From 88414643b4526534a9adcf2c5914c8365ea36c73 Mon Sep 17 00:00:00 2001
From: zhaozhe <zhaozhe@cobo.com>
Date: Sat, 2 Apr 2022 19:28:23 +0800
Subject: [PATCH 1/2] slip0010 derivation retry fix

---
 pycoin/key/bip32.py | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/pycoin/key/bip32.py b/pycoin/key/bip32.py
index 5fd76740d..3e9fca988 100644
--- a/pycoin/key/bip32.py
+++ b/pycoin/key/bip32.py
@@ -63,13 +63,24 @@ def subkey_secret_exponent_chain_code_pair(
         sec = public_pair_to_sec(public_pair, compressed=True)
         data = sec + i_as_bytes
 
-    I64 = hmac.HMAC(key=chain_code_bytes, msg=data, digestmod=hashlib.sha512).digest()
-    I_left_as_exponent = from_bytes_32(I64[:32]) % ORDER
-    new_secret_exponent = (I_left_as_exponent + secret_exponent) % ORDER
-    if new_secret_exponent == 0:
-        logger.critical(_SUBKEY_VALIDATION_LOG_ERR_FMT)
-        raise DerivationError('k_{} == 0'.format(i))
-
+    while True:
+        I64 = hmac.HMAC(key=chain_code_bytes, msg=data, digestmod=hashlib.sha512).digest()
+        I_left_as_exponent = from_bytes_32(I64[:32])
+
+        failed = False
+        if I_left_as_exponent < ORDER:
+            I_left_as_exponent = (I_left_as_exponent + secret_exponent) % ORDER
+            if I_left_as_exponent == 0:
+                failed = True
+        else:
+            failed = True
+
+        if failed:
+            data = b'\0' + I64[32:]
+        else:
+            break
+
+    new_secret_exponent = I_left_as_exponent
     new_chain_code = I64[32:]
     return new_secret_exponent, new_chain_code
 

From 59d6a7807875d978d6ca992196bb05766929a3fd Mon Sep 17 00:00:00 2001
From: zhaozhe <zhaozhe@cobo.com>
Date: Sat, 2 Apr 2022 19:37:13 +0800
Subject: [PATCH 2/2] slip0010 derivation retry fix

---
 pycoin/key/bip32.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pycoin/key/bip32.py b/pycoin/key/bip32.py
index 3e9fca988..1614551b6 100644
--- a/pycoin/key/bip32.py
+++ b/pycoin/key/bip32.py
@@ -76,7 +76,7 @@ def subkey_secret_exponent_chain_code_pair(
             failed = True
 
         if failed:
-            data = b'\0' + I64[32:]
+            data = b'\1' + I64[32:] + i_as_bytes
         else:
             break