Minimal Khazad (Wikipedia) encryption.
For most applications, it makes more sense to use AES, since it is a well-known standard. Khazad might be useful for small embedded applications where a smaller encryption block size is desireable, e.g. for encrypting small radio messages.
This aims to be suitable for small embedded systems with limited RAM and ROM.
It includes optional on-the-fly key schedule calculation, for minimal RAM usage if required in a very RAM-constrained application. For systems with sufficient RAM, there is also encryption and decryption with a pre-calculated key schedule.
Normally the S-box implementation is by a simple 256-byte table look-up. An optional smaller S-box implementation is included for a very ROM-constrained application, where a 256-byte look-up table might be too big. This would only be expected to be necessary for especially tiny target applications, e.g. an automotive keyless entry remote.
Test programs are included, which test the S-box implementation and encrypt and decrypt operations.
Encryption and decryption are tested against the official test vectors. The test vectors were parsed and converted to C data structures using a Python program.
When using autotools, run the tests via:
make check
Most of the test vectors can be checked quickly, however the last set of vectors, set 4, involve 108 iterations of key schedule and encryption, so take some time to run. So the set 4 vectors are skipped by default. To run these tests, define the macro ENABLE_LONG_TEST in khazad-vectors-test.c. If using autotools, add the --enable-long-test configure option:
./configure --enable-long-test
This code is released under the MIT license. See LICENSE.txt for details.