From 6811a8490abbba6256a42898eeaeedb5698fadf5 Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Mon, 23 Feb 2026 17:30:50 +0100
Subject: [PATCH] Enable Edwards curves with PKCS#11

Ed25519 and Ed448 support (PKCS#11 v3.2) was added to libp11-0.4.17.
---
 bin/tests/system/enginepkcs11/setup.sh        |  4 ++--
 bin/tests/system/enginepkcs11/tests.sh        | 10 ++++++--
 .../system/keyfromlabel/tests_keyfromlabel.py | 23 ++++++++++++++++---
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/bin/tests/system/enginepkcs11/setup.sh b/bin/tests/system/enginepkcs11/setup.sh
index 0f6cbc6932..459a6ea623 100644
--- a/bin/tests/system/enginepkcs11/setup.sh
+++ b/bin/tests/system/enginepkcs11/setup.sh
@@ -49,8 +49,8 @@ mkdir ns1/keys
 dir="ns1"
 infile="${dir}/template.db.in"
 for algtypebits in rsasha256:rsa:2048 rsasha512:rsa:2048 \
-  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1; do # Edwards curves are not yet supported by OpenSC
-  # ed25519:EC:edwards25519 ed448:EC:edwards448
+  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1 \
+  ed25519:EC:Ed25519 ed448:EC:Ed448; do
   alg=$(echo "$algtypebits" | cut -f 1 -d :)
   type=$(echo "$algtypebits" | cut -f 2 -d :)
   bits=$(echo "$algtypebits" | cut -f 3 -d :)
diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh
index 138b0483a8..0546a7c62a 100644
--- a/bin/tests/system/enginepkcs11/tests.sh
+++ b/bin/tests/system/enginepkcs11/tests.sh
@@ -50,11 +50,17 @@ check_keys() {
 cd ns1
 
 for algtypebits in rsasha256:rsa:2048 rsasha512:rsa:2048 \
-  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1; do # Edwards curves are not yet supported by OpenSC
-  # ed25519:EC:edwards25519 ed448:EC:edwards448
+  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1 \
+  ed25519:EC:Ed25519 ed448:EC:Ed448; do
   alg=$(echo "$algtypebits" | cut -f 1 -d :)
   type=$(echo "$algtypebits" | cut -f 2 -d :)
   bits=$(echo "$algtypebits" | cut -f 3 -d :)
+  alg_upper=$(echo "$alg" | tr '[:lower:]' '[:upper:]')
+  supported=$(eval "echo \$${alg_upper}_SUPPORTED")
+  if [ "${supported}" != 1 ]; then
+    echo_i "skipping test for ${alg}:${type}:${bits}, not supported by this build"
+    continue
+  fi
   zone="${alg}.example"
   zonefile="zone.${zone}.db.signed"
 
diff --git a/bin/tests/system/keyfromlabel/tests_keyfromlabel.py b/bin/tests/system/keyfromlabel/tests_keyfromlabel.py
index ad3ad01603..948d308ef9 100644
--- a/bin/tests/system/keyfromlabel/tests_keyfromlabel.py
+++ b/bin/tests/system/keyfromlabel/tests_keyfromlabel.py
@@ -17,6 +17,8 @@ import shutil
 
 import pytest
 
+from isctest.util import param
+
 import isctest.mark
 
 pytestmark = [
@@ -93,9 +95,24 @@ def token_init_and_cleanup():
         ("rsasha512", "rsa", "2048"),
         ("ecdsap256sha256", "EC", "prime256v1"),
         ("ecdsap384sha384", "EC", "prime384v1"),
-        # Edwards curves are not yet supported by OpenSC
-        # ("ed25519","EC","edwards25519"),
-        # ("ed448","EC","edwards448")
+        param(
+            "ed25519",
+            "EC",
+            "Ed25519",
+            marks=pytest.mark.skipif(
+                os.environ.get("ED25519_SUPPORTED") != "1",
+                reason="Ed25519 not supported by this build",
+            ),
+        ),
+        param(
+            "ed448",
+            "EC",
+            "Ed448",
+            marks=pytest.mark.skipif(
+                os.environ.get("ED448_SUPPORTED") != "1",
+                reason="Ed448 not supported by this build",
+            ),
+        ),
     ],
 )
 def test_keyfromlabel(alg_name, alg_type, alg_bits):