Handle NIST format signatures

BoringSSL expects EC signatures in DER format, but COSE transports
them in NIST format (bare concatenation of R and S).

Add code to support conversion from NIST to DER, and provide separate
signature verification methods for each format.

Loosely based on aosp/3064203.

Bug: 338745127
Test: atest VmAttestationTestApp
Change-Id: If5dd07e5e5b94a4c7491b2f828cfe73a2492df64
diff --git a/libs/bssl/tests/eckey_test.rs b/libs/bssl/tests/eckey_test.rs
index 3c0e45d..00ed6c5 100644
--- a/libs/bssl/tests/eckey_test.rs
+++ b/libs/bssl/tests/eckey_test.rs
@@ -88,7 +88,7 @@
     assert_eq!(digest, sha256(MESSAGE1)?);
 
     let signature = ec_key.ecdsa_sign(&digest)?;
-    ec_key.ecdsa_verify(&signature, &digest)?;
+    ec_key.ecdsa_verify_der(&signature, &digest)?;
     // Building a `PKey` from a temporary `CoseKey` should work as the lifetime
     // of the `PKey` is not tied to the lifetime of the `CoseKey`.
     let pkey = PKey::from_cose_public_key(&ec_key.cose_public_key()?)?;
@@ -103,7 +103,7 @@
     let digest = digester.digest(MESSAGE1)?;
 
     let signature = ec_key.ecdsa_sign(&digest)?;
-    ec_key.ecdsa_verify(&signature, &digest)?;
+    ec_key.ecdsa_verify_der(&signature, &digest)?;
     let pkey = PKey::from_cose_public_key(&ec_key.cose_public_key()?)?;
     pkey.verify(&signature, MESSAGE1, Some(digester))
 }
@@ -117,7 +117,7 @@
 
     let mut ec_key2 = EcKey::new_p256()?;
     ec_key2.generate_key()?;
-    let err = ec_key2.ecdsa_verify(&signature, &digest).unwrap_err();
+    let err = ec_key2.ecdsa_verify_der(&signature, &digest).unwrap_err();
     let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
     assert_eq!(expected_err, err);
 
@@ -137,7 +137,7 @@
     let signature = ec_key.ecdsa_sign(&digest1)?;
     let digest2 = sha256(MESSAGE2)?;
 
-    let err = ec_key.ecdsa_verify(&signature, &digest2).unwrap_err();
+    let err = ec_key.ecdsa_verify_der(&signature, &digest2).unwrap_err();
     let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
     assert_eq!(expected_err, err);
     Ok(())