XTS Mode

[zer0x64]

I implemented the trait on the pre release of cipher.

Suggestions for the cipher crate:

• There does not seem to be a way to return errors using the traits. In ciphertext stealing case, this happens when the plain/ciphertext is shorter then the blocksize. The cts crate simply bypasses the trait system and implement the encryption methods directly on the struct.
• The macros for tests does not work for ciphertext stealing as the tests asserts that the inputs are a multiple of the blocksize.
• There are no traits for seeking, for block ciphers that supports it (another good use case is CBC decryption)

Missing:

• [x] Find out how to integrate ciphertext stealing with the cipher traits correctly (cannot actually be done, see comment below)
• [x] Ciphertext stealing tests
• [x] Benchmarks
• [ ] Optimise use of the InOut-based methods, as I initially wrote the implementation in-place.
• [x] Finish up documentation
• [x] Make GF operations constant time

If you've got any suggestion for the first point, it would be appreciated!

[zer0x64]

Okay, I found the underlying issue: BlockModeEncrypt/Decrypt simply does not support encrypting/decrypting data that's not aligned to a block without using padding. Therefore, it simply cannot provide ciphertext stealing.

For now, I will do like the cts crate is doing and manually implement the encrypt/decrypt methods on the Encryptor/Decryptor

[zer0x64]

Opened up for review, since the InOut refactoring to do can be done in a separate PR.

All IEEE 1619-2018 tests passes, parallel computing is supported, and doc is done.

[zer0x64]

Made a rookie mistake, the GF operations are not constant time. This should be an easy fix

[newpavlov]

Right now I work on other things, so I will try to take a look at this in a week or two.