Send supported signature algorithms for TLSv1.2

2026-01-03 13:19:04 +00:00 · 2015-03-24 23:22:19 +00:00
parent 6d178c39bf
commit ed86473b0c
2 changed files with 37 additions and 0 deletions
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -152,6 +152,24 @@ EC_POINT_FORMATS = {
  ansiX962_compressed_char2 = 2,
 }

+---
+-- RFC 5246 section 7.4.1.4.1. Signature Algorithms
+HashAlgorithms = {
+  none = 0,
+  md5 = 1,
+  sha1 = 2,
+  sha224 = 3,
+  sha256 = 4,
+  sha384 = 5,
+  sha512 = 6,
+}
+SignatureAlgorithms = {
+  anonymous = 0,
+  rsa = 1,
+  dsa = 2,
+  ecdsa = 3,
+}
+
 ---
 -- Extensions
 -- RFC 6066, draft-agl-tls-nextprotoneg-03
@@ -213,6 +231,16 @@ EXTENSION_HELPERS = {
    end
    return bin.pack(">p", table.concat(list))
  end,
+  ["signature_algorithms"] = function(signature_algorithms)
+    local list = {}
+    for _, pair in ipairs(signature_algorithms) do
+      list[#list+1] = bin.pack(">CC",
+        HashAlgorithms[pair[1]] or pair[1],
+        SignatureAlgorithms[pair[2]] or pair[2]
+        )
+    end
+    return bin.pack(">P", table.concat(list))
+  end,
  ["next_protocol_negotiation"] = tostring,
 }