Library allows too-large path indices

[jamesob]

This library allows derivation of unhardened path indices that are greater than 2**31 - 1.

For example:

b = bip32.BIP32.from_seed(b'00000000000000000000000000000000')
b.get_privkey_from_path(f'm/{2**31}')
# returns b'\xa5\xfbs\x87\x1e}\xda\xec\xc2\x9a\xb6\xd0h\xe3\x08e>\x1d\x87\x02Q\x97\xeb\x11\x12\xb3\xccI\xd0W\x95-'

While the BIP32 spec is not very clear about this, the Core implementation (https://github.com/bitcoin/bitcoin/blob/1172bc4157eefe80d1aaf0b56459857ec651e535/src/util/bip32.cpp) will specifically error if an unhardened path component that large is passed.

Found while cross-implementation fuzzing for https://github.com/jamesob/cbip32.

[darosior]

Technically there no "too large indices", those are just the hardened indices. This would fail if the BIP32 object is created from a public key. I think i did this on purpose since i saw no reason to prevent users from deriving hardened indices from the raw index number. Thanks for pointing the difference in behavior with the Core wallet.