18849c126SEtienne Carriere // SPDX-License-Identifier: BSD-2-Clause 28849c126SEtienne Carriere /* 38849c126SEtienne Carriere * Copyright (c) 2017-2020, Linaro Limited 48849c126SEtienne Carriere */ 58849c126SEtienne Carriere 68849c126SEtienne Carriere #include <assert.h> 78849c126SEtienne Carriere #include <pkcs11_ta.h> 88849c126SEtienne Carriere #include <string.h> 98849c126SEtienne Carriere #include <util.h> 108849c126SEtienne Carriere #include <tee_api.h> 118849c126SEtienne Carriere #include <tee_internal_api_extensions.h> 128849c126SEtienne Carriere 138849c126SEtienne Carriere #include "pkcs11_helpers.h" 148849c126SEtienne Carriere #include "token_capabilities.h" 158849c126SEtienne Carriere 168849c126SEtienne Carriere #define ALLOWED_PKCS11_CKFM \ 178849c126SEtienne Carriere (PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT | \ 188849c126SEtienne Carriere PKCS11_CKFM_DERIVE | PKCS11_CKFM_DIGEST | \ 198849c126SEtienne Carriere PKCS11_CKFM_SIGN | PKCS11_CKFM_SIGN_RECOVER | \ 208849c126SEtienne Carriere PKCS11_CKFM_VERIFY | PKCS11_CKFM_VERIFY_RECOVER | \ 218849c126SEtienne Carriere PKCS11_CKFM_GENERATE | PKCS11_CKFM_GENERATE_KEY_PAIR | \ 228849c126SEtienne Carriere PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP) 238849c126SEtienne Carriere 248849c126SEtienne Carriere /* 258849c126SEtienne Carriere * Definition of supported processings for a PKCS#11 mechanisms 268849c126SEtienne Carriere * @id: Mechanism ID 278849c126SEtienne Carriere * @flags: Valid PKCS11_CKFM_* for a mechanism as per PKCS#11 288849c126SEtienne Carriere * @one_shot: true of mechanism can be used for a one-short processing 298849c126SEtienne Carriere * @string: Helper string of the mechanism ID for debug purpose 308849c126SEtienne Carriere */ 318849c126SEtienne Carriere struct pkcs11_mechachism_modes { 328849c126SEtienne Carriere uint32_t id; 338849c126SEtienne Carriere uint32_t flags; 348849c126SEtienne Carriere bool one_shot; 358849c126SEtienne Carriere #if CFG_TEE_TA_LOG_LEVEL > 0 368849c126SEtienne Carriere const char *string; 378849c126SEtienne Carriere #endif 388849c126SEtienne Carriere }; 398849c126SEtienne Carriere 408849c126SEtienne Carriere #if CFG_TEE_TA_LOG_LEVEL > 0 418849c126SEtienne Carriere #define MECHANISM(_label, _flags, _single_part) \ 428849c126SEtienne Carriere { \ 438849c126SEtienne Carriere .id = _label, \ 448849c126SEtienne Carriere .one_shot = (_single_part), \ 458849c126SEtienne Carriere .flags = (_flags), \ 468849c126SEtienne Carriere .string = #_label, \ 478849c126SEtienne Carriere } 488849c126SEtienne Carriere #else 498849c126SEtienne Carriere #define MECHANISM(_label, _flags, _single_part) \ 508849c126SEtienne Carriere { \ 518849c126SEtienne Carriere .id = _label, \ 528849c126SEtienne Carriere .one_shot = (_single_part), \ 538849c126SEtienne Carriere .flags = (_flags), \ 548849c126SEtienne Carriere } 558849c126SEtienne Carriere #endif 568849c126SEtienne Carriere 578849c126SEtienne Carriere #define SINGLE_PART_ONLY true 588849c126SEtienne Carriere #define ANY_PART false 598849c126SEtienne Carriere 60512cbf1dSJens Wiklander #define CKFM_CIPHER (PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT) 61512cbf1dSJens Wiklander #define CKFM_WRAP_UNWRAP (PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP) 62512cbf1dSJens Wiklander #define CKFM_CIPHER_WRAP (CKFM_CIPHER | CKFM_WRAP_UNWRAP) 63512cbf1dSJens Wiklander #define CKFM_CIPHER_WRAP_DERIVE (CKFM_CIPHER_WRAP | PKCS11_CKFM_DERIVE) 64512cbf1dSJens Wiklander #define CKFM_AUTH_NO_RECOVER (PKCS11_CKFM_SIGN | PKCS11_CKFM_VERIFY) 65512cbf1dSJens Wiklander #define CKFM_AUTH_WITH_RECOVER (PKCS11_CKFM_SIGN_RECOVER | \ 66512cbf1dSJens Wiklander PKCS11_CKFM_VERIFY_RECOVER) 67512cbf1dSJens Wiklander 688849c126SEtienne Carriere /* PKCS#11 specificies permitted operation for each mechanism */ 698849c126SEtienne Carriere static const struct pkcs11_mechachism_modes pkcs11_modes[] = { 70512cbf1dSJens Wiklander /* AES */ 71512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER_WRAP, ANY_PART), 72512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER_WRAP, ANY_PART), 73512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER_WRAP, ANY_PART), 74512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER_WRAP, ANY_PART), 75512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER_WRAP, ANY_PART), 76512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE, 778849c126SEtienne Carriere ANY_PART), 78512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE, 79512cbf1dSJens Wiklander ANY_PART), 80512cbf1dSJens Wiklander MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE, ANY_PART), 81fa247a2aSRuchika Gupta MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE, 82fa247a2aSRuchika Gupta ANY_PART), 83*9e91a619SVesa Jääskeläinen /* Digest */ 84*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST, ANY_PART), 85*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST, ANY_PART), 86*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST, ANY_PART), 87*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST, ANY_PART), 88*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST, ANY_PART), 89*9e91a619SVesa Jääskeläinen MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST, ANY_PART), 90689f4e5bSRuchika Gupta /* HMAC */ 91689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 92689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 93689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 94689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 95689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 96689f4e5bSRuchika Gupta MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 978849c126SEtienne Carriere }; 988849c126SEtienne Carriere 998849c126SEtienne Carriere #if CFG_TEE_TA_LOG_LEVEL > 0 1008849c126SEtienne Carriere const char *mechanism_string_id(enum pkcs11_mechanism_id id) 1018849c126SEtienne Carriere { 1028849c126SEtienne Carriere const size_t offset = sizeof("PKCS11_CKM_") - 1; 1038849c126SEtienne Carriere size_t n = 0; 1048849c126SEtienne Carriere 1058849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 1068849c126SEtienne Carriere if (pkcs11_modes[n].id == id) 1078849c126SEtienne Carriere return pkcs11_modes[n].string + offset; 1088849c126SEtienne Carriere 1098849c126SEtienne Carriere return "Unknown ID"; 1108849c126SEtienne Carriere } 1118849c126SEtienne Carriere #endif /*CFG_TEE_TA_LOG_LEVEL*/ 1128849c126SEtienne Carriere 1138849c126SEtienne Carriere /* 1148849c126SEtienne Carriere * Return true if @id is a valid mechanism ID 1158849c126SEtienne Carriere */ 1168849c126SEtienne Carriere bool mechanism_is_valid(enum pkcs11_mechanism_id id) 1178849c126SEtienne Carriere { 1188849c126SEtienne Carriere size_t n = 0; 1198849c126SEtienne Carriere 1208849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 1218849c126SEtienne Carriere if (id == pkcs11_modes[n].id) 1228849c126SEtienne Carriere return true; 1238849c126SEtienne Carriere 1248849c126SEtienne Carriere return false; 1258849c126SEtienne Carriere } 1268849c126SEtienne Carriere 1278849c126SEtienne Carriere /* 1288849c126SEtienne Carriere * Return true if mechanism ID is valid and flags matches PKCS#11 compliancy 1298849c126SEtienne Carriere */ 1308849c126SEtienne Carriere bool __maybe_unused mechanism_flags_complies_pkcs11(uint32_t mechanism_type, 1318849c126SEtienne Carriere uint32_t flags) 1328849c126SEtienne Carriere { 1338849c126SEtienne Carriere size_t n = 0; 1348849c126SEtienne Carriere 1358849c126SEtienne Carriere assert((flags & ~ALLOWED_PKCS11_CKFM) == 0); 1368849c126SEtienne Carriere 1378849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) { 1388849c126SEtienne Carriere if (pkcs11_modes[n].id == mechanism_type) { 1398849c126SEtienne Carriere if (flags & ~pkcs11_modes[n].flags) 1408849c126SEtienne Carriere EMSG("%s flags: 0x%"PRIx32" vs 0x%"PRIx32, 1418849c126SEtienne Carriere id2str_mechanism(mechanism_type), 1428849c126SEtienne Carriere flags, pkcs11_modes[n].flags); 1438849c126SEtienne Carriere 1448849c126SEtienne Carriere return (flags & ~pkcs11_modes[n].flags) == 0; 1458849c126SEtienne Carriere } 1468849c126SEtienne Carriere } 1478849c126SEtienne Carriere 1488849c126SEtienne Carriere /* Mechanism ID unexpectedly not found */ 1498849c126SEtienne Carriere return false; 1508849c126SEtienne Carriere } 1518849c126SEtienne Carriere 152512cbf1dSJens Wiklander bool mechanism_is_one_shot_only(uint32_t mechanism_type) 153512cbf1dSJens Wiklander { 154512cbf1dSJens Wiklander size_t n = 0; 155512cbf1dSJens Wiklander 156512cbf1dSJens Wiklander for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 157512cbf1dSJens Wiklander if (pkcs11_modes[n].id == mechanism_type) 158512cbf1dSJens Wiklander return pkcs11_modes[n].one_shot; 159512cbf1dSJens Wiklander 160512cbf1dSJens Wiklander /* Mechanism ID unexpectedly not found */ 161512cbf1dSJens Wiklander TEE_Panic(PKCS11_RV_NOT_FOUND); 162512cbf1dSJens Wiklander /* Dummy return to keep compiler happy */ 163512cbf1dSJens Wiklander return false; 164512cbf1dSJens Wiklander } 165512cbf1dSJens Wiklander 166512cbf1dSJens Wiklander /* 167512cbf1dSJens Wiklander * Field single_part_only is unused from array token_mechanism[], hence 168512cbf1dSJens Wiklander * simply use ANY_PART for all mechanism there. 169512cbf1dSJens Wiklander */ 170512cbf1dSJens Wiklander #define TA_MECHANISM(_label, _flags) MECHANISM((_label), (_flags), ANY_PART) 171512cbf1dSJens Wiklander 1728849c126SEtienne Carriere /* 1738849c126SEtienne Carriere * Arrays that centralizes the IDs and processing flags for mechanisms 1748849c126SEtienne Carriere * supported by each embedded token. Currently none. 1758849c126SEtienne Carriere */ 1768849c126SEtienne Carriere const struct pkcs11_mechachism_modes token_mechanism[] = { 177512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER), 178512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER), 179512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER), 180512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER), 181512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER), 182512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE), 183512cbf1dSJens Wiklander TA_MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE), 184fa247a2aSRuchika Gupta TA_MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE), 185fa247a2aSRuchika Gupta TA_MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE), 186*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST), 187*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST), 188*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST), 189*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST), 190*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST), 191*9e91a619SVesa Jääskeläinen TA_MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST), 192689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER), 193689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER), 194689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER), 195689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER), 196689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER), 197689f4e5bSRuchika Gupta TA_MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER), 1988849c126SEtienne Carriere }; 1998849c126SEtienne Carriere 2008849c126SEtienne Carriere /* 2018849c126SEtienne Carriere * tee_malloc_mechanism_array - Allocate and fill array of supported mechanisms 2028849c126SEtienne Carriere * @count: [in] [out] Pointer to number of mechanism IDs in client resource 2038849c126SEtienne Carriere * Return allocated array of the supported mechanism IDs 2048849c126SEtienne Carriere * 2058849c126SEtienne Carriere * Allocates array with 32bit cells mechanism IDs for the supported ones only 2068849c126SEtienne Carriere * if *@count covers number mechanism IDs exposed. 2078849c126SEtienne Carriere */ 2088849c126SEtienne Carriere uint32_t *tee_malloc_mechanism_list(size_t *out_count) 2098849c126SEtienne Carriere { 2108849c126SEtienne Carriere size_t n = 0; 2118849c126SEtienne Carriere size_t count = 0; 2128849c126SEtienne Carriere uint32_t *array = NULL; 2138849c126SEtienne Carriere 2148849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) 2158849c126SEtienne Carriere if (token_mechanism[n].flags) 2168849c126SEtienne Carriere count++; 2178849c126SEtienne Carriere 2188849c126SEtienne Carriere if (*out_count >= count) 2198849c126SEtienne Carriere array = TEE_Malloc(count * sizeof(*array), 2208849c126SEtienne Carriere TEE_USER_MEM_HINT_NO_FILL_ZERO); 2218849c126SEtienne Carriere 2228849c126SEtienne Carriere *out_count = count; 2238849c126SEtienne Carriere 2248849c126SEtienne Carriere if (!array) 2258849c126SEtienne Carriere return NULL; 2268849c126SEtienne Carriere 2278849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) { 2288849c126SEtienne Carriere if (token_mechanism[n].flags) { 2298849c126SEtienne Carriere count--; 2308849c126SEtienne Carriere array[count] = token_mechanism[n].id; 2318849c126SEtienne Carriere } 2328849c126SEtienne Carriere } 2338849c126SEtienne Carriere assert(!count); 2348849c126SEtienne Carriere 2358849c126SEtienne Carriere return array; 2368849c126SEtienne Carriere } 2378849c126SEtienne Carriere 2388849c126SEtienne Carriere uint32_t mechanism_supported_flags(enum pkcs11_mechanism_id id) 2398849c126SEtienne Carriere { 2408849c126SEtienne Carriere size_t n = 0; 2418849c126SEtienne Carriere 2428849c126SEtienne Carriere for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) { 2438849c126SEtienne Carriere if (id == token_mechanism[n].id) { 2448849c126SEtienne Carriere uint32_t flags = token_mechanism[n].flags; 2458849c126SEtienne Carriere 2468849c126SEtienne Carriere assert(mechanism_flags_complies_pkcs11(id, flags)); 2478849c126SEtienne Carriere return flags; 2488849c126SEtienne Carriere } 2498849c126SEtienne Carriere } 2508849c126SEtienne Carriere 2518849c126SEtienne Carriere return 0; 2528849c126SEtienne Carriere } 253512cbf1dSJens Wiklander 2542d0cd829SRuchika Gupta void pkcs11_mechanism_supported_key_sizes(uint32_t proc_id, 2552d0cd829SRuchika Gupta uint32_t *min_key_size, 256512cbf1dSJens Wiklander uint32_t *max_key_size) 257512cbf1dSJens Wiklander { 258512cbf1dSJens Wiklander switch (proc_id) { 259fa247a2aSRuchika Gupta case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 260fa247a2aSRuchika Gupta /* This mechanism expects the keysize to be returned in bits */ 261fa247a2aSRuchika Gupta *min_key_size = 1; /* in bits */ 262fa247a2aSRuchika Gupta *max_key_size = 4096; /* in bits */ 263fa247a2aSRuchika Gupta break; 264689f4e5bSRuchika Gupta case PKCS11_CKM_MD5_HMAC: 265d92c3cddSRuchika Gupta *min_key_size = 8; 266d92c3cddSRuchika Gupta *max_key_size = 64; 267689f4e5bSRuchika Gupta break; 268689f4e5bSRuchika Gupta case PKCS11_CKM_SHA_1_HMAC: 269d92c3cddSRuchika Gupta *min_key_size = 10; 270d92c3cddSRuchika Gupta *max_key_size = 64; 271689f4e5bSRuchika Gupta break; 272689f4e5bSRuchika Gupta case PKCS11_CKM_SHA224_HMAC: 273d92c3cddSRuchika Gupta *min_key_size = 14; 274d92c3cddSRuchika Gupta *max_key_size = 64; 275689f4e5bSRuchika Gupta break; 276689f4e5bSRuchika Gupta case PKCS11_CKM_SHA256_HMAC: 277d92c3cddSRuchika Gupta *min_key_size = 24; 278d92c3cddSRuchika Gupta *max_key_size = 128; 279689f4e5bSRuchika Gupta break; 280689f4e5bSRuchika Gupta case PKCS11_CKM_SHA384_HMAC: 281d92c3cddSRuchika Gupta *min_key_size = 32; 282d92c3cddSRuchika Gupta *max_key_size = 128; 283689f4e5bSRuchika Gupta break; 284689f4e5bSRuchika Gupta case PKCS11_CKM_SHA512_HMAC: 285d92c3cddSRuchika Gupta *min_key_size = 32; 286d92c3cddSRuchika Gupta *max_key_size = 128; 287689f4e5bSRuchika Gupta break; 288512cbf1dSJens Wiklander case PKCS11_CKM_AES_KEY_GEN: 289512cbf1dSJens Wiklander case PKCS11_CKM_AES_ECB: 290512cbf1dSJens Wiklander case PKCS11_CKM_AES_CBC: 291512cbf1dSJens Wiklander case PKCS11_CKM_AES_CBC_PAD: 292512cbf1dSJens Wiklander case PKCS11_CKM_AES_CTR: 293512cbf1dSJens Wiklander case PKCS11_CKM_AES_CTS: 294512cbf1dSJens Wiklander *min_key_size = 16; 295512cbf1dSJens Wiklander *max_key_size = 32; 296512cbf1dSJens Wiklander break; 297512cbf1dSJens Wiklander default: 298512cbf1dSJens Wiklander *min_key_size = 0; 299512cbf1dSJens Wiklander *max_key_size = 0; 300512cbf1dSJens Wiklander break; 301512cbf1dSJens Wiklander } 302512cbf1dSJens Wiklander } 3032d0cd829SRuchika Gupta 3042d0cd829SRuchika Gupta void mechanism_supported_key_sizes_bytes(uint32_t proc_id, 3052d0cd829SRuchika Gupta uint32_t *min_key_size, 3062d0cd829SRuchika Gupta uint32_t *max_key_size) 3072d0cd829SRuchika Gupta { 3082d0cd829SRuchika Gupta pkcs11_mechanism_supported_key_sizes(proc_id, min_key_size, 3092d0cd829SRuchika Gupta max_key_size); 3102d0cd829SRuchika Gupta 3112d0cd829SRuchika Gupta if (proc_id == PKCS11_CKM_GENERIC_SECRET_KEY_GEN) { 3122d0cd829SRuchika Gupta *min_key_size = (*min_key_size + 7) / 8; 3132d0cd829SRuchika Gupta *max_key_size = (*max_key_size + 7) / 8; 3142d0cd829SRuchika Gupta } 3152d0cd829SRuchika Gupta } 316