From 46e99a8858f1c843c1774e472c11d422ca2163ae Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Mon, 17 Aug 2015 13:53:21 -0300
Subject: Importing pfSense patch aesgcm.soft.1.patch

---
 sbin/setkey/setkey.8 | 5 ++++-
 sbin/setkey/token.l  | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'sbin/setkey')

diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8
index 4306ec2..9335d12 100644
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@@ -627,11 +627,14 @@ des-deriv	64		ipsec-ciph-des-derived-01
 3des-deriv	192		no document
 rijndael-cbc	128/192/256	rfc3602
 aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
+aes-gcm-8	160/224/288	rfc4106
+aes-gcm-12	160/224/288	rfc4106
+aes-gcm-16	160/224/288	rfc4106
 camellia-cbc	128/192/256	rfc4312
 .Ed
 .Pp
 Note that the first 128/192/256 bits of a key for
-.Li aes-ctr
+.Li aes-ctr or aes-gcm-16
 will be used as AES key, and remaining 32 bits will be used as nonce.
 .Pp
 The following are the list of compression algorithms that can be used
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index c89982f..ea3512f 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -168,6 +168,9 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>camellia-cbc	{ yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gcm-8	{ yylval.num = SADB_X_EALG_AESGCM8; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gcm-12	{ yylval.num = SADB_X_EALG_AESGCM12; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); }
 
 	/* compression algorithms */
 {hyphen}C	{ return(F_COMP); }
-- 
cgit v1.1