pacs_system/digital__signature_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include "certificate.h"

#include "signature_types.h"


#include <kcenon/pacs/core/dicom_dataset.h>

#include <kcenon/pacs/core/dicom_tag.h>


#include <kcenon/common/patterns/result.h>


#include <optional>

#include <span>

#include <vector>


namespace kcenon::pacs::security {


class digital_signature {

public:

    // ========================================================================

    // Signature Creation

    // ========================================================================


    [[nodiscard]] static auto sign(

        core::dicom_dataset& dataset,

        const certificate& cert,

        const private_key& key,

        signature_algorithm algo = signature_algorithm::rsa_sha256

    ) -> kcenon::common::VoidResult;


    [[nodiscard]] static auto sign_tags(

        core::dicom_dataset& dataset,

        const certificate& cert,

        const private_key& key,

        std::span<const core::dicom_tag> tags_to_sign,

        signature_algorithm algo = signature_algorithm::rsa_sha256

    ) -> kcenon::common::VoidResult;


    // ========================================================================

    // Signature Verification

    // ========================================================================


    [[nodiscard]] static auto verify(

        const core::dicom_dataset& dataset

    ) -> kcenon::common::Result<signature_status>;


    [[nodiscard]] static auto verify_with_trust(

        const core::dicom_dataset& dataset,

        const std::vector<certificate>& trusted_certs

    ) -> kcenon::common::Result<signature_status>;


    // ========================================================================

    // Signature Information

    // ========================================================================


    [[nodiscard]] static auto get_signature_info(

        const core::dicom_dataset& dataset

    ) -> std::optional<signature_info>;


    [[nodiscard]] static auto get_all_signatures(

        const core::dicom_dataset& dataset

    ) -> std::vector<signature_info>;


    [[nodiscard]] static auto has_signature(

        const core::dicom_dataset& dataset

    ) -> bool;


    // ========================================================================

    // Utility Methods

    // ========================================================================


    static auto remove_signatures(

        core::dicom_dataset& dataset

    ) -> bool;


    [[nodiscard]] static auto generate_signature_uid() -> std::string;


private:

    // Internal helper methods

    static auto compute_mac(

        const core::dicom_dataset& dataset,

        std::span<const core::dicom_tag> tags,

        mac_algorithm algo

    ) -> std::vector<std::uint8_t>;


    static auto sign_mac(

        std::span<const std::uint8_t> mac_data,

        const private_key& key,

        signature_algorithm algo

    ) -> kcenon::common::Result<std::vector<std::uint8_t>>;


    static auto verify_mac_signature(

        std::span<const std::uint8_t> mac_data,

        std::span<const std::uint8_t> signature,

        const certificate& cert,

        signature_algorithm algo

    ) -> bool;

};


} // namespace kcenon::pacs::security

certificate.h
X.509 Certificate and Private Key handling for DICOM digital signatures.

kcenon::common::Result
Definition study_lock_manager.h:36

kcenon::pacs::core::dicom_dataset
Definition dicom_dataset.h:65

kcenon::pacs::security::certificate
Definition certificate.h:56

kcenon::pacs::security::digital_signature
Definition digital_signature.h:68

kcenon::pacs::security::digital_signature::compute_mac
static auto compute_mac(const core::dicom_dataset &dataset, std::span< const core::dicom_tag > tags, mac_algorithm algo) -> std::vector< std::uint8_t >
Definition digital_signature.cpp:602

kcenon::pacs::security::digital_signature::sign_mac
static auto sign_mac(std::span< const std::uint8_t > mac_data, const private_key &key, signature_algorithm algo) -> kcenon::common::Result< std::vector< std::uint8_t > >
Definition digital_signature.cpp:637

kcenon::pacs::security::digital_signature::has_signature
static auto has_signature(const core::dicom_dataset &dataset) -> bool
Check if a dataset contains digital signatures.
Definition digital_signature.cpp:570

kcenon::pacs::security::digital_signature::remove_signatures
static auto remove_signatures(core::dicom_dataset &dataset) -> bool
Remove all digital signatures from a dataset.
Definition digital_signature.cpp:578

kcenon::pacs::security::digital_signature::sign
static auto sign(core::dicom_dataset &dataset, const certificate &cert, const private_key &key, signature_algorithm algo=signature_algorithm::rsa_sha256) -> kcenon::common::VoidResult
Sign a DICOM dataset.
Definition digital_signature.cpp:289

kcenon::pacs::security::digital_signature::verify_with_trust
static auto verify_with_trust(const core::dicom_dataset &dataset, const std::vector< certificate > &trusted_certs) -> kcenon::common::Result< signature_status >
Verify digital signatures with a trusted certificate store.
Definition digital_signature.cpp:467

kcenon::pacs::security::digital_signature::verify
static auto verify(const core::dicom_dataset &dataset) -> kcenon::common::Result< signature_status >
Verify digital signatures in a dataset.
Definition digital_signature.cpp:389

kcenon::pacs::security::digital_signature::sign_tags
static auto sign_tags(core::dicom_dataset &dataset, const certificate &cert, const private_key &key, std::span< const core::dicom_tag > tags_to_sign, signature_algorithm algo=signature_algorithm::rsa_sha256) -> kcenon::common::VoidResult
Sign specific tags in a DICOM dataset.
Definition digital_signature.cpp:300

kcenon::pacs::security::digital_signature::verify_mac_signature
static auto verify_mac_signature(std::span< const std::uint8_t > mac_data, std::span< const std::uint8_t > signature, const certificate &cert, signature_algorithm algo) -> bool
Definition digital_signature.cpp:695

kcenon::pacs::security::digital_signature::get_signature_info
static auto get_signature_info(const core::dicom_dataset &dataset) -> std::optional< signature_info >
Get information about signatures in a dataset.
Definition digital_signature.cpp:506

kcenon::pacs::security::digital_signature::get_all_signatures
static auto get_all_signatures(const core::dicom_dataset &dataset) -> std::vector< signature_info >
Get all signatures in a dataset.
Definition digital_signature.cpp:556

kcenon::pacs::security::digital_signature::generate_signature_uid
static auto generate_signature_uid() -> std::string
Generate a new Digital Signature UID.
Definition digital_signature.cpp:598

kcenon::pacs::security::private_key
Definition certificate.h:239

dicom_dataset.h
DICOM Dataset - ordered collection of Data Elements.

dicom_tag.h
DICOM Tag representation (Group, Element pairs)

kcenon::pacs::security
Definition access_control_manager.h:27

kcenon::pacs::security::mac_algorithm
mac_algorithm
MAC algorithm identifiers per DICOM PS3.15.
Definition signature_types.h:130

kcenon::pacs::security::signature_algorithm
signature_algorithm
Signature algorithms supported for DICOM digital signatures.
Definition signature_types.h:40

kcenon::pacs::security::signature_algorithm::rsa_sha256
@ rsa_sha256
RSA with SHA-256 (recommended for most use cases)

signature_types.h
Digital signature types and structures for DICOM PS3.15 compliance.