sm-crypto-v2 0.3.12

package/dist/index.mjs

@@ -0,0 +1,1292 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/sm2/index.ts
+var sm2_exports = {};
+__export(sm2_exports, {
+  arrayToHex: () => arrayToHex,
+  arrayToUtf8: () => arrayToUtf8,
+  comparePublicKeyHex: () => comparePublicKeyHex,
+  compressPublicKeyHex: () => compressPublicKeyHex,
+  concatArray: () => concatArray,
+  doDecrypt: () => doDecrypt,
+  doEncrypt: () => doEncrypt,
+  doSignature: () => doSignature,
+  doVerifySignature: () => doVerifySignature,
+  generateEcparam: () => generateEcparam,
+  generateKeyPairHex: () => generateKeyPairHex,
+  getGlobalCurve: () => getGlobalCurve,
+  getHash: () => getHash,
+  getPoint: () => getPoint,
+  getPublicKeyFromPrivateKey: () => getPublicKeyFromPrivateKey,
+  hexToArray: () => hexToArray,
+  leftPad: () => leftPad,
+  utf8ToHex: () => utf8ToHex,
+  verifyPublicKey: () => verifyPublicKey
+});
+import { BigInteger as BigInteger4 } from "jsbn";
+
+// src/sm2/asn1.ts
+import { BigInteger } from "jsbn";
+function bigintToValue(bigint) {
+  let h = bigint.toString(16);
+  if (h[0] !== "-") {
+    if (h.length % 2 === 1)
+      h = "0" + h;
+    else if (!h.match(/^[0-7]/))
+      h = "00" + h;
+  } else {
+    h = h.substr(1);
+    let len = h.length;
+    if (len % 2 === 1)
+      len += 1;
+    else if (!h.match(/^[0-7]/))
+      len += 2;
+    let maskString = "";
+    for (let i = 0; i < len; i++)
+      maskString += "f";
+    let mask = new BigInteger(maskString, 16);
+    let output = mask.xor(bigint).add(BigInteger.ONE);
+    h = output.toString(16).replace(/^-/, "");
+  }
+  return h;
+}
+var ASN1Object = class {
+  constructor(tlv = null, t = "00", l = "00", v = "") {
+    this.tlv = tlv;
+    this.t = t;
+    this.l = l;
+    this.v = v;
+  }
+  getEncodedHex() {
+    if (!this.tlv) {
+      this.v = this.getValue();
+      this.l = this.getLength();
+      this.tlv = this.t + this.l + this.v;
+    }
+    return this.tlv;
+  }
+  getLength() {
+    const n3 = this.v.length / 2;
+    let nHex = n3.toString(16);
+    if (nHex.length % 2 === 1)
+      nHex = "0" + nHex;
+    if (n3 < 128) {
+      return nHex;
+    } else {
+      const head = 128 + nHex.length / 2;
+      return head.toString(16) + nHex;
+    }
+  }
+  getValue() {
+    return "";
+  }
+};
+var DERInteger = class extends ASN1Object {
+  constructor(bigint) {
+    super();
+    this.t = "02";
+    if (bigint)
+      this.v = bigintToValue(bigint);
+  }
+  getValue() {
+    return this.v;
+  }
+};
+var DERSequence = class extends ASN1Object {
+  constructor(asn1Array) {
+    super();
+    this.asn1Array = asn1Array;
+  }
+  t = "30";
+  getValue() {
+    this.v = this.asn1Array.map((asn1Object) => asn1Object.getEncodedHex()).join("");
+    return this.v;
+  }
+};
+function getLenOfL(str, start) {
+  if (+str[start + 2] < 8)
+    return 1;
+  return +str.substring(start + 2, start + 4) & 127 + 1;
+}
+function getL(str, start) {
+  const len = getLenOfL(str, start);
+  const l = str.substring(start + 2, start + 2 + len * 2);
+  if (!l)
+    return -1;
+  const bigint = +l[0] < 8 ? new BigInteger(l, 16) : new BigInteger(l.substring(2), 16);
+  return bigint.intValue();
+}
+function getStartOfV(str, start) {
+  const len = getLenOfL(str, start);
+  return start + (len + 1) * 2;
+}
+function encodeDer(r, s) {
+  const derR = new DERInteger(r);
+  const derS = new DERInteger(s);
+  const derSeq = new DERSequence([derR, derS]);
+  return derSeq.getEncodedHex();
+}
+function decodeDer(input) {
+  const start = getStartOfV(input, 0);
+  const vIndexR = getStartOfV(input, start);
+  const lR = getL(input, start);
+  const vR = input.substr(vIndexR, lR * 2);
+  const nextStart = vIndexR + vR.length;
+  const vIndexS = getStartOfV(input, nextStart);
+  const lS = getL(input, nextStart);
+  const vS = input.substring(vIndexS, vIndexS + lS * 2);
+  const r = new BigInteger(vR, 16);
+  const s = new BigInteger(vS, 16);
+  return { r, s };
+}
+
+// src/sm2/utils.ts
+import { BigInteger as BigInteger3, SecureRandom } from "jsbn";
+
+// src/sm2/ec.ts
+import { BigInteger as BigInteger2 } from "jsbn";
+var TWO = new BigInteger2("2");
+var THREE = new BigInteger2("3");
+var ECFieldElementFp = class {
+  constructor(q, x) {
+    this.q = q;
+    this.x = x;
+  }
+  equals(other) {
+    if (other === this)
+      return true;
+    return this.q.equals(other.q) && this.x.equals(other.x);
+  }
+  toBigInteger() {
+    return this.x;
+  }
+  negate() {
+    return new ECFieldElementFp(this.q, this.x.negate().mod(this.q));
+  }
+  add(b) {
+    return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q));
+  }
+  subtract(b) {
+    return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q));
+  }
+  multiply(b) {
+    return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q));
+  }
+  divide(b) {
+    return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q));
+  }
+  square() {
+    return new ECFieldElementFp(this.q, this.x.square().mod(this.q));
+  }
+};
+var ECPointFp = class {
+  constructor(curve3, x, y, z) {
+    this.curve = curve3;
+    this.x = x;
+    this.y = y;
+    this.z = z == null ? BigInteger2.ONE : z;
+    this.zinv = null;
+  }
+  zinv;
+  z;
+  getX() {
+    if (this.zinv === null)
+      this.zinv = this.z.modInverse(this.curve.q);
+    return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q));
+  }
+  getY() {
+    if (this.zinv === null)
+      this.zinv = this.z.modInverse(this.curve.q);
+    return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q));
+  }
+  equals(other) {
+    if (other === this)
+      return true;
+    if (this.isInfinity())
+      return other.isInfinity();
+    if (other.isInfinity())
+      return this.isInfinity();
+    const u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q);
+    if (!u.equals(BigInteger2.ZERO))
+      return false;
+    const v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q);
+    return v.equals(BigInteger2.ZERO);
+  }
+  isInfinity() {
+    if (this.x === null && this.y === null)
+      return true;
+    return this.z.equals(BigInteger2.ZERO) && !this.y.toBigInteger().equals(BigInteger2.ZERO);
+  }
+  negate() {
+    return new ECPointFp(this.curve, this.x, this.y.negate(), this.z);
+  }
+  add(b) {
+    if (this.isInfinity())
+      return b;
+    if (b.isInfinity())
+      return this;
+    const x1 = this.x.toBigInteger();
+    const y1 = this.y.toBigInteger();
+    const z1 = this.z;
+    const x2 = b.x.toBigInteger();
+    const y2 = b.y.toBigInteger();
+    const z2 = b.z;
+    const q = this.curve.q;
+    const w1 = x1.multiply(z2).mod(q);
+    const w2 = x2.multiply(z1).mod(q);
+    const w3 = w1.subtract(w2);
+    const w4 = y1.multiply(z2).mod(q);
+    const w5 = y2.multiply(z1).mod(q);
+    const w6 = w4.subtract(w5);
+    if (BigInteger2.ZERO.equals(w3)) {
+      if (BigInteger2.ZERO.equals(w6)) {
+        return this.twice();
+      }
+      return this.curve.infinity;
+    }
+    const w7 = w1.add(w2);
+    const w8 = z1.multiply(z2).mod(q);
+    const w9 = w3.square().mod(q);
+    const w10 = w3.multiply(w9).mod(q);
+    const w11 = w8.multiply(w6.square()).subtract(w7.multiply(w9)).mod(q);
+    const x3 = w3.multiply(w11).mod(q);
+    const y3 = w6.multiply(w9.multiply(w1).subtract(w11)).subtract(w4.multiply(w10)).mod(q);
+    const z3 = w10.multiply(w8).mod(q);
+    return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);
+  }
+  twice() {
+    if (this.isInfinity())
+      return this;
+    if (!this.y.toBigInteger().signum())
+      return this.curve.infinity;
+    const x1 = this.x.toBigInteger();
+    const y1 = this.y.toBigInteger();
+    const z1 = this.z;
+    const q = this.curve.q;
+    const a = this.curve.a.toBigInteger();
+    const w1 = x1.square().multiply(THREE).add(a.multiply(z1.square())).mod(q);
+    const w2 = y1.shiftLeft(1).multiply(z1).mod(q);
+    const w3 = y1.square().mod(q);
+    const w4 = w3.multiply(x1).multiply(z1).mod(q);
+    const w5 = w2.square().mod(q);
+    const w6 = w1.square().subtract(w4.shiftLeft(3)).mod(q);
+    const x3 = w2.multiply(w6).mod(q);
+    const y3 = w1.multiply(w4.shiftLeft(2).subtract(w6)).subtract(w5.shiftLeft(1).multiply(w3)).mod(q);
+    const z3 = w2.multiply(w5).mod(q);
+    return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);
+  }
+  multiply(k) {
+    if (this.isInfinity())
+      return this;
+    if (!k.signum())
+      return this.curve.infinity;
+    const k3 = k.multiply(THREE);
+    const neg = this.negate();
+    let Q = this;
+    for (let i = k3.bitLength() - 2; i > 0; i--) {
+      Q = Q.twice();
+      const k3Bit = k3.testBit(i);
+      const kBit = k.testBit(i);
+      if (k3Bit !== kBit) {
+        Q = Q.add(k3Bit ? this : neg);
+      }
+    }
+    return Q;
+  }
+};
+var ECCurveFp = class {
+  constructor(q, a, b) {
+    this.q = q;
+    this.q = q;
+    this.a = this.fromBigInteger(a);
+    this.b = this.fromBigInteger(b);
+    this.infinity = new ECPointFp(this, null, null);
+  }
+  infinity;
+  a;
+  b;
+  equals(other) {
+    if (other === this)
+      return true;
+    return this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b);
+  }
+  fromBigInteger(x) {
+    return new ECFieldElementFp(this.q, x);
+  }
+  decodePointHex(s) {
+    switch (parseInt(s.substring(0, 2), 16)) {
+      case 0:
+        return this.infinity;
+      case 2:
+      case 3:
+        const x = this.fromBigInteger(new BigInteger2(s.substring(2), 16));
+        let y = this.fromBigInteger(x.multiply(x.square()).add(
+          x.multiply(this.a)
+        ).add(this.b).toBigInteger().modPow(
+          this.q.divide(new BigInteger2("4")).add(BigInteger2.ONE),
+          this.q
+        ));
+        if (!y.toBigInteger().mod(TWO).equals(new BigInteger2(s.substring(0, 2), 16).subtract(TWO))) {
+          y = y.negate();
+        }
+        return new ECPointFp(this, x, y);
+      case 4:
+      case 6:
+      case 7:
+        const len = (s.length - 2) / 2;
+        const xHex = s.substring(2, 2 + len);
+        const yHex = s.substring(len + 2, len + 2 + len);
+        return new ECPointFp(this, this.fromBigInteger(new BigInteger2(xHex, 16)), this.fromBigInteger(new BigInteger2(yHex, 16)));
+      default:
+        return null;
+    }
+  }
+};
+
+// src/sm2/utils.ts
+var rng = new SecureRandom();
+var { curve, G, n } = generateEcparam();
+function getGlobalCurve() {
+  return curve;
+}
+function generateEcparam() {
+  const p = new BigInteger3("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 16);
+  const a = new BigInteger3("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 16);
+  const b = new BigInteger3("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 16);
+  const curve3 = new ECCurveFp(p, a, b);
+  const gxHex = "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7";
+  const gyHex = "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0";
+  const G3 = curve3.decodePointHex("04" + gxHex + gyHex);
+  const n3 = new BigInteger3("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 16);
+  return { curve: curve3, G: G3, n: n3 };
+}
+function generateKeyPairHex(a, b, c) {
+  const random = typeof a === "string" ? new BigInteger3(a, b) : a ? new BigInteger3(a, b, c) : new BigInteger3(n.bitLength(), rng);
+  const d = random.mod(n.subtract(BigInteger3.ONE)).add(BigInteger3.ONE);
+  const privateKey = leftPad(d.toString(16), 64);
+  const P = G.multiply(d);
+  const Px = leftPad(P.getX().toBigInteger().toString(16), 64);
+  const Py = leftPad(P.getY().toBigInteger().toString(16), 64);
+  const publicKey = "04" + Px + Py;
+  return { privateKey, publicKey };
+}
+function compressPublicKeyHex(s) {
+  if (s.length !== 130)
+    throw new Error("Invalid public key to compress");
+  const len = (s.length - 2) / 2;
+  const xHex = s.substring(2, 2 + len);
+  const y = new BigInteger3(s.substring(len + 2, len + len + 2), 16);
+  let prefix = "03";
+  if (y.mod(new BigInteger3("2")).equals(BigInteger3.ZERO))
+    prefix = "02";
+  return prefix + xHex;
+}
+function utf8ToHex(input) {
+  input = decodeURIComponent(encodeURIComponent(input));
+  const length = input.length;
+  const words = new Uint32Array((length >>> 2) + 1);
+  for (let i = 0; i < length; i++) {
+    words[i >>> 2] |= (input.charCodeAt(i) & 255) << 24 - i % 4 * 8;
+  }
+  const hexChars = [];
+  for (let i = 0; i < length; i++) {
+    const bite = words[i >>> 2] >>> 24 - i % 4 * 8 & 255;
+    hexChars.push((bite >>> 4).toString(16));
+    hexChars.push((bite & 15).toString(16));
+  }
+  return hexChars.join("");
+}
+function leftPad(input, num) {
+  if (input.length >= num)
+    return input;
+  return new Array(num - input.length + 1).join("0") + input;
+}
+function arrayToHex(arr) {
+  return arr.map((item) => {
+    const hex = item.toString(16);
+    return hex.length === 1 ? "0" + hex : hex;
+  }).join("");
+}
+function arrayToUtf8(arr) {
+  const str = [];
+  for (let i = 0, len = arr.length; i < len; i++) {
+    if (arr[i] >= 240 && arr[i] <= 247) {
+      str.push(String.fromCodePoint(((arr[i] & 7) << 18) + ((arr[i + 1] & 63) << 12) + ((arr[i + 2] & 63) << 6) + (arr[i + 3] & 63)));
+      i += 3;
+    } else if (arr[i] >= 224 && arr[i] <= 239) {
+      str.push(String.fromCodePoint(((arr[i] & 15) << 12) + ((arr[i + 1] & 63) << 6) + (arr[i + 2] & 63)));
+      i += 2;
+    } else if (arr[i] >= 192 && arr[i] <= 223) {
+      str.push(String.fromCodePoint(((arr[i] & 31) << 6) + (arr[i + 1] & 63)));
+      i++;
+    } else {
+      str.push(String.fromCodePoint(arr[i]));
+    }
+  }
+  return str.join("");
+}
+function hexToArray(hexStr) {
+  let hexStrLength = hexStr.length;
+  if (hexStrLength % 2 !== 0) {
+    hexStr = leftPad(hexStr, hexStrLength + 1);
+  }
+  hexStrLength = hexStr.length;
+  const wordLength = hexStrLength / 2;
+  const words = new Uint8Array(wordLength);
+  for (let i = 0; i < wordLength; i++) {
+    words[i] = parseInt(hexStr.substring(i * 2, i * 2 + 2), 16);
+  }
+  return words;
+}
+function verifyPublicKey(publicKey) {
+  const point = curve.decodePointHex(publicKey);
+  if (!point)
+    return false;
+  const x = point.getX();
+  const y = point.getY();
+  return y.square().equals(x.multiply(x.square()).add(x.multiply(curve.a)).add(curve.b));
+}
+function comparePublicKeyHex(publicKey1, publicKey2) {
+  const point1 = curve.decodePointHex(publicKey1);
+  if (!point1)
+    return false;
+  const point2 = curve.decodePointHex(publicKey2);
+  if (!point2)
+    return false;
+  return point1.equals(point2);
+}
+function concatArray(...arrays) {
+  let totalLength = arrays.reduce((acc, value) => acc + value.length, 0);
+  if (!arrays.length)
+    return new Uint8Array();
+  let result = new Uint8Array(totalLength);
+  let length = 0;
+  for (let array of arrays) {
+    result.set(array, length);
+    length += array.length;
+  }
+  return result;
+}
+
+// src/sm2/sm3.ts
+var W = new Uint32Array(68);
+var M = new Uint32Array(64);
+function rotl(x, n3) {
+  const s = n3 & 31;
+  return x << s | x >>> 32 - s;
+}
+function xor(x, y) {
+  const result = new Uint8Array(x.length);
+  for (let i = x.length - 1; i >= 0; i--)
+    result[i] = (x[i] ^ y[i]) & 255;
+  return result;
+}
+function P0(X) {
+  return X ^ rotl(X, 9) ^ rotl(X, 17);
+}
+function P1(X) {
+  return X ^ rotl(X, 15) ^ rotl(X, 23);
+}
+function sm3(array) {
+  let len = array.length * 8;
+  let k = len % 512;
+  k = k >= 448 ? 512 - k % 448 - 1 : 448 - k - 1;
+  const kArr = new Array((k - 7) / 8);
+  const lenArr = new Array(8);
+  for (let i = 0, len2 = kArr.length; i < len2; i++)
+    kArr[i] = 0;
+  for (let i = 0, len2 = lenArr.length; i < len2; i++)
+    lenArr[i] = 0;
+  let lenString = len.toString(2);
+  for (let i = 7; i >= 0; i--) {
+    if (lenString.length > 8) {
+      const start = lenString.length - 8;
+      lenArr[i] = parseInt(lenString.substring(start), 2);
+      lenString = lenString.substring(0, start);
+    } else if (lenString.length > 0) {
+      lenArr[i] = parseInt(lenString, 2);
+      lenString = "";
+    }
+  }
+  const m = Uint8Array.from([...array, 128, ...kArr, ...lenArr]);
+  const dataView = new DataView(m.buffer, 0);
+  const n3 = m.length / 64;
+  const V = new Uint32Array([1937774191, 1226093241, 388252375, 3666478592, 2842636476, 372324522, 3817729613, 2969243214]);
+  for (let i = 0; i < n3; i++) {
+    W.fill(0);
+    M.fill(0);
+    const start = 16 * i;
+    for (let j = 0; j < 16; j++) {
+      W[j] = dataView.getUint32((start + j) * 4, false);
+    }
+    for (let j = 16; j < 68; j++) {
+      W[j] = P1(W[j - 16] ^ W[j - 9] ^ rotl(W[j - 3], 15)) ^ rotl(W[j - 13], 7) ^ W[j - 6];
+    }
+    for (let j = 0; j < 64; j++) {
+      M[j] = W[j] ^ W[j + 4];
+    }
+    const T1 = 2043430169;
+    const T2 = 2055708042;
+    let A = V[0];
+    let B = V[1];
+    let C = V[2];
+    let D = V[3];
+    let E = V[4];
+    let F = V[5];
+    let G3 = V[6];
+    let H = V[7];
+    let SS1;
+    let SS2;
+    let TT1;
+    let TT2;
+    let T;
+    for (let j = 0; j < 64; j++) {
+      T = j >= 0 && j <= 15 ? T1 : T2;
+      SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7);
+      SS2 = SS1 ^ rotl(A, 12);
+      TT1 = (j >= 0 && j <= 15 ? A ^ B ^ C : A & B | A & C | B & C) + D + SS2 + M[j];
+      TT2 = (j >= 0 && j <= 15 ? E ^ F ^ G3 : E & F | ~E & G3) + H + SS1 + W[j];
+      D = C;
+      C = rotl(B, 9);
+      B = A;
+      A = TT1;
+      H = G3;
+      G3 = rotl(F, 19);
+      F = E;
+      E = P0(TT2);
+    }
+    V[0] ^= A;
+    V[1] ^= B;
+    V[2] ^= C;
+    V[3] ^= D;
+    V[4] ^= E;
+    V[5] ^= F;
+    V[6] ^= G3;
+    V[7] ^= H;
+  }
+  const result = new Uint8Array(V.length * 4);
+  for (let i = 0, len2 = V.length; i < len2; i++) {
+    const word = V[i];
+    result[i * 4] = (word & 4278190080) >>> 24;
+    result[i * 4 + 1] = (word & 16711680) >>> 16;
+    result[i * 4 + 2] = (word & 65280) >>> 8;
+    result[i * 4 + 3] = word & 255;
+  }
+  return result;
+}
+var blockLen = 64;
+var iPad = new Uint8Array(blockLen);
+var oPad = new Uint8Array(blockLen);
+for (let i = 0; i < blockLen; i++) {
+  iPad[i] = 54;
+  oPad[i] = 92;
+}
+function hmac(input, key) {
+  if (key.length > blockLen)
+    key = sm3(key);
+  while (key.length < blockLen) {
+    const padKey = new Uint8Array(blockLen);
+    padKey.set(key);
+    key = padKey;
+  }
+  const iPadKey = xor(key, iPad);
+  const oPadKey = xor(key, oPad);
+  const hash = sm3(concatArray(iPadKey, input));
+  return sm3(concatArray(oPadKey, hash));
+}
+
+// src/sm2/index.ts
+var { G: G2, curve: curve2, n: n2 } = generateEcparam();
+var C1C2C3 = 0;
+function doEncrypt(msg, publicKey, cipherMode = 1) {
+  const msgArr = typeof msg === "string" ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg);
+  const publicKeyPoint = getGlobalCurve().decodePointHex(publicKey);
+  const keypair = generateKeyPairHex();
+  const k = new BigInteger4(keypair.privateKey, 16);
+  let c1 = keypair.publicKey;
+  if (c1.length > 128)
+    c1 = c1.substring(c1.length - 128);
+  const p = publicKeyPoint.multiply(k);
+  const x2 = hexToArray(leftPad(p.getX().toBigInteger().toRadix(16), 64));
+  const y2 = hexToArray(leftPad(p.getY().toBigInteger().toRadix(16), 64));
+  const c3 = arrayToHex(Array.from(sm3(concatArray(x2, msgArr, y2))));
+  let ct = 1;
+  let offset = 0;
+  let t = new Uint8Array();
+  const z = concatArray(x2, y2);
+  const nextT = () => {
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
+    ct++;
+    offset = 0;
+  };
+  nextT();
+  for (let i = 0, len = msgArr.length; i < len; i++) {
+    if (offset === t.length)
+      nextT();
+    msgArr[i] ^= t[offset++] & 255;
+  }
+  const c2 = arrayToHex(Array.from(msgArr));
+  return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2;
+}
+function doDecrypt(encryptData, privateKey, cipherMode = 1, {
+  output = "string"
+} = {}) {
+  const privateKeyInteger = new BigInteger4(privateKey, 16);
+  let c3 = encryptData.substring(128, 128 + 64);
+  let c2 = encryptData.substring(128 + 64);
+  if (cipherMode === C1C2C3) {
+    c3 = encryptData.substring(encryptData.length - 64);
+    c2 = encryptData.substring(128, encryptData.length - 64);
+  }
+  const msg = hexToArray(c2);
+  const c1 = getGlobalCurve().decodePointHex("04" + encryptData.substring(0, 128));
+  const p = c1.multiply(privateKeyInteger);
+  const x2 = hexToArray(leftPad(p.getX().toBigInteger().toRadix(16), 64));
+  const y2 = hexToArray(leftPad(p.getY().toBigInteger().toRadix(16), 64));
+  let ct = 1;
+  let offset = 0;
+  let t = new Uint8Array();
+  const z = concatArray(x2, y2);
+  const nextT = () => {
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
+    ct++;
+    offset = 0;
+  };
+  nextT();
+  for (let i = 0, len = msg.length; i < len; i++) {
+    if (offset === t.length)
+      nextT();
+    msg[i] ^= t[offset++] & 255;
+  }
+  const checkC3 = arrayToHex(Array.from(sm3(concatArray(x2, msg, y2))));
+  if (checkC3 === c3.toLowerCase()) {
+    return output === "array" ? msg : arrayToUtf8(msg);
+  } else {
+    return output === "array" ? [] : "";
+  }
+}
+function doSignature(msg, privateKey, options = {}) {
+  let {
+    pointPool,
+    der,
+    hash,
+    publicKey,
+    userId
+  } = options;
+  let hashHex = typeof msg === "string" ? utf8ToHex(msg) : arrayToHex(Array.from(msg));
+  if (hash) {
+    publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey);
+    hashHex = getHash(hashHex, publicKey, userId);
+  }
+  const dA = new BigInteger4(privateKey, 16);
+  const e = new BigInteger4(hashHex, 16);
+  let k = null;
+  let r = null;
+  let s = null;
+  do {
+    do {
+      let point;
+      if (pointPool && pointPool.length) {
+        point = pointPool.pop();
+      } else {
+        point = getPoint();
+      }
+      k = point.k;
+      r = e.add(point.x1).mod(n2);
+    } while (r.equals(BigInteger4.ZERO) || r.add(k).equals(n2));
+    s = dA.add(BigInteger4.ONE).modInverse(n2).multiply(k.subtract(r.multiply(dA))).mod(n2);
+  } while (s.equals(BigInteger4.ZERO));
+  if (der)
+    return encodeDer(r, s);
+  return leftPad(r.toString(16), 64) + leftPad(s.toString(16), 64);
+}
+function doVerifySignature(msg, signHex, publicKey, options = {}) {
+  let hashHex;
+  const {
+    hash,
+    der,
+    userId
+  } = options;
+  if (hash) {
+    hashHex = getHash(typeof msg === "string" ? utf8ToHex(msg) : msg, publicKey, userId);
+  } else {
+    hashHex = typeof msg === "string" ? utf8ToHex(msg) : arrayToHex(Array.from(msg));
+  }
+  let r;
+  let s;
+  if (der) {
+    const decodeDerObj = decodeDer(signHex);
+    r = decodeDerObj.r;
+    s = decodeDerObj.s;
+  } else {
+    r = new BigInteger4(signHex.substring(0, 64), 16);
+    s = new BigInteger4(signHex.substring(64), 16);
+  }
+  const PA = curve2.decodePointHex(publicKey);
+  const e = new BigInteger4(hashHex, 16);
+  const t = r.add(s).mod(n2);
+  if (t.equals(BigInteger4.ZERO))
+    return false;
+  const x1y1 = G2.multiply(s).add(PA.multiply(t));
+  const R = e.add(x1y1.getX().toBigInteger()).mod(n2);
+  return r.equals(R);
+}
+function getHash(hashHex, publicKey, userId = "1234567812345678") {
+  userId = utf8ToHex(userId);
+  const a = leftPad(G2.curve.a.toBigInteger().toRadix(16), 64);
+  const b = leftPad(G2.curve.b.toBigInteger().toRadix(16), 64);
+  const gx = leftPad(G2.getX().toBigInteger().toRadix(16), 64);
+  const gy = leftPad(G2.getY().toBigInteger().toRadix(16), 64);
+  let px;
+  let py;
+  if (publicKey.length === 128) {
+    px = publicKey.substring(0, 64);
+    py = publicKey.substring(64, 128);
+  } else {
+    const point = G2.curve.decodePointHex(publicKey);
+    px = leftPad(point.getX().toBigInteger().toRadix(16), 64);
+    py = leftPad(point.getY().toBigInteger().toRadix(16), 64);
+  }
+  const data = hexToArray(userId + a + b + gx + gy + px + py);
+  const entl = userId.length * 4;
+  const z = sm3(concatArray(new Uint8Array([entl >> 8 & 255, entl & 255]), data));
+  return arrayToHex(Array.from(sm3(concatArray(z, typeof hashHex === "string" ? hexToArray(hashHex) : hashHex))));
+}
+function getPublicKeyFromPrivateKey(privateKey) {
+  const PA = G2.multiply(new BigInteger4(privateKey, 16));
+  const x = leftPad(PA.getX().toBigInteger().toString(16), 64);
+  const y = leftPad(PA.getY().toBigInteger().toString(16), 64);
+  return "04" + x + y;
+}
+function getPoint() {
+  const keypair = generateKeyPairHex();
+  const PA = curve2.decodePointHex(keypair.publicKey);
+  return {
+    ...keypair,
+    k: new BigInteger4(keypair.privateKey, 16),
+    x1: PA.getX().toBigInteger()
+  };
+}
+
+// src/sm3/index.ts
+var sm3_exports = {};
+__export(sm3_exports, {
+  sm3: () => sm32,
+  utf8ToArray: () => utf8ToArray
+});
+function utf8ToArray(str) {
+  const arr = [];
+  for (let i = 0, len = str.length; i < len; i++) {
+    const point = str.codePointAt(i);
+    if (point <= 127) {
+      arr.push(point);
+    } else if (point <= 2047) {
+      arr.push(192 | point >>> 6);
+      arr.push(128 | point & 63);
+    } else if (point <= 55295 || point >= 57344 && point <= 65535) {
+      arr.push(224 | point >>> 12);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else if (point >= 65536 && point <= 1114111) {
+      i++;
+      arr.push(240 | point >>> 18 & 28);
+      arr.push(128 | point >>> 12 & 63);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else {
+      arr.push(point);
+      throw new Error("input is not supported");
+    }
+  }
+  return new Uint8Array(arr);
+}
+function sm32(input, options) {
+  input = typeof input === "string" ? utf8ToArray(input) : input;
+  if (options) {
+    const mode = options.mode || "hmac";
+    if (mode !== "hmac")
+      throw new Error("invalid mode");
+    let key = options.key;
+    if (!key)
+      throw new Error("invalid key");
+    key = typeof key === "string" ? hexToArray(key) : key;
+    return arrayToHex(Array.from(hmac(input, key)));
+  }
+  return arrayToHex(Array.from(sm3(input)));
+}
+
+// src/sm4/index.ts
+var sm4_exports = {};
+__export(sm4_exports, {
+  decrypt: () => decrypt,
+  encrypt: () => encrypt,
+  sm4: () => sm4
+});
+var DECRYPT = 0;
+var ROUND = 32;
+var BLOCK = 16;
+var Sbox = Uint8Array.from([
+  214,
+  144,
+  233,
+  254,
+  204,
+  225,
+  61,
+  183,
+  22,
+  182,
+  20,
+  194,
+  40,
+  251,
+  44,
+  5,
+  43,
+  103,
+  154,
+  118,
+  42,
+  190,
+  4,
+  195,
+  170,
+  68,
+  19,
+  38,
+  73,
+  134,
+  6,
+  153,
+  156,
+  66,
+  80,
+  244,
+  145,
+  239,
+  152,
+  122,
+  51,
+  84,
+  11,
+  67,
+  237,
+  207,
+  172,
+  98,
+  228,
+  179,
+  28,
+  169,
+  201,
+  8,
+  232,
+  149,
+  128,
+  223,
+  148,
+  250,
+  117,
+  143,
+  63,
+  166,
+  71,
+  7,
+  167,
+  252,
+  243,
+  115,
+  23,
+  186,
+  131,
+  89,
+  60,
+  25,
+  230,
+  133,
+  79,
+  168,
+  104,
+  107,
+  129,
+  178,
+  113,
+  100,
+  218,
+  139,
+  248,
+  235,
+  15,
+  75,
+  112,
+  86,
+  157,
+  53,
+  30,
+  36,
+  14,
+  94,
+  99,
+  88,
+  209,
+  162,
+  37,
+  34,
+  124,
+  59,
+  1,
+  33,
+  120,
+  135,
+  212,
+  0,
+  70,
+  87,
+  159,
+  211,
+  39,
+  82,
+  76,
+  54,
+  2,
+  231,
+  160,
+  196,
+  200,
+  158,
+  234,
+  191,
+  138,
+  210,
+  64,
+  199,
+  56,
+  181,
+  163,
+  247,
+  242,
+  206,
+  249,
+  97,
+  21,
+  161,
+  224,
+  174,
+  93,
+  164,
+  155,
+  52,
+  26,
+  85,
+  173,
+  147,
+  50,
+  48,
+  245,
+  140,
+  177,
+  227,
+  29,
+  246,
+  226,
+  46,
+  130,
+  102,
+  202,
+  96,
+  192,
+  41,
+  35,
+  171,
+  13,
+  83,
+  78,
+  111,
+  213,
+  219,
+  55,
+  69,
+  222,
+  253,
+  142,
+  47,
+  3,
+  255,
+  106,
+  114,
+  109,
+  108,
+  91,
+  81,
+  141,
+  27,
+  175,
+  146,
+  187,
+  221,
+  188,
+  127,
+  17,
+  217,
+  92,
+  65,
+  31,
+  16,
+  90,
+  216,
+  10,
+  193,
+  49,
+  136,
+  165,
+  205,
+  123,
+  189,
+  45,
+  116,
+  208,
+  18,
+  184,
+  229,
+  180,
+  176,
+  137,
+  105,
+  151,
+  74,
+  12,
+  150,
+  119,
+  126,
+  101,
+  185,
+  241,
+  9,
+  197,
+  110,
+  198,
+  132,
+  24,
+  240,
+  125,
+  236,
+  58,
+  220,
+  77,
+  32,
+  121,
+  238,
+  95,
+  62,
+  215,
+  203,
+  57,
+  72
+]);
+var CK = new Uint32Array([
+  462357,
+  472066609,
+  943670861,
+  1415275113,
+  1886879365,
+  2358483617,
+  2830087869,
+  3301692121,
+  3773296373,
+  4228057617,
+  404694573,
+  876298825,
+  1347903077,
+  1819507329,
+  2291111581,
+  2762715833,
+  3234320085,
+  3705924337,
+  4177462797,
+  337322537,
+  808926789,
+  1280531041,
+  1752135293,
+  2223739545,
+  2695343797,
+  3166948049,
+  3638552301,
+  4110090761,
+  269950501,
+  741554753,
+  1213159005,
+  1684763257
+]);
+function byteSub(a) {
+  return (Sbox[a >>> 24 & 255] & 255) << 24 | (Sbox[a >>> 16 & 255] & 255) << 16 | (Sbox[a >>> 8 & 255] & 255) << 8 | Sbox[a & 255] & 255;
+}
+function l1(b) {
+  return b ^ rotl(b, 2) ^ rotl(b, 10) ^ rotl(b, 18) ^ rotl(b, 24);
+}
+function l2(b) {
+  return b ^ rotl(b, 13) ^ rotl(b, 23);
+}
+function sms4Crypt(input, output, roundKey) {
+  const x = new Uint32Array(4);
+  const tmp = new Uint32Array(4);
+  for (let i = 0; i < 4; i++) {
+    tmp[0] = input[4 * i] & 255;
+    tmp[1] = input[4 * i + 1] & 255;
+    tmp[2] = input[4 * i + 2] & 255;
+    tmp[3] = input[4 * i + 3] & 255;
+    x[i] = tmp[0] << 24 | tmp[1] << 16 | tmp[2] << 8 | tmp[3];
+  }
+  for (let r = 0, mid; r < 32; r += 4) {
+    mid = x[1] ^ x[2] ^ x[3] ^ roundKey[r + 0];
+    x[0] ^= l1(byteSub(mid));
+    mid = x[2] ^ x[3] ^ x[0] ^ roundKey[r + 1];
+    x[1] ^= l1(byteSub(mid));
+    mid = x[3] ^ x[0] ^ x[1] ^ roundKey[r + 2];
+    x[2] ^= l1(byteSub(mid));
+    mid = x[0] ^ x[1] ^ x[2] ^ roundKey[r + 3];
+    x[3] ^= l1(byteSub(mid));
+  }
+  for (let j = 0; j < 16; j += 4) {
+    output[j] = x[3 - j / 4] >>> 24 & 255;
+    output[j + 1] = x[3 - j / 4] >>> 16 & 255;
+    output[j + 2] = x[3 - j / 4] >>> 8 & 255;
+    output[j + 3] = x[3 - j / 4] & 255;
+  }
+}
+function sms4KeyExt(key, roundKey, cryptFlag) {
+  const x = new Uint32Array(4);
+  const tmp = new Uint32Array(4);
+  for (let i = 0; i < 4; i++) {
+    tmp[0] = key[0 + 4 * i] & 255;
+    tmp[1] = key[1 + 4 * i] & 255;
+    tmp[2] = key[2 + 4 * i] & 255;
+    tmp[3] = key[3 + 4 * i] & 255;
+    x[i] = tmp[0] << 24 | tmp[1] << 16 | tmp[2] << 8 | tmp[3];
+  }
+  x[0] ^= 2746333894;
+  x[1] ^= 1453994832;
+  x[2] ^= 1736282519;
+  x[3] ^= 2993693404;
+  for (let r = 0, mid; r < 32; r += 4) {
+    mid = x[1] ^ x[2] ^ x[3] ^ CK[r + 0];
+    roundKey[r + 0] = x[0] ^= l2(byteSub(mid));
+    mid = x[2] ^ x[3] ^ x[0] ^ CK[r + 1];
+    roundKey[r + 1] = x[1] ^= l2(byteSub(mid));
+    mid = x[3] ^ x[0] ^ x[1] ^ CK[r + 2];
+    roundKey[r + 2] = x[2] ^= l2(byteSub(mid));
+    mid = x[0] ^ x[1] ^ x[2] ^ CK[r + 3];
+    roundKey[r + 3] = x[3] ^= l2(byteSub(mid));
+  }
+  if (cryptFlag === DECRYPT) {
+    for (let r = 0, mid; r < 16; r++) {
+      mid = roundKey[r];
+      roundKey[r] = roundKey[31 - r];
+      roundKey[31 - r] = mid;
+    }
+  }
+}
+function sm4(inArray, key, cryptFlag, options = {}) {
+  let {
+    padding = "pkcs#7",
+    mode,
+    iv = new Uint8Array(16),
+    output
+  } = options;
+  if (mode === "cbc") {
+    if (typeof iv === "string")
+      iv = hexToArray(iv);
+    if (iv.length !== 128 / 8) {
+      throw new Error("iv is invalid");
+    }
+  }
+  if (typeof key === "string")
+    key = hexToArray(key);
+  if (key.length !== 128 / 8) {
+    throw new Error("key is invalid");
+  }
+  if (typeof inArray === "string") {
+    if (cryptFlag !== DECRYPT) {
+      inArray = utf8ToArray(inArray);
+    } else {
+      inArray = hexToArray(inArray);
+    }
+  } else {
+    inArray = Uint8Array.from(inArray);
+  }
+  if ((padding === "pkcs#5" || padding === "pkcs#7") && cryptFlag !== DECRYPT) {
+    const paddingCount = BLOCK - inArray.length % BLOCK;
+    const newArray = new Uint8Array(inArray.length + paddingCount);
+    newArray.set(inArray, 0);
+    for (let i = 0; i < paddingCount; i++)
+      newArray[inArray.length + i] = paddingCount;
+    inArray = newArray;
+  }
+  const roundKey = new Uint32Array(ROUND);
+  sms4KeyExt(key, roundKey, cryptFlag);
+  let outArray = new Uint8Array(inArray.length);
+  let lastVector = iv;
+  let restLen = inArray.length;
+  let point = 0;
+  while (restLen >= BLOCK) {
+    const input = inArray.slice(point, point + 16);
+    const output2 = new Uint8Array(16);
+    if (mode === "cbc") {
+      for (let i = 0; i < BLOCK; i++) {
+        if (cryptFlag !== DECRYPT) {
+          input[i] ^= lastVector[i];
+        }
+      }
+    }
+    sms4Crypt(input, output2, roundKey);
+    for (let i = 0; i < BLOCK; i++) {
+      if (mode === "cbc") {
+        if (cryptFlag === DECRYPT) {
+          output2[i] ^= lastVector[i];
+        }
+      }
+      outArray[point + i] = output2[i];
+    }
+    if (mode === "cbc") {
+      if (cryptFlag !== DECRYPT) {
+        lastVector = output2;
+      } else {
+        lastVector = input;
+      }
+    }
+    restLen -= BLOCK;
+    point += BLOCK;
+  }
+  if ((padding === "pkcs#5" || padding === "pkcs#7") && cryptFlag === DECRYPT) {
+    const len = outArray.length;
+    const paddingCount = outArray[len - 1];
+    for (let i = 1; i <= paddingCount; i++) {
+      if (outArray[len - i] !== paddingCount)
+        throw new Error("padding is invalid");
+    }
+    outArray = outArray.slice(0, len - paddingCount);
+  }
+  if (output !== "array") {
+    if (cryptFlag !== DECRYPT) {
+      return arrayToHex(Array.from(outArray));
+    } else {
+      return arrayToUtf8(outArray);
+    }
+  } else {
+    return outArray;
+  }
+}
+function encrypt(inArray, key, options = {}) {
+  return sm4(inArray, key, 1, options);
+}
+function decrypt(inArray, key, options = {}) {
+  return sm4(inArray, key, 0, options);
+}
+export {
+  sm2_exports as sm2,
+  sm3_exports as sm3,
+  sm4_exports as sm4
+};