hammer2 - Implement aes_256_cbc session encryption

hammer2 - Implement aes_256_cbc session encryption

* The AES session key and initial iv[] are transmitted in the public key
  exchange.

* The actual AES session key and initial iv[] is the data received XOR'd
  with the data sent, so if the public key exchange is broken (even if
  the verifier succeeds), the rest of the session will die a horrible
  death.

* We use aes_256_cbc and in addition to the iv[] being adjusted by the
  data in-flight we also inject some random data in each message header
  to mix iv[] up even more than it would be normally.

* We also check the message sequence number, which is embedded in the
  random data (the raw msg header's salt field), though the iv[] should
  catch any replays.

* NOTE: Verifier is still weak, but the session key and iv[] exchange
 	is very strong.