diff options
Diffstat (limited to 'version/wintrust')
-rw-r--r-- | version/wintrust/certificate_windows.go | 59 | ||||
-rw-r--r-- | version/wintrust/mksyscall.go | 8 | ||||
-rw-r--r-- | version/wintrust/wintrust_windows.go | 116 | ||||
-rw-r--r-- | version/wintrust/zsyscall_windows.go | 69 |
4 files changed, 0 insertions, 252 deletions
diff --git a/version/wintrust/certificate_windows.go b/version/wintrust/certificate_windows.go deleted file mode 100644 index 1e145095..00000000 --- a/version/wintrust/certificate_windows.go +++ /dev/null @@ -1,59 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. - */ - -package wintrust - -import ( - "crypto/x509" - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -const ( - _CERT_QUERY_OBJECT_FILE = 1 - _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = 1024 - _CERT_QUERY_FORMAT_FLAG_ALL = 14 -) - -//sys cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) = crypt32.CryptQueryObject - -func ExtractCertificates(path string) ([]x509.Certificate, error) { - path16, err := windows.UTF16PtrFromString(path) - if err != nil { - return nil, err - } - var certStore windows.Handle - err = cryptQueryObject(_CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, _CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil) - if err != nil { - return nil, err - } - defer windows.CertCloseStore(certStore, 0) - var certs []x509.Certificate - var cert *windows.CertContext - for { - cert, err = windows.CertEnumCertificatesInStore(certStore, cert) - if err != nil { - if errno, ok := err.(syscall.Errno); ok { - if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) { - break - } - } - return nil, err - } - if cert == nil { - break - } - buf := make([]byte, cert.Length) - copy(buf, (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]) - if c, err := x509.ParseCertificate(buf); err == nil { - certs = append(certs, *c) - } else { - return nil, err - } - } - return certs, nil -} diff --git a/version/wintrust/mksyscall.go b/version/wintrust/mksyscall.go deleted file mode 100644 index 890b2668..00000000 --- a/version/wintrust/mksyscall.go +++ /dev/null @@ -1,8 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. - */ - -package wintrust - -//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go wintrust_windows.go certificate_windows.go diff --git a/version/wintrust/wintrust_windows.go b/version/wintrust/wintrust_windows.go deleted file mode 100644 index fa3b2f0b..00000000 --- a/version/wintrust/wintrust_windows.go +++ /dev/null @@ -1,116 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. - */ - -package wintrust - -import ( - "syscall" - - "golang.org/x/sys/windows" -) - -type WinTrustData struct { - CbStruct uint32 - PolicyCallbackData uintptr - SIPClientData uintptr - UIChoice uint32 - RevocationChecks uint32 - UnionChoice uint32 - FileOrCatalogOrBlobOrSgnrOrCert uintptr - StateAction uint32 - StateData syscall.Handle - URLReference *uint16 - ProvFlags uint32 - UIContext uint32 - SignatureSettings *WintrustSignatureSettings -} - -const ( - WTD_UI_ALL = 1 - WTD_UI_NONE = 2 - WTD_UI_NOBAD = 3 - WTD_UI_NOGOOD = 4 -) - -const ( - WTD_REVOKE_NONE = 0 - WTD_REVOKE_WHOLECHAIN = 1 -) - -const ( - WTD_CHOICE_FILE = 1 - WTD_CHOICE_CATALOG = 2 - WTD_CHOICE_BLOB = 3 - WTD_CHOICE_SIGNER = 4 - WTD_CHOICE_CERT = 5 -) - -const ( - WTD_STATEACTION_IGNORE = 0x00000000 - WTD_STATEACTION_VERIFY = 0x00000010 - WTD_STATEACTION_CLOSE = 0x00000002 - WTD_STATEACTION_AUTO_CACHE = 0x00000003 - WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004 -) - -const ( - WTD_USE_IE4_TRUST_FLAG = 0x1 - WTD_NO_IE4_CHAIN_FLAG = 0x2 - WTD_NO_POLICY_USAGE_FLAG = 0x4 - WTD_REVOCATION_CHECK_NONE = 0x10 - WTD_REVOCATION_CHECK_END_CERT = 0x20 - WTD_REVOCATION_CHECK_CHAIN = 0x40 - WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80 - WTD_SAFER_FLAG = 0x100 - WTD_HASH_ONLY_FLAG = 0x200 - WTD_USE_DEFAULT_OSVER_CHECK = 0x400 - WTD_LIFETIME_SIGNING_FLAG = 0x800 - WTD_CACHE_ONLY_URL_RETRIEVAL = 0x1000 - WTD_DISABLE_MD2_MD4 = 0x2000 - WTD_MOTW = 0x4000 -) - -const ( - TRUST_E_NOSIGNATURE = 0x800B0100 - TRUST_E_EXPLICIT_DISTRUST = 0x800B0111 - TRUST_E_SUBJECT_NOT_TRUSTED = 0x800B0004 - CRYPT_E_SECURITY_SETTINGS = 0x80092026 -) - -const ( - WTD_UICONTEXT_EXECUTE = 0 - WTD_UICONTEXT_INSTALL = 1 -) - -var WINTRUST_ACTION_GENERIC_VERIFY_V2 = windows.GUID{ - Data1: 0xaac56b, - Data2: 0xcd44, - Data3: 0x11d0, - Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee}, -} - -type WinTrustFileInfo struct { - CbStruct uint32 - FilePath *uint16 - File windows.Handle - KnownSubject *windows.GUID -} - -type WintrustSignatureSettings struct { - CbStruct uint32 - Index uint32 - Flags uint32 - SecondarySigs uint32 - VerifiedSigIndex uint32 - CryptoPolicy *CertStrongSignPara -} - -type CertStrongSignPara struct { - CbStruct uint32 - InfoChoice uint32 - InfoOrSerializedInfoOrOID uintptr -} - -//sys WinVerifyTrust(hWnd windows.Handle, actionId *windows.GUID, data *WinTrustData) (err error) [r1 != 0] = wintrust.WinVerifyTrust diff --git a/version/wintrust/zsyscall_windows.go b/version/wintrust/zsyscall_windows.go deleted file mode 100644 index 4d73cc5e..00000000 --- a/version/wintrust/zsyscall_windows.go +++ /dev/null @@ -1,69 +0,0 @@ -// Code generated by 'go generate'; DO NOT EDIT. - -package wintrust - -import ( - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -var _ unsafe.Pointer - -// Do the interface allocations only once for common -// Errno values. -const ( - errnoERROR_IO_PENDING = 997 -) - -var ( - errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) -) - -// errnoErr returns common boxed Errno values, to prevent -// allocations at runtime. -func errnoErr(e syscall.Errno) error { - switch e { - case 0: - return nil - case errnoERROR_IO_PENDING: - return errERROR_IO_PENDING - } - // TODO: add more here, after collecting data on the common - // error values see on Windows. (perhaps when running - // all.bat?) - return e -} - -var ( - modwintrust = windows.NewLazySystemDLL("wintrust.dll") - modcrypt32 = windows.NewLazySystemDLL("crypt32.dll") - - procWinVerifyTrust = modwintrust.NewProc("WinVerifyTrust") - procCryptQueryObject = modcrypt32.NewProc("CryptQueryObject") -) - -func WinVerifyTrust(hWnd windows.Handle, actionId *windows.GUID, data *WinTrustData) (err error) { - r1, _, e1 := syscall.Syscall(procWinVerifyTrust.Addr(), 3, uintptr(hWnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data))) - if r1 != 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} - -func cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) { - r1, _, e1 := syscall.Syscall12(procCryptQueryObject.Addr(), 11, uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context)), 0) - if r1 == 0 { - if e1 != 0 { - err = errnoErr(e1) - } else { - err = syscall.EINVAL - } - } - return -} |