asn1: Improved encoding/decoding for OID types

The first identifier in an Object Identifer must be between 0 and 2 inclusive. The range of values that the second one can take depends on the value of the first one. The two first identifiers are not necessarily encoded in a single octet, but in a varint. R=golang-dev, agl CC=golang-dev https://golang.org/cl/10140046

asn1: Improved encoding/decoding for OID types
The first identifier in an Object Identifer must be between 0 and 2 inclusive. The range of values that the second one can take depends on the value of the first one. The two first identifiers are not necessarily encoded in a single octet, but in a varint. R=golang-dev, agl CC=golang-dev https://golang.org/cl/10140046
02a891b3 · Gerasimos Dimitriadis · Adam Langley · 71051953 · 02a891b3 · 02a891b3
Commit 02a891b3 authored Jun 10, 2013 by Gerasimos Dimitriadis Committed by Adam Langley Jun 10, 2013
5 changed files
--- a/src/pkg/crypto/x509/x509_test.go
+++ b/src/pkg/crypto/x509/x509_test.go
@@ -308,7 +308,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
 	}

 	testExtKeyUsage := []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageServerAuth}
-	testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{3, 2, 1}}
+	testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}}

 	for _, test := range tests {
 		commonName := "test.example.com"

--- a/src/pkg/encoding/asn1/asn1.go
+++ b/src/pkg/encoding/asn1/asn1.go
@@ -210,12 +210,24 @@ func parseObjectIdentifier(bytes []byte) (s []int, err error) {
 	// encoded differently) and then every varint is a single byte long.
 	s = make([]int, len(bytes)+1)

-	// The first byte is 40*value1 + value2:
-	s[0] = int(bytes[0]) / 40
-	s[1] = int(bytes[0]) % 40
+	// The first varint is 40*value1 + value2:
+	// According to this packing, value1 can take the values 0, 1 and 2 only.
+	// When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+	// then there are no restrictions on value2.
+	v, offset, err := parseBase128Int(bytes, 0)
+	if err != nil {
+		return
+	}
+	if v < 80 {
+		s[0] = v / 40
+		s[1] = v % 40
+	} else {
+		s[0] = 2
+		s[1] = v - 80
+	}
+
 	i := 2
-	for offset := 1; offset < len(bytes); i++ {
-		var v int
+	for ; offset < len(bytes); i++ {
 		v, offset, err = parseBase128Int(bytes, offset)
 		if err != nil {
 			return

--- a/src/pkg/encoding/asn1/asn1_test.go
+++ b/src/pkg/encoding/asn1/asn1_test.go
@@ -209,6 +209,7 @@ var objectIdentifierTestData = []objectIdentifierTest{
 	{[]byte{85}, true, []int{2, 5}},
 	{[]byte{85, 0x02}, true, []int{2, 5, 2}},
 	{[]byte{85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}},
+	{[]byte{0x81, 0x34, 0x03}, true, []int{2, 100, 3}},
 	{[]byte{85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
 }


--- a/src/pkg/encoding/asn1/marshal.go
+++ b/src/pkg/encoding/asn1/marshal.go
@@ -240,11 +240,11 @@ func marshalBitString(out *forkableWriter, b BitString) (err error) {
 }

 func marshalObjectIdentifier(out *forkableWriter, oid []int) (err error) {
-	if len(oid) < 2 || oid[0] > 6 || oid[1] >= 40 {
+	if len(oid) < 2 || oid[0] > 2 || (oid[0] < 2 && oid[1] >= 40) {
 		return StructuralError{"invalid object identifier"}
 	}

-	err = out.WriteByte(byte(oid[0]*40 + oid[1]))
+	err = marshalBase128Int(out, int64(oid[0]*40+oid[1]))
 	if err != nil {
 		return
 	}

--- a/src/pkg/encoding/asn1/marshal_test.go
+++ b/src/pkg/encoding/asn1/marshal_test.go
@@ -87,6 +87,7 @@ var marshalTests = []marshalTest{
 	{BitString{[]byte{0x81, 0xf0}, 12}, "03030481f0"},
 	{ObjectIdentifier([]int{1, 2, 3, 4}), "06032a0304"},
 	{ObjectIdentifier([]int{1, 2, 840, 133549, 1, 1, 5}), "06092a864888932d010105"},
+	{ObjectIdentifier([]int{2, 100, 3}), "0603813403"},
 	{"test", "130474657374"},
 	{
 		"" +