cc/subtle/pem_parser_boringssl.cc - third_party/tink - Git at Google

 // Copyright 2018 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////
 #include "tink/subtle/pem_parser_boringssl.h"

 #include <memory>
 #include <string>
 #include <utility>

 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "openssl/bio.h"
 #include "openssl/bn.h"
 #include "openssl/ec.h"
 #include "openssl/evp.h"
 #include "openssl/pem.h"
 #include "openssl/rsa.h"
 #include "tink/internal/bn_util.h"
 #include "tink/internal/ec_util.h"
 #include "tink/internal/rsa_util.h"
 #include "tink/internal/ssl_unique_ptr.h"
 #include "tink/internal/ssl_util.h"
 #include "tink/subtle/common_enums.h"
 #include "tink/subtle/subtle_util_boringssl.h"
 #include "tink/util/status.h"
 #include "tink/util/statusor.h"

 namespace crypto {
 namespace tink {
 namespace subtle {

 namespace {
 constexpr int kBsslOk = 1;

 // Verifies that the given RSA pointer `rsa_key` points to a valid RSA key.
 util::Status VerifyRsaKey(const RSA* rsa_key) {
   if (rsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid RSA key format");
   }
   // Check the key parameters.
   if (RSA_check_key(rsa_key) != kBsslOk) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid RSA key format");
   }
   return util::OkStatus();
 }

 // Verifies that the given ECDSA pointer `ecdsa_key` points to a valid ECDSA
 // key.
 util::Status VerifyEcdsaKey(const EC_KEY* ecdsa_key) {
   if (ecdsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid ECDSA key format");
   }
   // Check the key parameters.
   if (EC_KEY_check_key(ecdsa_key) != kBsslOk) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid ECDSA key format");
   }
   return util::OkStatus();
 }

 // Converts the public portion of a given SubtleUtilBoringSSL::EcKey,
 // `subtle_ec_key`, into an OpenSSL EC key, `openssl_ec_key`.
 util::Status EcKeyToSslEcPublicKey(
     const SubtleUtilBoringSSL::EcKey& subtle_ec_key, EC_KEY* openssl_ec_key) {
   if (openssl_ec_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "`openssl_ec_key` arg cannot be NULL");
   }

   util::StatusOr<internal::SslUniquePtr<EC_GROUP>> group =
       internal::EcGroupFromCurveType(subtle_ec_key.curve);
   if (!group.ok()) {
     return group.status();
   }

   util::StatusOr<internal::SslUniquePtr<EC_POINT>> ec_point =
       internal::GetEcPoint(subtle_ec_key.curve, subtle_ec_key.pub_x,
                            subtle_ec_key.pub_y);
   if (!ec_point.ok()) {
     return ec_point.status();
   }

   // Set key's group and EC point.
   if (!EC_KEY_set_group(openssl_ec_key, group->get())) {
     return util::Status(
         absl::StatusCode::kInternal,
         absl::StrCat("Failed to set key group from EC group for curve ",
                      EnumToString(subtle_ec_key.curve)));
   }

   if (!EC_KEY_set_public_key(openssl_ec_key, ec_point->get())) {
     return util::Status(absl::StatusCode::kInternal,
                         "Failed to set public key");
   }

   return util::OkStatus();
 }

 // Converts a given SubtleUtilBoringSSL::EcKey, `subtle_ec_key`, into an OpenSSL
 // EC key, `openssl_ec_key`.
 util::Status EcKeyToSslEcPrivateKey(
     const SubtleUtilBoringSSL::EcKey& subtle_ec_key, EC_KEY* openssl_ec_key) {
   if (openssl_ec_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "`openssl_ec_key` arg cannot be NULL");
   }
   util::Status status = EcKeyToSslEcPublicKey(subtle_ec_key, openssl_ec_key);
   if (!status.ok()) {
     return status;
   }

   util::StatusOr<internal::SslUniquePtr<BIGNUM>> x =
       internal::StringToBignum(absl::string_view(
           reinterpret_cast<const char*>(subtle_ec_key.priv.data()),
           subtle_ec_key.priv.size()));
   if (!x.ok()) {
     return x.status();
   }

   if (!EC_KEY_set_private_key(openssl_ec_key, x->get())) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to set private key");
   }
   return VerifyEcdsaKey(openssl_ec_key);
 }

 // Converts an OpenSSL BIO (i.e., basic IO stream), `bio`, into a string.
 util::StatusOr<std::string> ConvertBioToString(BIO* bio) {
   BUF_MEM* mem = nullptr;
   BIO_get_mem_ptr(bio, &mem);
   std::string pem_material;
   if (mem->data && mem->length) {
     pem_material.assign(mem->data, mem->length);
   }
   if (pem_material.empty()) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to retrieve key material from BIO");
   }
   return pem_material;
 }

 size_t ScalarSizeInBytes(const EC_GROUP* group) {
   return BN_num_bytes(EC_GROUP_get0_order(group));
 }

 size_t FieldElementSizeInBytes(const EC_GROUP* group) {
   unsigned degree_bits = EC_GROUP_get_degree(group);
   return (degree_bits + 7) / 8;
 }

 // We explicitly set a failing passphrase callback function to make sure no
 // default callback routine is used.
 static int FailingPassphraseCallback(char* buf, int buf_size, int rwflag,
                                      void* u) {
   return -1;
 }

 }  // namespace

 util::StatusOr<std::unique_ptr<internal::RsaPublicKey>>
 PemParser::ParseRsaPublicKey(absl::string_view pem_serialized_key) {
   // Read the RSA key into EVP_PKEY.
   internal::SslUniquePtr<BIO> rsa_key_bio(BIO_new(BIO_s_mem()));
   BIO_write(rsa_key_bio.get(), pem_serialized_key.data(),
             pem_serialized_key.size());

   internal::SslUniquePtr<EVP_PKEY> evp_rsa_key(
       PEM_read_bio_PUBKEY(rsa_key_bio.get(), /*x=*/nullptr,
                           &FailingPassphraseCallback, /*u=*/nullptr));

   if (evp_rsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "PEM Public Key parsing failed");
   }
   // No need to free bssl_rsa_key after use.
   const RSA* bssl_rsa_key = EVP_PKEY_get0_RSA(evp_rsa_key.get());
   util::Status verification_res = internal::RsaCheckPublicKey(bssl_rsa_key);
   if (!verification_res.ok()) {
     return verification_res;
   }

   // Get the public key parameters.
   const BIGNUM *n_bn, *e_bn, *d_bn;
   RSA_get0_key(bssl_rsa_key, &n_bn, &e_bn, &d_bn);

   // Public key should not have d_bn set.
   if (d_bn != nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid RSA Public Key format");
   }

   // We are only interested in e and n.
   auto n_str = internal::BignumToString(n_bn, BN_num_bytes(n_bn));
   auto e_str = internal::BignumToString(e_bn, BN_num_bytes(e_bn));
   if (!n_str.ok()) {
     return n_str.status();
   }
   if (!e_str.ok()) {
     return e_str.status();
   }
   auto rsa_public_key = absl::make_unique<internal::RsaPublicKey>();
   rsa_public_key->e = *std::move(e_str);
   rsa_public_key->n = *std::move(n_str);

   return std::move(rsa_public_key);
 }

 util::StatusOr<std::unique_ptr<internal::RsaPrivateKey>>
 PemParser::ParseRsaPrivateKey(absl::string_view pem_serialized_key) {
   // Read the private key into EVP_PKEY.
   internal::SslUniquePtr<BIO> rsa_key_bio(BIO_new(BIO_s_mem()));
   BIO_write(rsa_key_bio.get(), pem_serialized_key.data(),
             pem_serialized_key.size());

   // BoringSSL APIs to parse the PEM data.
   internal::SslUniquePtr<EVP_PKEY> evp_rsa_key(
       PEM_read_bio_PrivateKey(rsa_key_bio.get(), /*x=*/nullptr,
                               &FailingPassphraseCallback, /*u=*/nullptr));

   if (evp_rsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "PEM Private Key parsing failed");
   }

   // No need to free bssl_rsa_key after use.
   const RSA* bssl_rsa_key = EVP_PKEY_get0_RSA(evp_rsa_key.get());

   auto is_valid_key = VerifyRsaKey(bssl_rsa_key);
   if (!is_valid_key.ok()) {
     return is_valid_key;
   }

   const BIGNUM *n_bn, *e_bn, *d_bn;
   RSA_get0_key(bssl_rsa_key, &n_bn, &e_bn, &d_bn);

   // Save exponents.
   auto rsa_private_key = absl::make_unique<internal::RsaPrivateKey>();
   auto n_str = internal::BignumToString(n_bn, BN_num_bytes(n_bn));
   auto e_str = internal::BignumToString(e_bn, BN_num_bytes(e_bn));
   auto d_str = internal::BignumToSecretData(d_bn, BN_num_bytes(d_bn));
   if (!n_str.ok()) {
     return n_str.status();
   }
   if (!e_str.ok()) {
     return e_str.status();
   }
   if (!d_str.ok()) {
     return d_str.status();
   }
   rsa_private_key->n = *std::move(n_str);
   rsa_private_key->e = *std::move(e_str);
   rsa_private_key->d = *std::move(d_str);

   // Save factors.
   const BIGNUM *p_bn, *q_bn;
   RSA_get0_factors(bssl_rsa_key, &p_bn, &q_bn);
   auto p_str = internal::BignumToSecretData(p_bn, BN_num_bytes(p_bn));
   auto q_str = internal::BignumToSecretData(q_bn, BN_num_bytes(q_bn));
   if (!p_str.ok()) {
     return p_str.status();
   }
   if (!q_str.ok()) {
     return q_str.status();
   }
   rsa_private_key->p = *std::move(p_str);
   rsa_private_key->q = *std::move(q_str);

   // Save CRT parameters.
   const BIGNUM *dp_bn, *dq_bn, *crt_bn;
   RSA_get0_crt_params(bssl_rsa_key, &dp_bn, &dq_bn, &crt_bn);
   auto dp_str = internal::BignumToSecretData(dp_bn, BN_num_bytes(dp_bn));
   auto dq_str = internal::BignumToSecretData(dq_bn, BN_num_bytes(dq_bn));
   auto crt_str = internal::BignumToSecretData(crt_bn, BN_num_bytes(crt_bn));
   if (!dp_str.ok()) {
     return dp_str.status();
   }
   if (!dq_str.ok()) {
     return dq_str.status();
   }
   if (!crt_str.ok()) {
     return crt_str.status();
   }
   rsa_private_key->dp = *std::move(dp_str);
   rsa_private_key->dq = *std::move(dq_str);
   rsa_private_key->crt = *std::move(crt_str);

   return std::move(rsa_private_key);
 }

 util::StatusOr<std::string> PemParser::WriteRsaPublicKey(
     const internal::RsaPublicKey& rsa_public_key) {
   auto rsa_statusor = internal::RsaPublicKeyToRsa(rsa_public_key);
   if (!rsa_statusor.ok()) {
     return rsa_statusor.status();
   }

   internal::SslUniquePtr<RSA> rsa = *std::move(rsa_statusor);
   internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
   if (!PEM_write_bio_RSA_PUBKEY(bio.get(), rsa.get())) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to write openssl RSA key to write bio");
   }
   return ConvertBioToString(bio.get());
 }

 util::StatusOr<std::string> PemParser::WriteRsaPrivateKey(
     const internal::RsaPrivateKey& rsa_private_key) {
   auto rsa_statusor = internal::RsaPrivateKeyToRsa(rsa_private_key);
   if (!rsa_statusor.ok()) {
     return rsa_statusor.status();
   }

   internal::SslUniquePtr<RSA> rsa = *std::move(rsa_statusor);
   internal::SslUniquePtr<EVP_PKEY> evp(EVP_PKEY_new());
   EVP_PKEY_set1_RSA(evp.get(), rsa.get());

   internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
   if (!PEM_write_bio_PrivateKey(bio.get(), evp.get(),
                                 /*enc=*/nullptr, /*kstr=*/nullptr,
                                 /*klen=*/0,
                                 /*cb=*/nullptr, /*u=*/nullptr)) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to write openssl RSA key to write bio");
   }
   return ConvertBioToString(bio.get());
 }

 util::StatusOr<std::unique_ptr<SubtleUtilBoringSSL::EcKey>>
 PemParser::ParseEcPublicKey(absl::string_view pem_serialized_key) {
   // Read the ECDSA key into EVP_PKEY.
   internal::SslUniquePtr<BIO> ecdsa_key_bio(BIO_new(BIO_s_mem()));
   BIO_write(ecdsa_key_bio.get(), pem_serialized_key.data(),
             pem_serialized_key.size());

   internal::SslUniquePtr<EVP_PKEY> evp_ecdsa_key(
       PEM_read_bio_PUBKEY(ecdsa_key_bio.get(), /*x=*/nullptr,
                           &FailingPassphraseCallback, /*u=*/nullptr));

   if (evp_ecdsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "PEM Public Key parsing failed");
   }
   // No need to free bssl_ecdsa_key after use.
   EC_KEY* bssl_ecdsa_key = EVP_PKEY_get0_EC_KEY(evp_ecdsa_key.get());
   auto is_valid = VerifyEcdsaKey(bssl_ecdsa_key);
   if (!is_valid.ok()) {
     return is_valid;
   }

   // Get the public key parameters.
   const EC_POINT* public_point = EC_KEY_get0_public_key(bssl_ecdsa_key);
   const EC_GROUP* ec_group = EC_KEY_get0_group(bssl_ecdsa_key);
   internal::SslUniquePtr<BIGNUM> x_coordinate(BN_new());
   internal::SslUniquePtr<BIGNUM> y_coordinate(BN_new());
   EC_POINT_get_affine_coordinates(ec_group, public_point, x_coordinate.get(),
                                   y_coordinate.get(), nullptr);

   // Convert public key parameters and construct Subtle ECKey
   util::StatusOr<std::string> x_string = internal::BignumToString(
       x_coordinate.get(), FieldElementSizeInBytes(ec_group));
   if (!x_string.ok()) {
     return x_string.status();
   }
   util::StatusOr<std::string> y_string = internal::BignumToString(
       y_coordinate.get(), FieldElementSizeInBytes(ec_group));
   if (!y_string.ok()) {
     return y_string.status();
   }
   util::StatusOr<EllipticCurveType> curve =
       internal::CurveTypeFromEcGroup(ec_group);
   if (!curve.ok()) {
     return curve.status();
   }

   auto ecdsa_public_key = absl::make_unique<SubtleUtilBoringSSL::EcKey>();
   ecdsa_public_key->pub_x = *std::move(x_string);
   ecdsa_public_key->pub_y = *std::move(y_string);
   ecdsa_public_key->curve = *std::move(curve);

   return std::move(ecdsa_public_key);
 }

 util::StatusOr<std::unique_ptr<SubtleUtilBoringSSL::EcKey>>
 PemParser::ParseEcPrivateKey(absl::string_view pem_serialized_key) {
   internal::SslUniquePtr<BIO> ecdsa_key_bio(BIO_new(BIO_s_mem()));
   BIO_write(ecdsa_key_bio.get(), pem_serialized_key.data(),
             pem_serialized_key.size());

   internal::SslUniquePtr<EVP_PKEY> evp_ecdsa_key(
       PEM_read_bio_PrivateKey(ecdsa_key_bio.get(), /*x=*/nullptr,
                               &FailingPassphraseCallback, /*u=*/nullptr));

   if (evp_ecdsa_key == nullptr) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "PEM Private Key parsing failed");
   }

   // No need to free bssl_ecdsa_key after use.
   EC_KEY* bssl_ecdsa_key = EVP_PKEY_get0_EC_KEY(evp_ecdsa_key.get());
   util::Status verify_result = VerifyEcdsaKey(bssl_ecdsa_key);
   if (!verify_result.ok()) {
     return verify_result;
   }

   internal::SslUniquePtr<BIGNUM> x_coordinate(BN_new());
   internal::SslUniquePtr<BIGNUM> y_coordinate(BN_new());
   const EC_POINT* public_point = EC_KEY_get0_public_key(bssl_ecdsa_key);
   const EC_GROUP* ec_group = EC_KEY_get0_group(bssl_ecdsa_key);
   EC_POINT_get_affine_coordinates(ec_group, public_point, x_coordinate.get(),
                                   y_coordinate.get(), nullptr);

   const BIGNUM* priv_key = EC_KEY_get0_private_key(bssl_ecdsa_key);
   util::StatusOr<util::SecretData> priv =
       internal::BignumToSecretData(priv_key, ScalarSizeInBytes(ec_group));
   if (!priv.ok()) {
     return priv.status();
   }
   util::StatusOr<std::string> x_string = internal::BignumToString(
       x_coordinate.get(), FieldElementSizeInBytes(ec_group));
   if (!x_string.ok()) {
     return x_string.status();
   }
   util::StatusOr<std::string> y_string = internal::BignumToString(
       y_coordinate.get(), FieldElementSizeInBytes(ec_group));
   if (!y_string.ok()) {
     return y_string.status();
   }
   util::StatusOr<EllipticCurveType> curve =
       internal::CurveTypeFromEcGroup(ec_group);
   if (!curve.ok()) {
     return curve.status();
   }

   auto ecdsa_private_key = absl::make_unique<SubtleUtilBoringSSL::EcKey>();
   ecdsa_private_key->pub_x = *std::move(x_string);
   ecdsa_private_key->pub_y = *std::move(y_string);
   ecdsa_private_key->priv = *std::move(priv);
   ecdsa_private_key->curve = *std::move(curve);

   return std::move(ecdsa_private_key);
 }

 util::StatusOr<std::string> PemParser::WriteEcPublicKey(
     const SubtleUtilBoringSSL::EcKey& ec_key) {
   internal::SslUniquePtr<EC_KEY> openssl_ec_key(EC_KEY_new());
   util::Status status = EcKeyToSslEcPublicKey(ec_key, openssl_ec_key.get());
   if (!status.ok()) {
     return status;
   }
   internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
   if (!PEM_write_bio_EC_PUBKEY(bio.get(), openssl_ec_key.get())) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to write openssl EC key to write bio");
   }
   return ConvertBioToString(bio.get());
 }

 util::StatusOr<std::string> PemParser::WriteEcPrivateKey(
     const SubtleUtilBoringSSL::EcKey& ec_key) {
   internal::SslUniquePtr<EC_KEY> openssl_ec_key(EC_KEY_new());
   util::Status status = EcKeyToSslEcPrivateKey(ec_key, openssl_ec_key.get());
   if (!status.ok()) {
     return status;
   }
   internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
   if (!PEM_write_bio_ECPrivateKey(bio.get(), openssl_ec_key.get(),
                                   /*enc=*/nullptr, /*kstr=*/nullptr, /*klen=*/0,
                                   /*cb=*/nullptr, /*u=*/nullptr)) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Failed to write openssl EC key to write bio");
   }
   return ConvertBioToString(bio.get());
 }

 }  // namespace subtle
 }  // namespace tink
 }  // namespace crypto
	// Copyright 2018 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////
	#include "tink/subtle/pem_parser_boringssl.h"

	#include <memory>
	#include <string>
	#include <utility>

	#include "absl/memory/memory.h"
	#include "absl/status/status.h"
	#include "absl/strings/str_cat.h"
	#include "absl/strings/string_view.h"
	#include "openssl/bio.h"
	#include "openssl/bn.h"
	#include "openssl/ec.h"
	#include "openssl/evp.h"
	#include "openssl/pem.h"
	#include "openssl/rsa.h"
	#include "tink/internal/bn_util.h"
	#include "tink/internal/ec_util.h"
	#include "tink/internal/rsa_util.h"
	#include "tink/internal/ssl_unique_ptr.h"
	#include "tink/internal/ssl_util.h"
	#include "tink/subtle/common_enums.h"
	#include "tink/subtle/subtle_util_boringssl.h"
	#include "tink/util/status.h"
	#include "tink/util/statusor.h"

	namespace crypto {
	namespace tink {
	namespace subtle {

	namespace {
	constexpr int kBsslOk = 1;

	// Verifies that the given RSA pointer `rsa_key` points to a valid RSA key.
	util::Status VerifyRsaKey(const RSA* rsa_key) {
	if (rsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid RSA key format");
	}
	// Check the key parameters.
	if (RSA_check_key(rsa_key) != kBsslOk) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid RSA key format");
	}
	return util::OkStatus();
	}

	// Verifies that the given ECDSA pointer `ecdsa_key` points to a valid ECDSA
	// key.
	util::Status VerifyEcdsaKey(const EC_KEY* ecdsa_key) {
	if (ecdsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid ECDSA key format");
	}
	// Check the key parameters.
	if (EC_KEY_check_key(ecdsa_key) != kBsslOk) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid ECDSA key format");
	}
	return util::OkStatus();
	}

	// Converts the public portion of a given SubtleUtilBoringSSL::EcKey,
	// `subtle_ec_key`, into an OpenSSL EC key, `openssl_ec_key`.
	util::Status EcKeyToSslEcPublicKey(
	const SubtleUtilBoringSSL::EcKey& subtle_ec_key, EC_KEY* openssl_ec_key) {
	if (openssl_ec_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"`openssl_ec_key` arg cannot be NULL");
	}

	util::StatusOr<internal::SslUniquePtr<EC_GROUP>> group =
	internal::EcGroupFromCurveType(subtle_ec_key.curve);
	if (!group.ok()) {
	return group.status();
	}

	util::StatusOr<internal::SslUniquePtr<EC_POINT>> ec_point =
	internal::GetEcPoint(subtle_ec_key.curve, subtle_ec_key.pub_x,
	subtle_ec_key.pub_y);
	if (!ec_point.ok()) {
	return ec_point.status();
	}

	// Set key's group and EC point.
	if (!EC_KEY_set_group(openssl_ec_key, group->get())) {
	return util::Status(
	absl::StatusCode::kInternal,
	absl::StrCat("Failed to set key group from EC group for curve ",
	EnumToString(subtle_ec_key.curve)));
	}

	if (!EC_KEY_set_public_key(openssl_ec_key, ec_point->get())) {
	return util::Status(absl::StatusCode::kInternal,
	"Failed to set public key");
	}

	return util::OkStatus();
	}

	// Converts a given SubtleUtilBoringSSL::EcKey, `subtle_ec_key`, into an OpenSSL
	// EC key, `openssl_ec_key`.
	util::Status EcKeyToSslEcPrivateKey(
	const SubtleUtilBoringSSL::EcKey& subtle_ec_key, EC_KEY* openssl_ec_key) {
	if (openssl_ec_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"`openssl_ec_key` arg cannot be NULL");
	}
	util::Status status = EcKeyToSslEcPublicKey(subtle_ec_key, openssl_ec_key);
	if (!status.ok()) {
	return status;
	}

	util::StatusOr<internal::SslUniquePtr<BIGNUM>> x =
	internal::StringToBignum(absl::string_view(
	reinterpret_cast<const char*>(subtle_ec_key.priv.data()),
	subtle_ec_key.priv.size()));
	if (!x.ok()) {
	return x.status();
	}

	if (!EC_KEY_set_private_key(openssl_ec_key, x->get())) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to set private key");
	}
	return VerifyEcdsaKey(openssl_ec_key);
	}

	// Converts an OpenSSL BIO (i.e., basic IO stream), `bio`, into a string.
	util::StatusOr<std::string> ConvertBioToString(BIO* bio) {
	BUF_MEM* mem = nullptr;
	BIO_get_mem_ptr(bio, &mem);
	std::string pem_material;
	if (mem->data && mem->length) {
	pem_material.assign(mem->data, mem->length);
	}
	if (pem_material.empty()) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to retrieve key material from BIO");
	}
	return pem_material;
	}

	size_t ScalarSizeInBytes(const EC_GROUP* group) {
	return BN_num_bytes(EC_GROUP_get0_order(group));
	}

	size_t FieldElementSizeInBytes(const EC_GROUP* group) {
	unsigned degree_bits = EC_GROUP_get_degree(group);
	return (degree_bits + 7) / 8;
	}

	// We explicitly set a failing passphrase callback function to make sure no
	// default callback routine is used.
	static int FailingPassphraseCallback(char* buf, int buf_size, int rwflag,
	void* u) {
	return -1;
	}

	} // namespace

	util::StatusOr<std::unique_ptr<internal::RsaPublicKey>>
	PemParser::ParseRsaPublicKey(absl::string_view pem_serialized_key) {
	// Read the RSA key into EVP_PKEY.
	internal::SslUniquePtr<BIO> rsa_key_bio(BIO_new(BIO_s_mem()));
	BIO_write(rsa_key_bio.get(), pem_serialized_key.data(),
	pem_serialized_key.size());

	internal::SslUniquePtr<EVP_PKEY> evp_rsa_key(
	PEM_read_bio_PUBKEY(rsa_key_bio.get(), /x=/nullptr,
	&FailingPassphraseCallback, /u=/nullptr));

	if (evp_rsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"PEM Public Key parsing failed");
	}
	// No need to free bssl_rsa_key after use.
	const RSA* bssl_rsa_key = EVP_PKEY_get0_RSA(evp_rsa_key.get());
	util::Status verification_res = internal::RsaCheckPublicKey(bssl_rsa_key);
	if (!verification_res.ok()) {
	return verification_res;
	}

	// Get the public key parameters.
	const BIGNUM n_bn, e_bn, *d_bn;
	RSA_get0_key(bssl_rsa_key, &n_bn, &e_bn, &d_bn);

	// Public key should not have d_bn set.
	if (d_bn != nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid RSA Public Key format");
	}

	// We are only interested in e and n.
	auto n_str = internal::BignumToString(n_bn, BN_num_bytes(n_bn));
	auto e_str = internal::BignumToString(e_bn, BN_num_bytes(e_bn));
	if (!n_str.ok()) {
	return n_str.status();
	}
	if (!e_str.ok()) {
	return e_str.status();
	}
	auto rsa_public_key = absl::make_unique<internal::RsaPublicKey>();
	rsa_public_key->e = *std::move(e_str);
	rsa_public_key->n = *std::move(n_str);

	return std::move(rsa_public_key);
	}

	util::StatusOr<std::unique_ptr<internal::RsaPrivateKey>>
	PemParser::ParseRsaPrivateKey(absl::string_view pem_serialized_key) {
	// Read the private key into EVP_PKEY.
	internal::SslUniquePtr<BIO> rsa_key_bio(BIO_new(BIO_s_mem()));
	BIO_write(rsa_key_bio.get(), pem_serialized_key.data(),
	pem_serialized_key.size());

	// BoringSSL APIs to parse the PEM data.
	internal::SslUniquePtr<EVP_PKEY> evp_rsa_key(
	PEM_read_bio_PrivateKey(rsa_key_bio.get(), /x=/nullptr,
	&FailingPassphraseCallback, /u=/nullptr));

	if (evp_rsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"PEM Private Key parsing failed");
	}

	// No need to free bssl_rsa_key after use.
	const RSA* bssl_rsa_key = EVP_PKEY_get0_RSA(evp_rsa_key.get());

	auto is_valid_key = VerifyRsaKey(bssl_rsa_key);
	if (!is_valid_key.ok()) {
	return is_valid_key;
	}

	const BIGNUM n_bn, e_bn, *d_bn;
	RSA_get0_key(bssl_rsa_key, &n_bn, &e_bn, &d_bn);

	// Save exponents.
	auto rsa_private_key = absl::make_unique<internal::RsaPrivateKey>();
	auto n_str = internal::BignumToString(n_bn, BN_num_bytes(n_bn));
	auto e_str = internal::BignumToString(e_bn, BN_num_bytes(e_bn));
	auto d_str = internal::BignumToSecretData(d_bn, BN_num_bytes(d_bn));
	if (!n_str.ok()) {
	return n_str.status();
	}
	if (!e_str.ok()) {
	return e_str.status();
	}
	if (!d_str.ok()) {
	return d_str.status();
	}
	rsa_private_key->n = *std::move(n_str);
	rsa_private_key->e = *std::move(e_str);
	rsa_private_key->d = *std::move(d_str);

	// Save factors.
	const BIGNUM p_bn, q_bn;
	RSA_get0_factors(bssl_rsa_key, &p_bn, &q_bn);
	auto p_str = internal::BignumToSecretData(p_bn, BN_num_bytes(p_bn));
	auto q_str = internal::BignumToSecretData(q_bn, BN_num_bytes(q_bn));
	if (!p_str.ok()) {
	return p_str.status();
	}
	if (!q_str.ok()) {
	return q_str.status();
	}
	rsa_private_key->p = *std::move(p_str);
	rsa_private_key->q = *std::move(q_str);

	// Save CRT parameters.
	const BIGNUM dp_bn, dq_bn, *crt_bn;
	RSA_get0_crt_params(bssl_rsa_key, &dp_bn, &dq_bn, &crt_bn);
	auto dp_str = internal::BignumToSecretData(dp_bn, BN_num_bytes(dp_bn));
	auto dq_str = internal::BignumToSecretData(dq_bn, BN_num_bytes(dq_bn));
	auto crt_str = internal::BignumToSecretData(crt_bn, BN_num_bytes(crt_bn));
	if (!dp_str.ok()) {
	return dp_str.status();
	}
	if (!dq_str.ok()) {
	return dq_str.status();
	}
	if (!crt_str.ok()) {
	return crt_str.status();
	}
	rsa_private_key->dp = *std::move(dp_str);
	rsa_private_key->dq = *std::move(dq_str);
	rsa_private_key->crt = *std::move(crt_str);

	return std::move(rsa_private_key);
	}

	util::StatusOr<std::string> PemParser::WriteRsaPublicKey(
	const internal::RsaPublicKey& rsa_public_key) {
	auto rsa_statusor = internal::RsaPublicKeyToRsa(rsa_public_key);
	if (!rsa_statusor.ok()) {
	return rsa_statusor.status();
	}

	internal::SslUniquePtr<RSA> rsa = *std::move(rsa_statusor);
	internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
	if (!PEM_write_bio_RSA_PUBKEY(bio.get(), rsa.get())) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to write openssl RSA key to write bio");
	}
	return ConvertBioToString(bio.get());
	}

	util::StatusOr<std::string> PemParser::WriteRsaPrivateKey(
	const internal::RsaPrivateKey& rsa_private_key) {
	auto rsa_statusor = internal::RsaPrivateKeyToRsa(rsa_private_key);
	if (!rsa_statusor.ok()) {
	return rsa_statusor.status();
	}

	internal::SslUniquePtr<RSA> rsa = *std::move(rsa_statusor);
	internal::SslUniquePtr<EVP_PKEY> evp(EVP_PKEY_new());
	EVP_PKEY_set1_RSA(evp.get(), rsa.get());

	internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
	if (!PEM_write_bio_PrivateKey(bio.get(), evp.get(),
	/enc=/nullptr, /kstr=/nullptr,
	/klen=/0,
	/cb=/nullptr, /u=/nullptr)) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to write openssl RSA key to write bio");
	}
	return ConvertBioToString(bio.get());
	}

	util::StatusOr<std::unique_ptr<SubtleUtilBoringSSL::EcKey>>
	PemParser::ParseEcPublicKey(absl::string_view pem_serialized_key) {
	// Read the ECDSA key into EVP_PKEY.
	internal::SslUniquePtr<BIO> ecdsa_key_bio(BIO_new(BIO_s_mem()));
	BIO_write(ecdsa_key_bio.get(), pem_serialized_key.data(),
	pem_serialized_key.size());

	internal::SslUniquePtr<EVP_PKEY> evp_ecdsa_key(
	PEM_read_bio_PUBKEY(ecdsa_key_bio.get(), /x=/nullptr,
	&FailingPassphraseCallback, /u=/nullptr));

	if (evp_ecdsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"PEM Public Key parsing failed");
	}
	// No need to free bssl_ecdsa_key after use.
	EC_KEY* bssl_ecdsa_key = EVP_PKEY_get0_EC_KEY(evp_ecdsa_key.get());
	auto is_valid = VerifyEcdsaKey(bssl_ecdsa_key);
	if (!is_valid.ok()) {
	return is_valid;
	}

	// Get the public key parameters.
	const EC_POINT* public_point = EC_KEY_get0_public_key(bssl_ecdsa_key);
	const EC_GROUP* ec_group = EC_KEY_get0_group(bssl_ecdsa_key);
	internal::SslUniquePtr<BIGNUM> x_coordinate(BN_new());
	internal::SslUniquePtr<BIGNUM> y_coordinate(BN_new());
	EC_POINT_get_affine_coordinates(ec_group, public_point, x_coordinate.get(),
	y_coordinate.get(), nullptr);

	// Convert public key parameters and construct Subtle ECKey
	util::StatusOr<std::string> x_string = internal::BignumToString(
	x_coordinate.get(), FieldElementSizeInBytes(ec_group));
	if (!x_string.ok()) {
	return x_string.status();
	}
	util::StatusOr<std::string> y_string = internal::BignumToString(
	y_coordinate.get(), FieldElementSizeInBytes(ec_group));
	if (!y_string.ok()) {
	return y_string.status();
	}
	util::StatusOr<EllipticCurveType> curve =
	internal::CurveTypeFromEcGroup(ec_group);
	if (!curve.ok()) {
	return curve.status();
	}

	auto ecdsa_public_key = absl::make_unique<SubtleUtilBoringSSL::EcKey>();
	ecdsa_public_key->pub_x = *std::move(x_string);
	ecdsa_public_key->pub_y = *std::move(y_string);
	ecdsa_public_key->curve = *std::move(curve);

	return std::move(ecdsa_public_key);
	}

	util::StatusOr<std::unique_ptr<SubtleUtilBoringSSL::EcKey>>
	PemParser::ParseEcPrivateKey(absl::string_view pem_serialized_key) {
	internal::SslUniquePtr<BIO> ecdsa_key_bio(BIO_new(BIO_s_mem()));
	BIO_write(ecdsa_key_bio.get(), pem_serialized_key.data(),
	pem_serialized_key.size());

	internal::SslUniquePtr<EVP_PKEY> evp_ecdsa_key(
	PEM_read_bio_PrivateKey(ecdsa_key_bio.get(), /x=/nullptr,
	&FailingPassphraseCallback, /u=/nullptr));

	if (evp_ecdsa_key == nullptr) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"PEM Private Key parsing failed");
	}

	// No need to free bssl_ecdsa_key after use.
	EC_KEY* bssl_ecdsa_key = EVP_PKEY_get0_EC_KEY(evp_ecdsa_key.get());
	util::Status verify_result = VerifyEcdsaKey(bssl_ecdsa_key);
	if (!verify_result.ok()) {
	return verify_result;
	}

	internal::SslUniquePtr<BIGNUM> x_coordinate(BN_new());
	internal::SslUniquePtr<BIGNUM> y_coordinate(BN_new());
	const EC_POINT* public_point = EC_KEY_get0_public_key(bssl_ecdsa_key);
	const EC_GROUP* ec_group = EC_KEY_get0_group(bssl_ecdsa_key);
	EC_POINT_get_affine_coordinates(ec_group, public_point, x_coordinate.get(),
	y_coordinate.get(), nullptr);

	const BIGNUM* priv_key = EC_KEY_get0_private_key(bssl_ecdsa_key);
	util::StatusOr<util::SecretData> priv =
	internal::BignumToSecretData(priv_key, ScalarSizeInBytes(ec_group));
	if (!priv.ok()) {
	return priv.status();
	}
	util::StatusOr<std::string> x_string = internal::BignumToString(
	x_coordinate.get(), FieldElementSizeInBytes(ec_group));
	if (!x_string.ok()) {
	return x_string.status();
	}
	util::StatusOr<std::string> y_string = internal::BignumToString(
	y_coordinate.get(), FieldElementSizeInBytes(ec_group));
	if (!y_string.ok()) {
	return y_string.status();
	}
	util::StatusOr<EllipticCurveType> curve =
	internal::CurveTypeFromEcGroup(ec_group);
	if (!curve.ok()) {
	return curve.status();
	}

	auto ecdsa_private_key = absl::make_unique<SubtleUtilBoringSSL::EcKey>();
	ecdsa_private_key->pub_x = *std::move(x_string);
	ecdsa_private_key->pub_y = *std::move(y_string);
	ecdsa_private_key->priv = *std::move(priv);
	ecdsa_private_key->curve = *std::move(curve);

	return std::move(ecdsa_private_key);
	}

	util::StatusOr<std::string> PemParser::WriteEcPublicKey(
	const SubtleUtilBoringSSL::EcKey& ec_key) {
	internal::SslUniquePtr<EC_KEY> openssl_ec_key(EC_KEY_new());
	util::Status status = EcKeyToSslEcPublicKey(ec_key, openssl_ec_key.get());
	if (!status.ok()) {
	return status;
	}
	internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
	if (!PEM_write_bio_EC_PUBKEY(bio.get(), openssl_ec_key.get())) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to write openssl EC key to write bio");
	}
	return ConvertBioToString(bio.get());
	}

	util::StatusOr<std::string> PemParser::WriteEcPrivateKey(
	const SubtleUtilBoringSSL::EcKey& ec_key) {
	internal::SslUniquePtr<EC_KEY> openssl_ec_key(EC_KEY_new());
	util::Status status = EcKeyToSslEcPrivateKey(ec_key, openssl_ec_key.get());
	if (!status.ok()) {
	return status;
	}
	internal::SslUniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
	if (!PEM_write_bio_ECPrivateKey(bio.get(), openssl_ec_key.get(),
	/enc=/nullptr, /kstr=/nullptr, /klen=/0,
	/cb=/nullptr, /u=/nullptr)) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Failed to write openssl EC key to write bio");
	}
	return ConvertBioToString(bio.get());
	}

	} // namespace subtle
	} // namespace tink
	} // namespace crypto