wolfCOSE is an open‑source C library that implements the complete COSE message set on top of wolfSSL, offering post‑quantum signatures and a tiny footprint. The release is technically solid, but its practical impact depends on integration effort, licensing constraints, and the maturity of the post‑quantum APIs.
What the announcement claims
The wolfSSL team has opened the source for wolfCOSE, a C library that implements CBOR (RFC 8949) and the full COSE suite (RFC 9052/9053). The marketing copy highlights:
- Support for all six COSE message types, including multi‑signer and multi‑recipient variants.
- A post‑quantum signing path based on ML‑DSA (Dilithium) at three security levels.
- A binary size as low as 7.5 KB for a minimal build and 25.6 KB for the full feature set, with zero dynamic allocation.
- Compatibility with FIPS 140‑3 via the wolfCrypt backend, and compliance checks for DO‑178 and MISRA C.
- A test harness that covers 240 algorithm combinations and reports >99 % code coverage.
The press release positions the library as “fast, portable, and lightweight” and suggests it is ready for production‑grade IoT firmware, secure boot, and over‑the‑air updates.
What is actually new
A complete COSE implementation in C
Most existing COSE libraries target higher‑level languages (Python, Java) or focus on a subset of the spec. wolfCOSE provides C‑level bindings for every message type defined in RFC 9052:
| Message | API function (example) |
|---|---|
| COSE_Sign1 | wc_CoseSign1_Sign / wc_CoseSign1_Verify |
| COSE_Sign | wc_CoseSign_Sign / wc_CoseSign_Verify |
| COSE_Encrypt0 | wc_CoseEncrypt0_Encrypt / wc_CoseEncrypt0_Decrypt |
| COSE_Encrypt | wc_CoseEncrypt_Encrypt / wc_CoseEncrypt_Decrypt |
| COSE_Mac0 | wc_CoseMac0_Create / wc_CoseMac0_Verify |
| COSE_Mac | wc_CoseMac_Create / wc_CoseMac_Verify |
The API mirrors the structure of the RFC, making it straightforward to map a spec‑level description to code.
Post‑quantum signing integrated with the same code path
The library ships with ML‑DSA‑44/65/87 support, enabled by the underlying wolfSSL 5.8+ release that added the wc_dilithium_* context‑aware APIs. This means a developer can compile a binary that offers both classic ECDSA/EdDSA and Dilithium signatures without pulling in a separate crypto stack.
Zero‑heap design
All operations require the caller to allocate buffers for inputs, outputs, and intermediate data. The library never calls malloc internally, which is a strong guarantee for deterministic memory usage in constrained MCUs. The reported RAM usage—under 1 KB for a full COSE lifecycle (excluding the wolfCrypt buffers)—matches the numbers shown in the CI logs.
Build configurability
Three build profiles are documented:
- Minimal ECC + AES‑GCM – ~7.5 KB text size, useful for simple signed telemetry.
- Pure post‑quantum – enables only the Dilithium code path, reducing the binary to the algorithms needed for future‑proof signatures.
- Full feature set – pulls in ECC, EdDSA, RSA‑PSS, ChaCha20‑Poly1305, AES‑CCM, key‑wrap, HKDF, etc.
The configure script lets developers toggle each algorithm group, which is essential for meeting certification size limits.
Testing and static analysis
Every push triggers a matrix that builds on Ubuntu and macOS with GCC 10‑14 and Clang 14‑18. The repository includes:
- ~240 algorithm‑combination unit tests.
- Full coverage reports (
gcov) showing 99.3 % line coverage for the core COSE code. - Automated runs of cppcheck, clang‑analyzer, and Coverity Scan (see
). - MISRA C:2012 and C:2023 checks, with deviation rationales documented in the wiki.
These artifacts give confidence that the codebase is not just a prototype.
Limitations and practical concerns
Licensing and commercial use
wolfCOSE is released under GPLv3. While the library itself is free, any downstream product that distributes the binary must either open‑source its own code under a compatible license or purchase a commercial license from wolfSSL. For many embedded OEMs, the licensing hurdle is the primary blocker, not the technical merits.
Dependency on wolfSSL version 5.8+
The post‑quantum APIs only exist in wolfSSL 5.8 and later. Projects locked to older wolfSSL releases will need to upgrade the entire TLS stack, which can be non‑trivial for certified devices that have already undergone security audits.
Limited documentation beyond the wiki
The repository contains a well‑structured wiki, but the main README is a dense list of build flags and API signatures. Newcomers may struggle to find a step‑by‑step tutorial that walks through a realistic use case such as secure firmware update signing, OTA payload encryption, and verification on a constrained MCU. The lack of a higher‑level example library means developers will spend additional time writing glue code.
Runtime overhead of post‑quantum signatures
ML‑DSA signatures are considerably larger (≈2 KB for the 44‑level) and slower to compute than ECDSA. The library does not provide benchmark numbers for typical MCU cores (e.g., Cortex‑M4 at 120 MHz). Without those figures, engineers cannot accurately assess whether the post‑quantum path fits within their latency or power budgets.
Certification pathways are indirect
wolfCOSE can be built with FIPS 140‑3‑compatible wolfCrypt, but the COSE layer itself is not a separate FIPS‑validated module. Organizations that require a fully validated stack will still need to perform their own validation effort for the COSE handling code.
Bottom line
wolfCOSE delivers a technically complete COSE implementation that respects the constraints of deeply embedded environments. Its zero‑heap design, configurable algorithm set, and post‑quantum signing are genuine advances over the few existing C libraries.
However, the GPLv3 license, the need to upgrade to a recent wolfSSL version, and the current scarcity of high‑level documentation mean that adoption will likely be limited to projects that already use wolfSSL or that are prepared to negotiate a commercial license. For those cases, the library offers a solid foundation for secure messaging, OTA updates, and device attestation without pulling in a heavyweight TLS stack.
Further reading
- Official repository – https://github.com/wolfSSL/wolfCOSE
- wolfSSL FIPS 140‑3 information – https://www.wolfssl.com/fips-140-3
- COSE specification (RFC 9052) – https://datatracker.ietf.org/doc/html/rfc9052
- Post‑quantum Dilithium details – https://pq-crystals.org/dilithium
{{IMAGE:2}}
Comments
Please log in or register to join the discussion