Fix for some TPM hardware, which does not support RSA validating usin…

…g an exponent value less than 7. Can skip check using build option `WOLFTPM_NO_SOFTWARE_RSA`. Fix for the `wolfSSL_Connect` return code check in TLS client example.

README.md

@@ -101,11 +101,12 @@ make
 
 ## Release Notes
 
-### wolfTPM Release 1.3 (07/19/2018)
+### wolfTPM Release 1.3 (07/20/2018)
 
 * Fixed the TIS TPM_BASE_ADDRESS to conform to specification. (PR #19)
 * Fixed static analysis warnings. (PR #20)
 * Fixed minor build warnings with different compilers. (PR #21)
+* Fixed TPM failure for RSA exponents less than 7 by using software based RSA. (PR #23)
 * Added TPM bechmarking support. (PR #16)
 * Added functions to import/export public keys as wolf format. (PR #15)
 * Added PKCS7 example to show sign/verify with TPM. (PR #17)

examples/tls/tls_client.c

@@ -442,7 +442,7 @@ int TPM2_TLS_Client(void* userCtx)
             rc = wolfSSL_get_error(ssl, 0);
         }
     } while (rc == WOLFSSL_ERROR_WANT_READ || rc == WOLFSSL_ERROR_WANT_WRITE);
-    if (rc != 0) {
+    if (rc != WOLFSSL_SUCCESS) {
         goto exit;
     }
 

src/tpm2_wrap.c

@@ -338,6 +338,17 @@ int wolfTPM2_LoadRsaPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
     if (rsaPubSz > sizeof(pub.publicArea.unique.rsa.buffer))
         return BUFFER_E;
 
+    /* To support TPM hardware and firmware versions that do not allow small exponents */
+#ifndef WOLFTPM_NO_SOFTWARE_RSA
+    /* The TPM reference implementation does not support an exponent size
+       smaller than 7 nor does it allow keys to be created on the TPM with a
+       public exponent less than 2^16 + 1. */
+    if (exponent < 7) {
+        printf("TPM based RSA with exponent %u not allowed! Using soft RSA\n", exponent);
+        return TPM_RC_KEY;
+    }
+#endif
+
     XMEMSET(&pub, 0, sizeof(pub));
     pub.publicArea.type = TPM_ALG_RSA;
     pub.publicArea.nameAlg = TPM_ALG_NULL;