Attach encryption information to virDomainDiskDef.

The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.

A domain with partial encryption information can be defined,
completeness of the information is not verified.  The domain won't
start until the remaining information is added, of course.

* docs/formatdomain.html, docs/formatdomain.html.in: Document
  new encryption options for disks
* docs/schemas/domain.rng: Pull in storage encryption schema
  rules
* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
  XML parsing/formatting APIs

docs/formatdomain.html

@@ -453,6 +453,9 @@
 	    <driver name="tap" type="aio">
 	    <source file='/var/lib/xen/images/fv0'/>
 	    <target dev='hda' bus='ide'/>
+            <encryption type='...'>
+              ...
+            </encryption>
 	  </disk>
 	  ...</pre>
         <dl><dt><code>disk</code></dt><dd>The <code>disk</code> element is the main container for describing
@@ -478,6 +481,9 @@
 	<code>driver</code> element allows them to be selected. The <code>name</code>
 	attribute is the primary backend driver name, while the optional <code>type</code>
 	attribute provides the sub-type. <span class="since">Since 0.1.8</span>
+      </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
       </dd></dl>
         <h4>
           <a name="elementsUSB" id="elementsUSB">USB and PCI devices</a>

docs/formatdomain.html.in

@@ -338,6 +338,9 @@
 	    <driver name="tap" type="aio">
 	    <source file='/var/lib/xen/images/fv0'/>
 	    <target dev='hda' bus='ide'/>
+            <encryption type='...'>
+              ...
+            </encryption>
 	  </disk>
 	  ...</pre>
 
@@ -373,6 +376,11 @@
 	attribute is the primary backend driver name, while the optional <code>type</code>
 	attribute provides the sub-type. <span class="since">Since 0.1.8</span>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
+      </dd>
     </dl>
 
     <h4><a name="elementsUSB">USB and PCI devices</a></h4>

docs/schemas/domain.rng

@@ -4,6 +4,8 @@
   <start>
     <ref name="domain"/>
   </start>
+
+  <include href='storageencryption.rng'/>
   <!--
       We handle only document defining a domain
     -->
@@ -336,6 +338,9 @@
         <empty/>
       </element>
     </optional>
+    <optional>
+      <ref name="encryption"/>
+    </optional>
   </define>
   <!--
       A disk description can be either of type file or block

src/domain_conf.c

@@ -288,6 +288,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
     VIR_FREE(def->dst);
     VIR_FREE(def->driverName);
     VIR_FREE(def->driverType);
+    virStorageEncryptionFree(def->encryption);
 
     VIR_FREE(def);
 }
@@ -661,6 +662,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
     char *bus = NULL;
     char *cachetag = NULL;
     char *devaddr = NULL;
+    virStorageEncryptionPtr encryption = NULL;
 
     if (VIR_ALLOC(def) < 0) {
         virReportOOMError(conn);
@@ -718,6 +720,12 @@ virDomainDiskDefParseXML(virConnectPtr conn,
             } else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
                        xmlStrEqual(cur->name, BAD_CAST "state")) {
                 devaddr = virXMLPropString(cur, "devaddr");
+            } else if (encryption == NULL &&
+                       xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+                encryption = virStorageEncryptionParseNode(conn, node->doc,
+                                                           cur);
+                if (encryption == NULL)
+                    goto error;
             }
         }
         cur = cur->next;
@@ -836,6 +844,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
     driverName = NULL;
     def->driverType = driverType;
     driverType = NULL;
+    def->encryption = encryption;
+    encryption = NULL;
 
 cleanup:
     VIR_FREE(bus);
@@ -847,6 +857,7 @@ cleanup:
     VIR_FREE(driverName);
     VIR_FREE(cachetag);
     VIR_FREE(devaddr);
+    virStorageEncryptionFree(encryption);
 
     return def;
 
@@ -3519,6 +3530,9 @@ virDomainDiskDefFormat(virConnectPtr conn,
         virBufferAddLit(buf, "      <readonly/>\n");
     if (def->shared)
         virBufferAddLit(buf, "      <shareable/>\n");
+    if (def->encryption != NULL &&
+        virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+        return -1;
 
     if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS) {
         virBufferAddLit(buf, "      <state");

src/domain_conf.h

@@ -30,6 +30,7 @@
 
 #include "internal.h"
 #include "capabilities.h"
+#include "storage_encryption_conf.h"
 #include "util.h"
 #include "threads.h"
 
@@ -117,6 +118,7 @@ struct _virDomainDiskDef {
         unsigned bus;
         unsigned slot;
     } pci_addr;
+    virStorageEncryptionPtr encryption;
 };
 
 static inline int