diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-04-30 11:41:45 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-04-30 20:18:46 +0200 |
commit | d0eb8ffd2410ff68b32c922c65261742332dc864 (patch) | |
tree | eace166b07cce61297e4231670e31d0c2106ef69 /version/official_windows.go | |
parent | version: add missing zsyscall (diff) | |
download | wireguard-windows-d0eb8ffd2410ff68b32c922c65261742332dc864.tar.xz wireguard-windows-d0eb8ffd2410ff68b32c922c65261742332dc864.zip |
version: add certificate checking for official versions
This is an easy circumventable check designed mostly for convenience.
Diffstat (limited to 'version/official_windows.go')
-rw-r--r-- | version/official_windows.go | 51 |
1 files changed, 41 insertions, 10 deletions
diff --git a/version/official_windows.go b/version/official_windows.go index 745c2ba6..4a683888 100644 --- a/version/official_windows.go +++ b/version/official_windows.go @@ -12,7 +12,37 @@ import ( "unsafe" ) -func IsOfficialPath(path string) bool { +const ( + officialCommonName = "WireGuard LLC" +) + +func VerifyAuthenticode(path string) bool { + path16, err := windows.UTF16PtrFromString(path) + if err != nil { + return false + } + file := &wintrust.WinTrustFileInfo{ + CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})), + FilePath: path16, + } + data := &wintrust.WinTrustData{ + CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), + UIChoice: wintrust.WTD_UI_NONE, + RevocationChecks: wintrust.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity. + UnionChoice: wintrust.WTD_CHOICE_FILE, + StateAction: wintrust.WTD_STATEACTION_VERIFY, + FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), + } + return wintrust.WinVerifyTrust(0, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil +} + +// This is an easily by-passable check, which doesn't serve a security purpose but mostly just a low-grade +// informational and semantic one. +func IsRunningOfficialVersion() bool { + path, err := os.Executable() + if err != nil { + return false + } path16, err := windows.UTF16PtrFromString(path) if err != nil { return false @@ -24,7 +54,7 @@ func IsOfficialPath(path string) bool { data := &wintrust.WinTrustData{ CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), UIChoice: wintrust.WTD_UI_NONE, - RevocationChecks: wintrust.WTD_REVOKE_NONE, + RevocationChecks: wintrust.WTD_REVOKE_NONE, // No revocation, as this isn't security related. UnionChoice: wintrust.WTD_CHOICE_FILE, StateAction: wintrust.WTD_STATEACTION_VERIFY, FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), @@ -34,15 +64,16 @@ func IsOfficialPath(path string) bool { return false } - //TODO: check that the certificate actually belongs to us - - return true -} - -func IsOfficial() bool { - path, err := os.Executable() + // This below tests is easily circumvented. False certificates can be appended, and just checking the + // common name is not very good. But that's okay, as this isn't security related. + certs, err := wintrust.ExtractCertificates(path) if err != nil { return false } - return IsOfficialPath(path) + for _, cert := range certs { + if cert.Subject.CommonName == officialCommonName { + return true + } + } + return false } |