openpgp/packet: Compact UserAttribute subpacket lengths, fixes signatures.

Necessary to reproduce the same hash for verifying a UserAttribute signature.
Reuse and fix defect in serializeSubpacketLength, RFC 4880, Section 4.2.2.2.

R=agl
CC=golang-dev
https://golang.org/cl/13464044

openpgp/packet/opaque.go

@@ -7,7 +7,6 @@ package packet
 import (
 	"bytes"
 	"code.google.com/p/go.crypto/openpgp/errors"
-	"encoding/binary"
 	"io"
 	"io/ioutil"
 )
@@ -152,11 +151,9 @@ Truncated:
 
 func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error) {
 	buf := make([]byte, 6)
-	buf[0] = 0xff
-	// Header length includes the subtype byte
-	binary.BigEndian.PutUint32(buf[1:5], uint32(len(osp.Contents)+1))
-	buf[5] = osp.SubType
-	if _, err = w.Write(buf); err != nil {
+	n := serializeSubpacketLength(buf, len(osp.Contents)+1)
+	buf[n] = osp.SubType
+	if _, err = w.Write(buf[:n+1]); err != nil {
 		return
 	}
 	_, err = w.Write(osp.Contents)

openpgp/packet/signature.go

@@ -344,13 +344,14 @@ func subpacketLengthLength(length int) int {
 
 // serializeSubpacketLength marshals the given length into to.
 func serializeSubpacketLength(to []byte, length int) int {
+	// RFC 4880, Section 4.2.2.
 	if length < 192 {
 		to[0] = byte(length)
 		return 1
 	}
 	if length < 16320 {
 		length -= 192
-		to[0] = byte(length >> 8)
+		to[0] = byte((length >> 8) + 192)
 		to[1] = byte(length)
 		return 2
 	}