New AES modes for IPSec, user space components.

Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.

A partial commit of the work in review D2936.

Submitted by:	eri
Reviewed by:	jmg
MFC after:	2 weeks
Sponsored by:	Rubicon Communications (Netgate)

2 files changed, 3 insertions, 1 deletions

diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8
index 4306ec22f8b8..b6d4157569a5 100644
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@@ -627,11 +627,12 @@ des-deriv	64		ipsec-ciph-des-derived-01
 3des-deriv	192		no document
 rijndael-cbc	128/192/256	rfc3602
 aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
+aes-gcm-16	160/224/288	rfc4106
 camellia-cbc	128/192/256	rfc4312
 .Ed
 .Pp
 Note that the first 128/192/256 bits of a key for
-.Li aes-ctr
+.Li aes-ctr or aes-gcm-16
 will be used as AES key, and remaining 32 bits will be used as nonce.
 .Pp
 The following are the list of compression algorithms that can be used
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index bc9205b402a1..1b667190fe39 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -168,6 +168,7 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>camellia-cbc	{ yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); }
 
 	/* compression algorithms */
 {hyphen}C	{ return(F_COMP); }