diff --git a/docs/cfca.md b/docs/cfca.md
index 1e4964c..cd85578 100644
--- a/docs/cfca.md
+++ b/docs/cfca.md
@@ -94,6 +94,8 @@ SADK 3.2之后的版本，支持下列SM2密文格式(encryptedType)：
 * `cfca.VerifyMessageAttach`
 * `cfca.SignMessageDetach`
 * `cfca.VerifyMessageDetach`
+* `cfca.SignDigestDetach`
+* `cfca.VerifyDigestDetach`
 
 ### 解密时自动检测？
 要穷举、尝试所有可能的密文格式不是不可以，但这会或多或少地影响解密的性能。你要和对方集成，还是知己知彼比较好，对于加解密来说，对用户透明不代表是好事。本软件库的SM2解密也实现了一定的自动检测（通过首字节判断，基于首字节只有固定那几个的假设）：
diff --git a/ecdh/ecdh_test.go b/ecdh/ecdh_test.go
index a57ded3..bf348ab 100644
--- a/ecdh/ecdh_test.go
+++ b/ecdh/ecdh_test.go
@@ -32,8 +32,25 @@ func hexDecode(t *testing.T, s string) []byte {
 	return b
 }
 
-func TestNewPrivateKeyWithOrderMinus1(t *testing.T) {
-	_, err := ecdh.P256().NewPrivateKey([]byte{
+func TestNewPrivateKey(t *testing.T) {
+	_, err := ecdh.P256().NewPrivateKey(nil)
+	if err == nil || err.Error() != "ecdh: invalid private key size" {
+		t.Errorf("ecdh: invalid private key size")
+	}
+	_, err = ecdh.P256().NewPrivateKey([]byte{
+		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+		0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41})
+	if err == nil || err.Error() != "ecdh: invalid private key size" {
+		t.Errorf("ecdh: invalid private key size")
+	}
+	allzero := make([]byte, 32)
+	_, err = ecdh.P256().NewPrivateKey(allzero)
+	if err == nil || err.Error() != "ecdh: invalid private key" {
+		t.Errorf("expected invalid private key")
+	}
+	_, err = ecdh.P256().NewPrivateKey([]byte{
 		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
 		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 		0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
@@ -43,6 +60,18 @@ func TestNewPrivateKeyWithOrderMinus1(t *testing.T) {
 	}
 }
 
+func TestNewPublicKey(t *testing.T) {
+	_, err := ecdh.P256().NewPublicKey(nil)
+	if err == nil || err.Error() != "ecdh: invalid public key" {
+		t.Errorf("ecdh: invalid public key")
+	}
+	keydata := make([]byte, 65)
+	_, err = ecdh.P256().NewPublicKey(keydata)
+	if err == nil || err.Error() != "ecdh: invalid public key" {
+		t.Errorf("ecdh: invalid public key")
+	}
+}
+
 func TestECDH(t *testing.T) {
 	aliceKey, err := ecdh.P256().GenerateKey(rand.Reader)
 	if err != nil {
diff --git a/internal/sm2ec/sm2p256_mqv.go b/internal/sm2ec/sm2p256_mqv.go
index aab6f71..11a1f1e 100644
--- a/internal/sm2ec/sm2p256_mqv.go
+++ b/internal/sm2ec/sm2p256_mqv.go
@@ -60,6 +60,9 @@ func p256OrdAdd(res, x, y *[4]uint64) {
 	res[3] = (t1[3] & ^t2Mask) | (t2[3] & t2Mask)
 }
 
+// ImplicitSig generates an implicit signature using the provided static private key (sPriv),
+// ephemeral private key (ePriv), and a third byte slice (t).
+// The result is ePriv * t + sPriv.
 func ImplicitSig(sPriv, ePriv, t []byte) ([]byte, error) {
 	mulRes, err := P256OrdMul(ePriv, t)
 	if err != nil {
diff --git a/pkcs7/sign_test.go b/pkcs7/sign_test.go
index e82daae..c76acb4 100644
--- a/pkcs7/sign_test.go
+++ b/pkcs7/sign_test.go
@@ -9,7 +9,6 @@ import (
 	"encoding/pem"
 	"fmt"
 	"hash"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
@@ -254,7 +253,7 @@ func TestDegenerateCertificate(t *testing.T) {
 
 // writes the cert to a temporary file and tests that openssl can read it.
 func testOpenSSLParse(t *testing.T, certBytes []byte) {
-	tmpCertFile, err := ioutil.TempFile("", "testCertificate")
+	tmpCertFile, err := os.CreateTemp("", "testCertificate")
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/pkcs7/verify_test.go b/pkcs7/verify_test.go
index 751c14a..d234378 100644
--- a/pkcs7/verify_test.go
+++ b/pkcs7/verify_test.go
@@ -11,7 +11,6 @@ import (
 	"encoding/asn1"
 	"encoding/base64"
 	"encoding/pem"
-	"io/ioutil"
 	"math/big"
 	"os"
 	"os/exec"
@@ -563,11 +562,11 @@ A ship in port is safe,
 but that's not what ships are built for.
 -- Grace Hopper`)
 	// write the content to a temp file
-	tmpContentFile, err := ioutil.TempFile("", "TestSignWithOpenSSLAndVerify_content")
+	tmpContentFile, err := os.CreateTemp("", "TestSignWithOpenSSLAndVerify_content")
 	if err != nil {
 		t.Fatal(err)
 	}
-	ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
+	os.WriteFile(tmpContentFile.Name(), content, 0755)
 	sigalgs := []x509.SignatureAlgorithm{
 		x509.SHA1WithRSA,
 		x509.SHA256WithRSA,
@@ -590,7 +589,7 @@ but that's not what ships are built for.
 				t.Fatalf("test %s/%s: cannot generate intermediate cert: %s", sigalgroot, sigalginter, err)
 			}
 			// write the intermediate cert to a temp file
-			tmpInterCertFile, err := ioutil.TempFile("", "TestSignWithOpenSSLAndVerify_intermediate")
+			tmpInterCertFile, err := os.CreateTemp("", "TestSignWithOpenSSLAndVerify_intermediate")
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -607,7 +606,7 @@ but that's not what ships are built for.
 				}
 
 				// write the signer cert to a temp file
-				tmpSignerCertFile, err := ioutil.TempFile("", "TestSignWithOpenSSLAndVerify_signer")
+				tmpSignerCertFile, err := os.CreateTemp("", "TestSignWithOpenSSLAndVerify_signer")
 				if err != nil {
 					t.Fatal(err)
 				}
@@ -619,7 +618,7 @@ but that's not what ships are built for.
 				fd.Close()
 
 				// write the signer key to a temp file
-				tmpSignerKeyFile, err := ioutil.TempFile("", "TestSignWithOpenSSLAndVerify_key")
+				tmpSignerKeyFile, err := os.CreateTemp("", "TestSignWithOpenSSLAndVerify_key")
 				if err != nil {
 					t.Fatal(err)
 				}
@@ -643,7 +642,7 @@ but that's not what ships are built for.
 				fd.Close()
 
 				// write the root cert to a temp file
-				tmpSignedFile, err := ioutil.TempFile("", "TestSignWithOpenSSLAndVerify_signature")
+				tmpSignedFile, err := os.CreateTemp("", "TestSignWithOpenSSLAndVerify_signature")
 				if err != nil {
 					t.Fatal(err)
 				}
@@ -658,7 +657,7 @@ but that's not what ships are built for.
 				}
 
 				// verify the signed content
-				pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())
+				pemSignature, err := os.ReadFile(tmpSignedFile.Name())
 				if err != nil {
 					t.Fatal(err)
 				}
diff --git a/sm2/sm2_dsa_test.go b/sm2/sm2_dsa_test.go
index 953f6f8..61b4d55 100644
--- a/sm2/sm2_dsa_test.go
+++ b/sm2/sm2_dsa_test.go
@@ -210,6 +210,31 @@ func TestSignVerifyLegacy(t *testing.T) {
 	}
 }
 
+func TestSignVerifyWithSM2Legacy(t *testing.T) {
+	priv, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	tests := []struct {
+		name      string
+		plainText string
+	}{
+		// TODO: Add test cases.
+		{"less than 32", "encryption standard"},
+		{"equals 32", "encryption standard encryption "},
+		{"long than 32", "encryption standard encryption standard"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r, s, err := SignWithSM2(rand.Reader, priv, nil, []byte(tt.plainText))
+			if err != nil {
+				t.Fatalf("sign failed %v", err)
+			}
+			result := VerifyWithSM2(&priv.PublicKey, nil, []byte(tt.plainText), r, s)
+			if !result {
+				t.Fatal("verify failed")
+			}
+		})
+	}
+}
+
 // Check that signatures remain non-deterministic with a functional entropy source.
 func TestINDCCA(t *testing.T) {
 	priv, err := GenerateKey(rand.Reader)