Instead of public_size / private_size which are in bytes only, this
uses function numBits to recover the effective length of the modulus
in bits. The patch also handles removal of unneeded initial byte when
the length is 1 modulo 8.
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions. Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:
1) for some signing server it only has a digest (without message)
2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily
*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
use the typeclass for the lowest IO impure C bindings definitions,
and define the pure interface as generic on top of this.
At the same time define an Hash.IO interface to allow mutable manipulations
of hash contextes when necessary.
Use HashAlgorithm instead of HashFunction in the [PubKey] sections
Tweak the HMAC, PBKDF2 functions to be more efficient and use the new interface
