6 files changed, 23 insertions, 40 deletions

diff --git a/src/cryptography/hazmat/primitives/kdf/concatkdf.py b/src/cryptography/hazmat/primitives/kdf/concatkdf.py
index c6399e4f..89c3b282 100644
--- a/src/cryptography/hazmat/primitives/kdf/concatkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/concatkdf.py
@@ -27,14 +27,12 @@ def _common_args_checks(algorithm, length, otherinfo):
             "Can not derive keys larger than {0} bits.".format(
                 max_length
             ))
-    if not (otherinfo is None or isinstance(otherinfo, bytes)):
-        raise TypeError("otherinfo must be bytes.")
+    if otherinfo is not None:
+        utils._check_bytes("otherinfo", otherinfo)
 
 
 def _concatkdf_derive(key_material, length, auxfn, otherinfo):
-    if not isinstance(key_material, bytes):
-        raise TypeError("key_material must be bytes.")
-
+    utils._check_bytes("key_material", key_material)
     output = [b""]
     outlen = 0
     counter = 1
@@ -96,10 +94,11 @@ class ConcatKDFHMAC(object):
         if self._otherinfo is None:
             self._otherinfo = b""
 
-        if not (salt is None or isinstance(salt, bytes)):
-            raise TypeError("salt must be bytes.")
         if salt is None:
             salt = b"\x00" * algorithm.block_size
+        else:
+            utils._check_bytes("salt", salt)
+
         self._salt = salt
 
         if not isinstance(backend, HMACBackend):
diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py
index 917b4e9c..27dc9c93 100644
--- a/src/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -26,11 +26,10 @@ class HKDF(object):
 
         self._algorithm = algorithm
 
-        if not (salt is None or isinstance(salt, bytes)):
-            raise TypeError("salt must be bytes.")
-
         if salt is None:
             salt = b"\x00" * self._algorithm.digest_size
+        else:
+            utils._check_bytes("salt", salt)
 
         self._salt = salt
 
@@ -44,9 +43,7 @@ class HKDF(object):
         return h.finalize()
 
     def derive(self, key_material):
-        if not isinstance(key_material, bytes):
-            raise TypeError("key_material must be bytes.")
-
+        utils._check_bytes("key_material", key_material)
         return self._hkdf_expand.derive(self._extract(key_material))
 
     def verify(self, key_material, expected_key):
@@ -77,11 +74,10 @@ class HKDFExpand(object):
 
         self._length = length
 
-        if not (info is None or isinstance(info, bytes)):
-            raise TypeError("info must be bytes.")
-
         if info is None:
             info = b""
+        else:
+            utils._check_bytes("info", info)
 
         self._info = info
 
@@ -102,9 +98,7 @@ class HKDFExpand(object):
         return b"".join(output)[:self._length]
 
     def derive(self, key_material):
-        if not isinstance(key_material, bytes):
-            raise TypeError("key_material must be bytes.")
-
+        utils._check_bytes("key_material", key_material)
         if self._used:
             raise AlreadyFinalized
 
diff --git a/src/cryptography/hazmat/primitives/kdf/kbkdf.py b/src/cryptography/hazmat/primitives/kdf/kbkdf.py
index 14de56eb..74fe9e29 100644
--- a/src/cryptography/hazmat/primitives/kdf/kbkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/kbkdf.py
@@ -73,10 +73,8 @@ class KBKDFHMAC(object):
         if context is None:
             context = b''
 
-        if (not isinstance(label, bytes) or
-                not isinstance(context, bytes)):
-            raise TypeError('label and context must be of type bytes')
-
+        utils._check_bytes("label", label)
+        utils._check_bytes("context", context)
         self._algorithm = algorithm
         self._mode = mode
         self._length = length
@@ -102,8 +100,7 @@ class KBKDFHMAC(object):
         if self._used:
             raise AlreadyFinalized
 
-        if not isinstance(key_material, bytes):
-            raise TypeError('key_material must be bytes')
+        utils._check_bytes("key_material", key_material)
         self._used = True
 
         # inverse floor division (equivalent to ceiling)
diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
index f8ce7a3b..fbe8964d 100644
--- a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -31,8 +31,7 @@ class PBKDF2HMAC(object):
         self._used = False
         self._algorithm = algorithm
         self._length = length
-        if not isinstance(salt, bytes):
-            raise TypeError("salt must be bytes.")
+        utils._check_bytes("salt", salt)
         self._salt = salt
         self._iterations = iterations
         self._backend = backend
@@ -42,8 +41,7 @@ class PBKDF2HMAC(object):
             raise AlreadyFinalized("PBKDF2 instances can only be used once.")
         self._used = True
 
-        if not isinstance(key_material, bytes):
-            raise TypeError("key_material must be bytes.")
+        utils._check_bytes("key_material", key_material)
         return self._backend.derive_pbkdf2_hmac(
             self._algorithm,
             self._length,
diff --git a/src/cryptography/hazmat/primitives/kdf/scrypt.py b/src/cryptography/hazmat/primitives/kdf/scrypt.py
index 77dcf9ab..44e369fb 100644
--- a/src/cryptography/hazmat/primitives/kdf/scrypt.py
+++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py
@@ -30,9 +30,7 @@ class Scrypt(object):
             )
 
         self._length = length
-        if not isinstance(salt, bytes):
-            raise TypeError("salt must be bytes.")
-
+        utils._check_bytes("salt", salt)
         if n < 2 or (n & (n - 1)) != 0:
             raise ValueError("n must be greater than 1 and be a power of 2.")
 
@@ -54,8 +52,7 @@ class Scrypt(object):
             raise AlreadyFinalized("Scrypt instances can only be used once.")
         self._used = True
 
-        if not isinstance(key_material, bytes):
-            raise TypeError("key_material must be bytes.")
+        utils._check_bytes("key_material", key_material)
         return self._backend.derive_scrypt(
             key_material, self._salt, self._length, self._n, self._r, self._p
         )
diff --git a/src/cryptography/hazmat/primitives/kdf/x963kdf.py b/src/cryptography/hazmat/primitives/kdf/x963kdf.py
index 83789b31..a8c07751 100644
--- a/src/cryptography/hazmat/primitives/kdf/x963kdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/x963kdf.py
@@ -27,8 +27,9 @@ class X963KDF(object):
         if length > max_len:
             raise ValueError(
                 "Can not derive keys larger than {0} bits.".format(max_len))
-        if not (sharedinfo is None or isinstance(sharedinfo, bytes)):
-            raise TypeError("sharedinfo must be bytes.")
+        if sharedinfo is not None:
+            utils._check_bytes("sharedinfo", sharedinfo)
+
         self._algorithm = algorithm
         self._length = length
         self._sharedinfo = sharedinfo
@@ -45,10 +46,7 @@ class X963KDF(object):
         if self._used:
             raise AlreadyFinalized
         self._used = True
-
-        if not isinstance(key_material, bytes):
-            raise TypeError("key_material must be bytes.")
-
+        utils._check_bytes("key_material", key_material)
         output = [b""]
         outlen = 0
         counter = 1