Kyber for aarch64: incorrect Kyber768 and Kyber1024 implementation & symbol names mismatch

[bhess]

The aarch64 implementations of Kyber768 and Kyber1024 seem to be incorrect and don't pass KAT tests.

The cause is in indcpa.c, which for all three Kyber variants appear to implement the same case for K=2:
https://github.com/PQClean/PQClean/blob/master/crypto_kem/kyber768/aarch64/indcpa.c
https://github.com/PQClean/PQClean/blob/master/crypto_kem/kyber1024/aarch64/indcpa.c

Another issue are symbol name mismatches between assembly code and C code, which causes linking to fail.

Example:

PQClean/crypto_kem/kyber1024/aarch64/__asm_poly.S

Line 31 in c3abebf

.global PQCLEAN_KYBER1024_AARCH64__asm_add_reduce

PQClean/crypto_kem/kyber1024/aarch64/neon_poly.c

Line 134 in c3abebf

extern void PQCLEAN_KYBER1024_AARCH64_asm_add_reduce(int16_t *, const int16_t *);

This is also an issue in the dilithium/aarch64 code:

PQClean/crypto_sign/dilithium2/aarch64/__asm_NTT.S

Line 31 in c3abebf

.global PQCLEAN_dilithium2_AARCH64__asm_ntt_SIMD_top

PQClean/crypto_sign/dilithium2/aarch64/ntt.h

Line 39 in c3abebf

extern void PQCLEAN_dilithium2_AARCH64_asm_ntt_SIMD_top(int *des, const int *table, const int *_constants);

The issues were noticed while integrating the latest pqclean code to liboqs (open-quantum-safe/liboqs#1512). The liboqs-PR contains a few temporary patches with fixes for them.

[bhess]

A related question: While #488 added license headers to individual source files of Kyber/Dilithium/aarch64, the main LICENSE files mention only CC0. Was this an oversight or intentional?