The support for the Ed25519 signature scheme has recently been committed to OpenSSH and it relies on the SUPERCOP implementation. Damien Miller:

Markus has just committed a few changes that add support for the Ed25519 signature algorithm as a new private key type.

I'm not holding my breath for a quick implementation of Ed25519 in Common Crypto though.

The current situation of the crypto implementation of OpenSSH as shipped by Apple in OS X 10.9 is a real mess. Continuing their push in favor of Common Crypto and their deprecating of libcrypto (OpenSSL) they implemented in their version of OpenSSH a new crypto module compatible with OpenSSL's interface but targetting the Common Crypto library instead. However this implementation seems currently incomplete due to limitations of Common Crypto and as a result they also have embedded fallbacks on big chunks of OpenSSL code.

A concrete shortcoming is that there is actually no elliptic curve support, thus it is not possible to generate EC keys and use ECDSA signatures for authentication.

The Chrome browser provides an implementation (p224_spake.h, p224_spake.cc) for the password-based encrypted key exchange protocol SPAKE2. This code is implemented in C++ and its operations are based over the elliptic group NIST P-224, using their standalone implementation (p224.h, p224.cc).

Note: In the SPAKE protocols it is vitally important to either validate the public points used to mask the password or to use as they do in this implementation hard-coded static points with verifiable non-random seeds.