rename PBKDF2 to PBKDF2HMAC, address many other review comments

5 files changed, 24 insertions, 18 deletions

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 936520eb..53c75181 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -67,16 +67,17 @@ class HMACBackend(six.with_metaclass(abc.ABCMeta)):
         """
 
 
-class PBKDF2Backend(six.with_metaclass(abc.ABCMeta)):
+class PBKDF2HMACBackend(six.with_metaclass(abc.ABCMeta)):
     @abc.abstractmethod
-    def pbkdf2_hash_supported(self, algorithm):
+    def pbkdf2_hmac_supported(self, algorithm):
         """
         Return True if the hash algorithm is supported for PBKDF2 by this
         backend.
         """
 
     @abc.abstractmethod
-    def derive_pbkdf2(self, algorithm, length, salt, iterations, key_material):
+    def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
+                           key_material):
         """
         Return length bytes derived from provided PBKDF2 parameters.
         """
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index ca7d1778..dbdb2e56 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -20,7 +20,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, InvalidTag, InternalError
 )
 from cryptography.hazmat.backends.interfaces import (
-    CipherBackend, HashBackend, HMACBackend, PBKDF2Backend
+    CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend
 )
 from cryptography.hazmat.primitives import interfaces, hashes
 from cryptography.hazmat.primitives.ciphers.algorithms import (
@@ -35,7 +35,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding
 @utils.register_interface(CipherBackend)
 @utils.register_interface(HashBackend)
 @utils.register_interface(HMACBackend)
-@utils.register_interface(PBKDF2Backend)
+@utils.register_interface(PBKDF2HMACBackend)
 class Backend(object):
     """
     OpenSSL API binding interfaces.
@@ -134,15 +134,19 @@ class Backend(object):
     def create_symmetric_decryption_ctx(self, cipher, mode):
         return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT)
 
-    def pbkdf2_hash_supported(self, algorithm):
+    def pbkdf2_hmac_supported(self, algorithm):
         if self._lib.Cryptography_HAS_PBKDF2_HMAC:
             digest = self._lib.EVP_get_digestbyname(
                 algorithm.name.encode("ascii"))
             return digest != self._ffi.NULL
         else:
+            # OpenSSL < 1.0.0 has an explicit PBKDF2-HMAC-SHA1 function,
+            # so if the PBKDF2_HMAC function is missing we only support
+            # SHA1 via PBKDF2_HMAC_SHA1.
             return isinstance(algorithm, hashes.SHA1)
 
-    def derive_pbkdf2(self, algorithm, length, salt, iterations, key_material):
+    def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
+                           key_material):
         buf = self._ffi.new("char[]", length)
         if self._lib.Cryptography_HAS_PBKDF2_HMAC:
             evp_md = self._lib.EVP_get_digestbyname(
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 1cc35f60..940d9910 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -21,11 +21,12 @@ from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.KeyDerivationFunction)
-class PBKDF2(object):
+class PBKDF2HMAC(object):
     def __init__(self, algorithm, length, salt, iterations, backend):
         if not backend.pbkdf2_hash_supported(algorithm):
             raise UnsupportedAlgorithm(
-                "{0} is not supported by this backend".format(algorithm.name)
+                "{0} is not supported for PBKDF2 by this backend".format(
+                    algorithm.name)
             )
         self._called = False
         self.algorithm = algorithm
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 975a7b02..e22c6bb3 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -134,32 +134,32 @@ A specific ``backend`` may provide one or more of these interfaces.
 
 
 
-.. class:: PBKDF2Backend
+.. class:: PBKDF2HMACBackend
 
     .. versionadded:: 0.2
 
-    A backend with methods for using PBKDF2.
+    A backend with methods for using PBKDF2 using HMAC as a PRF.
 
-    .. method:: pbkdf2_hash_supported(algorithm)
+    .. method:: pbkdf2_hmac_supported(algorithm)
 
         Check if the specified ``algorithm`` is supported by this backend.
 
-        :param algorithm: An instance of a
+        :param prf: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
             provider.
 
         :returns: ``True`` if the specified ``algorithm`` is supported for
-            PBKDF2 by this backend, otherwise ``False``.
+            PBKDF2 HMAC by this backend, otherwise ``False``.
 
-    .. method:: derive_pbkdf2(self, algorithm, length, salt, iterations,
-                              key_material)
+    .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
+                                   key_material)
 
         :param algorithm: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
             provider.
 
         :param int length: The desired length of the derived key. Maximum is
-            2\ :sup:`31` - 1.
+            (2\ :sup:`32` - 1) * ``algorithm.digest_size``
 
         :param bytes salt: A salt.
 
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index 51d73bc2..bad7a36c 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -35,7 +35,7 @@ using a pseudo-random function (PRF).
         :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
         provider.
     :param int length: The desired length of the derived key. Maximum is
-        2\ :sup:`31` - 1.
+        (2\ :sup:`32` - 1) * ``algorithm.digest_size``
     :param bytes salt: A salt. `NIST SP 800-132`_ recommends 128-bits or
         longer.
     :param int iterations: The number of iterations to perform of the hash