scd: Add special serialno compare for OpenPGP cards.

* scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c020 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2020-11-26 08:46:20 +01:00 · 2020-11-26 08:46:20 +01:00 · 764c69a841
commit 764c69a841
parent 605ab99912
3 changed files with 45 additions and 10 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -1102,8 +1102,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)

  if (table[idx].special == -1)
    {
-      /* The serial number is very special.  We can't use the the AID
-         DO (0x4f) becuase this is the serialno per specs with the
+      /* The serial number is very special.  We can't use the AID
+         DO (0x4f) because this is the serialno per specs with the
         correct appversion.  We might however use a serialno with the
         version set to 0.0 and that is what we need to return.  */
      char *serial = app_get_serialno (app);
@ -5031,7 +5031,10 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
            return gpg_error (GPG_ERR_INV_ID);
        }

-      if (n != 32 || strncmp (keyidstr, "D27600012401", 12))
+      /* For a description of the serialno compare function see
+       * is_same_serialno.  We don't use that function because here we
+       * are working on a hex string.  */
+      if (n != 32 || ascii_strncasecmp (keyidstr, "D27600012401", 12))
        return gpg_error (GPG_ERR_INV_ID);
      else if (!*s)
        ; /* no fingerprint given: we allow this for now. */
@ -5039,7 +5042,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
        fpr = s + 1;

      serial = app_get_serialno (app);
-      if (strncmp (serial, keyidstr, 32))
+      if (!serial || strlen (serial) != 32
+          || ascii_memcasecmp (serial, "D27600012401", 12)
+          || ascii_memcasecmp (serial+16, keyidstr+16, 16))
        {
          xfree (serial);
          return gpg_error (GPG_ERR_WRONG_CARD);