qemu: domain: Add helper to check if encrypted secrets can be used with a VM

This helper checks that the vm has the master key setup and libvirt
supports the given encryption algorithm.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

src/qemu/qemu_domain.c

@@ -1292,6 +1292,22 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
 }
 
 
+/**
+ * qemuDomainSupportsEncryptedSecret:
+ * @priv: qemu domain private data
+ *
+ * Returns true if libvirt can use encrypted 'secret' objects with VM which
+ * @priv belongs to.
+ */
+bool
+qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv)
+{
+    return virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
+           virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
+           priv->masterKey;
+}
+
+
 /* qemuDomainSecretSetup:
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
@@ -1320,8 +1336,7 @@ qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv,
     bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
                                      QEMU_CAPS_ISCSI_PASSWORD_SECRET);
 
-    if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
+    if (qemuDomainSupportsEncryptedSecret(priv) &&
-        virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
         (usageType == VIR_SECRET_USAGE_TYPE_CEPH ||
          (usageType == VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) ||
          usageType == VIR_SECRET_USAGE_TYPE_VOLUME ||

src/qemu/qemu_domain.h

@@ -831,6 +831,8 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm);
 
 void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);
 
+bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv);
+
 void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
     ATTRIBUTE_NONNULL(1);