Skip to content
Collection of block cipher algorithms written in pure Rust
Rust Shell
Branch: master
Clone or download
Latest commit e385f1e Aug 1, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
aes bump versions Dec 23, 2018
block-modes Fix a typo (#50) Aug 1, 2019
cast5 bump cast5 to v0.6.0 Mar 11, 2019
des Update crates to block-cipher-trait-v0.6 (#41) Dec 23, 2018
kuznyechik bump versions Dec 23, 2018
magma remove unnecessary import Dec 23, 2018
rc2 Update crates to block-cipher-trait-v0.6 (#41) Dec 23, 2018
twofish Update crates to block-cipher-trait-v0.6 (#41) Dec 23, 2018
.gitignore AES updates (#21) Jul 27, 2018
.travis.yml fix CI Jul 9, 2019
Cargo.toml feat: implement CAST5 based on RFC 2144 (#36) Mar 11, 2019 Fix a typo (#50) Aug 1, 2019 fix no_std tests Dec 27, 2018
rustfmt.toml rustfmt formatting Mar 14, 2018 fix aes tests script and aesni version Jul 27, 2018

RustCrypto: block ciphers

Build Status dependency status

Collection of block ciphers and block modes written in pure Rust.


Currently only AES crates provide constant-time implementations. If you do not really know what you are doing it's generally recommended not to use other cipher implementations in this repository.

Additionally crates in this repository have not yet received any formal cryptographic and security reviews.


Supported algorithms

Name Alt name Crate name Docs
AES Rijndael aes




Blowfish blowfish Documentation
DES + 3DES DEA + 3DEA des Documentation
Kuznyechik GOST R 34.12-2015 kuznyechik Documentation
Magma GOST 28147-89 and GOST R 34.12-2015 magma Documentation
RC2 ARC2 rc2 Documentation
Twofish twofish Documentation

Additional crates

Crate name Docs
block-modes Documentation

Minimum Supported Rust Version

All crates in this repository support Rust 1.22 or higher. (except aesni and aes crates, which require Rust 1.27) In future minimum supported Rust version can be changed, but it will be done with the minor version bump.


Block cipher crates provide only bare block cipher implementations. For most applications you will need to use some block cipher mode of operation which are generically implemented in the block-modes crate.

Some block modes (CTR, CFB, OFV) transform block ciphers into stream ciphers.Such modes are published under separate crates in the RustCrypto/stream-ciphers repository.

Lets use AES128-CBC with PKCS7 padding to show an example:

#[macro_use] extern crate hex_literal;
extern crate aes_soft as aes;
extern crate block_modes;

use block_modes::{BlockMode, Cbc};
use block_modes::block_padding::Pkcs7;
use aes::Aes128;

// create an alias for convenience
type Aes128Cbc = Cbc<Aes128, Pkcs7>;

let key = hex!("000102030405060708090a0b0c0d0e0f");
let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
let plaintext = b"Hello world!";
let cipher = Aes128Cbc::new_var(&key, &iv).unwrap();

// buffer must have enough space for message+padding
let mut buffer = [0u8; 32];
// copy message to the buffer
let pos = plaintext.len();
let ciphertext = cipher.encrypt(&mut buffer, pos).unwrap();

assert_eq!(ciphertext, hex!("1b7a4c403124ae2fb52bedc534d82fa8"));

// re-create cipher mode instance and decrypt the message
let cipher = Aes128Cbc::new_var(&key, &iv).unwrap();
let mut buf = ciphertext.to_vec();
let decrypted_ciphertext = cipher.decrypt(&mut buf).unwrap();

assert_eq!(decrypted_ciphertext, plaintext);

With an enabled std feature (which is enabled by default) you can use encrypt_vec and descrypt_vec methods:

let cipher = Aes128Cbc::new_var(&key, &iv).unwrap();
let ciphertext = cipher.encrypt_vec(plaintext);

assert_eq!(ciphertext, hex!("1b7a4c403124ae2fb52bedc534d82fa8"));

let cipher = Aes128Cbc::new_var(&key, &iv).unwrap();
let decrypted_ciphertext = cipher.decrypt_vec(&ciphertext).unwrap();

assert_eq!(decrypted_ciphertext, plaintext);

Note that this example does not use any authentification which can lead to serious vulnarabilities! For Message Authentication Code implementations take a look at RustCrypto/MACs repository.


All crates licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

You can’t perform that action at this time.