How to use MAC SHA384 to create digital signature?

[deepakt]

Hi,

I am trying to create a digital signature on a DCM file with MAC-SHA384. Below is the command executed:
"dcmsign.exe +s C:\bin\Release\myKey.key C:\bin\Release\myCrt.crt +m3 -t "0010,0010" C:\bin\Release\00000001.dcm C:\bin\Release\Signed.dcm"
The application crashes. However, it works fine and does not crash for other supported MAC algorithms (i.e. RIPEMD 160, SHA-1, MD 5, SHA-256 and SHA-512). Below errors are observed in event viewer when SHA-384 is used

"
Faulting application path: C:\bin\Release\dcmsign.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
"

Note: I have used "dcmtk-3.6.2". Source code is compiled in debug/release version by enabling OpenSSL (version: openssl-1.1.0g).

Below is my understanding about this issue:
In the API "DcmSignature::createSignature" located at "..\dcmtk-3.6.2\dcmsign\libsrc\dcsignat.cc", below code snippet is used to retrieve MAC size and allocate memory:
unsigned long digestLength = mac.getSize();
unsigned char *digest = new unsigned char[digestLength];

In case when SHA-384 is used, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" is invoked.
This API returns "SHA_DIGEST_LENGTH" which is set to "20" at "..\openssl-1.1.0g\include\openssl\sha.h".
However the API "SiSHA256::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha256.cc" returns "SHA256_DIGEST_LENGTH" which is set to "32" at "..\openssl-1.1.0g\include\openssl\sha.h" and the API "SiSHA512::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha512.cc" return "SHA512_DIGEST_LENGTH" which is set to "64" at "..\openssl-1.1.0g\include\openssl\sha.h".

In the API "DcmSignature::createSignature" located at "..\dcmtk-3.6.2\dcmsign\libsrc\dcsignat.cc", memory allocation is done with "SHA_DIGEST_LENGTH" i.e. "20", however in the API "SHA512_Final" located at "..\openssl-1.1.0g\crypto\sha\sha512.c", memory access is done as per "SHA384_DIGEST_LENGTH" i.e. till "48" (below is the code snippet)
for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {

If I am not wrong, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" should return "SHA384_DIGEST_LENGTH" instead of "SHA_DIGEST_LENGTH".

I have modified the DCMTK source code i.e. "SiSHA384::getSize" API with "SHA384_DIGEST_LENGTH". I have compiled the source code and I have tried to create digital signature with MAC-SHA384 It works fine and I am able see that digital signature is created successfully and also the verification is completed successfully.

Request anyone to confirm if there is anything missing in the way I am using "dcmsign.exe". Also request to confirm if the modifications are required in DCMTK source code to use MAC-SHA384

[J. Riesmeier]

If I am not wrong, the API "SiSHA384::getSize" located at "..\dcmtk-3.6.2\dcmsign\libsrc\sisha384.cc" should return "SHA384_DIGEST_LENGTH" instead of "SHA_DIGEST_LENGTH".

Good catch! I'll fix this issue in the internal development version (which will be available in a couple of days in the public git repository).

[deepakt]

Good catch! I'll fix this issue in the internal development version (which will be available in a couple of days in the public git repository).

Thank you!!!