MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e/Microsoft/InfoCards/SafeCryptoKey.cs
2022-08-18 06:28:56 -05:00

109 lines
3.7 KiB
C#

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.SafeCryptoKey
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Cryptography;
namespace Microsoft.InfoCards
{
internal class SafeCryptoKey : IDisposable
{
private SafeCryptoKeyHandle m_handle;
[SuppressUnmanagedCodeSecurity]
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool CryptSetKeyParam(
[In] SafeCryptoKeyHandle hKey,
[In] uint dwParam,
[In] IntPtr data,
[In] uint flags);
[SuppressUnmanagedCodeSecurity]
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool CryptImportKey(
[In] SafeRsaProviderHandle hProv,
[In] IntPtr pbKeyData,
[In] uint dwDataLen,
[In] IntPtr hPubKey,
[In] uint dwFlags,
out SafeCryptoKeyHandle hKey);
public SafeCryptoKeyHandle Handle => this.m_handle;
public unsafe SafeCryptoKey(SafeRsaProviderHandle provider, byte[] encryptedKey, byte[] iv)
{
SafeCryptoKey.BlobHeader blobHeader = new SafeCryptoKey.BlobHeader(encryptedKey.Length);
int dwDataLen = sizeof (SafeCryptoKey.BlobHeader) + encryptedKey.Length;
// ISSUE: untyped stack allocation
byte* pbKeyData = (byte*) __untypedstackalloc(dwDataLen);
byte* numPtr = (byte*) &blobHeader;
for (int index = 0; index < 12; ++index)
pbKeyData[index] = numPtr[index];
try
{
ProtectedMemory.Unprotect(encryptedKey, MemoryProtectionScope.SameProcess);
for (int index = 0; index < encryptedKey.Length; ++index)
pbKeyData[12 + index] = encryptedKey[index];
}
finally
{
ProtectedMemory.Protect(encryptedKey, MemoryProtectionScope.SameProcess);
}
if (!SafeCryptoKey.CryptImportKey(provider, (IntPtr) (void*) pbKeyData, (uint) dwDataLen, IntPtr.Zero, 0U, out this.m_handle))
{
Exception e = (Exception) new Win32Exception(Marshal.GetLastWin32Error());
InfoCardTrace.CloseInvalidOutSafeHandle((SafeHandle) this.m_handle);
InfoCardTrace.TraceAndLogException(e);
throw InfoCardTrace.ThrowHelperError(e);
}
fixed (byte* data = &iv[0])
{
if (!SafeCryptoKey.CryptSetKeyParam(this.m_handle, 1U, (IntPtr) (void*) data, 0U))
{
Exception e = (Exception) new Win32Exception(Marshal.GetLastWin32Error());
this.m_handle.Dispose();
throw InfoCardTrace.ThrowHelperError(e);
}
// ISSUE: __unpin statement
__unpin(data);
}
}
void IDisposable.Dispose() => this.m_handle.Dispose();
[StructLayout(LayoutKind.Explicit, Size = 12)]
private struct BlobHeader
{
private const int PLAINTEXTKEYBLOB = 8;
private const int CUR_BLOB_VERSION = 2;
private const int CALG_AES = 26128;
[FieldOffset(0)]
public byte bType;
[FieldOffset(1)]
public byte bVersion;
[FieldOffset(2)]
public ushort reserved;
[FieldOffset(4)]
public uint aiKeyAlg;
[FieldOffset(8)]
public uint keyLength;
public BlobHeader(int keySize)
{
this.bType = (byte) 8;
this.bVersion = (byte) 2;
this.reserved = (ushort) 0;
this.aiKeyAlg = 26128U;
this.keyLength = (uint) keySize;
}
}
}
}