def _kdf_input_len_check(data_key_len, kdf_type, kdf_input_len):
"""Validates that data_key_len and kdf_input_len have the correct relationship.
:param int data_key_len: Number of bytes in key
:param kdf_type: KDF algorithm to use
:param kdf_type: cryptography.io KDF object
:param int kdf_input_len: Length of input data to feed into KDF function
"""
if kdf_type is None and data_key_len != kdf_input_len:
raise InvalidAlgorithmError(
'Invalid Algorithm definition: data_key_len must equal kdf_input_len for non-KDF algorithms'
)
elif data_key_len > kdf_input_len:
raise InvalidAlgorithmError(
'Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len'
)
def valid_kdf(self, kdf):
"""Determine whether a KDFSuite can be used with this EncryptionSuite.
:param kdf: KDFSuite to evaluate
:type kdf: aws_encryption_sdk.identifiers.KDFSuite
:rtype: bool
"""
if kdf.input_length is None:
return True
if self.data_key_length > kdf.input_length(self):
raise InvalidAlgorithmError(
"Invalid Algorithm definition: data_key_len must not be greater than kdf_input_len"
)
return True
