sm-crypto-v2 1.4.0 → 1.5.0

package/src/sm2/sm3.ts

@@ -1,8 +1,21 @@
-import { concatArray } from './utils'
-
-// 消息扩展
-const W = new Uint32Array(68)
-const M = new Uint32Array(64) // W'
+// import assert from './_assert.js';
+import { Hash, createView, Input, toBytes, wrapConstructor } from '../sm3/utils.js';
+
+const BoolA = (A: number, B: number, C: number) => ((A & B) | (A & C)) | (B & C)
+const BoolB = (A: number, B: number, C: number) => ((A ^ B) ^ C)
+const BoolC = (A: number, B: number, C: number) => (A & B) | ((~A) & C)
+// Polyfill for Safari 14
+function setBigUint64(view: DataView, byteOffset: number, value: bigint, isLE: boolean): void {
+  if (typeof view.setBigUint64 === 'function') return view.setBigUint64(byteOffset, value, isLE);
+  const _32n = BigInt(32);
+  const _u32_max = BigInt(0xffffffff);
+  const wh = Number((value >> _32n) & _u32_max);
+  const wl = Number(value & _u32_max);
+  const h = isLE ? 4 : 0;
+  const l = isLE ? 0 : 4;
+  view.setUint32(byteOffset + h, wh, isLE);
+  view.setUint32(byteOffset + l, wl, isLE);
+}
 
 /**
  * 循环左移
@@ -35,83 +48,167 @@ function P1(X: number) {
   return (X ^ rotl(X, 15)) ^ rotl(X, 23)
 }
 
-/**
- * sm3 本体
- */
-export function sm3(array: Uint8Array) {
-  let len = array.length * 8
-  // k 是满足 len + 1 + k = 448mod512 的最小的非负整数
-  let k = len % 512
-  // 如果 448 <= (512 % len) < 512，需要多补充 (len % 448) 比特'0'以满足总比特长度为512的倍数
-  k = k >= 448 ? 512 - (k % 448) - 1 : 448 - k - 1
-
-  // 填充
-  const kArr = new Array((k - 7) / 8)
-  const lenArr = new Array(8)
-  for (let i = 0, len = kArr.length; i < len; i++) kArr[i] = 0
-  for (let i = 0, len = lenArr.length; i < len; i++) lenArr[i] = 0
-  let lenString = len.toString(2)
-  for (let i = 7; i >= 0; i--) {
-    if (lenString.length > 8) {
-      const start = lenString.length - 8
-      lenArr[i] = parseInt(lenString.substring(start), 2)
-      lenString = lenString.substring(0, start)
-    } else if (lenString.length > 0) {
-      lenArr[i] = parseInt(lenString, 2)
-      lenString = ''
+// from noble-hashes (https://github.com/paulmillr/noble-hashes#hmac)
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+
+// Base SHA2 class (RFC 6234)
+export abstract class SHA2<T extends SHA2<T>> extends Hash<T> {
+  protected abstract process(buf: DataView, offset: number): void;
+  protected abstract get(): number[];
+  protected abstract set(...args: number[]): void;
+  abstract destroy(): void;
+  protected abstract roundClean(): void;
+  // For partial updates less than block size
+  protected buffer: Uint8Array;
+  protected view: DataView;
+  protected finished = false;
+  protected length = 0;
+  protected pos = 0;
+  protected destroyed = false;
+
+  constructor(
+    readonly blockLen: number,
+    public outputLen: number,
+    readonly padOffset: number,
+    readonly isLE: boolean
+  ) {
+    super();
+    this.buffer = new Uint8Array(blockLen);
+    this.view = createView(this.buffer);
+  }
+  update(data: Input): this {
+    const { view, buffer, blockLen } = this;
+    data = toBytes(data);
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      // Fast path: we have at least one block in input, cast it to view and process
+      if (take === blockLen) {
+        const dataView = createView(data);
+        for (; blockLen <= len - pos; pos += blockLen) this.process(dataView, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(view, 0);
+        this.pos = 0;
+      }
     }
+    this.length += data.length;
+    this.roundClean();
+    return this;
   }
-  const m = Uint8Array.from([...array, 0x80, ...kArr, ...lenArr])
-  const dataView = new DataView(m.buffer, 0)
-
-  // 迭代压缩
-  const n = m.length / 64
-  const V = new Uint32Array([0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e])
-  for (let i = 0; i < n; i++) {
-    W.fill(0)
-    M.fill(0)
-
-    // 将消息分组B划分为 16 个字 W0， W1，……，W15
-    const start = 16 * i
-    for (let j = 0; j < 16; j++) {
-      W[j] = dataView.getUint32((start + j) * 4, false)
+  digestInto(out: Uint8Array) {
+    this.finished = true;
+    // Padding
+    // We can avoid allocation of buffer for padding completely if it
+    // was previously not allocated here. But it won't change performance.
+    const { buffer, view, blockLen, isLE } = this;
+    let { pos } = this;
+    // append the bit '1' to the message
+    buffer[pos++] = 0b10000000;
+    this.buffer.subarray(pos).fill(0);
+    // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
+    if (this.padOffset > blockLen - pos) {
+      this.process(view, 0);
+      pos = 0;
     }
+    // Pad until full block byte with zeros
+    for (let i = pos; i < blockLen; i++) buffer[i] = 0;
+    // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
+    // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
+    // So we just write lowest 64 bits of that value.
+    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+    this.process(view, 0);
+    const oview = createView(out);
+    const len = this.outputLen;
+    // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
+    if (len % 4) throw new Error('_sha2: outputLen should be aligned to 32bit');
+    const outLen = len / 4;
+    const state = this.get();
+    if (outLen > state.length) throw new Error('_sha2: outputLen bigger than state');
+    for (let i = 0; i < outLen; i++) oview.setUint32(4 * i, state[i], isLE);
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to?: T): T {
+    to ||= new (this.constructor as any)() as T;
+    to.set(...this.get());
+    const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.length = length;
+    to.pos = pos;
+    to.finished = finished;
+    to.destroyed = destroyed;
+    if (length % blockLen) to.buffer.set(buffer);
+    return to;
+  }
+}
 
-    // W16 ～ W67：W[j] <- P1(W[j−16] xor W[j−9] xor (W[j−3] <<< 15)) xor (W[j−13] <<< 7) xor W[j−6]
-    for (let j = 16; j < 68; j++) {
-      W[j] = (P1((W[j - 16] ^ W[j - 9]) ^ rotl(W[j - 3], 15)) ^ rotl(W[j - 13], 7)) ^ W[j - 6]
+const IV = new Uint32Array([0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e])
+const SM3_W = new Uint32Array(68)
+const SM3_M = new Uint32Array(64)
+
+const T1 = 0x79cc4519
+const T2 = 0x7a879d8a
+
+class SM3 extends SHA2<SM3> {
+  // We cannot use array here since array allows indexing by variable
+  // which means optimizer/compiler cannot use registers.
+  A = IV[0] | 0;
+  B = IV[1] | 0;
+  C = IV[2] | 0;
+  D = IV[3] | 0;
+  E = IV[4] | 0;
+  F = IV[5] | 0;
+  G = IV[6] | 0;
+  H = IV[7] | 0;
+
+  constructor() {
+    super(64, 32, 8, false);
+  }
+  protected get(): [number, number, number, number, number, number, number, number] {
+    const { A, B, C, D, E, F, G, H } = this;
+    return [A, B, C, D, E, F, G, H];
+  }
+  // prettier-ignore
+  protected set(
+    A: number, B: number, C: number, D: number, E: number, F: number, G: number, H: number
+  ) {
+    this.A = A | 0;
+    this.B = B | 0;
+    this.C = C | 0;
+    this.D = D | 0;
+    this.E = E | 0;
+    this.F = F | 0;
+    this.G = G | 0;
+    this.H = H | 0;
+  }
+  protected process(view: DataView, offset: number): void {
+    // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
+    for (let i = 0; i < 16; i++, offset += 4) SM3_W[i] = view.getUint32(offset, false);
+    for (let i = 16; i < 68; i++) {
+      SM3_W[i] = (P1((SM3_W[i- 16] ^ SM3_W[i - 9]) ^ rotl(SM3_W[i - 3], 15)) ^ rotl(SM3_W[i - 13], 7)) ^ SM3_W[i - 6]
     }
-
-    // W′0 ～ W′63：W′[j] = W[j] xor W[j+4]
-    for (let j = 0; j < 64; j++) {
-      M[j] = W[j] ^ W[j + 4]
+    for (let i = 0; i < 64; i++) {
+      SM3_M[i] = SM3_W[i] ^ SM3_W[i + 4]
     }
-
-    // 压缩
-    const T1 = 0x79cc4519
-    const T2 = 0x7a879d8a
-    // 字寄存器
-    let A = V[0]
-    let B = V[1]
-    let C = V[2]
-    let D = V[3]
-    let E = V[4]
-    let F = V[5]
-    let G = V[6]
-    let H = V[7]
-    // 中间变量
-    let SS1: number
-    let SS2: number
-    let TT1: number
-    let TT2: number
-    let T: number
+    // Compression function main loop, 64 rounds
+    let { A, B, C, D, E, F, G, H } = this;
     for (let j = 0; j < 64; j++) {
-      T = j >= 0 && j <= 15 ? T1 : T2
-      SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7)
-      SS2 = SS1 ^ rotl(A, 12)
+      let small = j >= 0 && j <= 15
+      let T = small ? T1 : T2
+      let SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7)
+      let SS2 = SS1 ^ rotl(A, 12)
 
-      TT1 = (j >= 0 && j <= 15 ? ((A ^ B) ^ C) : (((A & B) | (A & C)) | (B & C))) + D + SS2 + M[j]
-      TT2 = (j >= 0 && j <= 15 ? ((E ^ F) ^ G) : ((E & F) | ((~E) & G))) + H + SS1 + W[j]
+      let TT1 = ((small ? BoolB(A, B, C) : BoolA(A, B, C)) + D + SS2 + SM3_M[j]) | 0
+      let TT2 = ((small ? BoolB(E, F, G) : BoolC(E, F, G)) + H + SS1 + SM3_W[j]) | 0
 
       D = C
       C = rotl(B, 9)
@@ -122,53 +219,23 @@ export function sm3(array: Uint8Array) {
       F = E
       E = P0(TT2)
     }
-
-    V[0] ^= A
-    V[1] ^= B
-    V[2] ^= C
-    V[3] ^= D
-    V[4] ^= E
-    V[5] ^= F
-    V[6] ^= G
-    V[7] ^= H
+    // Add the compressed chunk to the current hash value
+    A = (A ^ this.A) | 0;
+    B = (B ^ this.B) | 0;
+    C = (C ^ this.C) | 0;
+    D = (D ^ this.D) | 0;
+    E = (E ^ this.E) | 0;
+    F = (F ^ this.F) | 0;
+    G = (G ^ this.G) | 0;
+    H = (H ^ this.H) | 0;
+    this.set(A, B, C, D, E, F, G, H);
   }
-
-  // 转回 uint8
-  const result = new Uint8Array(V.length * 4)
-  for (let i = 0, len = V.length; i < len; i++) {
-    const word = V[i]
-    result[i * 4] = (word & 0xff000000) >>> 24
-    result[i * 4 + 1] = (word & 0xff0000) >>> 16
-    result[i * 4 + 2] = (word & 0xff00) >>> 8
-    result[i * 4 + 3] = word & 0xff
+  protected roundClean() {
+    SM3_W.fill(0);
   }
-
-  return result
-}
-
-/**
- * hmac 实现
- */
-const blockLen = 64
-const iPad = new Uint8Array(blockLen)
-const oPad = new Uint8Array(blockLen)
-for (let i = 0; i < blockLen; i++) {
-  iPad[i] = 0x36
-  oPad[i] = 0x5c
-}
-
-export function hmac(input: Uint8Array, key: Uint8Array) {
-  // 密钥填充
-  if (key.length > blockLen) key = sm3(key)
-  while (key.length < blockLen) {
-    const padKey = new Uint8Array(blockLen)
-    padKey.set(key)
-    key = padKey
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0);
+    this.buffer.fill(0);
   }
-
-  const iPadKey = xor(key, iPad)
-  const oPadKey = xor(key, oPad)
-
-  const hash = sm3(concatArray(iPadKey, input))
-  return sm3(concatArray(oPadKey, hash))
 }
+export const sm3 = wrapConstructor(() => new SM3());

package/src/sm2/utils.ts

@@ -146,9 +146,7 @@ export function verifyPublicKey(publicKey: string) {
   const x = point.x
   const y = point.y
   // 验证 y^2 是否等于 x^3 + ax + b
-  // return y.square().equals(x.multiply(x.square()).add(x.multiply(curve.a)).add(curve.b))
-  return sm2Fp.sqr(y) === sm2Fp.add(sm2Fp.add(sm2Fp.mul(x, sm2Fp.sqr(x)), sm2Fp.mul(x, sm2Curve.CURVE.a)), sm2Curve.CURVE.b)
-  // return y ** 2n === (x ** 3n + sm2Curve.CURVE.a * x + sm2Curve.CURVE.b)
+  return sm2Fp.sqr(y) === sm2Fp.add(sm2Fp.addN(sm2Fp.mulN(x, sm2Fp.sqrN(x)), sm2Fp.mulN(x, sm2Curve.CURVE.a)), sm2Curve.CURVE.b)
 }
 
 /**
@@ -163,23 +161,3 @@ export function comparePublicKeyHex(publicKey1: string, publicKey2: string) {
 
   return point1.equals(point2)
 }
-
-
-export function concatArray(...arrays: Uint8Array[]) {
-  // sum of individual array lengths
-  let totalLength = arrays.reduce((acc, value) => acc + value.length, 0);
-
-  if (!arrays.length) return new Uint8Array();
-
-  let result = new Uint8Array(totalLength);
-
-  // for each array - copy it over result
-  // next array is copied right after the previous one
-  let length = 0;
-  for (let array of arrays) {
-    result.set(array, length);
-    length += array.length;
-  }
-
-  return result;
-}

package/src/sm3/index.ts

@@ -1,5 +1,7 @@
-import { hmac, sm3 as sm2sm3 } from '../sm2/sm3'
+import { hmac } from '@/sm2/hmac'
+import { sm3 as sm2sm3 } from '../sm2/sm3'
 import { arrayToHex, hexToArray, leftPad } from '../sm2/utils'
+import { bytesToHex } from './utils'
 
 /**
  * 补全16进制字符串
@@ -62,8 +64,9 @@ export function sm3(input: string | Uint8Array, options?: {
     if (!key) throw new Error('invalid key')
 
     key = typeof key === 'string' ? hexToArray(key) : key
-    return arrayToHex(Array.from(hmac(input, key)))
+    return bytesToHex(hmac(sm2sm3, key, input));
   }
-
-  return arrayToHex(Array.from(sm2sm3(input)))
+  return bytesToHex(sm2sm3(input))
 }
+
+export default sm3

package/src/sm3/utils.ts

@@ -0,0 +1,117 @@
+// prettier-ignore
+export type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |
+  Uint16Array | Int16Array | Uint32Array | Int32Array;
+
+const u8a = (a: any): a is Uint8Array => a instanceof Uint8Array;
+// Cast array to different type
+export const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
+export const u32 = (arr: TypedArray) =>
+  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+
+// Cast array to view
+export const createView = (arr: TypedArray) =>
+  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+
+// The rotate right (circular right shift) operation for uint32
+export const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);
+
+// big-endian hardware is rare. Just in case someone still decides to run hashes:
+// early-throw an error because we don't support BE yet.
+export const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
+if (!isLE) throw new Error('Non little-endian hardware is not supported');
+
+const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
+/**
+ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
+ */
+export function bytesToHex(bytes: Uint8Array): string {
+  if (!u8a(bytes)) throw new Error('Uint8Array expected');
+  // pre-caching improves the speed 6x
+  let hex = '';
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+
+/**
+ * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
+ */
+export function hexToBytes(hex: string): Uint8Array {
+  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);
+  const len = hex.length;
+  if (len % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + len);
+  const array = new Uint8Array(len / 2);
+  for (let i = 0; i < array.length; i++) {
+    const j = i * 2;
+    const hexByte = hex.slice(j, j + 2);
+    const byte = Number.parseInt(hexByte, 16);
+    if (Number.isNaN(byte) || byte < 0) throw new Error('Invalid byte sequence');
+    array[i] = byte;
+  }
+  return array;
+}
+
+// Global symbols in both browsers and Node.js since v11
+// See https://github.com/microsoft/TypeScript/issues/31535
+declare const TextEncoder: any;
+
+/**
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
+ */
+export function utf8ToBytes(str: string): Uint8Array {
+  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
+}
+
+export type Input = Uint8Array | string;
+/**
+ * Normalizes (non-hex) string or Uint8Array to Uint8Array.
+ * Warning: when Uint8Array is passed, it would NOT get copied.
+ * Keep in mind for future mutable operations.
+ */
+export function toBytes(data: Input): Uint8Array {
+  if (typeof data === 'string') data = utf8ToBytes(data);
+  if (!u8a(data)) throw new Error(`expected Uint8Array, got ${typeof data}`);
+  return data;
+}
+
+
+// For runtime check if class implements interface
+export abstract class Hash<T extends Hash<T>> {
+  abstract blockLen: number; // Bytes per block
+  abstract outputLen: number; // Bytes in output
+  abstract update(buf: Input): this;
+  // Writes digest into buf
+  abstract digestInto(buf: Uint8Array): void;
+  abstract digest(): Uint8Array;
+  /**
+   * Resets internal state. Makes Hash instance unusable.
+   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed
+   * by user, they will need to manually call `destroy()` when zeroing is necessary.
+   */
+  abstract destroy(): void;
+  /**
+   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`
+   * when no options are passed.
+   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal
+   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.
+   * There are no guarantees for clean-up because it's impossible in JS.
+   */
+  abstract _cloneInto(to?: T): T;
+  // Safe version that clones internal state
+  clone(): T {
+    return this._cloneInto();
+  }
+}
+
+export type CHash = ReturnType<typeof wrapConstructor>;
+
+export function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {
+  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}

package/src/sm4/index.ts

@@ -1,3 +1,4 @@
+import { bytesToHex } from '@/sm3/utils'
 import { rotl } from '../sm2/sm3'
 import { arrayToHex, arrayToUtf8, hexToArray } from '../sm2/utils'
 import { utf8ToArray } from '../sm3'
@@ -64,11 +65,10 @@ function l2(b: number) {
 /**
  * 以一组 128 比特进行加密/解密操作
  */
+const x = new Uint32Array(4)
+const tmp = new Uint32Array(4)
 function sms4Crypt(input: Uint8Array, output: Uint8Array, roundKey: Uint32Array) {
-  const x = new Uint32Array(4)
-
   // 字节数组转成字数组（此处 1 字 = 32 比特）
-  const tmp = new Uint32Array(4)
   for (let i = 0; i < 4; i++) {
     tmp[0] = input[4 * i] & 0xff
     tmp[1] = input[4 * i + 1] & 0xff
@@ -105,10 +105,8 @@ function sms4Crypt(input: Uint8Array, output: Uint8Array, roundKey: Uint32Array)
  * 密钥扩展算法
  */
 function sms4KeyExt(key: Uint8Array, roundKey: Uint32Array, cryptFlag: 0 | 1) {
-  const x = new Uint32Array(4)
 
   // 字节数组转成字数组（此处 1 字 = 32 比特）
-  const tmp = new Uint32Array(4)
   for (let i = 0; i < 4; i++) {
     tmp[0] = key[0 + 4 * i] & 0xff
     tmp[1] = key[1 + 4 * i] & 0xff
@@ -154,6 +152,7 @@ export interface SM4Options {
   output?: 'string' | 'array'
 }
 
+const blockOutput = new Uint8Array(16)
 export function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryptFlag: 0 | 1, options: SM4Options = {}) {
   let {
     padding = 'pkcs#7',
@@ -208,8 +207,7 @@ export function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryp
   let restLen = inArray.length
   let point = 0
   while (restLen >= BLOCK) {
-    const input = inArray.slice(point, point + 16)
-    const output = new Uint8Array(16)
+    const input = inArray.subarray(point, point + 16)
 
     if (mode === 'cbc') {
       for (let i = 0; i < BLOCK; i++) {
@@ -220,24 +218,24 @@ export function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryp
       }
     }
 
-    sms4Crypt(input, output, roundKey)
+    sms4Crypt(input, blockOutput, roundKey)
 
 
     for (let i = 0; i < BLOCK; i++) {
       if (mode === 'cbc') {
         if (cryptFlag === DECRYPT) {
           // 解密过程在组解密后进行异或
-          output[i] ^= lastVector[i]
+          blockOutput[i] ^= lastVector[i]
         }
       }
 
-      outArray[point + i] = output[i]
+      outArray[point + i] = blockOutput[i]
     }
 
     if (mode === 'cbc') {
       if (cryptFlag !== DECRYPT) {
         // 使用上一次输出作为加密向量
-        lastVector = output
+        lastVector = blockOutput
       } else {
         // 使用上一次输入作为解密向量
         lastVector = input
@@ -262,7 +260,7 @@ export function sm4(inArray: Uint8Array | string, key: Uint8Array | string, cryp
   if (output !== 'array') {
     if (cryptFlag !== DECRYPT) {
       // 加密，输出转 16 进制串
-      return arrayToHex(Array.from(outArray))
+      return bytesToHex(outArray)
     } else {
       // 解密，输出转 utf8 串
       return arrayToUtf8(outArray)