I implemented only AES-128 and AES-256. pycryptodome also supports using AES-192 with GCM. Botan supports any cipher that has a GCM OID defined (for instance SM4). I imagine most users really just want AES-256.
For pbes2::Parameters I always associated GCM with Scrypt, partially to avoid a combinatoric explosion of constructors and partially because there doesn't seem to be any reason to use PBKDF2 given the existence of Scrypt. Happy to add PBKDF2 if you prefer otherwise.
The GCM code is quite repetitive and awkward but I could not figure out any good ways of cleaning it up, definitely would appreciate any suggestions here.
The test data was generated using Botan 2.19.3. I also confirmed latest pycryptodome can import ed25519-encpriv-aes256-gcm-scrypt.der
Fixes #1432
Some notes/comments
ed25519-encpriv-aes256-gcm-scrypt.der