reintegrate crypto tests into the tree

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10951 dc483132-0cff-0310-8789-dd5450dbe970

14 files changed, 774 insertions, 250 deletions

diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index 6af65a0..48d035a 100644
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -15,6 +15,9 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/enc_provider \
 MAC_SUBDIRS = crc32 des dk enc_provider hash_provider keyhash_provider \
 	md4 md5 old raw sha1
 
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
 STLIBOBJS=\
 	block_size.o		\
 	checksum_length.o	\
@@ -123,7 +126,14 @@ libcrypto.lib:
 
 clean-unix:: clean-liblinks clean-libs clean-libobjs
 
-check-unix::
+check-unix:: t_nfold
+	$(RUN_SETUP) ./t_nfold
+
+t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT)
+	$(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT)
+
+clean::
+	$(RM) t_nfold.o t_nfold
 
 all-windows::
 	cd crc32
diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in
index b5f73d9..2fb1faf 100644
--- a/src/lib/crypto/configure.in
+++ b/src/lib/crypto/configure.in
@@ -6,6 +6,7 @@ AC_PROG_RANLIB
 AC_PROG_INSTALL
 
 KRB5_RUN_FLAGS
+KRB5_BUILD_PROGRAM
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY
 
diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in
index 8f1e6d6..fdef9e8 100644
--- a/src/lib/crypto/des/Makefile.in
+++ b/src/lib/crypto/des/Makefile.in
@@ -34,7 +34,7 @@ OBJS=	afsstring2key.$(OBJEXT)	\
 	f_sched.$(OBJEXT) 	\
 	f_tables.$(OBJEXT)	\
 	key_sched.$(OBJEXT)	\
-	string2key.$(OBEXT)	\
+	string2key.$(OBJEXT)	\
 	weak_key.$(OBJEXT)
 
 SRCS=	$(srcdir)/afsstring2key.c	\
@@ -57,13 +57,18 @@ includes:: depend
 
 depend:: $(SRCS)
 
-verify$(EXEEXT): t_verify.$(OBJEXT) $(OBJS)
-	$(CC_LINK) -o $@ t_verify.$(OBJEXT) $(OBJS)
+TOBJS = key_sched.$(OBJEXT) f_sched.$(OBJEXT) f_cbc.$(OBJEXT) \
+	f_tables.$(OBJEXT) f_cksum.$(OBJEXT)
 
-destest$(EXEEXT): destest.$(OBJEXT) $(OBJS)
-	$(CC_LINK) -o $@ destest.$(OBJEXT) $(OBJS)
+verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+	$(COM_ERR_DEPLIB)
+	$(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+		-lcom_err
 
-check-unix:: destest verify
+destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS)
+	$(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS)
+
+check-unix:: verify destest
 	$(RUN_SETUP) ./verify -z
 	$(RUN_SETUP) ./verify -m
 	$(RUN_SETUP) ./verify
diff --git a/src/lib/crypto/des/destest.c b/src/lib/crypto/des/destest.c
index 3d6ae24..aa89ffb 100644
--- a/src/lib/crypto/des/destest.c
+++ b/src/lib/crypto/des/destest.c
@@ -34,6 +34,8 @@ void convert PROTOTYPE((char *, unsigned char []));
 
 void des_cblock_print_file PROTOTYPE((mit_des_cblock, FILE *));
 
+char zeroblock[8] = {0,0,0,0,0,0,0,0};
+
 void
 main(argc, argv)
 int argc;
@@ -57,7 +59,7 @@ char *argv[];
             fprintf(stderr, "des test: can't process key");
             exit(1);
         }
-	mit_des_ecb_encrypt(&input, &output2, sched, 1);
+	mit_des_cbc_encrypt(&input, &output2, 8, sched, zeroblock, 1);
 
 	if (memcmp((char *)output2, (char *)output, 8)) {
 	    fprintf(stderr, 
@@ -71,7 +73,7 @@ char *argv[];
 	/*
 	 * Now try decrypting....
 	 */
-	mit_des_ecb_encrypt(&output, &output2, sched, 0);
+	mit_des_cbc_encrypt(&output, &output2, 8, sched, zeroblock, 0);
 
 	if (memcmp((char *)output2, (char *)input, 8)) {
 	    fprintf(stderr, 
@@ -132,7 +134,6 @@ unsigned char cblock[];
  * Fake out the DES library, for the purposes of testing.
  */
 
-#include "des.h"
 #include "des_int.h"
 
 int
diff --git a/src/lib/crypto/des/t_verify.c b/src/lib/crypto/des/t_verify.c
index 9870b29..78031f7 100644
--- a/src/lib/crypto/des/t_verify.c
+++ b/src/lib/crypto/des/t_verify.c
@@ -50,23 +50,6 @@ unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
 unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
 unsigned char *input;
 
-unsigned char *nfold_in[] = {
-    "basch",
-    "eichin",
-    "sommerfeld",
-    "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" };
-
-unsigned char nfold_192[4][24] = {
-    { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d,
-      0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f },
-    { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43,
-      0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca },
-    { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11,
-      0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c },
-    { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08,
-      0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b }
-};
-
 /* 0x0123456789abcdef */
 unsigned char default_key[8] = {
     0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
@@ -112,7 +95,7 @@ unsigned char mresult[8] = {
 
 mit_des_key_schedule sched;
 
-void
+int
 main(argc,argv)
     int argc;
     char *argv[];
@@ -316,21 +299,6 @@ main(argc,argv)
     else 
 	printf("verify: CBC checksum is correct\n\n");
 
-    printf("N-fold\n");
-    for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
-	printf("\tInput:\t\"%.*s\"\n", strlen(nfold_in[i]), nfold_in[i]);
-	printf("\t192-Fold:\t");
-	mit_des_n_fold(nfold_in[i], strlen(nfold_in[i]), cipher_text, 24);
-	for (j=0; j<24; j++)
-	    printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
-	printf("\n");
-	if (memcmp(cipher_text, nfold_192[i], 24)) {
-	    printf("verify: error in n-fold\n");
-	    exit(-1);
-	};
-    }
-    printf("verify: N-fold is correct\n\n");
-
     exit(0);
 }
 
@@ -362,9 +330,11 @@ do_encrypt(in,out)
     char *out;
 {
     for (i =1; i<=nflag; i++) {
-	mit_des_ecb_encrypt((mit_des_cblock *)in,
+	mit_des_cbc_encrypt((mit_des_cblock *)in,
 			    (mit_des_cblock *)out,
+			    8,
 			    sched,
+			    zero_text,
 			    MIT_DES_ENCRYPT);
 	if (mit_des_debug) {
 	    printf("\nclear %s\n",in);
@@ -384,9 +354,11 @@ do_decrypt(in,out)
     /* try to invert it */
 {
     for (i =1; i<=nflag; i++) {
-	mit_des_ecb_encrypt((mit_des_cblock *)out,
+	mit_des_cbc_encrypt((mit_des_cblock *)out,
 			    (mit_des_cblock *)in,
+			    8,
 			    sched,
+			    zero_text,
 			    MIT_DES_DECRYPT);
 	if (mit_des_debug) {
 	    printf("clear %s\n",in);
@@ -403,8 +375,6 @@ do_decrypt(in,out)
  * Fake out the DES library, for the purposes of testing.
  */
 
-#include "des.h"
-
 int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in
index 0896d81..86a4796 100644
--- a/src/lib/crypto/keyhash_provider/Makefile.in
+++ b/src/lib/crypto/keyhash_provider/Makefile.in
@@ -27,4 +27,24 @@ includes:: depend
 
 depend:: $(SRCS)
 
+t_cksum4.o: t_cksum.c
+	$(CC) -DMD=4 $(CFLAGS) -o t_cksum4.o -c t_cksum.c
+
+t_cksum5.o: t_cksum.c
+	$(CC) -DMD=5 $(CFLAGS) -o t_cksum5.o -c t_cksum.c
+
+t_cksum4: t_cksum4.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_cksum4 t_cksum4.o $(KRB5_BASE_LIBS)
+
+t_cksum5: t_cksum5.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_cksum5 t_cksum5.o $(KRB5_BASE_LIBS)
+
+check-unix:: t_cksum4 t_cksum5
+	$(RUN_SETUP) $(C)t_cksum4 "this is a test"
+	$(RUN_SETUP) $(C)t_cksum5 "this is a test"
+
+clean-unix::
+	$(RM) t_cksum4 t_cksum4.o
+	$(RM) t_cksum5 t_cksum5.o
+
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/keyhash_provider/t_cksum.c b/src/lib/crypto/keyhash_provider/t_cksum.c
new file mode 100644
index 0000000..c9eecc7
--- /dev/null
+++ b/src/lib/crypto/keyhash_provider/t_cksum.c
@@ -0,0 +1,136 @@
+/*
+ * lib/crypto/md5/t_cksum.c
+ *
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des
+ */
+
+#include "k5-int.h"
+
+#define MD5_K5BETA_COMPAT
+#define MD4_K5BETA_COMPAT
+
+#if	MD == 4
+extern struct krb5_keyhash_provider krb5_keyhash_md4des;
+#define khp krb5_keyhash_md4des
+#endif
+
+#if	MD == 5
+extern struct krb5_keyhash_provider krb5_keyhash_md5des;
+#define khp krb5_keyhash_md5des
+#endif
+
+static void
+print_checksum(text, number, message, checksum)
+     char	*text;
+     int	number;
+     char	*message;
+     krb5_data	*checksum;
+{
+  int i;
+
+  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+  for (i=0; i<checksum->length; i++)
+    printf("%02x", (unsigned char) checksum->data[i]);
+  printf("\n");
+}
+
+/*
+ * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
+ * checksums.
+ */
+
+krb5_octet testkey[8] = { 0x45, 0x01, 0x49, 0x61, 0x58, 0x19, 0x1a, 0x3d };
+
+int
+main(argc, argv)
+     int argc;
+     char **argv;
+{
+  int 			msgindex;
+  krb5_boolean		valid;
+  size_t		length;
+  krb5_context		kcontext;
+  krb5_keyblock		keyblock;
+  krb5_error_code	kret;
+  krb5_data		plaintext, newstyle_checksum;
+
+  /* this is a terrible seed, but that's ok for the test. */
+
+  plaintext.length = 8;
+  plaintext.data = testkey;
+
+  krb5_c_random_seed(/* XXX */ 0, &plaintext);
+
+  keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+  keyblock.length = sizeof(testkey);
+  keyblock.contents = testkey;
+
+  (*(khp.hash_size))(&length);
+
+  newstyle_checksum.length = length;
+
+  if (!(newstyle_checksum.data = (krb5_octet *)
+	malloc(newstyle_checksum.length))) {
+    printf("cannot get memory for new style checksum\n");
+    return(ENOMEM);
+  }
+  for (msgindex = 1; msgindex < argc; msgindex++) {
+    plaintext.length = strlen(argv[msgindex]);
+    plaintext.data = argv[msgindex];
+
+    if ((kret = (*(khp.hash))(&keyblock, 0, &plaintext, &newstyle_checksum))) {
+      printf("krb5_calculate_checksum choked with %d\n", kret);
+      break;
+    }
+    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
+
+    if ((kret = (*(khp.verify))(&keyblock, 0, &plaintext, &newstyle_checksum,
+				&valid))) {
+      printf("verify on new checksum choked with %d\n", kret);
+      break;
+    }
+    if (!valid) {
+      printf("verify on new checksum failed\n");
+      break;
+    }
+    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+
+    newstyle_checksum.data[0]++;
+    if ((kret = (*(khp.verify))(&keyblock, 0, &plaintext, &newstyle_checksum,
+				&valid))) {
+      printf("verify on new checksum choked with %d\n", kret);
+      break;
+    }
+    if (valid) {
+      printf("verify on new checksum succeeded, but shouldn't have\n");
+      break;
+    }
+    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+    kret = 0;
+  }
+  if (!kret)
+    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+  return(kret);
+}
diff --git a/src/lib/crypto/md4/Makefile.in b/src/lib/crypto/md4/Makefile.in
index 9151a27..be6baeb 100644
--- a/src/lib/crypto/md4/Makefile.in
+++ b/src/lib/crypto/md4/Makefile.in
@@ -26,4 +26,27 @@ includes:: depend
 
 depend:: $(SRCS)
 
+t_mddriver.c: $(srcdir)/../md5/t_mddriver.c
+	$(CP) $(srcdir)/../md5/t_mddriver.c t_mddriver.c
+
+t_mddriver.o: t_mddriver.c
+	$(CC) -DMD=4 $(CFLAGS) -c  t_mddriver.c
+
+t_mddriver: t_mddriver.o md4.o
+	$(CC) $(CFLAGS) -o t_mddriver t_mddriver.o md4.o
+
+t_mddriver.exe:
+	$(CP) $(srcdir)\..\md5\t_mddriver.c t_mddriver.c
+	$(CC) -DMD=4 $(CFLAGS2) -o t_mddriver t_mddriver.c md4.c
+	$(RM) md4.obj
+
+check-unix:: t_mddriver
+	$(RUN_SETUP) $(C)t_mddriver -x
+
+check-windows:: t_mddriver$(EXEEXT)
+	$(C)t_mddriver$(EXEEXT) -x
+
+clean:: 
+	$(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT) t_mddriver.c
+
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/md5/Makefile.in b/src/lib/crypto/md5/Makefile.in
index d9a8930..219fa30 100644
--- a/src/lib/crypto/md5/Makefile.in
+++ b/src/lib/crypto/md5/Makefile.in
@@ -26,4 +26,19 @@ includes:: depend
 
 depend:: $(SRCS)
 
+t_mddriver: t_mddriver.o md5.o
+	$(CC) $(CFLAGS) $(LDFLAGS) -o t_mddriver t_mddriver.o md5.o
+
+t_mddriver.exe:
+	$(CC) $(CFLAGS2) -o t_mddriver.exe t_mddriver.c md5.c
+
+check-unix:: t_mddriver
+	$(RUN_SETUP) $(C)t_mddriver -x
+
+check-windows:: t_mddriver$(EXEEXT)
+	$(C)t_mddriver$(EXEEXT) -x
+
+clean:: 
+	$(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT)
+
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c
deleted file mode 100644
index 5bc6370..0000000
--- a/src/lib/crypto/md5/t_cksum.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * lib/crypto/md5/t_cksum.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des
- */
-
-#ifndef	MD
-#define	MD	5
-#endif	/* MD */
-
-#include "k5-int.h"
-#if	MD == 4
-#include "rsa-md4.h"
-#endif	/* MD == 4 */
-#if	MD == 5
-#include "rsa-md5.h"
-#endif	/* MD == 5 */
-#include "des_int.h"
-
-#define MD5_K5BETA_COMPAT
-#define MD4_K5BETA_COMPAT
-
-#if	MD == 4
-#define	CONFOUNDER_LENGTH	RSA_MD4_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD4_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD4_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD4_DES
-#ifdef	MD4_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD4_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD4_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md4_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md4_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md4_crypto_verify_func
-#endif	/* MD == 4 */
-
-#if	MD == 5
-#define	CONFOUNDER_LENGTH	RSA_MD5_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD5_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD5_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD5_DES
-#ifdef	MD5_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD5_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD5_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md5_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md5_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md5_crypto_verify_func
-#endif	/* MD == 5 */
-
-static void
-print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_checksum	*checksum;
-{
-  int i;
-
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", checksum->contents[i]);
-  printf("\n");
-}
-
-/*
- * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
- * checksums.
- */
-int
-main(argc, argv)
-     int argc;
-     char **argv;
-{
-  int 			msgindex;
-  krb5_context		kcontext;
-  krb5_encrypt_block	encblock;
-  krb5_keyblock		keyblock;
-  krb5_error_code	kret;
-  krb5_checksum		oldstyle_checksum;
-  krb5_checksum		newstyle_checksum;
-  krb5_data		pwdata;
-  char			*pwd;
-
-  pwd = "test password";
-  pwdata.length = strlen(pwd);
-  pwdata.data = pwd;
-  krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
-  if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
-    printf("mit_des_string_to_key choked with %d\n", kret);
-    return(kret);
-  }
-  if ((kret = mit_des_process_key(&encblock, &keyblock))) {
-    printf("mit_des_process_key choked with %d\n", kret);
-    return(kret);
-  }
-
-  oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
-  if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for old style checksum\n");
-    return(ENOMEM);
-  }
-  newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
-  if (!(newstyle_checksum.contents = (krb5_octet *)
-	malloc(NEW_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
-    if ((kret = CKSUM_FUNCTION(argv[msgindex],
-			       strlen(argv[msgindex]),
-			       (krb5_pointer) keyblock.contents,
-			       keyblock.length,
-			       &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-#ifdef	K5BETA_COMPAT
-    if ((kret = COMPAT_FUNCTION(argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length,
-				&oldstyle_checksum))) {
-      printf("old style calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
-#endif	/* K5BETA_COMPAT */
-    if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on old checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Compatible checksum verify succeeded for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    newstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on new checksum should have choked\n");
-      break;
-    }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    oldstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on old checksum should have choked\n");
-      break;
-    }
-    printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    kret = 0;
-  }
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
-  return(kret);
-}
diff --git a/src/lib/crypto/md5/t_mddriver.c b/src/lib/crypto/md5/t_mddriver.c
new file mode 100644
index 0000000..407e586
--- /dev/null
+++ b/src/lib/crypto/md5/t_mddriver.c
@@ -0,0 +1,323 @@
+/* MDDRIVER.C - test driver for MD2, MD4 and MD5
+ */
+
+/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+rights reserved.
+
+RSA Data Security, Inc. makes no representations concerning either
+the merchantability of this software or the suitability of this
+software for any particular purpose. It is provided "as is"
+without express or implied warranty of any kind.
+
+These notices must be retained in any copies of any part of this
+documentation and/or software.
+ */
+
+/* The following makes MD default to MD5 if it has not already been
+  defined with C compiler flags.
+ */
+#ifndef MD
+#define MD 5
+#endif
+
+#include "k5-int.h"
+
+#if MD == 2
+#include "md2.h"
+#endif
+#if MD == 4
+#include "rsa-md4.h"
+#endif
+#if MD == 5
+#include "rsa-md5.h"
+#endif
+
+/* Length of test block, number of test blocks.
+ */
+#define TEST_BLOCK_LEN 1000
+#define TEST_BLOCK_COUNT 1000
+
+static void MDString PROTOTYPE ((char *));
+static void MDTimeTrial PROTOTYPE ((void));
+static void MDTestSuite PROTOTYPE ((void));
+static void MDFile PROTOTYPE ((char *));
+static void MDFilter PROTOTYPE ((void));
+static void MDPrint PROTOTYPE ((unsigned char [16]));
+
+struct md_test_entry {
+    char *string;
+    unsigned char digest[16];
+};
+
+#if MD == 2
+#define MD_CTX krb5_MD2_CTX
+#define MDInit krb5_MD2Init
+#define MDUpdate krb5_MD2Update
+#define MDFinal krb5_MD2Final
+#endif
+
+#if MD == 4
+#define MD_CTX krb5_MD4_CTX
+#define MDInit krb5_MD4Init
+#define MDUpdate krb5_MD4Update
+#define MDFinal krb5_MD4Final
+
+#define HAVE_TEST_SUITE
+/* Test suite from RFC 1320 */
+
+struct md_test_entry md_test_suite[] = {
+    { "",
+	  0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+	  0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 },
+    { "a",
+	  0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+	  0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 },
+    { "abc",
+	  0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+	  0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d },
+    { "message digest",
+	  0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+	  0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b },
+    { "abcdefghijklmnopqrstuvwxyz",
+	  0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+	  0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+	  0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+	  0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 },
+    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	  0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+	  0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 },
+    { 0, 0 }
+};
+
+#endif
+
+#if MD == 5
+#define MD_CTX krb5_MD5_CTX
+#define MDInit krb5_MD5Init
+#define MDUpdate krb5_MD5Update
+#define MDFinal krb5_MD5Final
+
+#define HAVE_TEST_SUITE
+/* Test suite from RFC 1321 */
+
+struct md_test_entry md_test_suite[] = {
+    { "",
+	  0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+	  0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e },
+    { "a",
+	  0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
+	  0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 },
+    { "abc",
+	  0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
+	  0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 },
+    { "message digest",
+	  0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
+	  0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 },
+    { "abcdefghijklmnopqrstuvwxyz",
+	  0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
+	  0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 
+	  0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
+	  0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f },
+    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	  0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
+	  0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a },
+    { 0, 0 }
+};
+	
+#endif
+
+/* Main driver.
+
+Arguments (may be any combination):
+  -sstring - digests string
+  -t       - runs time trial
+  -x       - runs test script
+  filename - digests file
+  (none)   - digests standard input
+ */
+int main (argc, argv)
+int argc;
+char *argv[];
+{
+  int i;
+
+  if (argc > 1)
+ for (i = 1; i < argc; i++)
+   if (argv[i][0] == '-' && argv[i][1] == 's')
+     MDString (argv[i] + 2);
+   else if (strcmp (argv[i], "-t") == 0)
+     MDTimeTrial ();
+   else if (strcmp (argv[i], "-x") == 0)
+     MDTestSuite ();
+   else
+     MDFile (argv[i]);
+  else
+ MDFilter ();
+
+  return (0);
+}
+
+/* Digests a string and prints the result.
+ */
+static void MDString (string)
+char *string;
+{
+  MD_CTX context;
+  unsigned int len = strlen (string);
+
+  MDInit (&context);
+  MDUpdate (&context, (unsigned char *) string, len);
+  MDFinal (&context);
+
+  printf ("MD%d (\"%s\") = ", MD, string);
+  MDPrint (context.digest);
+  printf ("\n");
+}
+
+/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
+  blocks.
+ */
+static void MDTimeTrial ()
+{
+  MD_CTX context;
+  time_t endTime, startTime;
+  unsigned char block[TEST_BLOCK_LEN];
+  unsigned int i;
+  
+  printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
+  TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
+
+  /* Initialize block */
+  for (i = 0; i < TEST_BLOCK_LEN; i++)
+ block[i] = (unsigned char)(i & 0xff);
+
+  /* Start timer */
+  time (&startTime);
+
+  /* Digest blocks */
+  MDInit (&context);
+  for (i = 0; i < TEST_BLOCK_COUNT; i++)
+      MDUpdate (&context, block, TEST_BLOCK_LEN);
+  MDFinal (&context);
+
+  /* Stop timer */
+  time (&endTime);
+
+  printf (" done\n");
+  printf ("Digest = ");
+  MDPrint (context.digest);
+  printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
+  printf
+ ("Speed = %ld bytes/second\n",
+  (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
+}
+
+/* Digests a reference suite of strings and prints the results.
+ */
+static void MDTestSuite ()
+{
+#ifdef HAVE_TEST_SUITE
+    MD_CTX context;
+    struct md_test_entry *entry;
+    int	i, num_tests = 0, num_failed = 0;
+    
+    printf ("MD%d test suite:\n\n", MD);
+    for (entry = md_test_suite; entry->string; entry++) {
+	unsigned int len = strlen (entry->string);
+
+	MDInit (&context);
+	MDUpdate (&context, (unsigned char *) entry->string, len);
+	MDFinal (&context);
+
+	printf ("MD%d (\"%s\") = ", MD, entry->string);
+	MDPrint (context.digest);
+	printf ("\n");
+	for (i=0; i < 16; i++) {
+	    if (context.digest[i] != entry->digest[i]) {
+		printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ",
+		       MD);
+		MDPrint(entry->digest);
+		printf("\n");
+		num_failed++;
+	    }
+	}
+	num_tests++;
+    }
+    if (num_failed) {
+	printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
+	       num_tests, MD);
+	exit(1);
+    } else {
+	printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
+	exit(0);
+    }
+#else
+  
+    printf ("MD%d test suite:\n", MD);
+    MDString ("");
+    MDString ("a");
+    MDString ("abc");
+    MDString ("message digest");
+    MDString ("abcdefghijklmnopqrstuvwxyz");
+    MDString
+	("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+    MDString
+	("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+#endif
+}
+
+/* Digests a file and prints the result. */
+
+static void MDFile (filename)
+    char *filename;
+{
+    FILE *file;
+    MD_CTX context;
+    int len;
+    unsigned char buffer[1024];
+
+    if ((file = fopen (filename, "rb")) == NULL)
+	printf ("%s can't be opened\n", filename);
+    else {
+	MDInit (&context);
+	while (len = fread (buffer, 1, 1024, file))
+	    MDUpdate (&context, buffer, len);
+	MDFinal (&context);
+
+	fclose (file);
+
+	printf ("MD%d (%s) = ", MD, filename);
+	MDPrint (context.digest);
+	printf ("\n");
+    }
+}
+
+/* Digests the standard input and prints the result.
+ */
+static void MDFilter ()
+{
+  MD_CTX context;
+  int len;
+  unsigned char buffer[16];
+
+  MDInit (&context);
+  while (len = fread (buffer, 1, 16, stdin))
+ MDUpdate (&context, buffer, len);
+  MDFinal (&context);
+
+  MDPrint (context.digest);
+  printf ("\n");
+}
+
+/* Prints a message digest in hexadecimal.
+ */
+static void MDPrint (digest)
+unsigned char digest[16];
+{
+  unsigned int i;
+
+  for (i = 0; i < 16; i++)
+ printf ("%02x", digest[i]);
+}
diff --git a/src/lib/crypto/sha1/Makefile.in b/src/lib/crypto/sha1/Makefile.in
index 2716e29..abc4793 100644
--- a/src/lib/crypto/sha1/Makefile.in
+++ b/src/lib/crypto/sha1/Makefile.in
@@ -26,4 +26,19 @@ includes:: depend
 
 depend:: $(SRCS)
 
+t_shs: t_shs.o shs.o
+	$(CC) $(CFLAGS) $(LDFLAGS) -o t_shs t_shs.o shs.o
+
+t_shs.exe:
+	$(CC) $(CFLAGS2) -o t_shs.exe t_shs.c shs.c
+
+check-unix:: t_shs
+	$(C)t_shs -x
+
+check-windows:: t_shs$(EXEEXT)
+	$(C)t_shs$(EXEEXT) -x
+
+clean:: 
+	$(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT)
+
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/sha1/t_shs.c b/src/lib/crypto/sha1/t_shs.c
new file mode 100644
index 0000000..da55992
--- /dev/null
+++ b/src/lib/crypto/sha1/t_shs.c
@@ -0,0 +1,132 @@
+/****************************************************************************
+*                                                                           *
+*                               SHS Test Code                               *
+*                                                                           *
+****************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "shs.h"
+
+/* Test the SHS implementation */
+
+#ifdef NEW_SHS
+
+static LONG shsTestResults[][ 5 ] = {
+    { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, },
+    { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, },
+    { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, }
+    };
+
+#else
+
+static LONG shsTestResults[][ 5 ] = {
+    { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L },
+    { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L },
+    { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L }
+    };
+#endif /* NEW_SHS */
+
+static int compareSHSresults(shsInfo, shsTestLevel)
+SHS_INFO *shsInfo;
+int shsTestLevel;
+{
+    int i, fail = 0;
+
+    /* Compare the returned digest and required values */
+    for( i = 0; i < 5; i++ )
+        if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] )
+	    fail = 1;
+    if (fail) {
+	printf("\nExpected: ");
+	for (i = 0; i < 5; i++) {
+	    printf("%8.8lx ", shsTestResults[shsTestLevel][i]);
+	}
+	printf("\nGot:      ");
+	for (i = 0; i < 5; i++) {
+	    printf("%8.8lx ", shsInfo->digest[i]);
+	}
+	printf("\n");
+	return( -1 );
+    }
+    return( 0 );
+}
+
+main()
+{
+    SHS_INFO shsInfo;
+    unsigned int i;
+    time_t secondCount;
+    BYTE data[ 200 ];
+
+    /* Make sure we've got the endianness set right.  If the machine is
+       big-endian (up to 64 bits) the following value will be signed,
+       otherwise it will be unsigned.  Unfortunately we can't test for odd
+       things like middle-endianness without knowing the size of the data
+       types */
+
+    /* Test SHS against values given in SHS standards document */
+    printf( "Running SHS test 1 ... " );
+    shsInit( &shsInfo );
+    shsUpdate( &shsInfo, ( BYTE * ) "abc", 3 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 0 ) == -1 )
+        {
+        putchar( '\n' );
+        puts( "SHS test 1 failed" );
+        exit( -1 );
+        }
+#ifdef NEW_SHS
+    puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" );
+#else
+    puts( "passed, result= 0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880" );
+#endif /* NEW_SHS */
+
+    printf( "Running SHS test 2 ... " );
+    shsInit( &shsInfo );
+    shsUpdate( &shsInfo, ( BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 1 ) == -1 )
+        {
+        putchar( '\n' );
+        puts( "SHS test 2 failed" );
+        exit( -1 );
+        }
+#ifdef NEW_SHS
+    puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" );
+#else
+    puts( "passed, result= D2516EE1ACFA5BAF33DFC1C471E438449EF134C8" );
+#endif /* NEW_SHS */
+
+    printf( "Running SHS test 3 ... " );
+    shsInit( &shsInfo );
+    for( i = 0; i < 15625; i++ )
+        shsUpdate( &shsInfo, ( BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 2 ) == -1 )
+        {
+        putchar( '\n' );
+        puts( "SHS test 3 failed" );
+        exit( -1 );
+        }
+#ifdef NEW_SHS
+    puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" );
+#else
+    puts( "passed, result= 3232AFFA48628A26653B5AAA44541FD90D690603" );
+#endif /* NEW_SHS */
+
+#if 0
+    printf( "\nTesting speed for 100MB data... " );
+    shsInit( &shsInfo );
+    secondCount = time( NULL );
+    for( i = 0; i < 500000U; i++ )
+        shsUpdate( &shsInfo, data, 200 );
+    secondCount = time( NULL ) - secondCount;
+    printf( "done.  Time = %ld seconds, %ld kbytes/second.\n", \
+            secondCount, 100500L / secondCount );
+#endif
+
+    puts( "\nAll SHS tests passed" );
+    exit( 0 );
+}
diff --git a/src/lib/crypto/t_nfold.c b/src/lib/crypto/t_nfold.c
new file mode 100644
index 0000000..2693318
--- /dev/null
+++ b/src/lib/crypto/t_nfold.c
@@ -0,0 +1,76 @@
+/*
+ * lib/crypto/t_nfold.c
+ *
+ * Copyright 1988, 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * Program to test the correctness of nfold implementation.
+ *
+ * exit returns	 0 ==> success
+ * 		-1 ==> error
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "k5-int.h"
+
+unsigned char *nfold_in[] = {
+    "basch",
+    "eichin",
+    "sommerfeld",
+    "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" };
+
+unsigned char nfold_192[4][24] = {
+    { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d,
+      0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f },
+    { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43,
+      0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca },
+    { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11,
+      0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c },
+    { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08,
+      0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b }
+};
+
+int
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+    unsigned char cipher_text[64];
+    int i, j;
+
+    printf("N-fold\n");
+    for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
+	printf("\tInput:\t\"%.*s\"\n", strlen(nfold_in[i]), nfold_in[i]);
+	printf("\t192-Fold:\t");
+	krb5_nfold(strlen(nfold_in[i])*8, nfold_in[i], 24*8, cipher_text);
+	for (j=0; j<24; j++)
+	    printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+	printf("\n");
+	if (memcmp(cipher_text, nfold_192[i], 24)) {
+	    printf("verify: error in n-fold\n");
+	    exit(-1);
+	};
+    }
+    printf("verify: N-fold is correct\n\n");
+
+    exit(0);
+}