api: remove authenticode support
Certificates are no longer valid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
86521458e3
commit
acc9ee7f34
@ -6,7 +6,6 @@
|
|||||||
#include <WinSock2.h>
|
#include <WinSock2.h>
|
||||||
#include <Windows.h>
|
#include <Windows.h>
|
||||||
#include <winternl.h>
|
#include <winternl.h>
|
||||||
#include <wincrypt.h>
|
|
||||||
#include <cfgmgr32.h>
|
#include <cfgmgr32.h>
|
||||||
#include <devguid.h>
|
#include <devguid.h>
|
||||||
#include <ws2tcpip.h>
|
#include <ws2tcpip.h>
|
||||||
@ -802,90 +801,6 @@ AdapterOpenDeviceObject(const WINTUN_ADAPTER *Adapter)
|
|||||||
return OpenDeviceObject(Adapter->DevInstanceID);
|
return OpenDeviceObject(Adapter->DevInstanceID);
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL HaveWHQL(VOID)
|
|
||||||
{
|
|
||||||
#if defined(HAVE_WHQL)
|
|
||||||
return IsWindows10;
|
|
||||||
#else
|
|
||||||
return FALSE;
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
static _Return_type_success_(return != FALSE)
|
|
||||||
BOOL
|
|
||||||
InstallCertificate(_In_z_ LPCWSTR SignedResource)
|
|
||||||
{
|
|
||||||
LOG(WINTUN_LOG_INFO, L"Trusting code signing certificate");
|
|
||||||
DWORD SizeResource;
|
|
||||||
const VOID *LockedResource = ResourceGetAddress(SignedResource, &SizeResource);
|
|
||||||
if (!LockedResource)
|
|
||||||
{
|
|
||||||
LOG(WINTUN_LOG_ERR, L"Failed to locate resource %s", SignedResource);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
const CERT_BLOB CertBlob = { .cbData = SizeResource, .pbData = (BYTE *)LockedResource };
|
|
||||||
HCERTSTORE QueriedStore;
|
|
||||||
if (!CryptQueryObject(
|
|
||||||
CERT_QUERY_OBJECT_BLOB,
|
|
||||||
&CertBlob,
|
|
||||||
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
|
|
||||||
CERT_QUERY_FORMAT_FLAG_ALL,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
0,
|
|
||||||
&QueriedStore,
|
|
||||||
0,
|
|
||||||
NULL))
|
|
||||||
{
|
|
||||||
LOG_LAST_ERROR(L"Failed to find certificate");
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
DWORD LastError = ERROR_SUCCESS;
|
|
||||||
HCERTSTORE TrustedStore =
|
|
||||||
CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"TrustedPublisher");
|
|
||||||
if (!TrustedStore)
|
|
||||||
{
|
|
||||||
LastError = LOG_LAST_ERROR(L"Failed to open store");
|
|
||||||
goto cleanupQueriedStore;
|
|
||||||
}
|
|
||||||
LPSTR CodeSigningOid[] = { szOID_PKIX_KP_CODE_SIGNING };
|
|
||||||
CERT_ENHKEY_USAGE EnhancedUsage = { .cUsageIdentifier = 1, .rgpszUsageIdentifier = CodeSigningOid };
|
|
||||||
for (const CERT_CONTEXT *CertContext = NULL; (CertContext = CertFindCertificateInStore(
|
|
||||||
QueriedStore,
|
|
||||||
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
||||||
CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
|
|
||||||
CERT_FIND_ENHKEY_USAGE,
|
|
||||||
&EnhancedUsage,
|
|
||||||
CertContext)) != NULL;)
|
|
||||||
{
|
|
||||||
CERT_EXTENSION *Ext = CertFindExtension(
|
|
||||||
szOID_BASIC_CONSTRAINTS2, CertContext->pCertInfo->cExtension, CertContext->pCertInfo->rgExtension);
|
|
||||||
CERT_BASIC_CONSTRAINTS2_INFO Constraints;
|
|
||||||
DWORD Size = sizeof(Constraints);
|
|
||||||
if (Ext &&
|
|
||||||
CryptDecodeObjectEx(
|
|
||||||
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
||||||
szOID_BASIC_CONSTRAINTS2,
|
|
||||||
Ext->Value.pbData,
|
|
||||||
Ext->Value.cbData,
|
|
||||||
0,
|
|
||||||
NULL,
|
|
||||||
&Constraints,
|
|
||||||
&Size) &&
|
|
||||||
!Constraints.fCA)
|
|
||||||
if (!CertAddCertificateContextToStore(TrustedStore, CertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
|
|
||||||
{
|
|
||||||
LOG_LAST_ERROR(L"Failed to add certificate to store");
|
|
||||||
LastError = LastError != ERROR_SUCCESS ? LastError : GetLastError();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
CertCloseStore(TrustedStore, 0);
|
|
||||||
cleanupQueriedStore:
|
|
||||||
CertCloseStore(QueriedStore, 0);
|
|
||||||
return RET_ERROR(TRUE, LastError);
|
|
||||||
}
|
|
||||||
|
|
||||||
static BOOL
|
static BOOL
|
||||||
IsOurDrvInfoDetail(_In_ const SP_DRVINFO_DETAIL_DATA_W *DrvInfoDetailData)
|
IsOurDrvInfoDetail(_In_ const SP_DRVINFO_DETAIL_DATA_W *DrvInfoDetailData)
|
||||||
{
|
{
|
||||||
@ -1219,14 +1134,9 @@ SelectDriver(
|
|||||||
goto cleanupDirectory;
|
goto cleanupDirectory;
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL UseWHQL = HaveWHQL();
|
|
||||||
if (!UseWHQL && !InstallCertificate(L"wintun.cat"))
|
|
||||||
LOG(WINTUN_LOG_WARN, L"Failed to install code signing certificate");
|
|
||||||
|
|
||||||
LOG(WINTUN_LOG_INFO, L"Extracting driver");
|
LOG(WINTUN_LOG_INFO, L"Extracting driver");
|
||||||
if (!ResourceCopyToFile(CatPath, UseWHQL ? L"wintun-whql.cat" : L"wintun.cat") ||
|
if (!ResourceCopyToFile(CatPath, L"wintun.cat") || !ResourceCopyToFile(SysPath, L"wintun.sys") ||
|
||||||
!ResourceCopyToFile(SysPath, UseWHQL ? L"wintun-whql.sys" : L"wintun.sys") ||
|
!ResourceCopyToFile(InfPath, L"wintun.inf"))
|
||||||
!ResourceCopyToFile(InfPath, UseWHQL ? L"wintun-whql.inf" : L"wintun.inf"))
|
|
||||||
{
|
{
|
||||||
LastError = LOG_LAST_ERROR(L"Failed to extract driver");
|
LastError = LOG_LAST_ERROR(L"Failed to extract driver");
|
||||||
goto cleanupDelete;
|
goto cleanupDelete;
|
||||||
|
@ -17,7 +17,6 @@
|
|||||||
<ItemDefinitionGroup>
|
<ItemDefinitionGroup>
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<PreprocessorDefinitions>_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<PreprocessorDefinitions Condition="Exists('$(OutDir)whql\')">HAVE_WHQL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
|
||||||
<PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<PreprocessorDefinitions Condition="'$(Platform)'=='x64'">ACCEPT_WOW64;MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="'$(Platform)'=='x64'">ACCEPT_WOW64;MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">MAYBE_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
@ -28,7 +27,6 @@
|
|||||||
</ClCompile>
|
</ClCompile>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<AdditionalIncludeDirectories>..\$(Configuration)\$(WintunPlatform);..\$(Configuration);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
<AdditionalIncludeDirectories>..\$(Configuration)\$(WintunPlatform);..\$(Configuration);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
<PreprocessorDefinitions Condition="Exists('$(OutDir)whql\')">HAVE_WHQL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
|
||||||
<PreprocessorDefinitions Condition="Exists('..\$(Configuration)\arm64\wintun.dll')">BUILT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="Exists('..\$(Configuration)\arm64\wintun.dll')">BUILT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<PreprocessorDefinitions Condition="Exists('..\$(Configuration)\amd64\wintun.dll')">BUILT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="Exists('..\$(Configuration)\amd64\wintun.dll')">BUILT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">WANT_ARM64_WOW64;WANT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">WANT_ARM64_WOW64;WANT_AMD64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
@ -36,8 +34,8 @@
|
|||||||
<PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">WANT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions Condition="'$(Platform)'=='ARM'">WANT_ARM64_WOW64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
</ResourceCompile>
|
</ResourceCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<DelayLoadDLLs>advapi32.dll;bcrypt.dll;crypt32.dll;cfgmgr32.dll;iphlpapi.dll;ole32.dll;nci.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;bcrypt.dll;cfgmgr32.dll;iphlpapi.dll;ole32.dll;nci.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll</DelayLoadDLLs>
|
||||||
<AdditionalDependencies>Bcrypt.lib;Crypt32.lib;Cfgmgr32.lib;Iphlpapi.lib;$(IntDir)nci.lib;ntdll.lib;Setupapi.lib;shlwapi.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>Bcrypt.lib;Cfgmgr32.lib;Iphlpapi.lib;$(IntDir)nci.lib;ntdll.lib;Setupapi.lib;shlwapi.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
|
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<ImportLibrary>$(IntDir)$(TargetName).lib</ImportLibrary>
|
<ImportLibrary>$(IntDir)$(TargetName).lib</ImportLibrary>
|
||||||
@ -91,4 +89,4 @@
|
|||||||
<Target Name="CleanNci">
|
<Target Name="CleanNci">
|
||||||
<Delete Files="$(IntDir)nci.obj;$(IntDir)nci.lib" />
|
<Delete Files="$(IntDir)nci.obj;$(IntDir)nci.lib" />
|
||||||
</Target>
|
</Target>
|
||||||
</Project>
|
</Project>
|
||||||
|
@ -12,12 +12,6 @@ wintun.cat RCDATA "driver\\wintun.cat"
|
|||||||
wintun.inf RCDATA "driver\\wintun.inf"
|
wintun.inf RCDATA "driver\\wintun.inf"
|
||||||
wintun.sys RCDATA "driver\\wintun.sys"
|
wintun.sys RCDATA "driver\\wintun.sys"
|
||||||
|
|
||||||
#ifdef HAVE_WHQL
|
|
||||||
wintun-whql.cat RCDATA "whql\\wintun.cat"
|
|
||||||
wintun-whql.inf RCDATA "whql\\wintun.inf"
|
|
||||||
wintun-whql.sys RCDATA "whql\\wintun.sys"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(WANT_AMD64_WOW64)
|
#if defined(WANT_AMD64_WOW64)
|
||||||
# if defined(BUILT_AMD64_WOW64)
|
# if defined(BUILT_AMD64_WOW64)
|
||||||
wintun-amd64.dll RCDATA "amd64\\wintun.dll"
|
wintun-amd64.dll RCDATA "amd64\\wintun.dll"
|
||||||
|
Loading…
Reference in New Issue
Block a user