Support all signature algorithms

[kpp]

See https://tools.ietf.org/id/draft-ietf-tls-tls13-21.html#rfc.section.4.2.3 for a full list of signature algos.

So far missing:

• PKCS_RSA_SHA384 → a5316e1
• PKCS_RSA_SHA512 → f9fe8c5
• PKCS_RSA_PSS_SHA256
• PKCS_RSA_PSS_SHA384
• PKCS_RSA_PSS_SHA512
• PKCS_ECDSA_P521_SHA512 (depends on NIST curve P-521 SHA-512 support for generating keys and signing briansmith/ring#824)
• PKCS_ED448 (depends on Ed448 support briansmith/ring#463)

[est31]

The non-RSA based algos are blocked by ring support, while RSA based algos haven't been much of a priority for me because ring has no key generation support. I'm open to adding them though.

[kpp]

I see. While there is no key generation support, we can at least load them from a file.

[est31]

I've tried adding RSA_PSS support in b2733e8 but didn't get it to work. So I made support non-pub for now. See also 46bf2ef . One could say it's blocked on briansmith/ring#1353 , but I'm not sure.

I might try to build a remote KeyPair that can ingest openssl keys. Based on that I could build support for the remaining signature algorithms.

[kpp]

I created a tool in go to generate certs signed with different algos: https://gist.github.com/kpp/c9c84411e17f4b27dddf0d438b289862#file-main-go with hardcoded var signatureScheme = tls.PSSWithSHA384. You can use that. I was never able to generate valid PSS certs with openssl.

[Alvenix]

* [ ]  PKCS_ECDSA_P521_SHA512 (depends on [NIST curve P-521 SHA-512 support for generating keys and signing briansmith/ring#824](https://github.com/briansmith/ring/issues/824))

Can't this be supported now, with the aws_lc_rs feature? If the support is still desired and currently possible, I could try to work on a PR to add the support.

[djc]

@Alvenix yeah, that probably makes sense. Would be great if you can submit a PR for this!