EAX: provide an implementation of EAX

EAX: provide an implementation of EAX

EAX is a reasonably well-regarded Authenticated Encryption block
cipher mode.  We intend to replace the existing CBC and CBC-MAC
transform with EAX.  EAX can be used with any block cipher, but we
will use it with Serpent.

In this patch we provide an implementation of EAX itself.

This primary consists of eax.c, the actual implementation of the EAX
mode.

To test that our implementation is correct, we use aes.[ch], which we
copied from qemu in the previous commit, to run the EAX-AES test
vectors.  These are cut-and-pasted out of the EAX paper.

(To do this we need to make aes.[ch] compile in our environment - but
the changes are minimal.  We also improve the copyright notices.)

Then for completeness we also provide EAX-Serpent and EAX-Serpent-BE
test vectors and the corresponding test code.  The EAX-Serpent test
vectors are from Mark Wooding.  The EAX-SerpentBE test vectors were
generated by this very code, so aren't independently verified.

(The implementation of what is now consttime_curious_multiply, and the
comment preeding it, was provided by Mark.  I have lightly edited it
to conform to the coding style etc. of the rest of the file.  Mark
also contributed improvements to alg_omac_t_k.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Signed-off-by: Mark Wooding <mdw@distorted.org.uk>