Add check for valid XLM master seed

Add a check to verify that the XLM master seed is a valid seed for key
derivation. Stellar Ecosystem Proposal 5 specifies (through BIP39 and
BIP32) that valid seeds are between 128 bit and 512 bit.

This fixes a bug when running the tests under latest node version
(12.16.1) where the function utils.js/deriveChildKey would accept an
invalid seed and derive child keys from this seed.

This fix has been tested to work under both node v6 (current
production version) and latest version (v12).

Author: Sword-Smith

app/utils.js

@@ -87,6 +87,16 @@ exports.sendMailQ = function(toEmail, subject, template, templateParams, attachm
   return sendMail(mailOptions);
 };
 
+/*
+ * Check if input is a valid seed input formatted as a hex string.
+ * Cf. the BIP32 specification, a valid seed is between 128 bits and 512 bits (both included),
+ * i.e. between 16 and 64 bytes.
+ * https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#master-key-generation
+ */
+function IsValidBip32Seed(input) {
+  return input.match(/^(([0-9a-f]{2}){16,64})$/);
+}
+
 /** deriveChildKey
  *
  * returns the derived key as a string
@@ -107,6 +117,12 @@ exports.deriveChildKey = function(master, derivationPath, type, neuter) {
 
     return childKey.toBase58();
   } else if (type === 'xlm') {
+
+    // Verify that input is a valid seed, cf. SEP05 (Stellar Ecosystem Proposals 5) which follows BIP39
+    // which is based on BIP32:
+    // https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0005.md
+    if (!IsValidBip32Seed(master)) { throw new Error(`Invalid seed. Got: ${master}`); }
+
     const masterNode = stellarHd.fromSeed(master);
     const childKey = stellar.Keypair.fromRawEd25519Seed(masterNode.derive(derivationPath));