updater,version: simplify code locations

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

4 files changed, 53 insertions, 123 deletions

diff --git a/version/debugging_linux.go b/version/debugging_linux.go
deleted file mode 100644
index da90e271..00000000
--- a/version/debugging_linux.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
- */
-
-package version
-
-import (
-	"bytes"
-	"fmt"
-
-	"golang.org/x/sys/unix"
-)
-
-// For testing the updater package from linux. Debug stuff only.
-
-func utsToStr(u [65]byte) string {
-	i := bytes.IndexByte(u[:], 0)
-	if i < 0 {
-		return string(u[:])
-	}
-	return string(u[:i])
-}
-
-func OsName() string {
-	var utsname unix.Utsname
-	if unix.Uname(&utsname) != nil {
-		return "Unix Unknown"
-	}
-	return fmt.Sprintf("%s %s %s", utsToStr(utsname.Sysname), utsToStr(utsname.Release), utsToStr(utsname.Version))
-}
-
-func VerifyAuthenticode(path string) bool {
-	return true
-}
diff --git a/version/certificate_windows.go b/version/official.go
index b5ae3764..2345a0b7 100644
--- a/version/certificate_windows.go
+++ b/version/official.go
@@ -6,12 +6,58 @@
 package version
 
 import (
-	"syscall"
+	"errors"
+	"os"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
 )
 
+const (
+	officialCommonName = "WireGuard LLC"
+	evPolicyOid        = "2.23.140.1.3"
+	policyExtensionOid = "2.5.29.32"
+)
+
+// These are easily by-passable checks, which do not serve serve security purposes.
+// DO NOT PLACE SECURITY-SENSITIVE FUNCTIONS IN THIS FILE
+
+func IsRunningOfficialVersion() bool {
+	path, err := os.Executable()
+	if err != nil {
+		return false
+	}
+
+	names, err := extractCertificateNames(path)
+	if err != nil {
+		return false
+	}
+	for _, name := range names {
+		if name == officialCommonName {
+			return true
+		}
+	}
+	return false
+}
+
+func IsRunningEVSigned() bool {
+	path, err := os.Executable()
+	if err != nil {
+		return false
+	}
+
+	policies, err := extractCertificatePolicies(path, policyExtensionOid)
+	if err != nil {
+		return false
+	}
+	for _, policy := range policies {
+		if policy == evPolicyOid {
+			return true
+		}
+	}
+	return false
+}
+
 func extractCertificateNames(path string) ([]string, error) {
 	path16, err := windows.UTF16PtrFromString(path)
 	if err != nil {
@@ -28,10 +74,8 @@ func extractCertificateNames(path string) ([]string, error) {
 	for {
 		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
 		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok {
-				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
-					break
-				}
+			if errors.Is(err, windows.Errno(windows.CRYPT_E_NOT_FOUND)) {
+				break
 			}
 			return nil, err
 		}
@@ -52,7 +96,7 @@ func extractCertificateNames(path string) ([]string, error) {
 		names = append(names, windows.UTF16ToString(name16))
 	}
 	if names == nil {
-		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
+		return nil, windows.Errno(windows.CRYPT_E_NOT_FOUND)
 	}
 	return names, nil
 }
@@ -77,10 +121,8 @@ func extractCertificatePolicies(path string, oid string) ([]string, error) {
 	for {
 		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
 		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok {
-				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
-					break
-				}
+			if errors.Is(err, windows.Errno(windows.CRYPT_E_NOT_FOUND)) {
+				break
 			}
 			return nil, err
 		}
@@ -109,7 +151,7 @@ func extractCertificatePolicies(path string, oid string) ([]string, error) {
 		}
 	}
 	if policies == nil {
-		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
+		return nil, windows.Errno(windows.CRYPT_E_NOT_FOUND)
 	}
 	return policies, nil
 }
diff --git a/version/official_windows.go b/version/official_windows.go
deleted file mode 100644
index 1bfcf90b..00000000
--- a/version/official_windows.go
+++ /dev/null
@@ -1,77 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
- */
-
-package version
-
-import (
-	"os"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-const (
-	officialCommonName = "WireGuard LLC"
-	evPolicyOid        = "2.23.140.1.3"
-	policyExtensionOid = "2.5.29.32"
-)
-
-func VerifyAuthenticode(path string) bool {
-	path16, err := windows.UTF16PtrFromString(path)
-	if err != nil {
-		return false
-	}
-	data := &windows.WinTrustData{
-		Size:                        uint32(unsafe.Sizeof(windows.WinTrustData{})),
-		UIChoice:                        windows.WTD_UI_NONE,
-		RevocationChecks:                windows.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity.
-		UnionChoice:                     windows.WTD_CHOICE_FILE,
-		StateAction:                     windows.WTD_STATEACTION_VERIFY,
-		FileOrCatalogOrBlobOrSgnrOrCert: unsafe.Pointer(&windows.WinTrustFileInfo{
-			Size: uint32(unsafe.Sizeof(windows.WinTrustFileInfo{})),
-			FilePath: path16,
-		}),
-	}
-	return windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
-}
-
-// These are easily by-passable checks, which do not serve serve security purposes. Do not place security-sensitive
-// functions below this line.
-
-func IsRunningOfficialVersion() bool {
-	path, err := os.Executable()
-	if err != nil {
-		return false
-	}
-
-	names, err := extractCertificateNames(path)
-	if err != nil {
-		return false
-	}
-	for _, name := range names {
-		if name == officialCommonName {
-			return true
-		}
-	}
-	return false
-}
-
-func IsRunningEVSigned() bool {
-	path, err := os.Executable()
-	if err != nil {
-		return false
-	}
-
-	policies, err := extractCertificatePolicies(path, policyExtensionOid)
-	if err != nil {
-		return false
-	}
-	for _, policy := range policies {
-		if policy == evPolicyOid {
-			return true
-		}
-	}
-	return false
-}
diff --git a/version/os_windows.go b/version/os.go
index 315a4901..315a4901 100644
--- a/version/os_windows.go
+++ b/version/os.go