diff options
| author | Werner Koch <[email protected]> | 2020-11-26 07:46:20 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-11-26 08:54:23 +0000 |
| commit | 764c69a841abc1a4dff2fa86b4cd0b63ec737860 (patch) | |
| tree | fe39ca58f8eb43656319a48a728c0d626042a955 /scd/app-openpgp.c | |
| parent | gpg: Report an error for receiving key from agent. (diff) | |
| download | gnupg-764c69a841abc1a4dff2fa86b4cd0b63ec737860.tar.gz gnupg-764c69a841abc1a4dff2fa86b4cd0b63ec737860.zip | |
scd: Add special serialno compare for OpenPGP cards.
* scd/app.c (is_same_serialno): New.
(check_application_conflict): Use this.
(select_application): Ditto.
(app_switch_current_card): Ditto.
* scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
compare case insensitive.
--
This is required because we change what we emit as serialno of OpenPGP
cards but existing keys still use the old form of the serial
number (i.e. with a firmware version).
See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'scd/app-openpgp.c')
| -rw-r--r-- | scd/app-openpgp.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 440c4d027..36301ee8d 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1102,8 +1102,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) if (table[idx].special == -1) { - /* The serial number is very special. We can't use the the AID - DO (0x4f) becuase this is the serialno per specs with the + /* The serial number is very special. We can't use the AID + DO (0x4f) because this is the serialno per specs with the correct appversion. We might however use a serialno with the version set to 0.0 and that is what we need to return. */ char *serial = app_get_serialno (app); @@ -5031,7 +5031,10 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) return gpg_error (GPG_ERR_INV_ID); } - if (n != 32 || strncmp (keyidstr, "D27600012401", 12)) + /* For a description of the serialno compare function see + * is_same_serialno. We don't use that function because here we + * are working on a hex string. */ + if (n != 32 || ascii_strncasecmp (keyidstr, "D27600012401", 12)) return gpg_error (GPG_ERR_INV_ID); else if (!*s) ; /* no fingerprint given: we allow this for now. */ @@ -5039,7 +5042,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) fpr = s + 1; serial = app_get_serialno (app); - if (strncmp (serial, keyidstr, 32)) + if (!serial || strlen (serial) != 32 + || ascii_memcasecmp (serial, "D27600012401", 12) + || ascii_memcasecmp (serial+16, keyidstr+16, 16)) { xfree (serial); return gpg_error (GPG_ERR_WRONG_CARD); |