Cut half of the cookie, the HMAC is enough

3 files changed, 20 insertions, 19 deletions

diff --git a/README.md b/README.md
index 7dd075f..85fdfb8 100644
--- a/README.md
+++ b/README.md
@@ -62,9 +62,9 @@ Otherwise, the client is presented with a challenge, which asks them to find
 a nonce that, when appended to the identifier, results in a SHA-256 hash that
 begins with a certain number of zero bits. The client must solve the challenge
 and submit it through an HTML form, which is then validated by the proxy. If
-validation passes, the client is issued a cookie containing their identifier
-and its HMAC, and is redirected to request the page again, this time with the
-necessary cookie to pass the validation.
+validation passes, the client is issued a cookie containing their identifier's
+HMAC, and is redirected to request the page again, this time with the necessary
+cookie to pass the validation.
 
 JavaScript is provided to automatically solve the challenge without user
 interaction. Clients that do not run JavaScript need to solve the challenge
diff --git a/main.go b/main.go
index 4844f48..f5cf141 100644
--- a/main.go
+++ b/main.go
@@ -31,16 +31,16 @@ func main() {
 			}
 		}
 
-		expectedToken := makeSignedToken(request)
+		identifier, expectedMAC := makeSignedToken(request)
 
-		if validateCookie(cookie, expectedToken) {
+		if validateCookie(cookie, expectedMAC) {
 			proxyRequest(writer, request)
 			return
 		}
 
 		authPage := func(message string) {
 			_ = tmpl.Execute(writer, tparams{
-				UnsignedTokenBase64: base64.StdEncoding.EncodeToString(expectedToken[:sha256.Size]),
+				UnsignedTokenBase64: base64.StdEncoding.EncodeToString(identifier),
 				Message:             message,
 				Global:              global,
 			})
@@ -72,7 +72,7 @@ func main() {
 		}
 
 		h := sha256.New()
-		h.Write(expectedToken[:sha256.Size])
+		h.Write(identifier)
 		h.Write(nonce)
 		ck := h.Sum(nil)
 		if !validateBitZeros(ck, global.NeedBits) {
@@ -82,14 +82,14 @@ func main() {
 
 		http.SetCookie(writer, &http.Cookie{
 			Name:  "powxy",
-			Value: base64.StdEncoding.EncodeToString(expectedToken),
+			Value: base64.StdEncoding.EncodeToString(expectedMAC),
 		})
 
 		http.Redirect(writer, request, "", http.StatusSeeOther)
 	})))
 }
 
-func validateCookie(cookie *http.Cookie, expectedToken []byte) bool {
+func validateCookie(cookie *http.Cookie, expectedMAC []byte) bool {
 	if cookie == nil {
 		return false
 	}
@@ -99,7 +99,7 @@ func validateCookie(cookie *http.Cookie, expectedToken []byte) bool {
 		return false
 	}
 
-	return subtle.ConstantTimeCompare(gotToken, expectedToken) == 1
+	return subtle.ConstantTimeCompare(gotToken, expectedMAC) == 1
 }
 
 func getRemoteIP(request *http.Request) (remoteIP string) {
diff --git a/token.go b/token.go
index f704383..7e2d445 100644
--- a/token.go
+++ b/token.go
@@ -11,8 +11,9 @@ import (
 	"time"
 )
 
-func makeSignedToken(request *http.Request) []byte {
-	buf := make([]byte, 0, 2*sha256.Size)
+func makeSignedToken(request *http.Request) (identifier []byte, mac []byte) {
+	identifier = make([]byte, 0, sha256.Size)
+	mac = make([]byte, 0, sha256.Size)
 
 	timeBuf := make([]byte, binary.MaxVarintLen64)
 	binary.PutVarint(timeBuf, time.Now().Unix()/604800)
@@ -26,17 +27,17 @@ func makeSignedToken(request *http.Request) []byte {
 	h.Write(stringToBytes(request.Header.Get("Accept-Encoding")))
 	h.Write(stringToBytes(request.Header.Get("Accept-Language")))
 	h.Write(privkeyHash)
-	buf = h.Sum(buf)
-	if len(buf) != sha256.Size {
+	identifier = h.Sum(identifier)
+	if len(identifier) != sha256.Size {
 		panic("unexpected buffer length after hashing contents")
 	}
 
-	mac := hmac.New(sha256.New, privkey)
-	mac.Write(buf)
-	buf = mac.Sum(buf)
-	if len(buf) != 2*sha256.Size {
+	m := hmac.New(sha256.New, privkey)
+	m.Write(identifier)
+	mac = m.Sum(mac)
+	if len(mac) != sha256.Size {
 		panic("unexpected buffer length after hmac")
 	}
 
-	return buf
+	return
 }