private key – Key Derivation – CKDprv & CKDpub


I would like to replicate this derivation of keys.

Chain m
ext pub: xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8
ext prv: xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi

Chain m/0H              
ext pub: xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw
ext prv: xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7

Chain m/0H/1           
ext pub: xpub6ASuArnXKPbfEwhqN6e3mwBcDTgzisQN1wXN9BJcM47sSikHjJf3UFHKkNAWbWMiGj7Wf5uMash7SyYq527Hqck2AxYysAA7xmALppuCkwQ
ext prv: xprv9wTYmMFdV23N2TdNG573QoEsfRrWKQgWeibmLntzniatZvR9BmLnvSxqu53Kw1UmYPxLgboyZQaXwTCg8MSY3H2EU4pWcQDnRnrVA1xe8fs

I correctly derived the keys in 0h using the CKDprv function. Here are the steps:

xpriv in m:

0488ade4 xpriv
00 depth
00000000 parent fingerprint 
00000000 key index
873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508  Chain Code
00e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35  Key
e77e9d71 Checksum

CKDprv:
HMAC-SHA512 (873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508 (Parent's chain code); 00e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b3580000000 (Parent's Key + Child'index))

Result (64 bytes + 64 bytes):
04bfb2dd60fa8921c2a4085ec15507a921f49cdc839f27f0f280e9c1495d44b5
47fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141  (Child's Chain Code)

To find the child's key, I added the first 64 bytes with the parent's key

Now, for the next step, having a non-hardened index, I wanted to use CKDpub.

This is the parent's public key:

0488b21e 
01 
3442193e 
80000000 
47fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141 (Chain code)
035a784662a4a20a65bf6aab9ae98a6c068a81c52e4b032c0fb5400c706cfccc56 (Key)
b8b9c580


In the HMAC-SHA512 operation I pass these parameters as input:
47fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141
035a784662a4a20a65bf6aab9ae98a6c068a81c52e4b032c0fb5400c706cfccc5600000001

I get this result (64 bytes + 64 bytes):

b7d40c610c146701cdabb2df826716086d591664eb77de90b40c115bb653fb4d 
5c8c3990242778e21f3d47c20428181c65de054baba9a156b798c0e85a10d9e4

By checking the chain code that the next key must have, the chain code obtained is wrong.

0488b21e
02
5c1bd648
00000001
**2a7857631386ba23dacac34180dd1983734e444fdbf774041578e9b6adb37c19**
03501e454bf00751f24b1b489aa925215d66af2234e3891c3b21a52bedb3cd711c
6f6e2af7


What am I doing wrong?