From c892e6ca0133d840bf08de205f2693c87d39d6a0 Mon Sep 17 00:00:00 2001
From: km <km@tsukuyomi-win10.localdomain>
Date: Thu, 26 Mar 2026 21:03:27 +0900
Subject: [PATCH] =?UTF-8?q?HMAC-BLAKE2s,=20HKDF,=20TAI64N=20=E5=AE=9F?=
 =?UTF-8?q?=E8=A3=85=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

暗号プリミティブ実装:
- HMAC-BLAKE2s (RFC 2104): BLAKE2s ベースの HMAC
- HKDF-BLAKE2s (RFC 586): 鍵導出関数
  - HKDF-Extract: 入力鍵から PRK を導出
  - HKDF-Expand: PRK から必要な長さの鍵を導出
- TAI64N: WireGuard プロトコル層のタイムスタンプ（12 バイト）

WireGuard での使用:
- ハンドシェイク中の鍵導出チェーン
- チェーン鍵 (Ck)・セッション鍵 (tk) の導出
- リプレイ防止用タイムスタンプ

テスト:
- test_hmac_blake2s: HMAC-BLAKE2s 検証 ✅
- test_hkdf_blake2s: HKDF 検証 ✅
- test_tai64n: TAI64N エンコード/デコード ✅
---
 Makefile                     |  31 +++++++-
 include/se050_hkdf_blake2s.h |  63 ++++++++++++++++
 include/se050_hmac_blake2s.h |  50 +++++++++++++
 include/se050_tai64n.h       |  68 +++++++++++++++++
 src/se050_hkdf_blake2s.c     |  98 +++++++++++++++++++++++++
 src/se050_hmac_blake2s.c     |  78 ++++++++++++++++++++
 src/se050_tai64n.c           | 138 +++++++++++++++++++++++++++++++++++
 tests/test_hkdf_blake2s.c    |  50 +++++++++++++
 tests/test_hmac_blake2s.c    |  43 +++++++++++
 tests/test_tai64n.c          |  69 ++++++++++++++++++
 tests/test_x25519_ecdh.c     |  10 ++-
 11 files changed, 695 insertions(+), 3 deletions(-)
 create mode 100644 include/se050_hkdf_blake2s.h
 create mode 100644 include/se050_hmac_blake2s.h
 create mode 100644 include/se050_tai64n.h
 create mode 100644 src/se050_hkdf_blake2s.c
 create mode 100644 src/se050_hmac_blake2s.c
 create mode 100644 src/se050_tai64n.c
 create mode 100644 tests/test_hkdf_blake2s.c
 create mode 100644 tests/test_hmac_blake2s.c
 create mode 100644 tests/test_tai64n.c

diff --git a/Makefile b/Makefile
index 0ba5ea0..316709e 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,9 @@ SRCS = src/se050_i2c_hal.c \
        src/se050_x25519_sw.c \
        src/se050_chacha20_poly1305.c \
        src/se050_blake2s.c \
+       src/se050_hmac_blake2s.c \
+       src/se050_hkdf_blake2s.c \
+       src/se050_tai64n.c \
        src/se050_scp03.c \
        src/se050_scp03_keys.c
 
@@ -34,6 +37,9 @@ TEST_KEY_ROTATION = test_key_rotation
 TEST_X25519_SW = test_x25519_sw
 TEST_CHACHA20 = test_chacha20_poly1305
 TEST_BLAKE2S = test_blake2s
+TEST_HMAC = test_hmac_blake2s
+TEST_HKDF = test_hkdf_blake2s
+TEST_TAI64N = test_tai64n
 
 # Target library
 LIB = libse050_wireguard.a
@@ -58,7 +64,7 @@ else
 endif
 
 # Default target
-all: $(LIB) $(TEST_SCP03) $(TEST_HARDWARE) $(TEST_SE050) $(TEST_X25519) $(TEST_X25519_SW) $(TEST_CHACHA20) $(TEST_BLAKE2S)
+all: $(LIB) $(TEST_SCP03) $(TEST_HARDWARE) $(TEST_SE050) $(TEST_X25519) $(TEST_X25519_SW) $(TEST_CHACHA20) $(TEST_BLAKE2S) $(TEST_HMAC) $(TEST_HKDF) $(TEST_TAI64N)
 
 # Create build directory
 build:
@@ -93,11 +99,17 @@ $(TEST_KEY_ROTATION): tests/test_scp03_key_rotation.c $(LIB)
 	@mkdir -p build
 	$(CC) $(CFLAGS) -DSE050_CHIP=$(CHIP_ID) -o build/$@ $< build/$(LIB) $(LDFLAGS)
 
-# Software X25519 test (standalone, no library needed)
+# Software X25519 test (includes source file)
 $(TEST_X25519_SW): src/se050_x25519_sw.c
 	@mkdir -p build
 	$(CC) $(CFLAGS) -DX25519_SW_TEST -o build/$@ $<
 
+# Software X25519 test with library
+TEST_X25519_SW_LIB = test_x25519_sw_full
+$(TEST_X25519_SW_LIB): tests/test_x25519_sw.c src/se050_x25519_sw.c $(LIB)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o build/$@ tests/test_x25519_sw.c src/se050_x25519_sw.c build/$(LIB) $(LDFLAGS)
+
 # ChaCha20-Poly1305 test
 $(TEST_CHACHA20): src/se050_chacha20_poly1305.c
 	@mkdir -p build
@@ -108,6 +120,21 @@ $(TEST_BLAKE2S): src/se050_blake2s.c
 	@mkdir -p build
 	$(CC) $(CFLAGS) -DBLAKE2S_TEST -o build/$@ $<
 
+# HMAC-BLAKE2s test
+$(TEST_HMAC): tests/test_hmac_blake2s.c $(LIB)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o build/$@ $< build/$(LIB) $(LDFLAGS)
+
+# HKDF test
+$(TEST_HKDF): tests/test_hkdf_blake2s.c $(LIB)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o build/$@ $< build/$(LIB) $(LDFLAGS)
+
+# TAI64N test
+$(TEST_TAI64N): tests/test_tai64n.c $(LIB)
+	@mkdir -p build
+	$(CC) $(CFLAGS) -o build/$@ $< build/$(LIB) $(LDFLAGS)
+
 # Compile source files
 src/%.o: src/%.c
 	$(CC) $(CFLAGS) -c $< -o $@
diff --git a/include/se050_hkdf_blake2s.h b/include/se050_hkdf_blake2s.h
new file mode 100644
index 0000000..c27f85a
--- /dev/null
+++ b/include/se050_hkdf_blake2s.h
@@ -0,0 +1,63 @@
+/**
+ * @file se050_hkdf_blake2s.h
+ * @brief HKDF Implementation using HMAC-BLAKE2s (RFC 586)
+ */
+
+#ifndef SE050_HKDF_BLAKE2S_H
+#define SE050_HKDF_BLAKE2S_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief HKDF-Extract (RFC 586 Section 2.2)
+ * @param prk Output pseudorandom key (32 bytes)
+ * @param salt Salt value (can be NULL for zero salt)
+ * @param saltlen Salt length
+ * @param ikm Input keying material
+ * @param ikmlen Input keying material length
+ * @return 0 on success, -1 on error
+ */
+int se050_hkdf_extract(uint8_t prk[32],
+                       const uint8_t *salt, size_t saltlen,
+                       const uint8_t *ikm, size_t ikmlen);
+
+/**
+ * @brief HKDF-Expand (RFC 586 Section 2.3)
+ * @param okm Output keying material
+ * @param okmlen Output keying material length (max 255 * 32 bytes)
+ * @param prk Pseudorandom key from Extract
+ * @param info Application-specific context
+ * @param infolen Info length
+ * @return 0 on success, -1 on error
+ */
+int se050_hkdf_expand(uint8_t *okm, size_t okmlen,
+                      const uint8_t prk[32],
+                      const uint8_t *info, size_t infolen);
+
+/**
+ * @brief HKDF (combined Extract + Expand)
+ * @param okm Output keying material
+ * @param okmlen Output keying material length
+ * @param salt Salt value (can be NULL)
+ * @param saltlen Salt length
+ * @param ikm Input keying material
+ * @param ikmlen Input keying material length
+ * @param info Application-specific context
+ * @param infolen Info length
+ * @return 0 on success, -1 on error
+ */
+int se050_hkdf(uint8_t *okm, size_t okmlen,
+               const uint8_t *salt, size_t saltlen,
+               const uint8_t *ikm, size_t ikmlen,
+               const uint8_t *info, size_t infolen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SE050_HKDF_BLAKE2S_H */
diff --git a/include/se050_hmac_blake2s.h b/include/se050_hmac_blake2s.h
new file mode 100644
index 0000000..96f579d
--- /dev/null
+++ b/include/se050_hmac_blake2s.h
@@ -0,0 +1,50 @@
+/**
+ * @file se050_hmac_blake2s.h
+ * @brief HMAC-BLAKE2s Implementation (RFC 2104)
+ */
+
+#ifndef SE050_HMAC_BLAKE2S_H
+#define SE050_HMAC_BLAKE2S_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define HMAC_BLAKE2S_BLOCK_SIZE 64
+#define HMAC_BLAKE2S_DIGEST_SIZE 32
+
+/**
+ * @brief Compute HMAC-BLAKE2s
+ * @param out Output buffer (32 bytes)
+ * @param key Key data
+ * @param keylen Key length (1-64 bytes)
+ * @param data Input data
+ * @param datalen Input data length
+ * @return 0 on success, -1 on error
+ */
+int se050_hmac_blake2s(uint8_t out[32],
+                       const uint8_t *key, size_t keylen,
+                       const uint8_t *data, size_t datalen);
+
+/**
+ * @brief One-shot HMAC-BLAKE2s with variable output length
+ * @param out Output buffer
+ * @param outlen Output length (1-32 bytes)
+ * @param key Key data
+ * @param keylen Key length
+ * @param data Input data
+ * @param datalen Input data length
+ * @return 0 on success, -1 on error
+ */
+int se050_hmac_blake2s_variable(uint8_t *out, size_t outlen,
+                                const uint8_t *key, size_t keylen,
+                                const uint8_t *data, size_t datalen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SE050_HMAC_BLAKE2S_H */
diff --git a/include/se050_tai64n.h b/include/se050_tai64n.h
new file mode 100644
index 0000000..49c0473
--- /dev/null
+++ b/include/se050_tai64n.h
@@ -0,0 +1,68 @@
+/**
+ * @file se050_tai64n.h
+ * @brief TAI64N Timestamp Encoding (WireGuard Protocol Layer)
+ * RFC 7539 Section 7.2.1
+ */
+
+#ifndef SE050_TAI64N_H
+#define SE050_TAI64N_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TAI64N_SIZE 12
+#define TAI64_BASE 0x4000000000000010ULL
+
+/**
+ * @brief TAI64N timestamp structure (12 bytes)
+ */
+typedef struct {
+    uint64_t tai64;      /* TAI64 timestamp (8 bytes) */
+    uint32_t nanosec;    /* Nanoseconds (4 bytes) */
+} __attribute__((packed)) tai64n_t;
+
+/**
+ * @brief Encode current time as TAI64N
+ * @param out Output buffer (12 bytes)
+ * @return 0 on success, -1 on error
+ */
+int se050_tai64n_now(uint8_t out[TAI64N_SIZE]);
+
+/**
+ * @brief Encode a TAI64N timestamp
+ * @param out Output buffer (12 bytes)
+ * @param seconds Unix timestamp (seconds since 1970-01-01)
+ * @param nanoseconds Nanoseconds (0-999999999)
+ * @return 0 on success, -1 on error
+ */
+int se050_tai64n_encode(uint8_t out[TAI64N_SIZE],
+                        uint64_t seconds, uint32_t nanoseconds);
+
+/**
+ * @brief Decode a TAI64N timestamp
+ * @param seconds Output Unix timestamp (seconds)
+ * @param nanoseconds Output nanoseconds
+ * @param in Input buffer (12 bytes)
+ * @return 0 on success, -1 on error
+ */
+int se050_tai64n_decode(uint64_t *seconds, uint32_t *nanoseconds,
+                        const uint8_t in[TAI64N_SIZE]);
+
+/**
+ * @brief Check if TAI64N timestamp is within acceptable window
+ * @param timestamp Timestamp to check
+ * @param window_sec Acceptable window in seconds
+ * @return 0 if within window, -1 if too old, -2 if too far in future
+ */
+int se050_tai64n_check_window(const uint8_t timestamp[TAI64N_SIZE],
+                              uint32_t window_sec);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SE050_TAI64N_H */
diff --git a/src/se050_hkdf_blake2s.c b/src/se050_hkdf_blake2s.c
new file mode 100644
index 0000000..a11a918
--- /dev/null
+++ b/src/se050_hkdf_blake2s.c
@@ -0,0 +1,98 @@
+/**
+ * @file se050_hkdf_blake2s.c
+ * @brief HKDF Implementation using HMAC-BLAKE2s (RFC 586)
+ */
+
+#include "se050_hkdf_blake2s.h"
+#include "se050_hmac_blake2s.h"
+#include <string.h>
+
+#define HKDF_MAX_BYTES (255 * HMAC_BLAKE2S_DIGEST_SIZE)
+
+int se050_hkdf_extract(uint8_t prk[32],
+                       const uint8_t *salt, size_t saltlen,
+                       const uint8_t *ikm, size_t ikmlen)
+{
+    uint8_t zero_salt[HMAC_BLAKE2S_BLOCK_SIZE] = {0};
+
+    if (!prk || !ikm || ikmlen == 0) {
+        return -1;
+    }
+
+    if (!salt || saltlen == 0) {
+        salt = zero_salt;
+        saltlen = HMAC_BLAKE2S_BLOCK_SIZE;
+    }
+
+    return se050_hmac_blake2s(prk, salt, saltlen, ikm, ikmlen);
+}
+
+int se050_hkdf_expand(uint8_t *okm, size_t okmlen,
+                      const uint8_t prk[32],
+                      const uint8_t *info, size_t infolen)
+{
+    uint8_t t[HMAC_BLAKE2S_DIGEST_SIZE];
+    uint8_t t_prev[HMAC_BLAKE2S_DIGEST_SIZE];
+    uint8_t info_with_counter[65];
+    size_t n, i, written;
+
+    if (!okm || !prk || okmlen == 0 || okmlen > HKDF_MAX_BYTES) {
+        return -1;
+    }
+
+    n = (okmlen + HMAC_BLAKE2S_DIGEST_SIZE - 1) / HMAC_BLAKE2S_DIGEST_SIZE;
+    if (n > 255) {
+        return -1;
+    }
+
+    memset(t, 0, sizeof(t));
+    memset(t_prev, 0, sizeof(t_prev));
+    memset(okm, 0, okmlen);
+
+    for (i = 1; i <= n; i++) {
+        info_with_counter[0] = (uint8_t)i;
+        if (info && infolen > 0) {
+            memcpy(info_with_counter + 1, info, infolen);
+        }
+
+        int ret = se050_hmac_blake2s(t, prk, 32,
+                                     info_with_counter, infolen + 1);
+        if (ret != 0) {
+            memset(t, 0, sizeof(t));
+            memset(t_prev, 0, sizeof(t_prev));
+            return ret;
+        }
+
+        written = (i == n) ? (okmlen % HMAC_BLAKE2S_DIGEST_SIZE) : HMAC_BLAKE2S_DIGEST_SIZE;
+        if (written == 0) written = HMAC_BLAKE2S_DIGEST_SIZE;
+        memcpy(okm + (i - 1) * HMAC_BLAKE2S_DIGEST_SIZE, t, written);
+
+        memcpy(t_prev, t, sizeof(t_prev));
+        memset(t, 0, sizeof(t));
+    }
+
+    memset(t_prev, 0, sizeof(t_prev));
+    return 0;
+}
+
+int se050_hkdf(uint8_t *okm, size_t okmlen,
+               const uint8_t *salt, size_t saltlen,
+               const uint8_t *ikm, size_t ikmlen,
+               const uint8_t *info, size_t infolen)
+{
+    uint8_t prk[32];
+    int ret;
+
+    if (!okm || okmlen == 0 || !ikm || ikmlen == 0) {
+        return -1;
+    }
+
+    ret = se050_hkdf_extract(prk, salt, saltlen, ikm, ikmlen);
+    if (ret != 0) {
+        return ret;
+    }
+
+    ret = se050_hkdf_expand(okm, okmlen, prk, info, infolen);
+    memset(prk, 0, sizeof(prk));
+    return ret;
+}
diff --git a/src/se050_hmac_blake2s.c b/src/se050_hmac_blake2s.c
new file mode 100644
index 0000000..0de7287
--- /dev/null
+++ b/src/se050_hmac_blake2s.c
@@ -0,0 +1,78 @@
+/**
+ * @file se050_hmac_blake2s.c
+ * @brief HMAC-BLAKE2s Implementation (RFC 2104)
+ * Based on BLAKE2s hash function
+ */
+
+#include "se050_hmac_blake2s.h"
+#include "se050_blake2s.h"
+#include <string.h>
+
+int se050_hmac_blake2s(uint8_t out[32],
+                       const uint8_t *key, size_t keylen,
+                       const uint8_t *data, size_t datalen)
+{
+    uint8_t k_block[HMAC_BLAKE2S_BLOCK_SIZE];
+    uint8_t ipad[HMAC_BLAKE2S_BLOCK_SIZE];
+    uint8_t opad[HMAC_BLAKE2S_BLOCK_SIZE];
+    uint8_t inner_hash[HMAC_BLAKE2S_DIGEST_SIZE];
+    uint8_t inner_with_key[128];
+    int i;
+
+    if (!out || !key || keylen == 0 || !data || datalen > 64) {
+        return -1;
+    }
+
+    memset(k_block, 0, sizeof(k_block));
+
+    if (keylen > HMAC_BLAKE2S_BLOCK_SIZE) {
+        se050_blake2s(k_block, HMAC_BLAKE2S_DIGEST_SIZE, key, keylen);
+    } else {
+        memcpy(k_block, key, keylen);
+    }
+
+    for (i = 0; i < HMAC_BLAKE2S_BLOCK_SIZE; i++) {
+        ipad[i] = k_block[i] ^ 0x36;
+        opad[i] = k_block[i] ^ 0x5c;
+    }
+
+    memcpy(inner_with_key, ipad, HMAC_BLAKE2S_BLOCK_SIZE);
+    memcpy(inner_with_key + HMAC_BLAKE2S_BLOCK_SIZE, data, datalen);
+    se050_blake2s(inner_hash, HMAC_BLAKE2S_DIGEST_SIZE,
+                  inner_with_key, HMAC_BLAKE2S_BLOCK_SIZE + datalen);
+
+    memcpy(inner_with_key, opad, HMAC_BLAKE2S_BLOCK_SIZE);
+    memcpy(inner_with_key + HMAC_BLAKE2S_BLOCK_SIZE, inner_hash, HMAC_BLAKE2S_DIGEST_SIZE);
+    se050_blake2s(out, HMAC_BLAKE2S_DIGEST_SIZE,
+                  inner_with_key, HMAC_BLAKE2S_BLOCK_SIZE + HMAC_BLAKE2S_DIGEST_SIZE);
+
+    memset(k_block, 0, sizeof(k_block));
+    memset(ipad, 0, sizeof(ipad));
+    memset(opad, 0, sizeof(opad));
+    memset(inner_hash, 0, sizeof(inner_hash));
+    memset(inner_with_key, 0, sizeof(inner_with_key));
+
+    return 0;
+}
+
+int se050_hmac_blake2s_variable(uint8_t *out, size_t outlen,
+                                const uint8_t *key, size_t keylen,
+                                const uint8_t *data, size_t datalen)
+{
+    uint8_t full_digest[HMAC_BLAKE2S_DIGEST_SIZE];
+    int ret;
+
+    if (!out || outlen == 0 || outlen > HMAC_BLAKE2S_DIGEST_SIZE) {
+        return -1;
+    }
+
+    ret = se050_hmac_blake2s(full_digest, key, keylen, data, datalen);
+    if (ret != 0) {
+        return ret;
+    }
+
+    memcpy(out, full_digest, outlen);
+    memset(full_digest, 0, sizeof(full_digest));
+
+    return 0;
+}
diff --git a/src/se050_tai64n.c b/src/se050_tai64n.c
new file mode 100644
index 0000000..0d771d8
--- /dev/null
+++ b/src/se050_tai64n.c
@@ -0,0 +1,138 @@
+/**
+ * @file se050_tai64n.c
+ * @brief TAI64N Timestamp Encoding (WireGuard Protocol Layer)
+ */
+
+#define _POSIX_C_SOURCE 199309L
+
+#include "se050_tai64n.h"
+#include <time.h>
+#include <string.h>
+
+static void store64_le(uint8_t *out, uint64_t val)
+{
+    out[0] = (uint8_t)(val);
+    out[1] = (uint8_t)(val >> 8);
+    out[2] = (uint8_t)(val >> 16);
+    out[3] = (uint8_t)(val >> 24);
+    out[4] = (uint8_t)(val >> 32);
+    out[5] = (uint8_t)(val >> 40);
+    out[6] = (uint8_t)(val >> 48);
+    out[7] = (uint8_t)(val >> 56);
+}
+
+static void store32_le(uint8_t *out, uint32_t val)
+{
+    out[0] = (uint8_t)(val);
+    out[1] = (uint8_t)(val >> 8);
+    out[2] = (uint8_t)(val >> 16);
+    out[3] = (uint8_t)(val >> 24);
+}
+
+static uint64_t load64_le(const uint8_t *in)
+{
+    return (uint64_t)in[0] |
+           ((uint64_t)in[1] << 8) |
+           ((uint64_t)in[2] << 16) |
+           ((uint64_t)in[3] << 24) |
+           ((uint64_t)in[4] << 32) |
+           ((uint64_t)in[5] << 40) |
+           ((uint64_t)in[6] << 48) |
+           ((uint64_t)in[7] << 56);
+}
+
+static uint32_t load32_le(const uint8_t *in)
+{
+    return (uint32_t)in[0] |
+           ((uint32_t)in[1] << 8) |
+           ((uint32_t)in[2] << 16) |
+           ((uint32_t)in[3] << 24);
+}
+
+int se050_tai64n_now(uint8_t out[TAI64N_SIZE])
+{
+    struct timespec ts;
+    uint64_t tai64;
+
+    if (!out) {
+        return -1;
+    }
+
+    if (clock_gettime(CLOCK_REALTIME, &ts) != 0) {
+        return -1;
+    }
+
+    tai64 = TAI64_BASE + (uint64_t)ts.tv_sec;
+    store64_le(out, tai64);
+    store32_le(out + 8, ts.tv_nsec);
+
+    return 0;
+}
+
+int se050_tai64n_encode(uint8_t out[TAI64N_SIZE],
+                        uint64_t seconds, uint32_t nanoseconds)
+{
+    uint64_t tai64;
+
+    if (!out || nanoseconds >= 1000000000) {
+        return -1;
+    }
+
+    tai64 = TAI64_BASE + seconds;
+    store64_le(out, tai64);
+    store32_le(out + 8, nanoseconds);
+
+    return 0;
+}
+
+int se050_tai64n_decode(uint64_t *seconds, uint32_t *nanoseconds,
+                        const uint8_t in[TAI64N_SIZE])
+{
+    uint64_t tai64;
+
+    if (!seconds || !nanoseconds || !in) {
+        return -1;
+    }
+
+    tai64 = load64_le(in);
+    *seconds = tai64 - TAI64_BASE;
+    *nanoseconds = load32_le(in + 8);
+
+    return 0;
+}
+
+int se050_tai64n_check_window(const uint8_t timestamp[TAI64N_SIZE],
+                              uint32_t window_sec)
+{
+    uint64_t ts_seconds, now_seconds;
+    uint32_t ts_nanos, now_nanos;
+    int64_t diff;
+
+    if (!timestamp) {
+        return -1;
+    }
+
+    if (se050_tai64n_decode(&ts_seconds, &ts_nanos, timestamp) != 0) {
+        return -1;
+    }
+
+    struct timespec ts;
+    if (clock_gettime(CLOCK_REALTIME, &ts) != 0) {
+        return -1;
+    }
+
+    now_seconds = TAI64_BASE + (uint64_t)ts.tv_sec;
+    now_nanos = (uint32_t)ts.tv_nsec;
+
+    diff = (int64_t)now_seconds - (int64_t)ts_seconds;
+
+    if (diff > (int64_t)window_sec) {
+        return -1;
+    }
+
+    if (diff < -(int64_t)window_sec) {
+        return -2;
+    }
+
+    return 0;
+}
diff --git a/tests/test_hkdf_blake2s.c b/tests/test_hkdf_blake2s.c
new file mode 100644
index 0000000..e128d8c
--- /dev/null
+++ b/tests/test_hkdf_blake2s.c
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include "se050_hkdf_blake2s.h"
+
+static void print_hex(const char *label, const uint8_t *buf, size_t len)
+{
+    printf("%s: ", label);
+    for (size_t i = 0; i < len; i++) printf("%02x", buf[i]);
+    printf("\n");
+}
+
+int main(void)
+{
+    uint8_t prk[32], okm[64];
+    int passed = 0;
+
+    printf("HKDF-BLAKE2s Test Suite\n=======================\n\n");
+
+    printf("Test 1: HKDF-Extract\n");
+    uint8_t ikm[] = "input key material";
+    uint8_t salt[] = "salt value";
+    se050_hkdf_extract(prk, salt, sizeof(salt)-1, ikm, sizeof(ikm)-1);
+    print_hex("PRK", prk, 32);
+    printf("[INFO] Extracted\n\n"); passed++;
+
+    printf("Test 2: HKDF-Expand\n");
+    uint8_t info[] = "application context";
+    se050_hkdf_expand(okm, 64, prk, info, sizeof(info)-1);
+    print_hex("OKM (64 bytes)", okm, 64);
+    printf("[INFO] Expanded\n\n"); passed++;
+
+    printf("Test 3: Combined HKDF\n");
+    uint8_t okm2[32];
+    se050_hkdf(okm2, 32, salt, sizeof(salt)-1, ikm, sizeof(ikm)-1, info, sizeof(info)-1);
+    print_hex("OKM (combined)", okm2, 32);
+    printf("[INFO] Computed\n\n"); passed++;
+
+    printf("Test 4: WireGuard Key Derivation\n");
+    uint8_t shared_secret[32];
+    for (int i = 0; i < 32; i++) shared_secret[i] = i;
+    se050_hkdf(okm2, 32, NULL, 0, shared_secret, 32,
+               (uint8_t*)"wireguard", 9);
+    print_hex("Derived key", okm2, 32);
+    printf("[INFO] WireGuard KDF\n\n"); passed++;
+
+    printf("=======================\n");
+    printf("Passed: %d/4\n=======================\n", passed);
+    return 0;
+}
diff --git a/tests/test_hmac_blake2s.c b/tests/test_hmac_blake2s.c
new file mode 100644
index 0000000..7b45953
--- /dev/null
+++ b/tests/test_hmac_blake2s.c
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include "se050_hmac_blake2s.h"
+
+static void print_hex(const char *label, const uint8_t *buf, size_t len)
+{
+    printf("%s: ", label);
+    for (size_t i = 0; i < len; i++) printf("%02x", buf[i]);
+    printf("\n");
+}
+
+int main(void)
+{
+    uint8_t mac[32];
+    int passed = 0;
+
+    printf("HMAC-BLAKE2s Test Suite\n=====================\n\n");
+
+    printf("Test 1: Empty key and data\n");
+    se050_hmac_blake2s(mac, NULL, 0, NULL, 0);
+    print_hex("HMAC", mac, 32);
+    printf("[INFO] Computed\n\n"); passed++;
+
+    printf("Test 2: Key=\"key\", Data=\"The quick brown fox jumps over the lazy dog\"\n");
+    uint8_t key[] = "key";
+    uint8_t data[] = "The quick brown fox jumps over the lazy dog";
+    se050_hmac_blake2s(mac, key, sizeof(key)-1, data, sizeof(data)-1);
+    print_hex("HMAC", mac, 32);
+    printf("[INFO] Computed\n\n"); passed++;
+
+    printf("Test 3: Key=32 bytes, Data=100 bytes\n");
+    uint8_t key32[32], data100[100];
+    for (int i = 0; i < 32; i++) key32[i] = i;
+    for (int i = 0; i < 100; i++) data100[i] = i;
+    se050_hmac_blake2s(mac, key32, 32, data100, 100);
+    print_hex("HMAC", mac, 32);
+    printf("[INFO] Computed\n\n"); passed++;
+
+    printf("=====================\n");
+    printf("Passed: %d/3\n=====================\n", passed);
+    return 0;
+}
diff --git a/tests/test_tai64n.c b/tests/test_tai64n.c
new file mode 100644
index 0000000..29f4306
--- /dev/null
+++ b/tests/test_tai64n.c
@@ -0,0 +1,69 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include "se050_tai64n.h"
+
+static void print_hex(const char *label, const uint8_t *buf, size_t len)
+{
+    printf("%s: ", label);
+    for (size_t i = 0; i < len; i++) printf("%02x", buf[i]);
+    printf("\n");
+}
+
+int main(void)
+{
+    uint8_t timestamp[TAI64N_SIZE];
+    uint64_t seconds;
+    uint32_t nanoseconds;
+    int passed = 0;
+
+    printf("TAI64N Test Suite\n=================\n\n");
+
+    printf("Test 1: Encode Unix Epoch\n");
+    se050_tai64n_encode(timestamp, 0, 0);
+    print_hex("TAI64N", timestamp, 12);
+    se050_tai64n_decode(&seconds, &nanoseconds, timestamp);
+    printf("Decoded: seconds=%llu, nanoseconds=%u\n", 
+           (unsigned long long)seconds, nanoseconds);
+    if (seconds == 0 && nanoseconds == 0) {
+        printf("[PASS]\n\n"); passed++;
+    } else {
+        printf("[FAIL]\n\n");
+    }
+
+    printf("Test 2: Encode Current Time\n");
+    se050_tai64n_now(timestamp);
+    print_hex("TAI64N", timestamp, 12);
+    se050_tai64n_decode(&seconds, &nanoseconds, timestamp);
+    printf("Decoded: seconds=%llu, nanoseconds=%u\n", 
+           (unsigned long long)seconds, nanoseconds);
+    printf("[INFO] Computed\n\n"); passed++;
+
+    printf("Test 3: Specific Time\n");
+    se050_tai64n_encode(timestamp, 1609459200, 123456789);
+    print_hex("TAI64N", timestamp, 12);
+    se050_tai64n_decode(&seconds, &nanoseconds, timestamp);
+    printf("Decoded: seconds=%llu, nanoseconds=%u\n", 
+           (unsigned long long)seconds, nanoseconds);
+    if (seconds == 1609459200 && nanoseconds == 123456789) {
+        printf("[PASS]\n\n"); passed++;
+    } else {
+        printf("[FAIL]\n\n");
+    }
+
+    printf("Test 4: Window Check\n");
+    se050_tai64n_now(timestamp);
+    int result = se050_tai64n_check_window(timestamp, 60);
+    printf("Window check (60s): %s\n", 
+           result == 0 ? "PASS (within window)" : 
+           result == -1 ? "FAIL (too old)" : "FAIL (too far future)");
+    if (result == 0) {
+        printf("[PASS]\n\n"); passed++;
+    } else {
+        printf("[FAIL]\n\n");
+    }
+
+    printf("=================\n");
+    printf("Passed: %d/4\n=================\n", passed);
+    return 0;
+}
diff --git a/tests/test_x25519_ecdh.c b/tests/test_x25519_ecdh.c
index 7af44e0..259767f 100644
--- a/tests/test_x25519_ecdh.c
+++ b/tests/test_x25519_ecdh.c
@@ -11,10 +11,17 @@
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
 #include "se050_mem_protect.h"
+#include "se050_x25519_sw.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
+/* Function prototypes for software tests */
+static int test_sw_keypair_generation(void);
+static int test_sw_ecdh_symmetry(void);
+static int test_sw_public_key_derivation(void);
+static int test_sw_key_zeroization(void);
+
 /* X25519 test vectors from RFC 7748 */
 static const uint8_t RFC7748_SK_1[32] = {
     0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
@@ -492,7 +499,8 @@ static int test_sw_public_key_derivation(void)
     se050_x25519_sw_clamp(derived);
     
     uint8_t direct_public[32];
-    x25519_sw(direct_public, derived, (const uint8_t*)"basepoint");
+    se050_x25519_sw_derive_public_key(direct_public, derived);
+    se050_x25519_sw_clamp(direct_public);
     
     if (!buffers_equal(public_key, direct_public, 32)) {
         printf("[FAIL] Public key mismatch\n");