diff --git a/hkdf.h b/hkdf.h
index 3dbebecc..711f250c 100644
--- a/hkdf.h
+++ b/hkdf.h
@@ -27,7 +27,8 @@ public:
 
 const byte KeyDerivationFunction::s_NullVector[64] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
 
-//! HKDF from RFC 5869, T should be a HashTransformation class
+//! General, multipurpose KDF from RFC 5869. T should be a HashTransformation class
+//! https://eprint.iacr.org/2010/264 and https://tools.ietf.org/html/rfc5869
 template <class T>
 class CRYPTOPP_DLL HKDF : public KeyDerivationFunction
 {
@@ -84,4 +85,3 @@ unsigned int HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *se
 NAMESPACE_END
 
 #endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
-
diff --git a/validat1.cpp b/validat1.cpp
index ee5a18b0..1ccd28d1 100644
--- a/validat1.cpp
+++ b/validat1.cpp
@@ -67,6 +67,7 @@ bool ValidateAll(bool thorough)
 	pass=ValidateTTMAC() && pass;
 
 	pass=ValidatePBKDF() && pass;
+	pass=ValidateHKDF() && pass;
 
 	pass=ValidateDES() && pass;
 	pass=ValidateCipherModes() && pass;
diff --git a/validat3.cpp b/validat3.cpp
index 42c1d100..c26f225c 100644
--- a/validat3.cpp
+++ b/validat3.cpp
@@ -15,6 +15,7 @@
 #include "ripemd.h"
 
 #include "hmac.h"
+#include "hkdf.h"
 #include "ttmac.h"
 
 #include "integer.h"
@@ -590,3 +591,106 @@ bool ValidatePBKDF()
 
 	return pass;
 }
+
+struct HKDF_TestTuple
+{
+	const char *hexSecret, *hexSalt, *hexContext, *hexDerivedKey;
+	size_t len;
+};
+
+bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet, unsigned int testSetSize)
+{
+	bool pass = true;
+
+	for (unsigned int i=0; i<testSetSize; i++)
+	{
+		const HKDF_TestTuple &tuple = testSet[i];
+
+		string secret, context, salt, derivedKey;
+		StringSource(tuple.hexSecret, true, new HexDecoder(new StringSink(secret)));
+		StringSource(tuple.hexSalt ? tuple.hexSalt : "", true, new HexDecoder(new StringSink(salt)));
+		StringSource(tuple.hexContext ? tuple.hexContext : "", true, new HexDecoder(new StringSink(context)));
+		StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey)));
+
+		SecByteBlock derived(derivedKey.size());
+		unsigned int ret = kdf.DeriveKey(derived, derived.size(),
+                                         reinterpret_cast<const unsigned char*>(secret.data()), secret.size(),
+                                         reinterpret_cast<const unsigned char*>(salt.data()), salt.size(),
+                                         reinterpret_cast<const unsigned char*>(context.data()), context.size());
+		pass = pass && (ret == tuple.len);
+
+		bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const unsigned char*>(derivedKey.data()), derived.size());
+		pass = pass && !fail;
+
+		HexEncoder enc(new FileSink(cout));
+		cout << (fail ? "FAILED   " : "passed   ");
+		cout << " " << tuple.hexSecret << " " << (tuple.hexSalt ? tuple.hexSalt : "<NO SALT>");
+		cout << " " << (tuple.hexContext ? tuple.hexContext : "<NO CTX>") << " ";
+		enc.Put(derived, derived.size());
+		cout << endl;
+	}
+
+	return pass;
+}
+
+bool ValidateHKDF()
+{
+	bool pass = true;
+
+	{
+	// SHA-1 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #4
+		{"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81 a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42},
+		// Test Case #5
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e 927336d0441f4c4300e2cff0d0900b52 d3b4", 82},
+		// Test Case #6
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0 ea00033de03984d34918", 42}
+	};
+
+	HKDF<SHA1> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	{
+	// SHA-256 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #1
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf 34007208d5b887185865", 42},
+		// Test Case #2
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71 cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82},
+		// Test Case #3
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d 9d201395faa4b61a96c8", 42}
+	};
+
+	HKDF<SHA256> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	{
+	// SHA-512 based on RFC 5869, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #0
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "832390086CDA71FB47625BB5CEB168E4 C8E26A1A16ED34D9FC7FE92C14815793 38DA362CB8D9F925D7CB", 42},
+		// Test Case #0
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "CE6C97192805B346E6161E821ED16567 3B84F400A2B514B2FE23D84CD189DDF1 B695B48CBD1C8388441137B3CE28F16A A64BA33BA466B24DF6CFCB021ECFF235 F6A2056CE3AF1DE44D572097A8505D9E 7A93", 82},
+		// Test Case #0
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "F5FA02B18298A72A8C23898A8703472C 6EB179DC204C03425C970E3B164BF90F FF22D04836D0E2343BAC", 42}
+
+	};
+
+	HKDF<SHA512> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-512) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	return pass;
+}
diff --git a/validate.h b/validate.h
index 0ab23cba..620f88a6 100644
--- a/validate.h
+++ b/validate.h
@@ -25,6 +25,7 @@ bool ValidateTTMAC();
 
 bool ValidateCipherModes();
 bool ValidatePBKDF();
+bool ValidateHKDF();
 
 bool ValidateDES();
 bool ValidateIDEA();