1 /*
2  *
3  *  Copyright (C) 1998-2020, OFFIS e.V.
4  *  All rights reserved.  See COPYRIGHT file for details.
5  *
6  *  This software and supporting documentation were developed by
7  *
8  *    OFFIS e.V.
9  *    R&D Division Health
10  *    Escherweg 2
11  *    D-26121 Oldenburg, Germany
12  *
13  *
14  *  Module: dcmsign
15  *
16  *  Author: Norbert Loxen, Marco Eichelberg
17  *
18  *  Purpose:
19  *    consts, typedefs and enums for dcmsign
20  *
21  */
22 
23 #ifndef SITYPES_H
24 #define SITYPES_H
25 
26 #include "dcmtk/config/osconfig.h"    /* make sure OS specific configuration is included first */
27 
28 #ifdef WITH_OPENSSL
29 
30 #include "dcmtk/ofstd/oftypes.h"
31 #include "dcmtk/ofstd/ofcond.h"
32 #include "dcmtk/oflog/oflog.h"
33 #include "dcmtk/dcmsign/sidefine.h"
34 #include "dcmtk/dcmsign/sitypes.h"
35 
36 /*
37 ** Logging
38 */
39 
40 extern DCMTK_DCMSIGN_EXPORT OFLogger dcmsignLogger;
41 
42 #define DCMSIGN_TRACE(msg) OFLOG_TRACE(dcmsignLogger, msg)
43 #define DCMSIGN_DEBUG(msg) OFLOG_DEBUG(dcmsignLogger, msg)
44 #define DCMSIGN_INFO(msg)  OFLOG_INFO(dcmsignLogger, msg)
45 #define DCMSIGN_WARN(msg)  OFLOG_WARN(dcmsignLogger, msg)
46 #define DCMSIGN_ERROR(msg) OFLOG_ERROR(dcmsignLogger, msg)
47 #define DCMSIGN_FATAL(msg) OFLOG_FATAL(dcmsignLogger, msg)
48 
49 
50 // DICOM defined terms for MAC algorithms, certificate and timestamp types
51 #define SI_DEFTERMS_RIPEMD160 "RIPEMD160"
52 #define SI_DEFTERMS_SHA1      "SHA1"
53 #define SI_DEFTERMS_MD5       "MD5"
54 #define SI_DEFTERMS_X509CERT  "X509_1993_SIG"
55 #define SI_DEFTERMS_CMS_TS    "CMS_TS"
56 #define SI_DEFTERMS_SHA256    "SHA256"
57 #define SI_DEFTERMS_SHA384    "SHA384"
58 #define SI_DEFTERMS_SHA512    "SHA512"
59 
60 // include this file in doxygen documentation
61 
62 /** @file sitypes.h
63  *  @brief type definitions and constants for the dcmsign module
64  */
65 
66 
67 /** type of key for public key cryptosystem
68  *  @remark this enum is only available if DCMTK is compiled with
69  *  OpenSSL support enabled.
70  */
71 enum E_KeyType
72 {
73   /// RSA key
74   EKT_RSA,
75 
76   /// DSA key
77   EKT_DSA,
78 
79   /// DH key
80   EKT_DH,
81 
82   /// EC key
83   EKT_EC,
84 
85   /// no key present
86   EKT_none
87 };
88 
89 
90 /** type of MAC algorithm
91  *  @remark this enum is only available if DCMTK is compiled with
92  *  OpenSSL support enabled.
93  */
94 enum E_MACType
95 {
96   /// SHA-1
97   EMT_SHA1,
98 
99   /// RIPEMD160
100   EMT_RIPEMD160,
101 
102   /// MD5
103   EMT_MD5,
104 
105   /// SHA-256
106   EMT_SHA256,
107 
108   /// SHA-384
109   EMT_SHA384,
110 
111   /// SHA-512
112   EMT_SHA512
113 };
114 
115 /** signature verification policy
116  *  @remark this enum is only available if DCMTK is compiled with
117  *  OpenSSL support enabled.
118  */
119 enum E_SignatureVerificationPolicy
120 {
121   /// verify signatures if present, pass otherwise
122   ESVP_verifyIfPresent,
123 
124   /// fail if no signature is present at all but do not check any signature profile
125   ESVP_requireSignature,
126 
127   /// fail if no valid creator RSA signature is present on the main dataset level
128   ESVP_requireCreatorRSASignature,
129 
130   /// fail if no valid authorization RSA signature is present on the main dataset level
131   ESVP_requireAuthorizationRSASignature,
132 
133   /// fail if no valid SR RSA signature is present on the main dataset level
134   ESVP_requireSRRSASignature
135 };
136 
137 /** verification policy for certified timestamps attached to signatures
138  *  @remark this enum is only available if DCMTK is compiled with
139  *  OpenSSL support enabled.
140  */
141 enum E_TimestampVerificationPolicy
142 {
143   /// verify timestamp if present, pass otherwise
144   ETVP_verifyTSIfPresent,
145 
146   /// ignore certified timestamp even if present
147   ETVP_ignoreTS,
148 
149   /// fail if signature does not contain a certified timestamp
150   ETVP_requireTS,
151 
152 };
153 
154 
155 /*
156  * specific error conditions for module dcmsign
157  */
158 
159 /// object initialization failed
160 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
161 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InitializationFailed;
162 
163 /// an OpenSSL call has failed
164 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
165 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_OpenSSLFailure;
166 
167 /// file cannot be read
168 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
169 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CannotRead;
170 
171 /// unable to use the selected transfer syntax for MAC computation
172 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
173 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_WrongTransferSyntax;
174 
175 /// no more MAC ID numbers available
176 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
177 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_MacIDsExhausted;
178 
179 /// certificate and private key do not match
180 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
181 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CertificateDoesNotMatchPrivateKey;
182 
183 /// MAC algorithm not allowed for the current security profile
184 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
185 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_MacDoesNotMatchProfile;
186 
187 /// Signature algorithm not allowed for the current security profile
188 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
189 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_AlgorithmDoesNotMatchProfile;
190 
191 /// Transfer syntax not allowed for the current security profile
192 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
193 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_TransferSyntaxDoesNotMatchProfile;
194 
195 /// Dataset is not suitable for the current security profile (e.g. wrong SOP class)
196 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
197 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DatasetDoesNotMatchProfile;
198 
199 /// signature verification failed because the certificate is missing or cannot be read (e.g. unsupported format)
200 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
201 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoCertificate;
202 
203 /// signature verification failed because the corresponding MAC parameters item could not be found or is incomplete
204 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
205 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoMAC;
206 
207 /// signature verification failed because the corresponding signature item is incomplete
208 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
209 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoSignature;
210 
211 /// signature verification failed because the MAC algorithm is not supported
212 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
213 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_UnsupportedMACAlgorithm;
214 
215 /// signature verification failed because the signature is invalid (document corrupted)
216 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
217 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_Corrupted;
218 
219 /// signature verification failed because the certificate was issued by an untrusted (unknown) CA
220 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
221 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoTrust;
222 
223 /// unsupported MAC algorithm specified
224 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
225 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_UnsupportedMAC;
226 
227 /// invalid object identifier (OID) string
228 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
229 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidOID;
230 
231 /// unable to write time stamp query file
232 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
233 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CannotWriteTSQ;
234 
235 /// verification of timestamp response message failed
236 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
237 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidTSR;
238 
239 /// signature verification failed because DataElementsSigned is missing or incorrect
240 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
241 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoDataElementsSigned;
242 
243 /// List of data elements signed does not match the profile requirements
244 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
245 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DataElementsSignedDoesNotMatchProfile;
246 
247 /// desired signature location item not found
248 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
249 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_ItemLocationNotFound;
250 
251 /// unknown certified timestamp type
252 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
253 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_UnknownTimestampType;
254 
255 /// certified timestamp in dataset cannot be read
256 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
257 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidTimestamp;
258 
259 /// filetype is unknown (neither PEM nor DER)
260 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
261 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidFiletype;
262 
263 /// signature verification of the certified timestamp failed
264 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
265 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_TimestampSignatureVerificationFailed;
266 
267 /// signature verification failed because the certificate was already expired at the signature create date
268 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
269 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_CertExpiredAtSignature;
270 
271 /// signature verification failed because the certificate was not yet valid at signature creation date
272 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
273 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_CertNotYetValidAtSig;
274 
275 /// list of attributes to be signed contains attribute that is not signable
276 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
277 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_AttributeNotSignable;
278 
279 /// signature verification failed because the signature contains an attribute that is not signable
280 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
281 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_AttributeNotSignable;
282 
283 /// selected dataset or item is empty, nothing to sign
284 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
285 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DatasetEmpty;
286 
287 /// cannot create signature for current signature profile: required attributes missing
288 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
289 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_RequiredAttributeMissing;
290 
291 /// cannot handle ECDSA signatures because OpenSSL was compiled without elliptic curve support
292 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled.
293 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_EllipticCurveNotSupported;
294 
295 #endif
296 #endif
297