@@ -327,6 +327,82 @@ Signature = Ed25519.Sign(ed25519_secret, H)
327327
328328---
329329
330+ ### 5. FFI Boundary (Mobile Applications)
331+ ** Entry Points** :
332+ - UniFFI-generated bindings for iOS (Swift) and Android (Kotlin/Java)
333+ - Cross-language function calls
334+ - Memory ownership transfers
335+
336+ ** Threats** :
337+ - ** Memory Safety** : Incorrect memory management across language boundaries
338+ - ** Type Confusion** : Mismatched types between Rust and target language
339+ - ** Resource Leaks** : Unclosed handles or sessions
340+ - ** Panic Propagation** : Rust panics crossing FFI boundary
341+
342+ ** Mitigations** :
343+ - ✅ UniFFI handles memory management automatically (Arc refcounting)
344+ - ✅ Structured error codes (` NoiseErrorCode ` as ` i32 ` ) prevent type confusion
345+ - ✅ No raw pointers exposed to generated bindings
346+ - ✅ Thread-safe wrappers (` ThreadSafeSessionManager ` ) for concurrent access
347+ - ✅ Error codes mapped to platform-specific error types
348+
349+ ** Risk** : LOW (UniFFI provides safe abstractions)
350+
351+ ** Mobile-Specific Considerations** :
352+ - ** App Suspension** : Sessions must be persisted before app backgrounding
353+ - ** Memory Dumps** : Keys in memory vulnerable if device is compromised
354+ - ** Jailbreak/Root** : Elevated privileges can access process memory
355+ - ** Debugging** : Debuggers can inspect memory (mitigated by release builds)
356+
357+ ** Recommendation** : Applications SHOULD:
358+ - Persist session state before app suspension (use ` NoiseManager::save_state() ` )
359+ - Use secure storage for master seeds (iOS Keychain, Android Keystore)
360+ - Enable ` secure-mem ` feature on servers (page locking)
361+ - Clear sensitive data on app termination
362+
363+ ---
364+
365+ ### 6. Mobile-Specific Threats
366+
367+ #### 6.1 App Lifecycle Attacks
368+ ** Threat** : App suspension/resume can cause session state loss or corruption
369+
370+ ** Mitigations** :
371+ - ✅ ` NoiseManager ` provides ` save_state() ` and ` restore_state() ` methods
372+ - ✅ Session state is serializable for persistence
373+ - ✅ Connection status tracking for reconnection logic
374+
375+ ** Risk** : LOW (if state is properly persisted)
376+
377+ #### 6.2 Memory Dump Attacks
378+ ** Threat** : Compromised device can dump process memory containing keys
379+
380+ ** Mitigations** :
381+ - ✅ ` Zeroizing ` reduces key lifetime in memory
382+ - ✅ Closure-based key access (keys don't escape function scope)
383+ - ✅ Optional ` secure-mem ` feature (page locking on supported OSes)
384+ - ❌ Cannot fully protect against root/admin access
385+
386+ ** Risk** : MEDIUM (requires device compromise)
387+
388+ ** Recommendation** : Use secure hardware storage (HSM, TEE) for master seeds in high-security deployments
389+
390+ #### 6.3 Platform-Specific Threats
391+
392+ ** iOS** :
393+ - ** Jailbreak Detection** : Jailbroken devices have elevated attack surface
394+ - ** Keychain Access** : Secure storage via iOS Keychain (recommended)
395+ - ** App Sandbox** : Provides isolation but keys still in process memory
396+
397+ ** Android** :
398+ - ** Root Detection** : Rooted devices can access all app memory
399+ - ** Keystore** : Hardware-backed key storage available on modern devices
400+ - ** Debugging** : Release builds obfuscate but don't fully protect
401+
402+ ** Risk** : MEDIUM (platform-dependent)
403+
404+ ---
405+
330406## Cryptographic Assumptions
331407
332408### Standard Assumptions (Accepted)
@@ -347,6 +423,39 @@ Signature = Ed25519.Sign(ed25519_secret, H)
347423
348424---
349425
426+ ## FFI Boundary Security
427+
428+ ### Trust Model
429+ The FFI layer (UniFFI) is considered ** TRUSTED** for memory safety but ** UNTRUSTED** for application logic:
430+ - ✅ UniFFI-generated code is safe (no manual memory management)
431+ - ⚠️ Application code calling FFI must handle errors correctly
432+ - ⚠️ Platform-specific code (Swift/Kotlin) must validate inputs
433+
434+ ### Error Handling
435+ FFI errors are mapped to structured error codes:
436+ - ` NoiseErrorCode ` enum provides platform-agnostic error types
437+ - Errors are serialized as ` i32 ` for cross-language compatibility
438+ - Platform bindings should map these to native error types
439+
440+ ### Memory Safety
441+ - ** Ownership** : UniFFI uses ` Arc ` for shared ownership (automatic refcounting)
442+ - ** Lifetimes** : No manual lifetime management required
443+ - ** Leaks** : Automatic cleanup when objects are dropped
444+
445+ ### Thread Safety
446+ - ` ThreadSafeSessionManager ` uses ` Arc<Mutex<>> ` for concurrent access
447+ - FFI layer is thread-safe if internal types are thread-safe
448+ - Mobile apps should use thread-safe wrappers for background workers
449+
450+ ### Security Best Practices for FFI
451+ 1 . ** Input Validation** : Validate all inputs from platform code
452+ 2 . ** Error Handling** : Never ignore FFI errors
453+ 3 . ** Resource Management** : Ensure sessions are properly closed
454+ 4 . ** State Persistence** : Save state before app suspension
455+ 5 . ** Secure Storage** : Use platform secure storage for master seeds
456+
457+ ---
458+
350459## Known Limitations
351460
352461### 1. No Post-Quantum Cryptography
0 commit comments