support for aes-gcm

OK reyk

1 files changed, 10 insertions, 3 deletions

diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5
index 309ee86bc3e..dec74dc2e64 100644
--- a/sbin/iked/iked.conf.5
+++ b/sbin/iked/iked.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: iked.conf.5,v 1.8 2010/07/01 02:15:08 reyk Exp $
+.\" $OpenBSD: iked.conf.5,v 1.9 2010/09/23 11:42:36 mikeb Exp $
 .\" $vantronix: iked.conf.5,v 1.10 2010/06/03 16:13:40 reyk Exp $
 .\"
 .\" Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 1 2010 $
+.Dd $Mdocdate: September 23 2010 $
 .Dt IKED.CONF 5
 .Os
 .Sh NAME
@@ -644,6 +644,12 @@ keyword:
 .It Li aes-192 Ta "192 bits"
 .It Li aes-256 Ta "256 bits"
 .It Li aes-ctr Ta "160 bits" Ta "[ESP only]"
+.It Li aes-128-gcm Ta "160 bits" Ta "[ESP only]"
+.It Li aes-192-gcm Ta "224 bits" Ta "[ESP only]"
+.It Li aes-256-gcm Ta "288 bits" Ta "[ESP only]"
+.It Li aes-128-gmac Ta "160 bits" Ta "[ESP only]"
+.It Li aes-192-gmac Ta "224 bits" Ta "[ESP only]"
+.It Li aes-256-gmac Ta "288 bits" Ta "[ESP only]"
 .It Li blowfish Ta "160 bits" Ta "[ESP only]"
 .It Li cast Ta "128 bits" Ta "[ESP only]"
 .It Li null Ta "" Ta "[ESP only]"
@@ -659,8 +665,9 @@ This is because the most significant bit of each byte is used for parity.
 The keysize of AES-CTR is actually 128-bit.
 However as well as the key, a 32-bit nonce has to be supplied.
 Thus 160 bits of key material have to be supplied.
+The same applies to AES-GCM and AES-GMAC.
 .Pp
-Using NULL with ESP will only provide authentication.
+Using AES-GMAC or NULL with ESP will only provide authentication.
 This is useful in setups where AH can not be used, e.g. when NAT is involved.
 .Pp
 The following group types are permitted with the