Last week we put out a blog post sharing our integration of wolfCrypt into WireGuard. But did you know that we’ve already ported our FIPS 140-3 certified cryptographic engine into WireGuard GO, the official user space implementation of WireGuard in golang?
In cases where WireGuard’s functionality is desired, but a kernel isn’t available or installing a kernel-level VPN isn’t feasible, WireGuard GO offers a flexible solution.
And if you require FIPS compliance in your WireGuard GO deployments, our latest efforts make this possible. Using our golang wrapper go-wolfssl, we replaced WireGuard GO’s standard crypto (ChachaPoly, Curve25519, Blake2s) with our own FIPS certified algorithms (AES GCM, ECC P-256, SHA-256). One thing to note here is that FIPS-ified WireGuard GO end-points may only communicate with other FIPS-ified end-points. This is because the same set of algorithms would be required on both sides for interoperability.
Although the usual trade-off of WireGuard vs WireGuard GO is performance vs simplicity and flexibility, wolfCrypt’s ability to utilize hardware acceleration for AES and SHA can let you keep reaping WireGuard GO’s benefits without having to compromise on performance.
See the README here for instructions to get started using WireGuard GO with wolfCrypt.
Are you interested in WireGuard GO with wolfCrypt FIPS 140-3?
If you have questions about any of the above or need assistance, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now