Adds support for IEEE P1363 formatted ECDSA signatures

[SalusaSecondus]

Description of changes: Adds support for IEEE P1363 formatted ECDSA signatures. These signatures consist of a direct concatenation of the r and s values as opposed to the default ASN.1 encoding. Correctness is checked by comparing them to the equivalent "withPLAIN-ECDSA" algorithms from BouncyCastle and Wycheproof.

The specific language from the IEEE specification follows:

For DL/ECSSA, the output of the signature generation function (see Section 10.2.2) is a pair of integers (c, d). Let r denote the order of the generator (g or G) in the DL or EC settings (see Sections 6.1 and 7.1), and let l = ceil(log256 r) (i.e., l is the length of r in octets). The output (c, d) may be formatted as an octet string as follows: convert the integers c and d to octet strings C and D, respectively, of length l octets each, using the primitive I2OSP, and output the concatenation C || D. To parse the signature, split the octet string into two components C and D, of length l each, and convert them to integers c and d, respectively, using OS2IP. Note that it is essential that both C and D be of length l, even if it means that they have leading zero octets.

NOTE— The output of DL/ECSSA may also be formatted according to the following method, described in more detail in X9.57 [ANS97c] and X9.62 [ANS98e]. Combine c and d into an ASN.1 structure [ISO98a] and encode the structure using some encoding rules, such as Basic Encoding Rules (BER) or Distinguished Encoding Rules (DER) [ISO98e].

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[SalusaSecondus]

Overkill failed due to Java Heap Space

[SalusaSecondus]

Overkill failed due to heap space error on testing. This is a known issue with our test harness. I've restarted the test, but that is a non-blocking issue.

[WesleyRosenblum]

Some minor issues, I didn't review the tests