Add CCM and GCM mode support to AES in pkcs11_softtoken
Currently the AES_[CG]CM modes are only supported within the kernel. Userland utilities (such as IKE, SSH, SSL/TLS) might also want support for this.
The one wrinkle is that the current standard version of pkcs11 (2.20 amendment 3) doesn't define this. The draft of 2.30 however does (but does not specify a value for CKM_AES_[CG]CM, but does define a draft structure for CKM[CG]CM_PARAMS. The draft has been unchanged since 2009, so it is unclear when (if ever) it will become the next version.
A solution would be to use a vendor defined value (such as CKM_ILLUMOS_AES_[CG]CM and CKM_ILLUMOS-AES[CG]CM_PARAMS) and whenever 2.30 is ratified, the Illumos implementation can be mapped to the standard one (either through #defines or support within libpkcs11).
Another solution would be to create a small private header file that is not packaged to define these values and remove it when 2.30 is ratified (though this would obviously prevent anything outside of illumos-gate from being able to utilize this while 2.30 remains in a draft state).