windows: add WinVerifyTrustEx function
This commit adds the function and the required structs for it. This is
the same as the WinVerifyTrust function but has the more correct
signature.
https://docs.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-winverifytrustex
Change-Id: I43ae20302ba85a6ae1fc32ad4c34b59bee0a6a35
Reviewed-on: https://go-review.googlesource.com/c/sys/+/285715
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/windows/syscall_windows.go b/windows/syscall_windows.go
index 5c1102c..13d7425 100644
--- a/windows/syscall_windows.go
+++ b/windows/syscall_windows.go
@@ -22,6 +22,7 @@
const (
InvalidHandle = ^Handle(0)
+ InvalidHWND = ^HWND(0)
// Flags for DefineDosDevice.
DDD_EXACT_MATCH_ON_REMOVE = 0x00000004
@@ -284,6 +285,7 @@
//sys CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) = crypt32.CertFindExtension
//sys CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) = crypt32.CryptQueryObject
//sys CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) = crypt32.CryptDecodeObject
+//sys WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) = wintrust.WinVerifyTrustEx
//sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) = advapi32.RegOpenKeyExW
//sys RegCloseKey(key Handle) (regerrno error) = advapi32.RegCloseKey
//sys RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegQueryInfoKeyW
diff --git a/windows/types_windows.go b/windows/types_windows.go
index 8da35b0..453f56f 100644
--- a/windows/types_windows.go
+++ b/windows/types_windows.go
@@ -520,10 +520,58 @@
REALTIME_PRIORITY_CLASS = 0x00000100
)
+/* wintrust.h constants for WinVerifyTrustEx */
+const (
+ WTD_UI_ALL = 1
+ WTD_UI_NONE = 2
+ WTD_UI_NOBAD = 3
+ WTD_UI_NOGOOD = 4
+
+ WTD_REVOKE_NONE = 0
+ WTD_REVOKE_WHOLECHAIN = 1
+
+ WTD_CHOICE_FILE = 1
+ WTD_CHOICE_CATALOG = 2
+ WTD_CHOICE_BLOB = 3
+ WTD_CHOICE_SIGNER = 4
+ WTD_CHOICE_CERT = 5
+
+ WTD_STATEACTION_IGNORE = 0x00000000
+ WTD_STATEACTION_VERIFY = 0x00000010
+ WTD_STATEACTION_CLOSE = 0x00000002
+ WTD_STATEACTION_AUTO_CACHE = 0x00000003
+ WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
+
+ WTD_USE_IE4_TRUST_FLAG = 0x1
+ WTD_NO_IE4_CHAIN_FLAG = 0x2
+ WTD_NO_POLICY_USAGE_FLAG = 0x4
+ WTD_REVOCATION_CHECK_NONE = 0x10
+ WTD_REVOCATION_CHECK_END_CERT = 0x20
+ WTD_REVOCATION_CHECK_CHAIN = 0x40
+ WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
+ WTD_SAFER_FLAG = 0x100
+ WTD_HASH_ONLY_FLAG = 0x200
+ WTD_USE_DEFAULT_OSVER_CHECK = 0x400
+ WTD_LIFETIME_SIGNING_FLAG = 0x800
+ WTD_CACHE_ONLY_URL_RETRIEVAL = 0x1000
+ WTD_DISABLE_MD2_MD4 = 0x2000
+ WTD_MOTW = 0x4000
+
+ WTD_UICONTEXT_EXECUTE = 0
+ WTD_UICONTEXT_INSTALL = 1
+)
+
var (
OID_PKIX_KP_SERVER_AUTH = []byte("1.3.6.1.5.5.7.3.1\x00")
OID_SERVER_GATED_CRYPTO = []byte("1.3.6.1.4.1.311.10.3.3\x00")
OID_SGC_NETSCAPE = []byte("2.16.840.1.113730.4.1\x00")
+
+ WINTRUST_ACTION_GENERIC_VERIFY_V2 = GUID{
+ Data1: 0xaac56b,
+ Data2: 0xcd44,
+ Data3: 0x11d0,
+ Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
+ }
)
// Pointer represents a pointer to an arbitrary Windows type.
@@ -1283,6 +1331,44 @@
// Not implemented
}
+type CertStrongSignPara struct {
+ Size uint32
+ InfoChoice uint32
+ InfoOrSerializedInfoOrOID unsafe.Pointer
+}
+
+type WinTrustData struct {
+ Size uint32
+ PolicyCallbackData uintptr
+ SIPClientData uintptr
+ UIChoice uint32
+ RevocationChecks uint32
+ UnionChoice uint32
+ FileOrCatalogOrBlobOrSgnrOrCert unsafe.Pointer
+ StateAction uint32
+ StateData Handle
+ URLReference *uint16
+ ProvFlags uint32
+ UIContext uint32
+ SignatureSettings *WinTrustSignatureSettings
+}
+
+type WinTrustFileInfo struct {
+ Size uint32
+ FilePath *uint16
+ File Handle
+ KnownSubject *GUID
+}
+
+type WinTrustSignatureSettings struct {
+ Size uint32
+ Index uint32
+ Flags uint32
+ SecondarySigs uint32
+ VerifiedSigIndex uint32
+ CryptoPolicy *CertStrongSignPara
+}
+
const (
// do not reorder
HKEY_CLASSES_ROOT = 0x80000000 + iota
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index 4545585..b28a193 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -51,6 +51,7 @@
modshell32 = NewLazySystemDLL("shell32.dll")
moduser32 = NewLazySystemDLL("user32.dll")
moduserenv = NewLazySystemDLL("userenv.dll")
+ modwintrust = NewLazySystemDLL("wintrust.dll")
modws2_32 = NewLazySystemDLL("ws2_32.dll")
modwtsapi32 = NewLazySystemDLL("wtsapi32.dll")
@@ -354,6 +355,7 @@
procCreateEnvironmentBlock = moduserenv.NewProc("CreateEnvironmentBlock")
procDestroyEnvironmentBlock = moduserenv.NewProc("DestroyEnvironmentBlock")
procGetUserProfileDirectoryW = moduserenv.NewProc("GetUserProfileDirectoryW")
+ procWinVerifyTrustEx = modwintrust.NewProc("WinVerifyTrustEx")
procFreeAddrInfoW = modws2_32.NewProc("FreeAddrInfoW")
procGetAddrInfoW = modws2_32.NewProc("GetAddrInfoW")
procWSACleanup = modws2_32.NewProc("WSACleanup")
@@ -3023,6 +3025,14 @@
return
}
+func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) {
+ r0, _, _ := syscall.Syscall(procWinVerifyTrustEx.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data)))
+ if r0 != 0 {
+ ret = syscall.Errno(r0)
+ }
+ return
+}
+
func FreeAddrInfoW(addrinfo *AddrinfoW) {
syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0)
return