decode delegated_credential extension

clienthello/client_hello_parser.go

@@ -274,6 +274,22 @@ func (m *ClientHelloMsg) Unmarshal(data []byte) bool {
 				extension.Data.SupportedSignatureAlgorithms = append(
 					extension.Data.SupportedSignatureAlgorithms, sigAndAlg)
 			}
+		case extensionDelegatedCredential:
+			// Delegated Credential
+			// RFC 9345
+			extension.Data.SupportedSignatureAlgorithms = []SignatureScheme{}
+			var sigAndAlgs cryptobyte.String
+			if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() {
+				return false
+			}
+			for !sigAndAlgs.Empty() {
+				var sigAndAlg uint16
+				if !sigAndAlgs.ReadUint16(&sigAndAlg) {
+					return false
+				}
+				extension.Data.SupportedSignatureAlgorithms = append(
+					extension.Data.SupportedSignatureAlgorithms, sigAndAlg)
+			}
 		case extensionRenegotiationInfo:
 			// Renegotiation Indication
 			// RFC 5746, Section 3.2

clienthello/extensions.go

@@ -40,6 +40,7 @@ const (
 	extensionTokenBinding            uint16 = 24
 	extensionCompressCertificate     uint16 = 27
 	extensionRecordSizeLimit         uint16 = 28
+	extensionDelegatedCredential     uint16 = 34
 	extensionSessionTicket           uint16 = 35
 	extensionPreSharedKey            uint16 = 41
 	extensionEarlyData               uint16 = 42

clienthello/signature_schemes.go

@@ -166,8 +166,10 @@ func GetSignatureSchemeInfo(sigSchemeCode uint16, mustName bool) SignatureScheme
 
 func (m *ClientHelloMsg) AddSignatureSchemeInfo() {
 	for i, ext := range m.Extensions {
-		if ext.Code == extensionSignatureAlgorithms ||
-			ext.Code == extensionSignatureAlgorithmsCert {
+		switch ext.Code {
+		case extensionSignatureAlgorithms,
+			extensionSignatureAlgorithmsCert,
+			extensionDelegatedCredential:
 			for j, sigAlg := range ext.Data.SupportedSignatureAlgorithms {
 				m.Extensions[i].Data.SupportedSignatureAlgorithms[j] =
 					GetSignatureSchemeInfo(sigAlg.(uint16), false)