sm-crypto-v2 1.10.0 → 1.11.0

package/CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.11.0](https://github.com/Cubelrti/sm-crypto-v2/compare/v1.10.1...v1.11.0) (2025-04-28)
+
+
+### Features
+
+* **sm3, kx:** expose kdf in sm3, added test case for parity ([f0091ca](https://github.com/Cubelrti/sm-crypto-v2/commit/f0091ca4a58a3369a83f274023268dfe2bda2794))
+
+### [1.10.1](https://github.com/Cubelrti/sm-crypto-v2/compare/v1.10.0...v1.10.1) (2025-04-27)
+
+
+### Bug Fixes
+
+* miniprogram build issue ([5e8ece4](https://github.com/Cubelrti/sm-crypto-v2/commit/5e8ece41dab69fc449675f9d46dfd25163538a78))
+* **sm2:** typing issue ([f368a72](https://github.com/Cubelrti/sm-crypto-v2/commit/f368a72cc354d0ec9601dda8cbd2590eb9e6c144))
+
 ## [1.10.0](https://github.com/Cubelrti/sm-crypto-v2/compare/v1.9.3...v1.10.0) (2025-04-14)
 
 

package/README.md

@@ -19,6 +19,7 @@ For WebAssembly-supported platform, see [sm-crypto-wasm](https://github.com/Cube
 - 🎲 自动选择最优的安全随机数实现，避免使用 `Math.random()` 和 `Date.now()` 进行模拟
 - 📚 同时导出 ES Module 和 CommonJS 两种格式，可按需使用
 - 🔑 提供 SM2 密钥交换 API
+- 🔒 提供 SM4 GCM 模式加密解密能力
 - 🎒 未压缩大小 34kb，压缩后 17kb
 
 ## 安装
@@ -149,13 +150,16 @@ let verifyResult4 = sm2.doVerifySignature(msg, sigValueHex4, precomputedPublicKe
 ## sm3
 
 ```js
-import { sm3 } from 'sm-crypto-v2'
+import { sm3, kdf } from 'sm-crypto-v2'
 let hashData = sm3('abc') // 杂凑
 
 // hmac
 hashData = sm3('abc', {
     key: 'daac25c1512fe50f79b0e4526b93f5c0e1460cef40b6dd44af13caec62e8c60e0d885f3c6d6fb51e530889e6fd4ac743a6d332e68a0f2a3923f42585dceb93e9', // 要求为 16 进制串或字节数组
 })
+
+// kdf，注意这是 GM/T 0003-2012 中的 SM3 KDF（密钥派生函数），不是 RFC5869 的 HKDF
+kdfData = kdf('abc', 32 /* 输出长度 */)
 ```
 
 ## sm4
@@ -171,6 +175,14 @@ let encryptData = sm4.encrypt(msg, key) // 加密，默认输出 16 进制字符
 let encryptData = sm4.encrypt(msg, key, {padding: 'none'}) // 加密，不使用 padding
 let encryptData = sm4.encrypt(msg, key, {padding: 'none', output: 'array'}) // 加密，不使用 padding，输出为字节数组
 let encryptData = sm4.encrypt(msg, key, {mode: 'cbc', iv: 'fedcba98765432100123456789abcdef'}) // 加密，cbc 模式
+let encryptData = sm4.encrypt(msg, key, {
+    mode: 'gcm', // gcm 模式，必填 iv, 可选 aad
+    iv,
+    associatedData,
+    output: 'string',
+    outputTag: true, // 输出 aead tag，如果为 false 则不输出
+}) // 输出格式 { output: T; tag?: T; } T 为 string/Uint8Array
+
 ```
 
 ### 解密
@@ -184,6 +196,13 @@ let decryptData = sm4.decrypt(encryptData, key) // 解密，默认输出 utf8
 let decryptData = sm4.decrypt(encryptData, key, {padding: 'none'}) // 解密，不使用 padding
 let decryptData = sm4.decrypt(encryptData, key, {padding: 'none', output: 'array'}) // 解密，不使用 padding，输出为字节数组
 let decryptData = sm4.decrypt(encryptData, key, {mode: 'cbc', iv: 'fedcba98765432100123456789abcdef'}) // 解密，cbc 模式
+let decryptData = sm4.decrypt(encryptData, key, {
+    mode: 'gcm', // gcm 模式必填 iv tag, 可选 aad
+    iv,
+    associatedData,
+    tag: expectedAuthTag,
+    output: 'array'
+}) // 输出格式 string/Uint8Array
 ```
 
 ### 密钥交换

package/dist/index.d.mts

@@ -31,7 +31,7 @@ declare function arrayToUtf8(arr: Uint8Array): string;
 /**
  * 转成字节数组
  */
-declare function hexToArray(hexStr: string): Uint8Array;
+declare function hexToArray(hexStr: string): Uint8Array<ArrayBuffer>;
 /**
  * 验证公钥是否为椭圆曲线上的点
  */
@@ -43,9 +43,9 @@ declare function comparePublicKeyHex(publicKey1: string, publicKey2: string): bo
 
 declare function initRNGPool(): Promise<void>;
 
-declare function calculateSharedKey(keypairA: KeyPair, ephemeralKeypairA: KeyPair, publicKeyB: string, ephemeralPublicKeyB: string, sharedKeyLength: number, isRecipient?: boolean, idA?: string, idB?: string): Uint8Array;
+declare function calculateSharedKey(keypairA: KeyPair, ephemeralKeypairA: KeyPair, publicKeyB: string, ephemeralPublicKeyB: string, sharedKeyLength: number, isRecipient?: boolean, idA?: string, idB?: string): Uint8Array<ArrayBuffer>;
 
-declare const EmptyArray: Uint8Array;
+declare const EmptyArray: Uint8Array<ArrayBuffer>;
 /**
  * 加密
  */
@@ -60,7 +60,7 @@ declare function doDecrypt(encryptData: string, privateKey: string, cipherMode?:
     asn1?: boolean;
 }): Uint8Array;
 declare function doDecrypt(encryptData: string, privateKey: string, cipherMode?: number, options?: {
-    output: 'string';
+    output?: 'string';
     asn1?: boolean;
 }): string;
 interface SignaturePoint {
@@ -85,7 +85,7 @@ declare function doVerifySignature(msg: string | Uint8Array, signHex: string, pu
     hash?: boolean;
     userId?: string;
 }): boolean;
-declare function getZ(publicKey: string, userId?: string): Uint8Array;
+declare function getZ(publicKey: string, userId?: string): Uint8Array<ArrayBufferLike>;
 /**
  * sm3杂凑算法
  */
@@ -139,6 +139,14 @@ declare namespace index$1 {
   export { index$1_EmptyArray as EmptyArray, type index$1_KeyPair as KeyPair, type index$1_SignaturePoint as SignaturePoint, index$1_arrayToHex as arrayToHex, index$1_arrayToUtf8 as arrayToUtf8, index$1_calculateSharedKey as calculateSharedKey, index$1_comparePublicKeyHex as comparePublicKeyHex, index$1_compressPublicKeyHex as compressPublicKeyHex, index$1_doDecrypt as doDecrypt, index$1_doEncrypt as doEncrypt, index$1_doSignature as doSignature, index$1_doVerifySignature as doVerifySignature, index$1_generateKeyPairHex as generateKeyPairHex, index$1_getHash as getHash, index$1_getPoint as getPoint, index$1_getPublicKeyFromPrivateKey as getPublicKeyFromPrivateKey, index$1_getZ as getZ, index$1_hexToArray as hexToArray, index$1_initRNGPool as initRNGPool, index$1_leftPad as leftPad, index$1_precomputePublicKey as precomputePublicKey, index$1_utf8ToHex as utf8ToHex, index$1_verifyPublicKey as verifyPublicKey };
 }
 
+/**
+ * SM3 Key derivation function used in SM2 encryption and key exchange, specified in GM/T 0003-2012
+ * @param z Input data (string or Uint8Array)
+ * @param keylen Desired key length in bytes
+ * @returns Derived key as Uint8Array
+ */
+declare function kdf(z: string | Uint8Array, keylen: number): Uint8Array<ArrayBuffer>;
+
 declare function sm3(input: string | Uint8Array, options?: {
     key: Uint8Array | string;
     mode?: 'hmac' | 'mac';
@@ -153,9 +161,9 @@ interface SM4Options {
     outputTag?: boolean;
     tag?: Uint8Array | string;
 }
-declare function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryptFlag: 0 | 1, options?: SM4Options): string | Uint8Array | {
+declare function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryptFlag: 0 | 1, options?: SM4Options): string | Uint8Array<ArrayBufferLike> | {
     output: Uint8Array;
-    tag?: Uint8Array | undefined;
+    tag?: Uint8Array;
 } | {
     output: string;
     tag: string | undefined;
@@ -194,4 +202,4 @@ declare namespace index {
   export { type index_GCMResult as GCMResult, type index_SM4Options as SM4Options, index_decrypt as decrypt, index_encrypt as encrypt, index_sm4 as sm4 };
 }
 
-export { index$1 as sm2, sm3, index as sm4 };
+export { kdf, index$1 as sm2, sm3, index as sm4 };

package/dist/index.d.ts

@@ -31,7 +31,7 @@ declare function arrayToUtf8(arr: Uint8Array): string;
 /**
  * 转成字节数组
  */
-declare function hexToArray(hexStr: string): Uint8Array;
+declare function hexToArray(hexStr: string): Uint8Array<ArrayBuffer>;
 /**
  * 验证公钥是否为椭圆曲线上的点
  */
@@ -43,9 +43,9 @@ declare function comparePublicKeyHex(publicKey1: string, publicKey2: string): bo
 
 declare function initRNGPool(): Promise<void>;
 
-declare function calculateSharedKey(keypairA: KeyPair, ephemeralKeypairA: KeyPair, publicKeyB: string, ephemeralPublicKeyB: string, sharedKeyLength: number, isRecipient?: boolean, idA?: string, idB?: string): Uint8Array;
+declare function calculateSharedKey(keypairA: KeyPair, ephemeralKeypairA: KeyPair, publicKeyB: string, ephemeralPublicKeyB: string, sharedKeyLength: number, isRecipient?: boolean, idA?: string, idB?: string): Uint8Array<ArrayBuffer>;
 
-declare const EmptyArray: Uint8Array;
+declare const EmptyArray: Uint8Array<ArrayBuffer>;
 /**
  * 加密
  */
@@ -60,7 +60,7 @@ declare function doDecrypt(encryptData: string, privateKey: string, cipherMode?:
     asn1?: boolean;
 }): Uint8Array;
 declare function doDecrypt(encryptData: string, privateKey: string, cipherMode?: number, options?: {
-    output: 'string';
+    output?: 'string';
     asn1?: boolean;
 }): string;
 interface SignaturePoint {
@@ -85,7 +85,7 @@ declare function doVerifySignature(msg: string | Uint8Array, signHex: string, pu
     hash?: boolean;
     userId?: string;
 }): boolean;
-declare function getZ(publicKey: string, userId?: string): Uint8Array;
+declare function getZ(publicKey: string, userId?: string): Uint8Array<ArrayBufferLike>;
 /**
  * sm3杂凑算法
  */
@@ -139,6 +139,14 @@ declare namespace index$1 {
   export { index$1_EmptyArray as EmptyArray, type index$1_KeyPair as KeyPair, type index$1_SignaturePoint as SignaturePoint, index$1_arrayToHex as arrayToHex, index$1_arrayToUtf8 as arrayToUtf8, index$1_calculateSharedKey as calculateSharedKey, index$1_comparePublicKeyHex as comparePublicKeyHex, index$1_compressPublicKeyHex as compressPublicKeyHex, index$1_doDecrypt as doDecrypt, index$1_doEncrypt as doEncrypt, index$1_doSignature as doSignature, index$1_doVerifySignature as doVerifySignature, index$1_generateKeyPairHex as generateKeyPairHex, index$1_getHash as getHash, index$1_getPoint as getPoint, index$1_getPublicKeyFromPrivateKey as getPublicKeyFromPrivateKey, index$1_getZ as getZ, index$1_hexToArray as hexToArray, index$1_initRNGPool as initRNGPool, index$1_leftPad as leftPad, index$1_precomputePublicKey as precomputePublicKey, index$1_utf8ToHex as utf8ToHex, index$1_verifyPublicKey as verifyPublicKey };
 }
 
+/**
+ * SM3 Key derivation function used in SM2 encryption and key exchange, specified in GM/T 0003-2012
+ * @param z Input data (string or Uint8Array)
+ * @param keylen Desired key length in bytes
+ * @returns Derived key as Uint8Array
+ */
+declare function kdf(z: string | Uint8Array, keylen: number): Uint8Array<ArrayBuffer>;
+
 declare function sm3(input: string | Uint8Array, options?: {
     key: Uint8Array | string;
     mode?: 'hmac' | 'mac';
@@ -153,9 +161,9 @@ interface SM4Options {
     outputTag?: boolean;
     tag?: Uint8Array | string;
 }
-declare function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryptFlag: 0 | 1, options?: SM4Options): string | Uint8Array | {
+declare function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryptFlag: 0 | 1, options?: SM4Options): string | Uint8Array<ArrayBufferLike> | {
     output: Uint8Array;
-    tag?: Uint8Array | undefined;
+    tag?: Uint8Array;
 } | {
     output: string;
     tag: string | undefined;
@@ -194,4 +202,4 @@ declare namespace index {
   export { type index_GCMResult as GCMResult, type index_SM4Options as SM4Options, index_decrypt as decrypt, index_encrypt as encrypt, index_sm4 as sm4 };
 }
 
-export { index$1 as sm2, sm3, index as sm4 };
+export { kdf, index$1 as sm2, sm3, index as sm4 };

package/dist/index.js

@@ -30,6 +30,7 @@ var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: tr
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  kdf: () => kdf,
   sm2: () => sm2_exports,
   sm3: () => sm32,
   sm4: () => sm4_exports
@@ -703,13 +704,56 @@ function comparePublicKeyHex(publicKey1, publicKey2) {
 }
 
 // src/sm2/index.ts
-var utils4 = __toESM(require("@noble/curves/abstract/utils"));
+var utils5 = __toESM(require("@noble/curves/abstract/utils"));
 
-// src/sm2/kx.ts
+// src/sm2/kdf.ts
 var utils3 = __toESM(require("@noble/curves/abstract/utils"));
-var wPow2 = utils3.hexToNumber("80000000000000000000000000000000");
-var wPow2Sub1 = utils3.hexToNumber("7fffffffffffffffffffffffffffffff");
-function hkdf(z, keylen) {
+
+// src/sm3/index.ts
+function utf8ToArray(str) {
+  const arr = [];
+  for (let i = 0, len = str.length; i < len; i++) {
+    const point = str.codePointAt(i);
+    if (point <= 127) {
+      arr.push(point);
+    } else if (point <= 2047) {
+      arr.push(192 | point >>> 6);
+      arr.push(128 | point & 63);
+    } else if (point <= 55295 || point >= 57344 && point <= 65535) {
+      arr.push(224 | point >>> 12);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else if (point >= 65536 && point <= 1114111) {
+      i++;
+      arr.push(240 | point >>> 18 & 28);
+      arr.push(128 | point >>> 12 & 63);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else {
+      arr.push(point);
+      throw new Error("input is not supported");
+    }
+  }
+  return new Uint8Array(arr);
+}
+function sm32(input, options) {
+  input = typeof input === "string" ? utf8ToArray(input) : input;
+  if (options) {
+    const mode = options.mode || "hmac";
+    if (mode !== "hmac")
+      throw new Error("invalid mode");
+    let key = options.key;
+    if (!key)
+      throw new Error("invalid key");
+    key = typeof key === "string" ? hexToArray(key) : key;
+    return bytesToHex(hmac(sm3, key, input));
+  }
+  return bytesToHex(sm3(input));
+}
+
+// src/sm2/kdf.ts
+function kdf(z, keylen) {
+  z = typeof z === "string" ? utf8ToArray(z) : z;
   let msg = new Uint8Array(keylen);
   let ct = 1;
   let offset = 0;
@@ -732,6 +776,11 @@ function hkdf(z, keylen) {
   }
   return msg;
 }
+
+// src/sm2/kx.ts
+var utils4 = __toESM(require("@noble/curves/abstract/utils"));
+var wPow2 = utils4.hexToNumber("80000000000000000000000000000000");
+var wPow2Sub1 = utils4.hexToNumber("7fffffffffffffffffffffffffffffff");
 function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPublicKeyB, sharedKeyLength, isRecipient = false, idA = "1234567812345678", idB = "1234567812345678") {
   const RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey);
   const RB = sm2Curve.ProjectivePoint.fromHex(ephemeralPublicKeyB);
@@ -741,35 +790,41 @@ function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPu
   if (isRecipient) {
     [ZA, ZB] = [ZB, ZA];
   }
-  const rA = utils3.hexToNumber(ephemeralKeypairA.privateKey);
-  const dA = utils3.hexToNumber(keypairA.privateKey);
+  const rA = utils4.hexToNumber(ephemeralKeypairA.privateKey);
+  const dA = utils4.hexToNumber(keypairA.privateKey);
   const x1 = RA.x;
   const x1_ = wPow2 + (x1 & wPow2Sub1);
   const tA = field.add(dA, field.mulN(x1_, rA));
   const x2 = RB.x;
   const x2_ = field.add(wPow2, x2 & wPow2Sub1);
   const U = RB.multiply(x2_).add(PB).multiply(tA);
-  const xU = hexToArray(leftPad(utils3.numberToHexUnpadded(U.x), 64));
-  const yU = hexToArray(leftPad(utils3.numberToHexUnpadded(U.y), 64));
-  const KA = hkdf(utils3.concatBytes(xU, yU, ZA, ZB), sharedKeyLength);
+  const xU = hexToArray(leftPad(utils4.numberToHexUnpadded(U.x), 64));
+  const yU = hexToArray(leftPad(utils4.numberToHexUnpadded(U.y), 64));
+  const KA = kdf(utils4.concatBytes(xU, yU, ZA, ZB), sharedKeyLength);
   return KA;
 }
 
 // src/sm2/index.ts
+function xorCipherStream(x2, y2, msg) {
+  const stream = kdf(utils5.concatBytes(x2, y2), msg.length);
+  for (let i = 0, len = msg.length; i < len; i++) {
+    msg[i] ^= stream[i] & 255;
+  }
+}
 var C1C2C3 = 0;
 var EmptyArray = new Uint8Array();
 function doEncrypt(msg, publicKey, cipherMode = 1, options) {
   const msgArr = typeof msg === "string" ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg);
   const publicKeyPoint = typeof publicKey === "string" ? sm2Curve.ProjectivePoint.fromHex(publicKey) : publicKey;
   const keypair = generateKeyPairHex();
-  const k = utils4.hexToNumber(keypair.privateKey);
+  const k = utils5.hexToNumber(keypair.privateKey);
   let c1 = keypair.publicKey;
   if (c1.length > 128)
     c1 = c1.substring(c1.length - 128);
   const p = publicKeyPoint.multiply(k);
-  const x2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.y), 64));
-  const c3 = bytesToHex(sm3(utils4.concatBytes(x2, msgArr, y2)));
+  const x2 = hexToArray(leftPad(utils5.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad(utils5.numberToHexUnpadded(p.y), 64));
+  const c3 = bytesToHex(sm3(utils5.concatBytes(x2, msgArr, y2)));
   xorCipherStream(x2, y2, msgArr);
   const c2 = bytesToHex(msgArr);
   if (options?.asn1) {
@@ -779,32 +834,9 @@ function doEncrypt(msg, publicKey, cipherMode = 1, options) {
   }
   return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2;
 }
-function xorCipherStream(x2, y2, msg) {
-  let ct = 1;
-  let offset = 0;
-  let t = EmptyArray;
-  const ctShift = new Uint8Array(4);
-  const nextT = () => {
-    ctShift[0] = ct >> 24 & 255;
-    ctShift[1] = ct >> 16 & 255;
-    ctShift[2] = ct >> 8 & 255;
-    ctShift[3] = ct & 255;
-    t = sm3(utils4.concatBytes(x2, y2, ctShift));
-    ct++;
-    offset = 0;
-  };
-  nextT();
-  for (let i = 0, len = msg.length; i < len; i++) {
-    if (offset === t.length)
-      nextT();
-    msg[i] ^= t[offset++] & 255;
-  }
-}
-function doDecrypt(encryptData, privateKey, cipherMode = 1, {
-  output = "string",
-  asn1 = false
-} = {}) {
-  const privateKeyInteger = utils4.hexToNumber(privateKey);
+function doDecrypt(encryptData, privateKey, cipherMode = 1, options) {
+  const { output = "string", asn1 = false } = options || {};
+  const privateKeyInteger = utils5.hexToNumber(privateKey);
   let c1;
   let c2;
   let c3;
@@ -827,10 +859,10 @@ function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   }
   const msg = hexToArray(c2);
   const p = c1.multiply(privateKeyInteger);
-  const x2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.y), 64));
+  const x2 = hexToArray(leftPad(utils5.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad(utils5.numberToHexUnpadded(p.y), 64));
   xorCipherStream(x2, y2, msg);
-  const checkC3 = arrayToHex(Array.from(sm3(utils4.concatBytes(x2, msg, y2))));
+  const checkC3 = arrayToHex(Array.from(sm3(utils5.concatBytes(x2, msg, y2))));
   if (checkC3 === c3.toLowerCase()) {
     return output === "array" ? msg : arrayToUtf8(msg);
   } else {
@@ -850,8 +882,8 @@ function doSignature(msg, privateKey, options = {}) {
     publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey);
     hashHex = getHash(hashHex, publicKey, userId);
   }
-  const dA = utils4.hexToNumber(privateKey);
-  const e = utils4.hexToNumber(hashHex);
+  const dA = utils5.hexToNumber(privateKey);
+  const e = utils5.hexToNumber(hashHex);
   let k = null;
   let r = null;
   let s = null;
@@ -870,7 +902,7 @@ function doSignature(msg, privateKey, options = {}) {
   } while (s === ZERO);
   if (der)
     return encodeDer(r, s);
-  return leftPad(utils4.numberToHexUnpadded(r), 64) + leftPad(utils4.numberToHexUnpadded(s), 64);
+  return leftPad(utils5.numberToHexUnpadded(r), 64) + leftPad(utils5.numberToHexUnpadded(s), 64);
 }
 function doVerifySignature(msg, signHex, publicKey, options = {}) {
   let hashHex;
@@ -892,11 +924,11 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
     r = decodeDerObj.r;
     s = decodeDerObj.s;
   } else {
-    r = utils4.hexToNumber(signHex.substring(0, 64));
-    s = utils4.hexToNumber(signHex.substring(64));
+    r = utils5.hexToNumber(signHex.substring(0, 64));
+    s = utils5.hexToNumber(signHex.substring(64));
   }
   const PA = typeof publicKey === "string" ? sm2Curve.ProjectivePoint.fromHex(publicKey) : publicKey;
-  const e = utils4.hexToNumber(hashHex);
+  const e = utils5.hexToNumber(hashHex);
   const t = field.add(r, s);
   if (t === ZERO)
     return false;
@@ -906,10 +938,10 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
 }
 function getZ(publicKey, userId = "1234567812345678") {
   userId = utf8ToHex(userId);
-  const a = leftPad(utils4.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
-  const b = leftPad(utils4.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
-  const gx = leftPad(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
-  const gy = leftPad(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
+  const a = leftPad(utils5.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
+  const b = leftPad(utils5.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
+  const gx = leftPad(utils5.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
+  const gy = leftPad(utils5.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
   let px;
   let py;
   if (publicKey.length === 128) {
@@ -917,17 +949,17 @@ function getZ(publicKey, userId = "1234567812345678") {
     py = publicKey.substring(64, 128);
   } else {
     const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
-    px = leftPad(utils4.numberToHexUnpadded(point.x), 64);
-    py = leftPad(utils4.numberToHexUnpadded(point.y), 64);
+    px = leftPad(utils5.numberToHexUnpadded(point.x), 64);
+    py = leftPad(utils5.numberToHexUnpadded(point.y), 64);
   }
   const data = hexToArray(userId + a + b + gx + gy + px + py);
   const entl = userId.length * 4;
-  const z = sm3(utils4.concatBytes(new Uint8Array([entl >> 8 & 255, entl & 255]), data));
+  const z = sm3(utils5.concatBytes(new Uint8Array([entl >> 8 & 255, entl & 255]), data));
   return z;
 }
 function getHash(hashHex, publicKey, userId = "1234567812345678") {
   const z = getZ(publicKey, userId);
-  return bytesToHex(sm3(utils4.concatBytes(z, typeof hashHex === "string" ? hexToArray(hashHex) : hashHex)));
+  return bytesToHex(sm3(utils5.concatBytes(z, typeof hashHex === "string" ? hexToArray(hashHex) : hashHex)));
 }
 function precomputePublicKey(publicKey, windowSize) {
   const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
@@ -935,13 +967,13 @@ function precomputePublicKey(publicKey, windowSize) {
 }
 function getPublicKeyFromPrivateKey(privateKey) {
   const pubKey = sm2Curve.getPublicKey(privateKey, false);
-  const pubPad = leftPad(utils4.bytesToHex(pubKey), 64);
+  const pubPad = leftPad(utils5.bytesToHex(pubKey), 64);
   return pubPad;
 }
 function getPoint() {
   const keypair = generateKeyPairHex();
   const PA = sm2Curve.ProjectivePoint.fromHex(keypair.publicKey);
-  const k = utils4.hexToNumber(keypair.privateKey);
+  const k = utils5.hexToNumber(keypair.privateKey);
   return {
     ...keypair,
     k,
@@ -949,48 +981,6 @@ function getPoint() {
   };
 }
 
-// src/sm3/index.ts
-function utf8ToArray(str) {
-  const arr = [];
-  for (let i = 0, len = str.length; i < len; i++) {
-    const point = str.codePointAt(i);
-    if (point <= 127) {
-      arr.push(point);
-    } else if (point <= 2047) {
-      arr.push(192 | point >>> 6);
-      arr.push(128 | point & 63);
-    } else if (point <= 55295 || point >= 57344 && point <= 65535) {
-      arr.push(224 | point >>> 12);
-      arr.push(128 | point >>> 6 & 63);
-      arr.push(128 | point & 63);
-    } else if (point >= 65536 && point <= 1114111) {
-      i++;
-      arr.push(240 | point >>> 18 & 28);
-      arr.push(128 | point >>> 12 & 63);
-      arr.push(128 | point >>> 6 & 63);
-      arr.push(128 | point & 63);
-    } else {
-      arr.push(point);
-      throw new Error("input is not supported");
-    }
-  }
-  return new Uint8Array(arr);
-}
-function sm32(input, options) {
-  input = typeof input === "string" ? utf8ToArray(input) : input;
-  if (options) {
-    const mode = options.mode || "hmac";
-    if (mode !== "hmac")
-      throw new Error("invalid mode");
-    let key = options.key;
-    if (!key)
-      throw new Error("invalid key");
-    key = typeof key === "string" ? hexToArray(key) : key;
-    return bytesToHex(hmac(sm3, key, input));
-  }
-  return bytesToHex(sm3(input));
-}
-
 // src/sm4/index.ts
 var sm4_exports = {};
 __export(sm4_exports, {
@@ -1619,6 +1609,7 @@ function decrypt(inArray, key, options = {}) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  kdf,
   sm2,
   sm3,
   sm4