diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c
index 365f0ef833a..b8dd7497e97 100644
--- a/lib/libipsec/pfkey_dump.c
+++ b/lib/libipsec/pfkey_dump.c
@@ -149,6 +149,18 @@ static struct val2str str_alg_auth[] = {
 #endif
 #ifdef SADB_X_AALG_AES_XCBC_MAC
 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
+#endif
+#ifdef SADB_X_AALG_AES128GMAC
+	{ SADB_X_AALG_AES128GMAC, "gmac-aes-128", },
+#endif
+#ifdef SADB_X_AALG_AES192GMAC
+	{ SADB_X_AALG_AES192GMAC, "gmac-aes-192", },
+#endif
+#ifdef SADB_X_AALG_AES256GMAC
+	{ SADB_X_AALG_AES256GMAC, "gmac-aes-256", },
+#endif
+#ifdef SADB_X_AALG_CHACHA20POLY1305
+	{ SADB_X_AALG_CHACHA20POLY1305, "chacha20-poly1305", },
 #endif
 	{ -1, NULL, },
 };
@@ -168,8 +180,17 @@ static struct val2str str_alg_enc[] = {
 #ifdef SADB_X_EALG_AESCTR
 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
 #endif
+#ifdef SADB_X_EALG_AESCCM16
+	{ SADB_X_EALG_AESGCM16, "aes-ccm-16", },
+#endif
+#ifdef SADB_X_EALG_AESGMAC
+	{ SADB_X_EALG_AESGMAC, "aes-gmac", },
+#endif
 #ifdef SADB_X_EALG_AESGCM16
 	{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
+#endif
+#ifdef SADB_X_EALG_CHACHA20POLY1305
+	{ SADB_X_EALG_CHACHA20POLY1305, "chacha20-poly1305", },
 #endif
 	{ -1, NULL, },
 };
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index 9a0cc9ea191..82d5a046950 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -147,11 +147,15 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 
 	/* authentication alogorithm */
 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
+<S_AUTHALG>chacha20-poly1305 { yylval.num = SADB_X_AALG_CHACHA20POLY1305; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>gmac-aes-128 { yylval.num = SADB_X_AALG_AES128GMAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>gmac-aes-192 { yylval.num = SADB_X_AALG_AES192GMAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>gmac-aes-256 { yylval.num = SADB_X_AALG_AES256GMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
@@ -161,8 +165,11 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-cbc	{ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gmac	{ yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); }
+<S_ENCALG>aes-ccm-16	{ yylval.num = SADB_X_EALG_AESCCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
 <S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
+<S_ENCALG>chacha20-poly1305 { yylval.num = SADB_X_EALG_CHACHA20POLY1305; BEGIN INITIAL; return(ALG_ENC_SALT); }
 
 	/* compression algorithms */
 {hyphen}C	{ return(F_COMP); }
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 4d607a4d8b1..ce97e701080 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -372,6 +372,7 @@ _Static_assert(sizeof(struct sadb_x_sa_replay) == 8, "struct size mismatch");
 #define SADB_X_AALG_AES128GMAC	11		/* RFC4543 + Errata1821 */
 #define SADB_X_AALG_AES192GMAC	12
 #define SADB_X_AALG_AES256GMAC	13
+#define	SADB_X_AALG_CHACHA20POLY1305	14
 #define SADB_X_AALG_MD5		249	/* Keyed MD5 */
 #define SADB_X_AALG_SHA		250	/* Keyed SHA */
 #define SADB_X_AALG_NULL	251	/* null authentication */
@@ -387,6 +388,8 @@ _Static_assert(sizeof(struct sadb_x_sa_replay) == 8, "struct size mismatch");
 #define SADB_X_EALG_AES		12
 #define	SADB_X_EALG_AESCBC	12
 #define SADB_X_EALG_AESCTR	13
+#define	SADB_X_EALG_AESCCM16	14
+#define	SADB_X_EALG_CHACHA20POLY1305	15
 #define SADB_X_EALG_AESGCM8	18	/* RFC4106 */
 #define SADB_X_EALG_AESGCM12	19
 #define SADB_X_EALG_AESGCM16	20
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 86dc9ea4102..3fe8db9c07b 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -586,9 +586,11 @@ static struct supported_ealgs {
 } supported_ealgs[] = {
 	{ SADB_X_EALG_AES,		&enc_xform_rijndael128 },
 	{ SADB_EALG_NULL,		&enc_xform_null },
+	{ SADB_X_EALG_AESCCM16,		&enc_xform_ccm },
 	{ SADB_X_EALG_AESCTR,		&enc_xform_aes_icm },
 	{ SADB_X_EALG_AESGCM16,		&enc_xform_aes_nist_gcm },
 	{ SADB_X_EALG_AESGMAC,		&enc_xform_aes_nist_gmac },
+	{ SADB_X_EALG_CHACHA20POLY1305,	&enc_xform_chacha20_poly1305 },
 };
 
 static struct supported_aalgs {
@@ -603,6 +605,7 @@ static struct supported_aalgs {
 	{ SADB_X_AALG_AES128GMAC,	&auth_hash_nist_gmac_aes_128 },
 	{ SADB_X_AALG_AES192GMAC,	&auth_hash_nist_gmac_aes_192 },
 	{ SADB_X_AALG_AES256GMAC,	&auth_hash_nist_gmac_aes_256 },
+	{ SADB_X_AALG_CHACHA20POLY1305,	&auth_hash_chacha20_poly1305 },
 };
 
 static struct supported_calgs {
diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h
index e3c1417a2f9..9091220fc97 100644
--- a/sys/netipsec/keydb.h
+++ b/sys/netipsec/keydb.h
@@ -195,6 +195,8 @@ struct secasvar {
 			(_sav)->alg_enc == SADB_X_EALG_AESGCM12 ||	\
 			(_sav)->alg_enc == SADB_X_EALG_AESGCM16)
 #define	SAV_ISCTR(_sav) ((_sav)->alg_enc == SADB_X_EALG_AESCTR)
+#define	SAV_ISCHACHA(_sav)	\
+    ((_sav)->alg_enc == SADB_X_EALG_CHACHA20POLY1305)
 #define SAV_ISCTRORGCM(_sav)	(SAV_ISCTR((_sav)) || SAV_ISGCM((_sav)))
 
 #define	IPSEC_SEQH_SHIFT	32
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index a7d5776e4da..e9082cea043 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -166,7 +166,8 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 	}
 
 	/* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */
-	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4;
+	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4 -
+	    SAV_ISCHACHA(sav) * 4;
 	if (txform->minkey > keylen || keylen > txform->maxkey) {
 		DPRINTF(("%s: invalid key length %u, must be in the range "
 			"[%u..%u] for algorithm %s\n", __func__,
@@ -223,6 +224,12 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 		csp.csp_mode = CSP_MODE_AEAD;
 		if (sav->flags & SADB_X_SAFLAGS_ESN)
 			csp.csp_flags |= CSP_F_SEPARATE_AAD;
+	} else if (sav->alg_enc == SADB_X_EALG_CHACHA20POLY1305) {
+		sav->alg_auth = SADB_X_AALG_CHACHA20POLY1305;
+		sav->tdb_authalgxform = &auth_hash_chacha20_poly1305;
+		csp.csp_mode = CSP_MODE_AEAD;
+		if (sav->flags & SADB_X_SAFLAGS_ESN)
+			csp.csp_flags |= CSP_F_SEPARATE_AAD;
 	} else if (sav->alg_auth != 0) {
 		csp.csp_mode = CSP_MODE_ETA;
 		if (sav->flags & SADB_X_SAFLAGS_ESN)
@@ -235,7 +242,7 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 	if (csp.csp_cipher_alg != CRYPTO_NULL_CBC) {
 		csp.csp_cipher_key = sav->key_enc->key_data;
 		csp.csp_cipher_klen = _KEYBITS(sav->key_enc) / 8 -
-		    SAV_ISCTRORGCM(sav) * 4;
+		    SAV_ISCTRORGCM(sav) * 4 - SAV_ISCHACHA(sav) * 4;
 	};
 	csp.csp_ivlen = txform->ivsize;