security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

scd: Add special serialno compare for OpenPGP cards.

Browse source 
* scd/app.c (is_same_serialno): New.
(check_application_conflict): Use this.
(select_application): Ditto.
(app_switch_current_card): Ditto.
* scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
compare case insensitive.
--

This is required because we change what we emit as serialno of OpenPGP
cards but existing keys still use the old form of the serial
number (i.e. with a firmware version).

See-commit: 3a8250c020
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-11-26 08:46:20 +01:00
parent 605ab99912
commit 764c69a841
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 45 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

41
scd/app.c
View file

@ -155,6 +155,35 @@ apptype_from_keyref (const char *keyref)
}
/* Return true if both serilanumbers are the same. This function
* takes care of some peculiarities. */
static int
is_same_serialno (const unsigned char *sna, size_t snalen,
const unsigned char *snb, size_t snblen)
{
if ((!sna && !snb) || (!snalen && !snblen))
return 1;
if (!sna || !snb)
return 0; /* One of them is NULL. (Both NULL tested above). */
if (snalen != snblen)
return 0; /* (No special cases for this below). */
/* The special case for OpenPGP cards where we ignore the version
* bytes (vvvv). Example: D276000124010304000500009D8A0000
* ^^^^^^^^^^^^vvvvmmmmssssssssrrrr */
if (snalen == 16 && !memcmp (sna, "\xD2\x76\x00\x01\x24\x01", 6))
{
if (memcmp (snb, "\xD2\x76\x00\x01\x24\x01", 6))
return 0; /* No */
return !memcmp (sna + 8, snb + 8, 8);
}
return !memcmp (sna, snb, snalen);
}
/* Initialization function to change the default app_priority_list.
* LIST is a list of comma or space separated strings with application
* names. Unknown names will only result in warning message.
@ -357,8 +386,8 @@ check_application_conflict (card_t card, const char *name,
if (serialno_bin && card->serialno)
{
if (serialno_bin_len != card->serialnolen
|| memcmp (serialno_bin, card->serialno, card->serialnolen))
if (!is_same_serialno (card->serialno, card->serialnolen,
serialno_bin, serialno_bin_len))
return 0; /* The card does not match the requested S/N. */
}
@ -734,8 +763,8 @@ select_application (ctrl_t ctrl, const char *name, card_t *r_card,
lock_card (card, ctrl);
if (serialno_bin == NULL)
break;
if (card->serialnolen == serialno_bin_len
&& !memcmp (card->serialno, serialno_bin, card->serialnolen))
if (is_same_serialno (card->serialno, card->serialnolen,
serialno_bin, serialno_bin_len))
break;
unlock_card (card);
card_prev = card;
@ -805,8 +834,8 @@ app_switch_current_card (ctrl_t ctrl,
{
for (card = card_top; card; card = card->next)
{
if (card->serialnolen == serialnolen
&& !memcmp (card->serialno, serialno, card->serialnolen))
if (is_same_serialno (card->serialno, card->serialnolen,
serialno, serialnolen))
break;
}
if (!card)