1 /* 2 * 3 * Copyright (C) 1998-2020, OFFIS e.V. 4 * All rights reserved. See COPYRIGHT file for details. 5 * 6 * This software and supporting documentation were developed by 7 * 8 * OFFIS e.V. 9 * R&D Division Health 10 * Escherweg 2 11 * D-26121 Oldenburg, Germany 12 * 13 * 14 * Module: dcmsign 15 * 16 * Author: Norbert Loxen, Marco Eichelberg 17 * 18 * Purpose: 19 * consts, typedefs and enums for dcmsign 20 * 21 */ 22 23 #ifndef SITYPES_H 24 #define SITYPES_H 25 26 #include "dcmtk/config/osconfig.h" /* make sure OS specific configuration is included first */ 27 28 #ifdef WITH_OPENSSL 29 30 #include "dcmtk/ofstd/oftypes.h" 31 #include "dcmtk/ofstd/ofcond.h" 32 #include "dcmtk/oflog/oflog.h" 33 #include "dcmtk/dcmsign/sidefine.h" 34 #include "dcmtk/dcmsign/sitypes.h" 35 36 /* 37 ** Logging 38 */ 39 40 extern DCMTK_DCMSIGN_EXPORT OFLogger dcmsignLogger; 41 42 #define DCMSIGN_TRACE(msg) OFLOG_TRACE(dcmsignLogger, msg) 43 #define DCMSIGN_DEBUG(msg) OFLOG_DEBUG(dcmsignLogger, msg) 44 #define DCMSIGN_INFO(msg) OFLOG_INFO(dcmsignLogger, msg) 45 #define DCMSIGN_WARN(msg) OFLOG_WARN(dcmsignLogger, msg) 46 #define DCMSIGN_ERROR(msg) OFLOG_ERROR(dcmsignLogger, msg) 47 #define DCMSIGN_FATAL(msg) OFLOG_FATAL(dcmsignLogger, msg) 48 49 50 // DICOM defined terms for MAC algorithms, certificate and timestamp types 51 #define SI_DEFTERMS_RIPEMD160 "RIPEMD160" 52 #define SI_DEFTERMS_SHA1 "SHA1" 53 #define SI_DEFTERMS_MD5 "MD5" 54 #define SI_DEFTERMS_X509CERT "X509_1993_SIG" 55 #define SI_DEFTERMS_CMS_TS "CMS_TS" 56 #define SI_DEFTERMS_SHA256 "SHA256" 57 #define SI_DEFTERMS_SHA384 "SHA384" 58 #define SI_DEFTERMS_SHA512 "SHA512" 59 60 // include this file in doxygen documentation 61 62 /** @file sitypes.h 63 * @brief type definitions and constants for the dcmsign module 64 */ 65 66 67 /** type of key for public key cryptosystem 68 * @remark this enum is only available if DCMTK is compiled with 69 * OpenSSL support enabled. 70 */ 71 enum E_KeyType 72 { 73 /// RSA key 74 EKT_RSA, 75 76 /// DSA key 77 EKT_DSA, 78 79 /// DH key 80 EKT_DH, 81 82 /// EC key 83 EKT_EC, 84 85 /// no key present 86 EKT_none 87 }; 88 89 90 /** type of MAC algorithm 91 * @remark this enum is only available if DCMTK is compiled with 92 * OpenSSL support enabled. 93 */ 94 enum E_MACType 95 { 96 /// SHA-1 97 EMT_SHA1, 98 99 /// RIPEMD160 100 EMT_RIPEMD160, 101 102 /// MD5 103 EMT_MD5, 104 105 /// SHA-256 106 EMT_SHA256, 107 108 /// SHA-384 109 EMT_SHA384, 110 111 /// SHA-512 112 EMT_SHA512 113 }; 114 115 /** signature verification policy 116 * @remark this enum is only available if DCMTK is compiled with 117 * OpenSSL support enabled. 118 */ 119 enum E_SignatureVerificationPolicy 120 { 121 /// verify signatures if present, pass otherwise 122 ESVP_verifyIfPresent, 123 124 /// fail if no signature is present at all but do not check any signature profile 125 ESVP_requireSignature, 126 127 /// fail if no valid creator RSA signature is present on the main dataset level 128 ESVP_requireCreatorRSASignature, 129 130 /// fail if no valid authorization RSA signature is present on the main dataset level 131 ESVP_requireAuthorizationRSASignature, 132 133 /// fail if no valid SR RSA signature is present on the main dataset level 134 ESVP_requireSRRSASignature 135 }; 136 137 /** verification policy for certified timestamps attached to signatures 138 * @remark this enum is only available if DCMTK is compiled with 139 * OpenSSL support enabled. 140 */ 141 enum E_TimestampVerificationPolicy 142 { 143 /// verify timestamp if present, pass otherwise 144 ETVP_verifyTSIfPresent, 145 146 /// ignore certified timestamp even if present 147 ETVP_ignoreTS, 148 149 /// fail if signature does not contain a certified timestamp 150 ETVP_requireTS, 151 152 }; 153 154 155 /* 156 * specific error conditions for module dcmsign 157 */ 158 159 /// object initialization failed 160 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 161 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InitializationFailed; 162 163 /// an OpenSSL call has failed 164 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 165 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_OpenSSLFailure; 166 167 /// file cannot be read 168 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 169 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CannotRead; 170 171 /// unable to use the selected transfer syntax for MAC computation 172 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 173 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_WrongTransferSyntax; 174 175 /// no more MAC ID numbers available 176 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 177 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_MacIDsExhausted; 178 179 /// certificate and private key do not match 180 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 181 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CertificateDoesNotMatchPrivateKey; 182 183 /// MAC algorithm not allowed for the current security profile 184 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 185 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_MacDoesNotMatchProfile; 186 187 /// Signature algorithm not allowed for the current security profile 188 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 189 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_AlgorithmDoesNotMatchProfile; 190 191 /// Transfer syntax not allowed for the current security profile 192 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 193 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_TransferSyntaxDoesNotMatchProfile; 194 195 /// Dataset is not suitable for the current security profile (e.g. wrong SOP class) 196 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 197 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DatasetDoesNotMatchProfile; 198 199 /// signature verification failed because the certificate is missing or cannot be read (e.g. unsupported format) 200 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 201 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoCertificate; 202 203 /// signature verification failed because the corresponding MAC parameters item could not be found or is incomplete 204 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 205 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoMAC; 206 207 /// signature verification failed because the corresponding signature item is incomplete 208 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 209 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoSignature; 210 211 /// signature verification failed because the MAC algorithm is not supported 212 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 213 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_UnsupportedMACAlgorithm; 214 215 /// signature verification failed because the signature is invalid (document corrupted) 216 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 217 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_Corrupted; 218 219 /// signature verification failed because the certificate was issued by an untrusted (unknown) CA 220 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 221 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoTrust; 222 223 /// unsupported MAC algorithm specified 224 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 225 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_UnsupportedMAC; 226 227 /// invalid object identifier (OID) string 228 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 229 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidOID; 230 231 /// unable to write time stamp query file 232 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 233 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_CannotWriteTSQ; 234 235 /// verification of timestamp response message failed 236 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 237 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidTSR; 238 239 /// signature verification failed because DataElementsSigned is missing or incorrect 240 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 241 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_NoDataElementsSigned; 242 243 /// List of data elements signed does not match the profile requirements 244 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 245 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DataElementsSignedDoesNotMatchProfile; 246 247 /// desired signature location item not found 248 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 249 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_ItemLocationNotFound; 250 251 /// unknown certified timestamp type 252 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 253 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_UnknownTimestampType; 254 255 /// certified timestamp in dataset cannot be read 256 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 257 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidTimestamp; 258 259 /// filetype is unknown (neither PEM nor DER) 260 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 261 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_InvalidFiletype; 262 263 /// signature verification of the certified timestamp failed 264 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 265 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_TimestampSignatureVerificationFailed; 266 267 /// signature verification failed because the certificate was already expired at the signature create date 268 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 269 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_CertExpiredAtSignature; 270 271 /// signature verification failed because the certificate was not yet valid at signature creation date 272 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 273 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_CertNotYetValidAtSig; 274 275 /// list of attributes to be signed contains attribute that is not signable 276 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 277 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_AttributeNotSignable; 278 279 /// signature verification failed because the signature contains an attribute that is not signable 280 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 281 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_VerificationFailed_AttributeNotSignable; 282 283 /// selected dataset or item is empty, nothing to sign 284 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 285 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_DatasetEmpty; 286 287 /// cannot create signature for current signature profile: required attributes missing 288 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 289 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_RequiredAttributeMissing; 290 291 /// cannot handle ECDSA signatures because OpenSSL was compiled without elliptic curve support 292 /// @remark this constant is only available if DCMTK is compiled with OpenSSL support enabled. 293 extern DCMTK_DCMSIGN_EXPORT const OFConditionConst SI_EC_EllipticCurveNotSupported; 294 295 #endif 296 #endif 297