def _kdf_input_len_check(data_key_len, kdf_type, kdf_input_len):
    """Validates that data_key_len and kdf_input_len have the correct relationship.

    :param int data_key_len: Number of bytes in key
    :param kdf_type: KDF algorithm to use
    :param kdf_type: cryptography.io KDF object
    :param int kdf_input_len: Length of input data to feed into KDF function
    """
    if kdf_type is None and data_key_len != kdf_input_len:
        raise InvalidAlgorithmError(
            'Invalid Algorithm definition: data_key_len must equal kdf_input_len for non-KDF algorithms'
        )
    elif data_key_len > kdf_input_len:
        raise InvalidAlgorithmError(
            'Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len'
        )
    def valid_kdf(self, kdf):
        """Determine whether a KDFSuite can be used with this EncryptionSuite.

        :param kdf: KDFSuite to evaluate
        :type kdf: aws_encryption_sdk.identifiers.KDFSuite
        :rtype: bool
        """
        if kdf.input_length is None:
            return True

        if self.data_key_length > kdf.input_length(self):
            raise InvalidAlgorithmError(
                "Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len"
            )

        return True