Support crypto agility

[geonnave]

Right now the library only supports Cipher Suite 2: AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256.

We should support more cipher suites, and also enable negotiation of cipher suites.

Some background

According to the spec...

• Implementations MUST support cipher suites 2 and 3 (note that these only differ in the size of the MAC length)

• Cipher suites 0-3, based on AES-CCM, are intended for constrained IoT where message overhead is a very important factor:

0. AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES‑CCM‑16‑64‑128, SHA-256
1. AES-CCM-16-128-128, SHA‑256, 16, X25519, EdDSA, AES‑CCM‑16‑64‑128, SHA-256
2. AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256
3. AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256

• Ciphers with ChaCha/Poly:

4. ChaCha20/Poly1305, SHA-256, 16, X25519, EdDSA, ChaCha20/Poly1305, SHA-256
5. ChaCha20/Poly1305, SHA-256, 16, P-256, ES256, ChaCha20/⁠Poly1305, SHA-256

Plan

• support cipher suite 3
• support cipher suite negotiation
• support cipher suite 0 and/or 1
  • NOTE: requires modifying the crypto backend to support X25519 and EdDSA

[malishav]

I agree on the plan outlined here! We should also discuss in parallel with this how to enable support for multiple authentication methods.

[geonnave]

support for multiple authentication methods.

Tracked in #278.