From dba6798a607866e7c7bcb0a4e386ccbae7743dac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 18 Sep 2014 08:25:58 +0200
Subject: [PATCH] backups: change default HMAC algorithm to SHA512

Backups should be safe also for long-term, so change HMAC to SHA512,
which should be usable much longer than SHA1.

See this thread for discussion:
https://groups.google.com/d/msg/qubes-devel/5X-WjdP9VqQ/4zI8-QWd0S4J

Additionally save guessed HMAC in artificial header data (when no real
header exists).
---
 core/backup.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/backup.py b/core/backup.py
index 2c189e31..cb84f3fb 100644
--- a/core/backup.py
+++ b/core/backup.py
@@ -43,7 +43,7 @@ BACKUP_DEBUG = False
 
 HEADER_FILENAME = 'backup-header'
 DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
-DEFAULT_HMAC_ALGORITHM = 'SHA1'
+DEFAULT_HMAC_ALGORITHM = 'SHA512'
 # Maximum size of error message get from process stderr (including VM process)
 MAX_STDERR_BYTES = 1024
 # header + qubes.xml max size
@@ -1174,6 +1174,8 @@ def restore_vm_dirs (backup_source, restore_tmpdir, passphrase, vms_dirs, vms,
                 encrypted = header_data[BackupHeader.encrypted]
             os.unlink(filename)
         else:
+            # if no header found, create one with guessed HMAC algo
+            header_data = { BackupHeader.hmac_algorithm: hmac_algorithm }
             # If this isn't backup header, pass it to ExtractWorker
             to_extract.put(filename)
             # when tar do not find expected file in archive, it exit with