Validate that new index is within bounds

Author: Mrtenz

src/constants.ts

@@ -3,6 +3,8 @@ export const BYTES_KEY_LENGTH = 32;
 export const MIN_BIP_44_DEPTH = 0;
 export const MAX_BIP_44_DEPTH = 5;
 
+export const MAX_BIP_32_INDEX = 0xffffffff;
+
 export type MinBIP44Depth = typeof MIN_BIP_44_DEPTH;
 export type MaxBIP44Depth = typeof MAX_BIP_44_DEPTH;
 export type BIP44Depth = MinBIP44Depth | 1 | 2 | 3 | 4 | MaxBIP44Depth;

src/derivers/bip32.ts

@@ -16,6 +16,7 @@ import { SLIP10Node } from '../SLIP10Node';
 import {
   isValidBytesKey,
   numberToUint32,
+  validateBIP32Index,
   validateSpecification,
 } from '../utils';
 
@@ -242,6 +243,8 @@ async function derivePrivateChildKey({
 
     switch (specification) {
       case 'bip32': {
+        validateBIP32Index(childIndex + 1);
+
         const secretExtension = await deriveSecretExtension({
           privateKey,
           childIndex: childIndex + 1,
@@ -371,6 +374,8 @@ async function derivePublicChildKey({
 
     switch (specification) {
       case 'bip32': {
+        validateBIP32Index(childIndex + 1);
+
         // As per BIP-32, if the resulting key is invalid, the key is generated
         // from the next child index instead.
         return await derivePublicChildKey({

src/utils.ts

@@ -16,6 +16,7 @@ import {
   CoinTypeHDPathString,
   CoinTypeToAddressTuple,
   HardenedBIP32Node,
+  MAX_BIP_32_INDEX,
   UnhardenedBIP32Node,
 } from './constants';
 import { curves, SupportedCurve } from './curves';
@@ -172,7 +173,7 @@ export function validateBIP32Index(addressIndex: number) {
  * @returns Whether the index is a non-negative integer number.
  */
 export function isValidBIP32Index(index: number): boolean {
-  return isValidInteger(index);
+  return isValidInteger(index) && index <= MAX_BIP_32_INDEX;
 }
 
 /**