Install/uninstall brave vpn wireguard service (#18565)

Author: spylogsster

.gitignore

@@ -16,6 +16,8 @@ node_modules/
 patches/**/*.patchinfo
 /third_party/android_deps/libs/com_google_android_play_core/core-1.10.0.aar
 /third_party/argon2/src
+/third_party/brave-vpn-wireguard-nt-dlls/
+/third_party/brave-vpn-wireguard-tunnel-dlls/
 /third_party/bip39wally-core-native/
 /third_party/ethash/src
 /third_party/bitcoin-core/src

DEPS

@@ -67,6 +67,18 @@ hooks = [
     'condition': 'checkout_mac and download_prebuilt_sparkle',
     'action': ['vpython3', 'build/mac/download_sparkle.py', '1.24.3'],
   },
+  {
+    'name': 'wireguard_nt',
+    'pattern': '.',
+    'condition': 'checkout_win',
+    'action': ['vpython3', 'build/win/download_brave_vpn_wireguard_binaries.py', '0.10.1', 'brave-vpn-wireguard-nt-dlls'],
+  },
+  {
+    'name': 'wireguard_tunnel',
+    'pattern': '.',
+    'condition': 'checkout_win',
+    'action': ['vpython3', 'build/win/download_brave_vpn_wireguard_binaries.py', 'v0.5.3', 'brave-vpn-wireguard-tunnel-dlls'],
+  },
   {
     'name': 'download_rust_deps',
     'pattern': '.',

build/win/download_brave_vpn_wireguard_binaries.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env vpython3
+
+# Copyright (c) 2023 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
+import argparse
+import os
+
+from deps_config import DEPS_PACKAGES_URL
+import deps
+
+
+def get_download_url(version, library):
+    return DEPS_PACKAGES_URL + \
+           '/brave-vpn-wireguard-dlls/' + library + '-' + \
+            version + '.zip'
+
+
+def get_library_path(library):
+    return os.path.join(os.getcwd(), *['third_party', library])
+
+
+def get_library_revision_path(library):
+    return os.path.join(get_library_path(library), '.revision')
+
+
+def main():
+    args = parse_args()
+    if args.revision != get_current_revision(args.library):
+        url = get_download_url(args.revision, args.library)
+        target_path = get_library_path(args.library)
+        print('url:{} to {}'.format(url, target_path))
+        deps.DownloadAndUnpack(url, target_path)
+        set_current_revision(args.revision, args.library)
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(description='Download Wireguard binaries.')
+    parser.add_argument('revision')
+    parser.add_argument('library')
+    return parser.parse_args()
+
+
+def get_current_revision(library):
+    try:
+        with open(get_library_revision_path(library)) as f:
+            return f.read()
+    except FileNotFoundError:
+        return None
+
+
+def set_current_revision(value, library):
+    with open(get_library_revision_path(library), 'w') as f:
+        f.write(value)
+
+
+if __name__ == '__main__':
+    main()

chromium_src/chrome/installer/DEPS

@@ -1,5 +1,6 @@
 include_rules = [
   "+brave/components/brave_vpn/browser/connection/ikev2/win",
+  "+brave/components/brave_vpn/browser/connection/wireguard/win",
   "+brave/components/brave_vpn/common/buildflags",
   "+brave/installer",
   "+chrome/common",

chromium_src/chrome/installer/setup/install_worker.cc

@@ -32,28 +32,32 @@
 #if BUILDFLAG(ENABLE_BRAVE_VPN)
 #include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_constants.h"
 #include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_state.h"
+#include "brave/components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service/service_constants.h"
 
 namespace {
 
-base::FilePath GetBraveVPNServicePath(const base::FilePath& target_path,
-                                      const base::Version& version) {
+// All BraveVpn services have support of "install" switch to make registration.
+constexpr char kBraveVpnServiceInstall[] = "install";
+
+base::FilePath GetBraveVPNHelperPath(const base::FilePath& target_path,
+                                     const base::Version& version) {
   return target_path.AppendASCII(version.GetString())
       .Append(brave_vpn::kBraveVPNHelperExecutable);
 }
 
-bool ConfigureBraveVPNServiceAutoRestart(const base::FilePath& exe_path,
-                                         const CallbackWorkItem&) {
+bool InstallBraveVPNService(const base::FilePath& exe_path,
+                            const CallbackWorkItem&) {
   if (!base::PathExists(exe_path)) {
     return false;
   }
   base::CommandLine cmd(exe_path);
-  cmd.AppendSwitch(brave_vpn::kBraveVpnHelperInstall);
+  cmd.AppendSwitch(kBraveVpnServiceInstall);
   base::LaunchOptions options = base::LaunchOptions();
   options.wait = true;
   return base::LaunchProcess(cmd, base::LaunchOptions()).IsValid();
 }
 
-// Adds work items to register the Vpn Service with Windows. Only for
+// Adds work items to register brave vpn helper service for Windows. Only for
 // system level installs.
 void AddBraveVPNHelperServiceWorkItems(const base::FilePath& vpn_service_path,
                                        WorkItemList* list) {
@@ -72,14 +76,33 @@ void AddBraveVPNHelperServiceWorkItems(const base::FilePath& vpn_service_path,
   install_service_work_item->set_best_effort(true);
   list->AddWorkItem(install_service_work_item);
   list->AddCallbackWorkItem(
-      base::BindOnce(&ConfigureBraveVPNServiceAutoRestart, vpn_service_path),
+      base::BindOnce(&InstallBraveVPNService, vpn_service_path),
+      base::NullCallback());
+}
+
+// Adds work items to register brave vpn wireguard service for Windows. Only for
+// system level installs.
+void AddBraveVPNWireguardServiceWorkItems(
+    const base::FilePath& wireguard_service_path,
+    WorkItemList* list) {
+  DCHECK(::IsUserAnAdmin());
+  if (wireguard_service_path.empty()) {
+    VLOG(1) << "The path to brave_vpn_wireguard_service.exe is invalid.";
+    return;
+  }
+  list->AddCallbackWorkItem(
+      base::BindOnce(&InstallBraveVPNService, wireguard_service_path),
       base::NullCallback());
 }
 
 }  // namespace
 
 #define GetElevationServicePath GetElevationServicePath(target_path, new_version), install_list); \
-  AddBraveVPNHelperServiceWorkItems(GetBraveVPNServicePath
+  AddBraveVPNWireguardServiceWorkItems(                                                           \
+      brave_vpn::GetBraveVPNWireguardServiceInstallationPath(target_path,                         \
+                                                             new_version),                        \
+      install_list);                                                                              \
+  AddBraveVPNHelperServiceWorkItems(GetBraveVPNHelperPath
 #endif  // BUILDFLAG(ENABLE_BRAVE_VPN)
 #include "src/chrome/installer/setup/install_worker.cc"
 #if BUILDFLAG(ENABLE_BRAVE_VPN)

chromium_src/chrome/installer/setup/sources.gni

@@ -17,6 +17,7 @@ if (is_win) {
     brave_chromium_src_chrome_installer_setup_deps += [
       "//brave/components/brave_vpn/browser/connection/ikev2/win:ras_utils",
       "//brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper:common",
+      "//brave/components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service:common",
     ]
   }
   if (is_official_build) {

chromium_src/chrome/installer/setup/uninstall.cc

@@ -9,6 +9,7 @@
 #include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_constants.h"
 #include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_state.h"
 #include "brave/components/brave_vpn/browser/connection/ikev2/win/ras_utils.h"
+#include "brave/components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service/service_constants.h"
 #endif
 #define UninstallProduct UninstallProduct_ChromiumImpl
 
@@ -72,6 +73,13 @@ InstallStatus UninstallProduct(const ModifyParams& modify_params,
       LOG(WARNING) << "Failed to delete "
                    << brave_vpn::GetBraveVpnHelperServiceName();
     }
+    if (!InstallServiceWorkItem::DeleteService(
+            brave_vpn::GetBraveVpnWireguardServiceName(),
+            brave_vpn::GetBraveVpnWireguardServiceRegistryStoragePath(), {},
+            {})) {
+      LOG(WARNING) << "Failed to delete "
+                   << brave_vpn::GetBraveVpnWireguardServiceName();
+    }
   }
   brave_vpn::ras::RemoveEntry(brave_vpn::GetBraveVPNConnectionName());
 #endif

components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/BUILD.gn

@@ -24,12 +24,11 @@ source_set("common") {
     "brave_vpn_helper_state.h",
   ]
 
-  public_deps = [ "//brave/components/brave_vpn/common/buildflags" ]
-
   deps = [
     "//base",
     "//brave/components/brave_vpn/browser/connection/common/win",
     "//brave/components/brave_vpn/common",
+    "//brave/components/brave_vpn/common/buildflags",
     "//chrome/install_static:install_static_util",
   ]
 }

components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service/BUILD.gn

@@ -10,6 +10,14 @@ import("//chrome/process_version_rc_template.gni")
 
 assert(is_win)
 
+copy("brave_vpn_wireguard_binaries") {
+  sources = [
+    "//brave/third_party/brave-vpn-wireguard-nt-dlls/${target_cpu}/wireguard.dll",
+    "//brave/third_party/brave-vpn-wireguard-tunnel-dlls/${target_cpu}/tunnel.dll",
+  ]
+  outputs = [ "$root_out_dir/{{source_file_part}}" ]
+}
+
 midl("brave_wireguard_manager_idl") {
   sources = [ "brave_wireguard_manager_idl.idl" ]
 
@@ -21,7 +29,7 @@ source_set("common") {
     "service_constants.cc",
     "service_constants.h",
   ]
-
+  public_deps = [ "//brave/components/brave_vpn/common/buildflags" ]
   deps = [
     "//base",
     "//chrome/install_static:install_static_util",
@@ -45,6 +53,7 @@ executable("brave_vpn_wireguard_service") {
   ]
 
   deps = [
+    ":brave_vpn_wireguard_binaries",
     ":common",
     ":version_resources",
     "//base",

components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service/service_constants.cc

@@ -8,11 +8,85 @@
 #include <guiddef.h>
 
 #include "base/containers/cxx20_erase.h"
+#include "brave/components/brave_vpn/common/buildflags/buildflags.h"
+#include "build/build_config.h"
 #include "chrome/install_static/install_util.h"
 
 namespace brave_vpn {
 
 namespace {
+// Registry path to Wireguard vpn service storage.
+constexpr wchar_t kBraveVpnWireguardServiceRegistryStoragePath[] =
+    L"Software\\BraveSoftware\\Vpn\\";
+
+// The service installed to %(VersionDir)s\BraveVpnWireguardService
+constexpr wchar_t kBraveVpnWireguardServiceSubFolder[] =
+    L"BraveVpnWireguardService";
+
+#if BUILDFLAG(CHANNEL_NIGHTLY)
+constexpr wchar_t kBraveWireguardTunnelServiceName[] =
+    L"BraveVpnNightlyWireguardTunnelService";
+// 8C2EE50E-9130-4B30-84C1-34753BF26E1B
+constexpr IID kBraveWireguardServiceIID = {
+    0x8c2ee50e,
+    0x9130,
+    0x4b30,
+    {0x84, 0xc1, 0x34, 0x75, 0x3b, 0xf2, 0x6e, 0x18}};
+// A8D57D90-7A29-4405-91D7-A712F347E426
+constexpr CLSID kBraveWireguardServiceCLSID = {
+    0xa8d57d90,
+    0x7a29,
+    0x4405,
+    {0x91, 0xd7, 0xa7, 0x12, 0xf3, 0x47, 0xe4, 0x26}};
+#elif BUILDFLAG(CHANNEL_BETA)
+constexpr wchar_t kBraveWireguardTunnelServiceName[] =
+    L"BraveVpnBetaWireguardTunnelService";
+// FB4C65B6-98B4-426B-8B11-5DB735526A84
+constexpr IID kBraveWireguardServiceIID = {
+    0xfb4c65b6,
+    0x98b4,
+    0x426b,
+    {0x8b, 0x11, 0x5d, 0xb7, 0x35, 0x52, 0x6a, 0x84}};
+// 93175676-5FAC-4D73-B1E1-5485003C9427
+constexpr CLSID kBraveWireguardServiceCLSID = {
+    0x93175676,
+    0x5fac,
+    0x4d73,
+    {0xb1, 0xe1, 0x54, 0x85, 0x00, 0x3c, 0x94, 0x27}};
+#elif BUILDFLAG(CHANNEL_DEV)
+constexpr wchar_t kBraveWireguardTunnelServiceName[] =
+    L"BraveVpnDevWireguardTunnelService";
+// E278A30A-CA8C-4885-A468-67741705A518
+constexpr IID kBraveWireguardServiceIID = {
+    0xe278a30a,
+    0xca8c,
+    0x4885,
+    {0xa4, 0x68, 0x67, 0x74, 0x17, 0x05, 0xa5, 0x18}};
+// 52C95DE1-D7D9-4C03-A275-8A4517AFAE08
+constexpr CLSID kBraveWireguardServiceCLSID = {
+    0x52c95de1,
+    0xd7d9,
+    0x4c03,
+    {0xa2, 0x75, 0x8a, 0x45, 0x17, 0xaf, 0xae, 0x08}};
+#elif BUILDFLAG(CHANNEL_DEVELOPMENT)
+constexpr wchar_t kBraveWireguardTunnelServiceName[] =
+    L"BraveVpnDevelopmentWireguardTunnelService";
+// 048EC63C-E2F2-4288-BEA0-DB58AD9CC20E
+constexpr IID kBraveWireguardServiceIID = {
+    0x048ec63c,
+    0xe2f2,
+    0x4288,
+    {0xbe, 0xa0, 0xd8, 0x58, 0xad, 0x9c, 0xc2, 0x0e}};
+// 57B73EDD-CBE4-46CA-8ACB-11D90840AF6E
+constexpr CLSID kBraveWireguardServiceCLSID = {
+    0x57b73edd,
+    0xcbe4,
+    0x46ca,
+    {0x8a, 0xcb, 0x11, 0xd9, 0x08, 0x40, 0xaf, 0x6e}};
+#else
+constexpr wchar_t kBraveWireguardTunnelServiceName[] =
+    L"BraveVpnWireguardTunnelService";
+
 // 053057AB-CF06-4E6C-BBAD-F8DA6436D933
 constexpr IID kBraveWireguardServiceIID = {
     0x053057ab,
@@ -25,12 +99,15 @@ constexpr CLSID kBraveWireguardServiceCLSID = {
     0xb213,
     0x4a8e,
     {0x98, 0xad, 0x9d, 0x64, 0xd8, 0x91, 0x39, 0x68}};
-
-constexpr wchar_t kBraveWireguardTunnelServiceName[] =
-    L"BraveWireGuardTunnelService";
+#endif
 
 }  // namespace
 
+std::wstring GetBraveVpnWireguardServiceRegistryStoragePath() {
+  return kBraveVpnWireguardServiceRegistryStoragePath +
+         GetBraveVpnWireguardServiceName();
+}
+
 // Returns the Brave Vpn Service CLSID, IID, Name, and Display Name
 // respectively.
 const CLSID& GetBraveVpnWireguardServiceClsid() {
@@ -56,4 +133,12 @@ std::wstring GetBraveVpnWireguardServiceName() {
 std::wstring GetBraveVpnWireguardTunnelServiceName() {
   return kBraveWireguardTunnelServiceName;
 }
+
+base::FilePath GetBraveVPNWireguardServiceInstallationPath(
+    const base::FilePath& target_path,
+    const base::Version& version) {
+  return target_path.AppendASCII(version.GetString())
+      .Append(brave_vpn::kBraveVpnWireguardServiceSubFolder)
+      .Append(brave_vpn::kBraveVpnWireguardServiceExecutable);
+}
 }  // namespace brave_vpn

components/brave_vpn/browser/connection/wireguard/win/brave_vpn_wireguard_service/service_constants.h

@@ -9,11 +9,13 @@
 #include <guiddef.h>
 #include <string>
 
+#include "base/files/file_path.h"
+#include "base/version.h"
+
 namespace brave_vpn {
+
 constexpr wchar_t kBraveVpnWireguardServiceExecutable[] =
     L"brave_vpn_wireguard_service.exe";
-constexpr wchar_t kBraveVpnWireguardServiceRegistryStoragePath[] =
-    L"Software\\BraveSoftware\\Brave\\Vpn\\BraveWireguardService";
 constexpr char kBraveVpnWireguardServiceInstallSwitchName[] = "install";
 constexpr char kBraveVpnWireguardServiceConnectSwitchName[] = "connect";
 
@@ -22,7 +24,10 @@ const IID& GetBraveVpnWireguardServiceIid();
 std::wstring GetBraveVpnWireguardTunnelServiceName();
 std::wstring GetBraveVpnWireguardServiceName();
 std::wstring GetBraveVpnWireguardServiceDisplayName();
-
+std::wstring GetBraveVpnWireguardServiceRegistryStoragePath();
+base::FilePath GetBraveVPNWireguardServiceInstallationPath(
+    const base::FilePath& target_path,
+    const base::Version& version);
 }  // namespace brave_vpn
 
 #endif  // BRAVE_COMPONENTS_BRAVE_VPN_BROWSER_CONNECTION_WIREGUARD_WIN_BRAVE_VPN_WIREGUARD_SERVICE_SERVICE_CONSTANTS_H_