Went through and fixed all instances where Algorithm was referenced

instead of AlgorithmSuite.  Changed messages in the docs accordingly.
Now if you go to RTD you will see everything links together nicely.

What I did not do: change the variable names from "algorithm" to i.e.
"algorithm_suite".  Mainly because this is a rabbit hole and not immediately
important I think.  To do it you need to change every single thing that
calls another thing that calls another thing that has "algorithm" instead
of "algorithm_suite" and I wanted to keep it simple.

I also found what I think was an incorrect test.  In
/test/integration/test_i_aws_encryption_sdk_client.py in function
test_remove_bad_client() there was an assertion error for my tox env tests
that the dict containing the regional clients was not empty when it should
have been supposedly.  I believe that it was not meant for it to be empty,
but for the bad client "us-fakey-12" to be removed, and it was assumed that
in __init__ for KMSMasterKeyProvider() no regional clients were added, but
this is false because there is a default added depending on some features
of the botocore session etc...  So when it was checking to see if it was
empty it wanted to see that a bad client was added, and then was rightfully
removed -> back to an empty dict, but if the dict did not start out empty
the test would fail.  So I made a one line change of this test to make it
test that specifically the dict did not contain the exact bad client that
the test was using.

Please get back to me on this final change because you guys know this SDK
way better than me and I don't want to break anything.  Thanks!

Author: Adriano Hernandez

src/aws_encryption_sdk/__init__.py

@@ -76,7 +76,7 @@ def encrypt(**kwargs):
             this is not enforced if a `key_provider` is provided.
 
     :param dict encryption_context: Dictionary defining encryption context
-    :param algorithm: AlgorithmSuite to use for encryption
+    :param algorithm: Algorithm suite to use for encryption
     :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param int frame_length: Frame length in bytes
     :returns: Tuple containing the encrypted ciphertext and the message header object

src/aws_encryption_sdk/internal/crypto/authentication.py

@@ -33,8 +33,8 @@
 class _PrehashingAuthenticator(object):
     """Parent class for Signer/Verifier. Provides common behavior and interface.
 
-    :param algorithm: Algorithm on which to base authenticator
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite on which to base authenticator
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param key: Key with which to build authenticator
     """
 
@@ -46,7 +46,7 @@ def __init__(self, algorithm, key):
         self._hasher = self._build_hasher()
 
     def _set_signature_type(self):
-        """Ensures that the algorithm signature type is a known type and sets a reference value."""
+        """Ensures that the algorithm (suite) signature type is a known type and sets a reference value."""
         try:
             verify_interface(ec.EllipticCurve, self.algorithm.signing_algorithm_info)
             return ec.EllipticCurve
@@ -58,14 +58,16 @@ def _build_hasher(self):
 
         :returns: Hasher object
         """
-        return hashes.Hash(self.algorithm.signing_hash_type(), backend=default_backend())
+        return hashes.Hash(
+            self.algorithm.signing_hash_type(), backend=default_backend()
+        )
 
 
 class Signer(_PrehashingAuthenticator):
     """Abstract signing handler.
 
-    :param algorithm: Algorithm on which to base signer
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite on which to base signer
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param key: Private key from which a signer can be generated
     :type key: currently only Elliptic Curve Private Keys are supported
     """
@@ -74,12 +76,14 @@ class Signer(_PrehashingAuthenticator):
     def from_key_bytes(cls, algorithm, key_bytes):
         """Builds a `Signer` from an algorithm suite and a raw signing key.
 
-        :param algorithm: Algorithm on which to base signer
-        :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+        :param algorithm: Algorithm suite on which to base signer
+        :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
         :param bytes key_bytes: Raw signing key
         :rtype: aws_encryption_sdk.internal.crypto.Signer
         """
-        key = serialization.load_der_private_key(data=key_bytes, password=None, backend=default_backend())
+        key = serialization.load_der_private_key(
+            data=key_bytes, password=None, backend=default_backend()
+        )
         return cls(algorithm, key)
 
     def key_bytes(self):
@@ -118,7 +122,9 @@ def finalize(self):
         :rtype: bytes
         """
         prehashed_digest = self._hasher.finalize()
-        return _ecc_static_length_signature(key=self.key, algorithm=self.algorithm, digest=prehashed_digest)
+        return _ecc_static_length_signature(
+            key=self.key, algorithm=self.algorithm, digest=prehashed_digest
+        )
 
 
 class Verifier(_PrehashingAuthenticator):
@@ -127,41 +133,45 @@ class Verifier(_PrehashingAuthenticator):
     .. note::
         For ECC curves, the signature must be DER encoded as specified in RFC 3279.
 
-    :param algorithm: Algorithm on which to base verifier
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
-    :param public_key: Appropriate public key object for algorithm
+    :param algorithm: Algorithm suite on which to base verifier
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
+    :param public_key: Appropriate public key object for algorithm suite
     :type public_key: may vary
     """
 
     @classmethod
     def from_encoded_point(cls, algorithm, encoded_point):
-        """Creates a Verifier object based on the supplied algorithm and encoded compressed ECC curve point.
+        """Creates a Verifier object based on the supplied algorithm suite and encoded compressed ECC curve point.
 
-        :param algorithm: Algorithm on which to base verifier
-        :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+        :param algorithm: Algorithm suite on which to base verifier
+        :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
         :param bytes encoded_point: ECC public point compressed and encoded with _ecc_encode_compressed_point
         :returns: Instance of Verifier generated from encoded point
         :rtype: aws_encryption_sdk.internal.crypto.Verifier
         """
         return cls(
             algorithm=algorithm,
             key=_ecc_public_numbers_from_compressed_point(
-                curve=algorithm.signing_algorithm_info(), compressed_point=base64.b64decode(encoded_point)
+                curve=algorithm.signing_algorithm_info(),
+                compressed_point=base64.b64decode(encoded_point),
             ).public_key(default_backend()),
         )
 
     @classmethod
     def from_key_bytes(cls, algorithm, key_bytes):
-        """Creates a `Verifier` object based on the supplied algorithm and raw verification key.
+        """Creates a `Verifier` object based on the supplied algorithm suite and raw verification key.
 
-        :param algorithm: Algorithm on which to base verifier
-        :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+        :param algorithm: Algorithm suite on which to base verifier
+        :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
         :param bytes encoded_point: Raw verification key
         :returns: Instance of Verifier generated from encoded point
         :rtype: aws_encryption_sdk.internal.crypto.Verifier
         """
         return cls(
-            algorithm=algorithm, key=serialization.load_der_public_key(data=key_bytes, backend=default_backend())
+            algorithm=algorithm,
+            key=serialization.load_der_public_key(
+                data=key_bytes, backend=default_backend()
+            ),
         )
 
     def key_bytes(self):
@@ -170,7 +180,8 @@ def key_bytes(self):
         :rtype: bytes
         """
         return self.key.public_bytes(
-            encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo
+            encoding=serialization.Encoding.DER,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
         )
 
     def update(self, data):

src/aws_encryption_sdk/internal/crypto/data_keys.py

@@ -20,11 +20,11 @@
 
 
 def derive_data_encryption_key(source_key, algorithm, message_id):
-    """Derives the data encryption key using the defined algorithm.
+    """Derives the data encryption key using the defined algorithm suite.
 
     :param bytes source_key: Raw source key
-    :param algorithm: Algorithm used to encrypt this body
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite used to encrypt this body
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes message_id: Message ID
     :returns: Derived data encryption key
     :rtype: bytes

src/aws_encryption_sdk/internal/crypto/elliptic_curve.py

@@ -17,8 +17,17 @@
 import six
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.asymmetric.utils import Prehashed, decode_dss_signature, encode_dss_signature
-from cryptography.utils import InterfaceNotImplemented, int_from_bytes, int_to_bytes, verify_interface
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    Prehashed,
+    decode_dss_signature,
+    encode_dss_signature,
+)
+from cryptography.utils import (
+    InterfaceNotImplemented,
+    int_from_bytes,
+    int_to_bytes,
+    verify_interface,
+)
 
 from ...exceptions import NotSupportedError
 from ..str_ops import to_bytes
@@ -57,8 +66,8 @@ def _ecc_static_length_signature(key, algorithm, digest):
 
     :param key: Elliptic curve private key
     :type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
-    :param algorithm: Master algorithm to use
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Master algorithm suite to use
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes digest: Pre-calculated hash digest
     :returns: Signature with required length
     :rtype: bytes
@@ -67,14 +76,18 @@ def _ecc_static_length_signature(key, algorithm, digest):
     signature = b""
     while len(signature) != algorithm.signature_len:
         _LOGGER.debug(
-            "Signature length %d is not desired length %d.  Recalculating.", len(signature), algorithm.signature_len
+            "Signature length %d is not desired length %d.  Recalculating.",
+            len(signature),
+            algorithm.signature_len,
         )
         signature = key.sign(digest, pre_hashed_algorithm)
         if len(signature) != algorithm.signature_len:
             # Most of the time, a signature of the wrong length can be fixed
             # by negating s in the signature relative to the group order.
             _LOGGER.debug(
-                "Signature length %d is not desired length %d.  Negating s.", len(signature), algorithm.signature_len
+                "Signature length %d is not desired length %d.  Negating s.",
+                len(signature),
+                algorithm.signature_len,
             )
             r, s = decode_dss_signature(signature)
             s = _ECC_CURVE_PARAMETERS[algorithm.signing_algorithm_info.name].order - s
@@ -136,7 +149,9 @@ def _ecc_decode_compressed_point(curve, compressed_point):
         try:
             params = _ECC_CURVE_PARAMETERS[curve.name]
         except KeyError:
-            raise NotSupportedError("Curve {name} is not supported at this time".format(name=curve.name))
+            raise NotSupportedError(
+                "Curve {name} is not supported at this time".format(name=curve.name)
+            )
         alpha = (pow(x, 3, params.p) + (params.a * x % params.p) + params.b) % params.p
         # Only works for p % 4 == 3 at this time.
         # This is the case for all currently supported algorithms.
@@ -177,13 +192,15 @@ def _ecc_public_numbers_from_compressed_point(curve, compressed_point):
 def generate_ecc_signing_key(algorithm):
     """Returns an ECC signing key.
 
-    :param algorithm: Algorithm object which determines what signature to generate
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite object which determines what signature to generate
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :returns: Generated signing key
-    :raises NotSupportedError: if signing algorithm is not supported on this platform
+    :raises NotSupportedError: if signing algorithm suite is not supported on this platform
     """
     try:
         verify_interface(ec.EllipticCurve, algorithm.signing_algorithm_info)
-        return ec.generate_private_key(curve=algorithm.signing_algorithm_info(), backend=default_backend())
+        return ec.generate_private_key(
+            curve=algorithm.signing_algorithm_info(), backend=default_backend()
+        )
     except InterfaceNotImplemented:
         raise NotSupportedError("Unsupported signing algorithm info")

src/aws_encryption_sdk/internal/crypto/encryption.py

@@ -24,8 +24,8 @@
 class Encryptor(object):
     """Abstract encryption handler.
 
-    :param algorithm: Algorithm used to encrypt this body
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite used to encrypt this body
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes key: Encryption key
     :param bytes associated_data: Associated Data to send to encryption subsystem
     :param bytes iv: IV to use when encrypting message
@@ -39,7 +39,9 @@ def __init__(self, algorithm, key, associated_data, iv):
         # This is intentionally generic to leave an option for non-Cipher encryptor types in the future.
         self.iv = iv
         self._encryptor = Cipher(
-            algorithm.encryption_algorithm(key), algorithm.encryption_mode(self.iv), backend=default_backend()
+            algorithm.encryption_algorithm(key),
+            algorithm.encryption_mode(self.iv),
+            backend=default_backend(),
         ).encryptor()
 
         # associated_data will be authenticated but not encrypted,
@@ -76,8 +78,8 @@ def tag(self):
 def encrypt(algorithm, key, plaintext, associated_data, iv):
     """Encrypts a frame body.
 
-    :param algorithm: Algorithm used to encrypt this body
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite used to encrypt this body
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes key: Encryption key
     :param bytes plaintext: Body plaintext
     :param bytes associated_data: Body AAD Data
@@ -93,8 +95,8 @@ def encrypt(algorithm, key, plaintext, associated_data, iv):
 class Decryptor(object):
     """Abstract decryption handler.
 
-    :param algorithm: Algorithm used to encrypt this body
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite used to encrypt this body
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes key: Raw source key
     :param bytes associated_data: Associated Data to send to decryption subsystem
     :param bytes iv: IV value with which to initialize decryption subsystem
@@ -108,7 +110,9 @@ def __init__(self, algorithm, key, associated_data, iv, tag):
         # Construct a decryptor object with the given key and a provided IV.
         # This is intentionally generic to leave an option for non-Cipher decryptor types in the future.
         self._decryptor = Cipher(
-            algorithm.encryption_algorithm(key), algorithm.encryption_mode(iv, tag), backend=default_backend()
+            algorithm.encryption_algorithm(key),
+            algorithm.encryption_mode(iv, tag),
+            backend=default_backend(),
         ).decryptor()
 
         # Put associated_data back in or the tag will fail to verify when the _decryptor is finalized.
@@ -135,8 +139,8 @@ def finalize(self):
 def decrypt(algorithm, key, encrypted_data, associated_data):
     """Decrypts a frame body.
 
-    :param algorithm: Algorithm used to encrypt this body
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite used to encrypt this body
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param bytes key: Plaintext data key
     :param encrypted_data: EncryptedData containing body data
     :type encrypted_data: :class:`aws_encryption_sdk.internal.structures.EncryptedData`,
@@ -147,5 +151,7 @@ def decrypt(algorithm, key, encrypted_data, associated_data):
     :returns: Plaintext of body
     :rtype: bytes
     """
-    decryptor = Decryptor(algorithm, key, associated_data, encrypted_data.iv, encrypted_data.tag)
+    decryptor = Decryptor(
+        algorithm, key, associated_data, encrypted_data.iv, encrypted_data.tag
+    )
     return decryptor.update(encrypted_data.ciphertext) + decryptor.finalize()

src/aws_encryption_sdk/internal/crypto/iv.py

@@ -46,8 +46,8 @@
 def frame_iv(algorithm, sequence_number):
     """Builds the deterministic IV for a body frame.
 
-    :param algorithm: Algorithm for which to build IV
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite for which to build IV
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :param int sequence_number: Frame sequence number
     :returns: Generated IV
     :rtype: bytes
@@ -67,8 +67,8 @@ def frame_iv(algorithm, sequence_number):
 def non_framed_body_iv(algorithm):
     """Builds the deterministic IV for a non-framed body.
 
-    :param algorithm: Algorithm for which to build IV
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite for which to build IV
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :returns: Generated IV
     :rtype: bytes
     """
@@ -78,8 +78,8 @@ def non_framed_body_iv(algorithm):
 def header_auth_iv(algorithm):
     """Builds the deterministic IV for header authentication.
 
-    :param algorithm: Algorithm for which to build IV
-    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
+    :param algorithm: Algorithm suite for which to build IV
+    :type algorithm: aws_encryption_sdk.identifiers.AlgorithmSuite
     :returns: Generated IV
     :rtype: bytes
     """

src/aws_encryption_sdk/internal/defaults.py

@@ -29,7 +29,9 @@
 #: Default message structure Type as defined in specification
 TYPE = aws_encryption_sdk.identifiers.ObjectType.CUSTOMER_AE_DATA
 #: Default algorithm as defined in specification
-ALGORITHM = aws_encryption_sdk.identifiers.Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384
+ALGORITHM = (
+    aws_encryption_sdk.identifiers.AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384
+)
 
 #: Key to add encoded signing key to encryption context dictionary as defined in specification
 ENCODED_SIGNER_KEY = "aws-crypto-public-key"