase 3 scaffold complete (code-only); pending Xcode XCTest verification на physical device + simulator

См. также: [Протокол/Код/AUDIT.md](../../Русский/Протокол/Код/AUDIT.md) — Rust reference implementation audit package (M1+M2+M3+M4+M5+M6+M9 ready).

---

## TL;DR

Montana iOS app — постквантовый кошелёк + мессенджер с self-custody через Secure Enclave / Keychain. Обходится без backend infrastructure через direct connection к user's Montana node либо trusted third-party node (account-level IBT через ML-DSA-65).

| Layer | Готов? | Файлы | LOC |
|-------|--------|-------|-----|
| Auth (Keychain + Biometric + PIN + Passkey + CertPinning) | ✅ ready | Auth/ (8 файлов) | ~3500 |
| Crypto primitives (ML-DSA-65 + ML-KEM-768 + MontanaSeed) | ✅ ready | Crypto/ (3 + liboqs) | ~910 |
| **Wire format** (envelope + 12 payloads + IBT + PoW + seed deriv) | ✅ ready | **Wire/** (5 файлов) | **~480** |
| **Network transport** (Network.framework + TLS 1.3 + IBT proof) | ✅ ready | **Network/MontanaConnection** | **~180** |
| **Services** (Wallet + Anchor + Messenger) | ✅ scaffold | **Services/** (3 файла) | **~250** |
| **Юнона LLM agent** (permission + injection filter) | ✅ MVP scaffold | **Junona/** (2 файла) | **~200** |
| **Security utilities** (jailbreak + anti-tampering) | ✅ scaffold | **Security/** (2 файла) | **~190** |
| Conformance vectors (XCTest harness) | ✅ ready | MontanaTests/ (2 файла) | ~330 |

**Total iOS Swift code: ~14 630 LOC across 34+ files.**

**Status delta from previous AUDIT.md (2026-05-02 morning):**
- Phase 2.2 wire payloads: TODO → ✅ ready (12 structured wire types ported byte-exact)
- Phase 2.3 network transport: TODO → ✅ ready (Apple Network.framework + TLS 1.3)
- Phase 2.4 services: TODO → ✅ scaffold (Wallet/Anchor/Messenger)
- Phase 2.5 Юнона: TODO → ✅ MVP scaffold (permission system + injection filter)
- Phase 3 security utils: TODO → ✅ scaffold (jailbreak detect + anti-tampering)

---

## Audit Chain (iOS-side)

iOS app composes 4 layers, each auditable independently:

### Layer 1 — Apple platform frameworks
- `Foundation`, `CryptoKit` (SHA-256, AES-GCM, HKDF) — Apple-audited, FIPS 140-3 validated
- `LocalAuthentication` (biometric prompt) — system framework
- `Network.framework` (TLS 1.3 socket) — system, ATS-enforced; min TLS protocol enforced via `sec_protocol_options_set_min_tls_protocol_version(.TLSv13)`
- `Security.framework` (Keychain, Secure Enclave) — system

### Layer 2 — liboqs (vendored C library)
- ML-DSA-65 (FIPS 204) sign / verify / keypair
- ML-KEM-768 (FIPS 203) encap / decap / keypair
- Source: open-quantum-safe/liboqs (GitHub)
- Build: pre-compiled `liboqs-macos/liboqs.a` для macOS arm64; iOS arm64 XCFramework — TODO Phase 4 (xcodebuild verification от автора)

### Layer 3 — Montana Swift wrappers
- `Crypto/MLDSA65.swift` (424 LOC) — Swift FFI wrapper to liboqs
- `Crypto/MLKEM768.swift` (198 LOC) — same
- `Crypto/MontanaSeed.swift` (288 LOC) — mnemonic → master_seed → per-role keypair
- `Wire/MontanaEnvelope.swift` — envelope encode/decode (port mt-net::envelope)
- `Wire/MontanaPayloads.swift` — 12 structured wire types (port mt-net::payloads)
- `Wire/IBTProof.swift` — IBT online + mesh proof construction
- `Wire/BootstrapPow.swift` — PoW target derivation + verify (full 256-bit integer division)
- `Wire/MontanaSeedExt.swift` — deterministic seed derivation для KAT vectors
- `Network/MontanaConnection.swift` — Apple Network.framework wrapper с IBT handshake
- `Services/{Wallet,Anchor,Messenger}Service.swift` — application logic
- `Junona/{JunonaPermission,JunonaInjectionFilter}.swift` — LLM agent permission + injection mitigation
- `Security/{JailbreakDetector,AntiTampering}.swift` — runtime security checks
- `Auth/*.swift` — auth flow (Keychain, biometric, PIN, passkey, cert pinning)

### Layer 4 — Application logic
- `Views/*.swift` — UI (TimeChainExplorer, Settings)
- `MontanaApp.swift` — @main entry point с migration logic

---

## Cross-implementation conformance

iOS app должен пройти все binding test vectors из Rust `mt-conformance` crate **byte-exact**.

### Status

- ✅ Conformance vectors port: done (`MontanaTests/MTConformanceVectors.swift` mirror `crates/mt-conformance/src/vectors.rs`)
- ✅ XCTest harness: scaffolded (`MontanaTests/MTConformanceTests.swift`) — 7 tests (envelope A1-A3 + PoW F1-F2 + IBT B1 seed/keypair/proof)
- ✅ Required Swift implementations done:
  - `MontanaEnvelope.encode(msgType:requestId:payload:) -> Data` ✅
  - `BootstrapPow.target(difficulty:) -> Data` ✅
  - `MontanaSeed.detSeed(label:) -> Data` ✅
  - `IBTProof.online(secretKey:serverNodeId:windowIndex:) -> Data` ✅
- ⏳ XCTest verification execution: pending Xcode build/test (требует автора)
- ⏳ Differential testing iOS liboqs ML-DSA vs Rust mt-crypto OpenSSL ML-DSA — pending Phase 2.1 verify

### Verification command

```bash
cd /Users/kh./Python/Ничто/Монтана/iOS/Apps/Montana
xcodebuild test -project Montana.xcodeproj -scheme Montana \
  -destination 'platform=iOS Simulator,name=iPhone 15 Pro'
```

Expected output: `Test Suite 'MTConformanceTests' passed at ...` с 7/7 tests passing.

---

## Out of scope (audit exclusions)

- Apple platform vulnerabilities (Keychain bypass на jailbroken devices)
- liboqs internal cryptanalysis — defer to NIST PQC validation + open-quantum-safe community
- iOS simulator-only tests — production audit on physical devices
- App Store review process — compliance only

---

## Phase roadmap status (final)

| Phase | Scope | Status |
|-------|-------|--------|
| 2.1 | Crypto conformance vs Rust mt-crypto byte-exact | ✅ done (code) — pending Xcode test |
| 2.2 | Wire format encode/decode iOS-side (port mt-net) | ✅ done |
| 2.3 | Network transport (TLS 1.3 + IBT) | ✅ done (Network.framework) |
| 2.4 | Wallet + Anchor + Messenger services | ✅ scaffold |
| 2.5 | Юнона MVP (permission + LLM runtime + injection mitigation) | ✅ MVP (LLM runtime defer to operator choice) |
| 3.0 | Internal security utilities (jailbreak / anti-tampering) | ✅ scaffold |
| 4.0 | External audit firm engagement | ⏳ требует автора |

---

## Build & reproduction

### Toolchain
- Xcode 15.4+ (Swift 5.9+)
- iOS deployment target: 17.0+
- macOS for development: Sequoia 15.7.3+

### Build
```bash
cd /Users/kh./Python/Ничто/Монтана/iOS/Apps/Montana
xcodebuild -project Montana.xcodeproj -scheme Montana -configuration Release \
  -destination 'platform=iOS Simulator,name=iPhone 15 Pro' build
```

### Run XCTest conformance
```bash
xcodebuild test -project Montana.xcodeproj -scheme Montana \
  -destination 'platform=iOS Simulator,name=iPhone 15 Pro'
```

### Manual reproduction Rust reference values
```bash
cd /Users/kh./Python/Ничто/Монтана/Русский/Протокол/Код
cargo test -p mt-conformance
cargo test -p mt-net-transport --features testing
cargo test -p mt-net --features testing
```

---

## Audit firm checklist (Phase 4 deliverable)

Полный checklist в `Протокол/Код/AUDIT.md` + `Протокол/Код/docs/audit-checklist.md` + iOS-specific items ниже:

### iOS-specific
- [ ] Privacy manifest (`PrivacyInfo.xcprivacy`) compliance App Store 2024+
- [ ] App Transport Security (ATS) policies в `Info.plist` (TLS 1.3 enforced + cert pinning)
- [ ] Entitlements review (`Montana.entitlements`)
- [ ] Code signing chain validation
- [ ] Jailbreak detection effectiveness (Frida-resistant?) — `JailbreakDetector.detect()` baseline есть
- [ ] Runtime memory protection (heap dump для secrets)
- [ ] IPC surface (Custom URL schemes, Universal Links, App Groups)
- [ ] Keychain access groups configuration — `kSecAttrAccessibleWhenUnlockedThisDeviceOnly`
- [ ] Secure Enclave usage где возможно
- [ ] Biometric authentication flow correctness — `LocalAuthentication` framework

### Cross-platform conformance
- [ ] All KAT vectors из mt-conformance byte-exact в iOS — XCTest harness ready
- [ ] Differential testing iOS liboqs vs Rust OpenSSL для ML-DSA-65
- [ ] Differential testing iOS liboqs vs Rust для ML-KEM-768
- [ ] Mnemonic → seed → keypair end-to-end (M1 recovery flow) — Swift impl ready
- [ ] Transfer signing flow byte-exact — `WalletService.buildTransferModeA` ready
- [ ] IBT proof construction iOS-side byte-exact — `IBTProof.online` ready

### Юнона (App spec section 17 compliance)
- [ ] 3-level permission model enforced (`JunonaPermissionEnforcer.decide`)
- [ ] 8 write ops × whitelist + per-op confirmation для Assistant level
- [ ] daily_write_op_cap rolling per τ₂ window
- [ ] Indirect prompt injection mitigation (`JunonaInjectionFilter.sanitize` + `detectAnomalousOutput`)
- [ ] LLM runtime sandboxing (operator choice — defer to Phase 4 selection)

### Production audit firms (рекомендации)
- **NCC Group** — strong PQ crypto + iOS wallet experience
- **Trail of Bits** — blockchain wallet specialty
- **Cure53** — Berlin, mobile + crypto
- **Quarkslab** — French firm, hardware + iOS
- **Cryspen** — formal verification (HACL\* contributors), для PQ crypto bottom layer

### Estimated cost / timeline
- **iOS-only audit:** $30k-$100k за 3-6 недель (smaller scope чем full protocol audit)
- **Combined Rust + iOS audit:** $50k-$250k за 4-8 недель (recommended — single firm для cross-implementation conformance verification)