sm-crypto-v2 1.3.0 → 1.4.0

package/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.4.0](https://github.com/Cubelrti/sm-crypto-v2/compare/v1.3.0...v1.4.0) (2023-06-09)
+
+
+### Features
+
+* **sm2:** add experimental key agreement ([cdd00b4](https://github.com/Cubelrti/sm-crypto-v2/commit/cdd00b4e42bb5072e1dcb6e0301b6a2f18f53614))
+
 ## [1.3.0](https://github.com/Cubelrti/sm-crypto-v2/compare/v1.2.2...v1.3.0) (2023-06-07)
 
 

package/README.md

@@ -1,19 +1,19 @@
 # sm-crypto-v2
 
-[![npm version](https://badge.fury.io/js/sm-crypto-v2.svg)](https://badge.fury.io/js/sm-crypto-v2)
+[![npm version](https://badge.fury.io/js/sm-crypto-v2.svg)](https://www.npmjs.com/package/sm-crypto-v2)
 [![status](https://img.shields.io/github/actions/workflow/status/cubelrti/sm-crypto-v2/test.yml?branch=master)](https://github.com/cubelrti/sm-crypto-v2/actions)
 [![cov](https://cubelrti.github.io/sm-crypto-v2/badges/coverage.svg)](https://github.com/cubelrti/sm-crypto-v2/actions)
 
-
 国密算法 sm2、sm3 和 sm4 的 TypeScript 实现。参数支持 TypedArray，导出 esm/cjs。
 
 ## 特性
 
-- SM2 底层改用 `noble-curves`，性能提升接近4倍，[noble-curves 文档](https://github.com/paulmillr/noble-curves)
-- 完整的类型支持
-- 移除原有 `jsbn` 依赖，改用原生 BigInt 支持
-- 通过所有之前的单元测试，包括 SM2、SM3 和 SM4
-- 自动使用最优的安全随机数实现，不使用 `random` 和 `Date.now` 模拟
+- ⚡ 基于 [`noble-curves` Abstract API](https://github.com/paulmillr/noble-curves#abstract-api) 重构 SM2，性能提升近4倍。详见 [noble-curves 文档](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/) 
+- 📘 使用 TypeScript 实现，提供全面的类型支持
+- 🔄 移除原有 `jsbn` 依赖，改用原生 BigInt
+- ✔️ 通过全部历史单元测试，包括 SM2、SM3 和 SM4
+- 🎲 自动选择最优的安全随机数实现，避免使用 `Math.random` 和 `Date.now` 进行模拟
+- 📚 同时导出 ES Module 和 CommonJS 两种格式，可按需使用
 
 ## 安装
 
@@ -163,6 +163,24 @@ let decryptData = sm4.decrypt(encryptData, key, {padding: 'none', output: 'array
 let decryptData = sm4.decrypt(encryptData, key, {mode: 'cbc', iv: 'fedcba98765432100123456789abcdef'}) // 解密，cbc 模式
 ```
 
+### 密钥交换(实验性)
+
+```js
+import { sm2 } from 'sm-crypto-v2'
+
+const keyPairA = sm2.generateKeyPairHex() // A 的秘钥对
+const keyPairB = sm2.generateKeyPairHex() // B 的秘钥对
+const ephemeralKeypairA = sm2.generateKeyPairHex() // A 的临时秘钥对
+const ephemeralKeypairB = sm2.generateKeyPairHex() // B 的临时秘钥对
+
+// A 所需参数：A 的秘钥对，A 的临时秘钥对，B 的公钥，B 的临时秘钥公钥，AB 的身份ID，长度
+const sharedKeyFromA = sm2.calculateSharedKey(keyPairA, ephemeralKeypairA, keyPairB.publicKey, ephemeralKeypairB.publicKey, undefined, undefined, 233)
+// A 所需参数：B 的秘钥对，B 的临时秘钥对，A 的公钥，A 的临时秘钥公钥，AB 的身份ID，长度
+const sharedKeyFromB = sm2.calculateSharedKey(keyPairB, ephemeralKeypairB, keyPairA.publicKey, ephemeralKeypairA.publicKey, undefined, undefined, 233)
+
+// expect(sharedKeyFromA).toEqual(sharedKeyFromB) => true
+```
+
 ## 其他实现
 
 * 原 js 版本：[https://github.com/JuneAndGreen/sm-crypto](https://github.com/JuneAndGreen/sm-crypto)

package/dist/index.d.ts

@@ -1,10 +1,11 @@
+interface KeyPair {
+    privateKey: string;
+    publicKey: string;
+}
 /**
  * 生成密钥对：publicKey = privateKey * G
  */
-declare function generateKeyPairHex(str?: string): {
-    privateKey: string;
-    publicKey: string;
-};
+declare function generateKeyPairHex(str?: string): KeyPair;
 /**
  * 生成压缩公钥
  */
@@ -41,6 +42,8 @@ declare function concatArray(...arrays: Uint8Array[]): Uint8Array;
 
 declare function initRNGPool(): Promise<void>;
 
+declare function calculateSharedKey(keypairA: KeyPair, ephemeralKeypairA: KeyPair, publicKeyB: string, ephemeralPublicKeyB: string, idA: string | undefined, idB: string | undefined, sharedKeyLength: number): Uint8Array;
+
 /**
  * 加密
  */
@@ -103,6 +106,8 @@ declare const index$2_getHash: typeof getHash;
 declare const index$2_getPublicKeyFromPrivateKey: typeof getPublicKeyFromPrivateKey;
 declare const index$2_getPoint: typeof getPoint;
 declare const index$2_initRNGPool: typeof initRNGPool;
+declare const index$2_calculateSharedKey: typeof calculateSharedKey;
+type index$2_KeyPair = KeyPair;
 declare const index$2_generateKeyPairHex: typeof generateKeyPairHex;
 declare const index$2_compressPublicKeyHex: typeof compressPublicKeyHex;
 declare const index$2_utf8ToHex: typeof utf8ToHex;
@@ -124,6 +129,8 @@ declare namespace index$2 {
     index$2_getPublicKeyFromPrivateKey as getPublicKeyFromPrivateKey,
     index$2_getPoint as getPoint,
     index$2_initRNGPool as initRNGPool,
+    index$2_calculateSharedKey as calculateSharedKey,
+    index$2_KeyPair as KeyPair,
     index$2_generateKeyPairHex as generateKeyPairHex,
     index$2_compressPublicKeyHex as compressPublicKeyHex,
     index$2_utf8ToHex as utf8ToHex,

package/dist/index.js

@@ -37,6 +37,7 @@ var sm2_exports = {};
 __export(sm2_exports, {
   arrayToHex: () => arrayToHex,
   arrayToUtf8: () => arrayToUtf8,
+  calculateSharedKey: () => calculateSharedKey,
   comparePublicKeyHex: () => comparePublicKeyHex,
   compressPublicKeyHex: () => compressPublicKeyHex,
   concatArray: () => concatArray,
@@ -544,19 +545,65 @@ function concatArray(...arrays) {
 
 // src/sm2/index.ts
 var mod2 = __toESM(require("@noble/curves/abstract/modular"));
+var utils4 = __toESM(require("@noble/curves/abstract/utils"));
+
+// src/sm2/kx.ts
 var utils3 = __toESM(require("@noble/curves/abstract/utils"));
+var import_modular3 = require("@noble/curves/abstract/modular");
+var field = (0, import_modular3.Field)(BigInt(sm2Curve.CURVE.n));
+var wPow2 = utils3.hexToNumber("80000000000000000000000000000000");
+var wPow2Sub1 = utils3.hexToNumber("7fffffffffffffffffffffffffffffff");
+function hkdf(z, keylen) {
+  let t = new Uint8Array();
+  let msg = new Uint8Array(keylen);
+  let ct = 1;
+  let offset = 0;
+  const nextT = () => {
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
+    ct++;
+    offset = 0;
+  };
+  nextT();
+  for (let i = 0, len = msg.length; i < len; i++) {
+    if (offset === t.length)
+      nextT();
+    msg[i] = t[offset++] & 255;
+  }
+  return msg;
+}
+function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPublicKeyB, idA = "1234567812345678", idB = "1234567812345678", sharedKeyLength) {
+  const RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey);
+  const RB = sm2Curve.ProjectivePoint.fromHex(ephemeralPublicKeyB);
+  const PB = sm2Curve.ProjectivePoint.fromHex(publicKeyB);
+  const ZA = hexToArray(idA);
+  const ZB = hexToArray(idB);
+  const rA = utils3.hexToNumber(ephemeralKeypairA.privateKey);
+  const dA = utils3.hexToNumber(keypairA.privateKey);
+  const x1 = RA.x;
+  const x1_ = field.add(wPow2, x1 & wPow2Sub1);
+  const tA = field.add(dA, field.mul(x1_, rA));
+  const x2 = RB.x;
+  const x2_ = field.add(wPow2, x2 & wPow2Sub1);
+  const U = RB.multiply(x2_).add(PB).multiply(tA);
+  const xU = hexToArray(leftPad2(utils3.numberToHexUnpadded(U.x), 64));
+  const yU = hexToArray(leftPad2(utils3.numberToHexUnpadded(U.y), 64));
+  const KA = hkdf(concatArray(xU, yU, ZA, ZB), sharedKeyLength);
+  return KA;
+}
+
+// src/sm2/index.ts
 var C1C2C3 = 0;
 function doEncrypt(msg, publicKey, cipherMode = 1) {
   const msgArr = typeof msg === "string" ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg);
   const publicKeyPoint = sm2Curve.ProjectivePoint.fromHex(publicKey);
   const keypair = generateKeyPairHex();
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   let c1 = keypair.publicKey;
   if (c1.length > 128)
     c1 = c1.substring(c1.length - 128);
   const p = publicKeyPoint.multiply(k);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
+  const x2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.y), 64));
   const c3 = arrayToHex(Array.from(sm3(concatArray(x2, msgArr, y2))));
   let ct = 1;
   let offset = 0;
@@ -579,7 +626,7 @@ function doEncrypt(msg, publicKey, cipherMode = 1) {
 function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   output = "string"
 } = {}) {
-  const privateKeyInteger = utils3.hexToNumber(privateKey);
+  const privateKeyInteger = utils4.hexToNumber(privateKey);
   let c3 = encryptData.substring(128, 128 + 64);
   let c2 = encryptData.substring(128 + 64);
   if (cipherMode === C1C2C3) {
@@ -589,8 +636,8 @@ function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   const msg = hexToArray(c2);
   const c1 = sm2Curve.ProjectivePoint.fromHex("04" + encryptData.substring(0, 128));
   const p = c1.multiply(privateKeyInteger);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
+  const x2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.y), 64));
   let ct = 1;
   let offset = 0;
   let t = new Uint8Array();
@@ -626,8 +673,8 @@ function doSignature(msg, privateKey, options = {}) {
     publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey);
     hashHex = getHash(hashHex, publicKey, userId);
   }
-  const dA = utils3.hexToNumber(privateKey);
-  const e = utils3.hexToNumber(hashHex);
+  const dA = utils4.hexToNumber(privateKey);
+  const e = utils4.hexToNumber(hashHex);
   let k = null;
   let r = null;
   let s = null;
@@ -646,7 +693,7 @@ function doSignature(msg, privateKey, options = {}) {
   } while (s === ZERO);
   if (der)
     return encodeDer(r, s);
-  return leftPad2(utils3.numberToHexUnpadded(r), 64) + leftPad2(utils3.numberToHexUnpadded(s), 64);
+  return leftPad2(utils4.numberToHexUnpadded(r), 64) + leftPad2(utils4.numberToHexUnpadded(s), 64);
 }
 function doVerifySignature(msg, signHex, publicKey, options = {}) {
   let hashHex;
@@ -667,11 +714,11 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
     r = decodeDerObj.r;
     s = decodeDerObj.s;
   } else {
-    r = utils3.hexToNumber(signHex.substring(0, 64));
-    s = utils3.hexToNumber(signHex.substring(64));
+    r = utils4.hexToNumber(signHex.substring(0, 64));
+    s = utils4.hexToNumber(signHex.substring(64));
   }
   const PA = sm2Curve.ProjectivePoint.fromHex(publicKey);
-  const e = utils3.hexToNumber(hashHex);
+  const e = utils4.hexToNumber(hashHex);
   const t = mod2.mod(r + s, sm2Curve.CURVE.n);
   if (t === ZERO)
     return false;
@@ -681,10 +728,10 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
 }
 function getHash(hashHex, publicKey, userId = "1234567812345678") {
   userId = utf8ToHex(userId);
-  const a = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
-  const b = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
-  const gx = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
-  const gy = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
+  const a = leftPad2(utils4.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
+  const b = leftPad2(utils4.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
+  const gx = leftPad2(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
+  const gy = leftPad2(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
   let px;
   let py;
   if (publicKey.length === 128) {
@@ -692,8 +739,8 @@ function getHash(hashHex, publicKey, userId = "1234567812345678") {
     py = publicKey.substring(64, 128);
   } else {
     const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
-    px = leftPad2(utils3.numberToHexUnpadded(point.x), 64);
-    py = leftPad2(utils3.numberToHexUnpadded(point.y), 64);
+    px = leftPad2(utils4.numberToHexUnpadded(point.x), 64);
+    py = leftPad2(utils4.numberToHexUnpadded(point.y), 64);
   }
   const data = hexToArray(userId + a + b + gx + gy + px + py);
   const entl = userId.length * 4;
@@ -702,13 +749,13 @@ function getHash(hashHex, publicKey, userId = "1234567812345678") {
 }
 function getPublicKeyFromPrivateKey(privateKey) {
   const pubKey = sm2Curve.getPublicKey(privateKey, false);
-  const pubPad = leftPad2(utils3.bytesToHex(pubKey), 64);
+  const pubPad = leftPad2(utils4.bytesToHex(pubKey), 64);
   return pubPad;
 }
 function getPoint() {
   const keypair = generateKeyPairHex();
   const PA = sm2Curve.ProjectivePoint.fromHex(keypair.publicKey);
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   return {
     ...keypair,
     k,

package/dist/index.mjs

@@ -9,6 +9,7 @@ var sm2_exports = {};
 __export(sm2_exports, {
   arrayToHex: () => arrayToHex,
   arrayToUtf8: () => arrayToUtf8,
+  calculateSharedKey: () => calculateSharedKey,
   comparePublicKeyHex: () => comparePublicKeyHex,
   compressPublicKeyHex: () => compressPublicKeyHex,
   concatArray: () => concatArray,
@@ -516,19 +517,65 @@ function concatArray(...arrays) {
 
 // src/sm2/index.ts
 import * as mod2 from "@noble/curves/abstract/modular";
+import * as utils4 from "@noble/curves/abstract/utils";
+
+// src/sm2/kx.ts
 import * as utils3 from "@noble/curves/abstract/utils";
+import { Field as Field2 } from "@noble/curves/abstract/modular";
+var field = Field2(BigInt(sm2Curve.CURVE.n));
+var wPow2 = utils3.hexToNumber("80000000000000000000000000000000");
+var wPow2Sub1 = utils3.hexToNumber("7fffffffffffffffffffffffffffffff");
+function hkdf(z, keylen) {
+  let t = new Uint8Array();
+  let msg = new Uint8Array(keylen);
+  let ct = 1;
+  let offset = 0;
+  const nextT = () => {
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
+    ct++;
+    offset = 0;
+  };
+  nextT();
+  for (let i = 0, len = msg.length; i < len; i++) {
+    if (offset === t.length)
+      nextT();
+    msg[i] = t[offset++] & 255;
+  }
+  return msg;
+}
+function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPublicKeyB, idA = "1234567812345678", idB = "1234567812345678", sharedKeyLength) {
+  const RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey);
+  const RB = sm2Curve.ProjectivePoint.fromHex(ephemeralPublicKeyB);
+  const PB = sm2Curve.ProjectivePoint.fromHex(publicKeyB);
+  const ZA = hexToArray(idA);
+  const ZB = hexToArray(idB);
+  const rA = utils3.hexToNumber(ephemeralKeypairA.privateKey);
+  const dA = utils3.hexToNumber(keypairA.privateKey);
+  const x1 = RA.x;
+  const x1_ = field.add(wPow2, x1 & wPow2Sub1);
+  const tA = field.add(dA, field.mul(x1_, rA));
+  const x2 = RB.x;
+  const x2_ = field.add(wPow2, x2 & wPow2Sub1);
+  const U = RB.multiply(x2_).add(PB).multiply(tA);
+  const xU = hexToArray(leftPad2(utils3.numberToHexUnpadded(U.x), 64));
+  const yU = hexToArray(leftPad2(utils3.numberToHexUnpadded(U.y), 64));
+  const KA = hkdf(concatArray(xU, yU, ZA, ZB), sharedKeyLength);
+  return KA;
+}
+
+// src/sm2/index.ts
 var C1C2C3 = 0;
 function doEncrypt(msg, publicKey, cipherMode = 1) {
   const msgArr = typeof msg === "string" ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg);
   const publicKeyPoint = sm2Curve.ProjectivePoint.fromHex(publicKey);
   const keypair = generateKeyPairHex();
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   let c1 = keypair.publicKey;
   if (c1.length > 128)
     c1 = c1.substring(c1.length - 128);
   const p = publicKeyPoint.multiply(k);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
+  const x2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.y), 64));
   const c3 = arrayToHex(Array.from(sm3(concatArray(x2, msgArr, y2))));
   let ct = 1;
   let offset = 0;
@@ -551,7 +598,7 @@ function doEncrypt(msg, publicKey, cipherMode = 1) {
 function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   output = "string"
 } = {}) {
-  const privateKeyInteger = utils3.hexToNumber(privateKey);
+  const privateKeyInteger = utils4.hexToNumber(privateKey);
   let c3 = encryptData.substring(128, 128 + 64);
   let c2 = encryptData.substring(128 + 64);
   if (cipherMode === C1C2C3) {
@@ -561,8 +608,8 @@ function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   const msg = hexToArray(c2);
   const c1 = sm2Curve.ProjectivePoint.fromHex("04" + encryptData.substring(0, 128));
   const p = c1.multiply(privateKeyInteger);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
+  const x2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad2(utils4.numberToHexUnpadded(p.y), 64));
   let ct = 1;
   let offset = 0;
   let t = new Uint8Array();
@@ -598,8 +645,8 @@ function doSignature(msg, privateKey, options = {}) {
     publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey);
     hashHex = getHash(hashHex, publicKey, userId);
   }
-  const dA = utils3.hexToNumber(privateKey);
-  const e = utils3.hexToNumber(hashHex);
+  const dA = utils4.hexToNumber(privateKey);
+  const e = utils4.hexToNumber(hashHex);
   let k = null;
   let r = null;
   let s = null;
@@ -618,7 +665,7 @@ function doSignature(msg, privateKey, options = {}) {
   } while (s === ZERO);
   if (der)
     return encodeDer(r, s);
-  return leftPad2(utils3.numberToHexUnpadded(r), 64) + leftPad2(utils3.numberToHexUnpadded(s), 64);
+  return leftPad2(utils4.numberToHexUnpadded(r), 64) + leftPad2(utils4.numberToHexUnpadded(s), 64);
 }
 function doVerifySignature(msg, signHex, publicKey, options = {}) {
   let hashHex;
@@ -639,11 +686,11 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
     r = decodeDerObj.r;
     s = decodeDerObj.s;
   } else {
-    r = utils3.hexToNumber(signHex.substring(0, 64));
-    s = utils3.hexToNumber(signHex.substring(64));
+    r = utils4.hexToNumber(signHex.substring(0, 64));
+    s = utils4.hexToNumber(signHex.substring(64));
   }
   const PA = sm2Curve.ProjectivePoint.fromHex(publicKey);
-  const e = utils3.hexToNumber(hashHex);
+  const e = utils4.hexToNumber(hashHex);
   const t = mod2.mod(r + s, sm2Curve.CURVE.n);
   if (t === ZERO)
     return false;
@@ -653,10 +700,10 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
 }
 function getHash(hashHex, publicKey, userId = "1234567812345678") {
   userId = utf8ToHex(userId);
-  const a = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
-  const b = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
-  const gx = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
-  const gy = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
+  const a = leftPad2(utils4.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
+  const b = leftPad2(utils4.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
+  const gx = leftPad2(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
+  const gy = leftPad2(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
   let px;
   let py;
   if (publicKey.length === 128) {
@@ -664,8 +711,8 @@ function getHash(hashHex, publicKey, userId = "1234567812345678") {
     py = publicKey.substring(64, 128);
   } else {
     const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
-    px = leftPad2(utils3.numberToHexUnpadded(point.x), 64);
-    py = leftPad2(utils3.numberToHexUnpadded(point.y), 64);
+    px = leftPad2(utils4.numberToHexUnpadded(point.x), 64);
+    py = leftPad2(utils4.numberToHexUnpadded(point.y), 64);
   }
   const data = hexToArray(userId + a + b + gx + gy + px + py);
   const entl = userId.length * 4;
@@ -674,13 +721,13 @@ function getHash(hashHex, publicKey, userId = "1234567812345678") {
 }
 function getPublicKeyFromPrivateKey(privateKey) {
   const pubKey = sm2Curve.getPublicKey(privateKey, false);
-  const pubPad = leftPad2(utils3.bytesToHex(pubKey), 64);
+  const pubPad = leftPad2(utils4.bytesToHex(pubKey), 64);
   return pubPad;
 }
 function getPoint() {
   const keypair = generateKeyPairHex();
   const PA = sm2Curve.ProjectivePoint.fromHex(keypair.publicKey);
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   return {
     ...keypair,
     k,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sm-crypto-v2",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "sm-crypto-v2",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/src/sm2/index.ts

@@ -9,6 +9,7 @@ import { ONE, ZERO } from './bn';
 
 export * from './utils'
 export { initRNGPool } from './ec'
+export { calculateSharedKey } from './kx'
 
 // const { G, curve, n } = generateEcparam()
 const C1C2C3 = 0

package/src/sm2/kx.ts

@@ -0,0 +1,76 @@
+import { sm2Curve } from './ec';
+import { KeyPair, concatArray, hexToArray, leftPad } from './utils';
+import * as utils from '@noble/curves/abstract/utils';
+import { Field } from '@noble/curves/abstract/modular';
+import { sm3 } from './sm3';
+
+export const field = Field(BigInt(sm2Curve.CURVE.n))
+
+// 用到的常数
+const wPow2 = utils.hexToNumber('80000000000000000000000000000000')
+const wPow2Sub1 = utils.hexToNumber('7fffffffffffffffffffffffffffffff')
+
+// from sm2 sign part, extracted for code reusable.
+function hkdf(z: Uint8Array, keylen: number) {
+  let t = new Uint8Array() // 256 位
+  let msg = new Uint8Array(keylen)
+  let ct = 1
+  let offset = 0
+  const nextT = () => {
+    // (1) Hai = hash(z || ct)
+    // (2) ct++
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 0x00ff, ct >> 16 & 0x00ff, ct >> 8 & 0x00ff, ct & 0x00ff]))
+    ct++
+    offset = 0
+  }
+  nextT() // 先生成 Ha1
+
+  for (let i = 0, len = msg.length; i < len; i++) {
+    // t = Ha1 || Ha2 || Ha3 || Ha4
+    if (offset === t.length) nextT()
+
+    // c2 = msg ^ t
+    msg[i] = t[offset++] & 0xff
+  }
+  return msg
+}
+
+
+export function calculateSharedKey(
+  keypairA: KeyPair,
+  ephemeralKeypairA: KeyPair,
+  publicKeyB: string,
+  ephemeralPublicKeyB: string,
+  idA: string = '1234567812345678',
+  idB: string = '1234567812345678',
+  sharedKeyLength: number,
+) {
+  const RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey)
+  const RB = sm2Curve.ProjectivePoint.fromHex(ephemeralPublicKeyB)
+  // const PA = sm2Curve.ProjectivePoint.fromHex(keypairA.publicKey) // 暂时用不到
+  const PB = sm2Curve.ProjectivePoint.fromHex(publicKeyB)
+  const ZA = hexToArray(idA)
+  const ZB = hexToArray(idB)
+  const rA = utils.hexToNumber(ephemeralKeypairA.privateKey)
+  const dA = utils.hexToNumber(keypairA.privateKey)
+  // 1.先算tA
+  const x1 = RA.x
+  // x1_ = 2^w + (x1 & (2^w - 1))
+  const x1_ = field.add(wPow2, (x1 & wPow2Sub1))
+  // tA = (dA + x1b * rA) mod n
+  const tA = field.add(dA, field.mul(x1_, rA))
+
+  // 2.算 U
+  // x2_ = 2^w + (x2 & (2^w - 1))
+  const x2 = RB.x
+  const x2_ = field.add(wPow2, (x2 & wPow2Sub1))
+  // U = [h * tA](PB + x2_ * RB)
+  const U = RB.multiply(x2_).add(PB).multiply(tA)
+
+  // 3.算 KDF
+  // KA = KDF(xU || yU || ZA || ZB, kLen)
+  const xU = hexToArray(leftPad(utils.numberToHexUnpadded(U.x), 64))
+  const yU = hexToArray(leftPad(utils.numberToHexUnpadded(U.y), 64))
+  const KA = hkdf(concatArray(xU, yU, ZA, ZB), sharedKeyLength)
+  return KA
+}

package/src/sm2/utils.ts

@@ -5,10 +5,15 @@ import { sm2Curve, sm2Fp } from './ec';
 import { mod } from '@noble/curves/abstract/modular';
 import { ONE, TWO, ZERO } from './bn';
 
+export interface KeyPair {
+  privateKey: string
+  publicKey: string
+}
+
 /**
  * 生成密钥对：publicKey = privateKey * G
  */
-export function generateKeyPairHex(str?: string) {
+export function generateKeyPairHex(str?: string): KeyPair {
   const privateKey = str ? utils.numberToBytesBE((mod(BigInt(str), ONE) + ONE), 32) : sm2Curve.utils.randomPrivateKey()
   // const random = typeof a === 'string' ? new BigInteger(a, b) :
   //   a ? new BigInteger(a, b!, c!) : new BigInteger(n.bitLength(), rng)