Skip to content

Commit 153b07e

Browse files
refactor(pin): use icu_normalizer for PIN NFC normalization
1 parent 606fb14 commit 153b07e

4 files changed

Lines changed: 11 additions & 15 deletions

File tree

Cargo.lock

Lines changed: 1 addition & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

libwebauthn/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ base64-url = "3.0.0"
4949
dbus = "0.9.5"
5050
tracing = "0.1.29"
5151
idna = "1.0.3"
52-
unicode-normalization = "0.1"
52+
icu_normalizer = { version = "2", default-features = false, features = ["compiled_data"] }
5353
publicsuffix = "2.3"
5454
url = "2.5"
5555
http = "1"

libwebauthn/src/pin/mod.rs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,14 +21,14 @@ use cbc::cipher::{BlockEncryptMut, KeyIvInit};
2121
use cosey as cose;
2222
use hkdf::Hkdf;
2323
use hmac::Mac;
24+
use icu_normalizer::ComposingNormalizerBorrowed;
2425
use p256::{
2526
ecdh::EphemeralSecret, elliptic_curve::sec1::FromEncodedPoint, EncodedPoint,
2627
PublicKey as P256PublicKey,
2728
};
2829
use rand::{rngs::OsRng, thread_rng, Rng, SeedableRng};
2930
use sha2::{Digest, Sha256};
3031
use tracing::{error, instrument, warn};
31-
use unicode_normalization::UnicodeNormalization;
3232
use x509_parser::nom::AsBytes;
3333

3434
pub mod persistent_token;
@@ -519,7 +519,9 @@ pub(crate) mod internal {
519519
timeout: Duration,
520520
) -> Result<(), Error> {
521521
// CTAP 2.1 sends the PIN as UTF-8 in Unicode Normalization Form C.
522-
let new_pin = new_pin.nfc().collect::<String>();
522+
let new_pin = ComposingNormalizerBorrowed::new_nfc()
523+
.normalize(&new_pin)
524+
.into_owned();
523525

524526
// If the minPINLength member of the authenticatorGetInfo response is absent, then let platformMinPINLengthInCodePoints be 4.
525527
if new_pin.chars().count() < get_info_response.min_pin_length.unwrap_or(4) as usize {

libwebauthn/src/webauthn/pin_uv_auth_token.rs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
use std::sync::Arc;
22
use std::time::Duration;
33

4+
use icu_normalizer::ComposingNormalizerBorrowed;
45
use tracing::{debug, error, info, instrument, warn};
5-
use unicode_normalization::UnicodeNormalization;
66

77
use cosey::PublicKey;
88

@@ -579,7 +579,10 @@ where
579579
}
580580
};
581581
// CTAP 2.1 sends the PIN as UTF-8 in Unicode Normalization Form C.
582-
Ok(pin.nfc().collect::<String>().as_bytes().to_owned())
582+
Ok(ComposingNormalizerBorrowed::new_nfc()
583+
.normalize(&pin)
584+
.as_bytes()
585+
.to_owned())
583586
}
584587

585588
pub(crate) async fn try_to_set_pin<C>(

0 commit comments

Comments
 (0)