Add tests and implementation for Encrypt-then-MAC mode
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <firstname.lastname@example.org>
Reviewed-by: Jon Simons <email@example.com>
Reviewed-by: Jakub Jelen <firstname.lastname@example.org>