wolfCOSE: A Zero-Alloc C Library for COSE with Post-Quantum Signatures
wolfSSL has released wolfCOSE, a lightweight C library that implements CBOR (RFC 8949) and COSE (RFC 9052/9053) using wolfSSL as its crypto backend. The library is designed for embedded systems, IoT devices, and any environment where memory is constrained and dynamic allocation is unacceptable.
Key Features
- Complete RFC 9052 message set: All six COSE message types, including multi-signer
COSE_Signand multi-recipientCOSE_Encrypt/COSE_Mac. - Post-quantum signing: ML-DSA (Dilithium) at all three security levels (44, 65, 87).
- 40 algorithms across signing, encryption, MAC, and key distribution.
- Zero dynamic allocation: All operations use caller-provided buffers.
- Tiny footprint: 7.5 KB .text for minimal build (Sign1+ECC), 25.6 KB for full build (40 algorithms), zero .data/.bss.
- Full COSE lifecycle in ~<1KB RAM (excluding wolfCrypt internals).
- Path to FIPS 140-3 via wolfCrypt FIPS Certificate #4718.
Supported Algorithms
Signing: ES256, ES384, ES512, EdDSA (Ed25519/Ed448), PS256/384/512, ML-DSA-44/65/87. Encryption: AES-GCM (128/192/256), ChaCha20-Poly1305, AES-CCM variants. MAC: HMAC-SHA256/384/512, AES-MAC. Key Distribution: Direct, AES Key Wrap, ECDH-ES+HKDF.
COSE Message Types (RFC 9052)
wolfCOSE implements all six RFC 9052 messages with both single-actor and multi-actor variants:
- COSE_Sign1: Single-signer signature (API:
wc_CoseSign1_Sign/wc_CoseSign1_Verify). - COSE_Sign: Multi-signer (independent signatures over the same payload).
- COSE_Encrypt0: Single-recipient AEAD.
- COSE_Encrypt: Multi-recipient (one ciphertext, many recipients via Direct / AES-KW / ECDH-ES).
- COSE_Mac0: Single-recipient MAC.
- COSE_Mac: Multi-recipient MAC (shared MAC key, distributed to recipients).
- COSE_Key / COSE_KeySet: Key serialization for all key types.
Prerequisites and Build
wolfCOSE requires wolfSSL v5.8.0-stable or later. Here's how to build for a minimal ECC + AES-GCM configuration:
cd wolfssl
./autogen.sh
./configure --enable-ecc --enable-aesgcm --enable-sha384 --enable-sha512 --enable-keygen
make && sudo make install
sudo ldconfig
Then build wolfCOSE:
make # Build libwolfcose.a
make test # Run unit tests
make tool-test # Run CLI round-trip tests (all algorithms)
make demo # Run lifecycle demo (11 algorithms)
Build targets include make all (core library), make shared (shared library), make test (CBOR and COSE unit tests), make tool (CLI tool), and make coverage (code coverage).
Quick Start
Examples are in the examples/ directory, including sign1_demo.c, encrypt0_demo.c, mac0_demo.c, lifecycle_demo.c, and scenario demos for firmware signing, attestation, and fleet configuration.
CI and Testing
- Runs on every push and PR: Ubuntu, macOS, GCC 10-14, Clang 14-18.
- ~240 algorithm combination tests.
- Static analysis: cppcheck, Clang analyzer, GCC -fanalyzer, MISRA C 2012/2023, clang-tidy.
- Coverity Scan nightly.
- Code coverage: 99.3% for
wolfcose.c, 100% forwolfcose_cbor.c.
Documentation and License
Full documentation is available in the Wiki (build instructions, message types, algorithms, API reference, macros, testing, MISRA compliance). wolfCOSE is licensed under GPLv3. Commercial licensing and support are available from wolfSSL.
Why This Matters for Developers
If you're working on embedded systems, IoT, or any environment where memory is at a premium, wolfCOSE provides a production-ready COSE implementation with zero dynamic allocation. The inclusion of post-quantum ML-DSA makes it future-proof. With a tiny footprint (7.5 KB .text for minimal build) and FIPS 140-3 path, it's suitable for both constrained devices and regulated industries.
