api: incorporate new win7 code signing technique0.1

https://git.zx2c4.com/downlevel-driver-enabler/about/

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

3 files changed, 70 insertions, 0 deletions

diff --git a/downlevelshim/downlevelshim.vcxproj b/downlevelshim/downlevelshim.vcxproj
new file mode 100644
index 0000000..264a300
--- /dev/null
+++ b/downlevelshim/downlevelshim.vcxproj
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E22CA58F-DEA5-48DC-BCF5-12075AD9BB82}</ProjectGuid>
+    <RootNamespace>downlevelshim</RootNamespace>
+    <ProjectName>downlevelshim</ProjectName>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>WindowsApplicationForDrivers10.0</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="..\wireguard-nt.props" />
+  <PropertyGroup>
+    <TargetName>downlevelshim</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <PreprocessorDefinitions>_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalOptions>/volatile:iso %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+      <SubSystem>Windows</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <None Include="exports.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="shim.c" />
+  </ItemGroup>
+  <Import Project="..\wireguard-nt.props.user" Condition="exists('..\wireguard-nt.props.user')" />
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
+</Project>
diff --git a/downlevelshim/exports.def b/downlevelshim/exports.def
new file mode 100644
index 0000000..7d2ec36
--- /dev/null
+++ b/downlevelshim/exports.def
@@ -0,0 +1,3 @@
+LIBRARY downlevelshim.dll
+EXPORTS
+	DriverFinalPolicy
\ No newline at end of file
diff --git a/downlevelshim/shim.c b/downlevelshim/shim.c
new file mode 100644
index 0000000..d277639
--- /dev/null
+++ b/downlevelshim/shim.c
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+#include <windows.h>
+#include <wintrust.h>
+
+typedef DWORD(DRIVER_FINAL_POLICY_FN)(CRYPT_PROVIDER_DATA *);
+typedef DRIVER_FINAL_POLICY_FN *PDRIVER_FINAL_POLICY_FN;
+
+DRIVER_FINAL_POLICY_FN DriverFinalPolicy;
+
+DWORD
+DriverFinalPolicy(CRYPT_PROVIDER_DATA *ProvData)
+{
+    DWORD OriginalLastError = GetLastError();
+    HMODULE WintrustModule = GetModuleHandleA("WINTRUST.DLL");
+    if (!WintrustModule)
+        return ERROR_INVALID_LIBRARY;
+    PDRIVER_FINAL_POLICY_FN RealDriverFinalPolicy =
+        (PDRIVER_FINAL_POLICY_FN)GetProcAddress(WintrustModule, "DriverFinalPolicy");
+    if (!RealDriverFinalPolicy)
+        return ERROR_INVALID_FUNCTION;
+    DWORD Ret = RealDriverFinalPolicy(ProvData);
+    if (Ret == ERROR_APP_WRONG_OS)
+    {
+        Ret = ERROR_SUCCESS;
+        SetLastError(OriginalLastError);
+    }
+    return Ret;
+}