diff --git a/src/se050_wireguard.c b/src/se050_wireguard.c
index 41211ec..3f510c5 100644
--- a/src/se050_wireguard.c
+++ b/src/se050_wireguard.c
@@ -132,11 +132,10 @@ int se050_wireguard_session_init(se050_wireguard_session_t *session,
     memcpy(session->chain_key, peer_public_key, WG_KEY_LEN);
     
     /* Initialize cookie state */
-    uint8_t cookie_hmac[32];
-    se050_hmac_blake2s(cookie_hmac, WG_COOKIE_MAGIC, sizeof(WG_COOKIE_MAGIC),
-                       private_key, WG_KEY_LEN);
-    memcpy(session->cookie_secret, cookie_hmac, 32);
-    memzero_explicit(cookie_hmac, 32);
+    /* WireGuard uses keyed BLAKE2s, not HMAC */
+    se050_blake2s_keyed(session->cookie_secret, 32, 
+                        WG_COOKIE_MAGIC, sizeof(WG_COOKIE_MAGIC),
+                        private_key, WG_KEY_LEN);
     
     return 0;
 }
@@ -346,9 +345,9 @@ int se050_wireguard_compute_mac1(se050_wireguard_session_t *session,
         return -1;
     }
     
-    se050_hmac_blake2s(mac1, session->peer_public_key, WG_KEY_LEN,
-                       packet, packet_len);
-    return 0;
+    /* WireGuard uses keyed BLAKE2s for MAC1 */
+    return se050_blake2s_keyed(mac1, 16, session->peer_public_key, WG_KEY_LEN,
+                               packet, packet_len);
 }
 
 int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
@@ -373,11 +372,12 @@ int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
     memcpy(data, packet, packet_len);
     memcpy(data + packet_len, mac1, WG_MAC1_SIZE);
     
-    se050_hmac_blake2s(mac2, session->cookie_secret, 32,
-                       data, packet_len + WG_MAC1_SIZE);
+    /* WireGuard uses keyed BLAKE2s for MAC2 */
+    int ret = se050_blake2s_keyed(mac2, 16, session->cookie_secret, 32,
+                                  data, packet_len + WG_MAC1_SIZE);
     
     memzero_explicit(data, sizeof(data));
-    return 0;
+    return ret;
 }
 
 /* =========================================================================