Added crypto alg conversion helper

Domito.sln.DotSettings

@@ -1,4 +1,5 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=BCRYPT/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=CALG/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=Domito/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=LPWIN/@EntryIndexedValue">True</s:Boolean>

include/Domito.h

@@ -1,13 +1,15 @@
 #pragma once
 
+#include <ci.h>
+
 
 /********************************************************************************
  * Memory management, misc.                                                     *
  ********************************************************************************/
 
-//
+ //
-// Custom allocator for function that allocate pool memory
+ // Custom allocator for function that allocate pool memory
-// 
+ // 
 typedef
 _IRQL_requires_same_
 _Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
@@ -24,16 +26,16 @@ typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
  * Cryptography                                                                 *
  ********************************************************************************/
 
-//
+ //
-// This structure encapsulates a signature used in verifying executable files.
+ // This structure encapsulates a signature used in verifying executable files.
-// 
+ // 
 #if !defined(WIN_CERTIFICATE)
 typedef struct _WIN_CERTIFICATE {
-  DWORD dwLength;
+    DWORD dwLength;
-  WORD  wRevision;
+    WORD  wRevision;
-  WORD  wCertificateType;
+    WORD  wCertificateType;
-  BYTE  bCertificate[ANYSIZE_ARRAY];
+    BYTE  bCertificate[ANYSIZE_ARRAY];
-} WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
+} WIN_CERTIFICATE, * LPWIN_CERTIFICATE;
 #endif
 
 //
@@ -64,13 +66,37 @@ typedef struct _WIN_CERTIFICATE {
 #endif
 
 
+//
+// Converts a WinCrypt CALG_ID to a BCRYPT_ALGORITHM identifier
+//
+PCWSTR
+FORCEINLINE
+DOMITO_CALG_TO_BCRYPT_ALGORITHM(
+    _In_ UINT32 Calg
+)
+{
+    switch (Calg)
+    {
+    case CALG_SHA1:
+        return BCRYPT_SHA1_ALGORITHM;
+    case CALG_SHA256:
+        return BCRYPT_SHA256_ALGORITHM;
+    case CALG_SHA384:
+        return BCRYPT_SHA384_ALGORITHM;
+    case CALG_SHA512:
+        return BCRYPT_SHA512_ALGORITHM;
+    default:
+        return L"Unknown";
+    }
+}
+
 /********************************************************************************
  * Library functions                                                            *
  ********************************************************************************/
 
-// 
+ // 
-// Finds the base address of a driver module
+ // Finds the base address of a driver module
-// 
+ // 
 _Success_(return == STATUS_SUCCESS)
 _Must_inspect_result_
 _IRQL_requires_max_(PASSIVE_LEVEL)

src/Domito.cpp

@@ -1,6 +1,7 @@
 #include <ntifs.h>
 #include <ntintsafe.h>
 #include <ntimage.h>
+#include <bcrypt.h>
 
 #include "Domito.h"
 #include "ci.h"