Support all signature algorithms

[kpp]

See https://tools.ietf.org/id/draft-ietf-tls-tls13-21.html#rfc.section.4.2.3 for a full list of signature algos.

So far missing:

• [x] PKCS_RSA_SHA384 → a5316e18295fc9dd92031b6039cd18c4549601db
• [x] PKCS_RSA_SHA512 → f9fe8c596b712796a3e8a0ee19907e4d6f5dfe36
• [ ] PKCS_RSA_PSS_SHA256
• [ ] PKCS_RSA_PSS_SHA384
• [ ] PKCS_RSA_PSS_SHA512
• [ ] PKCS_ECDSA_P521_SHA512 (depends on https://github.com/briansmith/ring/issues/824)
• [ ] PKCS_ED448 (depends on https://github.com/briansmith/ring/issues/463)

[est31]

The non-RSA based algos are blocked by ring support, while RSA based algos haven't been much of a priority for me because ring has no key generation support. I'm open to adding them though.

[kpp]

I see. While there is no key generation support, we can at least load them from a file.

[est31]

I've tried adding RSA_PSS support in b2733e86011de5ad08f4e54d2231b103f5d56495 but didn't get it to work. So I made support non-pub for now. See also 46bf2eff0b5f8eac1fb8ddf7cc807e168277e3a4 . One could say it's blocked on https://github.com/briansmith/ring/issues/1353 , but I'm not sure.

I might try to build a remote KeyPair that can ingest openssl keys. Based on that I could build support for the remaining signature algorithms.

[kpp]

I created a tool in go to generate certs signed with different algos: https://gist.github.com/kpp/c9c84411e17f4b27dddf0d438b289862#file-main-go with hardcoded var signatureScheme = tls.PSSWithSHA384. You can use that. I was never able to generate valid PSS certs with openssl.

[Alvenix]

* [ ]  PKCS_ECDSA_P521_SHA512 (depends on [NIST curve P-521 SHA-512 support for generating keys and signing briansmith/ring#824](https://github.com/briansmith/ring/issues/824))

Can't this be supported now, with the aws_lc_rs feature? If the support is still desired and currently possible, I could try to work on a PR to add the support.

[djc]

@Alvenix yeah, that probably makes sense. Would be great if you can submit a PR for this!