Implementing FIPS 140-3 Cryptography in WireGuard

At SafeLogic, we are committed to partnering with customers to deliver secure, validated cryptographic modules that meet FIPS 140-3 requirements. In this article, we’ll showcase a recent project involving the implementation of CryptoComply Go into WireGuard Go.

Why WireGuard Go?

 WireGuard is a modern VPN designed around simplicity, speed, and security; WireGuard Go is an implementation of this protocol written in Go. The original WireGuard, written in C, is a kernel space module, which introduces certain limitations:

• Shipped as a kernel module, this implementation is tightly coupled to the host OS which introduces kernel dependency
• Requires root access, restricting use in unprivileged environments where loading kernel modules is restricted, such as containers
• Limited cryptographic flexibility as algorithms are tied to kernel code

 Enter WireGuard Go which is written to work in the user space, providing easier integration, better management, and improved portability.

Under the hood, WireGuard utilizes the following:

• Poly1305: A hashing function to perform one-message authentication, also known as a MAC. This primitive provides packet integrity, guaranteeing that a packet received is exactly the packet that was sent
• ChaCha20: A stream cipher designed for improve performance and security. Combined with Poly1305, the resulting ChaCha20-Poly1305 provides the authenticated encryption algorithm used in WireGuard
• Curve25519: An elliptic curve designed for Elliptic-curve Diffie-Hellman (ECDH). Curve25519 provides an efficient, secure key agreement schema
• BLAKE2s: A cryptographic hash family utilized to provides key derivation function (KDF) using HKDF(HMAC-BLAKE2s), hashing with BLAKE2s, and BLAKE2s-128 supplies the MAC.

So, What’s the Problem?

Any reader who is already familiar with these cryptographic primitives will recognize that they are popular for their efficiency, speed, and security; these exact qualities make these primitives ideal for a modern VPN solution such as WireGuard. However, the drawback to all these cryptographic primitives is that they are not validated for FIPS 140-3. This presents a unique challenge to organizations that already utilize WireGuard but have intentions of deploying to a regulated environment.

How Does SafeLogic Solve this Problem?

To modify WireGuard to meet FIPS 140-3 compliance, the following had to occur:

1. Replace WireGuard’s default cryptographic primitives with FIPS 140-3 approved primitives
2. Implement CryptoComply Go to provide the cryptographic primitives

Let’s start with replacing the cryptographic primitives. As previously mentioned, we have four primitives that need to be swapped to ensure compliance:

• Poly1305: This primitive’s role is split – standalone hashing capability is augmented with SHA-256, while AES-GCM utilizes GHASH to provide packet integrity.
• ChaCha20: AES-GCM is the go-to FIPS approved replacement for authenticated encryption. The tag remains 16 bytes, preserving packet tag overhead, and the Noise construction string is updated to reflect the new algorithms, preventing interoperability with standard WireGuard.
• Curve25519: ECDH key agreement is now utilizing ECC P-256, preserving performance and interoperability because of its wide adoption.
• BLAKE2s: In order to achieve the hash/KDF/MAC stack that BLAKE2s provides, the SHA-256 hash family supplies: HKDF(HMAC-SHA-256) for key derivation, HMAC-SHA-256 for message authentication, and of course SHA-256 provides hashing.

But changing the cryptographic primitives in WireGuard’s source code is not enough to satisfy our requirement. These primitives need to come from a certified source: enter CryptoComply Go. CryptoComply Go is SafeLogic’s FIPS 140-3 validated cryptographic module, designed specifically for Go applications. Oh, and would you look at that, WireGuard is a Go application! With CryptoComply Go’s drop-in compatibility, we can ensure the changes implemented in the previous step utilize a validated source, enabling WireGuard to meet FIPS compliance standards.

Unlike JVM’s pluggable JCE providers, Go’s standard library has no provider layer, meaning providers cannot be swapped at runtime or configuration. CryptoComply Go works by providing an alternative Go build that offers FIPS 140-3 approved cryptographic primitives to the library, allowing applications, such as WireGuard Go, to be rebuilt against this new provider.

Conclusion

By bringing CryptoComply Go into WireGuard Go, SafeLogic is able to close the gap between a modern, high-performance VPN and the strict requirements of FIPS 140-3. Swapping WireGuard’s default primitives for approved alternatives and rebuilding against a validated Go toolchain, CryptoComply Go, the protocol’s simplicity and speed are preserved while enabling deployment in regulated environments. The result is a user space implementation that’s portable across platforms, easier to operate, and backed by a certified cryptographic foundation.