0

I am trying to create a DER file using encoding/asn1, and I keep getting an invalid Object Identifier runtime error. asn1.ObjectIdentifier is just an []int, so I'm not sure what's invalid.

package main

import (
    "encoding/asn1"
    "fmt"
    "log"
)

type algorithm struct {
    Algo asn1.ObjectIdentifier
    Null asn1.RawValue
}

func main() {
    var myCert algorithm
    myCert.Algo = asn1.ObjectIdentifier{42, 134, 72, 134}
    myCert.Null = asn1.NullRawValue

    mdata, err := asn1.Marshal(myCert)
    if err != nil {
        log.Fatalln(err)
    }

    fmt.Println(mdata)
}

The program exits with the following error: "asn1: structure error: invalid object identifier"

Playground example here

Sap
  • 800
  • 1
  • 9
  • 18
  • are you sure that {42, 134, 72, 134} is valid? I've tried {0, 6 ,2} and it's OK, here https://www.obj-sys.com/asn1tutorial/node10.html – vitr May 26 '18 at 06:41
  • I did trim the value a little for sake of the question. The original TLV is an AlgorithmIdentifier from an X.509 cert. The encoded TLV in hex that I'm trying to replicate is: "06 09 2A864886F70D010101". 06h of course is the Object Identifier tag, 09h the length, and 2A864886F70D010101 the value of the object. Byte for byte, the value converts to {42, 134, 72, 134, 247, 13, 1, 1, 1} in base10 and fails. Based on the answer from @YaFred below, am I converting wrong? – Sap May 26 '18 at 13:58
  • then it's valid https://play.golang.org/p/5euH7x1tByM – vitr May 26 '18 at 14:39
  • To get the encoded value '06092A864886F70D010101'H you must use this OID: { 1 2 840 113549 1 1 1 } – YaFred May 26 '18 at 15:19
  • @YaFred, can you explain why this works? Does this have to do with the 'ANY' type? – Sap May 27 '18 at 03:46
  • @Sap, take a look at https://stackoverflow.com/questions/5929050/how-does-asn-1-encode-an-object-identifier (you can also go back to the source of ASN.1 encoding rules ITU-T X.690) . – YaFred May 27 '18 at 05:57
  • Perfect, thank you. – Sap May 27 '18 at 18:52

1 Answers1

3

Object identifiers are not straight forward.

There are only 3 top level arcs (the integers that form the object identifier). In other words, first arc (42 in your example) can only be 0, 1 or 2

If your first arc is 0 or 1, then the second arc must be less than 40

Note: This restriction is used by the encoding rules of the object identifier value to pack the 2 first arcs

YaFred
  • 9,698
  • 3
  • 28
  • 40