diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-08-02 00:24:10 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-08-02 00:24:10 +0200 |
commit | acc9ee7f3450132e15442f871d4b864d7cadc973 (patch) | |
tree | 54f047aa7f97877f185ebc11cded3b6bf5546fb6 | |
parent | props: use ForcedTargetVersion for override (diff) | |
download | wintun-acc9ee7f3450132e15442f871d4b864d7cadc973.tar.xz wintun-acc9ee7f3450132e15442f871d4b864d7cadc973.zip |
api: remove authenticode support
Certificates are no longer valid.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | api/adapter.c | 94 | ||||
-rw-r--r-- | api/api.vcxproj | 8 | ||||
-rw-r--r-- | api/resources.rc | 6 |
3 files changed, 5 insertions, 103 deletions
diff --git a/api/adapter.c b/api/adapter.c index 2635a5c..d216578 100644 --- a/api/adapter.c +++ b/api/adapter.c @@ -6,7 +6,6 @@ #include <WinSock2.h> #include <Windows.h> #include <winternl.h> -#include <wincrypt.h> #include <cfgmgr32.h> #include <devguid.h> #include <ws2tcpip.h> @@ -802,90 +801,6 @@ AdapterOpenDeviceObject(const WINTUN_ADAPTER *Adapter) return OpenDeviceObject(Adapter->DevInstanceID); } -static BOOL HaveWHQL(VOID) -{ -#if defined(HAVE_WHQL) - return IsWindows10; -#else - return FALSE; -#endif -} - -static _Return_type_success_(return != FALSE) -BOOL -InstallCertificate(_In_z_ LPCWSTR SignedResource) -{ - LOG(WINTUN_LOG_INFO, L"Trusting code signing certificate"); - DWORD SizeResource; - const VOID *LockedResource = ResourceGetAddress(SignedResource, &SizeResource); - if (!LockedResource) - { - LOG(WINTUN_LOG_ERR, L"Failed to locate resource %s", SignedResource); - return FALSE; - } - const CERT_BLOB CertBlob = { .cbData = SizeResource, .pbData = (BYTE *)LockedResource }; - HCERTSTORE QueriedStore; - if (!CryptQueryObject( - CERT_QUERY_OBJECT_BLOB, - &CertBlob, - CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, - CERT_QUERY_FORMAT_FLAG_ALL, - 0, - 0, - 0, - 0, - &QueriedStore, - 0, - NULL)) - { - LOG_LAST_ERROR(L"Failed to find certificate"); - return FALSE; - } - DWORD LastError = ERROR_SUCCESS; - HCERTSTORE TrustedStore = - CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"TrustedPublisher"); - if (!TrustedStore) - { - LastError = LOG_LAST_ERROR(L"Failed to open store"); - goto cleanupQueriedStore; - } - LPSTR CodeSigningOid[] = { szOID_PKIX_KP_CODE_SIGNING }; - CERT_ENHKEY_USAGE EnhancedUsage = { .cUsageIdentifier = 1, .rgpszUsageIdentifier = CodeSigningOid }; - for (const CERT_CONTEXT *CertContext = NULL; (CertContext = CertFindCertificateInStore( - QueriedStore, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, - CERT_FIND_ENHKEY_USAGE, - &EnhancedUsage, - CertContext)) != NULL;) - { - CERT_EXTENSION *Ext = CertFindExtension( - szOID_BASIC_CONSTRAINTS2, CertContext->pCertInfo->cExtension, CertContext->pCertInfo->rgExtension); - CERT_BASIC_CONSTRAINTS2_INFO Constraints; - DWORD Size = sizeof(Constraints); - if (Ext && - CryptDecodeObjectEx( - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - szOID_BASIC_CONSTRAINTS2, - Ext->Value.pbData, - Ext->Value.cbData, - 0, - NULL, - &Constraints, - &Size) && - !Constraints.fCA) - if (!CertAddCertificateContextToStore(TrustedStore, CertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) - { - LOG_LAST_ERROR(L"Failed to add certificate to store"); - LastError = LastError != ERROR_SUCCESS ? LastError : GetLastError(); - } - } - CertCloseStore(TrustedStore, 0); -cleanupQueriedStore: - CertCloseStore(QueriedStore, 0); - return RET_ERROR(TRUE, LastError); -} - static BOOL IsOurDrvInfoDetail(_In_ const SP_DRVINFO_DETAIL_DATA_W *DrvInfoDetailData) { @@ -1219,14 +1134,9 @@ SelectDriver( goto cleanupDirectory; } - BOOL UseWHQL = HaveWHQL(); - if (!UseWHQL && !InstallCertificate(L"wintun.cat")) - LOG(WINTUN_LOG_WARN, L"Failed to install code signing certificate"); - LOG(WINTUN_LOG_INFO, L"Extracting driver"); - if (!ResourceCopyToFile(CatPath, UseWHQL ? L"wintun-whql.cat" : L"wintun.cat") || - !ResourceCopyToFile(SysPath, UseWHQL ? L"wintun-whql.sys" : L"wintun.sys") || - !ResourceCopyToFile(InfPath, UseWHQL ? L"wintun-whql.inf" : L"wintun.inf")) + if (!ResourceCopyToFile(CatPath, L"wintun.cat") || !ResourceCopyToFile(SysPath, L"wintun.sys") || + !ResourceCopyToFile(InfPath, L"wintun.inf")) { LastError = LOG_LAST_ERROR(L"Failed to extract driver"); goto cleanupDelete; diff --git a/api/api.vcxproj b/api/api.vcxproj index 9c477cd..ae4f306 100644 --- a/api/api.vcxproj +++ b/api/api.vcxproj @@ -17,7 +17,6 @@ <ItemDefinitionGroup> <ClCompile> <PreprocessorDefinitions>_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions> - <PreprocessorDefinitions Condition="Exists('$(OutDir)whql\')">HAVE_WHQL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="'$(Platform)'=='x64'">ACCEPT_WOW64;MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> @@ -28,7 +27,6 @@ </ClCompile> <ResourceCompile> <AdditionalIncludeDirectories>..\$(Configuration)\$(WintunPlatform);..\$(Configuration);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions Condition="Exists('$(OutDir)whql\')">HAVE_WHQL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="Exists('..\$(Configuration)\arm64\wintun.dll')">BUILT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="Exists('..\$(Configuration)\amd64\wintun.dll')">BUILT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">WANT_ARM64_WOW64;WANT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> @@ -36,8 +34,8 @@ <PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">WANT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions> </ResourceCompile> <Link> - <DelayLoadDLLs>advapi32.dll;bcrypt.dll;crypt32.dll;cfgmgr32.dll;iphlpapi.dll;ole32.dll;nci.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll</DelayLoadDLLs> - <AdditionalDependencies>Bcrypt.lib;Crypt32.lib;Cfgmgr32.lib;Iphlpapi.lib;$(IntDir)nci.lib;ntdll.lib;Setupapi.lib;shlwapi.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies> + <DelayLoadDLLs>advapi32.dll;bcrypt.dll;cfgmgr32.dll;iphlpapi.dll;ole32.dll;nci.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll</DelayLoadDLLs> + <AdditionalDependencies>Bcrypt.lib;Cfgmgr32.lib;Iphlpapi.lib;$(IntDir)nci.lib;ntdll.lib;Setupapi.lib;shlwapi.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>exports.def</ModuleDefinitionFile> <SubSystem>Windows</SubSystem> <ImportLibrary>$(IntDir)$(TargetName).lib</ImportLibrary> @@ -91,4 +89,4 @@ <Target Name="CleanNci"> <Delete Files="$(IntDir)nci.obj;$(IntDir)nci.lib" /> </Target> -</Project>
\ No newline at end of file +</Project> diff --git a/api/resources.rc b/api/resources.rc index aa61806..ad4c98c 100644 --- a/api/resources.rc +++ b/api/resources.rc @@ -12,12 +12,6 @@ wintun.cat RCDATA "driver\\wintun.cat" wintun.inf RCDATA "driver\\wintun.inf" wintun.sys RCDATA "driver\\wintun.sys" -#ifdef HAVE_WHQL -wintun-whql.cat RCDATA "whql\\wintun.cat" -wintun-whql.inf RCDATA "whql\\wintun.inf" -wintun-whql.sys RCDATA "whql\\wintun.sys" -#endif - #if defined(WANT_AMD64_WOW64) # if defined(BUILT_AMD64_WOW64) wintun-amd64.dll RCDATA "amd64\\wintun.dll" |