despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.