Algorithms - aidangarske/wolfCOSE GitHub Wiki
Supported Algorithms
wolfCOSE supports 40 algorithms across signing, encryption, MAC, and key distribution. This page provides the complete list with COSE algorithm IDs and required wolfSSL compile-time guards. All algorithms are usable in both single-actor messages (Sign1/Encrypt0/Mac0) and multi-actor messages (Sign/Encrypt/Mac) — see Message Types for details.
COSE_Sign1 (Digital Signatures)
| Algorithm |
COSE ID |
wolfCrypt Guard |
Notes |
| ES256 |
-7 |
HAVE_ECC |
ECDSA with P-256 / SHA-256 |
| ES384 |
-35 |
HAVE_ECC |
ECDSA with P-384 / SHA-384 |
| ES512 |
-36 |
HAVE_ECC |
ECDSA with P-521 / SHA-512 |
| EdDSA (Ed25519) |
-8 |
HAVE_ED25519 |
Curve25519 |
| EdDSA (Ed448) |
-8 |
HAVE_ED448 |
Curve448 (Goldilocks) |
| PS256 |
-37 |
WC_RSA_PSS |
RSA-PSS with SHA-256 |
| PS384 |
-38 |
WC_RSA_PSS |
RSA-PSS with SHA-384 |
| PS512 |
-39 |
WC_RSA_PSS |
RSA-PSS with SHA-512 |
| ML-DSA-44 |
-48 |
HAVE_DILITHIUM |
Post-quantum (Dilithium) |
| ML-DSA-65 |
-49 |
HAVE_DILITHIUM |
Post-quantum (Dilithium) |
| ML-DSA-87 |
-50 |
HAVE_DILITHIUM |
Post-quantum (Dilithium) |
ML-DSA Signature Sizes
| Algorithm |
Signature Size |
Public Key Size |
| ML-DSA-44 |
2,420 bytes |
1,312 bytes |
| ML-DSA-65 |
3,293 bytes |
1,952 bytes |
| ML-DSA-87 |
4,595 bytes |
2,592 bytes |
COSE_Encrypt0 (Authenticated Encryption)
| Algorithm |
COSE ID |
wolfCrypt Guard |
Notes |
| A128GCM |
1 |
HAVE_AESGCM |
AES-GCM 128-bit |
| A192GCM |
2 |
HAVE_AESGCM |
AES-GCM 192-bit |
| A256GCM |
3 |
HAVE_AESGCM |
AES-GCM 256-bit |
| ChaCha20/Poly1305 |
24 |
HAVE_CHACHA && HAVE_POLY1305 |
256-bit, software-friendly |
| AES-CCM-16-64-128 |
10 |
HAVE_AESCCM |
128-bit key, 8-byte tag |
| AES-CCM-16-64-256 |
11 |
HAVE_AESCCM |
256-bit key, 8-byte tag |
| AES-CCM-64-64-128 |
12 |
HAVE_AESCCM |
128-bit key, 8-byte tag, short nonce |
| AES-CCM-64-64-256 |
13 |
HAVE_AESCCM |
256-bit key, 8-byte tag, short nonce |
| AES-CCM-16-128-128 |
30 |
HAVE_AESCCM |
128-bit key, 16-byte tag |
| AES-CCM-16-128-256 |
31 |
HAVE_AESCCM |
256-bit key, 16-byte tag |
| AES-CCM-64-128-128 |
32 |
HAVE_AESCCM |
128-bit key, 16-byte tag, short nonce |
| AES-CCM-64-128-256 |
33 |
HAVE_AESCCM |
256-bit key, 16-byte tag, short nonce |
AES-CCM Naming Convention
The AES-CCM algorithm names follow the pattern AES-CCM-{L}-{T}-{K}:
- L: Length field size (16 or 64 bits for nonce)
- T: Tag size (64 or 128 bits)
- K: Key size (128 or 256 bits)
COSE_Mac0 (Message Authentication)
| Algorithm |
COSE ID |
wolfCrypt Guard |
Notes |
| HMAC 256/256 |
5 |
!NO_HMAC |
SHA-256, 32-byte tag |
| HMAC 384/384 |
6 |
WOLFSSL_SHA384 |
SHA-384, 48-byte tag |
| HMAC 512/512 |
7 |
WOLFSSL_SHA512 |
SHA-512, 64-byte tag |
| AES-MAC-128/64 |
14 |
HAVE_AES_CBC |
128-bit key, 8-byte tag |
| AES-MAC-256/64 |
15 |
HAVE_AES_CBC |
256-bit key, 8-byte tag |
| AES-MAC-128/128 |
25 |
HAVE_AES_CBC |
128-bit key, 16-byte tag |
| AES-MAC-256/128 |
26 |
HAVE_AES_CBC |
256-bit key, 16-byte tag |
Key Distribution (Multi-Recipient)
Used with COSE_Encrypt and COSE_Mac for multi-recipient messages:
| Algorithm |
COSE ID |
wolfCrypt Guard |
Notes |
| Direct |
-6 |
always |
Pre-shared symmetric key |
| A128KW |
-3 |
HAVE_AES_KEYWRAP |
AES Key Wrap 128-bit |
| A192KW |
-4 |
HAVE_AES_KEYWRAP |
AES Key Wrap 192-bit |
| A256KW |
-5 |
HAVE_AES_KEYWRAP |
AES Key Wrap 256-bit |
| ECDH-ES+HKDF-256 |
-25 |
HAVE_ECC && HAVE_HKDF |
Ephemeral-Static ECDH |
| ECDH-ES+HKDF-512 |
-26 |
HAVE_ECC && HAVE_HKDF |
Ephemeral-Static ECDH |
| ECDH-SS+HKDF-256 |
-27 |
HAVE_ECC && HAVE_HKDF |
Static-Static ECDH |
| ECDH-SS+HKDF-512 |
-28 |
HAVE_ECC && HAVE_HKDF |
Static-Static ECDH |
| ECDH-ES+A128KW |
-29 |
HAVE_ECC && HAVE_HKDF && HAVE_AES_KEYWRAP |
ECDH + Key Wrap |
| ECDH-ES+A192KW |
-30 |
HAVE_ECC && HAVE_HKDF && HAVE_AES_KEYWRAP |
ECDH + Key Wrap |
| ECDH-ES+A256KW |
-31 |
HAVE_ECC && HAVE_HKDF && HAVE_AES_KEYWRAP |
ECDH + Key Wrap |
Key Types
| COSE kty |
Value |
Guard |
Algorithms |
| OKP |
1 |
HAVE_ED25519 / HAVE_ED448 / HAVE_DILITHIUM |
EdDSA, ML-DSA |
| EC2 |
2 |
HAVE_ECC |
ES256, ES384, ES512 |
| RSA |
3 |
WC_RSA_PSS |
PS256, PS384, PS512 |
| Symmetric |
4 |
always |
AES-GCM, AES-CCM, ChaCha20, HMAC |
Curves
| COSE crv |
Value |
Description |
| P-256 |
1 |
NIST P-256 (secp256r1) |
| P-384 |
2 |
NIST P-384 (secp384r1) |
| P-521 |
3 |
NIST P-521 (secp521r1) |
| Ed25519 |
6 |
Ed25519 for signatures |
| Ed448 |
7 |
Ed448 for signatures |
COSE Tags
| Tag |
Value |
Message Type |
| COSE_Encrypt0 |
16 |
Symmetric encryption (single key) |
| COSE_Mac0 |
17 |
Symmetric MAC (single key) |
| COSE_Sign1 |
18 |
Single signer signature |
| COSE_Encrypt |
96 |
Multi-recipient encryption |
| COSE_Mac |
97 |
Multi-recipient MAC |
| COSE_Sign |
98 |
Multi-signer signature |
Algorithm Constants in Code
wolfCOSE defines these constants in wolfcose.h:
/* Signature algorithms */
#define WOLFCOSE_ALG_ES256 (-7)
#define WOLFCOSE_ALG_ES384 (-35)
#define WOLFCOSE_ALG_ES512 (-36)
#define WOLFCOSE_ALG_EDDSA (-8)
#define WOLFCOSE_ALG_PS256 (-37)
#define WOLFCOSE_ALG_PS384 (-38)
#define WOLFCOSE_ALG_PS512 (-39)
#define WOLFCOSE_ALG_ML_DSA_44 (-48)
#define WOLFCOSE_ALG_ML_DSA_65 (-49)
#define WOLFCOSE_ALG_ML_DSA_87 (-50)
/* Encryption algorithms */
#define WOLFCOSE_ALG_A128GCM (1)
#define WOLFCOSE_ALG_A192GCM (2)
#define WOLFCOSE_ALG_A256GCM (3)
#define WOLFCOSE_ALG_CHACHA20_POLY1305 (24)
#define WOLFCOSE_ALG_AES_CCM_16_64_128 (10)
#define WOLFCOSE_ALG_AES_CCM_16_64_256 (11)
/* ... and more */
/* MAC algorithms */
#define WOLFCOSE_ALG_HMAC_256_256 (5)
#define WOLFCOSE_ALG_HMAC_384_384 (6)
#define WOLFCOSE_ALG_HMAC_512_512 (7)
#define WOLFCOSE_ALG_AES_MAC_128_64 (14)
/* ... and more */
/* Key distribution */
#define WOLFCOSE_ALG_DIRECT (-6)
#define WOLFCOSE_ALG_A128KW (-3)
#define WOLFCOSE_ALG_A192KW (-4)
#define WOLFCOSE_ALG_A256KW (-5)
#define WOLFCOSE_ALG_ECDH_ES_HKDF_256 (-25)
#define WOLFCOSE_ALG_ECDH_ES_HKDF_512 (-26)
/* Key types */
#define WOLFCOSE_KTY_OKP (1)
#define WOLFCOSE_KTY_EC2 (2)
#define WOLFCOSE_KTY_SYMMETRIC (4)
/* Curves */
#define WOLFCOSE_CRV_P256 (1)
#define WOLFCOSE_CRV_P384 (2)
#define WOLFCOSE_CRV_P521 (3)
#define WOLFCOSE_CRV_ED25519 (6)
#define WOLFCOSE_CRV_ED448 (7)
Roadmap
Future algorithm support planned:
| Algorithm |
Standard |
Description |
| ML-KEM |
FIPS 203 (Kyber) |
Post-quantum key encapsulation for COSE_Encrypt |
| XMSS / LMS |
NIST SP 800-208 |
Hash-based stateful signatures |
| SLH-DSA |
SPHINCS+ |
Stateless hash-based signatures |
See Also