{"slug": "wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack", "title": "wolfSSL releases a new product; wolfCOSE a zero alloc C embbedded COSE stack", "summary": "WolfSSL has released wolfCOSE, a zero-allocation C library implementing CBOR and COSE standards using wolfSSL as its cryptographic backend. The library supports all six RFC 9052 message types, 40 algorithms including post-quantum ML-DSA signing, and operates with a 7.5 KB minimal footprint while requiring less than 1 KB of RAM for full COSE lifecycle operations. The release provides a path to FIPS 140-3 certification through wolfCrypt and targets embedded systems requiring lightweight, deterministic cryptographic messaging.", "body_md": "wolfCOSE is a lightweight C library implementing [CBOR (RFC 8949)](https://www.rfc-editor.org/rfc/rfc8949) and [COSE (RFC 9052/9053)](https://www.rfc-editor.org/rfc/rfc9052) using [wolfSSL](https://www.wolfssl.com/) as the crypto backend.\n\n**Complete RFC 9052 message set**: all six COSE message types, including multi-signer`COSE_Sign`\n\nand multi-recipient`COSE_Encrypt`\n\n/`COSE_Mac`\n\n**Post-quantum signing**: ML-DSA (Dilithium) at all three security levels** 40 algorithms**across signing, encryption, MAC, and key distribution** Zero dynamic allocation**: all operations use caller-provided buffers** Tiny footprint**: 7.5 KB`.text`\n\nminimal build (Sign1+ECC), 25.6 KB full (40 algorithms), zero`.data`\n\n/`.bss`\n\n**Full COSE lifecycle in ~<1KB RAM**(excluding wolfCrypt internals)** Path to FIPS 140-3**via wolfCrypt FIPS Certificate #4718 (sole crypto dependency)\n\n**Signing:** `ES256, ES384, ES512, EdDSA (Ed25519/Ed448), PS256/384/512, ML-DSA-44/65/87`\n\n**Encryption:** `AES-GCM (128/192/256), ChaCha20-Poly1305, AES-CCM variants`\n\n**MAC:** `HMAC-SHA256/384/512, AES-MAC`\n\n**Key Distribution:** `Direct, AES Key Wrap, ECDH-ES+HKDF`\n\nwolfCOSE has implemented all RFC 9052 messages both single-actor and multi-actor variants:\n\n| Message | RFC 9052 | API | Purpose |\n|---|---|---|---|\n`COSE_Sign1` |\nSec. 4.2 | `wc_CoseSign1_Sign` / `wc_CoseSign1_Verify` |\nSingle-signer signature |\n`COSE_Sign` |\nSec. 4.1 | `wc_CoseSign_Sign` / `wc_CoseSign_Verify` |\nMulti-signer (independent signatures over the same payload) |\n`COSE_Encrypt0` |\nSec. 5.2 | `wc_CoseEncrypt0_Encrypt` / `wc_CoseEncrypt0_Decrypt` |\nSingle-recipient AEAD |\n`COSE_Encrypt` |\nSec. 5.1 | `wc_CoseEncrypt_Encrypt` / `wc_CoseEncrypt_Decrypt` |\nMulti-recipient (one ciphertext, many recipients via Direct / AES-KW / ECDH-ES) |\n`COSE_Mac0` |\nSec. 6.2 | `wc_CoseMac0_Create` / `wc_CoseMac0_Verify` |\nSingle-recipient MAC |\n`COSE_Mac` |\nSec. 6.1 | `wc_CoseMac_Create` / `wc_CoseMac_Verify` |\nMulti-recipient MAC (shared MAC key, distributed to recipients) |\n`COSE_Key` / `COSE_KeySet` |\nSec. 7 | `wc_CoseKey_Encode` / `wc_CoseKey_Decode` |\nKey serialization for all key types |\n\nwolfCOSE requires [wolfSSL](https://www.wolfssl.com/) as its crypto backend. **Minimum supported version: v5.8.0-stable** (first release with the public `wc_ForceZero`\n\nsymbol alongside the FIPS 204 final ML-DSA and context-aware `wc_dilithium_*_ctx_msg`\n\nAPIs). Older 5.x releases can technically be supported but require source-level changes; contact [wolfSSL](https://www.wolfssl.com/contact/) for commercial support.\n\nChoose a build configuration based on the algorithms you need.\n\nThis gives you COSE Sign1 (ES256/384/512) and Encrypt0 (AES-GCM):\n\n```\ncd wolfssl\n./autogen.sh\n./configure --enable-ecc --enable-aesgcm \\\n            --enable-sha384 --enable-sha512 --enable-keygen\nmake && sudo make install\nsudo ldconfig\n```\n\n**Algorithms enabled:** ES256, ES384, ES512, AES-GCM-128/192/256\n\nFor pure post-quantum signing with ML-DSA-44/65/87:\n\n```\ncd wolfssl\n./autogen.sh\n./configure --enable-cryptonly --enable-dilithium\nmake && sudo make install\nsudo ldconfig\n```\n\n**Algorithms enabled:** ML-DSA-44, ML-DSA-65, ML-DSA-87\n(SHAKE-128/256 are pulled in automatically by `--enable-dilithium`\n\n.)\n\n```\ncd wolfssl\n./autogen.sh\n./configure --enable-ecc --enable-ed25519 --enable-ed448 \\\n            --enable-curve25519 --enable-aesgcm --enable-aesccm \\\n            --enable-sha384 --enable-sha512 --enable-keygen \\\n            --enable-rsapss --enable-chacha --enable-poly1305 \\\n            --enable-dilithium --enable-hkdf --enable-aeskeywrap\nmake && sudo make install\nsudo ldconfig\n# Core library (libwolfcose.a)\nmake\n\n# Run unit tests\nmake test\n\n# Build and run CLI tool round-trip tests (all algorithms)\nmake tool-test\n\n# Run lifecycle demo (11 algorithms)\nmake demo\n```\n\n| Target | Description |\n|---|---|\n`make all` |\nBuild `libwolfcose.a` (core library only) |\n`make shared` |\nBuild `libwolfcose.so` |\n`make test` |\nBuild + run CBOR and COSE unit tests |\n`make tool` |\nBuild CLI tool (`tools/wolfcose_tool` ) |\n`make tool-test` |\nRound-trip self-test for all 17 algorithms |\n`make demo` |\nBuild + run lifecycle demo (11 algorithms) |\n`make clean` |\nRemove all build artifacts |\n\nSee `examples/`\n\nfor complete working code:\n\n`sign1_demo.c`\n\n,`encrypt0_demo.c`\n\n,`mac0_demo.c`\n\n: algorithm demos`lifecycle_demo.c`\n\n: full edge-to-cloud workflow`comprehensive/`\n\n: algorithm matrix tests`scenarios/`\n\n: firmware signing, attestation, fleet config\n\nRuns on every push and PR:\n\n**Build + Test**: Ubuntu, macOS, GCC 10-14, Clang 14-18** Comprehensive Tests**: ~240 algorithm combination tests** Static Analysis**: cppcheck, Clang analyzer, GCC`-fanalyzer`\n\n**MISRA C 2012**: cppcheck`--addon=misra`\n\nchecking all wolfCOSE code paths**MISRA C 2023**: strict GCC warnings and clang-tidy (`bugprone-*`\n\n,`cert-*`\n\n,`clang-analyzer-*`\n\n,`misc-*`\n\n)**Coverity Scan**: nightly defect analysis** Advanced Internal Static Analysis:**Fenrir wolfssl advanced static analysis tools** Code Coverage**: 99.3% for wolfcose.c, 100% for wolfcose_cbor.c\n\n```\nmake coverage                  # Run tests with gcov\nmake coverage-force-failure    # Include crypto failure path testing\n```\n\nFull documentation is available in the [Wiki](https://github.com/aidangarske/wolfCOSE/wiki):\n\n[Getting Started](https://github.com/aidangarske/wolfCOSE/wiki/Getting-Started): Build instructions and first steps[Message Types](https://github.com/aidangarske/wolfCOSE/wiki/Message-Types): All six RFC 9052 messages (Sign1, Sign, Encrypt0, Encrypt, Mac0, Mac) with code samples[Algorithms](https://github.com/aidangarske/wolfCOSE/wiki/Algorithms): Complete list of 40 supported algorithms with COSE IDs[API Reference](https://github.com/aidangarske/wolfCOSE/wiki/API-Reference): Function signatures, data structures, error codes[Macros](https://github.com/aidangarske/wolfCOSE/wiki/Macros): Compile-time configuration options[Testing](https://github.com/aidangarske/wolfCOSE/wiki/Testing): Test infrastructure, coverage, and failure injection[MISRA Compliance](https://github.com/aidangarske/wolfCOSE/wiki/MISRA-Compliance): MISRA C:2012 and C:2023 compliance status and deviation rationale[Project Structure](https://github.com/aidangarske/wolfCOSE/wiki/Project-Structure): Source file layout\n\nBlogs and update can be found here:\n\nwolfCOSE is free software licensed under the [GPLv3](https://www.gnu.org/licenses/gpl-3.0.html).\n\nCopyright (C) 2026 wolfSSL Inc.\n\nNote:While wolfCOSE is currently maintained by wolfSSL developers, it is not yet classified as an officially supported product. It was designed from the ground up to meet the same quality standards as the rest of the wolfSSL suite with future adoption in mind. We are eager to transition this to a fully supported product as demand grows; if your organization requires official support or has specific feature requirements or you just have general questions or guidance with product, please reach out.\n\nFor commercial licensing, professional support contracts, or to discuss moving wolfCOSE into your production environment, contact [wolfSSL](https://www.wolfssl.com/contact/).", "url": "https://wpnews.pro/news/wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack", "canonical_source": "https://github.com/wolfSSL/wolfCOSE", "published_at": "2026-05-30 20:42:28+00:00", "updated_at": "2026-05-30 21:17:15.047258+00:00", "lang": "en", "topics": ["ai-products", "ai-tools", "ai-infrastructure"], "entities": ["wolfSSL", "wolfCOSE", "RFC 8949", "RFC 9052", "RFC 9053", "ML-DSA", "Dilithium", "wolfCrypt"], "alternates": {"html": "https://wpnews.pro/news/wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack", "markdown": "https://wpnews.pro/news/wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack.md", "text": "https://wpnews.pro/news/wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack.txt", "jsonld": "https://wpnews.pro/news/wolfssl-releases-a-new-product-wolfcose-a-zero-alloc-c-embbedded-cose-stack.jsonld"}}