Add SecP384r1MLKEM1024

[alexw91]

Issues:

Adds support for SecP384r1MLKEM1024 from https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/

Description of changes:

Adds support for SecP384r1MLKEM1024 hybrid

Call-outs:

None

Testing:

1. Added AWS-LC unit tests to perform self-talk with SecP384r1MLKEM1024
2. Manually tested AWS-LC interoperability of SecP384r1MLKEM1024 against Openssl v3.5.0 with AWS-LC as both client and server

~/workspace/github/aws-lc$ ./build/tool/bssl s_client -curves SecP384r1MLKEM1024:X25519MLKEM768:X25519 -connect 127.0.0.1:44330 -debug
Connecting to 127.0.0.1:44330
Handshake started.
Handshake progress: TLS client enter_early_data
Handshake progress: TLS client read_server_hello
Handshake progress: TLS 1.3 client read_hello_retry_request
Handshake progress: TLS 1.3 client read_server_hello
Handshake progress: TLS 1.3 client read_encrypted_extensions
Handshake progress: TLS 1.3 client read_certificate_request
Handshake progress: TLS 1.3 client read_server_certificate
Handshake progress: TLS 1.3 client read_server_certificate_verify
Handshake progress: TLS 1.3 client read_server_finished
Handshake progress: TLS 1.3 client send_end_of_early_data
Handshake progress: TLS 1.3 client send_client_encrypted_extensions
Handshake progress: TLS 1.3 client send_client_certificate
Handshake progress: TLS 1.3 client complete_second_flight
Handshake progress: TLS 1.3 client done
Handshake progress: TLS client finish_client_handshake
Handshake progress: TLS client done
Handshake done.
Connected.
  Version: TLSv1.3
  Resumed session: no
  Cipher: TLS_AES_128_GCM_SHA256
  ECDHE group: SecP384r1MLKEM1024
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  Extended master secret: yes
  Next protocol negotiated: 
  ALPN protocol: 
  OCSP staple: no
  SCT list: no
  Early data: no
  Encrypted ClientHello: no
  Cert subject: C = US, ST = WA, L = Seattle, O = Amazon, OU = s2n, CN = localhost
  Cert issuer: C = US, ST = WA, L = Seattle, O = Amazon, OU = s2n, CN = localhost

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.75%. Comparing base (d1c1d72) to head (6f9608a).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2327      +/-   ##
==========================================
- Coverage   78.77%   78.75%   -0.02%     
==========================================
  Files         620      620              
  Lines      107874   107892      +18     
  Branches    15323    15321       -2     
==========================================
- Hits        84977    84970       -7     
- Misses      22239    22265      +26     
+ Partials      658      657       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Looks good to me!

[torben-hansen]

Why this?

[alexw91]

Noticed that MLKEM-512 was missing from the list of all PQ groups. AWS-LC doesn't offer MLKEM-512 standalone yet, but when it's supported it should be in this list. Adding it now avoid having it be missing later.

This list is used to ensure that one PQ and and one ECDHE KeyShare is sent in the ClientHello.