scd: Rework the handling of the displayed serial number.

* scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys.
(app_munge_serialno): Handle Yubikey serial numbers.
(card_get_serialno): Remove special Yubikey treatment.  Drop arg
is_canonical.
(app_get_serialno): Clear ERRNO on error.
(card_get_dispserialno): New.  Also change formatting of Yubikey and
OpenPGP numbers to match those printed on the card.
(app_get_dispserialno): New.
* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
(yubikey_get_serialno): Remove.
* scd/app-piv.c (get_dispserialno): Remove.
(do_getattr): Use app_get_dispserialno.
--

This patch gets us back to a unique serial number for cards and
provides a stable serial number as printed for Yubikeys.

Because we use a slightly different serial number now for Yubikeys and
cards only supporting OpenPGP card we need to come up with another
change so that the version number of OpenPGP serial numbers are
ignored when comparing card serial numbers.  This is so that existing
stub keys of gpg-agent will continue to work.

GnuPG-bug-id: 5100
Signed-off-by: Werner Koch <[email protected]>

1 files changed, 18 insertions, 45 deletions

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 0e3b3daad..440c4d027 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1102,9 +1102,10 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
 
   if (table[idx].special == -1)
     {
-      /* The serial number is very special.  We could have used the
-         AID DO to retrieve it.  The AID DO is available anyway but
-         not hex formatted. */
+      /* The serial number is very special.  We can't use the the AID
+         DO (0x4f) becuase this is the serialno per specs with the
+         correct appversion.  We might however use a serialno with the
+         version set to 0.0 and that is what we need to return.  */
       char *serial = app_get_serialno (app);
 
       if (serial)
@@ -1147,17 +1148,14 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     }
   if (table[idx].special == -4)
     {
-      char *serial = app_get_serialno (app);
+      char *serial;
 
-      if (serial)
+      if ((serial = app_get_dispserialno (app, 0)))
         {
-          if (strlen (serial) > 16+12)
-            {
-              send_status_info (ctrl, table[idx].name, serial+16, 12, NULL, 0);
-              xfree (serial);
-              return 0;
-            }
+          send_status_info (ctrl, table[idx].name,
+                            serial, strlen (serial), NULL, 0);
           xfree (serial);
+          return 0;
         }
       return gpg_error (GPG_ERR_INV_NAME);
     }
@@ -1383,39 +1381,6 @@ get_disp_name (app_t app)
 }
 
 
-/*
- * Yubikey has its own serial number at app->serialno.  When Yubikey
- * is used for OpenPGP card app, we get the serial number for OpenPGP
- * card from its AID data object.
- */
-char *
-yubikey_get_serialno (app_t app)
-{
-  void *relptr;
-  unsigned char *buffer;
-  size_t buflen;
-  char *serial;
-
-  relptr = get_one_do (app, 0x004F, &buffer, &buflen, NULL);
-  if (!relptr)
-    return NULL;
-  if (buflen != 16)
-    {
-      xfree (relptr);
-      return NULL;
-    }
-
-  serial = xtrymalloc (32 + 1);
-  if (!serial)
-    return NULL;
-
-  serial[32] = 0;
-  bin2hex (buffer, buflen, serial);
-  xfree (relptr);
-  return serial;
-}
-
-
 /* Return the pretty formatted serialnumber.  On error NULL is
  * returned.  */
 static char *
@@ -6113,7 +6078,15 @@ app_select_openpgp (app_t app)
       app->appversion |= buffer[7];
       manufacturer = (buffer[8]<<8 | buffer[9]);
 
-      /* For Yubikey, serialno is set in app.c, already.  */
+      /* For Yubikey, serialno is set in app.c, already.  The problem
+       * is that the OpenPGP appversion has been set to 0.0 because we
+       * are not able to deduce this if the OpenPGP app has not been
+       * enabled.  Thus we here to to use the appversion from DO 0x4f
+       * but return a serialno with a version 0.0 as set by app.c.
+       * Users of scdaemon taking the version from the serialno won't
+       * work anymore and need to be modified.  Recall that our
+       * architecture requires exactly one serilano per card.
+       */
       if (app->card->cardtype == CARDTYPE_YUBIKEY)
         xfree (buffer);
       else