Handle NIST format signatures BoringSSL expects EC signatures in DER format, but COSE transports them in NIST format (bare concatenation of R and S). Add code to support conversion from NIST to DER, and provide separate signature verification methods for each format. Loosely based on aosp/3064203. Bug: 338745127 Test: atest VmAttestationTestApp Change-Id: If5dd07e5e5b94a4c7491b2f828cfe73a2492df64

commit: b2f52fbb36161bde0cfa3661765acbad0221174b [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Thu May 09 10:12:55 2024 +0100
committer: Alan Stokes <alanstokes@google.com> Thu May 09 14:11:12 2024 +0100
tree: a892550b79223eacab03b3efe23310d409d6291a
parent: 337612085408c14cb7eb69422082b66e876f5756 [diff]
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index 9151ce1..0d57301 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs

@@ -228,7 +228,7 @@
     let tbs_cert = cert.tbs_certificate;
     let digest = sha256(&tbs_cert.to_der().unwrap()).unwrap();
     authority_public_key
-        .ecdsa_verify(cert.signature.raw_bytes(), &digest)
+        .ecdsa_verify_der(cert.signature.raw_bytes(), &digest)
         .expect("Failed to verify the certificate signature with the authority public key");
 
     // Checks that the certificate's subject public key is equal to the key in the CSR.
commit	b2f52fbb36161bde0cfa3661765acbad0221174b	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Thu May 09 10:12:55 2024 +0100
committer	Alan Stokes <alanstokes@google.com>	Thu May 09 14:11:12 2024 +0100
tree	a892550b79223eacab03b3efe23310d409d6291a
parent	337612085408c14cb7eb69422082b66e876f5756 [diff]