backups: change default HMAC algorithm to SHA512

Backups should be safe also for long-term, so change HMAC to SHA512,
which should be usable much longer than SHA1.

See this thread for discussion:
https://groups.google.com/d/msg/qubes-devel/5X-WjdP9VqQ/4zI8-QWd0S4J

Additionally save guessed HMAC in artificial header data (when no real
header exists).
This commit is contained in:
Marek Marczykowski-Górecki 2014-09-18 08:25:58 +02:00
parent 603384b4c6
commit dba6798a60

View File

@ -43,7 +43,7 @@ BACKUP_DEBUG = False
HEADER_FILENAME = 'backup-header' HEADER_FILENAME = 'backup-header'
DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc' DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
DEFAULT_HMAC_ALGORITHM = 'SHA1' DEFAULT_HMAC_ALGORITHM = 'SHA512'
# Maximum size of error message get from process stderr (including VM process) # Maximum size of error message get from process stderr (including VM process)
MAX_STDERR_BYTES = 1024 MAX_STDERR_BYTES = 1024
# header + qubes.xml max size # header + qubes.xml max size
@ -1174,6 +1174,8 @@ def restore_vm_dirs (backup_source, restore_tmpdir, passphrase, vms_dirs, vms,
encrypted = header_data[BackupHeader.encrypted] encrypted = header_data[BackupHeader.encrypted]
os.unlink(filename) os.unlink(filename)
else: else:
# if no header found, create one with guessed HMAC algo
header_data = { BackupHeader.hmac_algorithm: hmac_algorithm }
# If this isn't backup header, pass it to ExtractWorker # If this isn't backup header, pass it to ExtractWorker
to_extract.put(filename) to_extract.put(filename)
# when tar do not find expected file in archive, it exit with # when tar do not find expected file in archive, it exit with