From 69d3f50ab645ad0ade1d67c66d2058b48bcf943b Mon Sep 17 00:00:00 2001
From: stratospher <44024636+stratospher@users.noreply.github.com>
Date: Thu, 6 Oct 2022 11:49:28 +0530
Subject: [PATCH] [test/crypto] Add HMAC-based Key Derivation Function (HKDF)

Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
---
 test/functional/test_framework/crypto/hkdf.py | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 test/functional/test_framework/crypto/hkdf.py

diff --git a/test/functional/test_framework/crypto/hkdf.py b/test/functional/test_framework/crypto/hkdf.py
new file mode 100644
index 00000000000..7e8958733c9
--- /dev/null
+++ b/test/functional/test_framework/crypto/hkdf.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+# Copyright (c) 2023 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+"""Test-only HKDF-SHA256 implementation
+
+It is designed for ease of understanding, not performance.
+
+WARNING: This code is slow and trivially vulnerable to side channel attacks. Do not use for
+anything but tests.
+"""
+
+import hashlib
+import hmac
+
+
+def hmac_sha256(key, data):
+    """Compute HMAC-SHA256 from specified byte arrays key and data."""
+    return hmac.new(key, data, hashlib.sha256).digest()
+
+
+def hkdf_sha256(length, ikm, salt, info):
+    """Derive a key using HKDF-SHA256."""
+    if len(salt) == 0:
+        salt = bytes([0] * 32)
+    prk = hmac_sha256(salt, ikm)
+    t = b""
+    okm = b""
+    for i in range((length + 32 - 1) // 32):
+        t = hmac_sha256(prk, t + info + bytes([i + 1]))
+        okm += t
+    return okm[:length]