From 9dbf100adcc454f27e76c45973ebfdb4e653d041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Fri, 22 Nov 2024 16:22:50 +0100
Subject: [PATCH] Only allow change-pin for NK3

---
 src/operations_ccid.c | 17 ++++++++++++++++-
 src/return_codes.c    |  3 ++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/operations_ccid.c b/src/operations_ccid.c
index b4931ae..6dbbaed 100644
--- a/src/operations_ccid.c
+++ b/src/operations_ccid.c
@@ -64,6 +64,21 @@ int set_pin_ccid(struct Device *dev, const char *admin_PIN) {
 }
 
 int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin) {
+    libusb_device *usb_dev;
+    struct libusb_device_descriptor usb_desc;
+    usb_dev = libusb_get_device(dev->mp_devhandle_ccid);
+
+    int r = libusb_get_device_descriptor(usb_dev, &usb_desc);
+
+    if (r < 0) {
+        return r;
+    }
+
+
+    if (usb_desc.idVendor != NITROKEY_USB_VID || usb_desc.idProduct != NITROKEY_3_USB_PID) {
+        return RET_NOT_FOUND;
+    }
+
     TLV tlvs[] = {
         {
             .tag = Tag_Password,
@@ -83,7 +98,7 @@ int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin)
                                                            tlvs, ARR_LEN(tlvs), Ins_ChangePIN);
     // send
     IccResult iccResult;
-    int r = ccid_process_single(dev->mp_devhandle_ccid, dev->ccid_buffer_in, sizeof dev->ccid_buffer_in,
+    r = ccid_process_single(dev->mp_devhandle_ccid, dev->ccid_buffer_in, sizeof dev->ccid_buffer_in,
                                 dev->ccid_buffer_out, icc_actual_length, &iccResult);
     if (r != 0) {
         return r;
diff --git a/src/return_codes.c b/src/return_codes.c
index 0ad1455..7ccb781 100644
--- a/src/return_codes.c
+++ b/src/return_codes.c
@@ -38,6 +38,7 @@ const char *res_to_error_string(int res) {
     if (res == RET_NO_PIN_ATTEMPTS) return "Device does not show PIN attempts counter";
     if (res == RET_SLOT_NOT_CONFIGURED) return "HOTP slot is not configured";
     if (res == RET_SECURITY_STATUS_NOT_SATISFIED) return "Touch was not recognized, or there was other problem with the authentication";
+    if (res == RET_NOT_FOUND) return "Device not found";
     return "Unknown error";
 }
 
@@ -55,4 +56,4 @@ int res_to_exit_code(int res) {
     if (res == RET_BADLY_FORMATTED_HOTP_CODE) return EXIT_BAD_FORMAT;
     if (res == RET_CONNECTION_LOST) return EXIT_CONNECTION_LOST;
     return EXIT_OTHER_ERROR;
-}
\ No newline at end of file
+}