Implement Blake2Xb

[NoamK-CR]

I have a working implementation of Blake2Xb. I couldn't find test vectors, so I wrote a test comparing to the official Go implementation.

Open questions:

• Blake2X has a slightly different parameter block structure, so I had to refactor some code. I'm not sure how to best benchmark this.
• How do I convert the test I wrote to the digest::dev::blobby format?
• I'm sure some of the code doesn't follow the "design philosopy" of digest and am happy to refactor according to your comments.

[NoamK-CR]

@newpavlov I don't mean to bug you, but is there any way I can help you get this merged?

I ran benchmarks on master and my branch and got some confusing results:

(master)> cargo +nightly bench
   Compiling typenum v1.18.0
   Compiling subtle v2.6.1
   Compiling blobby v0.4.0-pre.0
   Compiling base16ct v0.2.0
   Compiling hex-literal v1.0.0
   Compiling hybrid-array v0.3.0
   Compiling crypto-common v0.2.0-rc.2 (https://github.com/RustCrypto/traits#de72c670)
   Compiling block-buffer v0.11.0-rc.4
   Compiling digest v0.11.0-pre.10 (https://github.com/RustCrypto/traits#de72c670)
   Compiling blake2 v0.11.0-pre.5 (/home/noamk/Projects/RustCrypto/hashes/blake2)
    Finished `bench` profile [optimized] target(s) in 2.54s
     Running unittests src/lib.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/blake2-8d67bd15bb66a606)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running benches/mod.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/mod-f0bd7b1fad5afa9f)

running 8 tests
test blake2b512_10    ... bench:           9.58 ns/iter (+/- 0.38) = 1111 MB/s
test blake2b512_100   ... bench:          93.73 ns/iter (+/- 35.65) = 1075 MB/s
test blake2b512_1000  ... bench:         896.60 ns/iter (+/- 134.02) = 1116 MB/s
test blake2b512_10000 ... bench:       9,103.83 ns/iter (+/- 3,199.71) = 1098 MB/s
test blake2s256_10    ... bench:          17.42 ns/iter (+/- 1.32) = 588 MB/s
test blake2s256_100   ... bench:         167.14 ns/iter (+/- 7.36) = 598 MB/s
test blake2s256_1000  ... bench:       1,870.74 ns/iter (+/- 595.84) = 534 MB/s
test blake2s256_10000 ... bench:      16,086.57 ns/iter (+/- 13,405.09) = 621 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 25.22s

(master)> git checkout blake2xb
Switched to branch 'blake2xb'
Your branch is up to date with 'origin/blake2xb'.
(blake2xb)> cargo +nightly bench
   Compiling blake2 v0.11.0-pre.5 (/home/noamk/Projects/RustCrypto/hashes/blake2)
    Finished `bench` profile [optimized] target(s) in 0.84s
     Running unittests src/lib.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/blake2-8d67bd15bb66a606)

running 1 test
test blake2x::test ... ignored

test result: ok. 0 passed; 0 failed; 1 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running benches/mod.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/mod-f0bd7b1fad5afa9f)

running 8 tests
test blake2b512_10    ... bench:          10.87 ns/iter (+/- 0.91) = 1000 MB/s
test blake2b512_100   ... bench:         105.04 ns/iter (+/- 4.60) = 952 MB/s
test blake2b512_1000  ... bench:       1,175.11 ns/iter (+/- 256.72) = 851 MB/s
test blake2b512_10000 ... bench:       9,956.15 ns/iter (+/- 374.64) = 1004 MB/s
test blake2s256_10    ... bench:          17.07 ns/iter (+/- 0.99) = 588 MB/s
test blake2s256_100   ... bench:         159.82 ns/iter (+/- 8.63) = 628 MB/s
test blake2s256_1000  ... bench:       1,597.56 ns/iter (+/- 43.09) = 626 MB/s
test blake2s256_10000 ... bench:      15,576.60 ns/iter (+/- 51.43) = 642 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 18.72s

(blake2xb)> cargo +nightly bench
    Finished `bench` profile [optimized] target(s) in 0.02s
     Running unittests src/lib.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/blake2-8d67bd15bb66a606)

running 1 test
test blake2x::test ... ignored

test result: ok. 0 passed; 0 failed; 1 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running benches/mod.rs (/home/noamk/Projects/RustCrypto/hashes/target/release/deps/mod-f0bd7b1fad5afa9f)

running 8 tests
test blake2b512_10    ... bench:           9.61 ns/iter (+/- 0.58) = 1111 MB/s
test blake2b512_100   ... bench:          93.56 ns/iter (+/- 8.51) = 1075 MB/s
test blake2b512_1000  ... bench:         905.65 ns/iter (+/- 71.35) = 1104 MB/s
test blake2b512_10000 ... bench:       8,866.65 ns/iter (+/- 311.23) = 1127 MB/s
test blake2s256_10    ... bench:          15.19 ns/iter (+/- 0.68) = 666 MB/s
test blake2s256_100   ... bench:         148.14 ns/iter (+/- 3.79) = 675 MB/s
test blake2s256_1000  ... bench:       1,420.34 ns/iter (+/- 85.71) = 704 MB/s
test blake2s256_10000 ... bench:      14,112.17 ns/iter (+/- 501.32) = 708 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 23.83s

The first run on my branch gave worse results for blake2b and the same for blake2s (which would make some sense if my code is really less performant), but then I ran it again and got results that match master for blake2b and are better than master for blake2s. Should I run the benchmarks a few more times, or is this a negligible difference?