Added crypto alg conversion helper

2023-07-01 06:04:58 +02:00 · 2023-07-01 06:04:58 +02:00 · e930f829ca
commit e930f829ca
parent 91cf973a26
3 changed files with 42 additions and 14 deletions
--- a/Domito.sln.DotSettings
+++ b/Domito.sln.DotSettings
@ -1,4 +1,5 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=BCRYPT/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=CALG/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=Domito/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=LPWIN/@EntryIndexedValue">True</s:Boolean>
--- a/include/Domito.h
+++ b/include/Domito.h
@ -1,13 +1,15 @@
 #pragma once

+#include <ci.h>
+

 /********************************************************************************
 * Memory management, misc.                                                     *
 ********************************************************************************/

-//
-// Custom allocator for function that allocate pool memory
-// 
+ //
+ // Custom allocator for function that allocate pool memory
+ // 
 typedef
 _IRQL_requires_same_
 _Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
@ -24,16 +26,16 @@ typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
 * Cryptography                                                                 *
 ********************************************************************************/

-//
-// This structure encapsulates a signature used in verifying executable files.
-// 
+ //
+ // This structure encapsulates a signature used in verifying executable files.
+ // 
 #if !defined(WIN_CERTIFICATE)
 typedef struct _WIN_CERTIFICATE {
-  DWORD dwLength;
-  WORD  wRevision;
-  WORD  wCertificateType;
-  BYTE  bCertificate[ANYSIZE_ARRAY];
-} WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
+    DWORD dwLength;
+    WORD  wRevision;
+    WORD  wCertificateType;
+    BYTE  bCertificate[ANYSIZE_ARRAY];
+} WIN_CERTIFICATE, * LPWIN_CERTIFICATE;
 #endif

 //
@ -64,13 +66,37 @@ typedef struct _WIN_CERTIFICATE {
 #endif


+//
+// Converts a WinCrypt CALG_ID to a BCRYPT_ALGORITHM identifier
+//
+PCWSTR
+FORCEINLINE
+DOMITO_CALG_TO_BCRYPT_ALGORITHM(
+    _In_ UINT32 Calg
+)
+{
+    switch (Calg)
+    {
+    case CALG_SHA1:
+        return BCRYPT_SHA1_ALGORITHM;
+    case CALG_SHA256:
+        return BCRYPT_SHA256_ALGORITHM;
+    case CALG_SHA384:
+        return BCRYPT_SHA384_ALGORITHM;
+    case CALG_SHA512:
+        return BCRYPT_SHA512_ALGORITHM;
+    default:
+        return L"Unknown";
+    }
+}
+
 /********************************************************************************
 * Library functions                                                            *
 ********************************************************************************/

-// 
-// Finds the base address of a driver module
-// 
+ // 
+ // Finds the base address of a driver module
+ // 
 _Success_(return == STATUS_SUCCESS)
 _Must_inspect_result_
 _IRQL_requires_max_(PASSIVE_LEVEL)
--- a/src/Domito.cpp
+++ b/src/Domito.cpp
@ -1,6 +1,7 @@
 #include <ntifs.h>
 #include <ntintsafe.h>
 #include <ntimage.h>
+#include <bcrypt.h>

 #include "Domito.h"
 #include "ci.h"