scd: Allow standard keyref scheme for app-openpgp.

* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-03-24 22:09:57 +01:00 · 2019-02-05 14:48:49 +01:00 · 2019-02-05 14:48:49 +01:00 · 6651a0640d
commit 6651a0640d
parent 14ea581a1c
3 changed files with 16 additions and 2 deletions
--- a/doc/wks.texi
+++ b/doc/wks.texi
@ -124,7 +124,7 @@ Requires installation of that command.
@item --with-colons
@opindex with-colons
 This option has currently only an effect on the @option{--supported}
-command.  If it is used all arguimenst on the command line are taken
+command.  If it is used all arguments on the command line are taken
 as domain names and tested for WKD support.  The output format is one
 line per domain with colon delimited fields.  The currently specified
 fields are (future versions may specify additional fields):
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -2563,6 +2563,8 @@ do_writecert (app_t app, ctrl_t ctrl,
     -       2   1      Verify CHV2 and set a new CHV1 and CHV2.
     -       2   2      Verify Reset Code and set a new PW1.
     -       3   any    Verify CHV3/PW3 and set a new CHV3/PW3.
+
+   The CHVNO can be prefixed with "OPENPGP.".
 */
 static gpg_error_t
 do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
@ -2571,7 +2573,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
               void *pincb_arg)
 {
  int rc = 0;
-  int chvno = atoi (chvnostr);
+  int chvno;
  char *resetcode = NULL;
  char *oldpinvalue = NULL;
  char *pinvalue = NULL;
@ -2585,6 +2587,17 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,

  (void)ctrl;

+  if (digitp (chvnostr))
+    chvno = atoi (chvnostr);
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.1"))
+    chvno = 1;
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.2"))
+    chvno = 2;
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.3"))
+    chvno = 3;
+  else
+    return gpg_error (GPG_ERR_INV_ID);
+
  memset (&pininfo, 0, sizeof pininfo);
  pininfo.fixedlen = -1;
  pininfo.minlen = minlen;
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@ -330,6 +330,7 @@ iso7816_change_reference_data (int slot, int chvno,

  sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
                         oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+  wipememory (buf, oldchvlen+newchvlen);
  xfree (buf);
  return map_sw (sw);