Merge branch '1810-refactor-ecdsa-eddsa-system-tests-v9_16' into 'v9_16'

Resolve "Refactor ecdsa and eddsa tests after testcrypto.sh changes"

See merge request isc-projects/bind9!4666

bin/tests/system/ecdsa/clean.sh

@@ -9,11 +9,14 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */K* */dsset-* */*.signed */trusted.conf
-rm -f ns1/root.db
-rm -f ns1/signer.err
+rm -f */K* */dsset-* */*.signed
 rm -f dig.out*
-rm -f */named.run
-rm -f */named.memstats
+rm -f ns*/named.run
+rm -f ns*/named.memstats
 rm -f ns*/named.lock
+rm -f ns*/named.conf
 rm -f ns*/managed-keys.bind*
+rm -f ns*/root.db
+rm -f ns*/signer.err
+rm -f ns*/trusted.conf
+rm -f *-supported.file

bin/tests/system/ecdsa/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/ecdsa/ns1/sign.sh

@@ -16,14 +16,39 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone`
-key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone`
-$DSFROMKEY -a sha-384 $key2.key > dsset-384
+echo_i "ns1/sign.sh"
 
-cat $infile $key1.key $key2.key > $zonefile
+cp $infile $zonefile
 
-$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+if [ -f ../ecdsa256-supported.file ]; then
+	zsk256=$($KEYGEN -q -a ECDSA256 -n zone "$zone")
+	ksk256=$($KEYGEN -q -a ECDSA256 -n zone -f KSK "$zone")
+	cat "$ksk256.key" "$zsk256.key" >> "$zonefile"
+	$DSFROMKEY -a sha-256 "$ksk256.key" >> dsset-256
+fi
+
+if [ -f ../ecdsa384-supported.file ]; then
+	zsk384=$($KEYGEN -q -a ECDSA384 -n zone "$zone")
+	ksk384=$($KEYGEN -q -a ECDSA384 -n zone -f KSK "$zone")
+	cat "$ksk384.key" "$zsk384.key" >> "$zonefile"
+	$DSFROMKEY -a sha-256 "$ksk384.key" >> dsset-256
+fi
 
 # Configure the resolving server with a static key.
-keyfile_to_static_ds $key1 > trusted.conf
-cp trusted.conf ../ns2/trusted.conf
+if [ -f ../ecdsa256-supported.file ]; then
+	keyfile_to_static_ds $ksk256 > trusted.conf
+	cp trusted.conf ../ns2/trusted.conf
+else
+	keyfile_to_static_ds $ksk384 > trusted.conf
+	cp trusted.conf ../ns2/trusted.conf
+fi
+
+if [ -f ../ecdsa384-supported.file ]; then
+	keyfile_to_static_ds $ksk384 > trusted.conf
+	cp trusted.conf ../ns3/trusted.conf
+else
+	keyfile_to_static_ds $ksk256 > trusted.conf
+	cp trusted.conf ../ns3/trusted.conf
+fi
+
+$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err

bin/tests/system/ecdsa/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/ecdsa/ns3/named.conf.in

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion yes;
+	notify yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "../../common/root.hint";
+};
+
+include "trusted.conf";

bin/tests/system/ecdsa/setup.sh

@@ -12,4 +12,20 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-cd ns1 && $SHELL sign.sh
+set -e
+
+if $SHELL ../testcrypto.sh ecdsap384sha384; then
+	echo "yes" > ecdsa256-supported.file
+fi
+
+if $SHELL ../testcrypto.sh ecdsap384sha384; then
+	echo "yes" > ecdsa384-supported.file
+fi
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+(
+	cd ns1
+	$SHELL sign.sh
+)

bin/tests/system/ecdsa/tests.sh

@@ -15,20 +15,37 @@ SYSTEMTESTTOP=..
 status=0
 n=0
 
-rm -f dig.out.*
+dig_with_opts() {
+    "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
+}
 
-DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+if [ -f ecdsa256-supported.file ]; then
+	n=$((n+1))
+	echo_i "checking that ECDSA256 positive validation works ($n)"
+	ret=0
+	dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+	dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+	$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
+	grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
+else
+	echo_i "algorithm ECDSA256 not supported, skipping test"
+fi
 
-# Check the example. domain
-echo_i "checking that positive validation works ($n)"
-ret=0
-$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
-$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
-n=$((n+1))
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+if [ -f ecdsa384-supported.file ]; then
+	n=$((n+1))
+	echo_i "checking that ECDSA384 positive validation works ($n)"
+	ret=0
+	dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+	dig_with_opts . @10.53.0.3 soa > dig.out.ns3.test$n || ret=1
+	$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1
+	grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
+else
+	echo_i "algorithm ECDSA384 not supported, skipping test"
+fi
 
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/eddsa/clean.sh

@@ -9,11 +9,15 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */K* */dsset-* */*.signed */trusted.conf
-rm -f ns1/root.db
-rm -f ns*/signer.err
+rm -f */K* */dsset-* */*.signed
 rm -f dig.out*
-rm -f */named.run
-rm -f */named.memstats
+rm -f ns*/root.db
+rm -f ns*/signer.err
+rm -f ns*/named.run
+rm -f ns*/named.memstats
 rm -f ns*/named.lock
 rm -f ns*/managed-keys.bind*
+rm -f ns*/trusted.conf
+rm -f ns*/example.com.db
+rm -f ns*/named.conf
+rm -f *-supported.file

bin/tests/system/eddsa/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/eddsa/ns1/sign.sh

@@ -16,17 +16,39 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -a ED25519 -n zone $zone`
-key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone`
-#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone`
-$DSFROMKEY -a sha-256 $key2.key > dsset-256
+echo_i "ns1/sign.sh"
 
-cat $infile $key1.key $key2.key > $zonefile
+cp $infile $zonefile
 
-$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+if [ -f ../ed25519-supported.file ]; then
+	zsk25519=$($KEYGEN -q -a ED25519 -n zone "$zone")
+	ksk25519=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone")
+	cat "$ksk25519.key" "$zsk25519.key" >> "$zonefile"
+	$DSFROMKEY -a sha-256 "$ksk25519.key" >> dsset-256
+fi
+
+if [ -f ../ed448-supported.file ]; then
+	zsk448=$($KEYGEN -q -a ED448 -n zone "$zone")
+	ksk448=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone")
+	cat "$ksk448.key" "$zsk448.key" >> "$zonefile"
+	$DSFROMKEY -a sha-256 "$ksk448.key" >> dsset-256
+fi
 
 # Configure the resolving server with a static key.
-keyfile_to_static_ds $key1 > trusted.conf
-cp trusted.conf ../ns2/trusted.conf
+if [ -f ../ed25519-supported.file ]; then
+	keyfile_to_static_ds $ksk25519 > trusted.conf
+	cp trusted.conf ../ns2/trusted.conf
+else
+	keyfile_to_static_ds $ksk448 > trusted.conf
+	cp trusted.conf ../ns2/trusted.conf
+fi
 
-cd ../ns2 && $SHELL sign.sh
+if [ -f ../ed448-supported.file ]; then
+	keyfile_to_static_ds $ksk448 > trusted.conf
+	cp trusted.conf ../ns3/trusted.conf
+else
+	keyfile_to_static_ds $ksk25519 > trusted.conf
+	cp trusted.conf ../ns3/trusted.conf
+fi
+
+$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/ns2/example.com.db.in

@@ -0,0 +1,20 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+@			IN SOA	fdupont.isc.org. ns.example.com. (
+				2012040600	; serial
+				600		; refresh
+				600		; retry
+				1200		; expire
+				3600		; minimum
+				)
+			MX	10 mail.example.com.
+			NS	ns.example.com.
+ns.example.com.		A	10.53.0.2

bin/tests/system/eddsa/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/eddsa/ns2/sign.sh

@@ -13,16 +13,23 @@ SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 
 zone=example.com.
+infile=example.com.db.in
 zonefile=example.com.db
 starttime=20150729220000
 endtime=20150819220000
 
-for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \
-	 Xexample.com.+015+35217.key Xexample.com.+015+35217.private \
-	 Xexample.com.+016+09713.key Xexample.com.+016+09713.private \
-	 Xexample.com.+016+38353.key Xexample.com.+016+38353.private
-do
-	cp $i `echo $i | sed s/X/K/`
-done
+echo_i "ns2/sign.sh"
+
+cp $infile $zonefile
+
+if [ -f ../ed25519-supported.file ]; then
+
+	for i in Xexample.com.+015+03613 Xexample.com.+015+35217
+	do
+		cp "$i.key" "$(echo $i.key | sed s/X/K/)"
+		cp "$i.private" "$(echo $i.private | sed s/X/K/)"
+		cat "$(echo $i.key | sed s/X/K/)" >> "$zonefile"
+	done
+fi
 
 $SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/ns3/example.com.db.in

@@ -8,18 +8,13 @@
 ; information regarding copyright ownership.
 
 $TTL 3600
-@ 			IN SOA	fdupont.isc.org. ns.example.com. (
-				2012040600   	; serial
-				600         	; refresh
-				600         	; retry
-				1200    	; expire
-				3600       	; minimum
+@			IN SOA	fdupont.isc.org. ns.example.com. (
+				2012040600	; serial
+				600		; refresh
+				600		; retry
+				1200		; expire
+				3600		; minimum
 				)
-			MX	10	mail.example.com.
+			MX	10 mail.example.com.
 			NS	ns.example.com.
 ns.example.com.		A	10.53.0.3
-;
-$INCLUDE Kexample.com.+015+03613.key
-$INCLUDE Kexample.com.+015+35217.key
-$INCLUDE Kexample.com.+016+09713.key
-$INCLUDE Kexample.com.+016+38353.key

bin/tests/system/eddsa/ns3/named.conf.in

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion yes;
+	notify yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "../../common/root.hint";
+};
+
+include "trusted.conf";

bin/tests/system/eddsa/ns3/sign.sh

@@ -0,0 +1,35 @@
+#!/bin/sh -e
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+
+. ../../conf.sh
+
+zone=example.com.
+infile=example.com.db.in
+zonefile=example.com.db
+starttime=20150729220000
+endtime=20150819220000
+
+echo_i "ns3/sign.sh"
+
+cp $infile $zonefile
+
+if [ -f ../ed448-supported.file ]; then
+	for i in Xexample.com.+016+09713 Xexample.com.+016+38353
+	do
+		cp "$i.key" "$(echo $i.key | sed s/X/K/)"
+		cp "$i.private" "$(echo $i.private | sed s/X/K/)"
+		cat "$(echo $i.key | sed s/X/K/)" >> "$zonefile"
+	done
+fi
+
+$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/prereq.sh

@@ -12,4 +12,12 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-exec $SHELL ../testcrypto.sh eddsa
+supported=0
+if $SHELL ../testcrypto.sh ed25519; then
+	supported=1
+fi
+if $SHELL ../testcrypto.sh ed448; then
+	supported=1
+fi
+
+[ "$supported" -eq 1 ] || exit 1

bin/tests/system/eddsa/setup.sh

@@ -12,4 +12,27 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-cd ns1 && $SHELL sign.sh
+if $SHELL ../testcrypto.sh ed25519; then
+	echo "yes" > ed25519-supported.file
+fi
+
+if $SHELL ../testcrypto.sh ed448; then
+	echo "yes" > ed448-supported.file
+fi
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+
+(
+	cd ns1
+	$SHELL sign.sh
+)
+(
+	cd ns2
+	$SHELL sign.sh
+)
+(
+	cd ns3
+	$SHELL sign.sh
+)

bin/tests/system/eddsa/tests.sh

@@ -13,53 +13,70 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 status=0
-n=1
+n=0
 
-rm -f dig.out.*
+dig_with_opts() {
+    "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
+}
 
-DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+if [ -f ed25519-supported.file ]; then
+	# Check the example. domain
+	n=$((n+1))
+	echo_i "checking that Ed25519 positive validation works ($n)"
+	ret=0
+	dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+	dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+	$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
+	grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
 
-# Check the example. domain
+	# Check test vectors (RFC 8080 + errata)
+	n=$((n+1))
+	echo_i "checking that Ed25519 test vectors match ($n)"
+	ret=0
+	grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/null || ret=1
+	grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
+	grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1
+	grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
+else
+	echo_i "algorithm Ed25519 not supported, skipping vectors match test"
+fi
 
-echo_i "checking that positive validation works ($n)"
-ret=0
-$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
-$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
-n=$((n+1))
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+if [ -f ed448-supported.file ]; then
+	# Check the example. domain
+	n=$((n+1))
+	echo_i "checking that Ed448 positive validation works ($n)"
+	ret=0
+	dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+	dig_with_opts . @10.53.0.3 soa > dig.out.ns3.test$n || ret=1
+	$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1
+	grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
 
-# Check test vectors (RFC 8080 + errata)
+	# Check test vectors (RFC 8080 + errata)
+	n=$((n+1))
+	echo_i "checking that Ed448 test vectors match ($n)"
+	ret=0
+	grep '3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLm' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'jInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKi' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'wZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQ' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'vE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'WKsJlwEA' ns3/example.com.db.signed > /dev/null || ret=1
 
-echo_i "checking that Ed25519 test vectors match ($n)"
-ret=0
-grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1
-n=$((n+1))
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
-echo_i "checking that Ed448 test vectors match ($n)"
-ret=0
-grep '3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLm' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'jInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKi' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'wZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQ' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'vE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'WKsJlwEA' ns2/example.com.db.signed > /dev/null || ret=1
-
-grep 'E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3ur' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'CyHyvEp4Sp8Syg1eI+lJ57CSnZqjJP41O/9l' ns2/example.com.db.signed > /dev/null || ret=1
-grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1
-grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1
-
-n=$((n+1))
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+	grep 'E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3ur' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'CyHyvEp4Sp8Syg1eI+lJ57CSnZqjJP41O/9l' ns3/example.com.db.signed > /dev/null || ret=1
+	grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns3/example.com.db.signed > /dev/null || ret=1
+	grep 'ZmQ0YQUA' ns3/example.com.db.signed > /dev/null || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status+ret))
+else
+	echo_i "algorithm Ed448 not supported, skipping vectors match test"
+fi
 
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/testcrypto.sh

@@ -50,7 +50,7 @@ while test "$#" -gt 0; do
                 msg="EDDSA cryptography"
                 ;;
         ed448|ED448)
-                alg="-a ED25519"
+                alg="-a ED448"
                 msg="EDDSA cryptography"
                 ;;
         *)

util/copyrights

@@ -550,11 +550,12 @@
 ./bin/tests/system/eddsa/ns2/Xexample.com.+015+03613.private	X	2017,2018,2019,2020,2021
 ./bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.key	X	2017,2018,2019,2020,2021
 ./bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.private	X	2017,2018,2019,2020,2021
-./bin/tests/system/eddsa/ns2/Xexample.com.+016+09713.key	X	2019,2020,2021
-./bin/tests/system/eddsa/ns2/Xexample.com.+016+09713.private	X	2019,2020,2021
-./bin/tests/system/eddsa/ns2/Xexample.com.+016+38353.key	X	2019,2020,2021
-./bin/tests/system/eddsa/ns2/Xexample.com.+016+38353.private	X	2019,2020,2021
 ./bin/tests/system/eddsa/ns2/sign.sh		SH	2017,2018,2019,2020,2021
+./bin/tests/system/eddsa/ns3/Xexample.com.+016+09713.key	X	2021
+./bin/tests/system/eddsa/ns3/Xexample.com.+016+09713.private	X	2021
+./bin/tests/system/eddsa/ns3/Xexample.com.+016+38353.key	X	2021
+./bin/tests/system/eddsa/ns3/Xexample.com.+016+38353.private	X	2021
+./bin/tests/system/eddsa/ns3/sign.sh		SH	2021
 ./bin/tests/system/eddsa/prereq.sh		SH	2017,2018,2019,2020,2021
 ./bin/tests/system/eddsa/setup.sh		SH	2017,2018,2019,2020,2021
 ./bin/tests/system/eddsa/tests.sh		SH	2017,2018,2019,2020,2021