Merge branch 'feat/pycryptography' into 'integration_2024-11-28_165707478799'

feat: [development task] ark-runtime-manual-Python (880625)

See merge request iaasng/volcengine-python-sdk!439

Author: BitsAdmin

setup.py

@@ -29,7 +29,7 @@
             "httpx>=0.23.0, <1",
             "anyio>=3.5.0, <5",
             "cached-property; python_version < '3.8'",
-            "cryptography>=38.0.4, <39.0.0"
+            "cryptography>=43.0.3, <43.0.4"
         ]
     },
 )

volcenginesdkarkruntime/_utils/_key_agreement.py

@@ -1,17 +1,13 @@
 from __future__ import annotations
 
 import base64
-from cryptography import x509
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.kdf.hkdf import HKDF
-from cryptography.hazmat.primitives.ciphers import (
-    Cipher, algorithms, modes
-)
 
 
 def aes_gcm_encrypt_bytes(key: bytes, iv: bytes, plain_bytes: bytes, associated_data: bytes = b"") -> bytes:
     # aes_gcm_encrypt_bytes encrypt message using AES-GCM
+    from cryptography.hazmat.primitives.ciphers import (
+        Cipher, algorithms, modes
+    )
     encryptor = Cipher(
         algorithms.AES(key),
         modes.GCM(iv),
@@ -37,6 +33,9 @@ def aes_gcm_encrypt_base64_string(key: bytes, nonce: bytes, plaintext: str) -> s
 def aes_gcm_decrypt_bytes(key: bytes, iv: bytes, cipher_bytes: bytes, associated_data: bytes = b"") -> bytes:
     """aes_gcm_decrypt_bytes Decrypt message from bytes to bytes using AES-GCM
     """
+    from cryptography.hazmat.primitives.ciphers import (
+        Cipher, algorithms, modes
+    )
     tag_length = 16  # default aes gcm tag length
     cipher = cipher_bytes[:-tag_length]
     tag = cipher_bytes[-tag_length:]
@@ -60,7 +59,7 @@ def aes_gcm_decrypt_base64_string(key: bytes, nonce: bytes, ciphertext: str) ->
     return aes_gcm_decrypt_bytes(key, nonce, cipher_bytes).decode()
 
 
-def marshal_cryptography_pub_key(key: ec.EllipticCurvePublicNumbers) -> bytes:
+def marshal_cryptography_pub_key(key) -> bytes:
     # python version of crypto/elliptic/elliptic.go Marshal
     # without point on curve check
     return bytes([4]) + key.x.to_bytes(32, 'big') + key.y.to_bytes(32, 'big')
@@ -70,10 +69,19 @@ class key_agreement_client():
     def __init__(self, certificate_pem_string: str) -> None:
         """ Load cert and extract public key
         """
+        __fixed_version__ = "43.0.3"  # version check
+        from cryptography import __version__
+        if __version__ != __fixed_version__:
+            raise Exception("The cryptography package of Ark SDK only supports version {}, "
+                            "please install the cryptography package by using pip install cryptography=={}".
+                            format(__fixed_version__, __fixed_version__))
+        from cryptography import x509
+        from cryptography.hazmat.primitives.asymmetric import ec
+
         pem_data = certificate_pem_string.encode()
         self._cert = x509.load_pem_x509_certificate(pem_data)
         cert_pub = self._cert.public_key().public_numbers()
-        self._curve = ec._CURVE_TYPES[self._cert.public_key().curve.name]()
+        self._curve = ec._CURVE_TYPES[self._cert.public_key().curve.name]
         self._public_key = ec.EllipticCurvePublicNumbers(
             cert_pub.x, cert_pub.y, self._curve).public_key()
 
@@ -101,6 +109,9 @@ def decrypt_string_with_key(self, key: bytes, nonce: bytes, ciphertext: str) ->
     def generate_ecies_key_pair(self) -> tuple[bytes, bytes, str]:
         """generate_ecies_key_pair generate ECIES key pair
         """
+        from cryptography.hazmat.primitives import hashes
+        from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+        from cryptography.hazmat.primitives.asymmetric import ec
         # Generate an ephemeral elliptic curve scalar and point
         peer_private_key = ec.generate_private_key(self._curve)
         dh = peer_private_key.exchange(ec.ECDH(), self._public_key)