Fixes bug #25. CMAC is used as the PRF. Note that we're currently using
a version of Spongy Castle with a CMAC implementation that's vulnerable
to a side-channel attack - this has been reported and fixed upstream but
we haven't yet upgraded to the fixed version.