From e554e59f99e5f64e85a5308c642d4a12929b4ae7 Mon Sep 17 00:00:00 2001
From: Szczepan Zalega <szczepan@nitrokey.com>
Date: Tue, 8 Feb 2022 14:00:04 +0100
Subject: [PATCH] Nitrokey FIDO2 128kB variant update: check bootloader's key

---
 pynitrokey/cli/update.py | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/pynitrokey/cli/update.py b/pynitrokey/cli/update.py
index 89f47ccd..69f2e23b 100644
--- a/pynitrokey/cli/update.py
+++ b/pynitrokey/cli/update.py
@@ -122,8 +122,33 @@ def update(serial, yes, force):
     ver = client.solo_version()
     local_print(f"\tCurrent Firmware version: {ver[0]}.{ver[1]}.{ver[2]}")
 
+    # to find the variant (128kB vs 256kB), switch to the bootloader and get its public key
+    p = find(serial)
+    if not p.is_solo_bootloader():
+        local_print("Not in Bootloader Mode!")
+        return
+
+    # todo refactor and extract
+    from binascii import b2a_hex
+    from hashlib import sha256
+    bpub = p.boot_pubkey()
+    bpub = b2a_hex(bpub)
+    # local_print(f"Bootloader public key: \t\t{bpub}")
+    s = sha256()
+    s.update(bpub)
+    bpubh = b2a_hex(s.digest())
+    # local_print(f"Bootloader public key sha256: \t{bpubh}")
+
+    variants = {
+        "256": b'11d0b23f9f4f1aa319277aabab439447a6a8b89406a03f8ced2c39869c8a2724',
+        "128": b'TODO insert bootloader key hash here',
+        # todo: add 128kB variant
+    }
+    variant = variants[bpubh]
+    # todo go over the latest tag assets and check the currently connected variant version
+    #
+
     # if the downloaded firmware version is the same as the current one, skip update unless force switch is provided
-    # if f'firmware-{ver[0]}.{ver[1]}.{ver[2]}' in gh_release_data['tag_name'] and not force:
     if f'firmware-{ver[0]}.{ver[1]}.{ver[2]}' in download_url:
         if not force:
             local_critical(