Add kasp tests for Ed25519 and Ed448

Use the testcrypto script to see if these algorithms are supported by
openssl. If so, add the specific configuration to the named.conf file
and touch a file to indicate support. If the file exists, the
corresponding setup and tests are performed.

bin/tests/system/kasp/clean.sh

@@ -26,3 +26,4 @@ rm -f ns*/zones ns*/*.db.infile
 rm -f *.created published.test* retired.test*
 rm -f rndc.dnssec.*.out.*
 rm -f python.out.*
+rm -f *-supported.file

bin/tests/system/kasp/ns3/ed25519.conf

@@ -0,0 +1,15 @@
+dnssec-policy "ed25519" {
+        dnskey-ttl 1234;
+
+        keys {
+                ksk key-directory lifetime P10Y algorithm 15;
+                zsk key-directory lifetime P5Y  algorithm 15;
+                zsk key-directory lifetime P1Y  algorithm 15 256;
+        };
+};
+
+zone "ed25519.kasp" {
+        type primary;
+        file "ed25519.kasp.db";
+        dnssec-policy "ed25519";
+};

bin/tests/system/kasp/ns3/ed448.conf

@@ -0,0 +1,15 @@
+dnssec-policy "ed448" {
+        dnskey-ttl 1234;
+
+        keys {
+                ksk key-directory lifetime P10Y algorithm 16;
+                zsk key-directory lifetime P5Y  algorithm 16;
+                zsk key-directory lifetime P1Y  algorithm 16 456;
+        };
+};
+
+zone "ed448.kasp" {
+        type primary;
+        file "ed448.kasp.db";
+        dnssec-policy "ed448";
+};

bin/tests/system/kasp/ns3/setup.sh

@@ -59,6 +59,18 @@ do
 	cp template.db.in "$zonefile"
 done
 
+if [ -f ../ed25519-supported.file ]; then
+	setup "ed25519.kasp"
+	cp template.db.in "$zonefile"
+	cat ed25519.conf >> named.conf
+fi
+
+if [ -f ../ed448-supported.file ]; then
+	setup "ed448.kasp"
+	cp template.db.in "$zonefile"
+	cat ed448.conf >> named.conf
+fi
+
 # Set up zone that stays unsigned.
 zone="unsigned.kasp"
 echo_i "setting up zone: $zone"

bin/tests/system/kasp/setup.sh

@@ -24,6 +24,14 @@ copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
 
+if $SHELL ../testcrypto.sh ed25519; then
+	echo "yes" > ed25519-supported.file
+fi
+
+if $SHELL ../testcrypto.sh ed448; then
+	echo "yes" > ed448-supported.file
+fi
+
 # Setup zones
 (
 	cd ns2

bin/tests/system/kasp/tests.sh

@@ -2041,7 +2041,49 @@ check_apex
 check_subdomain
 dnssec_verify
 
-# TODO: ED25519 and ED448.
+#
+# Zone: ed25519.kasp.
+#
+if [ -f ed25519-supported.file ]; then
+	set_zone "ed25519.kasp"
+	set_policy "ed25519" "3" "1234"
+	set_server "ns3" "10.53.0.3"
+	# Key properties.
+	set_keyalgorithm "KEY1" "15" "ED25519" "256"
+	set_keyalgorithm "KEY2" "15" "ED25519" "256"
+	set_keyalgorithm "KEY3" "15" "ED25519" "256"
+	# Key timings and states same as above.
+
+	check_keys
+	check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
+	set_keytimes_algorithm_policy
+	check_keytimes
+	check_apex
+	check_subdomain
+	dnssec_verify
+fi
+
+#
+# Zone: ed448.kasp.
+#
+if [ -f ed448-supported.file ]; then
+	set_zone "ed448.kasp"
+	set_policy "ed448" "3" "1234"
+	set_server "ns3" "10.53.0.3"
+	# Key properties.
+	set_keyalgorithm "KEY1" "16" "ED448" "456"
+	set_keyalgorithm "KEY2" "16" "ED448" "456"
+	set_keyalgorithm "KEY3" "16" "ED448" "456"
+	# Key timings and states same as above.
+
+	check_keys
+	check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
+	set_keytimes_algorithm_policy
+	check_keytimes
+	check_apex
+	check_subdomain
+	dnssec_verify
+fi
 
 # Set key times for 'autosign' policy.
 set_keytimes_autosign_policy() {