test: Add SM2 SM3 signature verification tests

- Add tongsuo tool to verify sm2 sm3 signature.
- Write tests to verify that the signature is valid based on a given known plaintext and known public key.

crypto/test_gmssl/gmssl_test.go

@@ -2,7 +2,9 @@ package testgmssl
 
 import (
 	"context"
+	"os"
 	"os/exec"
+	"path/filepath"
 	"testing"
 
 	gmssl "github.com/GmSSL/GmSSL-Go"
@@ -94,3 +96,51 @@ func TestTOngsuo_EncryptBySm4Cbc(t *testing.T) {
 		require.Equal(t, plaintext, decrypted)
 	})
 }
+
+func TestTongsuo_SignBySM2SM3(t *testing.T) {
+	t.Parallel()
+	if testSkipSmTongsuo(t) {
+		return
+	}
+
+	dir, err := os.MkdirTemp("", "tongsuo*")
+	require.NoError(t, err)
+	defer os.RemoveAll(dir)
+
+	ctx := context.Background()
+	ins, err := gcrypto.NewTongsuo("/usr/local/bin/tongsuo")
+	require.NoError(t, err)
+
+	gmsslPrikey, err := gmssl.GenerateSm2Key()
+	require.NoError(t, err)
+
+	pubkeyPath := filepath.Join(dir, "pubkey.pem")
+	err = gmsslPrikey.ExportPublicKeyInfoPem(pubkeyPath)
+	require.NoError(t, err)
+
+	pubkeyPem, err := os.ReadFile(pubkeyPath)
+	require.NoError(t, err)
+
+	plaintext, err := gcrypto.Salt(1024 * 1024)
+	require.NoError(t, err)
+
+	// sign by gmssl
+	gmsslSign, err := gmssl.NewSm2Signature(gmsslPrikey, gmssl.Sm2DefaultId, true)
+	require.NoError(t, err)
+	gmsslSign.Update(plaintext)
+	signature, err := gmsslSign.Sign()
+	require.NoError(t, err)
+
+	// verify by tongsuo
+	err = ins.VerifyBySm2Sm3(ctx, pubkeyPem, signature, plaintext)
+	require.NoError(t, err)
+
+	t.Run("invalid signature", func(t *testing.T) {
+		err = ins.VerifyBySm2Sm3(ctx, pubkeyPem, append(signature[:len(signature)-1:len(signature)-1], 'a'), plaintext)
+		require.ErrorContains(t, err, "Verification failure")
+	})
+	t.Run("invalid plaintext", func(t *testing.T) {
+		err = ins.VerifyBySm2Sm3(ctx, pubkeyPem, signature, append(plaintext[:len(plaintext)-1:len(plaintext)-1], 'a'))
+		require.ErrorContains(t, err, "Verification failure")
+	})
+}