api: adapter: set suggested instance ID using INF instead of ourselves

This might allow us to more successfully move to using SwDevice.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

4 files changed, 113 insertions, 37 deletions

diff --git a/api/adapter.c b/api/adapter.c
index 0775e12..158db0e 100644
--- a/api/adapter.c
+++ b/api/adapter.c
@@ -1500,13 +1500,85 @@ WireGuardCreateAdapter(LPCWSTR Pool, LPCWSTR Name, const GUID *RequestedGUID)
     DWORD LastError = ERROR_SUCCESS;
     LOG(WIREGUARD_LOG_INFO, L"Creating adapter");
 
-    if (!IsWindows10)
-        RequestedGUID = NULL;
-
     WIREGUARD_ADAPTER *Adapter = Zalloc(sizeof(*Adapter));
     if (!Adapter)
         return NULL;
 
+    WCHAR InstanceIdInf[MAX_PATH];
+    if (!GetWindowsDirectoryW(InstanceIdInf, _countof(InstanceIdInf)) ||
+        !PathAppend(InstanceIdInf, L"INF\\wireguard-instanceid.inf"))
+    {
+        LastError = LOG_ERROR(ERROR_BUFFER_OVERFLOW, L"Failed to construct INF path");
+        goto cleanupAdapter;
+    }
+    HANDLE InstanceIdMutex = NamespaceTakeInstanceIdMutex();
+    if (!InstanceIdMutex)
+    {
+        LastError = LOG_LAST_ERROR(L"Failed to take instance ID mutex");
+        goto cleanupAdapter;
+    }
+    if (RequestedGUID && IsWindows10)
+    {
+        HANDLE InstanceIdFile = CreateFileW(
+            InstanceIdInf,
+            GENERIC_WRITE,
+            FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+            NULL,
+            CREATE_ALWAYS,
+            FILE_ATTRIBUTE_NORMAL,
+            NULL);
+        if (InstanceIdFile == INVALID_HANDLE_VALUE)
+        {
+            LastError = LOG_LAST_ERROR(L"Failed to open %s for writing", InstanceIdInf);
+            goto cleanupInstanceIdMutex;
+        }
+        static const WCHAR InfTemplate[] =
+            L"[Version]\r\n"
+            L"Signature = \"$Windows NT$\"\r\n"
+            L"[WireGuard.NetSetup]\r\n"
+            L"AddReg = WireGuard.SuggestedInstanceId\r\n"
+            L"[WireGuard.SuggestedInstanceId]\r\n"
+            L"HKR,,SuggestedInstanceId,1,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X\r\n";
+        WCHAR InfContents[_countof(InfTemplate)];
+        BYTE *P = (BYTE *)RequestedGUID;
+        _snwprintf_s(
+            InfContents,
+            _countof(InfContents),
+            _TRUNCATE,
+            InfTemplate,
+            P[0],
+            P[1],
+            P[2],
+            P[3],
+            P[4],
+            P[5],
+            P[6],
+            P[7],
+            P[8],
+            P[9],
+            P[10],
+            P[11],
+            P[12],
+            P[13],
+            P[14],
+            P[15]);
+        DWORD BytesWritten;
+        if (!WriteFile(
+                InstanceIdFile,
+                InfContents,
+                (DWORD)(wcslen(InfContents) * sizeof(InfContents[0])),
+                &BytesWritten,
+                NULL))
+        {
+            LastError = LOG_LAST_ERROR(L"Failed to write bytes to %s", InstanceIdInf);
+            CloseHandle(InstanceIdFile);
+            goto cleanupInstanceIdFile;
+        }
+        CloseHandle(InstanceIdFile);
+    }
+    else if (IsWindows10)
+        DeleteFileW(InstanceIdInf);
+
     Adapter->DevInfo = SetupDiCreateDeviceInfoListExW(&GUID_DEVCLASS_NET, NULL, NULL, NULL);
     if (Adapter->DevInfo == INVALID_HANDLE_VALUE)
     {
@@ -1589,40 +1661,6 @@ WireGuardCreateAdapter(LPCWSTR Pool, LPCWSTR Name, const GUID *RequestedGUID)
     }
     if (!SetupDiCallClassInstaller(DIF_REGISTER_COINSTALLERS, Adapter->DevInfo, &Adapter->DevInfoData))
         LOG_LAST_ERROR(L"Failed to register adapter %u coinstallers", Adapter->DevInfoData.DevInst);
-
-    if (RequestedGUID)
-    {
-        HKEY NetDevRegKey = INVALID_HANDLE_VALUE;
-        for (int i = 0; NetDevRegKey == INVALID_HANDLE_VALUE && i < 1000; ++i)
-        {
-            if (i)
-                Sleep(10);
-            NetDevRegKey = SetupDiOpenDevRegKey(
-                Adapter->DevInfo,
-                &Adapter->DevInfoData,
-                DICS_FLAG_GLOBAL,
-                0,
-                DIREG_DRV,
-                KEY_SET_VALUE | KEY_QUERY_VALUE | KEY_NOTIFY);
-        }
-        if (NetDevRegKey == INVALID_HANDLE_VALUE)
-        {
-            LastError =
-                LOG_LAST_ERROR(L"Failed to open adapter %u device-specific registry key", Adapter->DevInfoData.DevInst);
-            goto cleanupDevice;
-        }
-        LastError = RegSetValueExW(
-            NetDevRegKey, L"SuggestedInstanceId", 0, REG_BINARY, (const BYTE *)RequestedGUID, sizeof(*RequestedGUID));
-        RegCloseKey(NetDevRegKey);
-        if (LastError != ERROR_SUCCESS)
-        {
-            WCHAR RegPath[MAX_REG_PATH];
-            LoggerGetRegistryKeyPath(NetDevRegKey, RegPath);
-            LOG_ERROR(LastError, L"Failed to set %.*s\\SuggestedInstanceId", MAX_REG_PATH, RegPath);
-            goto cleanupDevice;
-        }
-    }
-
     if (!SetupDiCallClassInstaller(DIF_INSTALLINTERFACES, Adapter->DevInfo, &Adapter->DevInfoData))
         LOG_LAST_ERROR(L"Failed to install adapter %u interfaces", Adapter->DevInfoData.DevInst);
     if (!SetupDiCallClassInstaller(DIF_INSTALLDEVICE, Adapter->DevInfo, &Adapter->DevInfoData))
@@ -1731,6 +1769,10 @@ cleanupDevice:
 cleanupDriverInfoList:
     SelectDriverDeferredCleanup(DevInfoExistingAdapters, ExistingAdapters);
     SetupDiDestroyDriverInfoList(Adapter->DevInfo, &Adapter->DevInfoData, SPDIT_COMPATDRIVER);
+cleanupInstanceIdFile:
+    DeleteFileW(InstanceIdInf);
+cleanupInstanceIdMutex:
+    NamespaceReleaseMutex(InstanceIdMutex);
 cleanupAdapter:
     if (LastError != ERROR_SUCCESS)
         WireGuardFreeAdapter(Adapter);
diff --git a/api/namespace.c b/api/namespace.c
index 83f94fe..8230a0a 100644
--- a/api/namespace.c
+++ b/api/namespace.c
@@ -215,6 +215,31 @@ NamespaceTakeDriverInstallationMutex(VOID)
 }
 
 _Use_decl_annotations_
+HANDLE
+NamespaceTakeInstanceIdMutex(VOID)
+{
+    if (!NamespaceRuntimeInit())
+        return NULL;
+    HANDLE Mutex = CreateMutexW(&SecurityAttributes, FALSE, L"WireGuard\\WireGuard-InstanceId-Mutex");
+    if (!Mutex)
+    {
+        LOG_LAST_ERROR(L"Failed to create mutex");
+        return NULL;
+    }
+    DWORD Result = WaitForSingleObject(Mutex, INFINITE);
+    switch (Result)
+    {
+    case WAIT_OBJECT_0:
+    case WAIT_ABANDONED:
+        return Mutex;
+    }
+    LOG(WIREGUARD_LOG_ERR, L"Failed to get mutex (status: 0x%x)", Result);
+    CloseHandle(Mutex);
+    SetLastError(ERROR_GEN_FAILURE);
+    return NULL;
+}
+
+_Use_decl_annotations_
 VOID
 NamespaceReleaseMutex(HANDLE Mutex)
 {
diff --git a/api/namespace.h b/api/namespace.h
index cbd9100..2aa2b0e 100644
--- a/api/namespace.h
+++ b/api/namespace.h
@@ -21,6 +21,13 @@ _Acquires_lock_(_Curr_)
 HANDLE
 NamespaceTakeDriverInstallationMutex(VOID);
 
+_Must_inspect_result_
+_Return_type_success_(return != NULL)
+_Post_maybenull_
+_Acquires_lock_(_Curr_)
+HANDLE
+NamespaceTakeInstanceIdMutex(VOID);
+
 _Releases_lock_(Mutex)
 VOID
 NamespaceReleaseMutex(_In_ HANDLE Mutex);
diff --git a/driver/wireguard.inf b/driver/wireguard.inf
index b471db4..c0e3b1b 100644
--- a/driver/wireguard.inf
+++ b/driver/wireguard.inf
@@ -30,6 +30,8 @@ wireguard.sys, , , 0x00004002 ; COPYFLG_IN_USE_RENAME | COPYFLG_NOSKIP
 %WireGuard.DeviceDesc% = WireGuard.Install, WireGuard
 
 [WireGuard.Install]
+Include = wireguard-instanceid.inf
+Needs = WireGuard.NetSetup
 Characteristics = 0x1 ; NCF_VIRTUAL
 AddReg = WireGuard.Ndi
 CopyFiles = WireGuard.CopyFiles.Sys