wisegate-core 0.12.0

Core library for WiseGate reverse proxy - rate limiting, IP filtering, and request handling
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251

//! Native password hash verification for Apache htpasswd formats.
//!
//! Supported formats:
//! - bcrypt ($2y$, $2a$, $2b$)
//! - APR1 MD5 ($apr1$)
//! - SHA1 ({SHA})
//! - Plain text (fallback)

use base64::{Engine, engine::general_purpose::STANDARD};
use md5::{Digest, Md5};
use sha1::Sha1;

/// Verifies a password against a stored hash.
/// Automatically detects the hash format and uses the appropriate algorithm.
pub fn verify(password: &str, hash: &str) -> bool {
    if hash.starts_with("$2y$") || hash.starts_with("$2a$") || hash.starts_with("$2b$") {
        verify_bcrypt(password, hash)
    } else if hash.starts_with("$apr1$") {
        verify_apr1(password, hash)
    } else if hash.starts_with("{SHA}") {
        verify_sha1(password, hash)
    } else {
        // Plain text comparison using constant-time comparison
        constant_time_eq(password.as_bytes(), hash.as_bytes())
    }
}

/// Constant-time byte comparison to prevent timing attacks.
/// Does not leak length information through timing.
pub fn constant_time_eq(a: &[u8], b: &[u8]) -> bool {
    let len_eq = a.len() == b.len();
    let max_len = a.len().max(b.len());
    let mut result = 0u8;

    for i in 0..max_len {
        let x = a.get(i).copied().unwrap_or(0);
        let y = b.get(i).copied().unwrap_or(0);
        result |= x ^ y;
    }

    len_eq && result == 0
}

/// Verifies a password against a bcrypt hash.
fn verify_bcrypt(password: &str, hash: &str) -> bool {
    bcrypt::verify(password, hash).unwrap_or(false)
}

/// Verifies a password against a SHA1 hash ({SHA} prefix, Base64-encoded).
fn verify_sha1(password: &str, hash: &str) -> bool {
    let Some(encoded) = hash.strip_prefix("{SHA}") else {
        return false;
    };

    let Ok(stored_digest) = STANDARD.decode(encoded) else {
        return false;
    };

    let computed_digest = Sha1::digest(password.as_bytes());
    constant_time_eq(computed_digest.as_slice(), &stored_digest)
}

/// Verifies a password against an APR1 MD5 hash ($apr1$ prefix).
/// Implements Apache's modified MD5-crypt algorithm.
fn verify_apr1(password: &str, hash: &str) -> bool {
    let Some(rest) = hash.strip_prefix("$apr1$") else {
        return false;
    };

    let Some((salt, _)) = rest.split_once('$') else {
        return false;
    };

    let computed = apr1_hash(password, salt);
    constant_time_eq(computed.as_bytes(), hash.as_bytes())
}

/// Computes an APR1 MD5 hash for a password with the given salt.
/// Based on Apache's apr_md5.c implementation.
fn apr1_hash(password: &str, salt: &str) -> String {
    let password = password.as_bytes();
    let salt = salt.as_bytes();

    // Initial hash: password + $apr1$ + salt
    let mut ctx = Md5::new();
    ctx.update(password);
    ctx.update(b"$apr1$");
    ctx.update(salt);

    // Alternate hash: password + salt + password
    let mut ctx1 = Md5::new();
    ctx1.update(password);
    ctx1.update(salt);
    ctx1.update(password);
    let fin = ctx1.finalize();

    // Add alternate hash bytes based on password length
    let mut pl = password.len();
    let mut i = 0;
    while pl > 0 {
        let len = if pl > 16 { 16 } else { pl };
        ctx.update(&fin[i..i + len]);
        pl -= len;
        i += len;
        if i >= 16 {
            i = 0;
        }
    }

    // Add null or first password char based on password length bits
    let mut pl = password.len();
    while pl > 0 {
        if pl & 1 != 0 {
            ctx.update([0u8]);
        } else {
            ctx.update(&password[0..1]);
        }
        pl >>= 1;
    }

    let mut fin = ctx.finalize();

    // 1000 rounds of MD5
    for i in 0..1000 {
        let mut ctx1 = Md5::new();

        if i & 1 != 0 {
            ctx1.update(password);
        } else {
            ctx1.update(fin.as_slice());
        }

        if i % 3 != 0 {
            ctx1.update(salt);
        }

        if i % 7 != 0 {
            ctx1.update(password);
        }

        if i & 1 != 0 {
            ctx1.update(fin.as_slice());
        } else {
            ctx1.update(password);
        }

        fin = ctx1.finalize();
    }

    // Convert GenericArray to fixed-size array for encoding
    let fin_arr: [u8; 16] = fin.into();
    let encoded = apr1_encode(&fin_arr);
    format!(
        "$apr1${salt}${encoded}",
        salt = std::str::from_utf8(salt).unwrap_or("")
    )
}

/// Custom Base64 encoding for APR1 MD5 hashes.
/// Uses a different alphabet and byte ordering than standard Base64.
fn apr1_encode(digest: &[u8; 16]) -> String {
    const ITOA64: &[u8] = b"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

    let mut result = String::with_capacity(22);

    // APR1 uses a specific byte ordering for the final encoding
    let encode_triple = |a: u8, b: u8, c: u8| -> [char; 4] {
        let v = (u32::from(a) << 16) | (u32::from(b) << 8) | u32::from(c);
        [
            ITOA64[(v & 0x3f) as usize] as char,
            ITOA64[((v >> 6) & 0x3f) as usize] as char,
            ITOA64[((v >> 12) & 0x3f) as usize] as char,
            ITOA64[((v >> 18) & 0x3f) as usize] as char,
        ]
    };

    // Encode in the specific APR1 byte order
    for chars in encode_triple(digest[0], digest[6], digest[12]) {
        result.push(chars);
    }
    for chars in encode_triple(digest[1], digest[7], digest[13]) {
        result.push(chars);
    }
    for chars in encode_triple(digest[2], digest[8], digest[14]) {
        result.push(chars);
    }
    for chars in encode_triple(digest[3], digest[9], digest[15]) {
        result.push(chars);
    }
    for chars in encode_triple(digest[4], digest[10], digest[5]) {
        result.push(chars);
    }

    // Last byte only needs 2 characters
    let v = u32::from(digest[11]);
    result.push(ITOA64[(v & 0x3f) as usize] as char);
    result.push(ITOA64[((v >> 6) & 0x3f) as usize] as char);

    result
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_verify_plain_text() {
        assert!(verify("secret", "secret"));
        assert!(!verify("secret", "wrong"));
    }

    #[test]
    fn test_verify_sha1_password() {
        // "password" hashed with SHA1: echo -n "password" | openssl dgst -sha1 -binary | base64
        let hash = "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=";
        assert!(verify("password", hash));
        assert!(!verify("wrong", hash));
    }

    #[test]
    fn test_verify_bcrypt_password() {
        // "password" hashed with bcrypt (cost 5)
        let hash = "$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe";
        assert!(verify("password", hash));
        assert!(!verify("wrong", hash));
    }

    #[test]
    fn test_verify_apr1_password() {
        // "password" hashed with apr1: htpasswd -nbm user password
        let hash = "$apr1$lZL6V/ci$eIMz/iKDkbtys/uU7LEK00";
        assert!(verify("password", hash));
        assert!(!verify("wrong", hash));
    }

    #[test]
    fn test_apr1_known_hash() {
        // Test against a known APR1 hash
        let computed = apr1_hash("password", "lZL6V/ci");
        assert_eq!(computed, "$apr1$lZL6V/ci$eIMz/iKDkbtys/uU7LEK00");
    }

    #[test]
    fn test_constant_time_eq() {
        assert!(constant_time_eq(b"hello", b"hello"));
        assert!(!constant_time_eq(b"hello", b"world"));
        assert!(!constant_time_eq(b"hello", b"hell"));
        assert!(!constant_time_eq(b"", b"a"));
        assert!(constant_time_eq(b"", b""));
    }
}