From e67fd62963de1f35f47eb32e94c11c839e8b1086 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Fri, 22 Nov 2024 16:22:50 +0100 Subject: [PATCH 1/2] Only allow change-pin for NK3 Silently fail if called on an non-nitrokey 3 --- src/operations_ccid.c | 17 ++++++++++++++++- src/return_codes.c | 2 +- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/operations_ccid.c b/src/operations_ccid.c index fad9174..1b61c52 100644 --- a/src/operations_ccid.c +++ b/src/operations_ccid.c @@ -64,6 +64,21 @@ int set_pin_ccid(struct Device *dev, const char *admin_PIN) { } int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin) { + libusb_device *usb_dev; + struct libusb_device_descriptor usb_desc; + usb_dev = libusb_get_device(dev->mp_devhandle_ccid); + + int r = libusb_get_device_descriptor(usb_dev, &usb_desc); + + if (r < 0) { + return r; + } + + + if (usb_desc.idVendor != NITROKEY_USB_VID || usb_desc.idProduct != NITROKEY_3_USB_PID) { + return 0; + } + TLV tlvs[] = { { .tag = Tag_Password, @@ -83,7 +98,7 @@ int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin) tlvs, ARR_LEN(tlvs), Ins_ChangePIN); // send IccResult iccResult; - int r = ccid_process_single(dev->mp_devhandle_ccid, dev->ccid_buffer_in, sizeof dev->ccid_buffer_in, + r = ccid_process_single(dev->mp_devhandle_ccid, dev->ccid_buffer_in, sizeof dev->ccid_buffer_in, dev->ccid_buffer_out, icc_actual_length, &iccResult); if (r != 0) { return r; diff --git a/src/return_codes.c b/src/return_codes.c index 0ad1455..b54c2c2 100644 --- a/src/return_codes.c +++ b/src/return_codes.c @@ -55,4 +55,4 @@ int res_to_exit_code(int res) { if (res == RET_BADLY_FORMATTED_HOTP_CODE) return EXIT_BAD_FORMAT; if (res == RET_CONNECTION_LOST) return EXIT_CONNECTION_LOST; return EXIT_OTHER_ERROR; -} \ No newline at end of file +} From 18147c93b86fc44ab864a763160aa700839a4592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Tue, 3 Dec 2024 11:09:21 +0100 Subject: [PATCH 2/2] Fix segfault when not with an NK3 --- src/operations_ccid.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/operations_ccid.c b/src/operations_ccid.c index 1b61c52..1ca6f54 100644 --- a/src/operations_ccid.c +++ b/src/operations_ccid.c @@ -66,6 +66,11 @@ int set_pin_ccid(struct Device *dev, const char *admin_PIN) { int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin) { libusb_device *usb_dev; struct libusb_device_descriptor usb_desc; + + if (!dev->mp_devhandle_ccid) { + return RET_NO_ERROR; + } + usb_dev = libusb_get_device(dev->mp_devhandle_ccid); int r = libusb_get_device_descriptor(usb_dev, &usb_desc); @@ -76,7 +81,7 @@ int nk3_change_pin(struct Device *dev, const char *old_pin, const char*new_pin) if (usb_desc.idVendor != NITROKEY_USB_VID || usb_desc.idProduct != NITROKEY_3_USB_PID) { - return 0; + return RET_NO_ERROR; } TLV tlvs[] = {