Fix error codes

src/ctap/apdu.rs

@@ -26,6 +26,7 @@ pub enum ApduStatusCode {
     /// Command successfully executed; 'XX' bytes of data are
     /// available and can be requested using GET RESPONSE.
     SW_GET_RESPONSE = 0x61_00,
+    SW_MEMERR = 0x65_01,
     SW_WRONG_DATA = 0x6a_80,
     SW_WRONG_LENGTH = 0x67_00,
     SW_COND_USE_NOT_SATISFIED = 0x69_85,
@@ -177,10 +178,7 @@ impl TryFrom<&[u8]> for APDU {
             let extended_apdu_le_len: usize = payload
                 .len()
                 .checked_sub(extended_apdu_lc + 3)
-                .unwrap_or(0xff);
+                .ok_or(ApduStatusCode::SW_WRONG_LENGTH)?;
-            if extended_apdu_le_len > 3 {
-                return Err(ApduStatusCode::SW_WRONG_LENGTH);
-            }
 
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian

src/ctap/ctap1.rs

@@ -227,7 +227,7 @@ impl Ctap1Command {
             U2fCommand::Version => Ok(Vec::<u8>::from(super::U2F_VERSION_STRING)),
 
             // TODO: should we return an error instead such as SW_INS_NOT_SUPPORTED?
-            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION),
+            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_SUCCESS),
         }
     }
 
@@ -258,13 +258,13 @@ impl Ctap1Command {
             .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
-            return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
+            return Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION);
         }
 
         let certificate = ctap_state
             .persistent_store
             .attestation_certificate()
-            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
+            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
             .ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         let private_key = ctap_state
             .persistent_store
@@ -332,7 +332,7 @@ impl Ctap1Command {
                 .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
             let mut signature_data = ctap_state
                 .generate_auth_data(&application, Ctap1Command::USER_PRESENCE_INDICATOR_BYTE)
-                .map_err(|_| Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED)?;
+                .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
             signature_data.extend(&challenge);
             let signature = credential_source
                 .private_key
@@ -542,7 +542,7 @@ mod test {
 
         message.push(0x00);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
     }
 
     #[test]

src/ctap/hid/mod.rs

@@ -417,7 +417,7 @@ impl CtapHid {
     #[cfg(feature = "with_ctap1")]
     fn ctap1_success_message(cid: ChannelID, payload: &[u8]) -> HidPacketIterator {
         let mut response = payload.to_vec();
-        let code: u16 = ctap1::Ctap1StatusCode::SW_INTERNAL_EXCEPTION.into();
+        let code: u16 = ctap1::Ctap1StatusCode::SW_SUCCESS.into();
         response.extend_from_slice(&code.to_be_bytes());
         CtapHid::split_message(Message {
             cid,