wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) using wolfSSL as the crypto backend.
Complete RFC 9052 message set: all six COSE message types, including multi-signerCOSE_Sign
and multi-recipientCOSE_Encrypt
/COSE_Mac
Post-quantum signing: ML-DSA (Dilithium) at all three security levels** 40 algorithmsacross signing, encryption, MAC, and key distribution Zero dynamic allocation**: all operations use caller-provided buffers** Tiny footprint**: 7.5 KB.text
minimal build (Sign1+ECC), 25.6 KB full (40 algorithms), zero.data
/.bss
Full COSE lifecycle in ~<1KB RAM(excluding wolfCrypt internals)** Path to FIPS 140-3**via wolfCrypt FIPS Certificate #4718 (sole crypto dependency)
Signing: ES256, ES384, ES512, EdDSA (Ed25519/Ed448), PS256/384/512, ML-DSA-44/65/87
Encryption: AES-GCM (128/192/256), ChaCha20-Poly1305, AES-CCM variants
MAC: HMAC-SHA256/384/512, AES-MAC
Key Distribution: Direct, AES Key Wrap, ECDH-ES+HKDF
wolfCOSE has implemented all RFC 9052 messages both single-actor and multi-actor variants:
| Message | RFC 9052 | API | Purpose |
|---|---|---|---|
COSE_Sign1 |
|||
| Sec. 4.2 | wc_CoseSign1_Sign / wc_CoseSign1_Verify |
||
| Single-signer signature | |||
COSE_Sign |
|||
| Sec. 4.1 | wc_CoseSign_Sign / wc_CoseSign_Verify |
||
| Multi-signer (independent signatures over the same payload) | |||
COSE_Encrypt0 |
|||
| Sec. 5.2 | wc_CoseEncrypt0_Encrypt / wc_CoseEncrypt0_Decrypt |
||
| Single-recipient AEAD | |||
COSE_Encrypt |
|||
| Sec. 5.1 | wc_CoseEncrypt_Encrypt / wc_CoseEncrypt_Decrypt |
||
| Multi-recipient (one ciphertext, many recipients via Direct / AES-KW / ECDH-ES) | |||
COSE_Mac0 |
|||
| Sec. 6.2 | wc_CoseMac0_Create / wc_CoseMac0_Verify |
||
| Single-recipient MAC | |||
COSE_Mac |
|||
| Sec. 6.1 | wc_CoseMac_Create / wc_CoseMac_Verify |
||
| Multi-recipient MAC (shared MAC key, distributed to recipients) | |||
COSE_Key / COSE_KeySet |
|||
| Sec. 7 | wc_CoseKey_Encode / wc_CoseKey_Decode |
||
| Key serialization for all key types |
wolfCOSE requires wolfSSL as its crypto backend. Minimum supported version: v5.8.0-stable (first release with the public wc_ForceZero
symbol alongside the FIPS 204 final ML-DSA and context-aware wc_dilithium_*_ctx_msg
APIs). Older 5.x releases can technically be supported but require source-level changes; contact wolfSSL for commercial support.
Choose a build configuration based on the algorithms you need.
This gives you COSE Sign1 (ES256/384/512) and Encrypt0 (AES-GCM):
cd wolfssl
./autogen.sh
./configure --enable-ecc --enable-aesgcm \
--enable-sha384 --enable-sha512 --enable-keygen
make && sudo make install
sudo ldconfig
Algorithms enabled: ES256, ES384, ES512, AES-GCM-128/192/256
For pure post-quantum signing with ML-DSA-44/65/87:
cd wolfssl
./autogen.sh
./configure --enable-cryptonly --enable-dilithium
make && sudo make install
sudo ldconfig
Algorithms enabled: ML-DSA-44, ML-DSA-65, ML-DSA-87
(SHAKE-128/256 are pulled in automatically by --enable-dilithium
.)
cd wolfssl
./autogen.sh
./configure --enable-ecc --enable-ed25519 --enable-ed448 \
--enable-curve25519 --enable-aesgcm --enable-aesccm \
--enable-sha384 --enable-sha512 --enable-keygen \
--enable-rsapss --enable-chacha --enable-poly1305 \
--enable-dilithium --enable-hkdf --enable-aeskeywrap
make && sudo make install
sudo ldconfig
make
make test
make tool-test
make demo
| Target | Description |
|---|---|
make all |
|
Build libwolfcose.a (core library only) |
|
make shared |
|
Build libwolfcose.so |
|
make test |
|
| Build + run CBOR and COSE unit tests | |
make tool |
|
Build CLI tool (tools/wolfcose_tool ) |
|
make tool-test |
|
| Round-trip self-test for all 17 algorithms | |
make demo |
|
| Build + run lifecycle demo (11 algorithms) | |
make clean |
|
| Remove all build artifacts |
See examples/
for complete working code:
sign1_demo.c
,encrypt0_demo.c
,mac0_demo.c
: algorithm demoslifecycle_demo.c
: full edge-to-cloud workflowcomprehensive/
: algorithm matrix testsscenarios/
: firmware signing, attestation, fleet config
Runs on every push and PR:
Build + Test: Ubuntu, macOS, GCC 10-14, Clang 14-18** Comprehensive Tests**: ~240 algorithm combination tests** Static Analysis**: cppcheck, Clang analyzer, GCC-fanalyzer
MISRA C 2012: cppcheck--addon=misra
checking all wolfCOSE code pathsMISRA C 2023: strict GCC warnings and clang-tidy (bugprone-*
,cert-*
,clang-analyzer-*
,misc-*
)Coverity Scan: nightly defect analysis** Advanced Internal Static Analysis:Fenrir wolfssl advanced static analysis tools Code Coverage**: 99.3% for wolfcose.c, 100% for wolfcose_cbor.c
make coverage # Run tests with gcov
make coverage-force-failure # Include crypto failure path testing
Full documentation is available in the Wiki:
Getting Started: Build instructions and first stepsMessage Types: All six RFC 9052 messages (Sign1, Sign, Encrypt0, Encrypt, Mac0, Mac) with code samplesAlgorithms: Complete list of 40 supported algorithms with COSE IDsAPI Reference: Function signatures, data structures, error codesMacros: Compile-time configuration optionsTesting: Test infrastructure, coverage, and failure injectionMISRA Compliance: MISRA C:2012 and C:2023 compliance status and deviation rationaleProject Structure: Source file layout
Blogs and update can be found here:
wolfCOSE is free software licensed under the GPLv3.
Copyright (C) 2026 wolfSSL Inc.
Note:While wolfCOSE is currently maintained by wolfSSL developers, it is not yet classified as an officially supported product. It was designed from the ground up to meet the same quality standards as the rest of the wolfSSL suite with future adoption in mind. We are eager to transition this to a fully supported product as demand grows; if your organization requires official support or has specific feature requirements or you just have general questions or guidance with product, please reach out.
For commercial licensing, professional support contracts, or to discuss moving wolfCOSE into your production environment, contact wolfSSL.