diff --git a/include/gmssl/sdf.h b/include/gmssl/sdf.h
index 68581533..e93f9807 100644
--- a/include/gmssl/sdf.h
+++ b/include/gmssl/sdf.h
@@ -40,30 +40,6 @@ typedef struct {
 	SDF_SIGN_KEY key;
 } SDF_SIGN_CTX;
 
-/*
-typedef struct {
-	void *hSession;
-} SDF_SM3_CTX;
-
-typedef struct {
-	void *hSession;
-	void *hKey;
-} SDF_SM4_KEY;
-
-typedef struct {
-	uint32_t index;
-	uint8_t passlen;
-	unsigned char pass[26 + 1];
-} SDF_ENC_PRIVATE_KEY;
-
-typedef struct {
-	uint32_t index;
-	uint8_t passlen;
-	unsigned char pass[26 + 1];
-} SDF_PRIVATE_KEY;
-*/
-
-
 int sdf_load_library(const char *so_path, const char *vendor);
 int sdf_open_device(SDF_DEVICE *dev);
 int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
diff --git a/src/sdf/sdf_sm2_sign.c b/src/sdf/sdf_sm2_sign.c
index 14f1b4f0..e775a4cd 100644
--- a/src/sdf/sdf_sm2_sign.c
+++ b/src/sdf/sdf_sm2_sign.c
@@ -22,6 +22,19 @@
 
 extern void *globalDeviceHandle;
 
+typedef struct {
+	uint32_t index;
+	uint8_t passlen;
+	unsigned char pass[26 + 1];
+} SDF_ENC_PRIVATE_KEY;
+
+typedef struct {
+	uint32_t index;
+	uint8_t passlen;
+	unsigned char pass[26 + 1];
+} SDF_PRIVATE_KEY;
+
+
 static const uint8_t zeros[ECCref_MAX_LEN - 32] = {0};
 
 // hSession is from HashInit/Update/Final, also means the uiISKIndex key has been opened with password
diff --git a/src/sdf/sdf_sm3.c b/src/sdf/sdf_sm3.c
index 0cc10117..6743fb44 100755
--- a/src/sdf/sdf_sm3.c
+++ b/src/sdf/sdf_sm3.c
@@ -17,14 +17,13 @@
 #include "sdf.h"
 #include "sdf_ext.h"
 
-/*
- * TODO:
- *  1. SM3-HMAC
 
+void *globalDeviceHandle = NULL;
 
-*/
 
-void *globalDeviceHandle = NULL;
+typedef struct {
+	void *hSession;
+} SDF_SM3_CTX;
 
 
 int sm3_digest_init(SM3_DIGEST_CTX *ctx, const uint8_t *key, size_t keylen)
diff --git a/src/sdf/sdf_sm4_cbc.c b/src/sdf/sdf_sm4_cbc.c
index 64fd93cf..c18b079c 100644
--- a/src/sdf/sdf_sm4_cbc.c
+++ b/src/sdf/sdf_sm4_cbc.c
@@ -19,6 +19,11 @@
 extern void *globalDeviceHandle;
 
 
+typedef struct {
+	void *hSession;
+	void *hKey;
+} SDF_SM4_KEY;
+
 
 static int sdf_sm4_cbc_encrypt_blocks(SDF_SM4_KEY *key,
 	const uint8_t iv[16], const uint8_t *in, size_t inlen, uint8_t *out)
diff --git a/tools/sdftest.c b/tools/sdftest.c
index 6ccf5df5..8d528dc0 100644
--- a/tools/sdftest.c
+++ b/tools/sdftest.c
@@ -15,6 +15,7 @@
 #include <time.h>
 #include <gmssl/hex.h>
 #include <gmssl/sm2.h>
+#include <gmssl/sm3.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 #include "../src/sdf/sdf.h"
@@ -870,6 +871,7 @@ static int test_SDF_GenerateKeyWithIPK_ECC(int key, char *pass)
 	void *hDeviceHandle = NULL;
 	void *hSessionHandle = NULL;
 	void *hKeyHandle = NULL;
+	uint8_t iv[16] = {1};
 	unsigned int uiIPKIndex =(unsigned int)key;
 	unsigned char *pucPassword = (unsigned char *)pass;
 	unsigned int uiPwdLength = (unsigned int)strlen(pass);
@@ -906,6 +908,7 @@ static int test_SDF_GenerateKeyWithIPK_ECC(int key, char *pass)
 		return -1;
 	}
 
+	memcpy(ucIV, iv, 16);
 	ret = SDF_Encrypt(hSessionHandle, hKeyHandle, SGD_SM4_CBC, ucIV, ucData, uiDataLength, ucEncData, &uiEncDataLength);
 	if (ret != SDR_OK) {
 		fprintf(stderr, "Error: SDF_Encrypt return 0x%X\n", ret);
@@ -941,6 +944,7 @@ static int test_SDF_GenerateKeyWithIPK_ECC(int key, char *pass)
 		return -1;
 	}
 
+	memcpy(ucIV, iv, 16);
 	ret = SDF_Decrypt(hSessionHandle, hKeyHandle, SGD_SM4_CBC, ucIV, ucEncData, uiEncDataLength, ucDecData, &uiDecDataLength);
 	if (ret != SDR_OK) {
 		printf("Error: SDF_Encrypt returned 0x%X\n", ret);
@@ -1063,6 +1067,7 @@ static int test_SDF_Encrypt(int kek)
 	unsigned int uiKEKIndex = (unsigned int)kek;
 	unsigned char pucKey[64];
 	unsigned int uiKeyLength = (unsigned int)sizeof(pucKey);
+	unsigned char ucIV[16] = {1};
 	unsigned char pucIV[16];
 	unsigned char pucData[32];
 	unsigned int uiDataLength = sizeof(pucData);
@@ -1091,6 +1096,7 @@ static int test_SDF_Encrypt(int kek)
 	}
 
 	// encrypt and decrypt
+	memcpy(pucIV, ucIV, 16);
 	ret = SDF_Encrypt(hSessionHandle, hKeyHandle, SGD_SM4_CBC, pucIV, pucData, uiDataLength, pucEncData, &uiEncDataLength);
 	if (ret != SDR_OK) {
 		error_print_msg("SDF library: 0x%08X\n", ret);
@@ -1109,6 +1115,7 @@ static int test_SDF_Encrypt(int kek)
 	}
 	*/
 
+	memcpy(pucIV, ucIV, 16);
 	ret = SDF_Decrypt(hSessionHandle, hKeyHandle, SGD_SM4_CBC, pucIV, pucEncData, uiEncDataLength, pucDecData, &uiDecDataLength);
 	if (ret != SDR_OK) {
 		error_print_msg("SDF library: 0x%08X\n", ret);
@@ -1542,6 +1549,7 @@ static int speed_SDF_GenerateKeyPair_ECC(void)
 	return 1;
 }
 
+// XXX: speed of `SDF_InternalSign_ECC` should be compared with `sm2_do_sign`
 static int speed_SDF_InternalSign_ECC(int key, char *pass)
 {
 	void *hDeviceHandle = NULL;
@@ -1549,7 +1557,7 @@ static int speed_SDF_InternalSign_ECC(int key, char *pass)
 	unsigned int uiIPKIndex = (unsigned int)key;
 	unsigned char *ucPassword = (unsigned char *)pass;
 	unsigned int uiPwdLength = (unsigned int)strlen(pass);
-	unsigned char ucData[64 - 32 - 8] = {1}; // same length as sm2_signtest.c
+	unsigned char ucData[SM3_DIGEST_SIZE] = {1}; // XXX: `SDF_InternalSign_ECC` can only handle 32 bytes digest
 	unsigned int uiDataLength = (unsigned int)sizeof(ucData);
 	ECCSignature eccSignature;
 	clock_t begin, end;
@@ -1602,6 +1610,7 @@ static int speed_SDF_InternalSign_ECC(int key, char *pass)
 	return 1;
 }
 
+// XXX: speed of `SDF_InternalVerify_ECC` should be compared with `sm2_do_verify`
 static int speed_SDF_InternalVerify_ECC(int key, char *pass)
 {
 	void *hDeviceHandle = NULL;
@@ -1609,7 +1618,7 @@ static int speed_SDF_InternalVerify_ECC(int key, char *pass)
 	unsigned int uiIPKIndex = (unsigned int)key;
 	unsigned char *ucPassword = (unsigned char *)pass;
 	unsigned int uiPwdLength = (unsigned int)strlen(pass);
-	unsigned char ucData[64 - 32 - 8] = {1}; // same length as sm2_signtest.c
+	unsigned char ucData[32] = {1}; // XXX: `SDF_InternalVerify_ECC` can only handle 32 bytes digest
 	unsigned int uiDataLength = (unsigned int)sizeof(ucData);
 	ECCSignature eccSignature;
 	clock_t begin, end;
@@ -1636,7 +1645,6 @@ static int speed_SDF_InternalVerify_ECC(int key, char *pass)
 		error_print();
 		return -1;
 	}
-
 	ret = SDF_InternalSign_ECC(hSessionHandle, uiIPKIndex, ucData, uiDataLength, &eccSignature);
 	if (ret != SDR_OK) {
 		(void)SDF_ReleasePrivateKeyAccessRight(hSessionHandle, uiIPKIndex);
@@ -1645,7 +1653,7 @@ static int speed_SDF_InternalVerify_ECC(int key, char *pass)
 		error_print();
 		return -1;
 	}
-	//(void)SDF_ReleasePrivateKeyAccessRight(hSessionHandle, uiIPKIndex); // FIXME: error on calling this				
+	(void)SDF_ReleasePrivateKeyAccessRight(hSessionHandle, uiIPKIndex);
 
 	begin = clock();
 	for (i = 0; i < 16; i++) {
@@ -1663,7 +1671,6 @@ static int speed_SDF_InternalVerify_ECC(int key, char *pass)
 	end = clock();
 	seconds = (double)(end - begin)/ CLOCKS_PER_SEC;
 
-	(void)SDF_ReleasePrivateKeyAccessRight(hSessionHandle, uiIPKIndex);
 	(void)SDF_CloseSession(hSessionHandle);
 	(void)SDF_CloseDevice(hDeviceHandle);
 
@@ -1879,7 +1886,7 @@ int sdftest_main(int argc, char **argv)
 #if ENABLE_TEST_SPEED
 	if (speed_SDF_Hash() != 1) goto err;
 	if (speed_SDF_Encrypt_SM4_CBC(kek) != 1) goto err;
-	//if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err; // FIXME: should implement CBC without padding in SoftSDF				
+	if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err; // FIXME: should implement CBC without padding in SoftSDF				
 	if (speed_SDF_GenerateKeyPair_ECC() != 1) goto err;
 	if (speed_SDF_InternalSign_ECC(key, pass) != 1) goto err;
 	if (speed_SDF_InternalVerify_ECC(key, pass) != 1) goto err;