Vendor SPSDK dependency

This commit is extracted from: Nitrokey/pynitrokey#519 I’ve further reduced the included code so that we can get rid of even more dependencies. We now also pass strict mypy checks on all imported modules (except for the libusbsio imports). Co-authored-by: Sosthène Guédon <sosthene@nitrokey.com>
Nitrokey · Jul 31, 2024 · 25d1137 · 25d1137
1 parent 29af982
commit 25d1137
Show file tree

Hide file tree

Showing 55 changed files with 11,281 additions and 1,023 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@
 
 - `trussed.admin_app`: Add error codes `CONFIG_ERROR` and `RNG_ERROR` to `InitStatus` enum
 
+### Other Changes
+
+- Vendor `spsdk` dependency to reduce the total number of dependencies.
+
 ## [v0.1.0](https://github.com/Nitrokey/nitrokey-sdk-py/releases/tag/v0.1.0) (2024-07-29)
 
 Initial release with support for Nitrokey 3 and Nitrokey Passkey devices and the admin, provisioner and secrets app.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -25,7 +25,9 @@ semver = "^3"
 tlv8 = "^0.10"
 
 # lpc55
-spsdk = ">=2,<2.3"
+crcmod = "^1.7"
+cryptography = ">=42"
+libusbsio = "^2.1"
 
 # nrf52
 ecdsa = "^0.19"
@@ -41,6 +43,7 @@ flake8 = "^7.1"
 isort = "^5.13.2"
 mypy = "^1.4"
 types-requests = "^2.32"
+typing-extensions = "^4"
 
 [tool.black]
 target-version = ["py39"]
@@ -64,3 +67,8 @@ ignore_errors = true
 [[tool.mypy.overrides]]
 module = "nitrokey.trussed._bootloader.nrf52"
 disallow_untyped_calls = false
+
+# libusbsio is used by lpc55_upload, will be replaced eventually
+[[tool.mypy.overrides]]
+module = ["libusbsio.*"]
+ignore_missing_imports = true
diff --git a/src/nitrokey/nk3/updates.py b/src/nitrokey/nk3/updates.py
@@ -14,8 +14,6 @@
 from io import BytesIO
 from typing import Any, Callable, Iterator, List, Optional
 
-from spsdk.mboot.exceptions import McuBootConnectionError
-
 from nitrokey._helpers import Retries
 from nitrokey.nk3 import NK3, NK3Bootloader
 from nitrokey.trussed import TimeoutException, TrussedBase, Version
@@ -25,6 +23,9 @@
     Variant,
     validate_firmware_image,
 )
+from nitrokey.trussed._bootloader.lpc55_upload.mboot.exceptions import (
+    McuBootConnectionError,
+)
 from nitrokey.trussed.admin_app import BootMode
 from nitrokey.updates import Asset, Release
 

diff --git a/src/nitrokey/trussed/_bootloader/lpc55.py b/src/nitrokey/trussed/_bootloader/lpc55.py
@@ -11,16 +11,15 @@
 import sys
 from typing import Optional, TypeVar
 
-from spsdk.mboot.interfaces.usb import MbootUSBInterface
-from spsdk.mboot.mcuboot import McuBoot
-from spsdk.mboot.properties import PropertyTag
-from spsdk.sbfile.sb2.images import BootImageV21
-from spsdk.utils.interfaces.device.usb_device import UsbDevice
-from spsdk.utils.usbfilter import USBDeviceFilter
-
 from nitrokey.trussed import Uuid, Version
 
 from . import FirmwareMetadata, ProgressCallback, TrussedBootloader, Variant
+from .lpc55_upload.mboot.interfaces.usb import MbootUSBInterface
+from .lpc55_upload.mboot.mcuboot import McuBoot
+from .lpc55_upload.mboot.properties import PropertyTag
+from .lpc55_upload.sbfile.sb2.images import BootImageV21
+from .lpc55_upload.utils.interfaces.device.usb_device import UsbDevice
+from .lpc55_upload.utils.usbfilter import USBDeviceFilter
 
 RKTH = bytes.fromhex("050aad3e77791a81e59c5b2ba5a158937e9460ee325d8ccba09734b8fdebb171")
 KEK = bytes([0xAA] * 32)
@@ -135,7 +134,10 @@ def _open(cls: type[T], path: str) -> Optional[T]:
 
 def parse_firmware_image(data: bytes) -> FirmwareMetadata:
     image = BootImageV21.parse(data, kek=KEK)
-    version = Version.from_bcd_version(image.header.product_version)
+    bcd_version = image.header.product_version
+    version = Version(
+        major=bcd_version.major, minor=bcd_version.minor, patch=bcd_version.service
+    )
     metadata = FirmwareMetadata(version=version)
     if image.cert_block:
         if image.cert_block.rkth == RKTH:

diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/README.md b/src/nitrokey/trussed/_bootloader/lpc55_upload/README.md
@@ -0,0 +1,6 @@
+# LPC55 Bootloader Firmware Upload Module
+
+Anything inside this directory is originally extracted from: https://github.com/nxp-mcuxpresso/spsdk/tree/master.
+In detail anything that is needed to upload a signed firmware image to a Nitrokey 3 xN with an LPC55 MCU.
+
+
diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/__init__.py b/src/nitrokey/trussed/_bootloader/lpc55_upload/__init__.py
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+#
+# Copyright 2019-2024 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+version = "2.1.0"
+
+__author__ = "NXP"
+__license__ = "BSD-3-Clause"
+__version__ = version
+__release__ = "beta"
diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/crypto/__init__.py b/src/nitrokey/trussed/_bootloader/lpc55_upload/crypto/__init__.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+#
+# Copyright 2020-2024 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+"""Module for crypto operations (certificate and key management)."""