When creating a PBKDF2, first check if the argument name is a known

MAC.  If it is, use it as the PRF. Otherwise assume it is a hash
function and use it with HMAC. Instead of instantiating the HMAC
directly, go through the algorithm factory.

Add a test using PBKDF2 with CMAC(Blowfish); Blowfish mainly because
it supports arbitrarily large keys, and also the required 4 KiB of
sbox tables actually would make it fairly useful in that it would make
cracking using hardware or GPUs rather expensive. Have not confirmed
this vector against any other implementation because I don't know of
any other implementation of PBKDF2 that supports MACs other than HMAC.

1 files changed, 6 insertions, 2 deletions

diff --git a/src/libstate/get_enc.cpp b/src/libstate/get_enc.cpp
index a825a5d24..1176061c2 100644
--- a/src/libstate/get_enc.cpp
+++ b/src/libstate/get_enc.cpp
@@ -15,7 +15,6 @@
 
 #if defined(BOTAN_HAS_PBKDF2)
   #include <botan/pbkdf2.h>
-  #include <botan/hmac.h>
 #endif
 
 #if defined(BOTAN_HAS_PGPS2K)
@@ -96,7 +95,12 @@ PBKDF* get_pbkdf(const std::string& algo_spec)
 
 #if defined(BOTAN_HAS_PBKDF2)
    if(request.algo_name() == "PBKDF2" && request.arg_count() == 1)
-      return new PKCS5_PBKDF2(new HMAC(af.make_hash_function(request.arg(0))));
+      {
+      if(const MessageAuthenticationCode* mac_proto = af.prototype_mac(request.arg(0)))
+         return new PKCS5_PBKDF2(mac_proto->clone());
+
+      return new PKCS5_PBKDF2(af.make_mac("HMAC(" + request.arg(0) + ")"));
+      }
 #endif
 
 #if defined(BOTAN_HAS_PGPS2K)