[PATCH v2 4/5] conf: add encryption engine property

Or Ozeri posted 5 patches 2 months ago

[PATCH v2 4/5] conf: add encryption engine property

Posted by Or Ozeri 2 months ago
This commit extends libvirt XML configuration to support a custom encryption engine.
This means that <encryption format="luks" engine="qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |   6 +
 docs/schemas/domainbackup.rng                 |   7 +
 docs/schemas/storagecommon.rng                |   7 +
 src/conf/storage_encryption_conf.c            |  31 +++-
 src/conf/storage_encryption_conf.h            |   9 +
 src/qemu/qemu_block.c                         |   2 +
 src/qemu/qemu_domain.c                        |   8 +
 tests/qemustatusxml2xmldata/upgrade-out.xml   |   6 +-
 tests/qemuxml2xmloutdata/disk-nvme.xml        |  65 ++++++-
 .../disk-slices.x86_64-latest.xml             |   4 +-
 .../encrypted-disk-usage.xml                  |  38 ++++-
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |   2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml |  14 +-
 .../qemuxml2xmloutdata/luks-disks-source.xml  |  10 +-
 tests/qemuxml2xmloutdata/luks-disks.xml       |  47 +++++-
 tests/qemuxml2xmloutdata/user-aliases.xml     | 159 +++++++++++++++++-
 16 files changed, 392 insertions(+), 23 deletions(-)
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/disk-nvme.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/luks-disks.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/user-aliases.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index b2631ab25d..5783381a4a 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</code>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type</code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name="engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name="secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7d1d066289..b34577c582 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -16,6 +16,13 @@
           <value>luks2</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name="engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name="secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encryption_conf.c
index 2df4ec96af..e8da02b605 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks", "luks2",
 );
 
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *src)
     ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets = src->nsecrets;
     ret->format = src->format;
+    ret->engine = src->engine;
 
     for (i = 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
     xmlNodePtr *nodes = NULL;
     virStorageEncryption *encdef = NULL;
     virStorageEncryption *ret = NULL;
+    g_autofree char *engine_str = NULL;
     g_autofree char *format_str = NULL;
     int n;
     size_t i;
@@ -239,6 +246,16 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
 
+    if ((engine_str = virXPathString("string(./@engine)", ctxt))) {
+        if ((encdef->engine =
+             virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("unknown volume encryption engine type %s"),
+                           engine_str);
+            goto cleanup;
+        }
+    }
+
     if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
 
@@ -327,6 +344,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
 
@@ -335,7 +353,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+    if (enc->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+    } else {
+        if (!(engine = virStorageEncryptionEngineTypeToString(enc->engine))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format='%s' engine='%s'>\n",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
 
     for (i = 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encryption_conf.h
index 32e3a1243a..c722f832f5 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
 
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT = 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngineType;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
@@ -64,6 +72,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
 
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    int engine; /* virStorageEncryptionEngineType */
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
 
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index f7aa052822..693c43dfcc 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1318,6 +1318,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
      * VIR_DOMAIN_SECRET_INFO_TYPE_AES works here. The correct type needs to be
      * instantiated elsewhere. */
     if (!src->encryption ||
+        src->encryption->engine != VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo ||
         srcpriv->encinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES)
@@ -1454,6 +1455,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
             src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2d35106c2f..9c873c129b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5421,6 +5421,8 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  virQEMUCaps *qemuCaps,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5435,6 +5437,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
         disk->mirror->format == VIR_STORAGE_FILE_NONE)
         disk->mirror->format = VIR_STORAGE_FILE_RAW;
 
+    /* default disk encryption engine */
+    for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
+        if (n->encryption && n->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT)
+            n->encryption->engine = VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
                                                         parseFlags) < 0)
         return -1;
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatusxml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type='file' device='disk'>
         <driver name='qemu' type='qcow2'/>
         <source file='/var/lib/libvirt/images/b.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type='file' device='disk'>
         <driver name='qemu' type='qcow2'/>
         <source file='/var/lib/libvirt/images/c.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username='testuser-iscsi'>
             <secret type='iscsi' usage='testuser-iscsi-secret'/>
           </auth>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
deleted file mode 120000
index ea9eb267ac..0000000000
--- a/tests/qemuxml2xmloutdata/disk-nvme.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/disk-nvme.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
new file mode 100644
index 0000000000..9a5fafce7d
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-nvme.xml
@@ -0,0 +1,64 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='yes' namespace='1'>
+        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='yes' namespace='2'>
+        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vdb' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='no' namespace='1'>
+        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vdc' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='qcow2' cache='none'/>
+      <source type='pci' managed='no' namespace='2'>
+        <address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/>
+        <encryption format='luks' engine='qemu'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev='vdd' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='scsi' index='0' model='virtio-scsi'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </controller>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type='storage' offset='1234' size='321'/>
         </slices>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type='storage' offset='1234' size='321'/>
         </slices>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
deleted file mode 120000
index a1a4f841e9..0000000000
--- a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/encrypted-disk-usage.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
new file mode 100644
index 0000000000..d2b87b94b6
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
@@ -0,0 +1,37 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/storage/guest_disks/encryptdisk'/>
+      <target dev='vda' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xmloutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'/>
       <target dev='vda' bus='virtio'/>
-      <encryption format='luks'>
+      <encryption format='luks' engine='qemu'>
         <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
       </encryption>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk2'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username='myname'>
           <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
         </auth>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type='volume' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name='mon1.example.org' port='6321'/>
         <host name='mon2.example.org' port='6322'/>
         <host name='mon3.example.org' port='6322'/>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk5'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
       <backingStore type='file'>
         <format type='qcow2'/>
         <source file='/storage/guest_disks/base.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='raw'/>
       <source file='/storage/guest_disks/encryptdisk'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='raw'/>
       <source file='/storage/guest_disks/encryptdisk2'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username='myname'>
           <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
         </auth>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type='volume' device='disk'>
       <driver name='qemu' type='raw'/>
       <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name='mon1.example.org' port='6321'/>
         <host name='mon2.example.org' port='6322'/>
         <host name='mon3.example.org' port='6322'/>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
deleted file mode 120000
index d65e470c32..0000000000
--- a/tests/qemuxml2xmloutdata/luks-disks.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/luks-disks.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
new file mode 100644
index 0000000000..1c76f0dc26
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/luks-disks.xml
@@ -0,0 +1,46 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk'/>
+      <target dev='vda' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk2'/>
+      <target dev='vdb' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
deleted file mode 120000
index b5a27f08cd..0000000000
--- a/tests/qemuxml2xmloutdata/user-aliases.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/user-aliases.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
new file mode 100644
index 0000000000..10b7749521
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/user-aliases.xml
@@ -0,0 +1,158 @@
+<domain type='kvm'>
+  <name>gentoo</name>
+  <uuid>a75aca4b-a02f-2bcb-4a91-c93cd848c34b</uuid>
+  <memory unit='KiB'>4194304</memory>
+  <currentMemory unit='KiB'>4194304</currentMemory>
+  <memoryBacking>
+    <hugepages>
+      <page size='1048576' unit='KiB' nodeset='0-3'/>
+    </hugepages>
+  </memoryBacking>
+  <vcpu placement='static'>4</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-1.4'>hvm</type>
+    <boot dev='hd'/>
+    <boot dev='cdrom'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <cpu>
+    <numa>
+      <cell id='0' cpus='0' memory='1048576' unit='KiB'/>
+      <cell id='1' cpus='1' memory='1048576' unit='KiB'/>
+      <cell id='2' cpus='2' memory='1048576' unit='KiB'/>
+      <cell id='3' cpus='3' memory='1048576' unit='KiB'/>
+    </numa>
+  </cpu>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='yes'/>
+    <suspend-to-disk enabled='yes'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='floppy'>
+      <driver name='qemu' type='raw' cache='none'/>
+      <source file='/var/lib/libvirt/images/fd.img'/>
+      <target dev='fda' bus='fdc'/>
+      <alias name='ua-myDisk1'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/gentoo.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+      <alias name='ua-myDisk2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/OtherDemo.img'/>
+      <target dev='vdb' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+      </encryption>
+      <alias name='ua-myEncryptedDisk1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw' cache='none'/>
+      <source file='/home/zippy/tmp/install-amd64-minimal-20140619.iso'/>
+      <target dev='hdc' bus='ide'/>
+      <readonly/>
+      <shareable/>
+      <alias name='ua-WhatAnAwesomeCDROM'/>
+      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <alias name='ua-SomeWeirdController'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'>
+      <alias name='ua-MyPCIRootController'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <alias name='ua-DoesAnybodyStillUseIDE'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </controller>
+    <controller type='fdc' index='0'/>
+    <controller type='ccid' index='0'>
+      <alias name='ua-myCCID'/>
+      <address type='usb' bus='0' port='1'/>
+    </controller>
+    <controller type='ccid' index='1'>
+      <alias name='ua-myCCID2'/>
+      <address type='usb' bus='0' port='2'/>
+    </controller>
+    <interface type='ethernet'>
+      <mac address='52:54:00:d6:c0:0b'/>
+      <model type='virtio'/>
+      <alias name='ua-CheckoutThisNIC'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <interface type='server'>
+      <mac address='52:54:00:22:c9:42'/>
+      <source address='127.0.0.1' port='1234'/>
+      <bandwidth>
+        <inbound average='1234'/>
+        <outbound average='5678'/>
+      </bandwidth>
+      <model type='rtl8139'/>
+      <alias name='ua-WeCanAlsoDoServerMode'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </interface>
+    <interface type='client'>
+      <mac address='52:54:00:8c:b1:f8'/>
+      <source address='127.0.0.1' port='1234'/>
+      <model type='rtl8139'/>
+      <alias name='ua-AndAlsoClientMode'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </interface>
+    <smartcard mode='host'>
+      <address type='ccid' controller='0' slot='0'/>
+    </smartcard>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <serial type='pty'>
+      <target type='isa-serial' port='1'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/gentoo.org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes'>
+      <listen type='address'/>
+    </graphics>
+    <sound model='ich6'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </sound>
+    <audio id='1' type='none'/>
+    <video>
+      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
-- 
2.25.1