From 2d309f961eead474a5bd45462cd56b7e2387435a Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 22 May 2018 16:36:20 +0200 Subject: [PATCH] qemu: domain: Add helper to check if encrypted secrets can be used with a VM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This helper checks that the vm has the master key setup and libvirt supports the given encryption algorithm. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/qemu/qemu_domain.c | 19 +++++++++++++++++-- src/qemu/qemu_domain.h | 2 ++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 474bef0ec9..9463dd45f1 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1292,6 +1292,22 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, } +/** + * qemuDomainSupportsEncryptedSecret: + * @priv: qemu domain private data + * + * Returns true if libvirt can use encrypted 'secret' objects with VM which + * @priv belongs to. + */ +bool +qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv) +{ + return virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && + priv->masterKey; +} + + /* qemuDomainSecretSetup: * @priv: pointer to domain private object * @secinfo: Pointer to secret info @@ -1320,8 +1336,7 @@ qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv, bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET); - if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && - virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && + if (qemuDomainSupportsEncryptedSecret(priv) && (usageType == VIR_SECRET_USAGE_TYPE_CEPH || (usageType == VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) || usageType == VIR_SECRET_USAGE_TYPE_VOLUME || diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 2e0f4df0fb..f7405e0c6c 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -831,6 +831,8 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm); void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv); +bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv); + void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo) ATTRIBUTE_NONNULL(1);