implement djb legacy ChaCha20Poly1305 construction

[kamulos]

This is a continuation of #304 : I rebased my changes and refactored most of it for better readability. I tried to do it in the most concrete way, without abstractions like the Cipher type in the crate. I don't think there is a big chance of code sharing with other algorithms.

Please have a look anytime for feedback. There is definitely some polishing to do, but in general I am happy with the state it is in and I also did some randomized testing with the libsodium. Encryption and decryption between the two libraries seem to work.

[tarcieri]

We have a crate for the libsodium-compatible ChaCha20Poly1305 secretbox construction here: https://github.com/RustCrypto/nacl-compat/tree/master/crypto_secretbox

Notably this construction doesn't support AAD, so it isn't actually an AEAD

[kamulos]

Sorry, I can't entirely follow. Are you saying that what I did is already implemented? Are you saying that what I implemented is not an AEAD? Or is the link you provided something that I should have used to build what I did?

So what I implemented should use the associated data correctly. And it claims to be an AEAD. There should be compatibility with the following libsodium functions: crypto_aead_chacha20poly1305_encrypt, crypto_aead_chacha20poly1305_decrypt, crypto_aead_chacha20poly1305_encrypt_detached, crypto_aead_chacha20poly1305_decrypt_detached

[tarcieri]

TIL there's a third construction that calls itself ChaCha20Poly1305. Sigh.