version: add beginnings of authenticode checking

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

4 files changed, 183 insertions, 0 deletions

diff --git a/version/official_linux.go b/version/official_linux.go
new file mode 100644
index 00000000..d3ca3349
--- /dev/null
+++ b/version/official_linux.go
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package version
+
+// For testing the updater package from linux. Debug stuff only.
+
+func IsOfficialPath(path string) bool {
+	return true
+}
diff --git a/version/official_windows.go b/version/official_windows.go
new file mode 100644
index 00000000..745c2ba6
--- /dev/null
+++ b/version/official_windows.go
@@ -0,0 +1,48 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package version
+
+import (
+	"golang.org/x/sys/windows"
+	"golang.zx2c4.com/wireguard/windows/version/wintrust"
+	"os"
+	"unsafe"
+)
+
+func IsOfficialPath(path string) bool {
+	path16, err := windows.UTF16PtrFromString(path)
+	if err != nil {
+		return false
+	}
+	file := &wintrust.WinTrustFileInfo{
+		CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})),
+		FilePath: path16,
+	}
+	data := &wintrust.WinTrustData{
+		CbStruct:                        uint32(unsafe.Sizeof(wintrust.WinTrustData{})),
+		UIChoice:                        wintrust.WTD_UI_NONE,
+		RevocationChecks:                wintrust.WTD_REVOKE_NONE,
+		UnionChoice:                     wintrust.WTD_CHOICE_FILE,
+		StateAction:                     wintrust.WTD_STATEACTION_VERIFY,
+		FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)),
+	}
+	err = wintrust.WinVerifyTrust(0, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data)
+	if err != nil {
+		return false
+	}
+
+	//TODO: check that the certificate actually belongs to us
+
+	return true
+}
+
+func IsOfficial() bool {
+	path, err := os.Executable()
+	if err != nil {
+		return false
+	}
+	return IsOfficialPath(path)
+}
diff --git a/version/wintrust/mksyscall.go b/version/wintrust/mksyscall.go
new file mode 100644
index 00000000..0a5df80d
--- /dev/null
+++ b/version/wintrust/mksyscall.go
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package wintrust
+
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go wintrust_windows.go
diff --git a/version/wintrust/wintrust_windows.go b/version/wintrust/wintrust_windows.go
new file mode 100644
index 00000000..b50636a3
--- /dev/null
+++ b/version/wintrust/wintrust_windows.go
@@ -0,0 +1,115 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package wintrust
+
+import (
+	"golang.org/x/sys/windows"
+	"syscall"
+)
+
+type WinTrustData struct {
+	CbStruct                        uint32
+	PolicyCallbackData              uintptr
+	SIPClientData                   uintptr
+	UIChoice                        uint32
+	RevocationChecks                uint32
+	UnionChoice                     uint32
+	FileOrCatalogOrBlobOrSgnrOrCert uintptr
+	StateAction                     uint32
+	StateData                       syscall.Handle
+	URLReference                    *uint16
+	ProvFlags                       uint32
+	UIContext                       uint32
+	SignatureSettings               *WintrustSignatureSettings
+}
+
+const (
+	WTD_UI_ALL    = 1
+	WTD_UI_NONE   = 2
+	WTD_UI_NOBAD  = 3
+	WTD_UI_NOGOOD = 4
+)
+
+const (
+	WTD_REVOKE_NONE       = 0
+	WTD_REVOKE_WHOLECHAIN = 1
+)
+
+const (
+	WTD_CHOICE_FILE    = 1
+	WTD_CHOICE_CATALOG = 2
+	WTD_CHOICE_BLOB    = 3
+	WTD_CHOICE_SIGNER  = 4
+	WTD_CHOICE_CERT    = 5
+)
+
+const (
+	WTD_STATEACTION_IGNORE           = 0x00000000
+	WTD_STATEACTION_VERIFY           = 0x00000010
+	WTD_STATEACTION_CLOSE            = 0x00000002
+	WTD_STATEACTION_AUTO_CACHE       = 0x00000003
+	WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
+)
+
+const (
+	WTD_USE_IE4_TRUST_FLAG                  = 0x1
+	WTD_NO_IE4_CHAIN_FLAG                   = 0x2
+	WTD_NO_POLICY_USAGE_FLAG                = 0x4
+	WTD_REVOCATION_CHECK_NONE               = 0x10
+	WTD_REVOCATION_CHECK_END_CERT           = 0x20
+	WTD_REVOCATION_CHECK_CHAIN              = 0x40
+	WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
+	WTD_SAFER_FLAG                          = 0x100
+	WTD_HASH_ONLY_FLAG                      = 0x200
+	WTD_USE_DEFAULT_OSVER_CHECK             = 0x400
+	WTD_LIFETIME_SIGNING_FLAG               = 0x800
+	WTD_CACHE_ONLY_URL_RETRIEVAL            = 0x1000
+	WTD_DISABLE_MD2_MD4                     = 0x2000
+	WTD_MOTW                                = 0x4000
+)
+
+const (
+	TRUST_E_NOSIGNATURE         = 0x800B0100
+	TRUST_E_EXPLICIT_DISTRUST   = 0x800B0111
+	TRUST_E_SUBJECT_NOT_TRUSTED = 0x800B0004
+	CRYPT_E_SECURITY_SETTINGS   = 0x80092026
+)
+
+const (
+	WTD_UICONTEXT_EXECUTE = 0
+	WTD_UICONTEXT_INSTALL = 1
+)
+
+var WINTRUST_ACTION_GENERIC_VERIFY_V2 = windows.GUID{
+	Data1: 0xaac56b,
+	Data2: 0xcd44,
+	Data3: 0x11d0,
+	Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
+}
+
+type WinTrustFileInfo struct {
+	CbStruct     uint32
+	FilePath     *uint16
+	File         windows.Handle
+	KnownSubject *windows.GUID
+}
+
+type WintrustSignatureSettings struct {
+	CbStruct         uint32
+	Index            uint32
+	Flags            uint32
+	SecondarySigs    uint32
+	VerifiedSigIndex uint32
+	CryptoPolicy     *CertStrongSignPara
+}
+
+type CertStrongSignPara struct {
+	CbStruct                  uint32
+	InfoChoice                uint32
+	InfoOrSerializedInfoOrOID uintptr
+}
+
+//sys WinVerifyTrust(hWnd windows.Handle, actionId *windows.GUID, data *WinTrustData) (err error) [r1 != 0] = wintrust.WinVerifyTrust