diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-04-30 09:41:36 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-04-30 09:41:36 +0200 |
commit | f022feba7b2cfaa647487c5f53bacd00298d44de (patch) | |
tree | d3a856a9a091733acf676287238643864a42606c /version/official_windows.go | |
parent | ui: allow update labels to wrap (diff) | |
download | wireguard-windows-f022feba7b2cfaa647487c5f53bacd00298d44de.tar.xz wireguard-windows-f022feba7b2cfaa647487c5f53bacd00298d44de.zip |
version: add beginnings of authenticode checking
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'version/official_windows.go')
-rw-r--r-- | version/official_windows.go | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/version/official_windows.go b/version/official_windows.go new file mode 100644 index 00000000..745c2ba6 --- /dev/null +++ b/version/official_windows.go @@ -0,0 +1,48 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package version + +import ( + "golang.org/x/sys/windows" + "golang.zx2c4.com/wireguard/windows/version/wintrust" + "os" + "unsafe" +) + +func IsOfficialPath(path string) bool { + path16, err := windows.UTF16PtrFromString(path) + if err != nil { + return false + } + file := &wintrust.WinTrustFileInfo{ + CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})), + FilePath: path16, + } + data := &wintrust.WinTrustData{ + CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), + UIChoice: wintrust.WTD_UI_NONE, + RevocationChecks: wintrust.WTD_REVOKE_NONE, + UnionChoice: wintrust.WTD_CHOICE_FILE, + StateAction: wintrust.WTD_STATEACTION_VERIFY, + FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), + } + err = wintrust.WinVerifyTrust(0, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) + if err != nil { + return false + } + + //TODO: check that the certificate actually belongs to us + + return true +} + +func IsOfficial() bool { + path, err := os.Executable() + if err != nil { + return false + } + return IsOfficialPath(path) +} |