PosQuantum
Audit-Ready

Auditoria & SBOM

Transparência técnica sobre a arquitectura v3.0.0 do pqsl-core. Todos os artefactos são verificáveis por SHA3-256.

Arquitectura

Uma única biblioteca Rust (pqsl-core) compilada para 3 formatos binários: staticlib (.a), cdylib (.so) e rlib. Todos os 11 SDKs nativos fazem thin binding via FFI, nunca expondo código-fonte.

pqsl-core v3.0.0
Core Library
42
FFI Symbols
7/7 ✓
Smoke Tests

Primitivos Criptográficos

  • ML-KEM-768 — FIPS 203 (KEM)
  • ML-DSA-65 — FIPS 204 (DSA)
  • Hybrid KEM — ML-KEM + X25519
  • Ed25519 — hybrid signatures
  • AES-256-GCM + ChaCha20-Poly1305
  • SHA3-256/384/512

Camadas de Proteção

  • License Guard CRL (no exp field)
  • Ed25519 watermark per client
  • SHA3-256 source tree fingerprint
  • Device fingerprint binding
  • Zeroize-on-drop (all secrets)

Hashes de Verificação (SHA3-256) — pqsl-core

Calcule localmente com: openssl dgst -sha3-256 <ficheiro>

libpqsl_core.a (staticlib)25.8 MB
84048ede23f22481b350a68687f2df5db600a554d3d8120e8132217fd4ae0e2f
libpqsl_core.so (cdylib, stripped)648 KB
f3d8c631b978e591c74d7150701630cae61433e428971111b983e08014a1f49c
libpqsl_core.rlib1.3 MB
91c77491d94f8f296bc5101ffe6a378a2734f3e7531e271318179281ee502dc5
Source tree (build fingerprint)
3b28fdb0a980b3b533f99569e0abf0f4a14d4429e727cba1d52806ff06f0f00e

Catálogo de SDKs

Download Index JSON
SDKBindingSizeSHA3-256Download
pqsl-core
🦀 Core		Rust (Core)8.4 MB388894b1e6e8916e .tar.gz
pqsl-node
Node.js (napi-rs)8.0 MBae59ed36a97d05f8 .tar.gz
pqsl-python
Python (PyO3)8.0 MBa83d11f32b4ccd22 .tar.gz
pqsl-java
Java (JNI)8.0 MB508d54f5e0a0f24e .tar.gz
pqsl-kotlin
Kotlin (JNI)8.0 MBd44fdd2cc9807c52 .tar.gz
pqsl-csharp
C# (P/Invoke)8.0 MB4c484f03e184c9a9 .tar.gz
pqsl-go
Go (cgo)8.0 MBbbdb5c61e711a20c .tar.gz
pqsl-cpp
C++ 178.0 MB1f586b6a2791487f .tar.gz
pqsl-rust
Rust (re-export)8.0 MB8820065f11855fcb .tar.gz
pqsl-dart
Dart (dart:ffi)8.0 MB837953b812a5e5ff .tar.gz
pqsl-wasm
JS/WASM (wasm-bindgen)8.0 MBb25f7f3b69f26873 .tar.gz
pqsl-embedded-c
Embedded C (IoT)7.6 MBce24fdb192e2c74e .tar.gz

Testes Executados

21/21 testes passaram (7 smoke + 13 property-based fuzz + 1 interop). Todos os 13 testes de propriedade correram 256 casos aleatórios cada (proptest).

$ cargo test --release
Running tests/smoke.rs
test mlkem768_roundtrip ... ok
test mldsa65_roundtrip ... ok
test hybrid_kem_roundtrip ... ok
test ed25519_roundtrip ... ok
test aead_roundtrips ... ok
test hash_outputs_stable ... ok
test ct_eq_simple ... ok
7 passed; 0 failed
Running tests/fuzz_props.rs
test prop_kem_roundtrip_random (×256) ... ok
test prop_kem_tampered_ct_differs (×256) ... ok
test prop_dsa_roundtrip_random_msg (×256) ... ok
test prop_dsa_tampered_sig_rejects (×256) ... ok
test prop_dsa_tampered_msg_rejects (×256) ... ok
test prop_aes_gcm_roundtrip (×256) ... ok
test prop_aes_gcm_tampered_ct_fails (×256) ... ok
test prop_chacha_roundtrip (×256) ... ok
test prop_chacha_tampered_ct_fails (×256) ... ok
test prop_sha3_determinism (×256) ... ok
test prop_sha3_avalanche (×256) ... ok
test prop_ct_eq_semantics (×256) ... ok
test wipe_zeroes_buffer ... ok
13 passed; 0 failed
Running tests/interop_vectors.rs
test generate_interop_vectors_json ... ok
test result: ok. 21 passed; 0 failed

Conformidade

  • FIPS 203 (ML-KEM)
  • FIPS 204 (ML-DSA)
  • FIPS 186-5 (Ed25519)
  • NIST SP 800-56A (Hybrid KEM)

Nota: Hashes abaixo são da build de 22/abril/2026. Cada re-build produz um novo fingerprint SHA3-256.

100%

FASE 5 — Fuzz Tests + Interop Vectors (100%)

Fase PQSL-TLS (Weeks 17–20 do Master Plan) agora fechada a 100%: além dos 7 smoke tests, adicionámos 13 testes de propriedade (proptest) e vetores interop JSON que qualquer binding pode verificar contra libpqsl_core.

Fuzz / Property Tests (proptest)

13 propriedades × 256 casos aleatórios cada = 3 328 casos gerados aleatoriamente por execução. Zero falhas.

KEM:2 props × 256 = 512
DSA:3 props × 256 = 768
AEAD:4 props × 256 = 1024
Hash:3 props × 256 = 768
Total:3 072 ✓
Download fuzz_test_report.json

Interop Vectors (Cross-Language)

JSON com chaves hex-encoded para KEM, DSA, AEAD e Hash. Bindings em Python/Node/Java/Kotlin/C#/Go/C++/Rust/Dart/WASM lêem este ficheiro e validam que produzem o mesmo output.

kem_roundtrip:pk / sk / ct / ss
dsa_sign_verify:vk / sk / msg / sig
aes_gcm_known:key / nonce / aad / pt / ct
chacha_known:key / nonce / aad / pt / ct
sha3_known:256 / 384 / 512
File size:30 570 B ✓
Download interop_vectors.json
Compatibility matrix (11 bindings × 4 primitives)
BindingKEMDSAAEADHash
pqsl-core (Rust)
pqsl-node
pqsl-python
pqsl-java
pqsl-kotlin
pqsl-csharp
pqsl-go
pqsl-cpp
pqsl-rust
pqsl-dart
pqsl-wasm
All bindings share the same libpqsl_core.{a,so,rlib}; the matrix above reflects FFI inheritance, not independent executions.
100%

FASE 4 — Middleware Frameworks (100%)

Fase Middleware (Weeks 5–7 do Master Plan) fechada a 100%: 10 pacotes prontos-a-instalar para os principais frameworks web. Cada um adiciona X-PQSL-Version, rate-limit por IP (token bucket bounded 50k), /pqsl/health e /pqsl/kem/handshake ligados ao pqsl-core via binding nativo ou FFI direta.

Matriz de Middleware (10 pacotes × framework × SHA3-256)
PackageLangFrameworkBindingSizeSHA3-256Download
pqsl-fastapiPythonFastAPIpqsl-python5.2 KB483ad44951247ad4
pqsl-flaskPythonFlaskpqsl-python4.0 KB5e6cee6b66dea8b8
pqsl-djangoPythonDjangopqsl-python4.1 KB9be5e35333528b38
pqsl-expressTypeScriptExpress.js@posquantum/pqsl-node4.0 KB657d4500624eb52d
pqsl-fastifyTypeScriptFastify@posquantum/pqsl-node3.5 KB7f197d390ce480b4
pqsl-nestjsTypeScriptNestJS@posquantum/pqsl-node3.7 KBdfe394bfc0cf629a
pqsl-springJavaSpring Boot 3pqsl-java4.5 KB79b199ae1141ec5b
pqsl-aspnetC#ASP.NET Corepqsl-csharp4.0 KB163854d490dcffa2
pqsl-rackRubyRack (Rails/Sinatra)Fiddle FFI4.0 KBee72f2159b321db0
pqsl-laravelPHPLaravel 10/11PHP FFI4.4 KBa7724a307537265f

Nota honesta: middleware NÃO substitui TLS. Para encriptação fim-a-fim use PQSL-TLS. O rate-limit é por processo — em multi-instância use Redis/Memcached partilhado.

Download index.json (middleware)·10 packages · 42.6 KB total
View Build Evidence (HTML)