From d28c6f2a33d76cc5246f046d49b3fe03e57ff1d3 Mon Sep 17 00:00:00 2001
From: tigeryu8900 <tigeryu8900@gmail.com>
Date: Wed, 19 Jun 2024 10:01:35 -0700
Subject: [PATCH 1/2] use KDFRounds from AuthenticatorToken

---
 crypto.go  | 3 +--
 objects.go | 4 +++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto.go b/crypto.go
index 4f0d0c6..30611b6 100644
--- a/crypto.go
+++ b/crypto.go
@@ -24,7 +24,6 @@ import (
 const (
 	totpTimeStep = 10
 	totpDigits   = 7
-	kdfRounds    = 1e3
 	kdfKeyLen    = 256
 )
 
@@ -86,7 +85,7 @@ func generateTOTP(secret []byte, t time.Time, digits int, timeStep int64) (strin
 	return fmt.Sprintf(f, mod), nil
 }
 
-func decryptToken(encryptedSeedB64, salt, passphrase string) (string, error) {
+func decryptToken(kdfRounds int, encryptedSeedB64, salt, passphrase string) (string, error) {
 	encryptedSeed, err := base64.StdEncoding.DecodeString(encryptedSeedB64)
 	if err != nil {
 		return "", fmt.Errorf("Error decoding encrypted seed: %v", err)
diff --git a/objects.go b/objects.go
index 1b22f44..b237efd 100644
--- a/objects.go
+++ b/objects.go
@@ -154,6 +154,8 @@ type AuthenticatorToken struct {
 	// The encrypted TOTP seed
 	EncryptedSeed string `json:"encrypted_seed"`
 
+	KDFRounds int `json:"key_derivation_iterations"`
+
 	// User-nominated name for the token
 	Name string `json:"name"`
 
@@ -173,7 +175,7 @@ type AuthenticatorToken struct {
 // Decrypt returns the base32-encoded seed for this TOTP token, decrypted
 // by passphrase.
 func (t AuthenticatorToken) Decrypt(passphrase string) (string, error) {
-	secret, err := decryptToken(t.EncryptedSeed, t.Salt, passphrase)
+	secret, err := decryptToken(t.KDFRounds, t.EncryptedSeed, t.Salt, passphrase)
 	if err != nil {
 		return "", err
 	}

From e6ee1ae2f1b9bac5462323ed6e55a337e415d1c7 Mon Sep 17 00:00:00 2001
From: tigeryu8900 <tigeryu8900@gmail.com>
Date: Wed, 19 Jun 2024 10:09:59 -0700
Subject: [PATCH 2/2] add comment for KDFRounds

---
 objects.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/objects.go b/objects.go
index b237efd..a0979e4 100644
--- a/objects.go
+++ b/objects.go
@@ -154,6 +154,7 @@ type AuthenticatorToken struct {
 	// The encrypted TOTP seed
 	EncryptedSeed string `json:"encrypted_seed"`
 
+	// The number of rounds for password-based key derivation
 	KDFRounds int `json:"key_derivation_iterations"`
 
 	// User-nominated name for the token