diff options
-rw-r--r-- | version/official_windows.go | 52 |
1 files changed, 6 insertions, 46 deletions
diff --git a/version/official_windows.go b/version/official_windows.go index fffebe55..5f8ea731 100644 --- a/version/official_windows.go +++ b/version/official_windows.go @@ -57,29 +57,10 @@ func IsRunningOfficialVersion() bool { if err != nil { return false } - path16, err := windows.UTF16PtrFromString(path) - if err != nil { - return false - } - file := &wintrust.WinTrustFileInfo{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})), - FilePath: path16, - } - data := &wintrust.WinTrustData{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), - UIChoice: wintrust.WTD_UI_NONE, - RevocationChecks: wintrust.WTD_REVOKE_NONE, // No revocation, as this isn't security related. - UnionChoice: wintrust.WTD_CHOICE_FILE, - StateAction: wintrust.WTD_STATEACTION_VERIFY, - FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), - } - err = wintrust.WinVerifyTrust(0, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) - if err != nil { - return false - } - // This below test is easily circumvented. False certificates can be appended, and just checking the - // common name is not very good. But that's okay, as this isn't security related. + // This is easily circumvented. We don't even verify the chain before hand with WinVerifyTrust. + // False certificates can be appended. But that's okay, as this isn't security related. + certs, err := wintrust.ExtractCertificates(path) if err != nil { return false @@ -92,36 +73,15 @@ func IsRunningOfficialVersion() bool { return false } -// This is an easily by-passable check, which doesn't serve a security purpose but mostly just a low-grade -// informational and semantic one. func IsRunningEVSigned() bool { path, err := os.Executable() if err != nil { return false } - path16, err := windows.UTF16PtrFromString(path) - if err != nil { - return false - } - file := &wintrust.WinTrustFileInfo{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})), - FilePath: path16, - } - data := &wintrust.WinTrustData{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), - UIChoice: wintrust.WTD_UI_NONE, - RevocationChecks: wintrust.WTD_REVOKE_NONE, // No revocation, as this isn't security related. - UnionChoice: wintrust.WTD_CHOICE_FILE, - StateAction: wintrust.WTD_STATEACTION_VERIFY, - FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), - } - err = wintrust.WinVerifyTrust(0, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) - if err != nil { - return false - } - // This below tests is easily circumvented. False certificates can be appended. But that's okay, as this isn't - // security related. + // This is easily circumvented. We don't even verify the chain before hand with WinVerifyTrust. + // False certificates can be appended. But that's okay, as this isn't security related. + certs, err := wintrust.ExtractCertificates(path) if err != nil { return false |