Vendor SPSDK dependency

This commit is extracted from: Nitrokey/pynitrokey#519 I’ve further reduced the included code so that we can get rid of even more dependencies: We only need crcmod, cryptography and libusbsio. We now also pass strict mypy checks on all imported modules (except for the libusbsio imports). Co-authored-by: Sosthène Guédon <sosthene@nitrokey.com>
Nitrokey · Jul 31, 2024 · 2bfdc7e · 2bfdc7e
1 parent 29af982
commit 2bfdc7e
Show file tree

Hide file tree

Showing 56 changed files with 11,295 additions and 1,013 deletions.
diff --git a/.flake8 b/.flake8
@@ -1,7 +1,8 @@
 [flake8]
 # E203,E701 suggested by black, see:
 # https://black.readthedocs.io/en/stable/guides/using_black_with_other_tools.html#flake8
+# E221 for alignment in mboot code
 # E501 (line length) disabled as this is handled by black which takes better care of edge cases
-extend-ignore = E203,E501,E701
+extend-ignore = E203,E221,E501,E701
 max-complexity = 18
 extend-exclude = src/nitrokey/trussed/_bootloader/nrf52_upload
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@
 
 - `trussed.admin_app`: Add error codes `CONFIG_ERROR` and `RNG_ERROR` to `InitStatus` enum
 
+### Other Changes
+
+- Vendor `spsdk` dependency to reduce the total number of dependencies.
+
 ## [v0.1.0](https://github.com/Nitrokey/nitrokey-sdk-py/releases/tag/v0.1.0) (2024-07-29)
 
 Initial release with support for Nitrokey 3 and Nitrokey Passkey devices and the admin, provisioner and secrets app.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -25,10 +25,13 @@ semver = "^3"
 tlv8 = "^0.10"
 
 # lpc55
-spsdk = ">=2,<2.3"
+crcmod = "^1.7"
+cryptography = ">=42"
+libusbsio = "^2.1"
 
 # nrf52
 ecdsa = "^0.19"
+intelhex = "^2.3"
 protobuf = "^3.17.3"
 pyserial = "^3.5"
 
@@ -41,6 +44,7 @@ flake8 = "^7.1"
 isort = "^5.13.2"
 mypy = "^1.4"
 types-requests = "^2.32"
+typing-extensions = "^4"
 
 [tool.black]
 target-version = ["py39"]
@@ -64,3 +68,8 @@ ignore_errors = true
 [[tool.mypy.overrides]]
 module = "nitrokey.trussed._bootloader.nrf52"
 disallow_untyped_calls = false
+
+# libusbsio is used by lpc55_upload, will be replaced eventually
+[[tool.mypy.overrides]]
+module = ["libusbsio.*"]
+ignore_missing_imports = true
diff --git a/src/nitrokey/nk3/updates.py b/src/nitrokey/nk3/updates.py
@@ -14,8 +14,6 @@
 from io import BytesIO
 from typing import Any, Callable, Iterator, List, Optional
 
-from spsdk.mboot.exceptions import McuBootConnectionError
-
 from nitrokey._helpers import Retries
 from nitrokey.nk3 import NK3, NK3Bootloader
 from nitrokey.trussed import TimeoutException, TrussedBase, Version
@@ -25,6 +23,9 @@
     Variant,
     validate_firmware_image,
 )
+from nitrokey.trussed._bootloader.lpc55_upload.mboot.exceptions import (
+    McuBootConnectionError,
+)
 from nitrokey.trussed.admin_app import BootMode
 from nitrokey.updates import Asset, Release
 

diff --git a/src/nitrokey/trussed/_bootloader/lpc55.py b/src/nitrokey/trussed/_bootloader/lpc55.py
@@ -11,16 +11,15 @@
 import sys
 from typing import Optional, TypeVar
 
-from spsdk.mboot.interfaces.usb import MbootUSBInterface
-from spsdk.mboot.mcuboot import McuBoot
-from spsdk.mboot.properties import PropertyTag
-from spsdk.sbfile.sb2.images import BootImageV21
-from spsdk.utils.interfaces.device.usb_device import UsbDevice
-from spsdk.utils.usbfilter import USBDeviceFilter
-
 from nitrokey.trussed import Uuid, Version
 
 from . import FirmwareMetadata, ProgressCallback, TrussedBootloader, Variant
+from .lpc55_upload.mboot.interfaces.usb import MbootUSBInterface
+from .lpc55_upload.mboot.mcuboot import McuBoot
+from .lpc55_upload.mboot.properties import PropertyTag
+from .lpc55_upload.sbfile.sb2.images import BootImageV21
+from .lpc55_upload.utils.interfaces.device.usb_device import UsbDevice
+from .lpc55_upload.utils.usbfilter import USBDeviceFilter
 
 RKTH = bytes.fromhex("050aad3e77791a81e59c5b2ba5a158937e9460ee325d8ccba09734b8fdebb171")
 KEK = bytes([0xAA] * 32)
@@ -135,7 +134,10 @@ def _open(cls: type[T], path: str) -> Optional[T]:
 
 def parse_firmware_image(data: bytes) -> FirmwareMetadata:
     image = BootImageV21.parse(data, kek=KEK)
-    version = Version.from_bcd_version(image.header.product_version)
+    bcd_version = image.header.product_version
+    version = Version(
+        major=bcd_version.major, minor=bcd_version.minor, patch=bcd_version.service
+    )
     metadata = FirmwareMetadata(version=version)
     if image.cert_block:
         if image.cert_block.rkth == RKTH:

diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/README.md b/src/nitrokey/trussed/_bootloader/lpc55_upload/README.md
@@ -0,0 +1,6 @@
+# LPC55 Bootloader Firmware Upload Module
+
+Anything inside this directory is originally extracted from: https://github.com/nxp-mcuxpresso/spsdk/tree/master.
+In detail anything that is needed to upload a signed firmware image to a Nitrokey 3 xN with an LPC55 MCU.
+
+
diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/__init__.py b/src/nitrokey/trussed/_bootloader/lpc55_upload/__init__.py
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+#
+# Copyright 2019-2024 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+version = "2.1.0"
+
+__author__ = "NXP"
+__license__ = "BSD-3-Clause"
+__version__ = version
+__release__ = "beta"
diff --git a/src/nitrokey/trussed/_bootloader/lpc55_upload/crypto/__init__.py b/src/nitrokey/trussed/_bootloader/lpc55_upload/crypto/__init__.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+#
+# Copyright 2020-2024 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+"""Module for crypto operations (certificate and key management)."""