sm-crypto-v2 1.3.0 → 1.5.0

package/dist/index.mjs

@@ -7,11 +7,12 @@ var __export = (target, all) => {
 // src/sm2/index.ts
 var sm2_exports = {};
 __export(sm2_exports, {
+  EmptyArray: () => EmptyArray,
   arrayToHex: () => arrayToHex,
   arrayToUtf8: () => arrayToUtf8,
+  calculateSharedKey: () => calculateSharedKey,
   comparePublicKeyHex: () => comparePublicKeyHex,
   compressPublicKeyHex: () => compressPublicKeyHex,
-  concatArray: () => concatArray,
   doDecrypt: () => doDecrypt,
   doEncrypt: () => doEncrypt,
   doSignature: () => doSignature,
@@ -22,7 +23,7 @@ __export(sm2_exports, {
   getPublicKeyFromPrivateKey: () => getPublicKeyFromPrivateKey,
   hexToArray: () => hexToArray,
   initRNGPool: () => initRNGPool,
-  leftPad: () => leftPad2,
+  leftPad: () => leftPad,
   utf8ToHex: () => utf8ToHex,
   verifyPublicKey: () => verifyPublicKey
 });
@@ -157,181 +158,7 @@ import * as utils2 from "@noble/curves/abstract/utils";
 import { weierstrass } from "@noble/curves/abstract/weierstrass";
 import { Field } from "@noble/curves/abstract/modular";
 
-// src/sm2/sm3.ts
-var W = new Uint32Array(68);
-var M = new Uint32Array(64);
-function rotl(x, n) {
-  const s = n & 31;
-  return x << s | x >>> 32 - s;
-}
-function xor(x, y) {
-  const result = new Uint8Array(x.length);
-  for (let i = x.length - 1; i >= 0; i--)
-    result[i] = (x[i] ^ y[i]) & 255;
-  return result;
-}
-function P0(X) {
-  return X ^ rotl(X, 9) ^ rotl(X, 17);
-}
-function P1(X) {
-  return X ^ rotl(X, 15) ^ rotl(X, 23);
-}
-function sm3(array) {
-  let len = array.length * 8;
-  let k = len % 512;
-  k = k >= 448 ? 512 - k % 448 - 1 : 448 - k - 1;
-  const kArr = new Array((k - 7) / 8);
-  const lenArr = new Array(8);
-  for (let i = 0, len2 = kArr.length; i < len2; i++)
-    kArr[i] = 0;
-  for (let i = 0, len2 = lenArr.length; i < len2; i++)
-    lenArr[i] = 0;
-  let lenString = len.toString(2);
-  for (let i = 7; i >= 0; i--) {
-    if (lenString.length > 8) {
-      const start = lenString.length - 8;
-      lenArr[i] = parseInt(lenString.substring(start), 2);
-      lenString = lenString.substring(0, start);
-    } else if (lenString.length > 0) {
-      lenArr[i] = parseInt(lenString, 2);
-      lenString = "";
-    }
-  }
-  const m = Uint8Array.from([...array, 128, ...kArr, ...lenArr]);
-  const dataView = new DataView(m.buffer, 0);
-  const n = m.length / 64;
-  const V = new Uint32Array([1937774191, 1226093241, 388252375, 3666478592, 2842636476, 372324522, 3817729613, 2969243214]);
-  for (let i = 0; i < n; i++) {
-    W.fill(0);
-    M.fill(0);
-    const start = 16 * i;
-    for (let j = 0; j < 16; j++) {
-      W[j] = dataView.getUint32((start + j) * 4, false);
-    }
-    for (let j = 16; j < 68; j++) {
-      W[j] = P1(W[j - 16] ^ W[j - 9] ^ rotl(W[j - 3], 15)) ^ rotl(W[j - 13], 7) ^ W[j - 6];
-    }
-    for (let j = 0; j < 64; j++) {
-      M[j] = W[j] ^ W[j + 4];
-    }
-    const T1 = 2043430169;
-    const T2 = 2055708042;
-    let A = V[0];
-    let B = V[1];
-    let C = V[2];
-    let D = V[3];
-    let E = V[4];
-    let F = V[5];
-    let G = V[6];
-    let H = V[7];
-    let SS1;
-    let SS2;
-    let TT1;
-    let TT2;
-    let T;
-    for (let j = 0; j < 64; j++) {
-      T = j >= 0 && j <= 15 ? T1 : T2;
-      SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7);
-      SS2 = SS1 ^ rotl(A, 12);
-      TT1 = (j >= 0 && j <= 15 ? A ^ B ^ C : A & B | A & C | B & C) + D + SS2 + M[j];
-      TT2 = (j >= 0 && j <= 15 ? E ^ F ^ G : E & F | ~E & G) + H + SS1 + W[j];
-      D = C;
-      C = rotl(B, 9);
-      B = A;
-      A = TT1;
-      H = G;
-      G = rotl(F, 19);
-      F = E;
-      E = P0(TT2);
-    }
-    V[0] ^= A;
-    V[1] ^= B;
-    V[2] ^= C;
-    V[3] ^= D;
-    V[4] ^= E;
-    V[5] ^= F;
-    V[6] ^= G;
-    V[7] ^= H;
-  }
-  const result = new Uint8Array(V.length * 4);
-  for (let i = 0, len2 = V.length; i < len2; i++) {
-    const word = V[i];
-    result[i * 4] = (word & 4278190080) >>> 24;
-    result[i * 4 + 1] = (word & 16711680) >>> 16;
-    result[i * 4 + 2] = (word & 65280) >>> 8;
-    result[i * 4 + 3] = word & 255;
-  }
-  return result;
-}
-var blockLen = 64;
-var iPad = new Uint8Array(blockLen);
-var oPad = new Uint8Array(blockLen);
-for (let i = 0; i < blockLen; i++) {
-  iPad[i] = 54;
-  oPad[i] = 92;
-}
-function hmac(input, key) {
-  if (key.length > blockLen)
-    key = sm3(key);
-  while (key.length < blockLen) {
-    const padKey = new Uint8Array(blockLen);
-    padKey.set(key);
-    key = padKey;
-  }
-  const iPadKey = xor(key, iPad);
-  const oPadKey = xor(key, oPad);
-  const hash = sm3(concatArray(iPadKey, input));
-  return sm3(concatArray(oPadKey, hash));
-}
-
-// src/sm3/index.ts
-var sm3_exports = {};
-__export(sm3_exports, {
-  sm3: () => sm32,
-  utf8ToArray: () => utf8ToArray
-});
-function utf8ToArray(str) {
-  const arr = [];
-  for (let i = 0, len = str.length; i < len; i++) {
-    const point = str.codePointAt(i);
-    if (point <= 127) {
-      arr.push(point);
-    } else if (point <= 2047) {
-      arr.push(192 | point >>> 6);
-      arr.push(128 | point & 63);
-    } else if (point <= 55295 || point >= 57344 && point <= 65535) {
-      arr.push(224 | point >>> 12);
-      arr.push(128 | point >>> 6 & 63);
-      arr.push(128 | point & 63);
-    } else if (point >= 65536 && point <= 1114111) {
-      i++;
-      arr.push(240 | point >>> 18 & 28);
-      arr.push(128 | point >>> 12 & 63);
-      arr.push(128 | point >>> 6 & 63);
-      arr.push(128 | point & 63);
-    } else {
-      arr.push(point);
-      throw new Error("input is not supported");
-    }
-  }
-  return new Uint8Array(arr);
-}
-function sm32(input, options) {
-  input = typeof input === "string" ? utf8ToArray(input) : input;
-  if (options) {
-    const mode = options.mode || "hmac";
-    if (mode !== "hmac")
-      throw new Error("invalid mode");
-    let key = options.key;
-    if (!key)
-      throw new Error("invalid key");
-    key = typeof key === "string" ? hexToArray(key) : key;
-    return arrayToHex(Array.from(hmac(input, key)));
-  }
-  return arrayToHex(Array.from(sm3(input)));
-}
-
-// src/sm2/ec.ts
+// src/sm2/rng.ts
 var DEFAULT_PRNG_POOL_SIZE = 16384;
 var prngPool = new Uint8Array(0);
 var _syncCrypto;
@@ -386,13 +213,304 @@ function randomBytes(length = 0) {
     return result;
   }
 }
-function createHash() {
-  const hashC = (msg) => sm3(typeof msg === "string" ? utf8ToArray(msg) : msg);
-  hashC.outputLen = 256;
-  hashC.blockLen = 512;
-  hashC.create = () => sm3(Uint8Array.from([]));
+
+// src/sm3/utils.ts
+var u8a = (a) => a instanceof Uint8Array;
+var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
+if (!isLE)
+  throw new Error("Non little-endian hardware is not supported");
+var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
+function bytesToHex(bytes) {
+  if (!u8a(bytes))
+    throw new Error("Uint8Array expected");
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  if (!u8a(data))
+    throw new Error(`expected Uint8Array, got ${typeof data}`);
+  return data;
+}
+var Hash = class {
+  clone() {
+    return this._cloneInto();
+  }
+};
+function wrapConstructor(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
+  const tmp2 = hashCons();
+  hashC.outputLen = tmp2.outputLen;
+  hashC.blockLen = tmp2.blockLen;
+  hashC.create = () => hashCons();
   return hashC;
 }
+
+// src/sm2/sm3.ts
+var BoolA = (A, B, C) => A & B | A & C | B & C;
+var BoolB = (A, B, C) => A ^ B ^ C;
+var BoolC = (A, B, C) => A & B | ~A & C;
+function setBigUint64(view, byteOffset, value, isLE2) {
+  if (typeof view.setBigUint64 === "function")
+    return view.setBigUint64(byteOffset, value, isLE2);
+  const _32n = BigInt(32);
+  const _u32_max = BigInt(4294967295);
+  const wh = Number(value >> _32n & _u32_max);
+  const wl = Number(value & _u32_max);
+  const h = isLE2 ? 4 : 0;
+  const l = isLE2 ? 0 : 4;
+  view.setUint32(byteOffset + h, wh, isLE2);
+  view.setUint32(byteOffset + l, wl, isLE2);
+}
+function rotl(x2, n) {
+  const s = n & 31;
+  return x2 << s | x2 >>> 32 - s;
+}
+function P0(X) {
+  return X ^ rotl(X, 9) ^ rotl(X, 17);
+}
+function P1(X) {
+  return X ^ rotl(X, 15) ^ rotl(X, 23);
+}
+var SHA2 = class extends Hash {
+  constructor(blockLen, outputLen, padOffset, isLE2) {
+    super();
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.padOffset = padOffset;
+    this.isLE = isLE2;
+    this.buffer = new Uint8Array(blockLen);
+    this.view = createView(this.buffer);
+  }
+  buffer;
+  view;
+  finished = false;
+  length = 0;
+  pos = 0;
+  destroyed = false;
+  update(data) {
+    const { view, buffer, blockLen } = this;
+    data = toBytes(data);
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        const dataView = createView(data);
+        for (; blockLen <= len - pos; pos += blockLen)
+          this.process(dataView, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(view, 0);
+        this.pos = 0;
+      }
+    }
+    this.length += data.length;
+    this.roundClean();
+    return this;
+  }
+  digestInto(out) {
+    this.finished = true;
+    const { buffer, view, blockLen, isLE: isLE2 } = this;
+    let { pos } = this;
+    buffer[pos++] = 128;
+    this.buffer.subarray(pos).fill(0);
+    if (this.padOffset > blockLen - pos) {
+      this.process(view, 0);
+      pos = 0;
+    }
+    for (let i = pos; i < blockLen; i++)
+      buffer[i] = 0;
+    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
+    this.process(view, 0);
+    const oview = createView(out);
+    const len = this.outputLen;
+    if (len % 4)
+      throw new Error("_sha2: outputLen should be aligned to 32bit");
+    const outLen = len / 4;
+    const state = this.get();
+    if (outLen > state.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let i = 0; i < outLen; i++)
+      oview.setUint32(4 * i, state[i], isLE2);
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    to ||= new this.constructor();
+    to.set(...this.get());
+    const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.length = length;
+    to.pos = pos;
+    to.finished = finished;
+    to.destroyed = destroyed;
+    if (length % blockLen)
+      to.buffer.set(buffer);
+    return to;
+  }
+};
+var IV = new Uint32Array([1937774191, 1226093241, 388252375, 3666478592, 2842636476, 372324522, 3817729613, 2969243214]);
+var SM3_W = new Uint32Array(68);
+var SM3_M = new Uint32Array(64);
+var T1 = 2043430169;
+var T2 = 2055708042;
+var SM3 = class extends SHA2 {
+  A = IV[0] | 0;
+  B = IV[1] | 0;
+  C = IV[2] | 0;
+  D = IV[3] | 0;
+  E = IV[4] | 0;
+  F = IV[5] | 0;
+  G = IV[6] | 0;
+  H = IV[7] | 0;
+  constructor() {
+    super(64, 32, 8, false);
+  }
+  get() {
+    const { A, B, C, D, E, F, G, H } = this;
+    return [A, B, C, D, E, F, G, H];
+  }
+  set(A, B, C, D, E, F, G, H) {
+    this.A = A | 0;
+    this.B = B | 0;
+    this.C = C | 0;
+    this.D = D | 0;
+    this.E = E | 0;
+    this.F = F | 0;
+    this.G = G | 0;
+    this.H = H | 0;
+  }
+  process(view, offset) {
+    for (let i = 0; i < 16; i++, offset += 4)
+      SM3_W[i] = view.getUint32(offset, false);
+    for (let i = 16; i < 68; i++) {
+      SM3_W[i] = P1(SM3_W[i - 16] ^ SM3_W[i - 9] ^ rotl(SM3_W[i - 3], 15)) ^ rotl(SM3_W[i - 13], 7) ^ SM3_W[i - 6];
+    }
+    for (let i = 0; i < 64; i++) {
+      SM3_M[i] = SM3_W[i] ^ SM3_W[i + 4];
+    }
+    let { A, B, C, D, E, F, G, H } = this;
+    for (let j = 0; j < 64; j++) {
+      let small = j >= 0 && j <= 15;
+      let T = small ? T1 : T2;
+      let SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7);
+      let SS2 = SS1 ^ rotl(A, 12);
+      let TT1 = (small ? BoolB(A, B, C) : BoolA(A, B, C)) + D + SS2 + SM3_M[j] | 0;
+      let TT2 = (small ? BoolB(E, F, G) : BoolC(E, F, G)) + H + SS1 + SM3_W[j] | 0;
+      D = C;
+      C = rotl(B, 9);
+      B = A;
+      A = TT1;
+      H = G;
+      G = rotl(F, 19);
+      F = E;
+      E = P0(TT2);
+    }
+    A = A ^ this.A | 0;
+    B = B ^ this.B | 0;
+    C = C ^ this.C | 0;
+    D = D ^ this.D | 0;
+    E = E ^ this.E | 0;
+    F = F ^ this.F | 0;
+    G = G ^ this.G | 0;
+    H = H ^ this.H | 0;
+    this.set(A, B, C, D, E, F, G, H);
+  }
+  roundClean() {
+    SM3_W.fill(0);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0);
+    this.buffer.fill(0);
+  }
+};
+var sm3 = wrapConstructor(() => new SM3());
+
+// src/sm2/hmac.ts
+var HMAC = class extends Hash {
+  oHash;
+  iHash;
+  blockLen;
+  outputLen;
+  finished = false;
+  destroyed = false;
+  constructor(hash, _key) {
+    super();
+    const key = toBytes(_key);
+    this.iHash = hash.create();
+    if (typeof this.iHash.update !== "function")
+      throw new Error("Expected instance of class which extends utils.Hash");
+    this.blockLen = this.iHash.blockLen;
+    this.outputLen = this.iHash.outputLen;
+    const blockLen = this.blockLen;
+    const pad = new Uint8Array(blockLen);
+    pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+    for (let i = 0; i < pad.length; i++)
+      pad[i] ^= 54;
+    this.iHash.update(pad);
+    this.oHash = hash.create();
+    for (let i = 0; i < pad.length; i++)
+      pad[i] ^= 54 ^ 92;
+    this.oHash.update(pad);
+    pad.fill(0);
+  }
+  update(buf) {
+    this.iHash.update(buf);
+    return this;
+  }
+  digestInto(out) {
+    this.finished = true;
+    this.iHash.digestInto(out);
+    this.oHash.update(out);
+    this.oHash.digestInto(out);
+    this.destroy();
+  }
+  digest() {
+    const out = new Uint8Array(this.oHash.outputLen);
+    this.digestInto(out);
+    return out;
+  }
+  _cloneInto(to) {
+    to ||= Object.create(Object.getPrototypeOf(this), {});
+    const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
+    to = to;
+    to.finished = finished;
+    to.destroyed = destroyed;
+    to.blockLen = blockLen;
+    to.outputLen = outputLen;
+    to.oHash = oHash._cloneInto(to.oHash);
+    to.iHash = iHash._cloneInto(to.iHash);
+    return to;
+  }
+  destroy() {
+    this.destroyed = true;
+    this.oHash.destroy();
+    this.iHash.destroy();
+  }
+};
+var hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
+hmac.create = (hash, key) => new HMAC(hash, key);
+
+// src/sm2/ec.ts
+import { concatBytes } from "@noble/curves/abstract/utils";
 var sm2Fp = Field(BigInt("115792089210356248756420345214020892766250353991924191454421193933289684991999"));
 var sm2Curve = weierstrass({
   a: BigInt("115792089210356248756420345214020892766250353991924191454421193933289684991996"),
@@ -402,18 +520,19 @@ var sm2Curve = weierstrass({
   n: BigInt("115792089210356248756420345214020892766061623724957744567843809356293439045923"),
   Gx: BigInt("22963146547237050559479531362550074578802567295341616970375194840604139615431"),
   Gy: BigInt("85132369209828568825618990617112496413088388631904505083283536607588877201568"),
-  hash: createHash(),
-  hmac: (key, ...msgs) => hmac(concatArray(...msgs), key),
+  hash: sm3,
+  hmac: (key, ...msgs) => hmac(sm3, key, concatBytes(...msgs)),
   randomBytes
 });
+var field = Field(BigInt(sm2Curve.CURVE.n));
 
 // src/sm2/utils.ts
 import { mod } from "@noble/curves/abstract/modular";
 function generateKeyPairHex(str) {
   const privateKey = str ? utils2.numberToBytesBE(mod(BigInt(str), ONE) + ONE, 32) : sm2Curve.utils.randomPrivateKey();
   const publicKey = sm2Curve.getPublicKey(privateKey, false);
-  const privPad = leftPad2(utils2.bytesToHex(privateKey), 64);
-  const pubPad = leftPad2(utils2.bytesToHex(publicKey), 64);
+  const privPad = leftPad(utils2.bytesToHex(privateKey), 64);
+  const pubPad = leftPad(utils2.bytesToHex(publicKey), 64);
   return { privateKey: privPad, publicKey: pubPad };
 }
 function compressPublicKeyHex(s) {
@@ -442,7 +561,7 @@ function utf8ToHex(input) {
   }
   return hexChars.join("");
 }
-function leftPad2(input, num) {
+function leftPad(input, num) {
   if (input.length >= num)
     return input;
   return new Array(num - input.length + 1).join("0") + input;
@@ -474,7 +593,7 @@ function arrayToUtf8(arr) {
 function hexToArray(hexStr) {
   let hexStrLength = hexStr.length;
   if (hexStrLength % 2 !== 0) {
-    hexStr = leftPad2(hexStr, hexStrLength + 1);
+    hexStr = leftPad(hexStr, hexStrLength + 1);
   }
   hexStrLength = hexStr.length;
   const wordLength = hexStrLength / 2;
@@ -488,9 +607,9 @@ function verifyPublicKey(publicKey) {
   const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
   if (!point)
     return false;
-  const x = point.x;
+  const x2 = point.x;
   const y = point.y;
-  return sm2Fp.sqr(y) === sm2Fp.add(sm2Fp.add(sm2Fp.mul(x, sm2Fp.sqr(x)), sm2Fp.mul(x, sm2Curve.CURVE.a)), sm2Curve.CURVE.b);
+  return sm2Fp.sqr(y) === sm2Fp.add(sm2Fp.addN(sm2Fp.mulN(x2, sm2Fp.sqrN(x2)), sm2Fp.mulN(x2, sm2Curve.CURVE.a)), sm2Curve.CURVE.b);
 }
 function comparePublicKeyHex(publicKey1, publicKey2) {
   const point1 = sm2Curve.ProjectivePoint.fromHex(publicKey1);
@@ -501,57 +620,101 @@ function comparePublicKeyHex(publicKey1, publicKey2) {
     return false;
   return point1.equals(point2);
 }
-function concatArray(...arrays) {
-  let totalLength = arrays.reduce((acc, value) => acc + value.length, 0);
-  if (!arrays.length)
-    return new Uint8Array();
-  let result = new Uint8Array(totalLength);
-  let length = 0;
-  for (let array of arrays) {
-    result.set(array, length);
-    length += array.length;
+
+// src/sm2/index.ts
+import * as utils4 from "@noble/curves/abstract/utils";
+
+// src/sm2/kx.ts
+import * as utils3 from "@noble/curves/abstract/utils";
+var wPow2 = utils3.hexToNumber("80000000000000000000000000000000");
+var wPow2Sub1 = utils3.hexToNumber("7fffffffffffffffffffffffffffffff");
+function hkdf(z, keylen) {
+  let msg = new Uint8Array(keylen);
+  let ct = 1;
+  let offset = 0;
+  let t = EmptyArray;
+  const ctShift = new Uint8Array(4);
+  const nextT = () => {
+    ctShift[0] = ct >> 24 & 255;
+    ctShift[1] = ct >> 16 & 255;
+    ctShift[2] = ct >> 8 & 255;
+    ctShift[3] = ct & 255;
+    t = sm3(utils3.concatBytes(z, ctShift));
+    ct++;
+    offset = 0;
+  };
+  nextT();
+  for (let i = 0, len = msg.length; i < len; i++) {
+    if (offset === t.length)
+      nextT();
+    msg[i] = t[offset++] & 255;
   }
-  return result;
+  return msg;
+}
+function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPublicKeyB, idA = "1234567812345678", idB = "1234567812345678", sharedKeyLength) {
+  const RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey);
+  const RB = sm2Curve.ProjectivePoint.fromHex(ephemeralPublicKeyB);
+  const PB = sm2Curve.ProjectivePoint.fromHex(publicKeyB);
+  const ZA = hexToArray(idA);
+  const ZB = hexToArray(idB);
+  const rA = utils3.hexToNumber(ephemeralKeypairA.privateKey);
+  const dA = utils3.hexToNumber(keypairA.privateKey);
+  const x1 = RA.x;
+  const x1_ = field.add(wPow2, x1 & wPow2Sub1);
+  const tA = field.add(dA, field.mulN(x1_, rA));
+  const x2 = RB.x;
+  const x2_ = field.add(wPow2, x2 & wPow2Sub1);
+  const U = RB.multiply(x2_).add(PB).multiply(tA);
+  const xU = hexToArray(leftPad(utils3.numberToHexUnpadded(U.x), 64));
+  const yU = hexToArray(leftPad(utils3.numberToHexUnpadded(U.y), 64));
+  const KA = hkdf(utils3.concatBytes(xU, yU, ZA, ZB), sharedKeyLength);
+  return KA;
 }
 
 // src/sm2/index.ts
-import * as mod2 from "@noble/curves/abstract/modular";
-import * as utils3 from "@noble/curves/abstract/utils";
 var C1C2C3 = 0;
+var EmptyArray = new Uint8Array();
 function doEncrypt(msg, publicKey, cipherMode = 1) {
   const msgArr = typeof msg === "string" ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg);
   const publicKeyPoint = sm2Curve.ProjectivePoint.fromHex(publicKey);
   const keypair = generateKeyPairHex();
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   let c1 = keypair.publicKey;
   if (c1.length > 128)
     c1 = c1.substring(c1.length - 128);
   const p = publicKeyPoint.multiply(k);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
-  const c3 = arrayToHex(Array.from(sm3(concatArray(x2, msgArr, y2))));
+  const x2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.y), 64));
+  const c3 = bytesToHex(sm3(utils4.concatBytes(x2, msgArr, y2)));
+  xorCipherStream(x2, y2, msgArr);
+  const c2 = bytesToHex(msgArr);
+  return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2;
+}
+function xorCipherStream(x2, y2, msg) {
   let ct = 1;
   let offset = 0;
-  let t = new Uint8Array();
-  const z = concatArray(x2, y2);
+  let t = EmptyArray;
+  const ctShift = new Uint8Array(4);
   const nextT = () => {
-    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
+    ctShift[0] = ct >> 24 & 255;
+    ctShift[1] = ct >> 16 & 255;
+    ctShift[2] = ct >> 8 & 255;
+    ctShift[3] = ct & 255;
+    t = sm3(utils4.concatBytes(x2, y2, ctShift));
     ct++;
     offset = 0;
   };
   nextT();
-  for (let i = 0, len = msgArr.length; i < len; i++) {
+  for (let i = 0, len = msg.length; i < len; i++) {
     if (offset === t.length)
       nextT();
-    msgArr[i] ^= t[offset++] & 255;
+    msg[i] ^= t[offset++] & 255;
   }
-  const c2 = arrayToHex(Array.from(msgArr));
-  return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2;
 }
 function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   output = "string"
 } = {}) {
-  const privateKeyInteger = utils3.hexToNumber(privateKey);
+  const privateKeyInteger = utils4.hexToNumber(privateKey);
   let c3 = encryptData.substring(128, 128 + 64);
   let c2 = encryptData.substring(128 + 64);
   if (cipherMode === C1C2C3) {
@@ -561,24 +724,10 @@ function doDecrypt(encryptData, privateKey, cipherMode = 1, {
   const msg = hexToArray(c2);
   const c1 = sm2Curve.ProjectivePoint.fromHex("04" + encryptData.substring(0, 128));
   const p = c1.multiply(privateKeyInteger);
-  const x2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.x), 64));
-  const y2 = hexToArray(leftPad2(utils3.numberToHexUnpadded(p.y), 64));
-  let ct = 1;
-  let offset = 0;
-  let t = new Uint8Array();
-  const z = concatArray(x2, y2);
-  const nextT = () => {
-    t = sm3(Uint8Array.from([...z, ct >> 24 & 255, ct >> 16 & 255, ct >> 8 & 255, ct & 255]));
-    ct++;
-    offset = 0;
-  };
-  nextT();
-  for (let i = 0, len = msg.length; i < len; i++) {
-    if (offset === t.length)
-      nextT();
-    msg[i] ^= t[offset++] & 255;
-  }
-  const checkC3 = arrayToHex(Array.from(sm3(concatArray(x2, msg, y2))));
+  const x2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.x), 64));
+  const y2 = hexToArray(leftPad(utils4.numberToHexUnpadded(p.y), 64));
+  xorCipherStream(x2, y2, msg);
+  const checkC3 = arrayToHex(Array.from(sm3(utils4.concatBytes(x2, msg, y2))));
   if (checkC3 === c3.toLowerCase()) {
     return output === "array" ? msg : arrayToUtf8(msg);
   } else {
@@ -598,8 +747,8 @@ function doSignature(msg, privateKey, options = {}) {
     publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey);
     hashHex = getHash(hashHex, publicKey, userId);
   }
-  const dA = utils3.hexToNumber(privateKey);
-  const e = utils3.hexToNumber(hashHex);
+  const dA = utils4.hexToNumber(privateKey);
+  const e = utils4.hexToNumber(hashHex);
   let k = null;
   let r = null;
   let s = null;
@@ -612,13 +761,13 @@ function doSignature(msg, privateKey, options = {}) {
         point = getPoint();
       }
       k = point.k;
-      r = mod2.mod(e + point.x1, sm2Curve.CURVE.n);
+      r = field.add(e, point.x1);
     } while (r === ZERO || r + k === sm2Curve.CURVE.n);
-    s = mod2.mod(mod2.invert(dA + ONE, sm2Curve.CURVE.n) * (k - r * dA), sm2Curve.CURVE.n);
+    s = field.mul(field.inv(field.addN(dA, ONE)), field.subN(k, field.mulN(r, dA)));
   } while (s === ZERO);
   if (der)
     return encodeDer(r, s);
-  return leftPad2(utils3.numberToHexUnpadded(r), 64) + leftPad2(utils3.numberToHexUnpadded(s), 64);
+  return leftPad(utils4.numberToHexUnpadded(r), 64) + leftPad(utils4.numberToHexUnpadded(s), 64);
 }
 function doVerifySignature(msg, signHex, publicKey, options = {}) {
   let hashHex;
@@ -639,24 +788,24 @@ function doVerifySignature(msg, signHex, publicKey, options = {}) {
     r = decodeDerObj.r;
     s = decodeDerObj.s;
   } else {
-    r = utils3.hexToNumber(signHex.substring(0, 64));
-    s = utils3.hexToNumber(signHex.substring(64));
+    r = utils4.hexToNumber(signHex.substring(0, 64));
+    s = utils4.hexToNumber(signHex.substring(64));
   }
   const PA = sm2Curve.ProjectivePoint.fromHex(publicKey);
-  const e = utils3.hexToNumber(hashHex);
-  const t = mod2.mod(r + s, sm2Curve.CURVE.n);
+  const e = utils4.hexToNumber(hashHex);
+  const t = field.add(r, s);
   if (t === ZERO)
     return false;
   const x1y1 = sm2Curve.ProjectivePoint.BASE.multiply(s).add(PA.multiply(t));
-  const R = mod2.mod(e + x1y1.x, sm2Curve.CURVE.n);
+  const R = field.add(e, x1y1.x);
   return r === R;
 }
 function getHash(hashHex, publicKey, userId = "1234567812345678") {
   userId = utf8ToHex(userId);
-  const a = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
-  const b = leftPad2(utils3.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
-  const gx = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
-  const gy = leftPad2(utils3.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
+  const a = leftPad(utils4.numberToHexUnpadded(sm2Curve.CURVE.a), 64);
+  const b = leftPad(utils4.numberToHexUnpadded(sm2Curve.CURVE.b), 64);
+  const gx = leftPad(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.x), 64);
+  const gy = leftPad(utils4.numberToHexUnpadded(sm2Curve.ProjectivePoint.BASE.y), 64);
   let px;
   let py;
   if (publicKey.length === 128) {
@@ -664,23 +813,23 @@ function getHash(hashHex, publicKey, userId = "1234567812345678") {
     py = publicKey.substring(64, 128);
   } else {
     const point = sm2Curve.ProjectivePoint.fromHex(publicKey);
-    px = leftPad2(utils3.numberToHexUnpadded(point.x), 64);
-    py = leftPad2(utils3.numberToHexUnpadded(point.y), 64);
+    px = leftPad(utils4.numberToHexUnpadded(point.x), 64);
+    py = leftPad(utils4.numberToHexUnpadded(point.y), 64);
   }
   const data = hexToArray(userId + a + b + gx + gy + px + py);
   const entl = userId.length * 4;
-  const z = sm3(concatArray(new Uint8Array([entl >> 8 & 255, entl & 255]), data));
-  return arrayToHex(Array.from(sm3(concatArray(z, typeof hashHex === "string" ? hexToArray(hashHex) : hashHex))));
+  const z = sm3(utils4.concatBytes(new Uint8Array([entl >> 8 & 255, entl & 255]), data));
+  return bytesToHex(sm3(utils4.concatBytes(z, typeof hashHex === "string" ? hexToArray(hashHex) : hashHex)));
 }
 function getPublicKeyFromPrivateKey(privateKey) {
   const pubKey = sm2Curve.getPublicKey(privateKey, false);
-  const pubPad = leftPad2(utils3.bytesToHex(pubKey), 64);
+  const pubPad = leftPad(utils4.bytesToHex(pubKey), 64);
   return pubPad;
 }
 function getPoint() {
   const keypair = generateKeyPairHex();
   const PA = sm2Curve.ProjectivePoint.fromHex(keypair.publicKey);
-  const k = utils3.hexToNumber(keypair.privateKey);
+  const k = utils4.hexToNumber(keypair.privateKey);
   return {
     ...keypair,
     k,
@@ -688,6 +837,48 @@ function getPoint() {
   };
 }
 
+// src/sm3/index.ts
+function utf8ToArray(str) {
+  const arr = [];
+  for (let i = 0, len = str.length; i < len; i++) {
+    const point = str.codePointAt(i);
+    if (point <= 127) {
+      arr.push(point);
+    } else if (point <= 2047) {
+      arr.push(192 | point >>> 6);
+      arr.push(128 | point & 63);
+    } else if (point <= 55295 || point >= 57344 && point <= 65535) {
+      arr.push(224 | point >>> 12);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else if (point >= 65536 && point <= 1114111) {
+      i++;
+      arr.push(240 | point >>> 18 & 28);
+      arr.push(128 | point >>> 12 & 63);
+      arr.push(128 | point >>> 6 & 63);
+      arr.push(128 | point & 63);
+    } else {
+      arr.push(point);
+      throw new Error("input is not supported");
+    }
+  }
+  return new Uint8Array(arr);
+}
+function sm32(input, options) {
+  input = typeof input === "string" ? utf8ToArray(input) : input;
+  if (options) {
+    const mode = options.mode || "hmac";
+    if (mode !== "hmac")
+      throw new Error("invalid mode");
+    let key = options.key;
+    if (!key)
+      throw new Error("invalid key");
+    key = typeof key === "string" ? hexToArray(key) : key;
+    return bytesToHex(hmac(sm3, key, input));
+  }
+  return bytesToHex(sm3(input));
+}
+
 // src/sm4/index.ts
 var sm4_exports = {};
 __export(sm4_exports, {
@@ -999,9 +1190,9 @@ function l1(b) {
 function l2(b) {
   return b ^ rotl(b, 13) ^ rotl(b, 23);
 }
+var x = new Uint32Array(4);
+var tmp = new Uint32Array(4);
 function sms4Crypt(input, output, roundKey) {
-  const x = new Uint32Array(4);
-  const tmp = new Uint32Array(4);
   for (let i = 0; i < 4; i++) {
     tmp[0] = input[4 * i] & 255;
     tmp[1] = input[4 * i + 1] & 255;
@@ -1027,8 +1218,6 @@ function sms4Crypt(input, output, roundKey) {
   }
 }
 function sms4KeyExt(key, roundKey, cryptFlag) {
-  const x = new Uint32Array(4);
-  const tmp = new Uint32Array(4);
   for (let i = 0; i < 4; i++) {
     tmp[0] = key[0 + 4 * i] & 255;
     tmp[1] = key[1 + 4 * i] & 255;
@@ -1058,6 +1247,7 @@ function sms4KeyExt(key, roundKey, cryptFlag) {
     }
   }
 }
+var blockOutput = new Uint8Array(16);
 function sm4(inArray, key, cryptFlag, options = {}) {
   let {
     padding = "pkcs#7",
@@ -1101,8 +1291,7 @@ function sm4(inArray, key, cryptFlag, options = {}) {
   let restLen = inArray.length;
   let point = 0;
   while (restLen >= BLOCK) {
-    const input = inArray.slice(point, point + 16);
-    const output2 = new Uint8Array(16);
+    const input = inArray.subarray(point, point + 16);
     if (mode === "cbc") {
       for (let i = 0; i < BLOCK; i++) {
         if (cryptFlag !== DECRYPT) {
@@ -1110,18 +1299,18 @@ function sm4(inArray, key, cryptFlag, options = {}) {
         }
       }
     }
-    sms4Crypt(input, output2, roundKey);
+    sms4Crypt(input, blockOutput, roundKey);
     for (let i = 0; i < BLOCK; i++) {
       if (mode === "cbc") {
         if (cryptFlag === DECRYPT) {
-          output2[i] ^= lastVector[i];
+          blockOutput[i] ^= lastVector[i];
         }
       }
-      outArray[point + i] = output2[i];
+      outArray[point + i] = blockOutput[i];
     }
     if (mode === "cbc") {
       if (cryptFlag !== DECRYPT) {
-        lastVector = output2;
+        lastVector = blockOutput;
       } else {
         lastVector = input;
       }
@@ -1140,7 +1329,7 @@ function sm4(inArray, key, cryptFlag, options = {}) {
   }
   if (output !== "array") {
     if (cryptFlag !== DECRYPT) {
-      return arrayToHex(Array.from(outArray));
+      return bytesToHex(outArray);
     } else {
       return arrayToUtf8(outArray);
     }
@@ -1156,6 +1345,7 @@ function decrypt(inArray, key, options = {}) {
 }
 export {
   sm2_exports as sm2,
-  sm3_exports as sm3,
+  sm32 as sm3,
   sm4_exports as sm4
 };
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */