sm-crypto Signature Forgery Vulnerability in SM2 Verification Logic

A signature forgery vulnerability has been identified in the SM2 signature verification logic of the sm-crypto library, in versions prior to 0.4.0. Under default configurations, this vulnerability allows an attacker to forge valid signatures for any public key. Exploitation is possible if the message space has enough redundancy, enabling the attacker to manipulate the message prefix of the forged signature to meet certain formatting requirements.

Impact

Exploitation of this vulnerability allows for the forgery of signatures in the SM2 digital signature algorithm, which could be used to impersonate another party or validate a message falsely.

Reproduction

To reproduce this vulnerability, use a version of the sm-crypto library prior to 0.4.0. The vulnerability can be exploited by forging a signature for an arbitrary public key using the SM2 signing function. If the message contains enough redundancy, the forged signature can be crafted to meet specific formatting requirements, such as fixing the message prefix to align with the expected signature structure.

Remediation

Users can upgrade to sm-crypto version 0.4.0 or later, where this vulnerability has been patched.