From 713d10620107a0d38a90b8110a31a856fca36a85 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 11 Sep 2016 22:15:55 +0200
Subject: Support specifying PRF in setup_pbkdf2()

This also ensures that the PRF URL is normalised.
---
 pskc/encryption.py            | 5 ++++-
 tests/test_encryption.doctest | 8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pskc/encryption.py b/pskc/encryption.py
index fd8dd49..4ce3f24 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -160,7 +160,8 @@ class KeyDerivation(object):
             # pseudorandom function used
             prf = find(pbkdf2, 'PRF')
             if prf is not None:
-                self.pbkdf2_prf = prf.get('Algorithm')
+                from pskc.algorithms import normalise_algorithm
+                self.pbkdf2_prf = normalise_algorithm(prf.get('Algorithm'))
 
     def make_xml(self, encryption_key, key_names):
         from pskc.xml import mk_elem
@@ -220,6 +221,8 @@ class KeyDerivation(object):
             self.pbkdf2_iterations = 12 * 1000
         if key_length:
             self.pbkdf2_key_length = key_length
+        if prf:
+            self.pbkdf2_prf = normalise_algorithm(prf)
         return self.derive_pbkdf2(password)
 
 
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index eed76a1..22bb118 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -210,10 +210,12 @@ reasonable defaults.
 
 All properties can also be manually specified.
 
+>>> pskc = PSKC()
 >>> pskc.encryption.setup_pbkdf2(
 ...    'qwerty', iterations=1000, algorithm='aes256-cbc', key_length=24,
 ...    salt=base64.b64decode('Ej7/PEpyEpw='),
-...    key_name='PBKDF2 passphrase')
+...    key_name='PBKDF2 passphrase',
+...    prf='hmac-md5')
 >>> pskc.encryption.derivation.algorithm
 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
 >>> pskc.encryption.derivation.pbkdf2_iterations
@@ -222,9 +224,11 @@ All properties can also be manually specified.
 '123eff3c4a72129c'
 >>> pskc.encryption.derivation.pbkdf2_key_length
 24
+>>> pskc.encryption.derivation.pbkdf2_prf
+'http://www.w3.org/2001/04/xmldsig-more#hmac-md5'
 >>> pskc.encryption.algorithm
 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
 >>> pskc.encryption.key_name
 'PBKDF2 passphrase'
 >>> b2a_hex(pskc.encryption.key)
-'651e63cd57008476af1ff6422cd02e41a13be8f92db69ec9'
+'e8c5fecfb2a5cbb80ff791782ff5e125cc375bb6ba113071'
-- 
cgit v1.2.3