GitPedia
Home/wolfSSL/wolfCOSE/Changelog
wolfSSL

wolfSSL/wolfCOSE

A fast, portable, and lightweight COSE + CBOR implementation for embedded systems. Supports PQC, FIPS 140-3, DO-178, and MISRA C. Powered by wolfSSL.

1 Releases
Latest: today
wolfCOSE 1.0.0v1.0.0Latest
aidangarskeaidangarskeยทtodayยทJune 26, 2026
GitHub

๐Ÿ“ฆ What it does

  • All six COSE message types, single-actor and multi-actor: `COSE_Sign1`/`COSE_Sign`, `COSE_Encrypt0`/`COSE_Encrypt`, `COSE_Mac0`/`COSE_Mac` (includes multi-signer and multi-recipient).
  • Dependency-free CBOR engine (RFC 8949) with deterministic/preferred-encoding enforcement and strict decode (rejects non-preferred and trailing input).
  • COSE_Key / COSE_KeySet serialization for every supported key type, including full RFC 8230 RSA private keys.
  • Post-quantum signing: ML-DSA (FIPS 204) at all three levels, conformant to RFC 9964 using the AKP key type.

๐Ÿ“ฆ Why it is different

  • Zero dynamic allocation. Every operation uses caller-provided buffers. No heap, no `.data`, no `.bss`. Memory use is deterministic.
  • Tiny footprint. ES256 `COSE_Sign1` is about 5.1 KB verify-only and 6.8 KB sign+verify for the COSE + CBOR engine.
  • Lean by config. `WOLFCOSE_LEAN`, `WOLFCOSE_HAVE_*` gates, `WOLFCOSE_LEAN_VERIFY`, and a bounded-stack `WOLFCOSE_MIN_BUFFERS` profile. Verify-only ECC links against sign-disabled wolfCrypt.
  • Path to FIPS 140-3 through wolfCrypt FIPS Certificate #4718, the sole crypto dependency.

๐Ÿ“ฆ Algorithms (40, RFC 9053)

  • Signing: ES256/384/512, EdDSA (Ed25519/Ed448), PS256/384/512, ML-DSA-44/65/87
  • Encryption: AES-GCM (128/192/256), AES-CCM variants, ChaCha20-Poly1305
  • MAC: HMAC-SHA256/384/512, AES-MAC
  • Key distribution: Direct, AES Key Wrap, ECDH-ES + HKDF

๐Ÿ“ฆ What's in 1.0.0

  • COSE + algorithms: core algorithm set and CLI tooling (#1), full coverage and multi-party support (#10), RFC 9052/9053 message-path hardening (#30)
  • Post-quantum: RFC 9964 ML-DSA / AKP key type (#49), Dilithium to ML-DSA rename + latest-stable CI (#33)
  • RFC 8230 RSA keys: private-key round-trip (#46), dP/dQ + fixed-width `d` (#50), decode + length-guard + zeroize coverage (#48)
  • Lean / embedded: `WOLFCOSE_LEAN` gates (#42), lean verify + ML-DSA profiles (#43), bounded-stack + `WOLFCOSE_MIN_BUFFERS` (#38), verify-only ECC (#53)
  • Quality / security: MISRA checker (#16), CodeQL + Semgrep gates (#52), t_cose interop (#45), C99 conformance (#37), hardening (#55, #56, #40), Coverity fixes (#58)

๐Ÿ“ฆ Requirements

  • The GitHub-generated source archives are an automatic bundle. Official downloads are on the [wolfSSL download page](https://www.wolfssl.com/download/).
โ† Back to wolfCOSE wiki