DNSSEC: fix loading of ECDSA public key

closes #210

src/libknot/dnssec/sign.c

@@ -32,6 +32,8 @@
 #include <openssl/ecdsa.h>
 #endif
 
+#define DNSKEY_RDATA_PUBKEY_OFFSET 4
+
 struct algorithm_functions;
 typedef struct algorithm_functions algorithm_functions_t;
 
@@ -417,13 +419,20 @@ static int ecdsa_set_public_key(const knot_binary_t *rdata, EC_KEY *ec_key)
 	assert(rdata);
 	assert(ec_key);
 
-	if (rdata->size % 2 != 0) {
+	if (rdata->size <= DNSKEY_RDATA_PUBKEY_OFFSET) {
+		return KNOT_EINVAL;
+	}
+
+	uint8_t *pubkey_data = rdata->data + DNSKEY_RDATA_PUBKEY_OFFSET;
+	size_t pubkey_size = rdata->size - DNSKEY_RDATA_PUBKEY_OFFSET;
+
+	if (pubkey_size % 2 != 0) {
 		return KNOT_EINVAL;
 	}
 
-	size_t param_size = rdata->size / 2;
-	uint8_t *x_ptr = rdata->data;
-	uint8_t *y_ptr = rdata->data + param_size;
+	size_t param_size = pubkey_size / 2;
+	uint8_t *x_ptr = pubkey_data;
+	uint8_t *y_ptr = pubkey_data + param_size;
 
 	BIGNUM *x = BN_bin2bn(x_ptr, param_size, NULL);
 	BIGNUM *y = BN_bin2bn(y_ptr, param_size, NULL);

tests/dnssec_sign.c

@@ -135,7 +135,7 @@ int main(int argc, char *argv[])
 		kp.name = knot_dname_from_str("example.com", 12);
 		kp.algorithm = 13;
 		knot_binary_from_base64("1N/PvpB8jZcvv+zr3Q987RKK1cBxDKULzEc5F/nnpSg=", &kp.private_key);
-		knot_binary_from_base64("fe3oR+S8crl9AwayWFZwJ8wXpDeg1uiXZ/X0MYBvyvj1lfuJDXawUjKuzYKLAPEVH1jt8XbM5nTTlVXUsDebVA==", &kp.rdata);
+		knot_binary_from_base64("AAAAAH3t6EfkvHK5fQMGslhWcCfMF6Q3oNbol2f19DGAb8r49ZX7iQ12sFIyrs2CiwDxFR9Y7fF2zOZ005VV1LA3m1Q=", &kp.rdata);
 
 		test_algorithm("ECDSA", &kp);
 		knot_free_key_params(&kp);