global: move certain win32 APIs to x/sys/windows

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2021-01-22 18:24:33 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2021-01-24 00:12:24 +0100
commit: fc41f439f573fce3efdd37017f072f86cb7828ff (patch)
tree: 1889c42f4a4dc5190c88c87ec2a05d172a396459 /version
parent: embeddable-dll-service: add more robust example for .NET 5 (diff)
download: wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.tar.xz
wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.zip
7 files changed, 131 insertions, 408 deletions
diff --git a/version/wintrust/certificate_test.go b/version/certificate_test.go
index 86d90526..35c4ddb6 100644
--- a/version/wintrust/certificate_test.go
+++ b/version/certificate_test.go
@@ -3,7 +3,7 @@
  * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
  */
 
-package wintrust
+package version
 
 import (
 	"fmt"
@@ -18,7 +18,7 @@ func TestExtractCertificateNames(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	names, err := ExtractCertificateNames(filepath.Join(system32, "ntoskrnl.exe"))
+	names, err := extractCertificateNames(filepath.Join(system32, "ntoskrnl.exe"))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -32,7 +32,7 @@ func TestExtractCertificateExtension(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	policies, err := ExtractCertificatePolicies(filepath.Join(system32, "ntoskrnl.exe"), "2.5.29.32")
+	policies, err := extractCertificatePolicies(filepath.Join(system32, "ntoskrnl.exe"), "2.5.29.32")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/version/certificate_windows.go b/version/certificate_windows.go
new file mode 100644
index 00000000..b5ae3764
--- /dev/null
+++ b/version/certificate_windows.go
@@ -0,0 +1,115 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
+ */
+
+package version
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+func extractCertificateNames(path string) ([]string, error) {
+	path16, err := windows.UTF16PtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	var certStore windows.Handle
+	err = windows.CryptQueryObject(windows.CERT_QUERY_OBJECT_FILE, unsafe.Pointer(path16), windows.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, windows.CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer windows.CertCloseStore(certStore, 0)
+	var cert *windows.CertContext
+	var names []string
+	for {
+		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
+		if err != nil {
+			if errno, ok := err.(syscall.Errno); ok {
+				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
+					break
+				}
+			}
+			return nil, err
+		}
+		if cert == nil {
+			break
+		}
+		nameLen := windows.CertGetNameString(cert, windows.CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, nil, 0)
+		if nameLen == 0 {
+			continue
+		}
+		name16 := make([]uint16, nameLen)
+		if windows.CertGetNameString(cert, windows.CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, &name16[0], nameLen) != nameLen {
+			continue
+		}
+		if name16[0] == 0 {
+			continue
+		}
+		names = append(names, windows.UTF16ToString(name16))
+	}
+	if names == nil {
+		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
+	}
+	return names, nil
+}
+
+func extractCertificatePolicies(path string, oid string) ([]string, error) {
+	path16, err := windows.UTF16PtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	oid8, err := windows.BytePtrFromString(oid)
+	if err != nil {
+		return nil, err
+	}
+	var certStore windows.Handle
+	err = windows.CryptQueryObject(windows.CERT_QUERY_OBJECT_FILE, unsafe.Pointer(path16), windows.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, windows.CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer windows.CertCloseStore(certStore, 0)
+	var cert *windows.CertContext
+	var policies []string
+	for {
+		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
+		if err != nil {
+			if errno, ok := err.(syscall.Errno); ok {
+				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
+					break
+				}
+			}
+			return nil, err
+		}
+		if cert == nil {
+			break
+		}
+		ci := (*windows.CertInfo)(unsafe.Pointer(cert.CertInfo))
+		ext := windows.CertFindExtension(oid8, ci.CountExtensions, ci.Extensions)
+		if ext == nil {
+			continue
+		}
+		var decodedLen uint32
+		err = windows.CryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.ObjId, ext.Value.Data, ext.Value.Size, 0, nil, &decodedLen)
+		if err != nil {
+			return nil, err
+		}
+		bytes := make([]byte, decodedLen)
+		certPoliciesInfo := (*windows.CertPoliciesInfo)(unsafe.Pointer(&bytes[0]))
+		err = windows.CryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.ObjId, ext.Value.Data, ext.Value.Size, 0, unsafe.Pointer(&bytes[0]), &decodedLen)
+		if err != nil {
+			return nil, err
+		}
+		for i := uintptr(0); i < uintptr(certPoliciesInfo.Count); i++ {
+			cp := (*windows.CertPolicy)(unsafe.Pointer(uintptr(unsafe.Pointer(certPoliciesInfo.PolicyInfos)) + i*unsafe.Sizeof(*certPoliciesInfo.PolicyInfos)))
+			policies = append(policies, windows.BytePtrToString(cp.Identifier))
+		}
+	}
+	if policies == nil {
+		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
+	}
+	return policies, nil
+}
diff --git a/version/official_windows.go b/version/official_windows.go
index 12b95e3b..1bfcf90b 100644
--- a/version/official_windows.go
+++ b/version/official_windows.go
@@ -10,8 +10,6 @@ import (
 	"unsafe"
 
 	"golang.org/x/sys/windows"
-
-	"golang.zx2c4.com/wireguard/windows/version/wintrust"
 )
 
 const (
@@ -25,19 +23,18 @@ func VerifyAuthenticode(path string) bool {
 	if err != nil {
 		return false
 	}
-	file := &wintrust.WinTrustFileInfo{
-		CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})),
-		FilePath: path16,
-	}
-	data := &wintrust.WinTrustData{
-		CbStruct:                        uint32(unsafe.Sizeof(wintrust.WinTrustData{})),
-		UIChoice:                        wintrust.WTD_UI_NONE,
-		RevocationChecks:                wintrust.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity.
-		UnionChoice:                     wintrust.WTD_CHOICE_FILE,
-		StateAction:                     wintrust.WTD_STATEACTION_VERIFY,
-		FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)),
+	data := &windows.WinTrustData{
+		Size:                        uint32(unsafe.Sizeof(windows.WinTrustData{})),
+		UIChoice:                        windows.WTD_UI_NONE,
+		RevocationChecks:                windows.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity.
+		UnionChoice:                     windows.WTD_CHOICE_FILE,
+		StateAction:                     windows.WTD_STATEACTION_VERIFY,
+		FileOrCatalogOrBlobOrSgnrOrCert: unsafe.Pointer(&windows.WinTrustFileInfo{
+			Size: uint32(unsafe.Sizeof(windows.WinTrustFileInfo{})),
+			FilePath: path16,
+		}),
 	}
-	return wintrust.WinVerifyTrust(windows.InvalidHandle, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
+	return windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
 }
 
 // These are easily by-passable checks, which do not serve serve security purposes. Do not place security-sensitive
@@ -49,7 +46,7 @@ func IsRunningOfficialVersion() bool {
 		return false
 	}
 
-	names, err := wintrust.ExtractCertificateNames(path)
+	names, err := extractCertificateNames(path)
 	if err != nil {
 		return false
 	}
@@ -67,7 +64,7 @@ func IsRunningEVSigned() bool {
 		return false
 	}
 
-	policies, err := wintrust.ExtractCertificatePolicies(path, policyExtensionOid)
+	policies, err := extractCertificatePolicies(path, policyExtensionOid)
 	if err != nil {
 		return false
 	}
diff --git a/version/wintrust/certificate_windows.go b/version/wintrust/certificate_windows.go
deleted file mode 100644
index 0ce905e9..00000000
--- a/version/wintrust/certificate_windows.go
+++ /dev/null
@@ -1,180 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
- */
-
-package wintrust
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-const (
-	_CERT_QUERY_OBJECT_FILE                     = 1
-	_CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = 1024
-	_CERT_QUERY_FORMAT_FLAG_ALL                 = 14
-	_CERT_NAME_SIMPLE_DISPLAY_TYPE              = 4
-)
-
-type blob struct {
-	len  uint32
-	data *byte
-}
-
-type bitBlob struct {
-	len        uint32
-	data       *byte
-	unusedBits uint32
-}
-
-type algoIdentifier struct {
-	objId  uintptr
-	params blob
-}
-
-type pubkeyInfo struct {
-	algo      algoIdentifier
-	publicKey bitBlob
-}
-
-type certExtension struct {
-	objId    *byte
-	critical uint32
-	value    blob
-}
-
-type certInfo struct {
-	version              uint32
-	serialNumber         blob           /* CRYPT_INTEGER_BLOB */
-	signatureAlgorithm   algoIdentifier /* CRYPT_ALGORITHM_IDENTIFIER */
-	issuer               blob           /* CERT_NAME_BLOB */
-	notbefore            windows.Filetime
-	notafter             windows.Filetime
-	subject              blob       /* CERT_NAME_BLOB */
-	subjectPublicKeyInfo pubkeyInfo /* CERT_PUBLIC_KEY_INFO */
-	issuerUniqueId       bitBlob    /* CRYPT_BIT_BLOB */
-	subjectUniqueId      bitBlob    /* CRYPT_BIT_BLOB */
-	countExtensions      uint32
-	extensions           *certExtension /* *CERT_EXTENSION */
-}
-
-type certPolicy struct {
-	identifier      *byte
-	countQualifiers uint32
-	qualifiers      uintptr /* CERT_POLICY_QUALIFIER_INFO */
-}
-
-type certPoliciesInfo struct {
-	countPolicyInfos uint32
-	policyInfos      *certPolicy
-}
-
-//sys	cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) = crypt32.CryptQueryObject
-//sys	certGetNameString(certContext *windows.CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) = crypt32.CertGetNameStringW
-//sys	certFindExtension(objId *byte, countExtensions uint32, extensions *certExtension) (ret *certExtension) = crypt32.CertFindExtension
-//sys	cryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) = crypt32.CryptDecodeObject
-
-func ExtractCertificateNames(path string) ([]string, error) {
-	path16, err := windows.UTF16PtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	var certStore windows.Handle
-	err = cryptQueryObject(_CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, _CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
-	if err != nil {
-		return nil, err
-	}
-	defer windows.CertCloseStore(certStore, 0)
-	var cert *windows.CertContext
-	var names []string
-	for {
-		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
-		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok {
-				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
-					break
-				}
-			}
-			return nil, err
-		}
-		if cert == nil {
-			break
-		}
-		nameLen := certGetNameString(cert, _CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, nil, 0)
-		if nameLen == 0 {
-			continue
-		}
-		name16 := make([]uint16, nameLen)
-		if certGetNameString(cert, _CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, &name16[0], nameLen) != nameLen {
-			continue
-		}
-		if name16[0] == 0 {
-			continue
-		}
-		names = append(names, windows.UTF16ToString(name16))
-	}
-	if names == nil {
-		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
-	}
-	return names, nil
-}
-
-func ExtractCertificatePolicies(path string, oid string) ([]string, error) {
-	path16, err := windows.UTF16PtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	oid8, err := windows.BytePtrFromString(oid)
-	if err != nil {
-		return nil, err
-	}
-	var certStore windows.Handle
-	err = cryptQueryObject(_CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, _CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
-	if err != nil {
-		return nil, err
-	}
-	defer windows.CertCloseStore(certStore, 0)
-	var cert *windows.CertContext
-	var policies []string
-	for {
-		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
-		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok {
-				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
-					break
-				}
-			}
-			return nil, err
-		}
-		if cert == nil {
-			break
-		}
-		ci := (*certInfo)(unsafe.Pointer(cert.CertInfo))
-		ext := certFindExtension(oid8, ci.countExtensions, ci.extensions)
-		if ext == nil {
-			continue
-		}
-		var decodedLen uint32
-		err = cryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.objId, ext.value.data, ext.value.len, 0, nil, &decodedLen)
-		if err != nil {
-			return nil, err
-		}
-		bytes := make([]byte, decodedLen)
-		certPoliciesInfo := (*certPoliciesInfo)(unsafe.Pointer(&bytes[0]))
-		err = cryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.objId, ext.value.data, ext.value.len, 0, unsafe.Pointer(&bytes[0]), &decodedLen)
-		if err != nil {
-			return nil, err
-		}
-		for i := uintptr(0); i < uintptr(certPoliciesInfo.countPolicyInfos); i++ {
-			cp := (*certPolicy)(unsafe.Pointer(uintptr(unsafe.Pointer(certPoliciesInfo.policyInfos)) + i*unsafe.Sizeof(*certPoliciesInfo.policyInfos)))
-			policies = append(policies, windows.BytePtrToString(cp.identifier))
-		}
-	}
-	if policies == nil {
-		return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
-	}
-	return policies, nil
-}
diff --git a/version/wintrust/mksyscall.go b/version/wintrust/mksyscall.go
deleted file mode 100644
index 7709a654..00000000
--- a/version/wintrust/mksyscall.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
- */
-
-package wintrust
-
-//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go wintrust_windows.go certificate_windows.go
diff --git a/version/wintrust/wintrust_windows.go b/version/wintrust/wintrust_windows.go
deleted file mode 100644
index e7c92606..00000000
--- a/version/wintrust/wintrust_windows.go
+++ /dev/null
@@ -1,116 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
- */
-
-package wintrust
-
-import (
-	"syscall"
-
-	"golang.org/x/sys/windows"
-)
-
-type WinTrustData struct {
-	CbStruct                        uint32
-	PolicyCallbackData              uintptr
-	SIPClientData                   uintptr
-	UIChoice                        uint32
-	RevocationChecks                uint32
-	UnionChoice                     uint32
-	FileOrCatalogOrBlobOrSgnrOrCert uintptr
-	StateAction                     uint32
-	StateData                       syscall.Handle
-	URLReference                    *uint16
-	ProvFlags                       uint32
-	UIContext                       uint32
-	SignatureSettings               *WintrustSignatureSettings
-}
-
-const (
-	WTD_UI_ALL    = 1
-	WTD_UI_NONE   = 2
-	WTD_UI_NOBAD  = 3
-	WTD_UI_NOGOOD = 4
-)
-
-const (
-	WTD_REVOKE_NONE       = 0
-	WTD_REVOKE_WHOLECHAIN = 1
-)
-
-const (
-	WTD_CHOICE_FILE    = 1
-	WTD_CHOICE_CATALOG = 2
-	WTD_CHOICE_BLOB    = 3
-	WTD_CHOICE_SIGNER  = 4
-	WTD_CHOICE_CERT    = 5
-)
-
-const (
-	WTD_STATEACTION_IGNORE           = 0x00000000
-	WTD_STATEACTION_VERIFY           = 0x00000010
-	WTD_STATEACTION_CLOSE            = 0x00000002
-	WTD_STATEACTION_AUTO_CACHE       = 0x00000003
-	WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
-)
-
-const (
-	WTD_USE_IE4_TRUST_FLAG                  = 0x1
-	WTD_NO_IE4_CHAIN_FLAG                   = 0x2
-	WTD_NO_POLICY_USAGE_FLAG                = 0x4
-	WTD_REVOCATION_CHECK_NONE               = 0x10
-	WTD_REVOCATION_CHECK_END_CERT           = 0x20
-	WTD_REVOCATION_CHECK_CHAIN              = 0x40
-	WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
-	WTD_SAFER_FLAG                          = 0x100
-	WTD_HASH_ONLY_FLAG                      = 0x200
-	WTD_USE_DEFAULT_OSVER_CHECK             = 0x400
-	WTD_LIFETIME_SIGNING_FLAG               = 0x800
-	WTD_CACHE_ONLY_URL_RETRIEVAL            = 0x1000
-	WTD_DISABLE_MD2_MD4                     = 0x2000
-	WTD_MOTW                                = 0x4000
-)
-
-const (
-	TRUST_E_NOSIGNATURE         = 0x800B0100
-	TRUST_E_EXPLICIT_DISTRUST   = 0x800B0111
-	TRUST_E_SUBJECT_NOT_TRUSTED = 0x800B0004
-	CRYPT_E_SECURITY_SETTINGS   = 0x80092026
-)
-
-const (
-	WTD_UICONTEXT_EXECUTE = 0
-	WTD_UICONTEXT_INSTALL = 1
-)
-
-var WINTRUST_ACTION_GENERIC_VERIFY_V2 = windows.GUID{
-	Data1: 0xaac56b,
-	Data2: 0xcd44,
-	Data3: 0x11d0,
-	Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
-}
-
-type WinTrustFileInfo struct {
-	CbStruct     uint32
-	FilePath     *uint16
-	File         windows.Handle
-	KnownSubject *windows.GUID
-}
-
-type WintrustSignatureSettings struct {
-	CbStruct         uint32
-	Index            uint32
-	Flags            uint32
-	SecondarySigs    uint32
-	VerifiedSigIndex uint32
-	CryptoPolicy     *CertStrongSignPara
-}
-
-type CertStrongSignPara struct {
-	CbStruct                  uint32
-	InfoChoice                uint32
-	InfoOrSerializedInfoOrOID uintptr
-}
-
-//sys	WinVerifyTrust(hWnd windows.Handle, actionId *windows.GUID, data *WinTrustData) (err error) [r1 != 0] = wintrust.WinVerifyTrust
diff --git a/version/wintrust/zsyscall_windows.go b/version/wintrust/zsyscall_windows.go
deleted file mode 100644
index 67daccb1..00000000
--- a/version/wintrust/zsyscall_windows.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Code generated by 'go generate'; DO NOT EDIT.
-
-package wintrust
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
-	errnoERROR_IO_PENDING = 997
-)
-
-var (
-	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-	errERROR_EINVAL     error = syscall.EINVAL
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return errERROR_EINVAL
-	case errnoERROR_IO_PENDING:
-		return errERROR_IO_PENDING
-	}
-	// TODO: add more here, after collecting data on the common
-	// error values see on Windows. (perhaps when running
-	// all.bat?)
-	return e
-}
-
-var (
-	modcrypt32  = windows.NewLazySystemDLL("crypt32.dll")
-	modwintrust = windows.NewLazySystemDLL("wintrust.dll")
-
-	procCertFindExtension  = modcrypt32.NewProc("CertFindExtension")
-	procCertGetNameStringW = modcrypt32.NewProc("CertGetNameStringW")
-	procCryptDecodeObject  = modcrypt32.NewProc("CryptDecodeObject")
-	procCryptQueryObject   = modcrypt32.NewProc("CryptQueryObject")
-	procWinVerifyTrust     = modwintrust.NewProc("WinVerifyTrust")
-)
-
-func certFindExtension(objId *byte, countExtensions uint32, extensions *certExtension) (ret *certExtension) {
-	r0, _, _ := syscall.Syscall(procCertFindExtension.Addr(), 3, uintptr(unsafe.Pointer(objId)), uintptr(countExtensions), uintptr(unsafe.Pointer(extensions)))
-	ret = (*certExtension)(unsafe.Pointer(r0))
-	return
-}
-
-func certGetNameString(certContext *windows.CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) {
-	r0, _, _ := syscall.Syscall6(procCertGetNameStringW.Addr(), 6, uintptr(unsafe.Pointer(certContext)), uintptr(nameType), uintptr(flags), uintptr(typePara), uintptr(unsafe.Pointer(name)), uintptr(size))
-	chars = uint32(r0)
-	return
-}
-
-func cryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procCryptDecodeObject.Addr(), 7, uintptr(encodingType), uintptr(unsafe.Pointer(structType)), uintptr(unsafe.Pointer(encodedBytes)), uintptr(lenEncodedBytes), uintptr(flags), uintptr(decoded), uintptr(unsafe.Pointer(decodedLen)), 0, 0)
-	if r1 == 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) {
-	r1, _, e1 := syscall.Syscall12(procCryptQueryObject.Addr(), 11, uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context)), 0)
-	if r1 == 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func WinVerifyTrust(hWnd windows.Handle, actionId *windows.GUID, data *WinTrustData) (err error) {
-	r1, _, e1 := syscall.Syscall(procWinVerifyTrust.Addr(), 3, uintptr(hWnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data)))
-	if r1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2021-01-22 18:24:33 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2021-01-24 00:12:24 +0100
commit	fc41f439f573fce3efdd37017f072f86cb7828ff (patch)
tree	1889c42f4a4dc5190c88c87ec2a05d172a396459 /version
parent	embeddable-dll-service: add more robust example for .NET 5 (diff)
download	wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.tar.xz wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.zip