fix: Phase 7 — key zeroization, OsRng, checked arithmetic, TOTP rate limits

- SecretsManager: raw key stored in Zeroizing<[u8; 32]>, auto-zeroed on drop
- SecretsManager: replaced thread_rng with OsRng (CSPRNG) for nonces
- Remember-me secret: derived from machine-id via SHA-256 (deterministic, no
  plaintext key storage)
- Bitcoin ecash balance: uses checked_add with u64::MAX saturation on overflow
- TOTP setup/confirm: added to EndpointRateLimiter (3 and 5 per 5min)
- AppId validation and Tor service name validation already existed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-18 01:00:57 +00:00
parent 022e7e484a
commit 36a33f3575
5 changed files with 37 additions and 16 deletions

View File

@@ -61,7 +61,10 @@ pub struct WalletState {
impl WalletState {
/// Total balance of unspent tokens.
pub fn balance(&self) -> u64 {
self.tokens.iter().filter(|t| !t.spent).map(|t| t.amount_sats).sum()
self.tokens.iter()
.filter(|t| !t.spent)
.try_fold(0u64, |acc, t| acc.checked_add(t.amount_sats))
.unwrap_or(u64::MAX)
}
}