WolfCOSE: Zero alloc, PQC, MISRA-C, FIPS 140-3 built with wolfCrypt
wolfCOSE is a lightweight C library that implements CBOR and COSE standards using wolfSSL as its cryptographic backend. It supports post-quantum cryptography, specifically ML-DSA at three security levels, and is designed for minimal memory usage with zero dynamic allocation. The library aims for compliance with FIPS 140-3 through its dependency on wolfCrypt, which holds FIPS certificate #4718.
- ▪wolfCOSE supports all six COSE message types, including multi-signer and multi-recipient variants.
- ▪It enables post-quantum signing using ML-DSA (Dilithium) at security levels 44, 65, and 87.
- ▪The library has a minimal footprint of 7.5 KB .text in a Sign1+ECC build and operates with less than 1 KB of RAM for the full COSE lifecycle.
- ▪wolfCOSE relies on wolfSSL as its crypto backend, requiring at least version v5.7.4 for full FIPS 204 ML-DSA support.
- ▪It includes comprehensive testing with static analysis, MISRA C compliance, and over 240 algorithm combination tests in CI.
- ▪Build configurations allow for minimal, post-quantum-only, or full algorithm support depending on use case.
Opening excerpt (first ~120 words) tap to expand
wolfCOSE wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) using wolfSSL as the crypto backend. Main Features Complete RFC 9052 message set: all six COSE message types, including multi-signer COSE_Sign and multi-recipient COSE_Encrypt / COSE_Mac Post-quantum signing: ML-DSA (Dilithium) at all three security levels 40 algorithms across signing, encryption, MAC, and key distribution Zero dynamic allocation: all operations use caller-provided buffers Tiny footprint: 7.5 KB .text minimal build (Sign1+ECC), 25.6 KB full (40 algorithms), zero .data/.bss Full COSE lifecycle in ~<1KB RAM (excluding wolfCrypt internals) Path to FIPS 140-3 via wolfCrypt FIPS Certificate #4718 (sole crypto dependency) Supported Algorithms Signing: ES256, ES384, ES512, EdDSA…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.