Add hostkey checking (#22)

CypherpunkArmory · May 29, 2019 · 08eabe3 · 08eabe3
1 parent 9d291f1
commit 08eabe3
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 8 deletions.
diff --git a/tunnel/dns_host_key.go b/tunnel/dns_host_key.go
@@ -0,0 +1,43 @@
+package tunnel
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"net"
+	"strings"
+
+	"golang.org/x/crypto/ssh"
+)
+
+var errNoHostKeyFound = fmt.Errorf("sshfp: no host key found")
+
+func dnsHostKeyCallback(hostname string, remote net.Addr, key ssh.PublicKey) error {
+	txtrecords, err := net.LookupTXT("api.holepunch.io")
+	if err != nil {
+		return err
+	}
+	// SHA256 checksum of key
+	// TODO should also support other algos
+	keyFpSHA256 := sha256.Sum256(key.Marshal())
+	// TODO very naive way to validate, we should match on key type and algo
+	//      and don't brute force check
+	for _, entry := range txtrecords {
+		sshfp := strings.Split(entry, " ")
+		if len(sshfp) != 3 {
+			continue
+		}
+		fingerPrint := sshfp[2]
+		fp, err := hex.DecodeString(fingerPrint)
+		if err != nil {
+			continue
+		}
+
+		if bytes.Equal(fp, keyFpSHA256[:]) {
+			return nil
+		}
+	}
+
+	return errNoHostKeyFound
+}
diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go
@@ -156,20 +156,22 @@ func createTunnel(tunnelConfig *Config, semaphore *Semaphore) (net.Listener, err
 	if err != nil {
 		return listener, err
 	}
-
-	sshConfig := &ssh.ClientConfig{
+	hostKeyCallBack := dnsHostKeyCallback
+	if tunnelConfig.ConnectionEndpoint.Hostname() != "api.holepunch.io" {
+		fmt.Println("Ignoring hostkey")
+		hostKeyCallBack = ssh.InsecureIgnoreHostKey()
+	}
+	sshJumpConfig := &ssh.ClientConfig{
 		User: "punch",
 		Auth: []ssh.AuthMethod{
-			privateKey,
 			ssh.Password(""),
 		},
-		//TODO: Maybe fix this. Will be rotating so dont know if possible
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		HostKeyCallback: hostKeyCallBack,
 		Timeout:         0,
 	}
 
 	log.Debugf("Dial into Jump Server %s", jumpServerEndpoint.String())
-	jumpConn, err := ssh.Dial("tcp", jumpServerEndpoint.String(), sshConfig)
+	jumpConn, err := ssh.Dial("tcp", jumpServerEndpoint.String(), sshJumpConfig)
 
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error contacting the Holepunch Server.")
@@ -193,8 +195,16 @@ func createTunnel(tunnelConfig *Config, semaphore *Semaphore) (net.Listener, err
 		log.Debugf("Backoff Tick %s", wait.String())
 		time.Sleep(wait)
 	}
-
-	ncc, chans, reqs, err := ssh.NewClientConn(serverConn, serverEndpoint.String(), sshConfig)
+	sshTunnelConfig := &ssh.ClientConfig{
+		User: "punch",
+		Auth: []ssh.AuthMethod{
+			privateKey,
+		},
+		//TODO: Maybe fix this. Will be rotating so dont know if possible
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		Timeout:         0,
+	}
+	ncc, chans, reqs, err := ssh.NewClientConn(serverConn, serverEndpoint.String(), sshTunnelConfig)
 	if err != nil {
 		return listener, err
 	}