Abstraction Layer for Hybrid KEMs

[FAlbertDev]

We plan to add various KEM combiners in the following weeks/months. A KEM combiner is a KEM (with a KEM interface) that internally consists of two (or more) KEMs and/or key exchange algorithms transformed into KEMs. They are used for combining PQC with a classical public key algorithm. For that, this PR defines an abstract interface, a common base for these combiners.

In general, each KEM combiner consists of multiple public/private keys stored internally that are used to encapsulate multiple shared secrets. These multiple shared secrets are combined (using some sort of KDF) into a single shared secret. For that, the abstraction stores multiple public/private keys and implements the common boilerplate, such as defining the overall strength by returning the strength of the strongest sub-algorithm, etc. Also, a convenient interface for Encryptors and Decryptors is implemented. The existing TLS KEM combiner has been refactored to use this hybrid KEM abstraction.

For the BSI Project 481, we currently plan to implement the following three additional KEM combiners:

• X-Wing (Draft): Combines X25519 with ML-KEM-768. Developed by Cloudflare.
• Ounsworth KEM-Combiner (Draft): Can combine any KEMs. Backed by BSI.
• CatKDF and/or CasKDF: Combines ECDH with any PQC KEM. It is defined as a KEX, but a translation to KEM is given. ETSI standard, recommended in BSI TR-02102-1 Section B.1.2..