[PATCH 01/38] qemu: domain: Add helper to check if encrypted secrets can be used with a VM

Peter Krempa <pkrempa@xxxxxxxxxx> · Wed, 30 May 2018 14:40:57 +0200

This helper checks that the vm has the master key setup and libvirt
supports the given encryption algorithm.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c | 19 +++++++++++++++++--
 src/qemu/qemu_domain.h |  2 ++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2c51e4c0d8..708d562e82 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1292,6 +1292,22 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
 }


+/**
+ * qemuDomainSupportsEncryptedSecret:
+ * @priv: qemu domain private data
+ *
+ * Returns true if libvirt can use encrypted 'secret' objects with VM which
+ * @priv belongs to.
+ */
+bool
+qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv)
+{
+    return virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
+           virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
+           priv->masterKey;
+}
+
+
 /* qemuDomainSecretSetup:
  * @priv: pointer to domain private object
  * @secinfo: Pointer to secret info
@@ -1320,8 +1336,7 @@ qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv,
     bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
                                      QEMU_CAPS_ISCSI_PASSWORD_SECRET);

-    if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
-        virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
+    if (qemuDomainSupportsEncryptedSecret(priv) &&
         (usageType == VIR_SECRET_USAGE_TYPE_CEPH ||
          (usageType == VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) ||
          usageType == VIR_SECRET_USAGE_TYPE_VOLUME ||
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 2e0f4df0fb..f7405e0c6c 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -831,6 +831,8 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm);

 void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);

+bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv);
+
 void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
     ATTRIBUTE_NONNULL(1);

-- 
2.16.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






