From d8fdeb908ce44b27ee27e90f65ed564c2a29670f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2?= <newpavlov@gmail.com>
Date: Thu, 10 Feb 2022 14:58:56 +0300
Subject: [PATCH] Migrate block mode crates

---
 .github/dependabot.yml               |   7 +
 .github/workflows/cbc.yaml           |  55 +++++++
 .github/workflows/cfb-mode.yaml      |  55 +++++++
 .github/workflows/cfb8.yaml          |  55 +++++++
 .github/workflows/ctr.yaml           |  55 +++++++
 .github/workflows/ige.yaml           |  55 +++++++
 .github/workflows/ofb.yaml           |  55 +++++++
 .github/workflows/pcbc.yaml          |  55 +++++++
 .github/workflows/security-audit.yml |  24 +++
 .github/workflows/workspace.yml      |  53 +++++++
 Cargo.lock                           | 198 ++++++++++++++++++++++++
 Cargo.toml                           |  10 ++
 README.md                            |  81 ++++++++++
 cbc/CHANGELOG.md                     |  11 ++
 cbc/Cargo.toml                       |  30 ++++
 cbc/LICENSE-APACHE                   | 201 ++++++++++++++++++++++++
 cbc/LICENSE-MIT                      |  26 ++++
 cbc/README.md                        |  60 ++++++++
 cbc/benches/aes128.rs                |  16 ++
 cbc/src/decrypt.rs                   | 191 +++++++++++++++++++++++
 cbc/src/encrypt.rs                   | 179 ++++++++++++++++++++++
 cbc/src/lib.rs                       |  85 +++++++++++
 cbc/tests/aes.rs                     |  25 +++
 cbc/tests/data/aes128.blb            | Bin 0 -> 3579 bytes
 cbc/tests/data/aes192.blb            | Bin 0 -> 4429 bytes
 cbc/tests/data/aes256.blb            | Bin 0 -> 4589 bytes
 cfb-mode/CHANGELOG.md                |  58 +++++++
 cfb-mode/Cargo.toml                  |  29 ++++
 cfb-mode/LICENSE-APACHE              | 201 ++++++++++++++++++++++++
 cfb-mode/LICENSE-MIT                 |  26 ++++
 cfb-mode/README.md                   |  60 ++++++++
 cfb-mode/benches/aes128.rs           |  16 ++
 cfb-mode/src/decrypt.rs              | 195 ++++++++++++++++++++++++
 cfb-mode/src/encrypt.rs              | 181 ++++++++++++++++++++++
 cfb-mode/src/lib.rs                  |  68 +++++++++
 cfb-mode/tests/aes.rs                |  55 +++++++
 cfb-mode/tests/data/aes128.blb       | Bin 0 -> 4269 bytes
 cfb-mode/tests/data/aes192.blb       | Bin 0 -> 4429 bytes
 cfb-mode/tests/data/aes256.blb       | Bin 0 -> 4589 bytes
 cfb8/CHANGELOG.md                    |  56 +++++++
 cfb8/Cargo.toml                      |  29 ++++
 cfb8/LICENSE-APACHE                  | 201 ++++++++++++++++++++++++
 cfb8/LICENSE-MIT                     |  26 ++++
 cfb8/README.md                       |  60 ++++++++
 cfb8/benches/aes128.rs               |  16 ++
 cfb8/src/decrypt.rs                  | 183 ++++++++++++++++++++++
 cfb8/src/encrypt.rs                  | 183 ++++++++++++++++++++++
 cfb8/src/lib.rs                      |  68 +++++++++
 cfb8/tests/aes.rs                    |  55 +++++++
 cfb8/tests/data/aes128.blb           | Bin 0 -> 941 bytes
 cfb8/tests/data/aes192.blb           | Bin 0 -> 1101 bytes
 cfb8/tests/data/aes256.blb           | Bin 0 -> 1261 bytes
 ctr/CHANGELOG.md                     |  67 ++++++++
 ctr/Cargo.toml                       |  31 ++++
 ctr/LICENSE-APACHE                   | 201 ++++++++++++++++++++++++
 ctr/LICENSE-MIT                      |  26 ++++
 ctr/README.md                        |  59 ++++++++
 ctr/benches/aes128.rs                |  26 ++++
 ctr/src/backend.rs                   |  83 ++++++++++
 ctr/src/ctr_core.rs                  | 143 ++++++++++++++++++
 ctr/src/flavors.rs                   |  44 ++++++
 ctr/src/flavors/ctr128.rs            | 158 +++++++++++++++++++
 ctr/src/flavors/ctr32.rs             | 158 +++++++++++++++++++
 ctr/src/flavors/ctr64.rs             | 158 +++++++++++++++++++
 ctr/src/lib.rs                       |  91 +++++++++++
 ctr/tests/ctr128/data/aes128-ctr.blb | Bin 0 -> 2039 bytes
 ctr/tests/ctr128/data/aes256-ctr.blb | Bin 0 -> 2055 bytes
 ctr/tests/ctr128/mod.rs              |  12 ++
 ctr/tests/ctr32/be.rs                |  86 +++++++++++
 ctr/tests/ctr32/le.rs                |  96 ++++++++++++
 ctr/tests/ctr32/mod.rs               |   9 ++
 ctr/tests/gost/mod.rs                |  55 +++++++
 ctr/tests/mod.rs                     |   5 +
 ige/CHANGELOG.md                     |  11 ++
 ige/Cargo.toml                       |  30 ++++
 ige/LICENSE-APACHE                   | 201 ++++++++++++++++++++++++
 ige/LICENSE-MIT                      |  26 ++++
 ige/README.md                        |  60 ++++++++
 ige/benches/aes128.rs                |  16 ++
 ige/src/decrypt.rs                   | 218 +++++++++++++++++++++++++++
 ige/src/encrypt.rs                   | 218 +++++++++++++++++++++++++++
 ige/src/lib.rs                       |  92 +++++++++++
 ige/tests/aes.rs                     |  12 ++
 ige/tests/data/aes128.blb            | Bin 0 -> 233 bytes
 ofb/CHANGELOG.md                     |  52 +++++++
 ofb/Cargo.toml                       |  29 ++++
 ofb/LICENSE-APACHE                   | 201 ++++++++++++++++++++++++
 ofb/LICENSE-MIT                      |  26 ++++
 ofb/README.md                        |  60 ++++++++
 ofb/benches/aes128.rs                |  24 +++
 ofb/src/backend.rs                   | 114 ++++++++++++++
 ofb/src/lib.rs                       | 207 +++++++++++++++++++++++++
 ofb/tests/aes.rs                     |  34 +++++
 ofb/tests/data/aes128.blb            | Bin 0 -> 4269 bytes
 ofb/tests/data/aes192.blb            | Bin 0 -> 4429 bytes
 ofb/tests/data/aes256.blb            | Bin 0 -> 4589 bytes
 pcbc/CHANGELOG.md                    |  11 ++
 pcbc/Cargo.toml                      |  30 ++++
 pcbc/LICENSE-APACHE                  | 201 ++++++++++++++++++++++++
 pcbc/LICENSE-MIT                     |  26 ++++
 pcbc/README.md                       |  60 ++++++++
 pcbc/benches/aes128.rs               |  16 ++
 pcbc/src/decrypt.rs                  | 181 ++++++++++++++++++++++
 pcbc/src/encrypt.rs                  | 181 ++++++++++++++++++++++
 pcbc/src/lib.rs                      |  85 +++++++++++
 pcbc/tests/aes.rs                    |  12 ++
 pcbc/tests/data/aes128.blb           | Bin 0 -> 167 bytes
 107 files changed, 7290 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/cbc.yaml
 create mode 100644 .github/workflows/cfb-mode.yaml
 create mode 100644 .github/workflows/cfb8.yaml
 create mode 100644 .github/workflows/ctr.yaml
 create mode 100644 .github/workflows/ige.yaml
 create mode 100644 .github/workflows/ofb.yaml
 create mode 100644 .github/workflows/pcbc.yaml
 create mode 100644 .github/workflows/security-audit.yml
 create mode 100644 .github/workflows/workspace.yml
 create mode 100644 Cargo.lock
 create mode 100644 Cargo.toml
 create mode 100644 README.md
 create mode 100644 cbc/CHANGELOG.md
 create mode 100644 cbc/Cargo.toml
 create mode 100644 cbc/LICENSE-APACHE
 create mode 100644 cbc/LICENSE-MIT
 create mode 100644 cbc/README.md
 create mode 100644 cbc/benches/aes128.rs
 create mode 100644 cbc/src/decrypt.rs
 create mode 100644 cbc/src/encrypt.rs
 create mode 100644 cbc/src/lib.rs
 create mode 100644 cbc/tests/aes.rs
 create mode 100644 cbc/tests/data/aes128.blb
 create mode 100644 cbc/tests/data/aes192.blb
 create mode 100644 cbc/tests/data/aes256.blb
 create mode 100644 cfb-mode/CHANGELOG.md
 create mode 100644 cfb-mode/Cargo.toml
 create mode 100644 cfb-mode/LICENSE-APACHE
 create mode 100644 cfb-mode/LICENSE-MIT
 create mode 100644 cfb-mode/README.md
 create mode 100644 cfb-mode/benches/aes128.rs
 create mode 100644 cfb-mode/src/decrypt.rs
 create mode 100644 cfb-mode/src/encrypt.rs
 create mode 100644 cfb-mode/src/lib.rs
 create mode 100644 cfb-mode/tests/aes.rs
 create mode 100644 cfb-mode/tests/data/aes128.blb
 create mode 100644 cfb-mode/tests/data/aes192.blb
 create mode 100644 cfb-mode/tests/data/aes256.blb
 create mode 100644 cfb8/CHANGELOG.md
 create mode 100644 cfb8/Cargo.toml
 create mode 100644 cfb8/LICENSE-APACHE
 create mode 100644 cfb8/LICENSE-MIT
 create mode 100644 cfb8/README.md
 create mode 100644 cfb8/benches/aes128.rs
 create mode 100644 cfb8/src/decrypt.rs
 create mode 100644 cfb8/src/encrypt.rs
 create mode 100644 cfb8/src/lib.rs
 create mode 100644 cfb8/tests/aes.rs
 create mode 100644 cfb8/tests/data/aes128.blb
 create mode 100644 cfb8/tests/data/aes192.blb
 create mode 100644 cfb8/tests/data/aes256.blb
 create mode 100644 ctr/CHANGELOG.md
 create mode 100644 ctr/Cargo.toml
 create mode 100644 ctr/LICENSE-APACHE
 create mode 100644 ctr/LICENSE-MIT
 create mode 100644 ctr/README.md
 create mode 100644 ctr/benches/aes128.rs
 create mode 100644 ctr/src/backend.rs
 create mode 100644 ctr/src/ctr_core.rs
 create mode 100644 ctr/src/flavors.rs
 create mode 100644 ctr/src/flavors/ctr128.rs
 create mode 100644 ctr/src/flavors/ctr32.rs
 create mode 100644 ctr/src/flavors/ctr64.rs
 create mode 100644 ctr/src/lib.rs
 create mode 100644 ctr/tests/ctr128/data/aes128-ctr.blb
 create mode 100644 ctr/tests/ctr128/data/aes256-ctr.blb
 create mode 100644 ctr/tests/ctr128/mod.rs
 create mode 100644 ctr/tests/ctr32/be.rs
 create mode 100644 ctr/tests/ctr32/le.rs
 create mode 100644 ctr/tests/ctr32/mod.rs
 create mode 100644 ctr/tests/gost/mod.rs
 create mode 100644 ctr/tests/mod.rs
 create mode 100644 ige/CHANGELOG.md
 create mode 100644 ige/Cargo.toml
 create mode 100644 ige/LICENSE-APACHE
 create mode 100644 ige/LICENSE-MIT
 create mode 100644 ige/README.md
 create mode 100644 ige/benches/aes128.rs
 create mode 100644 ige/src/decrypt.rs
 create mode 100644 ige/src/encrypt.rs
 create mode 100644 ige/src/lib.rs
 create mode 100644 ige/tests/aes.rs
 create mode 100644 ige/tests/data/aes128.blb
 create mode 100644 ofb/CHANGELOG.md
 create mode 100644 ofb/Cargo.toml
 create mode 100644 ofb/LICENSE-APACHE
 create mode 100644 ofb/LICENSE-MIT
 create mode 100644 ofb/README.md
 create mode 100644 ofb/benches/aes128.rs
 create mode 100644 ofb/src/backend.rs
 create mode 100644 ofb/src/lib.rs
 create mode 100644 ofb/tests/aes.rs
 create mode 100644 ofb/tests/data/aes128.blb
 create mode 100644 ofb/tests/data/aes192.blb
 create mode 100644 ofb/tests/data/aes256.blb
 create mode 100644 pcbc/CHANGELOG.md
 create mode 100644 pcbc/Cargo.toml
 create mode 100644 pcbc/LICENSE-APACHE
 create mode 100644 pcbc/LICENSE-MIT
 create mode 100644 pcbc/README.md
 create mode 100644 pcbc/benches/aes128.rs
 create mode 100644 pcbc/src/decrypt.rs
 create mode 100644 pcbc/src/encrypt.rs
 create mode 100644 pcbc/src/lib.rs
 create mode 100644 pcbc/tests/aes.rs
 create mode 100644 pcbc/tests/data/aes128.blb

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..5cde165
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: cargo
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
diff --git a/.github/workflows/cbc.yaml b/.github/workflows/cbc.yaml
new file mode 100644
index 0000000..41a3fc4
--- /dev/null
+++ b/.github/workflows/cbc.yaml
@@ -0,0 +1,55 @@
+name: cbc
+
+on:
+  pull_request:
+    paths:
+      - "cbc/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: cbc
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/cfb-mode.yaml b/.github/workflows/cfb-mode.yaml
new file mode 100644
index 0000000..41880b5
--- /dev/null
+++ b/.github/workflows/cfb-mode.yaml
@@ -0,0 +1,55 @@
+name: cfb-mode
+
+on:
+  pull_request:
+    paths:
+      - "cfb-mode/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: cfb-mode
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/cfb8.yaml b/.github/workflows/cfb8.yaml
new file mode 100644
index 0000000..53ea01e
--- /dev/null
+++ b/.github/workflows/cfb8.yaml
@@ -0,0 +1,55 @@
+name: cfb8
+
+on:
+  pull_request:
+    paths:
+      - "cfb8/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: cfb8
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/ctr.yaml b/.github/workflows/ctr.yaml
new file mode 100644
index 0000000..4baac54
--- /dev/null
+++ b/.github/workflows/ctr.yaml
@@ -0,0 +1,55 @@
+name: ctr
+
+on:
+  pull_request:
+    paths:
+      - "ctr/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: ctr
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/ige.yaml b/.github/workflows/ige.yaml
new file mode 100644
index 0000000..6792c36
--- /dev/null
+++ b/.github/workflows/ige.yaml
@@ -0,0 +1,55 @@
+name: ige
+
+on:
+  pull_request:
+    paths:
+      - "ige/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: ige
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/ofb.yaml b/.github/workflows/ofb.yaml
new file mode 100644
index 0000000..a2b3e0e
--- /dev/null
+++ b/.github/workflows/ofb.yaml
@@ -0,0 +1,55 @@
+name: ofb
+
+on:
+  pull_request:
+    paths:
+      - "ofb/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: ofb
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/pcbc.yaml b/.github/workflows/pcbc.yaml
new file mode 100644
index 0000000..7f26013
--- /dev/null
+++ b/.github/workflows/pcbc.yaml
@@ -0,0 +1,55 @@
+name: pcbc
+
+on:
+  pull_request:
+    paths:
+      - "pcbc/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: pcbc
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+          profile: minimal
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.56.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        override: true
+        profile: minimal
+    - run: cargo test
+    - run: cargo test --all-features
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
new file mode 100644
index 0000000..0d82d54
--- /dev/null
+++ b/.github/workflows/security-audit.yml
@@ -0,0 +1,24 @@
+name: Security Audit
+on:
+  pull_request:
+    paths: Cargo.lock
+  push:
+    branches: master
+    paths: Cargo.lock
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  security_audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Cache cargo bin
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/bin
+          key: ${{ runner.os }}-cargo-audit-v0.12.0
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml
new file mode 100644
index 0000000..599f211
--- /dev/null
+++ b/.github/workflows/workspace.yml
@@ -0,0 +1,53 @@
+name: Workspace
+
+on:
+  pull_request:
+    paths-ignore:
+      - README.md
+  push:
+    branches: master
+    paths-ignore:
+      - README.md
+
+jobs:
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: 1.56.0 # MSRV
+        components: clippy
+        override: true
+        profile: minimal
+    - run: cargo clippy --all --all-features -- -D warnings
+
+  rustfmt:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v1
+
+      - name: Install stable toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt
+          override: true
+          profile: minimal
+      - name: Run cargo fmt
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
+
+  benches:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          profile: minimal
+          override: true
+      - run: cargo build --all --benches
diff --git a/Cargo.lock b/Cargo.lock
new file mode 100644
index 0000000..53ecea4
--- /dev/null
+++ b/Cargo.lock
@@ -0,0 +1,198 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "aes"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f6c3373fb58bb23c6ed0f191f915f0e9459c6929fc430c0d74b8237c521953a"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures",
+]
+
+[[package]]
+name = "blobby"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "847495c209977a90e8aad588b959d0ca9f5dc228096d29a6bd3defd53f35eaec"
+
+[[package]]
+name = "block-padding"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5808df4b2412175c4db3afb115c83d8d0cd26ca4f30a042026cddef8580e526a"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "cbc"
+version = "0.1.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "cfb-mode"
+version = "0.8.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "cfb8"
+version = "0.8.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "cipher"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4f3e8c9be82c31c331bc9db0fd70a1068f8a288d980b2414dcaa25ab17ac1e0"
+dependencies = [
+ "blobby",
+ "crypto-common",
+ "inout",
+ "zeroize",
+]
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4600d695eb3f6ce1cd44e6e291adceb2cc3ab12f20a33777ecd0bf6eba34e06"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "ctr"
+version = "0.9.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+ "kuznyechik",
+ "magma",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "hex-literal"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0"
+
+[[package]]
+name = "ige"
+version = "0.1.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "inout"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1d8734d7f28aaff861d726dc3bc8003e2987d2fc26add21f5dab0c35d5c348a"
+dependencies = [
+ "block-padding",
+ "generic-array",
+]
+
+[[package]]
+name = "kuznyechik"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6b8a760d5bebee051e542981fd2a562a6e8265c3262bfec1fd0ee3a0ea37f65"
+dependencies = [
+ "cipher",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.117"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e74d72e0f9b65b5b4ca49a346af3976df0f9c61d550727f349ecd559f251a26c"
+
+[[package]]
+name = "magma"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6a003780e63ac83d9e21e3ee2ec69e9ca860b220ea97476bde316ad1a5bb071"
+dependencies = [
+ "cipher",
+]
+
+[[package]]
+name = "ofb"
+version = "0.6.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "pcbc"
+version = "0.1.0"
+dependencies = [
+ "aes",
+ "cipher",
+ "hex-literal",
+]
+
+[[package]]
+name = "typenum"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987"
+
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
+[[package]]
+name = "zeroize"
+version = "1.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c88870063c39ee00ec285a2f8d6a966e5b6fb2becc4e8dac77ed0d370ed6006"
diff --git a/Cargo.toml b/Cargo.toml
new file mode 100644
index 0000000..e82a512
--- /dev/null
+++ b/Cargo.toml
@@ -0,0 +1,10 @@
+[workspace]
+members = [
+    "cbc",
+    "cfb8",
+    "cfb-mode",
+    "ctr",
+    "ige",
+    "ofb",
+    "pcbc",
+]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5a3e49d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,81 @@
+# RustCrypto: block modes
+
+[![Project Chat][chat-image]][chat-link]
+[![dependency status][deps-image]][deps-link]
+![Apache2/MIT licensed][license-image]
+[![HAZMAT][hazmat-image]][hazmat-link]
+
+Collection of [block modes] written in pure Rust generic over
+block ciphers.
+
+## ⚠️ Security Warning: [Hazmat!][hazmat-link]
+
+Crates in this repository do not ensure ciphertexts are authentic
+(i.e. by using a MAC to verify ciphertext integrity), which can lead to
+serious vulnerabilities if used incorrectly!
+
+**USE AT YOUR OWN RISK!**
+
+## Supported algorithms
+
+| Name | Crate name | crates.io |  Docs  | MSRV |
+|------|------------|-----------|--------|------|
+| [Cipher Block Chaining][CBC] | [`cbc`] | [![crates.io](https://img.shields.io/crates/v/cbc.svg)](https://crates.io/crates/cbc) | [![Documentation](https://docs.rs/cbc/badge.svg)](https://docs.rs/cbc) |  ![MSRV 1.56][msrv-1.56] |
+| [8-bit Cipher Feedback][CFB-8] | [`cfb8`] | [![crates.io](https://img.shields.io/crates/v/cfb8.svg)](https://crates.io/crates/cfb8) | [![Documentation](https://docs.rs/cfb8/badge.svg)](https://docs.rs/cfb8) |  ![MSRV 1.56][msrv-1.56] |
+| [Full-block Cipher Feedback][CFB] | [`cfb-mode`] | [![crates.io](https://img.shields.io/crates/v/cfb-mode.svg)](https://crates.io/crates/cfb-mode) | [![Documentation](https://docs.rs/cfb-mode/badge.svg)](https://docs.rs/cfb-mode) |  ![MSRV 1.56][msrv-1.56] |
+| [Counter][CTR] | [`ctr`] | [![crates.io](https://img.shields.io/crates/v/ctr.svg)](https://crates.io/crates/ctr) | [![Documentation](https://docs.rs/ctr/badge.svg)](https://docs.rs/ctr) |  ![MSRV 1.56][msrv-1.56] |
+| [GOST R 34.13-2015] | [`gost-modes`] | [![crates.io](https://img.shields.io/crates/v/gost-modes.svg)](https://crates.io/crates/gost-modes) | [![Documentation](https://docs.rs/gost-modes/badge.svg)](https://docs.rs/gost-modes) | ![MSRV 1.56][msrv-1.56] |
+| [Infinite Garble Extension][IGE] | [`ige`] | [![crates.io](https://img.shields.io/crates/v/ige.svg)](https://crates.io/crates/ige) | [![Documentation](https://docs.rs/ige/badge.svg)](https://docs.rs/ige) |  ![MSRV 1.56][msrv-1.56] |
+| [Output Feedback][OFB] | [`ofb`] | [![crates.io](https://img.shields.io/crates/v/ofb.svg)](https://crates.io/crates/ofb) | [![Documentation](https://docs.rs/ofb/badge.svg)](https://docs.rs/ofb) |  ![MSRV 1.56][msrv-1.56] |
+| [Propagating Cipher Block Chaining][PCBC] | [`pcbc`] | [![crates.io](https://img.shields.io/crates/v/pcbc.svg)](https://crates.io/crates/pcbc) | [![Documentation](https://docs.rs/pcbc/badge.svg)](https://docs.rs/pcbc) |  ![MSRV 1.56][msrv-1.56] |
+
+### Minimum Supported Rust Version (MSRV) Policy
+
+MSRV bumps are considered breaking changes and will be performed only with minor version bump.
+
+## License
+
+All crates licensed under either of
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[deps-image]: https://deps.rs/repo/github/RustCrypto/block-modes/status.svg
+[deps-link]: https://deps.rs/repo/github/RustCrypto/block-modes
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[hazmat-image]: https://img.shields.io/badge/crypto-hazmat%E2%9A%A0-red.svg
+[hazmat-link]: https://github.com/RustCrypto/meta/blob/master/HAZMAT.md
+[msrv-1.56]: https://img.shields.io/badge/rustc-1.56.0+-blue.svg
+
+[//]: # (crates)
+
+[`cbc`]: ./cbc
+[`cfb8`]: ./cfb8
+[`cfb-mode`]: ./cfb-mode
+[`ctr`]: ./ctr
+[`gost-modes`]: ./gost-modes
+[`ige`]: ./ige
+[`ofb`]: ./ofb
+[`pcbc`]: ./pcbc
+
+[//]: # (links)
+
+[block modes]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)
+[CFB-8]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB-1,_CFB-8,_CFB-64,_CFB-128,_etc.
+[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Full-block_CFB
+[CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)
+[GOST R 34.13-2015]: https://tc26.ru/standard/gost/GOST_R_3413-2015.pdf
+[IGE]: https://www.links.org/files/openssl-ige.pdf
+[OFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB)
+[PCBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Propagating_cipher_block_chaining_(PCBC)
diff --git a/cbc/CHANGELOG.md b/cbc/CHANGELOG.md
new file mode 100644
index 0000000..b6059ab
--- /dev/null
+++ b/cbc/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.1.0 (2022-02-10)
+- Initial release ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
diff --git a/cbc/Cargo.toml b/cbc/Cargo.toml
new file mode 100644
index 0000000..541af0e
--- /dev/null
+++ b/cbc/Cargo.toml
@@ -0,0 +1,30 @@
+[package]
+name = "cbc"
+version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
+description = "Cipher Block Chaining (CBC) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/cbc"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3.3"
+
+[features]
+default = ["block-padding"]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/cbc/LICENSE-APACHE b/cbc/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/cbc/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/cbc/LICENSE-MIT b/cbc/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/cbc/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/cbc/README.md b/cbc/README.md
new file mode 100644
index 0000000..f99efea
--- /dev/null
+++ b/cbc/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: CBC
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Cipher Block Chaining][CBC] (CBC) block cipher
+mode of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cbc_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cbc_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/cbc.svg
+[crate-link]: https://crates.io/crates/cbc
+[docs-image]: https://docs.rs/cbc/badge.svg
+[docs-link]: https://docs.rs/cbc/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/cbc/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Acbc+branch%3Amaster
+
+[//]: # (general links)
+
+[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/cbc/benches/aes128.rs b/cbc/benches/aes128.rs
new file mode 100644
index 0000000..b478146
--- /dev/null
+++ b/cbc/benches/aes128.rs
@@ -0,0 +1,16 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::block_encryptor_bench!(
+    KeyIv: cbc::Encryptor<Aes128>,
+    cbc_aes128_encrypt_block,
+    cbc_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: cbc::Decryptor<Aes128>,
+    cbc_aes128_decrypt_block,
+    cbc_aes128_decrypt_blocks,
+);
diff --git a/cbc/src/decrypt.rs b/cbc/src/decrypt.rs
new file mode 100644
index 0000000..b3fe6a5
--- /dev/null
+++ b/cbc/src/decrypt.rs
@@ -0,0 +1,191 @@
+use crate::xor;
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockDecryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocks, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CBC mode decryptor.
+#[derive(Clone)]
+pub struct Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockDecryptMut for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.decrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> InnerUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            iv: iv.clone(),
+        }
+    }
+}
+
+impl<C> IvState for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cbc::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cbc::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockDecryptMut + BlockCipher> Drop for Decryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockDecryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Decryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = BK::ParBlocksSize;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let enc_block = block.clone_in();
+        self.backend.proc_block(block.reborrow());
+        xor(block.get_out(), self.iv);
+        *self.iv = enc_block;
+    }
+
+    #[inline(always)]
+    fn proc_par_blocks(&mut self, mut blocks: InOut<'_, '_, ParBlocks<Self>>) {
+        let t = blocks.clone_in();
+        self.backend.proc_par_blocks(blocks.reborrow());
+        let out = blocks.get_out();
+        let n = out.len();
+        xor(&mut out[0], self.iv);
+        for i in 1..n {
+            xor(&mut out[i], &t[i - 1])
+        }
+        *self.iv = t[n - 1].clone();
+    }
+}
diff --git a/cbc/src/encrypt.rs b/cbc/src/encrypt.rs
new file mode 100644
index 0000000..cb19070
--- /dev/null
+++ b/cbc/src/encrypt.rs
@@ -0,0 +1,179 @@
+use crate::xor;
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockEncryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CBC mode encryptor.
+#[derive(Clone)]
+pub struct Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockEncryptMut for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> InnerUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            iv: iv.clone(),
+        }
+    }
+}
+
+impl<C> IvState for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cbc::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cbc::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Encryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Encryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let mut t = block.clone_in();
+        xor(&mut t, self.iv);
+        self.backend.proc_block((&t, block.get_out()).into());
+        *self.iv = block.get_out().clone();
+    }
+}
diff --git a/cbc/src/lib.rs b/cbc/src/lib.rs
new file mode 100644
index 0000000..4929ad0
--- /dev/null
+++ b/cbc/src/lib.rs
@@ -0,0 +1,85 @@
+//! [Cipher Block Chaining][1] (CBC) mode.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cbc_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cbc_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+//! use hex_literal::hex;
+//!
+//! type Aes128CbcEnc = cbc::Encryptor<aes::Aes128>;
+//! type Aes128CbcDec = cbc::Decryptor<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "c7fe247ef97b21f07cbdd26cb5d346bf"
+//!     "d27867cb00d9486723e159978fb9a5f9"
+//!     "14cfb228a710de4171e396e7b6cf859e"
+//! );
+//!
+//! // encrypt/decrypt in-place
+//! // buffer must be big enough for padded plaintext
+//! let mut buf = vec![0u8; 48];
+//! let pt_len = plaintext.len();
+//! buf[..pt_len].copy_from_slice(&plaintext[..]);
+//! let ct = Aes128CbcEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_mut::<Pkcs7>(&mut buf, pt_len)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let pt = Aes128CbcDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_mut::<Pkcs7>(&mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! let mut buf = vec![0u8; 48];
+//! let ct = Aes128CbcEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_b2b_mut::<Pkcs7>(&plaintext[..], &mut buf)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let mut buf = vec![0u8; 48];
+//! let pt = Aes128CbcDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_b2b_mut::<Pkcs7>(&ct, &mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/cbc/0.1.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+mod decrypt;
+mod encrypt;
+
+pub use cipher;
+pub use decrypt::Decryptor;
+pub use encrypt::Encryptor;
+
+use cipher::generic_array::{ArrayLength, GenericArray};
+
+#[inline(always)]
+fn xor<N: ArrayLength<u8>>(out: &mut GenericArray<u8, N>, buf: &GenericArray<u8, N>) {
+    for (a, b) in out.iter_mut().zip(buf) {
+        *a ^= *b;
+    }
+}
diff --git a/cbc/tests/aes.rs b/cbc/tests/aes.rs
new file mode 100644
index 0000000..5513bf1
--- /dev/null
+++ b/cbc/tests/aes.rs
@@ -0,0 +1,25 @@
+use aes::*;
+use cbc::{Decryptor, Encryptor};
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test};
+
+iv_state_test!(aes128_cbc_enc_iv_state, Encryptor<Aes128>, encrypt);
+iv_state_test!(aes128_cbc_dec_iv_state, Decryptor<Aes128>, decrypt);
+iv_state_test!(aes192_cbc_enc_iv_state, Encryptor<Aes192>, encrypt);
+iv_state_test!(aes192_cbc_dec_iv_state, Decryptor<Aes192>, decrypt);
+iv_state_test!(aes256_cbc_enc_iv_state, Encryptor<Aes256>, encrypt);
+iv_state_test!(aes256_cbc_dec_iv_state, Decryptor<Aes256>, decrypt);
+
+// Test vectors from CVAP "AES Multiblock Message Test (MMT) Sample Vectors":
+// <https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Block-Ciphers>
+block_mode_enc_test!(aes128_cbc_enc_test, "aes128", Encryptor<Aes128>);
+block_mode_dec_test!(aes128_cbc_dec_test, "aes128", Decryptor<Aes128>);
+block_mode_enc_test!(aes128enc_cbc_enc_test, "aes128", Encryptor<Aes128Enc>);
+block_mode_dec_test!(aes128dec_cbc_dec_test, "aes128", Decryptor<Aes128Dec>);
+block_mode_enc_test!(aes192_cbc_enc_test, "aes192", Encryptor<Aes192>);
+block_mode_dec_test!(aes192_cbc_dec_test, "aes192", Decryptor<Aes192>);
+block_mode_enc_test!(aes192enc_cbc_enc_test, "aes192", Encryptor<Aes192Enc>);
+block_mode_dec_test!(aes192dec_cbc_dec_test, "aes192", Decryptor<Aes192Dec>);
+block_mode_enc_test!(aes256_cbc_enc_test, "aes256", Encryptor<Aes256>);
+block_mode_dec_test!(aes256_cbc_dec_test, "aes256", Decryptor<Aes256>);
+block_mode_enc_test!(aes256enc_cbc_enc_test, "aes256", Encryptor<Aes256Enc>);
+block_mode_dec_test!(aes256dec_cbc_dec_test, "aes256", Decryptor<Aes256Dec>);
diff --git a/cbc/tests/data/aes128.blb b/cbc/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..b74b505a30b4356b3a3482eb3bf76ba51e736690
GIT binary patch
literal 3579
zcmV<X4FvK4ARmrNbCo|ou)S**W-gjM7a%X<vop@xkC^nSn?TadG^ij&&k~kT$Rw+F
zVQS*^zX&2A4`IaAOi@R`JQ-To;>;4VAO`@}1EIwf<ZEG(x<d*&3?Qn}SUlMiW#hXq
z3^Xv%WxGHIizUauvG~2z&&de(o&Uw%$0nhd@a6X)_b@p!dA^ZA#N1)oa#?4i0s#c6
zbB`m2g(uE~nyVL5{fpa`s4PtYATvm+QR$>yExt3%#DA9P-XIwjJZCXr-zyzB!hm4q
zo0edkeC~pJCRbYhyL@^wpNMie1uixLr;&74x?v?8AxC4?;e>i>)zv{KqnWD*?lqZU
z)vngbVlKo{p<S^k8I>z%QcxW5T-*4~qe?}0Cf?b27~%0JqK$IfR#J4I3~K)6Ah+|$
zS8fvB4YodykE|=2IUvXn30;e^pkQgAd>NNY8lZpxn!%Y=&J!84RMR2^VD}szH$NQH
zHY5mv77YF5Zolm=c^-{g8WV249mHwgzzji$aw~)!+PtzX8|a}%SK1&BfB+e}V3%^n
zKQo31zizcGp$q0vm-w6>2?fL?0sTjL8sf!73oS=67Rq?NpYr=)70=TaQckXY%ayKk
zj=rvhq-P+u`LDm_p;jxp6KMQ$teu=7Kb>B_B@XA#I7<xx?u3&ffFRpBe!?dh+yA-A
z(LLbr%|;Qwc`M}n;M`v&)b)4mjN8=fk_gq4-J{fHIaI4;@K$!pqt2W9d0Pm!eD1uG
zKir9^#4#9-o=7c)Q<yCC1kr#X5b7tfo))<}@oB`Ujt1jgnb@=-m<t7tG_<(!GO;&i
z_a`VID+r%LkL=q)$DfLz(C=vVcw~XhqMjip_M5>$VDYXYhlh)$#GLb%9vgn?Ac>_@
za|AQ@=GJ`{({sI3U?BG-RgJSlI#NGQQKi181ebtdfP2L1Xin|V+{!Q*27s{ft|%1q
zUpCNF#jd7VS~zSJLU#{Ma+lb-7$xp<HzXaXl3mr5%=UJ!%|^-~Xz0^=Iu6LE)fieJ
z9%egV^J?Lj5dnyzH3N1#f*68rBhJ@LG3oZ=*ZcZxv@{^cfO>`{fM7ss@j{wMj6DbC
zRmCWJU{DP={5iIcTf3XD*4?rrf`wt$7aA~)TN*`C=%we?a*>TC$!ODu7)a9bW;M#G
zgnu|$3mx@}wePuw^2TiX_-|pe`M|HOY?eGp&gr<kfuh~8Y?gmARTZR!p6oZyavC7S
zk;*ao7YId;DXAswRgHKcp7}JCZd}l=m%Uh1EVPq>fdI>DczzA+R{5c2m4AV+Gi;``
z2Zh<`K$FH94pCBMpNKApO?j+d7JJgCOy#Z!jV|a^_EVk;lzD3&8`R1C+sB&A?@a;j
zxR-X(iuW4gr2I$SX5Va0z8x4)<YrWwN47S+$HKFwB$c&mwtH<wUmok(zwhk4rpNO&
z&(51g%bkG$dnqyXg<o-TMc@w=DxXJ`HJcy&v*lk|PBRIMQNlWGbf9b<l>P00(yl_s
z+j`3HSVYS+uHD9kC57z(Af{=ZEVVcZ&ixjVNX|kjD*CWvL^*gcY*;K9xy}uv(1gxS
zJV-44kIx!~2u_Lnh_ng_O<tEIX3%zK5^uL*_&|8_Aol2eaj+0gZm?=-+-h<3m>?V^
zUnUt_cI)fH?aIUwqWFOz_$%)`bEfzB4YGxDZD}30zg6zST7{iEpx{JbCb_#i7NZs(
z(S~kK*z)E0?6l-<bf>3`AkF-H%$`S^r=ZHZlsF@b(7+Z^)!B{Xe*@jlZfi@_s{_xT
zj@THk-=WWzJCh)1xqWwS&Jc$gZhnzJbV%cZL{Og$uQt7c7vWPj(_9pv)Z`Zji9g$f
z0Z)f1fgrGz67%o*?G1&A34^CSt-E|Sc-19=zGSGV{8(>E4<#WfdPj-{m;?^J4^;{J
z`w40J+2#Q1?=!KvKJA%kdlr9*r3PB8L!9JqJB=dK2xaC@MemH$3u%NkI)q9Q$jxBe
zpy-BcKI07}v-*l;J2Hb);9wB?f^*3IRPPEaX)xtd3a(t$kT08tqcxJsLuDW=6hSvp
z!yYFvR|}&y9C&LW9lPr<8LPBNuY{MDBuW|Afj~gnF!`WUG}(b~;slwTKZ2k?Y6MrP
z#C6F<Q_;~DX*%3tfJyMDX`=4drppw-6h6hw&Ag55OyywD(gq?|2{LU>=ai0A)&tNR
z64(CMQu`zEszj9gumLdX-qh!QH^6xWErNhR!zHn$@6lh#LgYXc%0qO&IP=5&KI12I
zI}D2M8oba|cP|*+1YkdVEFPwx_F^_4E8wAVyWHv?T|a?9Yv`dU07Y6d1vrI147xGB
zEr99_g%(OoTqYXig+YCj@BS{l4GIfU*6J8zJs}MCJPb|S!gdGp=pNY-F_G_v)o(kQ
zzHC8SK~O25xJJ%#V6+Qky73pC87EpUgK2|y(u<N*jA-C)ZJACi6#?xja1`eP&F}6n
zWn@QiU<qMOfF0q=uXFgf`c}^ysY_!SGrQ$?Vncw14-s@Vpfy`7AZl=e&y3m=@AQm;
zSlyxqt{}ZZa+5%K!T}ty^Bn)LNNymM3&(9?;>4ZZ)!%<N{P6`K`0FvV9yd;w05HuQ
zt+4M5AYxwcp^8UVMNT1&i~iMaHXw7^(Bgb9#c2D%A8HAh*T_IN4Z(?Q<^kWbsYxXO
zXR6s}H-vgcfbHUCN-~>-FX$dXU2pA%@WlREpm^3c8WboJQA;UZ#xM2O2&68fb`<8J
zApLF&l}h5{w<Ffc{H|)Sn;`IuWy$p2l>j-E9ir$3j80&p1~^$ovLAsely&rf-MfFi
z+Lelp6u{ffuETDNDDn2}?4i!COyPGS(PF{WDrUi8;+`=S$N&zsggIL!Ya23WiBBmF
zIhlc<^If1mWMjdG#MkS&WRxEnhN9M$a{Q~PAbT3Q6iWg*F<jN|#>ZA;y&wx7bo5*o
z|1eFNz*){*-U)yJxoEDjnXPL)jsfy)F51*YQ;c}Oqi)uWr(q+w&CX$30rn9qxC{J0
z7fA(p`yY^+QsH7_dj>7APX6MNq4BR^fB@6@n{nVX2M?Wf7N*NirSDPJ`(xDb{-BA_
zrVdBDv%=vHo1?OV$IE%H{xE3HB7=9r8d&~X4~T=%+tbjNzRDnpH$LX#gO_9tP=fB%
z5;8d;8g$plS!XPOOM*u)er-H!fIvm>&<(0g+=6rOcwDZYluCAFqB$NOEJUA2TF$@{
zOS~eKLosKD7eI;^0+D%f^kqX3|G6TY>|t|pTICYcf0L@FtMCc;;|*nIogJ_?Yg^7t
zdjR-x0Z&&`bV?X_+*g1=8_T3k-}M9Ae2gx{#O|QzCzW?V%;6=$;TLIyFR6Yd@wk#{
z=GS>6r4pl9F)vG@%`@`R5hx7UJ|6k!&u})?P)OCnb7d;}VI0UCPMxfKP<Xe*abRNM
z11_x|Gbvb#Ae?Y0nD3-TSF)bcgY~=ulOWE<;kYh~Dp?wzrT-lD%u#^=9UqN>y~E<i
z%LRWxj$}{(3|g+!CJ*uGf4groP4<X?{f~Ip;-E~P+1}cnWJoP5053`_c-XY|k%wG@
zmDHw7A|-t4_Y>_eOOjI!de;>lVw%mUg0zB_cceLxu#}7uNy0DWCpK2mu!u904vPkG
znv_?Xc>E#{a96v*`k!TEfdIOnWM@^{%p#E=QP<utetfXJ3w0%aq)+IB?XXqH!j9eq
z!=SCp5E6>iQGEcD`WCwj%_cSHpt_RBV4KL;R)7Mhse?y1B+^z<I;YheM|!L58Fi~)
zuPAb+Kz@=TfbZ}x9{6fSk;uJ06g{T!?+!=?`AW_WTLDqYmO%W=$U`7jbYpG3vyX6J
z3kbt<??;6oKOoKp3AJ<})jMnC(6{iZfgo)_{V$M@NX{7~8*3+v8y0ro{Ysb4pNbW9
z!#l;2H{P{2zT<ZNY&afihj0!#C_14L&l*|sZ?12)a0~DfWNIq70y)247BVuBL#l_@
zkr{ZiWh0`z3+<YhH_Z2-3#u<TBDCq}Lg8rV29l6)U+pfoI-o?ikC)vusMfMaLF^yc
z$lH0@JBUtpExHdtX<>mN8G}*uQxHF_=4Do9{*b-BmN4UUJ1u6w6Q(rjA1m+`y)Bnr
zak66~<W29REl!=zP&PGJ1a8g<x;XM!+U5N|P)Wu|M{I%TG=k&|7afWD{-Tsp%K4RZ
zHHokW6lD9=+P){;UZi8A-s^qKLuN|mrd&yk6gY#cj)S!xR1mR&WOf2XJ;Trc=x+iA
zIghA3AeW&6RVlfWUM0Kdhj7X-nIP1(>bWYZV}6IzW;jmPkz9d5=(v$k*h7o;v2;n+
z?Iyi)5`GZms#nU`QiJF<o(Pf%=t&`DpIcz+A@_!Syp|wV3`}A;+X506+eJK?L-FyZ
z1x6P=uJToUJl%y*F|$+DzZY*PL!L-@TsPB?Ckmvd`mHOfys*Hs(cM!blXRHQfIFcS
zgg~V(B7NJWhcD#V9W8dLInqZ}t+=PSMJ(>p(RtyegpV<ATmfSMqmaL+fj}b7!!U2n
zO)<>VCm_qV8?7kVRc8iQ#Eg50!yiwf`8)x&eW?rPKCNfgqa{*aZq!hN=KFA^H7U{h
z4^?G5lq&U|c%o(lVb(fwkQG|R#4{42TO(bpyU1hu@CiW4mLvyl`a}kfd{s=4I2UPC
z<#BZ#{0UUl9T7Kiuw-Vj$k9FxOty9HSka~#;ZzB5m^Xpk5z^g-C979Om5pIt@7i%~
B)35*l

literal 0
HcmV?d00001

diff --git a/cbc/tests/data/aes192.blb b/cbc/tests/data/aes192.blb
new file mode 100644
index 0000000000000000000000000000000000000000..f2fccb124c1a2a0d8ef4b55b00ebc452ee5e6daa
GIT binary patch
literal 4429
zcmV-T5wh+8FuHa0(b?C}e^nGk)oj72t11VM72rwSEFe=H=Ye)W7G|n2+m!4|FzX=2
zAHsHbO|6u?+#M*9?1pF{aNU)mPU&^xIo~$_O70z9FzU0hoLCyDbK#gAgR6~$yZ8c8
z5&JG{At3YCW`2!Lc^+W*P+Oye>jglaPE5?vXd@woZSZO1@y7Z&8VEX{uq|2JbiqJ@
zv#i8GQPf9y`3*p*07xfn16;J6qNIDvo1FJ23z0;5H;2_fFc!%>vzYPx4EENK$E9aH
z-$NgvM};d&Eg<Ty$}R`p?e${$P4+(uWe;G*&XtA}zjPNE!E{7OPP*|04cx4?o0X6k
zjJ|2tt$7(>jIcWKJH7<-P-}6DFdm>_?P^fq#*!UU)?|Nm)_YIYYR(_+xV5IKm$cC_
zWCcgkEM167b>?*|SVpz8I#Gf2Fa~?EdrkL+X@0EFmLHhn63cbwd3@<L%OHzc$sn9k
zoTxb*pTN!oJUD;=+c$-%iL|{qcU0OUFAhvCEB+06;9JQM`>8>`>M-#mo~-Z&k472n
z0mEqNhWw_t#g0h@dD4~<y$}d_hVS)HfB@C?SeIbGoOU88{o*#>AEMnYtwfEp`kUay
z8E*YXqg;gD8pnN|wTzXKjI$S}LkbAe`)ZDh4;-6v$D>5tG@mdJ)1Bx(3+H-y$fTwc
z<K3K!t}NqTdMo%KejQ?)g!wxMo8=#xUtF?0fFL;g+Bf2lsBN8tq%>YZo$8g+jCdIT
zC6ZmXtUB$l3WgO<Af(^STN^==iBps1>sUs}i`&#5&wBF^PeBf@<Z$)b0e;kAM_*!T
zQv+HP+aG`+?X9jannnLKbKotIOqAJ5Fr?Wnq~5l?w6J$Xa%n|zgdjQc97%5ZKh{`;
zEOTFqf&9>_SA;^Vi8~nf2CmV%u^)j&E!19{R;}{v&rYC~FysErb?^sT3A2OW(}|<g
zJju9Jv$9mc^dL6sxP!0nlWfC}V<<)$%^83|lN&EzI#?jpI&12xWHAUjG>G);1F-eA
ze)u@ySC%6XJJ#la19wx4E>Z7rk330MLoSMr=A%v-212rG*uAc7D*2|znQuE_1kz_7
zLGj7-4&Xf;N>Z?(WlA$274uEbfIxLQS#-TJvu0LQrpV)#xQgRT5;b*)Dtfku*yn3T
z-;o-MSq#t}FI+PV<ECP6oztpb5bYG`|ALqiw*J)*KT|xUI9eRMr;l7mMCA`JgIN|_
zB!$s3PIklU=V}bf#wjrQ!gXcq2b6q_wHtXPgfRE925dbq+&vQ@E7p9-nzxjVWJ*bA
zC_~HHfM9C8!f+Qn@f6fZN9hruP}^6!dM+#$9B((wwyLCOd)><Q46O@ahgkgg!0X0P
z&b7@_%KMLv)9udARoU_Ii=U|VLuJoa;)|7*r{UclG#KPWN_Ql!)X#a<C$WR<h~7)&
z?*A#s3YX<ig*6<piSB@4$|xx$rV)q!v;`oSkp|_=h8b7#I4In=C|(Y#$e_w9YhX}4
zW7Y$oMw8p4FQNB3;^zs<l#w4OrR~x44z1l(XbeNF$;V9D4U4u&wB<x6Uq|H>+M))R
z_H1*GvjaEq7yO~3ZKTnl%nA;e;zlrVF#8G5o&ekUgJ_)xoRR={zy~}ri3?S_wIJij
zo6wiTtKIfbNP*jJzv6)a!J~GA`zVxW-5V^4@46Pd((WYB7}1?XS#9kmg2$RKaU6Ow
zziK49-7=)^V|;VBq#dRuhBajmk^7(eMZNqyu_6;<L9^b@*qLgj9;nmk9G!6B2Bb^C
zS02=cBcRqIsXwXODGRFY_1Wll$wnZQU-<0EKPNYy)m-$D#d!}WfdGM6;uIkATUpkw
zls}=%@*e`}dGs0Duo7x=8-DLqzUi%(_00c$Bam0S!J3RWfkO9ZFCAWf7uUYLum=u<
zRm#q0U>6!wwip(!f=X`ooaAt}|I@X*OGAis*&Qc^O*?NTh7CAqm5t*tePXdQo88-r
zF^ml0^E?;I@agsh2p}-LrusZ*{V7hBk7oXh)=x$BDD}LKmoujzlB9nqGx0?Y9i$f*
zy~gM~fgoG#yfN6mt!*~00ZLe7(Mm%eYgN*orn;&@a&d8Ov!gpMP-{gXhTrCpgG$2Q
zFuXw}PQ^eT#C--rH^+G|+}Dv!it-Mz6m@1o)foaBjCH9mYsEb>YU!o7;js#rR#!%n
zlTDd9{5hTsAU}TJj(%i<>fJG*KnHN>m$Zy)$}2!clLSzJ=`(jVj6$IF-rj*Al5Mg`
z%p0N)3|C_se2VW0Pk9+PxdoJ-G+-nSi~4V*gArOAF$-=(Y0B%xCMbwEdmY-PfDWXV
zqP_nQnh-JP5}cYK<5nT(@VL6l4Tl2{D(A|DlgL??cc5?7vS117(2wk_B+9AJEUi07
z41y;?T6-Q3E~`JSme&d(oQtw-Vs>}pQyY{u%5FSFO&MEXFcvD+4(3V+0;*LXR~_xa
zYb+aT9!*PL?jR&UfH)Q!EXv?}0-LsDRl$KkzKXv9kP~B=dV<V%(Cm?Ed!vPao==3m
zc|dFvjRI+p05W#aM3ErA^jD2|{>r|N2M!T&3qJ}cM7>f&PR9Thh)ftBz5P+f1g9KQ
z<iOz&yg-c9VzNl63yO-sYq?Ua9e=LTM1X%9a~pr_%J+j;V&49e?9a!klujIQEdS=b
zhI2mCAwn@B2wK1`_?9cn!IN;3?!OL@sIm?{*uq4vfk4PC^2B!DsLN_@V0u8(@Hrdk
zE~)H<r8lO651RX#dv-Z}08}LUrl(EB=*Ox`i2!L2iA!xA%7AB6lhPzQ+Q(w?Suh?o
zeweo;b|VnYT6?eI!k{qQq;J_epWBJd6D+C0ea9d%>}VqHTAi8O%4Wxez#9mK%eF2l
z*?0kxe#8}}(iIhrGGCtNi9>qPw`fY!JPnd_lu@jQ^Pl*`8-y^9CqVn5SFZ9xE<_^|
z(OeYM5>+;Y{M;2FGC&oFjNF31u34hoAM;M8AgVzZorn%^<FQB>*5sxxwIDgEv@PMD
zQ7X6d1T|#CQCctxz|yVKbJ3z;#4^TWw7yM^Hg4QMKrTQa48wF!sm}2~;7VGytecJG
zK!r}1;hS7fy?QFg_}$Fhj;tCMXfm~r1+Gwt*UGw&?m#Tnea>`c)$HCCK8Mal<|2m1
zup^{K+T-jG+y+SUlL#<571xHxhI1VLHLK&FtZ`3Yqbz>&#%LQLqSGd*B4u{tE=cw(
zJ*jL!U`l#T%3M`lKLc34eYCF>@iHoiVWZ2Je*&M}y^iFl)KT*-cxC3IH*Vi&<k1N(
z6=12BfFai3c>gR+BWvB7RlIV04aElZNm#N39|=f?3N%Dmf<phj&nG4T9xrQK)%!4#
zF?~%q7K$~I7@*$^dqvCr%peix7hOCcb-tCRr9=R-;k1R~POTX2fB<`l`vH}udd3{f
zF_@rL7jbnXL`|tJE{r#X3V(JK$?y7Y*74D&Fzhu9)=QaljQcy5EO{FybdsNwZi!61
zxs-qa_H}`FJtH!2X`TgXU_-RUQ<97-pM`UG@gOPuu1e17lG~*Qm-ZK>7@7OlHgXi%
zd-dDdy{muMMa?VZF%gH8FwFo2jOgmswcqkIYKH2?l(M85OsSv9pCA=XvD7Nr=-6Jn
z3sH%-;k<w#2h?%;hx=b9b4IF3R>-}!$yAfE!JFvH3EuzKkkxc!B9l`3@`sDYY9R5M
z+4izGj$m`b&hP@pD9)78t+i8|(OgPV6>pgJE54ASkX<$2fFPkOG8vlYNJJQ{aF_k5
zyEF2xLLL2iT$@!k72$P8-0W{Ye6NEuPHpfttY!)ssI`rJ{&_J3NHc!vac|<ZY^MQ7
zCS*(=xu(_B;)Y@AwHh$Qv!5N1Ws0G8ns<3t0%dbnd(iXNGdnvV_6T1iG3Zg-oF-J-
z%UiD*fIy13xU<8@*PCrz#s$*}N;7q8hgB2@f|h@{VwcZZp01!iI6xR<8yG@UW9hA_
zaX~FUs{_V2NOX_^<*}rq=nmJp73R76IOLEp9cxA6d<=5^jP{9L=}_3vCv>R8I%<GG
zY3FhHVBjepM0eccq>n6W;*u+qH)eZ=_nfng7U~5f?AsnuHN{RiT>R<l`9<x3n2qFS
zyxR=<BZRh8OrGp!H?~$uY{p;CK4FtxQ87#WTBD7vCgCpq-T^t<iF=i$Fk;X6V&}f|
zR+=~tr~g2ajyn5XdeUXhUmyh0%CfKm+1+egX06rM6pMghgOWI@mgO5%Dz~at>f;pv
zmnj^fo^@j-!zO?^ChA44ZuYl%4CtK*OS>x4*;~ko_0gaGFp{tK3DxF1b0q2@eBv*K
znDL2LJjUh`_3tIV2DYb<#-@UBXf;CKX|SY9?nP}8IMDr?)Zb_bHZ$J*fM8|MvyYN5
z7ZxH^a_cssCo*sc`1QbqdCGh0#IUa7Z#%ItyYc@y4)a99q~N&vf%dGss(NA#lv*O}
z-4cpRI?N_mvCBaM2nqVQeIJ^1w`L^y{ah|trb+O*&?1{yRjusK`{n?W>!NDEWpaZU
zvC1$kC9j=e;jco+@cb{o0Twsr5u4EH>AJZf!ep`<9?DBBi`ZaohvS5CfdJJCRqBJx
z)mGuwV?s?n8NscajTZj_^+GDlt@GO8eOZ4Kb*iHonNIf}7gI=9VB{Fw9cO2wdg(om
za1X{g<<}@Wp3Eslv_hVO1M@L>@?O?`BNk_`dygrU<Jkm5f9(<$5};1A<iap`okrw9
zo+QV;ABL__F78?puN<vhn6-fb_3&Kn>Q$uleCb0*JJDRsdgS)KqO<kG%*IJtjwxk%
z6e#j_b5_M7JJb(5OV88<>Pw$36CZQ>4?zT>N<=60Umu7+bugQB&Vkj1ok<%K7`A&v
z&*>WZJVR|Eo8PQw{9l9>mh25NUU>WL*hUyWEv@p(e;LpRc~a}4DgoOaFve&P>7ka7
ziIjQlp$RMMtQf77T0+i`lOR+R4(gtkp&6Y#2@h!sN1uTp$#AF{&$ku#cj&e;XPKV9
z7sns<1;hU&%xRTF53N8G;rwa3Q6mQ`aU<h)(f8hr#t^Ne{n-VfM{B}2B!(V^-1$)3
zD@lU30&#UKN#r=94)o~YoU9GRp3z%`<0dEKLxE531Tb_;#&yT#XFWexr6XYMZ}`!U
z)U~~j6js6Zh=N?XnRuM7UK=;0xhl>(fgp+@>Jxz|OU?Kg!qnfXcELVcJS8z?x*ag=
z%qNt5CNx*HJO3O#UYu|LCsa+88L;R4fz+dtp$=p|4zCOCR~kM(=Nf2!EqMUf`pyr;
zDwgcXhK5RD=^%ABqJ`O)8j8dxw+(I7|B5sS0qH9v@S4^r667zo*m~_dPf!MAx2$v6
zaDX!<9`};^1x~A&wdF8So3BRuo#R4*+Wf=Yd09LEs6uH3FeZo~*4S<gg58IR^b~p~
z`KKIofk0={-KN?m;u8m#Gyq@+C31S`6cteya`d2@*^oQWkjyL%tXR5LngI#LN}XXB
zv0Jrt%11tgfJf=2PUNfJcCYz_oJ0_v79U1LE*22juocfXpb+hj`Z5Ro{Ey63j}%-2
zeniEv>@~@VZ%dtJ6Q#Tm(CTZu!f#ZugS@UM`+1#+a{qLX#97r``XySfDc2hZZJR{F
zO<e1#Gb(mHoRon;X(%b2Qnc_#l5dJs6)D;+Yr3PE6g=&Y`**8HK%JVEIyh{4y<jHv
zm@&r}VtguIcfBn`Jxvo0tl1~(4HKe00jJM7#&K=0w(V6U5bs?l`;>d)$apU9cqtid
ze%$d<#$TEN^-ql;^NW3?r|3E_0Vma+J|qR$XHUuW8(>d(k4F{x(_&8USM!Izt<j1f
TkY0nFCb(gAf;4}tZ3u)~6W@+#

literal 0
HcmV?d00001

diff --git a/cbc/tests/data/aes256.blb b/cbc/tests/data/aes256.blb
new file mode 100644
index 0000000000000000000000000000000000000000..c4a7002bd05e1f85974241888ef35910afbda7b5
GIT binary patch
literal 4589
zcmV<J5fbhIKyKG<Etkfh(KD5aQaLg5rqA_Mv0rnKA?$M9m!~rc2OxzWhh%qdXO^nB
zBHOk^tmq(Og1Eq3Too|6eMlC{Lq}pDYRm)_E)WW3^&6M1^%pEbK-}VNYfSqnWf0m<
z?9$KvY~Mo<GuxYAceG$<o79~Xt|0yDp)|<XH=RXsb^RJw)BHeC>F(jIQh*8Q%gr@u
zb%-C8a#XQDk=Mp%Ef6svQtJRfFQDIYDxcG~OtFu$v)fhwB4<J;S16Pd`1V&&bP}da
zK>mpV{>?niF2()F$Dp+Z8Nx-hEnym7`RM{^)t^4!Ga$V|Y_qwEA}HAL-&a<W<j`P^
zI-!>AJ$##6u_EXGcl#2RrrLF@<<q4Q8BIEhL08qtoj_ri7GaoK+CIs$N6y(`V2*;v
zs{{ag+alwMq(_(j*WL*Xj04JwELzQ;gx@#&#f<3fvXkkL0=7Wb(bptoKm?QjV{r(t
zYFmzwtRLS4T0Kjz(XX|0zIxuChJxl}<siV#E9=a=Y)O&})krGGR_K5Li#Pccjr6-E
zm22iP40FibSn8J)|4Ft(5PLMqzwnl+Pwm!%H72XVdX5VgVQ%gvO0-se){czLOgOAo
zI}>A^fB*&6$9E}08wj^I<PjPAL^#p)aLjiqO>8~)|LveSPWVEI&Nuu_Onnh0q?xc$
zHcU95);Yb}WPPeT+S;<~Rg^%Q+>gCbZUZX!`XJ9!Lvfwv(I|`+jAPb^imznOCd!2%
z5tWU`tAXLi@D?%Ylulv~fFQ?_e}wl(&5TP=?ZP3O+r{+Ib%;2ff=Go-^1}F*XQJ1<
z^*(dcCWKR8LNSgc%|&@RP_u$wU0hs`%|2b)Oz9+T7&CtJ1ucsq#a0}PW)6TLoSEi=
zHoGp8ov{d<cTn-OR@0if(8LTrF9i^a>CnRq1cNNiy}*vYq$aoZ@7|bh&{u@cHi477
zHkrI>5M``l;#j$=OvP8?v|CBe1yLSlKy$eI@C!2nteJ&e_W9}Lg&1iHSq7wrolVb3
z(t`S~Dj>7Vm#7L;nG(3dA4Ls2la+u#I^L$>ZbHQHK>`$!@^@bLH;k}|Bo<!WPh?2q
zG8bE5&@@}0oOs`5mh7D(x4GwTk34p>EnR0PKOKYqdT+zsJV_IgaQasPv%aihw2<(r
z;Xi~%K*UfFn$rk+->|L_fIzH0ZMyz04|E1H{hopg_5@7Tu~i(qoWMK_CBvM{e>1o`
zto)=3GG+3+|A&!NM2gDGi2VCIx3Lf8W2TG&3GgU5E<ROz8s7r#WQw-CiCyp@T_)?l
zsipml>)7PJ<J>@<-#0~xWd#2=3Q?o$Nx&O<{LZ{_!>h}bsYyVK1+vK?=a432ol2rG
zwaovpvYmOnfMCy3<-?UsQMpW>IIOtIr^jmR+NqR2t_mFCRif|PO-7hqlT{H%6jIsl
zWYR_)vY8!O`~YBSf0}0&auzZ$^Jo6iLL(OCEh+5k%ZF(7ZJU7h(s&6xnu^Ul{eIn!
zy<90cS@umYgodsg)sx0sz!ZRBG~ZSm($DL>x34=(jUmcXSTQbsE>2U9HLWC&wh=E4
ze-w{usMR8;^Tr)`Th?dW4jsf`Y%z|c@@n+{eG$~${{&W18%pgO4UxJ^AJ)x~DHwaj
zh#Fc4{sIJ@IW~@i6Ppr(Tdpj7=pJtp#v8T8Kt+pZzacFk^QC{zIUr?NEzbM%fvO^u
zpMyB7kWwZN9Ux2+@BCR~)C5^zCUq4)mPvsCC2!X}<67hDoF&~VlvGJRme^xI<}<Zn
zcHHQAT;<!lgxm7SqVBQjYf*`o1?2HNyb-xO_Vb%GX}%PNi(7IHN>VL0{_T1)oSPnn
zERul4eYgXh7sQekaiDz|WD<ig;G8gx-l1tumB>W^@unVOL6_)iFzmvO_Dst>&r~<6
zfdG)Vxnl|=c=bO}8n?dx1Cdn#fN{KpIOmCzEd4&QDUp>%US>0dlw<w0Lv<&PFWVCk
zf*xd&&w&3G%XcLS`$BIz?&5pYlZb--D(1Dloss%VL$Q0bIqSYzz(O$rW2h=$<v53y
z?&De*8WM5v3*wuFEsv*Jy3il=XO95|l+8fWK`pR^U4-RxD~r8kDOX23f%}=ti~n%v
zk_{HY+w6%TQN|hk@UlM)c_s7!rpn80fgl242E?Zt7z~*yf=!(XTaT)!Z^Zf~?5ttf
zU-sUT->7gVh`=f+EE|gSM3)EhEp_P`kpW$@BXr4Mj~QKCu&?U_1P}O@UJesE+ofeb
z7f*_%p|hXktb?562c+anPmdb_WA`}h7_8g>F2CS&gXc6=ha=}f@S%fkuiu^MA`q!0
zi@_7K!Mux3B`lyD*aLwe0#vdzW4x>ES~*^~OpmbZ6M6@{Z(g5a><a~b;{|a~kD`<!
z9Fd_}!xfX8f#U$~kRg)nUlk=pDA;!|c`{DKGMLICzza75bM9VV*$zYRq2O9w7ZM5n
zH2Lz9H`}77a%NEdI};&veG&+UJZwB`J}rluwenYj@QbMOtG;94zS~M7eu1yEYqn%n
z2sLdqKuEq>eq$^acOxXo)A}8pTAs}T4;1WO5e+;3!*<0}D<Ia@fw<2E>(jRCp|w8*
ze&K;Y3}e(2(}qQG=L@!Bi}<9uSXG8-j552RrR>2rFRiCa+A_r|&(W%MM7macPJOEE
z_skr!k%F%lO64Of04Qi_RyA3e2dSs<dLI*hm$Bi=+PsOjrR1-v+gMfYs#j1}sPy<G
zA{Hbou)<a`4V^NWCag6*abKgKfX=~0)<Q*C`S%N$$sh@C4=jaUSxAMT1|^6No%?e^
zW6sX^EbuV6fk6CNbL9=_`t-)QOQ#30g-)Hht1h2?aDTg_IL3rJ82oRn>#t@#CMj>T
zDYVjW7)eZd;GTDuNBO$?he(z%*PlZHVGJVx!JWS`NVm$!#PpOw0(DO_E|RwQ#pheb
z7oNCxpm@}AkO=}8M8QuJ{VG+Wxx`Hv00xDqMWpsJ$Hi)QFmC#0qD=+Rh}_q~KjKfs
zM<-cj+n!A~`^hjwNX<Y)=~J?<po%)xEf_CY$19v*`{b$0Mx)D#<Ayjz;w+vZ-Mg?C
zKOQaXBb25pqM#%WAO|N64r8h|+U<;L-V>}E@gUV58Q#^(O5sZ@Ah0L@upmIK--yAh
znSQm51XU=EI!~h@t*F6@Y0QwSna4X9P5tH|V9Ze9h;=gH)brBv3_M*}K$xhh*h5yo
zKsubvI7$Zo1U>%jxSm<g47j}tNnZDC@IY*|;`H73nvMv`Y=1yN=%_Mgz<<b%&<9T9
zTL9EWm|8$oXeTJ!P&MlWx0Xf5N|j)0yKAG8wqrec7d!%dTF-YNF1bRNcPLSoJ=2;V
zxm`n#U=ONY0lBZOJGB{CU8?lP3SQL8E20cyTg32(nXTOTof&y;9{&s1kj5h1BEbnx
z$6(|HZ3Q@5w~5B5C}!Y;Q29StJ}LlQp!)2?D_s0CJw_aM!3QvQRNGZ%rM+oBB78t}
zg2ZqHuJi^GT&4X<mx$GZ@4&L1$>~wC`B^|_lci4}NM64p719fVZlyUyf|nQ0fB=I2
z#$-lqSWqK^94<Ma#4|-^nn5H@1p$g9*A<l&`2S6aupH3qg9i-&ci?5$O>=XBYhh4V
z82Hrka42e7)Lwu9Y$WlUoC_G&5^MH=kjskaEwjpgtF@H%2CC<xNj_61rLV3|#L)>i
zTUO$>|4f|rIp-{6+<_Fwmfw}L#<n0KKsw`%PQQMCZNQ=99$xx<p(FjnA>}jYpY7EX
zELoZFTOc;oUCHhEW}EKKnkoX2lDU8&jUwAH#3ejFI^C9q!A(`LUwrpsY*Nh6%jvnF
z*pW74xUupsCwff7(C6uRqep`4hiGS2YSeOshSlhh>T`la<8TUTZEm%U*c=XE>k=GL
zfFRWlq>PDTmM?rgFdwP-cO+0I!UU&x5|Yi_q38eWzVHr)*C`OU*r!(Cv|OJMK$nZR
zNXk=w-H^6$?Cv*S71@P?x%oR|RjtYR4^OfXkGVk83;YWz8P&M9`1ESG^hE9xYJa2q
z+VwEZK8bcSn*78dfWCI8_=VEIYd6-VDEi>dfItgwDuNRhn>%>hZQ~^3hVV9EMBp{X
zmkRsvp{2tr1+q)02F;vi33GN)s2eNKOlTdzh8csUuE%a{izGo3)=fyBgffYAb90oq
zIyps<5pr>2Wh;88lfSXI6o|Lp$!mZ>G2~}@7p~DDy*l=vyADfaTb_&%PACg`o!v?C
z;z7gAx6}?CZ}KL;1o#A;QK)VyfzJ~$$RyX)QFLt2cl;v#Hx~dN<rx#$A9@D+05|gq
zm34Xcm1hquOmmmg*^oC*KxCp;rejimzNa6JcL|WR&g7!gufNkju`GJS0Pk7knjjd=
z=@fq{TwDO#;6gx&)3ktK_u%)O{oNJqHUO(FDaC7}$mwkwiE96C>~}tHq;U#&^7QOv
zYj*G2WGKOP&<Ds$sr0doUK^}mC-*RWb9Pnk=o9zh^@s{LtYfVfX6J}7gSJRTO+|Qb
zQ|djjwGxt%6N<h-$Dhl3x5oCl>JvL(fMD5|ah5xJ<sdFNFZjT215;;^oYGI_t*7(T
zoBHcr>5ByF^q7`N-~kfw(yH5xUm;hvMS(>FS(Z^i!9nHwV;)0Bon_ItHx9G2mN}p7
zGR*BMN?z_p)>MCcy-D8TNVL2$*2I&~(vLX^<7~E=Vx2%SHI9n&O=`m&m5aSxkFz{8
zM-;#NL2wNyuzwNH=#l3j6h#&!YIQ6!kXG1)+VjYrfdJ3JRil=D<45(6qUgKpL4(%Q
zFLWmrUTU+P-SXxq#d55!0`c-g^S6ZOJ|XAjAnMIK@2|e-6ozv&#_o(S4(B&*JaTf3
z-gpxiJ-z-jSKh2a)2=E6BAfzZ^3e&<A6*0I_(=Ou!iY%}YyzV6>-X3H<H^(xF_#PR
zQHM5i?<;`-vo0$a8)JfSH0!X@ke`0>)f``f!MmHnYs9Qg%--lVeac}}!chw0$a@<?
zD+0D5y9Ua_fC4y_{QootuL$m&;oWjUo9xZs_k40KnJnDMew=iM^=h;R>R^qGYU>6J
zWX~sstr``PM^=70;{!Jhq(vlkCfQj+zfFFK1#x(=KwC>`GnkRvPBS;dNN+=(`_TI;
zcr2$L@CBF|)fQ>lJRmD5qS2eF?9oZu>1HCr7iobYpt~I}-nZtzG{%trdvc}e)>oFQ
zSC}v3K*EOBl0CiKLS<(ESn0sCuTtdOL~m@x+NHnGPCSL%T2?sbaKmuS;V9c8$#p`e
zN@Ij?7@{cCMk*0EZOd`?ZpALWq;&VTbtx6FfESmSOT`|sA%Q3U)(;Q~Lk_hFpR>AO
zDEiV&QH;&pB>_1+>uvwUY88|rfgrje+m69-`b~4s!+~gjKcR@-EdeX<NC1C5$b%{3
zE2A&sHKP^2HYG+zi=DQwX9dRP)YE7p^eBVCjY^qJ#8ju-DJ)E(^tLX)jz^kZR9$NM
zmyIm`=e&TKk&?p5W-RHnz7elLy=e2|)o5F?j1N7)fEU24s3tyd+(qqwn3KO0{W^xk
z7^7TPXXZlHnT0@ya$D3oMPP^&7zcCk=c|>Y$XVDrAu#BK84g6zOlg)N<d#vGj=Q%m
zxVwP6n!Cz0fk40I#x+ZNKl9;|;8%6Iw^#?>661<uYm4yVEnok5<neb}r`M9$g%&Pm
z*oiRt!?MlzWlvU@B?N#mkT_y+@Tx;(U9pF+LHz1tn;(EC%-swl;NCY0N{f^p%XR{p
zic2O0=AXbq8CYF~MgZWgZ<(b#B?JUK2(iQB6w!R%1w6g^9jck0)wFy!m^-8HB}>J}
zlY@P#sK{LW68H5_X`g{WTbHTSBlNj+6Z44Kqe15<yEC7T7^C{a^81CW+>aAo>o5gM
z8vV((?R}waRqLj()X@xd;n}Cpj^D1TXiC7npPeMSXGvAZoyNX0uHnL9wOIcL<D}G`
zBo-hM|0PYhz6Xwq(0*i&YxQT7cFRK{rSAc+=B<bp{KsQPX~@Jll9kCM9!3B2pE4!)
XbWk$d?!KASv75^wT^s$gZrUs)3~Knu

literal 0
HcmV?d00001

diff --git a/cfb-mode/CHANGELOG.md b/cfb-mode/CHANGELOG.md
new file mode 100644
index 0000000..2d49421
--- /dev/null
+++ b/cfb-mode/CHANGELOG.md
@@ -0,0 +1,58 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.8.0 (2022-02-10)
+### Changed
+- Update `cipher` dependency to v0.4 and move crate
+to the [RustCrypto/block-modes] repository ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
+[RustCrypto/block-modes]: https://github.com/RustCrypto/block-modes
+
+## 0.7.1 (2021-04-30)
+### Changed
+- Removed redundant `NewBlockCipher` bound from `FromBlockCipher` implementation ([#236])
+
+[#236]: https://github.com/RustCrypto/stream-ciphers/pull/236
+
+## 0.7.0 (2021-04-29)
+### Changed
+- Bump `cipher` dependency to v0.3 release ([#226])
+- Bump `aes` dev dependency to v0.7 release ([#232])
+
+[#226]: https://github.com/RustCrypto/stream-ciphers/pull/226
+[#232]: https://github.com/RustCrypto/stream-ciphers/pull/232
+
+## 0.6.0 (2020-10-16)
+### Changed
+- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#177])
+
+[#177]: https://github.com/RustCrypto/stream-ciphers/pull/177
+
+## 0.5.0 (2020-08-25)
+### Changed
+- Bump `stream-cipher` dependency to v0.7, implement the `FromBlockCipher` trait ([#161], [#164])
+
+[#161]: https://github.com/RustCrypto/stream-ciphers/pull/161
+[#164]: https://github.com/RustCrypto/stream-ciphers/pull/164
+
+## 0.4.0 (2020-06-08)
+### Changed
+- Bump `stream-cipher` dependency to v0.4 ([#119])
+- Upgrade to Rust 2018 edition ([#119])
+
+[#119]: https://github.com/RustCrypto/stream-ciphers/pull/119
+
+## 0.3.2 (2019-03-11)
+
+## 0.3.1 (2018-11-01)
+
+## 0.3.0 (2018-11-01)
+
+## 0.2.0 (2018-10-13)
+
+## 0.1.0 (2018-10-01)
diff --git a/cfb-mode/Cargo.toml b/cfb-mode/Cargo.toml
new file mode 100644
index 0000000..90f773a
--- /dev/null
+++ b/cfb-mode/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "cfb-mode"
+version = "0.8.0" # Also update html_root_url in lib.rs when bumping this
+description = "Cipher Feedback (CFB) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/cfb-mode"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "stream-cipher", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3"
+
+[features]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/cfb-mode/LICENSE-APACHE b/cfb-mode/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/cfb-mode/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/cfb-mode/LICENSE-MIT b/cfb-mode/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/cfb-mode/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/cfb-mode/README.md b/cfb-mode/README.md
new file mode 100644
index 0000000..4015f24
--- /dev/null
+++ b/cfb-mode/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: CFB
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Cipher Feedback][CFB] (CFB) block cipher mode
+of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/cfb-mode.svg
+[crate-link]: https://crates.io/crates/cfb-mode
+[docs-image]: https://docs.rs/cfb-mode/badge.svg
+[docs-link]: https://docs.rs/cfb-mode/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/cfb-mode/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Acfb-mode+branch%3Amaster
+
+[//]: # (general links)
+
+[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/cfb-mode/benches/aes128.rs b/cfb-mode/benches/aes128.rs
new file mode 100644
index 0000000..1d5c9df
--- /dev/null
+++ b/cfb-mode/benches/aes128.rs
@@ -0,0 +1,16 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::block_encryptor_bench!(
+    KeyIv: cfb_mode::Encryptor<Aes128>,
+    cfb_aes128_encrypt_block,
+    cfb_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: cfb_mode::Decryptor<Aes128>,
+    cfb_aes128_decrypt_block,
+    cfb_aes128_decrypt_blocks,
+);
diff --git a/cfb-mode/src/decrypt.rs b/cfb-mode/src/decrypt.rs
new file mode 100644
index 0000000..b188a89
--- /dev/null
+++ b/cfb-mode/src/decrypt.rs
@@ -0,0 +1,195 @@
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, AsyncStreamCipher, Block, BlockBackend, BlockCipher, BlockClosure, BlockDecrypt,
+    BlockDecryptMut, BlockEncryptMut, BlockSizeUser, InnerIvInit, Iv, IvState, ParBlocks,
+    ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CFB mode decryptor.
+#[derive(Clone)]
+pub struct Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockDecryptMut for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> AsyncStreamCipher for Decryptor<C> where C: BlockEncryptMut + BlockCipher {}
+
+impl<C> InnerUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(mut cipher: C, iv: &Iv<Self>) -> Self {
+        let mut iv = iv.clone();
+        cipher.encrypt_block_mut(&mut iv);
+        Self { cipher, iv }
+    }
+}
+
+impl<C> IvState for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockDecrypt + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        let mut res = self.iv.clone();
+        self.cipher.decrypt_block(&mut res);
+        res
+    }
+}
+
+impl<C> AlgorithmName for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Decryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Decryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = BK::ParBlocksSize;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let mut t = block.clone_in();
+        block.xor_in2out(self.iv);
+        self.backend.proc_block((&mut t).into());
+        *self.iv = t;
+    }
+
+    #[inline(always)]
+    fn proc_par_blocks(&mut self, mut blocks: InOut<'_, '_, ParBlocks<Self>>) {
+        let mut t = ParBlocks::<Self>::default();
+        let b = (blocks.get_in(), &mut t).into();
+        self.backend.proc_par_blocks(b);
+
+        let n = t.len();
+        blocks.get(0).xor_in2out(self.iv);
+        for i in 1..n {
+            blocks.get(i).xor_in2out(&t[i - 1])
+        }
+        *self.iv = t[n - 1].clone();
+    }
+}
diff --git a/cfb-mode/src/encrypt.rs b/cfb-mode/src/encrypt.rs
new file mode 100644
index 0000000..42a7fd6
--- /dev/null
+++ b/cfb-mode/src/encrypt.rs
@@ -0,0 +1,181 @@
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, AsyncStreamCipher, Block, BlockBackend, BlockCipher, BlockClosure, BlockDecrypt,
+    BlockEncryptMut, BlockSizeUser, InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CFB mode encryptor.
+#[derive(Clone)]
+pub struct Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockEncryptMut for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> AsyncStreamCipher for Encryptor<C> where C: BlockEncryptMut + BlockCipher {}
+
+impl<C> InnerUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(mut cipher: C, iv: &Iv<Self>) -> Self {
+        let mut iv = iv.clone();
+        cipher.encrypt_block_mut(&mut iv);
+        Self { cipher, iv }
+    }
+}
+
+impl<C> IvState for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockDecrypt + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        let mut res = self.iv.clone();
+        self.cipher.decrypt_block(&mut res);
+        res
+    }
+}
+
+impl<C> AlgorithmName for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Encryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Encryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        block.xor_in2out(self.iv);
+        let mut t = block.get_out().clone();
+        self.backend.proc_block((&mut t).into());
+        *self.iv = t;
+    }
+}
diff --git a/cfb-mode/src/lib.rs b/cfb-mode/src/lib.rs
new file mode 100644
index 0000000..de7cabc
--- /dev/null
+++ b/cfb-mode/src/lib.rs
@@ -0,0 +1,68 @@
+//! [Cipher feedback][1] (CFB) mode with full block feedback.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{AsyncStreamCipher, KeyIvInit};
+//! use hex_literal::hex;
+//!
+//! type Aes128CfbEnc = cfb_mode::Encryptor<aes::Aes128>;
+//! type Aes128CfbDec = cfb_mode::Decryptor<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "3357121ebb5a29468bd861467596ce3d6f99e251cc2d9f0a598032ae386d0ab995b3"
+//! );
+//!
+//! // encrypt/decrypt in-place
+//! let mut buf = plaintext.to_vec();
+//! Aes128CfbEnc::new(&key.into(), &iv.into()).encrypt(&mut buf);
+//! assert_eq!(buf, &ciphertext[..]);
+//!
+//! Aes128CfbDec::new(&key.into(), &iv.into()).decrypt(&mut buf);
+//! assert_eq!(buf, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! // buffer length must be equal to input length
+//! let mut buf1 = vec![0u8; 34];
+//! Aes128CfbEnc::new(&key.into(), &iv.into())
+//!     .encrypt_b2b(&plaintext[..], &mut buf1)
+//!     .unwrap();
+//! assert_eq!(buf1, &ciphertext[..]);
+//!
+//! let mut buf2 = vec![0u8; 34];
+//! Aes128CfbDec::new(&key.into(), &iv.into())
+//!     .decrypt_b2b(&buf1, &mut buf2)
+//!     .unwrap();
+//! assert_eq!(buf2, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/cfb-mode/0.8.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+mod decrypt;
+mod encrypt;
+
+pub use cipher;
+pub use decrypt::Decryptor;
+pub use encrypt::Encryptor;
diff --git a/cfb-mode/tests/aes.rs b/cfb-mode/tests/aes.rs
new file mode 100644
index 0000000..2f8bf98
--- /dev/null
+++ b/cfb-mode/tests/aes.rs
@@ -0,0 +1,55 @@
+use aes::*;
+use cfb_mode::{Decryptor, Encryptor};
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test};
+
+iv_state_test!(aes128_cfb_enc_iv_state, Encryptor<Aes128>, encrypt);
+iv_state_test!(aes128_cfb_dec_iv_state, Decryptor<Aes128>, decrypt);
+iv_state_test!(aes192_cfb_enc_iv_state, Encryptor<Aes192>, encrypt);
+iv_state_test!(aes192_cfb_dec_iv_state, Decryptor<Aes192>, decrypt);
+iv_state_test!(aes256_cfb_enc_iv_state, Encryptor<Aes256>, encrypt);
+iv_state_test!(aes256_cfb_dec_iv_state, Decryptor<Aes256>, decrypt);
+
+// Test vectors from CVAP "AES Multiblock Message Test (MMT) Sample Vectors":
+// <https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Block-Ciphers>
+block_mode_enc_test!(aes128_cfb_enc_test, "aes128", Encryptor<Aes128>);
+block_mode_dec_test!(aes128_cfb_dec_test, "aes128", Decryptor<Aes128>);
+block_mode_enc_test!(aes128enc_cfb_enc_test, "aes128", Encryptor<Aes128Enc>);
+block_mode_dec_test!(aes128enc_cfb_dec_test, "aes128", Decryptor<Aes128Enc>);
+block_mode_enc_test!(aes192_cfb_enc_test, "aes192", Encryptor<Aes192>);
+block_mode_dec_test!(aes192_cfb_dec_test, "aes192", Decryptor<Aes192>);
+block_mode_enc_test!(aes192enc_cfb_enc_test, "aes192", Encryptor<Aes192Enc>);
+block_mode_dec_test!(aes192dec_cfb_dec_test, "aes192", Decryptor<Aes192Enc>);
+block_mode_enc_test!(aes256_cfb_enc_test, "aes256", Encryptor<Aes256>);
+block_mode_dec_test!(aes256_cfb_dec_test, "aes256", Decryptor<Aes256>);
+block_mode_enc_test!(aes256enc_cfb_enc_test, "aes256", Encryptor<Aes256Enc>);
+block_mode_dec_test!(aes256dec_cfb_dec_test, "aes256", Decryptor<Aes256Enc>);
+
+/// Test methods from the `AsyncStreamCipher` trait.
+#[test]
+fn aes128_cfb_async_test() {
+    use cipher::{AsyncStreamCipher, KeyIvInit};
+
+    type Enc = Encryptor<Aes128>;
+    type Dec = Decryptor<Aes128>;
+
+    let key = [42; 16];
+    let iv = [24; 16];
+    let mut pt = [0u8; 101];
+    for (i, b) in pt.iter_mut().enumerate() {
+        *b = (i % 11) as u8;
+    }
+    let enc = Enc::new_from_slices(&key, &iv).unwrap();
+    let mut ct = pt.clone();
+    enc.encrypt(&mut ct);
+    for i in 1..100 {
+        let enc = Enc::new_from_slices(&key, &iv).unwrap();
+        let mut t = pt.clone();
+        let t = &mut t[..i];
+        enc.encrypt(t);
+        assert_eq!(t, &ct[..i]);
+
+        let dec = Dec::new_from_slices(&key, &iv).unwrap();
+        dec.decrypt(t);
+        assert_eq!(t, &pt[..i]);
+    }
+}
diff --git a/cfb-mode/tests/data/aes128.blb b/cfb-mode/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..6e2c0c1b21b1724c584b9cf997346ba0c0d3a63c
GIT binary patch
literal 4269
zcmV;e5K`{|AP8HE_IQt`yc!Ef-1QH=H6U2aD-yd>#_>y5+L91bNMs;OT8AQFDKir8
zp`~#BImd_~=`4WY&$igH!hh9^!*GihAaESaOb#~X63z#ITK3GjS0Gb2-Rk(70NqVk
z*kIn4glRy`5pweQ2xicBizW9D&tqY#x5g*PNRO9NU44j@o9^mB&Cdxtw}cJyC1^WX
zq<OFnUFB6eeue7fw+r-b$0^-0APSC%cFAnr^CB>503ZU%pCGX%q7Kb@=(VnquXBJm
ztoL9~(Cn;bztbVej=Z4S>NV1^VIW;;YO4sorh_2cWknioY&LoQ_A~Q*`0LLfsY{Vy
z&C$9gD=Yw?G*udEAO-^0AN%n>Xi8pSM~vTe|K=V2?KDf=et-bOu(owlk$*l+Ai27q
zqb$Uc*sLq-Uzr&_S0I&96jHYyQ|UVT(0ie(O_+cHv;%^0TCVCr34Ab}rp*Qc4;A2?
z0WkVYI`*8%+7O)|4+<t>@u;|)tA20^+`Ed1Jw_!;gA7H@hnOA?q~wtLfB=9C_=E~`
z$tRke+hId*it-BKd|I28za`{W^o+yIFP;C`Y)E8Zp@+)FzRd-WMpa7Vw1Qe5^hS6|
z$<Z}7t^6QaN4wXH2D@IO{AcZZBq44fjz=P`A~3OEF6uBLbG#RofFPb}LN-&v445aB
z?KRds8hGfe6!U%<h^|ZWbHCvki5o6X*sMn9sib4arw}QPL$EIlRtCKM2(8ZU^6X)T
ze~azpnB_5JfIlyW{8)G|xIus*vOf>s!BLz*j_0VlM(TO;%jy6!Xj=F$cBkUAcXS%6
zVUF{aKHKA-jq%+mJ1$h9@iKhlG8m6#a#u{{lqh3wJ8m}xN=F5-EA8`l<YnddAgj)0
z4tV)#v$7Bs9CQ(X(jdG>S^KvKJRc#2&5Fe_OVNNpGA^zM-&)e$)=RoH<Sj74xP<sZ
z=N|eJGex8O3^|BQSKUl3Z?MEJY5!U#omsCsVMK*I7%tm4Y^GU9*Uay(Xa>3^#Pug|
zYp7Z^JP*+hJhDXHlcLaI*RWLujouyqfIvX(37vGf1pZ&cfeNZ>A7;hfh$j)T$zPNO
z<UH*D6r_b1@dtdD+Y3Kw)a`n0D1R$)vCIBqxKX1+*)LGJPOlcG!=3qZucX51%{><%
zVzZ*kX`BKX+mE!a{F>_hNQ@w#R^gio-9PRQ5f5?cmV0_25mnDZF~54nU0!aodY4bF
zfMBg2O)+An2v1lM7h{?e{59WHNn&6A4*}(UnujKbTj)_)CjaL|o-oa6?M$G-xU@)M
zQNqyrFJyG4oC^HnuER;!c%m-ffoFk5c3W{w8+;jZhuT*4kwMm%h8S|59f`gmtmEE&
zn>?E>8Ctfy57dBQ+3?{d{(pk9EstP?HbaQ}sR#*V3)ahHG5&6{<XCGMuU~6eny$>$
zj%GP78{Ee;<nru1cqFHDBga>vM^FultTETl<i0HiJ-7D>y|AnHI~Yr<fAc5~DE&8%
zO)sKGh`&3;t6i52h;ohlElpv<ATh*+$(Gj6veAADpj#x6<RFYU^E3qo8%$8E(QIT^
zWIllatZ3e9EFnb3wEdS_jqH;|bCKuCr2XbSHoku&tr%~X&62g~t+hso4G;q<>3`@T
zPpyUyZP>HG?$m%&hf`~u%wyKaNjSJY&McG63IwJCTXkdE<>w=s;&>VRI7EbsQRFF4
zCo}=Ao>?!77Xvh~LhxpCGqRtOxv?^0>vJP2fdIU-a4-j2yU7}LqXOlx=O`b4)s)9d
z33GbrA5d35u|&bv#TgC|rWJ>TkMH8su(QBcDffyNb&jt<B{L%P_o&xZ154xwvadH`
z!{-D+mWE+rlt?VfUtl}vnjZ$op^#X7FOxXbi_M{7TtZiJj>AtZ=B*1@p_den(GK2f
zWnmyyY|o=$?6m?=GTqw}Os!2I)l6^P$X&pqj0*-JU+#!hfgo}F@qq98!`z_Ooj~LP
zeZEjdQ<nMrWe4wl@?{6!6>Q$v?bI3t`z7;I%gyt$*Kqj{sDFfpJ`66?vfXzI8o$Je
ztsJN-D9~ZOa5<*6c#WVTWpOs%@W+h{49CyD$x$rzd4V6$5ry;p(yN7YD85T$(vy{I
zL*Ek)NK2Su?8_YnnJWoif9tUOIZPQ;uB(9{<(q>X%+##eOXsQo)66kvskY#Szqxi$
z4JG~hCxZB#LIOc0KO2s{yUfvq*ovL7+A86aaW~Pzu!cshP<a}*Z-0oxWz}cssLS7)
zs^vXSOzC9#p-a;WJbbKEvPDEa!DcAdm#^k74%j=baC+50WTq#zE7otal!S+A8RQ>_
zcI8aTcnCpIPmF6w9PtveAbhwV#Iggh`kU-Yb(_@{!XQmvFQdP6^oX<P;U(}r`@Vrd
zHYbU*cGzCH7#&XTr7c3}bIx}`!5S}u1B0hUdlg8V3Hu?eL`9XI$>>qH)CPjZ4RA!g
zq-tHGpROybbF<r?(k|S7#oCi?`gBptUkZYs@OCFS%qE5uj~*WY+&|-iImw}OARoc-
zQpz-QZ^5fQ#ODY2WY!UzdfRM`-9g9=<<nQuew>Bvdhz7<EV5;3GR)3Kk^*P}3GVos
zpF;5pfk3PyC7)>2_$CC(y)HsGf*gx%3at(M5g@j(S0X%_O=7ji_Bti)yLo)lnfM&b
zhSdQyttJq7WfUL;!r9d?<M|rTdz*m~$h6^01+jB;4ts$hHUgMN@xjLbvkz*#{5~G0
zF-Q&#3)&ECxN{l(t_h(ViRj(tCDl3^##-f%zCTOL!^xWPT(GCiOL;wv+Z_5abM57o
z$i-p#EI;F8i;W<@wj$6XjNU1;Lc7mQ9D}qVb;5%BSRI^a9^YM52~oCyAch2X$QFgQ
zj&b5yp8g0t<shZqY1u&%^Z&x~XRY3Fxt1WrW?+Hfu<hFrsip_W2RDx(Un62Nh~%Uj
z0~lZ=by^VWKrhfOtB_PAfOG4>uzKw{H&)F0Po^n{B6nNnskH4Ur9g2w!nTo-&xmj@
zeI@A^4c71dxC9ooPfb+lAJ+*F7vvz{0RwiXurhfwhjXV60V9GSXGLA?>{OFwbR{L&
z+wuO{V4Ivh>Qz3%HQN9YvT>1AL2-mzd)=Vi1fYpnIa#}<t8hs8%7^N(bEvo^{nY3#
zKw!we+-@f$X5__$(l$@5PAPyjn$9{-ykgb7^m4Z!@<JqcM{ro?8r9Rd9IW-AzV;yh
z0jf`N2FAT4Igobw0i`e?2%Aq}RPOHgZB7&SUFJ`IfB>$Xx!<D&uY>7YJ0O|&2?y=X
zN&Cj{#p~xp7)*Aw^=tE2bo2fpUL20(A#$SKK5v}OJ)5vZGG1Y(yO-pSnTCJ>B7=9x
z`rz&Q=*&aqpnUH7U5^`t(>OxqWS;&bmV+Fm#U$}I6=CsHs~&!$9qInSCfzVWpT@xQ
zs)iY1F}Hf4Ak#fSVyiMKj<3w9Yfy;Q{UH4R{OGVCBoCiyO5C{J@)Lj{AK@{I+nMIn
z{Ou_z0{)DH8>EP&KZTY}Z}m$uCS$XJyqW&dRcI%S{v8VUmB$lRzh&rlg;!%`UhF!*
zJxeE`G#y}nOZ(U?i2(gWZ+t<9fFK}^NqKMWfe$w|3x(92S6@wJtd~9lz2y~uem#L6
zHJB(r)c2W#hNXcqh`k}%I_>{Ac6r=cAcN-w{)sSE$}eA}hCimQ5bpHy_F-&Wi*F!D
z;Wb33yZ24jinY#W<-MvPX-ErA(~R@9ek*oTbrY4YfIvPjSUNfbiOMohDymYqf;j}M
zD2=XGDV5J1aL1O{h5a@XVM9*pNDS*eHl3E1Qpf)pNio2wy_b(#<Oxk~^DUTa2`pF)
z%lKvG30ixARh!{IgfE-wo<gIb9{8e4WhQ_?Ca1PZ{e(5e-6^^jgRT#?73;R-T;Iet
zEmQMRD7y0Vrd<Cs?6bHEr4=p_kCZ%&bR!q2T>2#e0Xq|CgViG9U8uqHnCoF3KFfuq
z5>*(LewG9V%>e+Pnh~j5h%eQKAg+djHkGuFjA1I}pc`3#mmsok?|U5-iA)S*h|W@T
z^zwjUR+^Cu#;TXNlbojm{1DC!7ZxSFb6OwjaY$taK@gplTN`L>Y{Uez)7dK7`mgdA
z+<P&wIJa<>n(WOSrCntMWc}qG_|)*OuwSEO^#YG@oEMy?-wWTt%Y_dkjdfbYN^?KX
zRfGb*3~;;%ak%C$fM7JDWGW*H&^;_@jLLwz>h78#;nc-QvCiHp#-v;H-z<zrZyF(_
zLmKTPW*q5bLhpRW2NL<-QO9Z`1!#=sd;S`V;}A~q;kl+Xd;R2?HC<S~dZ}R=J{B^j
z;*rwWSW;%uhqJTS@k8GQlNNVD3}7I*UGkigL?W0q*EB)gH&tFB!8cSe@9nbF5u<zh
zTG9~?fdIlXpu72J?<luUdw`r`yo?<3)hZ`Cgcd0P+Ji(${Z@EzM--UymvCX7>`+M}
z<9X`34LWfq0$4o&C!LSRrqyW6l%p^Mni!tdfGWFsD44-M_?!UOKgyafFZ>|~t4V?q
z#b`Ca{3iG{rknt~KB{S2!VZhu4_jMigwQMQkFtRPDh{TCwz452=qTd0;a5Wg=fTr2
z6=SByQQYtcf6~%b^pbQAF7{M~!i?TYmGnHPPl|7F4Mv~+SKzO2Q8yJkHS_7`0BJi8
zY{06jA5t=tB2`90l)E3>pjK0BtU#%4(|RnFmeYR3&J1s1<vGsHMrwd85{u4j6^R3Y
z__sInAn9ju_3{dd?uQa#($S6{Mj(u4N;lF)(rgS>t@}bpSh|5AimLrq#nshMz83Kn
z!y#+Y^fzW^lNv7Z|HVd%(IHU7l2F{D);w;ZX1fmbs-x9}oFANG994p99HV0JJIkcp
zy=6-<4Hi+C5EBklV7-)@t?g=LkCxquH>Yxk)TFE_L2{IJwl%qVbau4dq!$;5{}qTW
zJ4kZv37Mx<ZM$J<j)O?|4oVc58h909P)J2GfgnH(ZEL^KrgprzjUeO^QLFyd4wW7l
zo*f&avjRlkB92e<g42>P_BD2`M<^&SHan3`5LSuNf<H%LuVWlvfYf3QJC3jQSpH6k
zkj3u>Ho2Xg$}I8J%yNY)&Yi6K&5K~8!6SU<bK5MCkA0z8`YZ_xWum_4BfGssH#b{(
zvb!_=JQ`!o@YDDXZQG{wDV!j#^qr$WQ;z0t7mZ6{Aq8C^ge7L?i(&tJ@B#8<Ev7GI
zfj~i7k@j91l>`j$nP63KVdfWtd@#pL^Ha^(VRPH$%$PbZ=Ddui&$kgF=djQhk1i8L
zTyYJ|7i)MD0hbYR_eh@@`tcC+n#|G92*_HMjdqx^7V*H>SQ4z83puXm_Z6JV*!`}X
znex_^>dz9!Mx9$xqfO#&taD*K%P)5lEV20AQDS&%5(O>Cw%(?!#F(ATey`a#Pi!e^
zd~|f4@oj-XW+j0X8NKdtQ(swsd?Jgl*pU5cxCN$}?N||Ng1xd)tLl1A_<5;s&W_}j
z7`cafIvzapM$^r6bBQ+5%WwZnBU8xAPzok!m=mopXLn8`L-XW=0$B-7J2Wl;`m5`u
zxTup5ia88qm^R(j(Ikno-B}!>Q(*%xEukQPc{(0xQ7{6j49o*-wmzH?zK7o}@0JYL
Pp|N5fF&8!0uH-?VWZO2a

literal 0
HcmV?d00001

diff --git a/cfb-mode/tests/data/aes192.blb b/cfb-mode/tests/data/aes192.blb
new file mode 100644
index 0000000000000000000000000000000000000000..d3267a1fd192c6674149c87726c8a7e05723f23e
GIT binary patch
literal 4429
zcmV-T5wh+8FdMrt0c|>vh$m??Qtau2G!;WO7_r%Pl_0XTj*Va>3-a0e1<Wsy!C@e@
z<eA=4=0^J105IB}#pmK6i+ibwf(ANO{G&-CX}jb%FlqVHn1ysWCfCKU#WpwQvHFz~
zp$_VtsUSB)c|37Mr&V@@H}vmXGsr;rPQOB@SeG0&nMvY^_jSq7YJ#g#vW8b{MP)43
zj6CK*qrE7*fqUCOWRik^Dx>D%G{RI8osS^f$s>uk*p~v<Fq=%CWDtUZa{-*H(4x%~
z+~OZGi}<uC!ypj4R_1+{pt4(W>~vwgJ3C-ebo27=z~{)6l~e(&OMl)!QE6!bA@&H5
zb52wBv4kUYtaj^xjr2?q4kY6f>Lg}h&6#K3V?k#f+!rmeoeCX8FITM3rs*+oZ(noD
z_lr!5@U4FN{%RhZSg`)6SQxiQFhqpR35Ogb?p;r%P0OGo#>T$ay7oj!rXZjf*INBS
z*%itkv3e69WQ%|RM|2bMn}8L%3K9f9(f+voLFSg+d-iU4c+#Y~OwEp}t6Uz4tjfU|
z%`JvLH<*LWM3QxwKgXugYyK3IMoZ7QfB>$UnuoU^_js{&E&0I#%{vD!v`O~FWq9jb
zCn!X|1_y&0iRm|)Yh%+i#>^F-Dh6Dh@`a3Mc5IDYM{s0TwTLj0x8|Y+#<P%n=Lw)v
zitO1*|F<(mF9z`-IL(7CJE5@dXAaYa*-nlnfFQN(E~l@qA!p~>Tf+Tlfg0Fu<;H`b
z{<k|47F@<gL&OGRm;=qhoYwQL`--M(d>I0HGne5L_{{bD7$X#VO2g8k<oi|EPUB^c
zw?M;F2&sS|&Gal$*UxwRUXGratGK03ts?x)>Fk|ANmUL{x=61=urhS>80Ctc^+BiT
z)(UtMIaDvy%Z<JFtoi3a6G`Ru5scej=1V;YJoa8^2oHOMFdUMBbV}(LA3blXI<xqU
zTr~Y7<o56E>L85c+VSq5MH+8rP#0ko`!s++5e1@6@`C{BKX}lujP_{m{b4b@TP;}M
zX6eT6ZGBU-9k4dkm+io^#YRh#?YV9HhO%*9OVS7ZkMBAK&|IVaj%wUwT`oA5I)$<D
z8&)DT$``jU@{^&Ndg=~56WLf<fIvQnhs<|xNC=R26d3j72=*}h>U>Z_Nc3am8=^0n
zIt+GV&zo2_D*mnGbUy-qW3euboHN@NSn{TA_CN?x^H@W?!a$+HFGVw%zVUT-2*-HE
z*}+{vbmOFH#cq?c=-4o5yA3JMXs(P4x9y53UO68-?s5P*RaiJ66UU58*9%!*aRx~(
zWkZR=fM7`%AQ!A~$~qg_uw+bpW~Y^>5NBR;cNy2CTuJ864B}+LG^&Un_Y9*-J{k^&
zPtsvrqM+tI?<G!Xj5neV_9=X`u1t2<Mz!PCyFtAT1=rs`?d^0mA5O5WfEvDS!4CPh
zH3eSb-@idb(BeQ>us(obDWu=<tLv_oNa6Mg=hScopx>#zsUiq1INvs0NHPtwkDGf-
z0O^X{g3i#ABU3Fz$>d`fQkDX;U_Ky?CsjwNUsn^P@O^H>7gg(VwW_}~Gmsy1%l@W7
z#fgVqE0e=2K`#ZUQw5&R=N4<oq?0d}Fm~F7FQBkVPd*%O=$P9H%?oD$SxqHyOCVgu
z`u#%l5gG)jMZ$m<lTLvE0}bK8fYt&hE@RhiNsTH<f84CHu0h>C@CYld)d*g^?;SHi
zl-Ngh-*h*X_zVW6l?=a=!RA|p-3H`p<Okc;^C#F12>5Va30YgQ38mI#$SOxuc-<g2
z$4dn;8PhSO6%!UqWS~QXwfc+d1;1o09UhGtT#xkow!zjW{nRMXfdCDGBCIO1HjJ1e
zOOU{pC-&#v%cfk{<r4RMF-q`?cuka*^^iwYs^LcX9tNs=Pb3y<z{sHdB6Aar-Dlb#
zV5~raiJ>+fvqzHq4QWdFCVyI9s@*=97fL_YzNR-g^lu`@vO>~G9;JI^5_*fo;L6v^
zKiXQ5<3%Aavx9iMEW9w?;Br@qMN9ojFir5s@tK@Z@CHwam2y8IJKm<|NbdztyUhu(
zn0b0Wfgq376cQMBw$&KjkY8{$tmcgd|JFRY<a5AR$-pC&D4@v=x;#tH=cIxcfVtsd
zuu2G;FnyP}yKz8n!XY6zV2n_okQ2AKo+2Xc+Y*-ll}_bMMzw!V3_y!zS>-m??7K@7
z0A2+>!<8ZD2{JYvLOMyLsYaZHzbVMX_|pq@w07h2aOd1*K1QaEa^Y&fpH_h&vgHOj
zw+-$xfnO!*g?9n3?LF2$9V8T#`K+jYh!=jT8X#N!5|FXk6r=s6*uX1krb2VCERo0F
z(-g1GfQCBWif>s`RJoZY(1>_HZzEfN;He7vUK_m%O2)Cs=KEklG%<$x2A-PnVoLZz
z(nf9I5I%wXUSNkM0S@;1`u3eAYI}MEie#Jueuf1VEvYC5Ft7e4r?QXdLVBi}iOYw)
z54Mby4P(<8vmlA)68C=fUg&8x*$RwwX2O9$wQ-jMRtt+EOmn%S>Uu+Pdl2Baky6nC
zn#32MwA$lJ!@f=mz)eb5RAShErC5ANaLVr0Se+BieL*X`Q8P@jr^gR54J3(7T#$VX
zjqcA7&V)R6)dETWb-;ORZ%D%}iWEaW=9w@`jf4&oOG70Rz{fFRvxr;Tsmf@1wjVJE
zlrB^H^0FtF4#xFahF@fsY#KFSm^d-2Lgrwr(87F(fk0cyShbY!<dTf;d;y-}h)b)R
zX;$<MNAgS?j`fGuix*wIHX>_%mF07AFIx@CX{g1Uf`MmZgmQJsQZ(boPr6Wq5(2_<
zWD^>&H*>V&j;F?ssYdVO;@PN{L)na7-OzOjijxd<8&g}UZlIuw(9dYm9*&seZ3=nQ
zrSE0k6MV+VDo&2u8e{3aZifZV^_xpfIT<AX(>l(XfQ-RoCoM4SwO{@}QVGKAo^Aa`
zuN#p1kHzuwkVYdQK4)zTm}+wft~~yvV9<t#AWTB(WeXZ8kDxx%1*SDGeIN~;vK2X1
z6pb`_sShnpG@meZ6RzXp{*;7BFA*54?PjiQVk2d~LOd@Z^LwnTE|f=YYmA0;NMQv%
zK)EdVnzbMkpkbks{0m^JM#L552ud>5C(=-QB;0_cxInTHNLuAE{6tim+LYt4jNl;J
ztm7uu&vwC3!o1S66Pz&0?&!HaIADxQz6c~1-dSP|Co}ajVbOgcz|AY`%)4w!k_**H
zD#upnV7G@Vb|284OkiY`RG^u=g$NvE1Sy;2Va<OSGdaIdXJs?=VVHL1b&IIeKQ>@5
zTwuHbv<mD98lVp@JH|iu8pO7Q+<M?&d`7f&z$isvY$TNDwdkqH_^;x%tYwOvmJBeW
zVjkzk?%LAhF?J3-K1t~MWB0%bujsNME9=pm`V!zJd4dUn9ju2@fB>LyupdaRUPJ&F
z$xL_4I`&kq`3XzTlzD7*#n$$1A#&Fv9LX%Ab2uM66&7oP?rpk=5JE3Jwd2m~Li7sa
zR&{^?@3a~>pB}G4XHUC-$`t3s-FPPnLgh!bT8qaVw*}}$&^ib3`GP9fk_*{2etIv3
z*VQnL-=JNYI!1;JTf5*DFe@mc(VMC4(Mj6rW+K8DX|a-XHSj9xQ6LP~+|O1}p(40f
zL0;xztjT~NR7U^vG6Feh3>l?Sojv_Jw4Y)y2$%LI>kO5Z=nPgkP^r^l#<_HbI=w>X
z0*<6NNK(wb{HTG(h+aWDUX8UqPx^9v?mO-ax$YZF+{;R6fFL#&8%<}r&7FdTU11wX
zq#Jy@%Vwf-Xo-mp=}fAxHVeVBk_gk8!Ub?fauYUg)TNe5is;*p##d*au!=zc2u{om
z4Ex#aoC4s%oW_eHnyoODM41{18omCkf!7Argq5^R+M}ATyDG{c9;t+{Y$*k1*LSe)
z>4f_7fIv)4HJe7<O)&kRni!R&-me8_#}UOZ>Lxf>AgF&Gu&Za^1q_*UjI+t-Pd4WX
z042EW#wW#(V#)>YLuKt<df}qb{p*Wd^;{s{?Mfi0>$^V`hMp<Oy}Vn}EbS&s+gpG@
z5vu5bZFmou#M%4k*VdhHI|WMq2xSgH)rv&<<N9NZnARJ<FTJ6_ukA-`8LLmn=H>y=
zuowGzFl)*1Xe6~HAw1xPm`suib*;~N{M{?#ha}%^G<O?U+nk;@Lyv`oFjt+_2^3__
zau(qU<cnW8pTxUS4~c7o^B{J(uS5xB$MaUJpp-5yG17owUAj6#cb;JNlwk~~w2L3C
z=HoS~?G1xxdvIG}o_2*h-9a$bt4-S+66n3KxKAmW0X|$BtyWTe+^3K9f}s{=h-@`%
zQh;jY8Oa8tj|xqv-$}R_)hPKUwW=TC2fxDB``a2M#TV<F2UL~2ax!H4fMAR;8IpMc
zBR@|f7O0gGL}1+~dzb4bKu8)9ShM^<jSfMxu6Wv~*e+gY^Z~48fe6xxl#(sU9A47;
zYY#2u^4jR0Oo9#(e}-}1ewj&U@=_fpIVI;suaa|UEu09>(0xjn{Fq;8ps!IbyH>M5
zAEz)}(|Qk{I0k=R7G2#=S(AsaS!c@T_70mMdDl%T5Lz&RL`~)OZF`<RfdJw2s=M7l
z);i(z@~j%Zl7#EZ-@xA$LfG$Hr2!9#t5{5rED7ZFmFM+dK!y5W)H)}e5$ivs%*=$;
zSyrQ)o2kWVJl=-byenuYi`1{_)TMv)d1IT3lC<*0CW%n4wEj^um%T-zd;6(N(r(^3
zm{8R+4YNlsH8ZVT6G39aB+!8X6&_m9U6?Sqq7g8{tHka<Q>@Pn)vs}9Mi)l_V?l&d
zjhQ<(62`=?t|4IuQfwh4Bf$j|#>isi+bxE?$5Eaow?Npa;^f4h4tM}VRX!99DRrAW
zmWHIT$9`7=%)s2vn*4ZAQ(O5j$oy5EJ*1AHY_Zs@%uxPu67T~0`1b_&Fzl0w7=p6M
z#(nsd$btl3-X^I4im;xbXCT>X4b6nFtL|<?HNWaWEKz|VpTnt*jvWBFST?z^Ju{is
zalsyV67T=XU@<K%Sp!*j<V*UvKeEhz_^ZOkT8`?OFUZ&z%A2%D8eOCbG%8BqrqUXP
z-g2Uikgzk4ELX)CsF#`n@)qV(;tK#!ATHHJOb|MAdHetcM^KrZs&Vf}1-C%;XO3UJ
zc=;Mu?eS=P(qMwTS<7@p0A({d_Wo!^fglQ9K0d)@=tSh3p*!DD)bJGPoFOC`Ek|lv
zaI?vm?cAs+?)W+c;mHFs|GJogD=MaW9SAj%zo0Io*R&g)=g%*AQPzfTzu>KB!bfGb
zx&WjC^(Wni8{UC_$ymnOd@-jqu>mXyN-*mpGz`yFM;I7uZKtDP2dZq-jK@*5bE_Fd
zRG_pxN@B!In=W0(n;kIR$Z#P-vYr(w@;qEOW=2nI;L`iCZbpJ2;DLu}*MB1wl1%s-
zHj(0Wfk4Yu0TI6n1M2kjn(`F<z*;hwEqhJv<LQAaC+~pPfEa-p>eXT~K0puPp#S^0
zj8&v7)`8W@I*MVskdRpBEt&cdoc&3YTNMamsH(EV0lBcL6?}t)k<D{@^f=3AvGN2U
zAPu}$s%BLz<h}&T&PvW(`^FdJvVTDAZM=n~D?ts*exSFFM<SQmxrlYvHn{Hy!c^>=
z&|CeW8?%m!>uP~O8X~d3S9R1pX7Q&mgzoR#KGIC<+2X$P@K|RSU$v79U|97&^iVTX
zg>R<P$)8&t>3LnI;}kYtEgQ3On<MBjf;)6h9>fMvF@qpK?erU<6ya>9UNj}88w$V5
z83+~%$nv#VoOx6mvsItpxRg0c2QmRt5$Tk!0!kB#q75d0d8R<ZHyI_IQx2*c@hH3n
T36rE0#@vZvECx3k{@NdTrzL&-

literal 0
HcmV?d00001

diff --git a/cfb-mode/tests/data/aes256.blb b/cfb-mode/tests/data/aes256.blb
new file mode 100644
index 0000000000000000000000000000000000000000..8479e7f7faf786ee22427d0947e2a0a6ed3bac16
GIT binary patch
literal 4589
zcmV<J5fbhIK;g#bh)(WlRV}~nA@VG#CWY0|j_~92ep@q)Q#-iVEFjLQ@;c~xV|uX7
zrZ^tV5&|H%CI-okj!&!bh&ikGpsZmaDS>t!mz%M6S}3yJ84_DmK(1LOOlH{iGw1aH
zEbT}PGnh(39e5Vvd**C3!JGTSs33wJ(iT(f<F992(p@G2dgDMmwDEp-TrF(|-C*%u
zY&sA=Q899VoNTxa6W|XqZn*?Nt~Xt|@_|UiVD`qgW?#%N_O%O+uY$%)x{PF={YNpp
zK+Wx=?88>ZtW2e0hx9=TO`4)IKhhhgdx!U2yXDAjKOp7p89j_z?XRQ-Qi?bq%MxJ0
znDu7rh#f<a7b-B+bl>nauUS4+aPl1f>1JqW2{f>@@<&I!uGW|k9f`X+GTlaC&SL%m
z>g`&LW1ca2y>%gM_~r{jlWgsL-VT5~l0E$WM!ti1B^l(IeaAuKED)h`KouHof`o0=
zV&Ab%aF!!%^`mQx^vTUC0~w=`TDuFfDj?BF6B8gmy`=s%a0`T~K4O3Xy3e(Rz<;6%
zjy@xTZUOTV2cifdFL4h40P7RaF3E(Tmpxe49C(Y-uy4-IuHStIaE{R+9o1LI!dsw|
zr6W2nfB@@1Fiokd+v)(c0CModui9|p{zbw#eb7I78LcNV@4cL;9m=TTJmFf-{>tXo
zfUHN?L7z83+i0lfeBmL}X8S-XgqxA=RTzo)o<=41W9X)M5sdf<4$0)2lg5WCzWW0p
zt=^8O4mDuyOOIa++gi?wfFQib)d+?;OM}9|NEn@=i{9c+PjSrX!k8EWxFubvp&g)~
zxEUkwe(ZmrXNK~?(;51$KYAmOy~!OYp;Qsdez`TKQA?jp`?ptb_2{qYKPP}7`E~8`
z)yi^$S(s<U&D(pK-T~uR>XXzHD{2=Qq{}^YI#vVLs#Rft*hg{gTAB>161gSG)BFBR
zH4un7W|yzN@*m)LSjfz1lAC&>DsEUeKspiXG8C=XXTS^7a^(rsyjk;wm^MoHBrwF2
za3zye;~+`L?nl7$@#Ql9^SfKXHj;oqS}<+tjYv`cOi;17)Y|3UT$t@Z0(u7e1{Zty
zHcq~_sV%ojun}CN3J-!4SCjG!&qu%}G&k631v1*o^>ZlhoPj+zYg0h}<+#`#4E95@
z8nL1tau1hN)*2E|+Gc3ufIy6Q=V!s9_N~Ekf7C$x0h^NrjtVxQS*@q{MLVAX33FdD
zjzlUF2}W+*;4T-d!KZ+mC|F+3`U<-RLu5CH-GtAOiPGNvT{vOf75TKF-t`0{2L+V(
z<@OQpi~<rf!iYfF{_Av|#)$hU0FM!`RtsCpPJt#XDL7<`4A}7AT{jvaGJEZ#kPmO8
zJv@u0aw%S=fM7G2+$XTkci|w}e~cDXGd$v<g7yW79dYO&(H+h66lDcn-Z5h}y0G%E
z98}|h^&ZJZg&PSUa4(CW6%n@S8<(6DOf+%Mr@ul;uyx~73qmTtNjzE%0&wC*B;rUW
ziqBwz(KW&0XO?+w<oEy&o-lx5JdrF>?DHx<{i*mU<wRRaP|gXS%AfA5r1XorE&iY}
zcxZA3O+X=`gD~k^R3u_3`>hgVSQ$g$aR6_5oh7;>T2Ch%s|9Om80qMlP*9F6ngN&B
z7&Osi@Z5{r^S;%9o+SSk7pDTOK;E9lB|&#?KvO%(IMK#iGZ44Dvhz0vw20^Aj^Aqk
zksT$u=gdMLz91=8MU5X7VQD+`YL*ys^eTY>ZSb@&Sv%*MQS3p3>sXWsCX9)@mf+;z
z!OscZ$OXUaO1d=>g+D`6zSi+4<HtQHaIhH;j~%q$gIM}rMuT3=apTv|U4JO9i0Wm)
zI$g6QXb4ZS*s9VnhG4VFN4gEXtQ4YBDI_5hcF&|YHbH%2*E}+fxv<7Sl8rhC5!F;9
zfdHHgl2*er;r}-@MuA32y{W)xyxfPMo#T|4EHJU6@PCS+&ZUevF$Je7A1t9szMCLM
z@9dU<xO|+NRN@hhQ4UFrJ@h-fLN$`{lULlB#6Hp44f6Gw`dC^Nw=-SD9r4`^i@FF~
zI+ulbss>#|*2SN0nuS{+94_*#8edU>g+@R*IIL`gCbSuB+=LlpS1tiFit^?)xDVLF
zA=#|&;0*sD>D7ja?`J8`$qDM$6+2tCfgp}oiaCT0;{f`N0totrZ3|^5A!0)+hb31L
zrIhxsk+mA@EI+fs47WXry4ja}9yt?qH!8~W5Z^Lq@6htB&tLS@5WKu1ZU*^VFtb`h
zp)sRb#LWQiMAeyBs`+Mp()UG|pm<6+?=)77%3bT;-#b2DFcgj=3{JIbKG*#ygvB(#
zLplQtc#C_Z@}cotzn_61hI!~T@U-Ce=&;fg612l|t%;5;rX_(hKhhxsTF;i<m)cgo
zP=js{(#U+#E&z1`1=G(uRoxsIJES4i+?|YlH2IA`*E~)FprOCLMKltUCqxR|iW_j<
zJG4RGGTT#Ddg@<@3b0yioEBjx^1)35B8Enjg9d*>Xh$Uw<+}3>DFwhxpelVUh{}8y
z8xhfEKm^1|ntBkU8JQwja$%A92zv1tF1<+fJNCg?+~}piuONTIXx3Su&F^$q&AsKh
z#kPS!1g2mEmYcqE?%QLJv53B*R!x@QhdGqu%FO~<U{linZF1tuS^$1!co!$(=4+Cu
zwA%EtNJV}70iPl?8$+PD(~G{t%bwESuZf198Is(NvdD01o8SJ93p*pNIZJ59d>DLG
zupYt2-C7DR6Qra)m_L(mMz0-%F3OEAff6wgu|lQi(<f5{NU=NmoJ#PVu4dyY5nSZL
zvvlSjyg>tgfk09<W0*7GBKjz+kkWz*zQBDfF@>qd;dU6fwvVzQyIrzEtr*2M*J(`?
z2J9xU-9?&HyG8_sB%DuQr#(TS*34FziAndZf+e5hqatq$*wlIS3M<oO00&utAa79e
zXvrZnj*($IIy?;S91r%y;nNIEp!uT_=~!)^(w)qQZ_u8$Ku{y=!GOhMT}*k0C}4nu
zeL8gM-s<}9z-fG_+jT(fiTgB%htH5KsdL0|fkTa{S#K<*8c%7QZ1&h<9|>C^loU_g
zCS{25^dcD{?a+n3Aa#}&u)uo|GFAX9Uw#buV<3~8tZWI1FFD($WjH;eNJc=w=pj{3
z7FNGBGSd?s5~^p=DH3c=P8CrYzKG=2WkCBN+bsR7@Fk@?=8(e!YpSutKt5Zj=kyc-
z4Vfqq9pTMTjtSc*<fquD6V-V%_L9a&i$L;T!wqn9AZSN>oO1J3uZ`jdS&S*9al3YJ
zJ0L|uH~~PM#X;39UD+ub7+$$j`%hGK{9iTVz$W7tsTEZ^5U*Mwx?!0Y7T}_<fKhwb
zC^>CQU^lRZ++_~g5el{}Z4;C-T1`ylgSr<Shy4j-kJ&TRR>^HYIWO`TPr0h72s{M^
zd|-I{94|x*(4=lNsbz=>_EClhSy(GD)jGlUCy@<YS`va-mJqdjIYANAD8<YXXk<Wk
zOOw%s7lt{`^8?C4WRS$LMyHB^vk9f6CRPl};M<}gRee1PZwf{o=gQ7!n=wlofB>_b
zDoR)ZXjm&wFKYYKG}Tfywh_M}c;E_bq*G=`rUE29QS=ZQ9czJLZ;+sZZc$62)2+P{
z(fxq)gazEI<HmphG~*o372cL+dtf>|@l=_yBu84>q8=pH;sm~5g{O3$+oZijsXrXn
zDOf~EQ=5OzTlP@zdr()~@_2UsO<OY6K!ZEMl$rdhjnFR9BqS;{GM76C=_R{M6#00f
zpy6F&Tp&}c-oP2ic~)N;T6pW<4U&K$jwErC3)4A)M){1K$q#+5Px{;o9FKcninW}L
zGn6l%dRAUh8~YjEk@#Py^sU2zBrXZl$(DR&%X0?uvHl^ef%)PmAX~p?P^=e9K2}%K
zfFRI4iw~^=WJvO+W6c{wh_J(!>bGgLpRaZI-~x6(X^gH{AFI%|^_2){5br!oDw~pi
zG|@5_KXFYIoR?meLU6B0aZMj2mG&fBZ9xo(Y~w)lYd%FDcD7R0^p)qod}nZF2a(Y5
zr8KZKZ&ViUy*fD{YrVXXk4;fKkB2iPX@cxLfI!I;H1`)f@K`wDc~wYN{SXYDGNMUb
zc;@&Z>pxJB$sxSK8<t}pHGU|VeV=DRU3y{JbiaqxvcBvEx-#Bluk@bXMF`I@iJd7o
zb~Av=WwlVSt=jf54jjFcZiqBB`}Tl94Px5)HX<jfrk1}(+7~3Da+Dgjh?1n#L2xeq
zq3{fnr1K*viiGC9au|gXDimN%Mv%hkZ(GdG{y(p_%7!1@J-h_cuD5cn>ebt56orF_
zun9H$`g%1+d<=Ep-;)d2KoL~cBe<;_o}wOucO$g3OtTt(I8SP0NE|~}Gfo`DMIiKL
zSKX-QJT%ZByLtKhWDS5|@9?agc)YD&DkzN$?e*Ko2VY`qZ3n*ub9W=f#q61^_E0!1
z)Y$C<H?OADIs(dFW^k4;GfHME=J%AL;pQb#rz1mT&7GnERTGm=#dJOh`j>Lu!1MV<
z8ZuznN?w+-dfWW>p^DjwM)LKNW1fu9fM77qUSDp1Ljd1#+a}#)craW}#BY0|_=j21
zP8cc?xSon#(v}dt72_wzPH!1zPZe$2<-c<P3d<eTTeJ`~%<lW=nh_}7fjUvRFs`(W
z`oU@A&iC{MX=oRA%4zDq=4dT(o*3L{?#~2GXDrrU-~2!}$l{k7p%M_<9+uSHZ1o-i
zFidM>aG!rgux+YITZc&?R;06wC|6}zTr1ga1Hrr-fdCxk%?$#jmOr2XbTF4SC!~c}
z&Lt9RR*MO8OfFe1)}zO?oXYwGrakpeOyD^xu6_&u1wxEgIuCJj?0{J@h*~v};}>+~
zjN(Yiw+w}C%L$>&u-76lNmM$r3)*hsag78(m_Ql@sY56m<(OZL82v3UoDK1Q7>H#X
z=G|u|nBjo{?pAXUjEvygHM<xmwNGSezWz3tf(2rXfwhXNpfB3Od~EhO{eUrIE*}6g
zOkl1R9l=o=f@}O&P`EaUT=T2?)n6j0*Lts`Jc25>wmIKR8|H_J|D1Tgh`tyFe#4g`
zqBq{BK?1^M2<?9T8e(A7U~|GNARj!8($E-aFDC~6K;iU5Y@;2)PAw_kc6mDiLA%S6
z20{7)1fC)cm<O^uv>*V<fR$AXIVqr9_a{K@Ee3%gNM}#a4!U<tsnjV&S{jX264qu>
zyu>A-rlh-OO%`zL<4G2^K*)e`9J7@r_vaY}!6M)e=`Vr22!c$Z8a5y_v@82jpQk&!
z=%-UNB+xrh-y~SK{fe&eU)%Svi}$w-GOI~jYC=I@_4vOVje@gAnw4MHvaf>KXJ?bd
zvJGb@6Kb)rB>o@Qqle*&R|hkofgreTX5uMPRErQVI+G1KSIGj~Hyd=2HV8ENKv+I7
z+6v)XW{x0xqBL2LbLAw~;SqjsV(2F*Tg^z7<Of+_%(_C~+!ny=V9yKi<juB0JS5hy
z$3|va^myvW1cFmC600L6QRLA{mPBuT7PN{baO_gV?w<P22k>IIDKPX<w!_R*O<x;4
zN_)*)kOOHbhEG6EK1}Rm?XSB{U;qc{Q6%+Lvr?_3mTF+yOo@pS%Gz@v1+MkX^kSIc
z{<V#F5-V8Qfk2hkxIP>Z$06YG!&wKjq~lyCl%}X7NOVLC=ckq2jxT=2&vTs%u{$5d
z9QD-FeJ<3wJQ0aJdzxgMBFns%sLfbM(KW<98WDw95x6Y>y&{L^#a~6yB-DLWk{H42
z07)nv)j6gN+qeZu+dA{P_|(c0e*Cq~=j_Rj0FNHt|7n2na%Ct6|C5!kdSdvBy03|J
z>+c!@*N#ioAxZik;e&xd{@f=B&MqWztBz*Inlw?VLx9>2UYVHsXjC1EnpcK48-7t&
zb$xH=M#q|nIIro*GR>l-(4<dG5rGsWP^Lc-cBmotZ5ADM*jxVm0p^VY5{P7ti5>m;
z=57x2rdAotbtFFQpg~on$rCv#-XLb)On1l9Z%oOFP2#iwg|0j6g1J&b^hQ7WfwlA)
Xx2K%sMq_k(Y<S#<u%xb1)Ai2z!Q!fv

literal 0
HcmV?d00001

diff --git a/cfb8/CHANGELOG.md b/cfb8/CHANGELOG.md
new file mode 100644
index 0000000..6b2e363
--- /dev/null
+++ b/cfb8/CHANGELOG.md
@@ -0,0 +1,56 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.8.0 (2022-02-10)
+### Changed
+- Update `cipher` dependency to v0.4 and move crate
+to the [RustCrypto/block-modes] repository ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
+[RustCrypto/block-modes]: https://github.com/RustCrypto/block-modes
+
+## 0.7.1 (2021-04-30)
+### Changed
+- Removed redundant `NewBlockCipher` boundfrom `FromBlockCipher` implementation ([#236])
+
+[#236]: https://github.com/RustCrypto/stream-ciphers/pull/236
+
+## 0.7.0 (2021-04-29)
+### Changed
+- Bump `cipher` dependency to v0.3 release ([#226])
+- Bump `aes` dev dependency to v0.7 release ([#232])
+
+[#226]: https://github.com/RustCrypto/stream-ciphers/pull/226
+[#232]: https://github.com/RustCrypto/stream-ciphers/pull/232
+
+## 0.6.0 (2020-10-16)
+### Changed
+- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#177])
+
+[#177]: https://github.com/RustCrypto/stream-ciphers/pull/177
+
+## 0.5.0 (2020-08-25)
+### Changed
+- Bump `stream-cipher` dependency to v0.7, implement the `FromBlockCipher` trait ([#161], [#164])
+
+[#161]: https://github.com/RustCrypto/stream-ciphers/pull/161
+[#164]: https://github.com/RustCrypto/stream-ciphers/pull/164
+
+## 0.4.0 (2020-06-08)
+### Changed
+- Bump `stream-cipher` dependency to v0.4 ([#120])
+- Upgrade to Rust 2018 edition ([#120])
+
+[#120]: https://github.com/RustCrypto/stream-ciphers/pull/120
+
+## 0.3.2 (2019-03-11)
+
+## 0.3.1 (2018-11-01)
+
+## 0.3.0 (2018-11-01)
+
+## 0.1.0 (2018-11-01)
diff --git a/cfb8/Cargo.toml b/cfb8/Cargo.toml
new file mode 100644
index 0000000..ea16b02
--- /dev/null
+++ b/cfb8/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "cfb8"
+version = "0.8.0" # Also update html_root_url in lib.rs when bumping this
+description = "Cipher Feedback with eight bit feedback (CFB-8) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/cfb8"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "stream-cipher", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3"
+
+[features]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/cfb8/LICENSE-APACHE b/cfb8/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/cfb8/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/cfb8/LICENSE-MIT b/cfb8/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/cfb8/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/cfb8/README.md b/cfb8/README.md
new file mode 100644
index 0000000..612de72
--- /dev/null
+++ b/cfb8/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: CFB-8
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Cipher Feedback][CFB-8] with eight bit
+feedback (CFB-8) block cipher mode of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/cfb.svg
+[crate-link]: https://crates.io/crates/cfb
+[docs-image]: https://docs.rs/cfb/badge.svg
+[docs-link]: https://docs.rs/cfb/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/cfb/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Acfb+branch%3Amaster
+
+[//]: # (general links)
+
+[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB-1,_CFB-8,_CFB-64,_CFB-128,_etc.
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/cfb8/benches/aes128.rs b/cfb8/benches/aes128.rs
new file mode 100644
index 0000000..aa6dd6b
--- /dev/null
+++ b/cfb8/benches/aes128.rs
@@ -0,0 +1,16 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::block_encryptor_bench!(
+    KeyIv: cfb8::Encryptor<Aes128>,
+    cfb8_aes128_encrypt_block,
+    cfb8_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: cfb8::Decryptor<Aes128>,
+    cfb8_aes128_decrypt_block,
+    cfb8_aes128_decrypt_blocks,
+);
diff --git a/cfb8/src/decrypt.rs b/cfb8/src/decrypt.rs
new file mode 100644
index 0000000..31362fc
--- /dev/null
+++ b/cfb8/src/decrypt.rs
@@ -0,0 +1,183 @@
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, AsyncStreamCipher, Block, BlockBackend, BlockCipher, BlockClosure,
+    BlockDecryptMut, BlockEncryptMut, BlockSizeUser, InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CFB-8 mode decryptor.
+#[derive(Clone)]
+pub struct Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = U1;
+}
+
+impl<C> BlockDecryptMut for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C: BlockEncryptMut + BlockCipher> AsyncStreamCipher for Decryptor<C> {}
+
+impl<C> InnerUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        let iv = iv.clone();
+        Self { cipher, iv }
+    }
+}
+
+impl<C> IvState for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockDecryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb8::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Decryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb8::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Decryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Decryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = U1;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let mut t = self.iv.clone();
+        self.backend.proc_block((&mut t).into());
+        let r = block.get(0).clone_in();
+        block.xor_in2out(GenericArray::from_slice(&t[..1]));
+        let n = self.iv.len();
+        for i in 0..n - 1 {
+            self.iv[i] = self.iv[i + 1];
+        }
+        self.iv[n - 1] = r;
+    }
+}
diff --git a/cfb8/src/encrypt.rs b/cfb8/src/encrypt.rs
new file mode 100644
index 0000000..54c4c2a
--- /dev/null
+++ b/cfb8/src/encrypt.rs
@@ -0,0 +1,183 @@
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, AsyncStreamCipher, Block, BlockBackend, BlockCipher, BlockClosure,
+    BlockEncryptMut, BlockSizeUser, InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// CFB-8 mode encryptor.
+#[derive(Clone)]
+pub struct Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = U1;
+}
+
+impl<C> BlockEncryptMut for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C: BlockEncryptMut + BlockCipher> AsyncStreamCipher for Encryptor<C> {}
+
+impl<C> InnerUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        let iv = iv.clone();
+        Self { cipher, iv }
+    }
+}
+
+impl<C> IvState for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb8::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("cfb8::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Encryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Encryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = U1>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = U1;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let mut t = self.iv.clone();
+        self.backend.proc_block((&mut t).into());
+        block.xor_in2out(GenericArray::from_slice(&t[..1]));
+        let r = block.get_out()[0];
+        let n = self.iv.len();
+        for i in 0..n - 1 {
+            self.iv[i] = self.iv[i + 1];
+        }
+        self.iv[n - 1] = r;
+    }
+}
diff --git a/cfb8/src/lib.rs b/cfb8/src/lib.rs
new file mode 100644
index 0000000..5bc6726
--- /dev/null
+++ b/cfb8/src/lib.rs
@@ -0,0 +1,68 @@
+//! [Cipher Feedback with eight bit feedback][1] (CFB-8) mode.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/cfb_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{AsyncStreamCipher, KeyIvInit};
+//! use hex_literal::hex;
+//!
+//! type Aes128Cfb8Enc = cfb8::Encryptor<aes::Aes128>;
+//! type Aes128Cfb8Dec = cfb8::Decryptor<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "33b356ce9184290c4c8facc1c0b1f918d5475aeb75b88c161ca65bdf05c7137ff4b0"
+//! );
+//!
+//! // encrypt/decrypt in-place
+//! let mut buf = plaintext.to_vec();
+//! Aes128Cfb8Enc::new(&key.into(), &iv.into()).encrypt(&mut buf);
+//! assert_eq!(buf, &ciphertext[..]);
+//!
+//! Aes128Cfb8Dec::new(&key.into(), &iv.into()).decrypt(&mut buf);
+//! assert_eq!(buf, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! // buffer length must be equal to input length
+//! let mut buf1 = vec![0u8; 34];
+//! Aes128Cfb8Enc::new(&key.into(), &iv.into())
+//!     .encrypt_b2b(&plaintext[..], &mut buf1)
+//!     .unwrap();
+//! assert_eq!(buf1, &ciphertext[..]);
+//!
+//! let mut buf2 = vec![0u8; 34];
+//! Aes128Cfb8Dec::new(&key.into(), &iv.into())
+//!     .decrypt_b2b(&buf1, &mut buf2)
+//!     .unwrap();
+//! assert_eq!(buf2, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB-1,_CFB-8,_CFB-64,_CFB-128,_etc.
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/cfb8/0.8.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+mod decrypt;
+mod encrypt;
+
+pub use cipher;
+pub use decrypt::Decryptor;
+pub use encrypt::Encryptor;
diff --git a/cfb8/tests/aes.rs b/cfb8/tests/aes.rs
new file mode 100644
index 0000000..f1f7ab9
--- /dev/null
+++ b/cfb8/tests/aes.rs
@@ -0,0 +1,55 @@
+use aes::*;
+use cfb8::{Decryptor, Encryptor};
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test};
+
+iv_state_test!(aes128_cfb8_enc_iv_state, Encryptor<Aes128>, encrypt);
+iv_state_test!(aes128_cfb8_dec_iv_state, Decryptor<Aes128>, decrypt);
+iv_state_test!(aes192_cfb8_enc_iv_state, Encryptor<Aes192>, encrypt);
+iv_state_test!(aes192_cfb8_dec_iv_state, Decryptor<Aes192>, decrypt);
+iv_state_test!(aes256_cfb8_enc_iv_state, Encryptor<Aes256>, encrypt);
+iv_state_test!(aes256_cfb8_dec_iv_state, Decryptor<Aes256>, decrypt);
+
+// Test vectors from CVAP "AES Multiblock Message Test (MMT) Sample Vectors":
+// <https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Block-Ciphers>
+block_mode_enc_test!(aes128_cfb8_enc_test, "aes128", Encryptor<Aes128>);
+block_mode_dec_test!(aes128_cfb8_dec_test, "aes128", Decryptor<Aes128>);
+block_mode_enc_test!(aes128enc_cfb8_enc_test, "aes128", Encryptor<Aes128Enc>);
+block_mode_dec_test!(aes128enc_cfb8_dec_test, "aes128", Decryptor<Aes128Enc>);
+block_mode_enc_test!(aes192_cfb8_enc_test, "aes192", Encryptor<Aes192>);
+block_mode_dec_test!(aes192_cfb8_dec_test, "aes192", Decryptor<Aes192>);
+block_mode_enc_test!(aes192enc_cfb8_enc_test, "aes192", Encryptor<Aes192Enc>);
+block_mode_dec_test!(aes192dec_cfb8_dec_test, "aes192", Decryptor<Aes192Enc>);
+block_mode_enc_test!(aes256_cfb8_enc_test, "aes256", Encryptor<Aes256>);
+block_mode_dec_test!(aes256_cfb8_dec_test, "aes256", Decryptor<Aes256>);
+block_mode_enc_test!(aes256enc_cfb8_enc_test, "aes256", Encryptor<Aes256Enc>);
+block_mode_dec_test!(aes256dec_cfb8_dec_test, "aes256", Decryptor<Aes256Enc>);
+
+/// Test methods from the `AsyncStreamCipher` trait.
+#[test]
+fn aes128_cfb8_async_test() {
+    use cipher::{AsyncStreamCipher, KeyIvInit};
+
+    type Enc = Encryptor<Aes128>;
+    type Dec = Decryptor<Aes128>;
+
+    let key = [42; 16];
+    let iv = [24; 16];
+    let mut pt = [0u8; 101];
+    for (i, b) in pt.iter_mut().enumerate() {
+        *b = (i % 11) as u8;
+    }
+    let enc = Enc::new_from_slices(&key, &iv).unwrap();
+    let mut ct = pt.clone();
+    enc.encrypt(&mut ct);
+    for i in 1..100 {
+        let enc = Enc::new_from_slices(&key, &iv).unwrap();
+        let mut t = pt.clone();
+        let t = &mut t[..i];
+        enc.encrypt(t);
+        assert_eq!(t, &ct[..i]);
+
+        let dec = Dec::new_from_slices(&key, &iv).unwrap();
+        dec.decrypt(t);
+        assert_eq!(t, &pt[..i]);
+    }
+}
diff --git a/cfb8/tests/data/aes128.blb b/cfb8/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..81b6cafb9722ddead4ab6ecf0158d50b7e33da9b
GIT binary patch
literal 941
zcmV;e15*3|AjN%Yor&Lk`|okUfTpnu!yx>!yi5RVhe$bid1@-+#4ZA10wf>}k3GZf
z?qJ(xi@ATVM*E{6<bnOfE?{exql3VqrBV*N1ggyhP-Y;={+suElMhDH2aAjjWqi~i
z^mWEbk+Kf1;e(<kDdHX?2FV6B2GVwsASev@8uiS6b7NPW9iTIi<{({c^l~i@A@SMH
z)jAF~!$JtMqAcwQbMvmhAYER6AmFBLJ_+FEsgW;=Mj!<(exR)%DORF8C$Hhydus}~
zN|5|*3L2VW!v`SjiTgB%htH5KsdL0|fkTZTQjh6eaU0P;H@s5Jo|e>H3=}0aa_OB6
z&%#IJIy)d{2bg>{ND0fR7-OBy7*R(cRV)x13w#WrL$4)-Q<HzA4x1WU6KNK14!5f+
zOvf1nAiyZ*zbkZ~`i6C%FNEnluplUmbuFK)&o+Kt49Xv->^l%LKoy6K+=9OlhcZwV
zFUF<2AkZDDT`VeL+6L-)&$?O6Fd+G(ldX_}Pp>8}I$Ir=SuPS+!J`gH7HyV566vVJ
zw|4E*o;@HsZ;@FhKc>#|pmoan&R7>955hKLx7+tPC-BGKG906B6o>EYja8o0Hg_l#
zj+{_JRut7h&JiF3?fwWQP`z5n-S$sHpj3Y#Qmok8wk(((ppH?KoWPB%0to^kAUMx=
zXHXU{++)MF+v5?dpCFj~y(oxs#19!Jv2M!j6=4MHBm_u!Ajt(hhr{J-#pNs0A7w@P
zks!GFWDN-;+7te6xO)Nc&!7g82}uU7w$dQ!XL0rN3W@HA5@FKOjvhuJZiYZUGdX5e
zkb2;5@scJl2s?it90-HTvhyI4trP6F3*H;EvrOQ4XJ;!Q`C33=xcCk~gPlw~qdl#Z
z3KzM#;cW^@_daDSAnRAS-3M-ayED|k#MkVyejrg3S(l(^+|u9{#c?#n`ce$an4hHR
z7!0uL%ks)bAaJY1i?O~*0fX@VJ@sLg{~+Q~@p%_Zaqb>SinHAy1cMG#1=<mYx8M#4
z`|q17Hku$3bGYE{;i1Zca9Om_qorLSVl1mk2`vI|RZZE7WI@~}5Y(67bFaC0d=RtC
zorsb`I_n@wLw*Lf`la#@*^BodkM&d_W5^ib)5}|MRPR0>hu;no67mDQ)B?6y8QKy7
znJSoKdBbR4AY+-q+y;xIP?$wxkE!h%mLL&V!gg$iw^ZLqTj||cQQs8)|4uF>SgqeG
PR20d=gz2ll=KB%;LFu|1

literal 0
HcmV?d00001

diff --git a/cfb8/tests/data/aes192.blb b/cfb8/tests/data/aes192.blb
new file mode 100644
index 0000000000000000000000000000000000000000..f7eb86dd623273a6adc53e6b133155f3c8702d2a
GIT binary patch
literal 1101
zcmV-T1hV@8FfyUA<JvZjwPV*YYnOS`GJaFprqYM)mmodR=i(m;)r2oPX`QLHb4CJG
z0&Os+I33Iw-G$e3oE^@PbUVHs^?=w{^|{0#z^qUot$#`sW!m#D82lPf1f*63kG3$-
zjlSe_EPwn|Ocs^00n-k7P&YDO@TwRfq2rqFxpJu23ZVRbZ>(;t2K^CT2E@P?Feh<^
zq@+NGnIQEe#MOBGTkX?2?u{<G_aJA!09P-9s=O1{<)Y;s9|#DD;Ba9Gi?%SjFoX9G
z+~jix{JV@Hwy3ippMJrG{`B7K)FA(Jvk=dIV$N?+5R&?A$cPFyW=<k43Lu45RnaiT
zz9$+f^rD^!UXGX<W&zx|jLZY&S)&9XpHccQxS)h_k8(ideG^^I47Gm}G%8{YbN`$3
z>`O45RWdGZNn79$cGS27ajg`2u2wexm|^uGD|yes|2HK~?e&sMYhmNy4sFifL&EN5
z4t$ArSSTVOFm8Cv?B~(4qri;t-gArYGt0a8jhpn6EFeq16|w0`dzU2&AvV~6PDT*U
z+Coxzargod*)RBzMX`~8FcZm!Wpr<NC9``#Nfsmu+tK7UOX1L5V;~MkpS@o>Ve^ZM
zCcYmnWyKO33S-waWUD-i5>$nReqB5+EW|KVetY&|{Xit3Bw;@lu{MzR(8x!@;fZA+
zI)VAw)4^4+%B@{<G?aGy6w}zbxrD94LO1RdIC=i3D#@8C<vK8Zy}?@415Vf|+=eHa
zx2?&m){d{8Qf*xzLs@7#^`od<B#*cCP;W7N0xbe1Fgh&XoR$c|-C{G)J=j$#I|zl5
zQ53RLc_8Paj^j$qQWA~Y=2+}wn4$!G1Ox_nFv*0unry|qhyXD|%jCCJ=Hm;gK@|6`
z9w0&Excw84j5Uq^??M9t_A~}%jS2<>eD*LobbX>Fy}-phG-Lf}ZN3@NL03~zarqq}
zchjY<i@mXF_|l$VA$f*T2rU^OF9;8?&f+jk(J^`7p=|-isAE0+hlA%M=OGlyu+<76
zW>>^)nbtx_OfwCD7PlR~3J_Xk$Z`q^*%Z$UFkQ@>jfzEXnHSBCRM+<q3pAEXPSVqu
zpde48m8h718vzXD;1T=zK~@Zy^D@(Wcnm0vbuFK)Fvz;_AWrxTjsYd_<T?w?-_Y|`
zwk~XS{vhcTOY+Obata$vw)1@v?f(u|yG%T;Q?m}qm>M*<s);aU<OgH(ies)fj4}l)
z3gfC%i@0c@O38&Fs?TKzo=YfHI7J`*%@1RV5VdDP8^#+7b`aS7_&SJD3JoxO{mPaF
z@p4o01MmOIEvawb0x$>CEZWc@MZlg!17L9Yr*nEycDT<b5{Wg9_FO*kO(qhY8Cw}d
z#IIZXFuL%Ib}@Qo#qfIO^?tDCRETAhB+{1&;~)wGgll4}wv+EM*HnZq?I{$Pm6Id_
TIX%NVU=(tk3vKIl`fj!8O{@&F

literal 0
HcmV?d00001

diff --git a/cfb8/tests/data/aes256.blb b/cfb8/tests/data/aes256.blb
new file mode 100644
index 0000000000000000000000000000000000000000..9a03c66f536056f3b535ece7085068a140303c28
GIT binary patch
literal 1261
zcmV<J1QPoIKs4wH9PSD6y*|Glj|KG``_ze^@~!}CIuCet1uWf0$RI=OP0ULKr~($E
z4oV59tF;380w_S>PD2+l6A+#gLpeA?{%o%E_@d<o*Y#h6+_3~i#;qeDql<{5ldyOD
zRYqfKt&rAZ1Su2*X{JC1NOTD=dK1h<VkCOhBhcw?-$LlNdRim5pr%KA365qUGmKR)
z@$8{Q2;g0e`SY_I2Dx<l1|0vDKvsE5+Yazb?cS@_P~LN8G1Lfyc~rR>04y`@{r{J2
z!XR<AQg5v4LN?PsA3+D?uullvcS#Zm@J*dhK;7McBTjt|ZpKAmxnwYyYK3nu>3~#2
zr<86nU>^2oogm^5Iokjw>m*4V&|ngXaR>^n9a9nN3K`6oreZ+sbEjY@EQ9$MakHy?
z7>5<c)~~t6RQ|4mg>IH=IAhQtu6z18{Uvvg&t}enSN7yC3<CagPrO|Wu<WKZ1@u6s
zXmrX8aQm3Ed;>noWE1l_t*!#Bt>6{8@D{XL+cOCuZq$I;<n03-_G_`=e~ncX4zzcE
zYt5Pk4vYbFm#tf?K%?8ccUsz#u(<6OGDJ=x!N_m(>!|i9FmndyX1KvyTp&)xYK~MN
zT>g8CxktaG{Rj{paHXg#t@Y{<9wNTJzO2|CKx7kMXTZuD&hs`6lM4LTCdIHwVWylL
zYDm4|+VT%OA0ShAp;XoRNEn}*rF%wf7P1nfY^CZrDl#tb5-|k<WoOeDO6@@FyG3TT
z;ez1saz<+lF&*=dk#)QR6QxrN&Mw5)Pe2VI309<z0RSwX7B_8fFpav=6tMm!tc^V=
zqV#bTV~l7c=Ou5oVs1bdhl3S>%XUK{sn&Gc(5Yk(W{VG4?*X`aaSJe&)%aB)Y}LNT
z*5Umluf;>S_zgda0+<4CK(@66=(h$_bLuh8RGw1pr^}Z89kEW`th_=1g{w%nM<9m|
z%|)>!7z5p}i>(!)CD#Nsas(IDKx)$vUKRUWbSw1!9=Pd@Y#;unQxJTF_Ove1BPt8L
zAs`o1Oo_zm<=&?1H9g*Y79$4vK^g|BgdRY3k3XogvWfAZ)t++}zCgJI@Avg(%B)3j
z`EoW64X1}7vJ*9~m<X8qlEkwHo>M7v2uFx`atMU8UL`<)E`?6FnNSIJ*<hx4g@O$k
zUIMEl)gKk*&Ajf0p;!zclt+wCMB@65E^EX+I7OG{3hhBlR*4GH>1*-mKspQq%AFov
zNxL`s1RsdeS;O(w&L+p0^`6yAlklMC03e#KIJ$!_O9?wrL_l;=eIN{i2kzphs|<8O
z49ybSK<))bAt?T*UXh<~Lu|2_@*;$NX^JR6S7+a7Ei=>3cOcTORpc0l2T_D$Q4*pr
zz>^NI^QufF<5Ld*1D=V8dqhA8tG&!VxxsOLvHGKp%?OjP)!}X>mUMdckBwpL?fK0h
zxh2TlnwwRmH!h~reIdc?5Vtn~P$-M`01)AJx|!-=FWEp=)C8!L`#V2bN~;)?k}$BA
zWNJ63fnuM%l5q2h8eHli<&bMO^4WfGEwP(ydOYJ9668shyRiTC5AG7hTAGo1fSPzq
zK<pC+B~j$pDIPKpR$FwQ>KF;OW3q27O;fcXShzFbtswjQT2hW6hA<L&3@W<&S_~9a
Xd;MfA_TetsLKG|fKLQCbaX=6nQT$D0

literal 0
HcmV?d00001

diff --git a/ctr/CHANGELOG.md b/ctr/CHANGELOG.md
new file mode 100644
index 0000000..37149d1
--- /dev/null
+++ b/ctr/CHANGELOG.md
@@ -0,0 +1,67 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.9.0 (2022-02-10)
+### Changed
+- Update `cipher` dependency to v0.4 and move crate
+to the [RustCrypto/block-modes] repository ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
+[RustCrypto/block-modes]: https://github.com/RustCrypto/block-modes
+
+## 0.8.0 (2021-07-08)
+### Changed
+- Make implementation generic over block size (previously it
+was generic only over 128-bit block ciphers). Breaking changes
+in the `CtrFlavor` API. ([#252]).
+
+[#252]: https://github.com/RustCrypto/stream-ciphers/pull/252
+
+## 0.7.0 (2020-04-29)
+### Changed
+- Generic implementation of CTR ([#195])
+- Removed `Ctr32LE` mask bit ([#197])
+- Bump `cipher` dependency to v0.3 ([#226])
+
+[#195]: https://github.com/RustCrypto/stream-ciphers/pull/195
+[#197]: https://github.com/RustCrypto/stream-ciphers/pull/197
+[#226]: https://github.com/RustCrypto/stream-ciphers/pull/226
+
+## 0.6.0 (2020-10-16)
+### Added
+- `Ctr32BE` and `Ctr32LE` ([#170])
+
+### Changed
+- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#177])
+
+[#177]: https://github.com/RustCrypto/stream-ciphers/pull/177
+[#170]: https://github.com/RustCrypto/stream-ciphers/pull/170
+
+## 0.5.0 (2020-08-26)
+### Changed
+- Bump `stream-cipher` dependency to v0.7, implement the `FromBlockCipher` trait ([#161], [#164])
+
+[#161]: https://github.com/RustCrypto/stream-ciphers/pull/161
+[#164]: https://github.com/RustCrypto/stream-ciphers/pull/164
+
+## 0.4.0 (2020-06-06)
+### Changed
+- Upgrade to the `stream-cipher` v0.4 crate ([#116], [#138])
+- Upgrade to Rust 2018 edition ([#116])
+
+[#138]: https://github.com/RustCrypto/stream-ciphers/pull/138
+[#116]: https://github.com/RustCrypto/stream-ciphers/pull/121
+
+## 0.3.2 (2019-03-11)
+
+## 0.3.0 (2018-11-01)
+
+## 0.2.0 (2018-10-13)
+
+## 0.1.1 (2018-10-13)
+
+## 0.1.0 (2018-07-30)
diff --git a/ctr/Cargo.toml b/ctr/Cargo.toml
new file mode 100644
index 0000000..9f984ce
--- /dev/null
+++ b/ctr/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "ctr"
+version = "0.9.0" # Also update html_root_url in lib.rs when bumping this
+description = "CTR block modes of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/ctr"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "stream-cipher", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+magma = "0.8"
+kuznyechik = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3"
+
+[features]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/ctr/LICENSE-APACHE b/ctr/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/ctr/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/ctr/LICENSE-MIT b/ctr/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/ctr/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/ctr/README.md b/ctr/README.md
new file mode 100644
index 0000000..a2a3043
--- /dev/null
+++ b/ctr/README.md
@@ -0,0 +1,59 @@
+# RustCrypto: CTR
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Counter][CTR] (CTR) block cipher mode of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/ctr.svg
+[crate-link]: https://crates.io/crates/ctr
+[docs-image]: https://docs.rs/ctr/badge.svg
+[docs-link]: https://docs.rs/ctr/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/ctr/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Actr+branch%3Amaster
+
+[//]: # (general links)
+
+[CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/ctr/benches/aes128.rs b/ctr/benches/aes128.rs
new file mode 100644
index 0000000..ad30e34
--- /dev/null
+++ b/ctr/benches/aes128.rs
@@ -0,0 +1,26 @@
+#![feature(test)]
+extern crate test;
+
+cipher::stream_cipher_bench!(
+    ctr::Ctr32LE<aes::Aes128>;
+    ctr_32le_aes128_stream_bench1_16b 16;
+    ctr_32le_aes128_stream_bench2_256b 256;
+    ctr_32le_aes128_stream_bench3_1kib 1024;
+    ctr_32le_aes128_stream_bench4_16kib 16384;
+);
+
+cipher::stream_cipher_bench!(
+    ctr::Ctr64LE<aes::Aes128>;
+    ctr_64le_aes128_stream_bench1_16b 16;
+    ctr_64le_aes128_stream_bench2_256b 256;
+    ctr_64le_aes128_stream_bench3_1kib 1024;
+    ctr_64le_aes128_stream_bench4_16kib 16384;
+);
+
+cipher::stream_cipher_bench!(
+    ctr::Ctr128BE<aes::Aes128>;
+    ctr_128be_aes128_stream_bench1_16b 16;
+    ctr_128be_aes128_stream_bench2_256b 256;
+    ctr_128be_aes128_stream_bench3_1kib 1024;
+    ctr_128be_aes128_stream_bench4_16kib 16384;
+);
diff --git a/ctr/src/backend.rs b/ctr/src/backend.rs
new file mode 100644
index 0000000..a94fd43
--- /dev/null
+++ b/ctr/src/backend.rs
@@ -0,0 +1,83 @@
+use crate::CtrFlavor;
+use cipher::{
+    generic_array::ArrayLength, Block, BlockBackend, BlockClosure, BlockSizeUser, ParBlocks,
+    ParBlocksSizeUser, StreamBackend, StreamClosure,
+};
+
+struct Backend<'a, F, B>
+where
+    F: CtrFlavor<B::BlockSize>,
+    B: BlockBackend,
+{
+    ctr_nonce: &'a mut F::CtrNonce,
+    backend: &'a mut B,
+}
+
+impl<'a, F, B> BlockSizeUser for Backend<'a, F, B>
+where
+    F: CtrFlavor<B::BlockSize>,
+    B: BlockBackend,
+{
+    type BlockSize = B::BlockSize;
+}
+
+impl<'a, F, B> ParBlocksSizeUser for Backend<'a, F, B>
+where
+    F: CtrFlavor<B::BlockSize>,
+    B: BlockBackend,
+{
+    type ParBlocksSize = B::ParBlocksSize;
+}
+
+impl<'a, F, B> StreamBackend for Backend<'a, F, B>
+where
+    F: CtrFlavor<B::BlockSize>,
+    B: BlockBackend,
+{
+    #[inline(always)]
+    fn gen_ks_block(&mut self, block: &mut Block<Self>) {
+        let tmp = F::next_block(self.ctr_nonce);
+        self.backend.proc_block((&tmp, block).into());
+    }
+
+    #[inline(always)]
+    fn gen_par_ks_blocks(&mut self, blocks: &mut ParBlocks<Self>) {
+        let mut tmp = ParBlocks::<Self>::default();
+        for block in tmp.iter_mut() {
+            *block = F::next_block(self.ctr_nonce);
+        }
+        self.backend.proc_par_blocks((&tmp, blocks).into());
+    }
+}
+
+pub(crate) struct Closure<'a, F, BS, SC>
+where
+    F: CtrFlavor<BS>,
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    pub(crate) ctr_nonce: &'a mut F::CtrNonce,
+    pub(crate) f: SC,
+}
+
+impl<'a, F, BS, SC> BlockSizeUser for Closure<'a, F, BS, SC>
+where
+    F: CtrFlavor<BS>,
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, F, BS, SC> BlockClosure for Closure<'a, F, BS, SC>
+where
+    F: CtrFlavor<BS>,
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = BS>>(self, backend: &mut B) {
+        let Self { ctr_nonce, f } = self;
+        f.call(&mut Backend::<F, B> { ctr_nonce, backend })
+    }
+}
diff --git a/ctr/src/ctr_core.rs b/ctr/src/ctr_core.rs
new file mode 100644
index 0000000..7868f5b
--- /dev/null
+++ b/ctr/src/ctr_core.rs
@@ -0,0 +1,143 @@
+use crate::{backend::Closure, CtrFlavor};
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    AlgorithmName, BlockCipher, BlockEncryptMut, BlockSizeUser, InnerIvInit, Iv, IvState,
+    StreamCipherCore, StreamCipherSeekCore, StreamClosure,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::ZeroizeOnDrop;
+
+/// Generic CTR block mode isntance.
+#[derive(Clone)]
+pub struct CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    cipher: C,
+    ctr_nonce: F::CtrNonce,
+}
+
+impl<C, F> BlockSizeUser for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C, F> StreamCipherCore for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    #[inline]
+    fn remaining_blocks(&self) -> Option<usize> {
+        F::remaining(&self.ctr_nonce)
+    }
+
+    #[inline]
+    fn process_with_backend(&mut self, f: impl StreamClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, ctr_nonce } = self;
+        cipher.encrypt_with_backend_mut(Closure::<F, _, _> { ctr_nonce, f });
+    }
+}
+
+impl<C, F> StreamCipherSeekCore for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    type Counter = F::Backend;
+
+    #[inline]
+    fn get_block_pos(&self) -> Self::Counter {
+        F::as_backend(&self.ctr_nonce)
+    }
+
+    #[inline]
+    fn set_block_pos(&mut self, pos: Self::Counter) {
+        F::set_from_backend(&mut self.ctr_nonce, pos);
+    }
+}
+
+impl<C, F> InnerUser for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    type Inner = C;
+}
+
+impl<C, F> IvSizeUser for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C, F> InnerIvInit for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            ctr_nonce: F::from_nonce(iv),
+        }
+    }
+}
+
+impl<C, F> IvState for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher,
+    F: CtrFlavor<C::BlockSize>,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        F::current_block(&self.ctr_nonce)
+    }
+}
+
+impl<C, F> AlgorithmName for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+    F: CtrFlavor<C::BlockSize>,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("Ctr")?;
+        f.write_str(F::NAME)?;
+        f.write_str("<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C, F> fmt::Debug for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+    F: CtrFlavor<C::BlockSize>,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("Ctr")?;
+        f.write_str(F::NAME)?;
+        f.write_str("<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C, F> ZeroizeOnDrop for CtrCore<C, F>
+where
+    C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop,
+    F: CtrFlavor<C::BlockSize>,
+    F::CtrNonce: ZeroizeOnDrop,
+{
+}
diff --git a/ctr/src/flavors.rs b/ctr/src/flavors.rs
new file mode 100644
index 0000000..30361c8
--- /dev/null
+++ b/ctr/src/flavors.rs
@@ -0,0 +1,44 @@
+//! CTR mode flavors
+
+use cipher::{
+    generic_array::{ArrayLength, GenericArray},
+    Counter,
+};
+
+mod ctr128;
+mod ctr32;
+mod ctr64;
+
+pub use ctr128::{Ctr128BE, Ctr128LE};
+pub use ctr32::{Ctr32BE, Ctr32LE};
+pub use ctr64::{Ctr64BE, Ctr64LE};
+
+/// Trait implemented by different CTR flavors.
+pub trait CtrFlavor<B: ArrayLength<u8>> {
+    /// Inner representation of nonce.
+    type CtrNonce: Clone;
+    /// Backend numeric type
+    type Backend: Counter;
+    /// Flavor name
+    const NAME: &'static str;
+
+    /// Return number of remaining blocks.
+    ///
+    /// If result does not fit into `usize`, returns `None`.
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize>;
+
+    /// Generate block for given `nonce` and current counter value.
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B>;
+
+    /// Generate block for given `nonce` and current counter value.
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B>;
+
+    /// Initialize from bytes.
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce;
+
+    /// Convert from a backend value
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend);
+
+    /// Convert to a backend value
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend;
+}
diff --git a/ctr/src/flavors/ctr128.rs b/ctr/src/flavors/ctr128.rs
new file mode 100644
index 0000000..9d10385
--- /dev/null
+++ b/ctr/src/flavors/ctr128.rs
@@ -0,0 +1,158 @@
+//! 128-bit counter falvors.
+use super::CtrFlavor;
+use cipher::{
+    generic_array::{ArrayLength, GenericArray},
+    typenum::{PartialDiv, PartialQuot, Unsigned, U16},
+};
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+type ChunkSize = U16;
+type Chunks<B> = PartialQuot<B, ChunkSize>;
+const CS: usize = ChunkSize::USIZE;
+
+#[derive(Clone)]
+pub struct CtrNonce128<N: ArrayLength<u128>> {
+    ctr: u128,
+    nonce: GenericArray<u128, N>,
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u128>> Drop for CtrNonce128<N> {
+    fn drop(&mut self) {
+        self.ctr.zeroize();
+        self.nonce.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u128>> ZeroizeOnDrop for CtrNonce128<N> {}
+
+/// 128-bit big endian counter flavor.
+pub enum Ctr128BE {}
+
+impl<B> CtrFlavor<B> for Ctr128BE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u128>,
+{
+    type CtrNonce = CtrNonce128<Chunks<B>>;
+    type Backend = u128;
+    const NAME: &'static str = "128BE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u128::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == Chunks::<B>::USIZE - 1 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_be_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u128, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == Chunks::<B>::USIZE - 1 {
+                u128::from_be_bytes(chunk)
+            } else {
+                u128::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
+
+/// 128-bit big endian counter flavor.
+pub enum Ctr128LE {}
+
+impl<B> CtrFlavor<B> for Ctr128LE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u128>,
+{
+    type CtrNonce = CtrNonce128<Chunks<B>>;
+    type Backend = u128;
+    const NAME: &'static str = "128LE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u128::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == 0 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_le_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u128, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == 0 {
+                u128::from_le_bytes(chunk)
+            } else {
+                u128::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
diff --git a/ctr/src/flavors/ctr32.rs b/ctr/src/flavors/ctr32.rs
new file mode 100644
index 0000000..17cb011
--- /dev/null
+++ b/ctr/src/flavors/ctr32.rs
@@ -0,0 +1,158 @@
+//! 32-bit counter falvors.
+use super::CtrFlavor;
+use cipher::{
+    generic_array::{ArrayLength, GenericArray},
+    typenum::{PartialDiv, PartialQuot, Unsigned, U4},
+};
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+type ChunkSize = U4;
+type Chunks<B> = PartialQuot<B, ChunkSize>;
+const CS: usize = ChunkSize::USIZE;
+
+#[derive(Clone)]
+pub struct CtrNonce32<N: ArrayLength<u32>> {
+    ctr: u32,
+    nonce: GenericArray<u32, N>,
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u32>> Drop for CtrNonce32<N> {
+    fn drop(&mut self) {
+        self.ctr.zeroize();
+        self.nonce.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u32>> ZeroizeOnDrop for CtrNonce32<N> {}
+
+/// 32-bit big endian counter flavor.
+pub enum Ctr32BE {}
+
+impl<B> CtrFlavor<B> for Ctr32BE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u32>,
+{
+    type CtrNonce = CtrNonce32<Chunks<B>>;
+    type Backend = u32;
+    const NAME: &'static str = "32BE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u32::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == Chunks::<B>::USIZE - 1 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_be_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u32, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == Chunks::<B>::USIZE - 1 {
+                u32::from_be_bytes(chunk)
+            } else {
+                u32::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
+
+/// 32-bit big endian counter flavor.
+pub enum Ctr32LE {}
+
+impl<B> CtrFlavor<B> for Ctr32LE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u32>,
+{
+    type CtrNonce = CtrNonce32<Chunks<B>>;
+    type Backend = u32;
+    const NAME: &'static str = "32LE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u32::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == 0 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_le_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u32, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == 0 {
+                u32::from_le_bytes(chunk)
+            } else {
+                u32::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
diff --git a/ctr/src/flavors/ctr64.rs b/ctr/src/flavors/ctr64.rs
new file mode 100644
index 0000000..3e63abe
--- /dev/null
+++ b/ctr/src/flavors/ctr64.rs
@@ -0,0 +1,158 @@
+//! 64-bit counter falvors.
+use super::CtrFlavor;
+use cipher::{
+    generic_array::{ArrayLength, GenericArray},
+    typenum::{PartialDiv, PartialQuot, Unsigned, U8},
+};
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+type ChunkSize = U8;
+type Chunks<B> = PartialQuot<B, ChunkSize>;
+const CS: usize = ChunkSize::USIZE;
+
+#[derive(Clone)]
+pub struct CtrNonce64<N: ArrayLength<u64>> {
+    ctr: u64,
+    nonce: GenericArray<u64, N>,
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u64>> Drop for CtrNonce64<N> {
+    fn drop(&mut self) {
+        self.ctr.zeroize();
+        self.nonce.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl<N: ArrayLength<u64>> ZeroizeOnDrop for CtrNonce64<N> {}
+
+/// 64-bit big endian counter flavor.
+pub enum Ctr64BE {}
+
+impl<B> CtrFlavor<B> for Ctr64BE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u64>,
+{
+    type CtrNonce = CtrNonce64<Chunks<B>>;
+    type Backend = u64;
+    const NAME: &'static str = "64BE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u64::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == Chunks::<B>::USIZE - 1 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_be_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u64, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == Chunks::<B>::USIZE - 1 {
+                u64::from_be_bytes(chunk)
+            } else {
+                u64::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
+
+/// 64-bit big endian counter flavor.
+pub enum Ctr64LE {}
+
+impl<B> CtrFlavor<B> for Ctr64LE
+where
+    B: ArrayLength<u8> + PartialDiv<ChunkSize>,
+    Chunks<B>: ArrayLength<u64>,
+{
+    type CtrNonce = CtrNonce64<Chunks<B>>;
+    type Backend = u64;
+    const NAME: &'static str = "64LE";
+
+    #[inline]
+    fn remaining(cn: &Self::CtrNonce) -> Option<usize> {
+        (core::u64::MAX - cn.ctr).try_into().ok()
+    }
+
+    #[inline(always)]
+    fn current_block(cn: &Self::CtrNonce) -> GenericArray<u8, B> {
+        let mut block = GenericArray::<u8, B>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let t = if i == 0 {
+                cn.ctr.wrapping_add(cn.nonce[i]).to_le_bytes()
+            } else {
+                cn.nonce[i].to_ne_bytes()
+            };
+            block[CS * i..][..CS].copy_from_slice(&t);
+        }
+        block
+    }
+
+    #[inline]
+    fn next_block(cn: &mut Self::CtrNonce) -> GenericArray<u8, B> {
+        let block = Self::current_block(cn);
+        cn.ctr = cn.ctr.wrapping_add(1);
+        block
+    }
+
+    #[inline]
+    fn from_nonce(block: &GenericArray<u8, B>) -> Self::CtrNonce {
+        let mut nonce = GenericArray::<u64, Chunks<B>>::default();
+        for i in 0..Chunks::<B>::USIZE {
+            let chunk = block[CS * i..][..CS].try_into().unwrap();
+            nonce[i] = if i == 0 {
+                u64::from_le_bytes(chunk)
+            } else {
+                u64::from_ne_bytes(chunk)
+            }
+        }
+        let ctr = 0;
+        Self::CtrNonce { ctr, nonce }
+    }
+
+    #[inline]
+    fn as_backend(cn: &Self::CtrNonce) -> Self::Backend {
+        cn.ctr
+    }
+
+    #[inline]
+    fn set_from_backend(cn: &mut Self::CtrNonce, v: Self::Backend) {
+        cn.ctr = v;
+    }
+}
diff --git a/ctr/src/lib.rs b/ctr/src/lib.rs
new file mode 100644
index 0000000..bafb064
--- /dev/null
+++ b/ctr/src/lib.rs
@@ -0,0 +1,91 @@
+//! Generic implementations of [CTR mode][1] for block ciphers.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
+//! use hex_literal::hex;
+//!
+//! type Aes128Ctr64LE = ctr::Ctr64LE<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "3357121ebb5a29468bd861467596ce3da59bdee42dcc0614dea955368d8a5dc0cad4"
+//! );
+//!
+//! // encrypt in-place
+//! let mut buf = plaintext.to_vec();
+//! let mut cipher = Aes128Ctr64LE::new(&key.into(), &iv.into());
+//! cipher.apply_keystream(&mut buf);
+//! assert_eq!(buf, &ciphertext[..]);
+//!
+//! // CTR mode can be used with streaming messages
+//! let mut cipher = Aes128Ctr64LE::new(&key.into(), &iv.into());
+//! for chunk in buf.chunks_mut(3) {
+//!     cipher.apply_keystream(chunk);
+//! }
+//! assert_eq!(buf, &plaintext[..]);
+//!
+//! // CTR mode supports seeking
+//! cipher.seek(0u32);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! // buffer length must be equal to input length
+//! let mut buf1 = vec![0u8; 34];
+//! cipher
+//!     .apply_keystream_b2b(&plaintext[..], &mut buf1)
+//!     .unwrap();
+//! assert_eq!(buf1, &ciphertext[..]);
+//!
+//! let mut buf2 = vec![0u8; 34];
+//! cipher.seek(0u32);
+//! cipher.apply_keystream_b2b(&buf1, &mut buf2).unwrap();
+//! assert_eq!(buf2, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CTR
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/ctr/0.9.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+pub mod flavors;
+
+mod backend;
+mod ctr_core;
+
+pub use cipher;
+pub use flavors::CtrFlavor;
+
+use cipher::StreamCipherCoreWrapper;
+pub use ctr_core::CtrCore;
+
+/// CTR mode with 128-bit big endian counter.
+pub type Ctr128BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr128BE>>;
+/// CTR mode with 128-bit little endian counter.
+pub type Ctr128LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr128LE>>;
+/// CTR mode with 64-bit big endian counter.
+pub type Ctr64BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr64BE>>;
+/// CTR mode with 64-bit little endian counter.
+pub type Ctr64LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr64LE>>;
+/// CTR mode with 32-bit big endian counter.
+pub type Ctr32BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr32BE>>;
+/// CTR mode with 32-bit little endian counter.
+pub type Ctr32LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr32LE>>;
diff --git a/ctr/tests/ctr128/data/aes128-ctr.blb b/ctr/tests/ctr128/data/aes128-ctr.blb
new file mode 100644
index 0000000000000000000000000000000000000000..d721e4ec446b1b483a24b8d09cf2f5fbab81ce22
GIT binary patch
literal 2039
zcmV<T2MG88Ae5&JD==VNVv2hsY($=IeISe3+6PG&FfpI8C(+Mf#Vn3cg-p6|be^*n
z>H?%aNi8yBGE*I`MX`=^z^J|NF@kJUiIX=f(q8%1gUF{hWzy^!-5oQY^tuW<<?K4=
zSb>U?m#sZovnrI(**apt@qOP*f4v(mR;ceUOHo>@f7=FA3Rgxlz<VC>Rub}+@p2SE
z0uenRz<N4ND1O_%9E~2){V?3JYIwW(X%;U%&Q%)VMKIo?ePx%F{CMaV!mSNC4F8Q?
zI-n$YxvH+j+JN(VyU(S9y<Du%6=*UvT_Mu|Uun;~%69&GK~xLwmszUGg_r+H$$^Yc
zYE1a8dTG+#CxOo#X3~PDz}c}R%FHWR7ZZ6^{VGmtE)|PisKpBy07~qXv>+gp=VKPP
zvdnETAeRe(uJ=O*0=z=k)U}c9nP|@p*zhK%N<qYJ1qOdi%p9D?WUhKevv?Kx5PV_D
z425p$GHnq#zyLGC+`62=G8^A&S`G#rd=YAlgXg9P+8U5F-odU`Na^8z!3+W{>uM2u
z7EpLz6#s!+94J1}_>mn8-({Ms`vs9!UkWn7E$2mzP#m`txEX-4+AiN%8UnZ^0Qc!<
zMNvmTX^74|o<vg5!HNGIG#{glA#_mulFKBz?0!8n<a7S@g6rX@tlO-zIoBF&>Mbb1
zN;2LiQ3u`lso$7dK*|0T6`eqNM0T<-zmL}>&^Q$pcGCNl$63Om01TYPFq&}{VY2~U
zoc2D^l7OlxF9+BfcB{bo71!uf_|wzZOK}=8yF}^I8@WfjXcN4NOD-<|n8c=aIw0#L
zs4Mh7>BE@PU?)-PM9{7B6oTM79ENRR50qTl4*T$&S;VyVTxin>9w~DHY^I~Be0t>*
za0$Jm1DJQalt6y#0E4i?`n*yt{ECVs0y*^Ea%Dk=t4)5N-+kHa2vJ9F{pGTN9CL^Q
zr{yjrus&>UH!_ME6_=-Tv>)MD>pa=X)(&72<fone(yvG~;J+|Rn~Ke{z;56~YIqK}
zbuA+QpM~F5OS4~{j6E$1_u)ijEZ;N9awWXdAbhC0(?m4Y+n<@$Am4MKA*}o=We{@{
z!HJ3N$9;{%Eu<!v>g}Nfn9zQ<-%>jZvqiH4L?6(ElSj%uOc|?^gTWK<I*^fqQ)rq9
z8<4~6Wz4o`RR<9bPW`FTq-0gd8yJ}9|C(`SELsu*2b;oHChK2>#4cV}!9N#uO*(+z
zDYjqEyPO;lV`*#~x^;^`VWuTtn0R>wJ~92RJwk=9fQ`&%)3JiU&f6yXbY|!!6kjd=
zBVa&XIR_ln_$Hl@QDpk2fp~=Lg<<x@=Ok+Ob-Bg9Fv%q7HdSd2u?$m%cO8&K_(WZ?
zHxqYGj!;Ygl$MQ-0H`388zAc)rUCMk2~Rw{QF}<o+^R+|4PK`&fX89fvtFujXTgdy
z$dpyFsRbIBk&ba=l5a?5%2riR?`Z#MO`Yh~32x|n+aI2+Sq~OQEAF4&N3596@gli`
z$>F8Ov=5OD_Y$SJTicl=>+Uu?%$;$UIR709UZ0X)N+!th^a+R@30cThRdK=jTxE6j
zx|IeDuZA$*(s&miYRP}^mOvfs_Davc(=tV4@!gt%@b(DRSwgW`rn8ED=Ci6_f9F|)
z678#Iyh(wGU{2VoXq7(Q|6yr&fVZ__EP9J=bLfk_$$-GYIvvZgi-*{#QaBa!=lsc+
zDPC&T;o!q0{G$c0Z>KRH1;>ilI2o?LSLr_?`Rl{iozGqq0``I7ZVTIyCjTJ}7%$n$
zYbcO*riRuX8e}>nzly%X@iigB5z=1k)&9-lV^EXZwoR!AGWPptgPrmVmSw@3?dGPJ
z-9ySuW_-O0Qq4%HkbVz6ZblP$rKHZGP8}orD`fc$n%TUj4zLeD0gI)owLXxfSZH6}
zwoi3`BInXV_BL3ifM;;GFm>rNZ@+|Yt=YTEQ$=)tSjqgbhs@&}Xs<?Br(k;W6-%b`
z2{{%P<QCVE@i&ej6dcvQExwY_KW5__mdM~q_<;l1?BpW?p#Xo)!Hfk2;-R(c;Zk~u
z@KWVQlgIdlT3^*Z3Wd@Z3ul6>Q~QD8;S*~OoV3rygG{dU{aG^Wa4`2%$GKz$Iu6cz
z9q?<lKyz0{)b=#<Ju)|W)Aqo??ds79L@kD-6lHev-Edi!Q*aS~jK_HJ%*+*1NPZPN
zboSbvZpeG<YL8(U{3FZ;2=Tm7c~L^Ujh-Vjj|8(c!Z3^IHZ;+zTa@1r?{RgeXw#BN
zi14F_PZzW_0*LaC|1J34%b8mQGxF}Q?18oxTEp)6SZk6Ui4Zel2izlyyev9s!}TZk
zV*bx8&&pc%%4B21)m`3!Md@m4_iOO9Ef9`cOdI`2%oi0ii1Fmq3kh5cw2$G2ZJ`=&
z%<^vr5GzC(0H6Q?=Q###i<3~%j6ct;cf%LFCohPHdh`~tCe^Izn#BCUMp7{_Xu$!&
zt&qVVRY4-hG%~>DNOb7L*f%%Z;s7jv6e9NTvrB6<&1od^Au9w~cyQpWnM_WhM=z}^
z16Pg0_r&YPS%5;q*hzA{P;vEFK!bH(0T)~>k{LM$x3c+Lj?iHp<hI<d<o>;>kaX_q
zfT~L-@$g;{@C!gqvX8m^IaIylJJjSZhCGRA{5oW!ap{C+>6(8%e(KkqxnyjevE=7<
VYVN$AuMsq5Y*Li)97ec1(!p2h`XB%R

literal 0
HcmV?d00001

diff --git a/ctr/tests/ctr128/data/aes256-ctr.blb b/ctr/tests/ctr128/data/aes256-ctr.blb
new file mode 100644
index 0000000000000000000000000000000000000000..47daaf84de9a0c16a03f2ad5c386108d2f241b62
GIT binary patch
literal 2055
zcmV+i2>AB^K!E|&noS)YQo+U;QkV3>&EDlaF@Zr9!lb7W61EdBf*_5O)*U?$3!~rD
z@+<r^ecp~xyLKFIXGn+QIhZGtGD}4+{%VeU5-sCA1iekHoT(dD5kG}IN5%w~|A~Pr
zdn*j)PJ%6z`*qBs@DGwH%}-h!3fV6%tgfqA7=r1-zpJRxm@69!0TuW7w}f$QMU$y*
zzD*_&x$>OvSk--Ys_KU}Z@{#X$a2V%NZ8IrjqwW&=HOc`LFHiEx@4+e?}MBA0+YFA
zKqA)c5fRVn!(EDcZ(i|4#<x>LuChX82<cy~Bdm2M(mAV0M??H3V*JGH^@jKzl2im7
zMqlj5e4@Lx&B3+;YZ5aZ-mHl;I{~{jIfBaqSc}uWKK)0<ERhD5)H(J;#^eCl^$t^Q
zg-Iv*{W})W9(*mNIViW!fq#ryaJvD9)wIL^1gxG6{0gtq6^^2UB_7eGKtB`6LbW?|
z80;#sD;9rj)Av`!la7cZLV;|AR=sm1O&&$qaAY&5!Sr%!LC<3K#RbdK#_;z?lUz<P
zk(M7RKZGdw(8B~-$>Fubg`$8i`UjI9iA?X4;RKu^d3$!0PLXdq8d!22;*tgN2RyRC
z{)dnXr_W%Q`;G6~6LRn)MzdhUq4J$MIxoaqO&t4TS_DO{7`~v$$*nk_fe^^B#C_LH
z#-wobS>Jjk$FOsLi?N6#QoP4R=k9#8Hxdx9v7C`V08;8W$(OBNwfSJDbf&ng;wR=@
z2Kf7yBdlY2EovSk+AT8<h_ZJL<&PAPS~<DCoQ~q9wVA*DlLNOfx>cG0kjCK>r4;vu
zbwoRJ<aaK(ZD7Z&5SK;FkPO?9-fnsBCi22(n$+D$$T8?)Cw5OsI<KA63`<akawwMy
zkYd@n(mS<rKKmX5H9tSC&F93h1V84Rc15Ah5uWF^O^%Y3D3ma-WK?T!F8b`u9IzA(
zam2k!6alFlEc+=;`PceWMAXYB3<I3qKFnuGS-lU{)cdH=CUpS={3*-b`w!IRA%3bg
zxV@UJ$|QmZklkO{>CxI;8~y40+ZAq|Z~lr*)qLLjUy4GybsI2touX({J*NcnZzDd#
z9}E90$o5;gKU&fnBP~Mf7Tczul4EUU7s2c3w8vHMA_3$t#C9YzTE?YWY(&wKJ1F;%
z>0c}EH&fc>)7H_IOk#^ndHjkqTgqgZq^lj7fY#J26rQ`m*Iwrn$K>o1r;#WBW<x;>
zg$?oiDqRBt5kkR(f3pM05Xbr6skkiN8snYLo+D!+Ez4gESWd~Y&9P`>KU;4U>uShd
zG9#ZuijqN;tcE}@-ZHOk-gy}P_5ny#sBJ0Hp{EsHhmy=1M^ozRno1J8bT`NEy{xp~
zB4NLv%RfI5sE#-LM+MZn;<5Lpj!?2T5@kjYzY-?W=yWhKE|3Ik(bL{J=xsCG0TdqU
zKBQIs1jp}GtoboN-3QnfkpI*x`euPFvC_)AaS@Cq+!gEUOY|e&Rq5U97#Tb4`9@p~
zN6C>#cEx}Yt_E~kT~`^9+P*tS&;npOIKd?|4NofQneHhXrrH#qqFT9I#Aa!Xf!{ic
zX}hB0nthLBf`qbCzn{_UCC~Uy!M$M<M|4I=``qmbxgLd%X)0uZYczvY9)DII>DpOb
zRnl>jS#I1H2VrFGMpM$>yU|XcCwkC7-Eq-dgu+rd*UMk+wath-vxh24!3)x7!@6{p
z2vis=i{^|w;GM<wNGl_Wvif3OHpVCZp~@2ZNkIHy#g38PlO#-X0P6zmDI}p!4RFfA
zj8CA3kOf(c;FTP2wg;SO(2xOThm<8E#cMUv`S&j8wv#)w6cNWK!*SMZPS#a=<CEBW
z1^(A9$Gjnu=jj%*k5?8?-w9pQ@!?`8|EKPPFS$ni!a|Gx#nd>wBR9&+Gt4@J;GP{8
z;p6a`eALC*tu{g>xT4SOXJ(mLp*Y*Jbdg<uAfTOTfzpg%fA_Xl3@!pgm6nEagV<Zz
zT4*I{;MHLB7Wp}Px!TA);g4NZIW@?zctxGeVeWCF_zb1T;``*2j2m^v#<d7erwBOC
z<pd*ZsGtR>9)y~JMj`_CmNMq{!j#n8tk}Kd@55}f=RipoI53OdD52-(OS}Eq!%pnU
zfwAs|^eMJmFa2KLgOY*FTiv;NcFV{rA4Y`+Iksp~9Wurivh_toMTk_4LZ{v04Z2GF
z%nO>;nAeu`%lmiN*eAt%p;)4*$|X!`s|oxqt7!SLRffE#luZZ+H)UjL`dB&6BMf@u
zQ#Rv6Cay!h=h}_W^BiNVV?B36q}`}=sU4l|Z61-J4M6;0+a-~&IEa^uF)WW6&2;;i
zWj0Qa*cN-k6g^8zmC$z1E!_3gZ3=~~M|Ls$v3bYpLhQ0HHHH&`wd)m#h7`4;*O_FS
z69S{A7sz!?D-&y@{)rv>I9CkdVGul6N1!&x#y8o)7G@LBf`kPZtE8Mf0fKS~H3p<#
zKlFU>=zUQ*eRkGwMJi<xZXa|WDrlo#x=tW4*740e4x8hawPBD6T$4#7O<JO5zUd}B
zMNDuAV-u_I;G4StDDw+dY)MM%uVbn-g^m!o<j~W0=}R}@pQ@;vHV7((e`Jnrg*MZn
zoKCowSagK6;$|a}B?x^Ex1*#?4P)OP<6gff3s^o)U2?mTFT*RgmV=eirS<XN#%;Z?
lW@!8=>@SFB{mrILlJd^DyhW@`cDjNQqqjZx;~15q#z=A~3jY8A

literal 0
HcmV?d00001

diff --git a/ctr/tests/ctr128/mod.rs b/ctr/tests/ctr128/mod.rs
new file mode 100644
index 0000000..c5e0206
--- /dev/null
+++ b/ctr/tests/ctr128/mod.rs
@@ -0,0 +1,12 @@
+use aes::{Aes128, Aes256};
+use ctr::{flavors, Ctr128BE, CtrCore};
+
+cipher::stream_cipher_test!(aes128_ctr_core, "aes128-ctr", Ctr128BE<Aes128>);
+cipher::stream_cipher_test!(aes256_ctr_core, "aes256-ctr", Ctr128BE<Aes256>);
+cipher::stream_cipher_seek_test!(aes128_ctr_seek, Ctr128BE<Aes128>);
+cipher::stream_cipher_seek_test!(aes256_ctr_seek, Ctr128BE<Aes256>);
+cipher::iv_state_test!(
+    aes128_ctr_iv_state,
+    CtrCore<Aes128, flavors::Ctr128BE>,
+    apply_ks,
+);
diff --git a/ctr/tests/ctr32/be.rs b/ctr/tests/ctr32/be.rs
new file mode 100644
index 0000000..98b1302
--- /dev/null
+++ b/ctr/tests/ctr32/be.rs
@@ -0,0 +1,86 @@
+//! Counter Mode with a 32-bit big endian counter
+
+use cipher::{KeyIvInit, StreamCipher, StreamCipherSeek, StreamCipherSeekCore};
+use hex_literal::hex;
+
+type Aes128Ctr = ctr::Ctr32BE<aes::Aes128>;
+
+const KEY: &[u8; 16] = &hex!("000102030405060708090A0B0C0D0E0F");
+const NONCE1: &[u8; 16] = &hex!("11111111111111111111111111111111");
+const NONCE2: &[u8; 16] = &hex!("222222222222222222222222FFFFFFFE");
+
+#[test]
+fn counter_incr() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), NONCE1.into());
+    assert_eq!(ctr.get_core().get_block_pos(), 0);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    assert_eq!(ctr.get_core().get_block_pos(), 4);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "35D14E6D3E3A279CF01E343E34E7DED36EEADB04F42E2251AB4377F257856DBA"
+            "0AB37657B9C2AA09762E518FC9395D5304E96C34CCD2F0A95CDE7321852D90C0"
+        )[..]
+    );
+}
+
+#[test]
+fn counter_seek() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), NONCE1.into());
+    ctr.seek(16);
+    assert_eq!(ctr.get_core().get_block_pos(), 1);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    assert_eq!(ctr.get_core().get_block_pos(), 5);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "6EEADB04F42E2251AB4377F257856DBA0AB37657B9C2AA09762E518FC9395D53"
+            "04E96C34CCD2F0A95CDE7321852D90C0F7441EAB3811A03FDBD162AEC402F5AA"
+        )[..]
+    );
+}
+
+#[test]
+fn keystream_xor() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), NONCE1.into());
+    let mut buffer = [1u8; 64];
+
+    ctr.apply_keystream(&mut buffer);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "34D04F6C3F3B269DF11F353F35E6DFD26FEBDA05F52F2350AA4276F356846CBB"
+            "0BB27756B8C3AB08772F508EC8385C5205E86D35CDD3F1A85DDF7220842C91C1"
+        )[..]
+    );
+}
+
+#[test]
+fn counter_wrap() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), NONCE2.into());
+    assert_eq!(ctr.get_core().get_block_pos(), 0);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    assert_eq!(ctr.get_core().get_block_pos(), 4);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "58FC849D1CF53C54C63E1B1D15CB3C8AAA335F72135585E9FF943F4DAC77CB63"
+            "BD1AE8716BE69C3B4D886B222B9B4E1E67548EF896A96E2746D8CA6476D8B183"
+        )[..]
+    );
+}
+
+cipher::iv_state_test!(
+    iv_state,
+    ctr::CtrCore<aes::Aes128, ctr::flavors::Ctr32BE>,
+    apply_ks,
+);
diff --git a/ctr/tests/ctr32/le.rs b/ctr/tests/ctr32/le.rs
new file mode 100644
index 0000000..21bf358
--- /dev/null
+++ b/ctr/tests/ctr32/le.rs
@@ -0,0 +1,96 @@
+//! Counter Mode with a 32-bit little endian counter
+
+use cipher::{
+    consts::U16, generic_array::GenericArray, KeyIvInit, StreamCipher, StreamCipherSeek,
+    StreamCipherSeekCore,
+};
+use hex_literal::hex;
+
+type Aes128Ctr = ctr::Ctr32LE<aes::Aes128>;
+
+const KEY: &[u8; 16] = &hex!("000102030405060708090A0B0C0D0E0F");
+const NONCE1: &[u8; 16] = &hex!("11111111111111111111111111111111");
+const NONCE2: &[u8; 16] = &hex!("FEFFFFFF222222222222222222222222");
+
+/// Compute nonce as used by AES-GCM-SIV
+fn nonce(bytes: &[u8; 16]) -> GenericArray<u8, U16> {
+    let mut n = *bytes;
+    n[15] |= 0x80;
+    n.into()
+}
+
+#[test]
+fn counter_incr() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), &nonce(NONCE1));
+    assert_eq!(ctr.get_core().get_block_pos(), 0);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    // assert_eq!(ctr.current_ctr(), 4);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "2A0680B210CAD45E886D7EF6DAB357C9F18B39AFF6930FDB2D9FCE34261FF699"
+            "EB96774669D24B560C9AD028C5C39C4580775A82065256B4787DC91C6942B700"
+        )[..]
+    );
+}
+
+#[test]
+fn counter_seek() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), &nonce(NONCE1));
+    ctr.seek(16);
+    assert_eq!(ctr.get_core().get_block_pos(), 1);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    assert_eq!(ctr.get_core().get_block_pos(), 5);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "F18B39AFF6930FDB2D9FCE34261FF699EB96774669D24B560C9AD028C5C39C45"
+            "80775A82065256B4787DC91C6942B7001564DDA1B07DCED9201AB71BAF06905B"
+        )[..]
+    );
+}
+
+#[test]
+fn keystream_xor() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), &nonce(NONCE1));
+    let mut buffer = [1u8; 64];
+
+    ctr.apply_keystream(&mut buffer);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "2B0781B311CBD55F896C7FF7DBB256C8F08A38AEF7920EDA2C9ECF35271EF798"
+            "EA97764768D34A570D9BD129C4C29D4481765B83075357B5797CC81D6843B601"
+        )[..]
+    );
+}
+
+#[test]
+fn counter_wrap() {
+    let mut ctr = Aes128Ctr::new(KEY.into(), &nonce(NONCE2));
+    assert_eq!(ctr.get_core().get_block_pos(), 0);
+
+    let mut buffer = [0u8; 64];
+    ctr.apply_keystream(&mut buffer);
+
+    assert_eq!(ctr.get_core().get_block_pos(), 4);
+    assert_eq!(
+        &buffer[..],
+        &hex!(
+            "A1E649D8B382293DC28375C42443BB6A226BAADC9E9CCA8214F56E07A4024E06"
+            "6355A0DA2E08FB00112FFA38C26189EE55DD5B0B130ED87096FE01B59A665A60"
+        )[..]
+    );
+}
+
+cipher::iv_state_test!(
+    iv_state,
+    ctr::CtrCore<aes::Aes128, ctr::flavors::Ctr32LE>,
+    apply_ks,
+);
diff --git a/ctr/tests/ctr32/mod.rs b/ctr/tests/ctr32/mod.rs
new file mode 100644
index 0000000..f9c17d4
--- /dev/null
+++ b/ctr/tests/ctr32/mod.rs
@@ -0,0 +1,9 @@
+//! Counter Mode with a 32-bit counter.
+//!
+//! NOTE: AES-128-CTR test vectors used by these tests were generated by first
+//! integration testing the implementation in the contexts of AES-GCM and
+//! AES-GCM-SIV, with the former tested against the NIST CAVS vectors, and the
+//! latter against the RFC8452 test vectors.
+
+mod be;
+mod le;
diff --git a/ctr/tests/gost/mod.rs b/ctr/tests/gost/mod.rs
new file mode 100644
index 0000000..31e5cec
--- /dev/null
+++ b/ctr/tests/gost/mod.rs
@@ -0,0 +1,55 @@
+use cipher::{KeyIvInit, StreamCipher};
+use hex_literal::hex;
+
+type MagmaCtr = ctr::Ctr32BE<magma::Magma>;
+type KuznyechikCtr = ctr::Ctr64BE<kuznyechik::Kuznyechik>;
+
+/// Test vectors from GOST R 34.13-2015 (Section A.1.2)
+#[test]
+fn kuznyechik() {
+    let key = hex!(
+        "8899aabbccddeeff0011223344556677"
+        "fedcba98765432100123456789abcdef"
+    );
+    let nonce = hex!("1234567890abcef00000000000000000");
+    let mut pt = hex!(
+        "1122334455667700ffeeddccbbaa9988"
+        "00112233445566778899aabbcceeff0a"
+        "112233445566778899aabbcceeff0a00"
+        "2233445566778899aabbcceeff0a0011"
+    );
+    let ct = hex!(
+        "f195d8bec10ed1dbd57b5fa240bda1b8"
+        "85eee733f6a13e5df33ce4b33c45dee4"
+        "a5eae88be6356ed3d5e877f13564a3a5"
+        "cb91fab1f20cbab6d1c6d15820bdba73"
+    );
+    let mut cipher = KuznyechikCtr::new(&key.into(), &nonce.into());
+    cipher.apply_keystream(&mut pt);
+    assert_eq!(pt[..], ct[..]);
+}
+
+/// Test vectors from GOST R 34.13-2015 (Section A.2.2)
+#[test]
+fn magma() {
+    let key = hex!(
+        "ffeeddccbbaa99887766554433221100"
+        "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
+    );
+    let nonce = hex!("1234567800000000");
+    let mut pt = hex!(
+        "92def06b3c130a59"
+        "db54c704f8189d20"
+        "4a98fb2e67a8024c"
+        "8912409b17b57e41"
+    );
+    let ct = hex!(
+        "4e98110c97b7b93c"
+        "3e250d93d6e85d69"
+        "136d868807b2dbef"
+        "568eb680ab52a12d"
+    );
+    let mut cipher = MagmaCtr::new(&key.into(), &nonce.into());
+    cipher.apply_keystream(&mut pt);
+    assert_eq!(pt[..], ct[..]);
+}
diff --git a/ctr/tests/mod.rs b/ctr/tests/mod.rs
new file mode 100644
index 0000000..0f91835
--- /dev/null
+++ b/ctr/tests/mod.rs
@@ -0,0 +1,5 @@
+//! Counter Mode Tests
+
+mod ctr128;
+mod ctr32;
+mod gost;
diff --git a/ige/CHANGELOG.md b/ige/CHANGELOG.md
new file mode 100644
index 0000000..b6059ab
--- /dev/null
+++ b/ige/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.1.0 (2022-02-10)
+- Initial release ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
diff --git a/ige/Cargo.toml b/ige/Cargo.toml
new file mode 100644
index 0000000..121a3bb
--- /dev/null
+++ b/ige/Cargo.toml
@@ -0,0 +1,30 @@
+[package]
+name = "ige"
+version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
+description = "Infinite Garble Extension (IGE) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/ige"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3.3"
+
+[features]
+default = ["block-padding"]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/ige/LICENSE-APACHE b/ige/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/ige/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/ige/LICENSE-MIT b/ige/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/ige/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/ige/README.md b/ige/README.md
new file mode 100644
index 0000000..04f4281
--- /dev/null
+++ b/ige/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: IGE
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Infinite Garble Extension][IGE] (IGE)
+block cipher mode of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ige_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ige_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/ige.svg
+[crate-link]: https://crates.io/crates/ige
+[docs-image]: https://docs.rs/ige/badge.svg
+[docs-link]: https://docs.rs/ige/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/ige/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Aige+branch%3Amaster
+
+[//]: # (general links)
+
+[CBC]: https://www.links.org/files/openssl-ige.pdf
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/ige/benches/aes128.rs b/ige/benches/aes128.rs
new file mode 100644
index 0000000..af67406
--- /dev/null
+++ b/ige/benches/aes128.rs
@@ -0,0 +1,16 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::block_encryptor_bench!(
+    KeyIv: ige::Encryptor<Aes128>,
+    ige_aes128_encrypt_block,
+    ige_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: ige::Decryptor<Aes128>,
+    ige_aes128_decrypt_block,
+    ige_aes128_decrypt_blocks,
+);
diff --git a/ige/src/decrypt.rs b/ige/src/decrypt.rs
new file mode 100644
index 0000000..4060cf4
--- /dev/null
+++ b/ige/src/decrypt.rs
@@ -0,0 +1,218 @@
+use crate::{xor, IgeIvSize};
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{sequence::Concat, ArrayLength, GenericArray},
+    inout::InOut,
+    typenum::{Unsigned, U1},
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockDecryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::{fmt, ops::Add};
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// IGE mode decryptor.
+#[derive(Clone)]
+pub struct Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    cipher: C,
+    x: Block<C>,
+    y: Block<C>,
+}
+
+impl<C> BlockDecryptMut for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, x, y } = self;
+        cipher.decrypt_with_backend_mut(Closure { x, y, f })
+    }
+}
+
+impl<C> BlockSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> InnerUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type IvSize = IgeIvSize<C>;
+}
+
+impl<C> InnerIvInit for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        let (y, x) = iv.split_at(C::BlockSize::to_usize());
+        Self {
+            cipher,
+            x: GenericArray::clone_from_slice(x),
+            y: GenericArray::clone_from_slice(y),
+        }
+    }
+}
+
+impl<C> IvState for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.y.clone().concat(self.x.clone())
+    }
+}
+
+impl<C> AlgorithmName for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("ige::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("ige::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C> Drop for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn drop(&mut self) {
+        self.x.zeroize();
+        self.y.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C> ZeroizeOnDrop for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + ZeroizeOnDrop,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    x: &'a mut GenericArray<u8, BS>,
+    y: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { x, y, f } = self;
+        f.call(&mut Backend { x, y, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    x: &'a mut GenericArray<u8, BS>,
+    y: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let new_y = block.clone_in();
+        let mut t = new_y.clone();
+        xor(&mut t, self.x);
+        self.backend.proc_block((&mut t).into());
+        xor(&mut t, self.y);
+        *block.get_out() = t.clone();
+        *self.x = t;
+        *self.y = new_y;
+    }
+}
diff --git a/ige/src/encrypt.rs b/ige/src/encrypt.rs
new file mode 100644
index 0000000..c8fd965
--- /dev/null
+++ b/ige/src/encrypt.rs
@@ -0,0 +1,218 @@
+use crate::{xor, IgeIvSize};
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{sequence::Concat, ArrayLength, GenericArray},
+    inout::InOut,
+    typenum::{Unsigned, U1},
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockEncryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::{fmt, ops::Add};
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// IGE mode encryptor.
+#[derive(Clone)]
+pub struct Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    cipher: C,
+    x: Block<C>,
+    y: Block<C>,
+}
+
+impl<C> BlockEncryptMut for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, x, y } = self;
+        cipher.encrypt_with_backend_mut(Closure { x, y, f })
+    }
+}
+
+impl<C> BlockSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> InnerUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    type IvSize = IgeIvSize<C>;
+}
+
+impl<C> InnerIvInit for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        let (y, x) = iv.split_at(C::BlockSize::to_usize());
+        Self {
+            cipher,
+            x: GenericArray::clone_from_slice(x),
+            y: GenericArray::clone_from_slice(y),
+        }
+    }
+}
+
+impl<C> IvState for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.y.clone().concat(self.x.clone())
+    }
+}
+
+impl<C> AlgorithmName for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("ige::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("ige::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C> Drop for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+    fn drop(&mut self) {
+        self.x.zeroize();
+        self.y.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C> ZeroizeOnDrop for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop,
+    C::BlockSize: Add,
+    IgeIvSize<C>: ArrayLength<u8>,
+{
+}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    x: &'a mut GenericArray<u8, BS>,
+    y: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { x, y, f } = self;
+        f.call(&mut Backend { x, y, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    x: &'a mut GenericArray<u8, BS>,
+    y: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let new_x = block.clone_in();
+        let mut t = new_x.clone();
+        xor(&mut t, self.y);
+        self.backend.proc_block((&mut t).into());
+        xor(&mut t, self.x);
+        *block.get_out() = t.clone();
+        *self.x = new_x;
+        *self.y = t;
+    }
+}
diff --git a/ige/src/lib.rs b/ige/src/lib.rs
new file mode 100644
index 0000000..b145a05
--- /dev/null
+++ b/ige/src/lib.rs
@@ -0,0 +1,92 @@
+//! [Infinite Garble Extension][1] (IGE) block cipher mode of operation.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ige_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ige_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+//! use hex_literal::hex;
+//!
+//! type Aes128IgeEnc = ige::Encryptor<aes::Aes128>;
+//! type Aes128IgeDec = ige::Decryptor<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 32];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "e3da005add5f05d45899f64891f7629b"
+//!     "6fcff7d21537fcd3569373d25701a5d1"
+//!     "d9e586e4c5b8ac09f2190485a76873c2"
+//! );
+//!
+//! // encrypt/decrypt in-place
+//! // buffer must be big enough for padded plaintext
+//! let mut buf = vec![0u8; 48];
+//! let pt_len = plaintext.len();
+//! buf[..pt_len].copy_from_slice(&plaintext[..]);
+//! let ct = Aes128IgeEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_mut::<Pkcs7>(&mut buf, pt_len)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let pt = Aes128IgeDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_mut::<Pkcs7>(&mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! let mut buf = vec![0u8; 48];
+//! let ct = Aes128IgeEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_b2b_mut::<Pkcs7>(&plaintext[..], &mut buf)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let mut buf = vec![0u8; 48];
+//! let pt = Aes128IgeDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_b2b_mut::<Pkcs7>(&ct, &mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://www.links.org/files/openssl-ige.pdf
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/ige/0.1.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+mod decrypt;
+mod encrypt;
+
+pub use cipher;
+pub use decrypt::Decryptor;
+pub use encrypt::Encryptor;
+
+use cipher::{
+    generic_array::{ArrayLength, GenericArray},
+    typenum::Sum,
+    BlockSizeUser,
+};
+
+type BlockSize<C> = <C as BlockSizeUser>::BlockSize;
+type IgeIvSize<C> = Sum<BlockSize<C>, BlockSize<C>>;
+
+#[inline(always)]
+fn xor<N: ArrayLength<u8>>(out: &mut GenericArray<u8, N>, buf: &GenericArray<u8, N>) {
+    for (a, b) in out.iter_mut().zip(buf) {
+        *a ^= *b;
+    }
+}
diff --git a/ige/tests/aes.rs b/ige/tests/aes.rs
new file mode 100644
index 0000000..813617f
--- /dev/null
+++ b/ige/tests/aes.rs
@@ -0,0 +1,12 @@
+use aes::{Aes128, Aes128Dec, Aes128Enc};
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test};
+use ige::{Decryptor, Encryptor};
+
+iv_state_test!(aes128_ige_enc_iv_state, Encryptor<Aes128>, encrypt);
+iv_state_test!(aes128_ige_dec_iv_state, Decryptor<Aes128>, decrypt);
+
+// Test vectors from: <https://mgp25.com/AESIGE/>
+block_mode_enc_test!(aes128_cbc_enc_test, "aes128", Encryptor<Aes128>);
+block_mode_dec_test!(aes128_cbc_dec_test, "aes128", Decryptor<Aes128>);
+block_mode_enc_test!(aes128enc_cbc_enc_test, "aes128", Encryptor<Aes128Enc>);
+block_mode_dec_test!(aes128dec_cbc_dec_test, "aes128", Decryptor<Aes128Dec>);
diff --git a/ige/tests/data/aes128.blb b/ige/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..f5a89c7b25c2f8194830210d187a5aa12abbdfe0
GIT binary patch
literal 233
zcmZQjU|?ioW?^Mx=iubx=HcbzcR&{q5EK#?5fu}ckd%^^k(HBoU?2b-q*^7Hg;qZc
zdU>nQ`Ig@oSDP<kTTXd&Ep9$OXU1mt>8BM!GBS%5fG9CfAv3oiC)FW0HLoPGBr`ux
zAwNyQ)7@1eH$Np+AuYd1!M`9iFF4p?W<g5(!n4nW_vAj<_Q_kOYKg~*orfLlOww1J
rx-r?|tF?oVo`O$miF&a@Mt(u6f>UaqLVA9QLS~6VQD%BZi6R#O^B+Qc

literal 0
HcmV?d00001

diff --git a/ofb/CHANGELOG.md b/ofb/CHANGELOG.md
new file mode 100644
index 0000000..d534cfa
--- /dev/null
+++ b/ofb/CHANGELOG.md
@@ -0,0 +1,52 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.6.0 (2022-02-10)
+### Changed
+- Update `cipher` dependency to v0.4 and move crate
+to the [RustCrypto/block-modes] repository ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
+[RustCrypto/block-modes]: https://github.com/RustCrypto/block-modes
+
+## 0.5.1 (2021-04-30)
+### Changed
+- Removed redundant `NewBlockCipher` bound from `FromBlockCipher` implementation ([#236])
+
+[#236]: https://github.com/RustCrypto/stream-ciphers/pull/236
+
+## 0.5.0 (2021-04-29)
+### Changed
+- Bump `cipher` dependency to v0.3 release ([#226])
+- Bump `aes` dev dependency to v0.7 release ([#232])
+
+[#226]: https://github.com/RustCrypto/stream-ciphers/pull/226
+[#232]: https://github.com/RustCrypto/stream-ciphers/pull/232
+
+## 0.4.0 (2020-10-16)
+### Changed
+- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#177])
+
+[#177]: https://github.com/RustCrypto/stream-ciphers/pull/177
+
+## 0.3.0 (2020-08-25)
+### Changed
+- Bump `stream-cipher` dependency to v0.7, implement the `FromBlockCipher` trait ([#161], [#164])
+
+[#161]: https://github.com/RustCrypto/stream-ciphers/pull/161
+[#164]: https://github.com/RustCrypto/stream-ciphers/pull/164
+
+## 0.2.0 (2020-06-08)
+### Changed
+- Bump `stream-cipher` dependency to v0.4 ([#123])
+- Upgrade to Rust 2018 edition ([#123])
+
+[#123]: https://github.com/RustCrypto/stream-ciphers/pull/123
+
+## 0.1.1 (2019-03-11)
+
+## 0.1.0 (2018-12-26)
diff --git a/ofb/Cargo.toml b/ofb/Cargo.toml
new file mode 100644
index 0000000..a7ee724
--- /dev/null
+++ b/ofb/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "ofb"
+version = "0.6.0" # Also update html_root_url in lib.rs when bumping this
+description = "Output Feedback][OFB] (OFB) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/ofb"
+repository = "https://github.com/RustCrypto/block-modes"
+keywords = ["crypto", "block-mode", "stream-cipher", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3"
+
+[features]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/ofb/LICENSE-APACHE b/ofb/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/ofb/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/ofb/LICENSE-MIT b/ofb/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/ofb/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/ofb/README.md b/ofb/README.md
new file mode 100644
index 0000000..44fa9b7
--- /dev/null
+++ b/ofb/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: OFB
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Output Feedback][OFB] (OFB) block cipher mode
+of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ofb_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ofb_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/ofb.svg
+[crate-link]: https://crates.io/crates/ofb
+[docs-image]: https://docs.rs/ofb/badge.svg
+[docs-link]: https://docs.rs/ofb/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/ofb/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Aofb+branch%3Amaster
+
+[//]: # (general links)
+
+[OFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB)
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/ofb/benches/aes128.rs b/ofb/benches/aes128.rs
new file mode 100644
index 0000000..d3f7c70
--- /dev/null
+++ b/ofb/benches/aes128.rs
@@ -0,0 +1,24 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::stream_cipher_bench!(
+    ofb::Ofb<aes::Aes128>;
+    ofb_aes128_stream_bench1_16b 16;
+    ofb_aes128_stream_bench2_256b 256;
+    ofb_aes128_stream_bench3_1kib 1024;
+    ofb_aes128_stream_bench4_16kib 16384;
+);
+
+cipher::block_encryptor_bench!(
+    KeyIv: ofb::OfbCore<Aes128>,
+    ofb_aes128_encrypt_block,
+    ofb_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: ofb::OfbCore<Aes128>,
+    ofb_aes128_decrypt_block,
+    ofb_aes128_decrypt_blocks,
+);
diff --git a/ofb/src/backend.rs b/ofb/src/backend.rs
new file mode 100644
index 0000000..b5f9566
--- /dev/null
+++ b/ofb/src/backend.rs
@@ -0,0 +1,114 @@
+use cipher::{
+    consts::U1,
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    Block, BlockBackend, BlockClosure, BlockSizeUser, ParBlocksSizeUser, StreamBackend,
+    StreamClosure,
+};
+
+pub(crate) struct Closure1<'a, BS, SC>
+where
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    pub(crate) iv: &'a mut GenericArray<u8, BS>,
+    pub(crate) f: SC,
+}
+
+impl<'a, BS, SC> BlockSizeUser for Closure1<'a, BS, SC>
+where
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, SC> BlockClosure for Closure1<'a, BS, SC>
+where
+    BS: ArrayLength<u8>,
+    SC: StreamClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+pub(crate) struct Closure2<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    pub(crate) iv: &'a mut GenericArray<u8, BS>,
+    pub(crate) f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure2<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure2<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        self.backend.proc_block(self.iv.into());
+        block.xor_in2out(self.iv);
+    }
+}
+
+impl<'a, BS, BK> StreamBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn gen_ks_block(&mut self, block: &mut Block<Self>) {
+        self.backend.proc_block(self.iv.into());
+        *block = self.iv.clone();
+    }
+}
diff --git a/ofb/src/lib.rs b/ofb/src/lib.rs
new file mode 100644
index 0000000..fe9a6e2
--- /dev/null
+++ b/ofb/src/lib.rs
@@ -0,0 +1,207 @@
+//! [Output feedback][1] (OFB) mode.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ofb_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ofb_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{KeyIvInit, StreamCipher};
+//! use hex_literal::hex;
+//!
+//! type Aes128Ofb = ofb::Ofb<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "3357121ebb5a29468bd861467596ce3dc6ba5df50e536a2443b8ee16c2f7cd0869c9"
+//! );
+//!
+//! // encrypt in-place
+//! let mut buf = plaintext.to_vec();
+//! let mut cipher = Aes128Ofb::new(&key.into(), &iv.into());
+//! cipher.apply_keystream(&mut buf);
+//! assert_eq!(buf, &ciphertext[..]);
+//!
+//! // OFB mode can be used with streaming messages
+//! let mut cipher = Aes128Ofb::new(&key.into(), &iv.into());
+//! for chunk in buf.chunks_mut(3) {
+//!     cipher.apply_keystream(chunk);
+//! }
+//! assert_eq!(buf, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! // buffer length must be equal to input length
+//! let mut buf1 = vec![0u8; 34];
+//! let mut cipher = Aes128Ofb::new(&key.into(), &iv.into());
+//! cipher
+//!     .apply_keystream_b2b(&plaintext[..], &mut buf1)
+//!     .unwrap();
+//! assert_eq!(buf1, &ciphertext[..]);
+//!
+//! let mut buf2 = vec![0u8; 34];
+//! let mut cipher = Aes128Ofb::new(&key.into(), &iv.into());
+//! cipher.apply_keystream_b2b(&buf1, &mut buf2).unwrap();
+//! assert_eq!(buf2, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_feedback_(OFB)
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/ofb/0.6.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+pub use cipher;
+
+mod backend;
+
+use cipher::{
+    crypto_common::{InnerUser, IvSizeUser},
+    AlgorithmName, Block, BlockCipher, BlockClosure, BlockDecryptMut, BlockEncryptMut,
+    BlockSizeUser, InnerIvInit, Iv, IvState, StreamCipherCore, StreamCipherCoreWrapper,
+    StreamClosure,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// Buffered Output feedback (OFB) mode.
+pub type Ofb<C> = StreamCipherCoreWrapper<OfbCore<C>>;
+
+/// Output feedback (OFB) mode.
+#[derive(Clone)]
+pub struct OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> InnerUser for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            iv: iv.clone(),
+        }
+    }
+}
+
+impl<C> IvState for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> StreamCipherCore for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn remaining_blocks(&self) -> Option<usize> {
+        None
+    }
+
+    fn process_with_backend(&mut self, f: impl StreamClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(backend::Closure1 { iv, f });
+    }
+}
+
+impl<C> BlockEncryptMut for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(backend::Closure2 { iv, f })
+    }
+}
+
+impl<C> BlockDecryptMut for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(backend::Closure2 { iv, f })
+    }
+}
+
+impl<C> AlgorithmName for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("Ofb<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for OfbCore<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("OfbCore<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for OfbCore<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for OfbCore<C> {}
diff --git a/ofb/tests/aes.rs b/ofb/tests/aes.rs
new file mode 100644
index 0000000..74fd5ce
--- /dev/null
+++ b/ofb/tests/aes.rs
@@ -0,0 +1,34 @@
+use aes::*;
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test, stream_cipher_test};
+use ofb::{Ofb, OfbCore};
+
+iv_state_test!(aes128_ofb_enc_iv_state, OfbCore<Aes128>, encrypt);
+iv_state_test!(aes128_ofb_dec_iv_state, OfbCore<Aes128>, decrypt);
+iv_state_test!(aes128_ofb_apply_ks_iv_state, OfbCore<Aes128>, apply_ks);
+iv_state_test!(aes192_ofb_enc_iv_state, OfbCore<Aes192>, encrypt);
+iv_state_test!(aes192_ofb_dec_iv_state, OfbCore<Aes192>, decrypt);
+iv_state_test!(aes192_ofb_apply_ks_iv_state, OfbCore<Aes192>, apply_ks);
+iv_state_test!(aes256_ofb_enc_iv_state, OfbCore<Aes256>, encrypt);
+iv_state_test!(aes256_ofb_dec_iv_state, OfbCore<Aes256>, decrypt);
+iv_state_test!(aes256_ofb_apply_ks_iv_state, OfbCore<Aes256>, apply_ks);
+
+// Test vectors from CVAP "AES Multiblock Message Test (MMT) Sample Vectors":
+// <https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Block-Ciphers>
+block_mode_enc_test!(aes128_ofb_enc_test, "aes128", OfbCore<Aes128>);
+block_mode_dec_test!(aes128_ofb_dec_test, "aes128", OfbCore<Aes128>);
+block_mode_enc_test!(aes128enc_ofb_enc_test, "aes128", OfbCore<Aes128Enc>);
+block_mode_dec_test!(aes128dec_ofb_dec_test, "aes128", OfbCore<Aes128Enc>);
+stream_cipher_test!(aes128_ofb_stream_test, "aes128", Ofb<Aes128>);
+stream_cipher_test!(aes128enc_ofb_stream_test, "aes128", Ofb<Aes128Enc>);
+block_mode_enc_test!(aes192_ofb_enc_test, "aes192", OfbCore<Aes192>);
+block_mode_dec_test!(aes192_ofb_dec_test, "aes192", OfbCore<Aes192>);
+block_mode_enc_test!(aes192enc_ofb_enc_test, "aes192", OfbCore<Aes192Enc>);
+block_mode_dec_test!(aes192dec_ofb_dec_test, "aes192", OfbCore<Aes192Enc>);
+stream_cipher_test!(aes192_ofb_stream_test, "aes192", Ofb<Aes192>);
+stream_cipher_test!(aes192enc_ofb_stream_test, "aes192", Ofb<Aes192Enc>);
+block_mode_enc_test!(aes256_ofb_enc_test, "aes256", OfbCore<Aes256>);
+block_mode_dec_test!(aes256_ofb_dec_test, "aes256", OfbCore<Aes256>);
+block_mode_enc_test!(aes256enc_ofb_enc_test, "aes256", OfbCore<Aes256Enc>);
+block_mode_dec_test!(aes256dec_ofb_dec_test, "aes256", OfbCore<Aes256Enc>);
+stream_cipher_test!(aes256_ofb_stream_test, "aes256", Ofb<Aes256>);
+stream_cipher_test!(aes256enc_ofb_stream_test, "aes256", Ofb<Aes256Enc>);
diff --git a/ofb/tests/data/aes128.blb b/ofb/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..c5d1f41f5c6513e47034b1a52009d2c780fee00b
GIT binary patch
literal 4269
zcmV;e5K`{|AlKD<*hdvg`En|a@RsHpLLmL#ARLk80oigmXu_rvw|XFfh(970Qi8f_
zL@JHar)bn5gv=8QXlG(Jma30ZJ(h~zAj$O3A+*QZs!x;RlH6ch#UNf<jPihtat;B(
z?UK}Rq+LLc8O6%Y0a|7*e?ZObt-pDufPuhml|-~0Ez(Hmb~Cg<h+V{r-G1hwgPX<0
z;5+KzaWEdwk)RP3AkE;@p%V4dAbN1jYbGA-%LT=87u9w#mms@)mS_9dZC>I8f`@6N
zL9t+hJi4woV8~SxqsTwj3$;sp{BxTrTVvo}^flOS8T}PDjEVmUpz<8(nsSf(U3K4J
z^~9R4iUMo!UQ${Tt9}_?>WUk2sM9J@6RL@Hg^w)!137?D1E9+qd*PoqZAJv^Acfo2
zrsp<+r5Z|oPLs-g3?PZvm&K}{3SCu()U;+#$tQpS<J<gd;i!3s57H(?$P-`SV>Mm;
z3XQEr$;RMP=HP|Tad%YQ8%eCNO!Gj3Z~G0YkrR&sDx5TuI%*MYn8(xAfB;CNOV||M
zP8*V?sstf{HoVj*{WQuI8hGIAERQ7A@Nk!ktkvN)9FUxWjkH}QvrobtuxdGk`Dv?y
zUiX!Vjj13Qxrll+LyxlOSpt4k<21G)rM`wC<&CZ~Tx*7p*Ms8CfFO+4S>KXbP_-8K
zH~f;)`uYHj0F0gf4t4D<X!iekIiK<vG-SBLeDfNw!A1PPtaIb|e$2Er^d!F=ZEpKe
zPL7l4rf8xe4m~?h)HkgfSVDjxf^%w*)4+K_u@^j?QNQ5WSq~$6<8FJCNE>@f*o~>y
zk3w?=xn4_<_aQC10QT0s=i{1m+HfEe^K4Aepu%@n1uDV4JMmB)hQSzWX{RY{Alg#E
z<Y1nH?vi12sp|O)2q5y%#pr8I+d$I?6RM@5Q~rQJk=DstVNCd4;cn`_S$4vrsnZ7p
zFL|e`>wG*{;oXfxzob~mz%EZ-(8*xQ@qRgx-7XBX?ctA>Ia)|S0q+OOOqa9~&P7VE
z4|F6d$^&?6lSCnLy-=Y>d!1%7Mbb<!fIvZN;p5mf4tyyd^cltDMq4<J;?nQ|Oa!Hu
zepVNt4g2e-bTL(O57tJz=1q&g(1;hr#OZtyG*?T*f|8eITnOWx=Xp`nnQ9jRqHEkj
zlGDyyLX`fib{PPB^SuKb$73K?*7xG5aJem2|BY^(RZS`&wG!~*9w+@8l&TDAd$!tM
zfMDh<-mF7rcS&#)6vamOc%;Wz<n>oz=hrF2cs%!_LhbghKhFt}h-5U0Y?M@0zpf5e
zbgBmKZ?RD=l;13@BuDPJNjE#Q@4kDu)@+J?<yo<R!f4i6pUv-dSIxcUxy81UBW^>N
zR9`FUd(=-kldXVYI=bf<=r<2j!|qjabDhqLVH>p-I98wC7xTaoWGvT#5!{s^`O{Z5
zANz{8dpNsXH1gd7<d^@4XovEnvTwi2x0P5Icn`{T8=m)0?bD9nt4qP`<WuH$Sr*ep
z;k~^=t!+?@U-Na}ApD6)wlNPaAPMpo|9Icz8Q;$Fs8vTa6d-aTbjXs@Whohg#_&SU
z(M5p(5%e|Z<7IEpsNmlt0};w01x|$FJcW?w>~jhAoEJbM)MuwKCPD5SYou%LPawbA
z5R12og7$E*SKq(novF{Rh)E3LazQ{VAkzHnM{PPnPHaGJR{zLScxhc&O>78!v;i!l
z&rPo=PtjVz^5KJlNmuDKzlh)T*LSV^wMjFzfdJs;7~<18vgmk|eAG=&TdY7aUa}^X
znu`utW7*|Hya|(JK*m&dPXpzxt6O%q5*SG?pAJQM-kA>?NM#1XZt6-tsc0!iu1ZEP
zkVq;l{~4@!Mp%8WfTQu#K!t<QWm!mRunpZ8t{K?iosBW;e|32>44)=OfAGbOhVm*p
zA$}mu>9(HgD{57UMSeBlpojw?QZhSK)|z7ez-XJU;j`>xfgqN5n3-Dk^fj}l`78f-
zp&z786eg|@ZhgA?!g~@tU&I-{Qo!m#EK5AB1+Iytz|L=8k)&3!z3o$Qp(9N8_N!e2
zQ&4-x^YB+XxpjrMaR=VOS%D)X;34Bdt%IJa<IpPXq%&5n)QryfA89_-Ju<o+bfaF1
zUw<(b?}JZ$ubD_BOi#lfREKAcK5+XdtF?h3YF9@mU^iqty#N!!W!TxM3j&$4gHcUV
zR{qOecyI!uk)euqU!X?ABs3VXF6;aZS(SF>E!e{Xk;#1OsJ$(HzT@U?x3z`pD`)g?
zXA$2hMQeZ+R^l_MZK0^cOw`sDOCa<*;(LndJ&=EsRmggvA)<gIB4z2DP8gp`Jj$lE
z;6YQC9*#nKE!93=#`O^@Ad{M`apN~|m{oCFSL38)k041k3AJjH@jyW9n`WViyjOuh
zoFebt$KFY5k!=;%5Z*UUS4V*+?PSTVeu6$E(VP4X`orCz(ZZ6Wq670=Casj-vJaVz
zuR+V*N(k#+Z2Ly^?c|AT1!>nT1MC?|L9dm-S3JZ1j|5wxnMSjMfHFw)-A|fDOBz0o
z8t^WtNG)T1td^#Nb@Zcx(*i%8^oc8wGRnC(iyZGzQP$gmB5x&~8|3RFNm|GUU<Ed{
zut*nFfk1o$7u5NXG%Mw!UMt;4R<3_W8r@?$dk;}`?htx>3{$bkhs%TI-MDt*QKCGr
zd0E*~V~i@Iiz^6{jGKt$z~KE2fmCS>HaN~{FCdU!a%2BBo6HyEv^^qr?;pg-f+#PV
zMLWPgvYwokm}3~hkx;DhzcVKXQqv@eR6kjdj?~*c%b5&|{q{_*4IE$*1S-v_!f1MR
zj4P-J2OyaX=#3zQXc(PA>Y@z>qoUHO9z*va&jhRvM>CZxr8sdPdG7eiAZcu+b2)?$
zv%yf{!4cWvJ|KPFqY^NQlckPhXGEZ*gpnXoB*y))g>CJ2ueScZs+b-ilYYJK!+B_0
zanxpTKX{M#Kw4QS-3jN4Ati3Duwr8hKMP07BX-QLF-b@iKmR2X)IhKt4n%OW4M?B3
zgo_}P62CB?c`HhNq@YKt=&#CFiWwkkk7S4EU|76b5@L4bkKK15ZgtqWtO<4$KA{7r
z5X$TVU_wpYG%#mjFWW+CAoL2f*e*R!l!dT=?~!43R?`VMbc7Cp5dSw@dT9BKM;xIF
z%wQ?QVEW0kVZ=${5<y-%dhg*$%F8VX;=;-H7idRmH0*08zD$rWeZ@%JH;zLszr`Q{
zmOVtSpeC{)QaD9TTem+TltQN9^QAu!u*~(a%)xm&fB?lz`puO$Hlo<u3yWj5RV6wM
zruN`pE|HBGzLjR5s8$L1C)U~lO5G`BVrFo{0<o1OkI9BNERwCe5WwfdZUle;p+zoZ
zr7zNy0F;6#m=beQW)Xi>C#H3gRJgRhRblvZ@|JV!3JV|!hf!3SkwKQ(0-mrp8ukWV
zb;&1dIqsr^AWo=z3p8L<z?bdCU>kTSa3GpKBQrZIE$8g+rh0s-c0qt340kj!3|y!y
zQVa3mp<zsY-3$OH5$_8lo#^@{ZWXg2R=JXNfAgcG5Y;Z7^I~<`87-}0%Asc!bVX9g
zWyP+Pcc%(0Is%{@p?0|^L{OB{fFLqGB2!TnMKCOHwWYi=O?1lFIBEhVsy|6T&Am|J
z|0HSWI?kF8(+}|fXkQkJ6uTxb<Ve5bk2+WoVf579d2m*+G~!nA>6rBq*Cmb1TfQI}
zR`d%aG^SK*FmdwHe@a;(c3k^b3`Tc)Ak5&ABP`1DfItLV)@)H-Kzg@6pvLyDhM00R
zFUKiXrdgC!Q~+K#$8OMl`Ii6TGAKaLBZNCNG-@7m3b!HM&aXBu(pCjb5MI@Rs0;+}
zBCZ==xO6OTJe&>=Df-e8wDbzx6(IM<f*ycCy&;g{zo5R9F!cx?p2dysQHJ}=faPFb
z#AH43%t+mKQ?lgCPYf$OYo^OexS@EepA8X_8%}gDCB&C`Z>!ZTR6m6e4<yleEC$9A
zJ$<L#&NGK~n@ARz0QJ1$uyEwuAWlc&wZXKBDP1}%@JaN(Eg*ya@MO{x-$8qz=U&AZ
zzhi)4l&8MawV_z(U!F&Jr``}>^z*W&953qFEWVVTdQRzKrp75rx-4nc6WBJSRkjks
z`?ks?Itm!5Q_9<GbG85(E#cK2-+%)L7_fQ!wSfmZ2DWRYtx`=r3Gb>|=8>Dq6|%W2
z+4#YIZbm;&rTt%CfMBn$^3m*N%#IfT=fN|{aIpZ>N0D!q4oX<sfqQS)1-^BfgD$J8
zb|#GMLrc5F%FH``I_Tc(DX{=f<Pdav0}8)2K|zG!i@rcxSM4|=H|ejuuKHV5LR}iF
z(nI1UDjW7m)f8Y+GTxgM%dwCw;gKL=G==56gt;8u44^NKgW$U$t%`MI_RfmCX-VC;
z*BE7hfdK7LXaF%|#3Zhoj#1;+c7(=|bEqWTM<G^^btq+gJ<^S4A)h&p)o}%?HP7!l
zz<BDj3gGkYbt?`s3kja2D-~~ni3G&9#Wc#j<vsdh=eI=|sJx@|Zs=PR4uv4oi~w$G
z-t$YmjrD7Fdr%E<K38|DR9r!DKu1*YJ-;H!@YjI=qh2exWYpfG+Yx^Ee}7~DhEakk
zvIyg?Zah_S8JS=zq9}XARnLC{^c-Ai3O)*2d{o1KVe4>d6TxA3hR;Cy*@sA$D_gSc
zuzqlL1nwTOzp^%hNnnH0@Z;EgH+unUaRvJOk9}XKH^C(37MO-icJe{_6LJJHDk&mJ
z)TN5TAc2^(Zio!^4Zmk3{;I5oh#>o_D1xG-tlKG`PlCxmD))gPvQcU^ZbNkw@ZW=z
zivIiQ`R^Xcd3kx4^Bt*b9;cyQIbO}VOMluF&A_)@7Z-&3h%(i5wojB$#=a%ogSkCB
zzX3(2VZTkcbto&CWSeARI_}$xw{Z4+!$KOyb{<`JJRz(t9&(;Vm#u%wpWJYVizZ`D
z_l(f<Z?myDp*49GtGZA1_}{MbXfSXh^5QipfgrC^Maog-T}_~?Fr#+oiMJhyCZJ>T
zYk=_qSghDfxeaZmoW@t{2o~n~?0~2IRw^~`<%CgRfhjd|NeU(@&B;mPeq*;GV-nMk
z4RYK=%;LU5BP}jKdTRBt6CjNIKd$Nx((0NI)CmxGdA~hHQ>I~t$K)X%z6sgHoHjE~
zc7*vafTJfq#KJ|n8n5$-R6ro(3rvShOiykM@%Zmp<<oT_ekSmLfFv|L>@`51ap292
zfk2Gxq}()Y{c9C>P6#crsFatt*j;N|aRTRb7x$t=`u-OYi+Ve>ofcQmVYp`6Ia*sk
zG?9a)J^B&+3cypn-}If-a_&|2<T@{l$A#j&LIVJ4Ng4lpv_I>0smjDo&X)Fh<`~;u
zbTh9K+{fUSKk*Ai*fsg6^d=|g^ZigblO~0hTF~Kx^_5;{AHukJ-BAS|?XQI~4IWO9
zb@JZNHphWLUCN<z?cq<-)>xN0CKiwLPuAa?&N6`13joABfZ~^$9vK8*?3(*b@?=qO
zRS*bO!>ZAH5x>s`Be$Ni4P}%Ncil$pMutued2mc3Q0FW7v`D7#(-R7@3qm~_3EBU8
zGQV&HLCn&9G9!^VV8Vbz>Q`puT2;9}iAbqgy=GxT6=sQ!CzTHb=O!nc%gK<UEPxq4
P@UCSUW^wCTaWX*9rpqpD

literal 0
HcmV?d00001

diff --git a/ofb/tests/data/aes192.blb b/ofb/tests/data/aes192.blb
new file mode 100644
index 0000000000000000000000000000000000000000..24fb0de7e2164bbf4ddae47025f95877643be5a8
GIT binary patch
literal 4429
zcmV-T5wh+8FeyXh?fQXIV5p{-vxdq#<L>Dc@+&x3+#tr8UjQ+TBoY_R$Sm^uL-`<Q
z;?G@UGfLn+y{QoZt9TnAB3_I86FfsQx^9)-xIs4!FlsWfpT+P<qMrVjl75eo-y=B!
zc+~uX>mWIIYxUTcTzh$5JZ~crT&zIoyo6Jy)P3iv%-KVQun1{BMn&@%lM%G3q2Qb{
zfD+t57!xEgr3;D1OmfB92`!8JghG*dop2QvkjjOFeTk=?Fcn`CbWd#e;qeIHG#p->
z0^QU|60(KlZy<$QSeY0Eazc6#0>HXjJ^x_m@6CkOE-*K3maOR^VB*dseoKOMjAxw~
z1Q>^=u}F>yX3{l*@1W1?ND)m#4V_hB)(4y-*Fa-?B>jLMuqv`nZ4WZ3u6z!!u{&SS
z-v!};94^=MH{rQt?G2#`khKlwFlNWo6ItrOkXF@~fn`F!{!6nyM_v0ZVjx0bLfnC;
zplKx;a=9O~P*{KfFCloMh2|MDz_(p{;HKg_{&*yVF#L<Nt(>W+GBUg?q#b*;_LC1(
zO*miUV(^fHDDuolupdJ(Ns(||>vo=dfB=R%qBY3uJ${QMBu}2Vm!=TVflTpRE8Hs=
z=?((nUMov;ulx;JgQ}jJWBgDAVw)Z_aVgC{Pdvnne-}kW;|?(QagIpb2{%7re-2Wk
zgwEXGe;1QT-fnXs!MD*pz8}FivflQHGeS`sfFQMOv6ThR(4@`O>J@(WCB=}S%^uJ-
zNIv{iOjV6pPfye)KeR|Bbj%-y;|3eel$xiJR&FAGu{V329N_-ca4&7Kou*S`o2Qit
zq})m{q1J#P?iyhc9S4ahgA_&&u5g2u7MX1&MW_x6I?bLhAZ*ReyR)|yP{eB&tQJG{
za;`<Y9e|8}aqB8~Zvx)ZwQpj$GJKBq*+c#*MfascZaKq{Fd6{ivq%^7y2C*3p~7E#
zf7nk|G%*{iLLfiToG(L*S!;5YxEwk8rAvT713NyX)dgB1F3!in(42x}wbO1X|5)tA
zGWV?Vp#sB1COiEl7W8x&bai1tWu7x9<j&r>w*z*LqC)&|+BtX}ydy_LzwEcxsFl%x
z{o8hQyA!TxOIbYOv*~uS3e8i$fIttY#Tz(;wbwM&X;lY+8L@&aX3JN3(^0LX8TNUW
zAk_Q~l^E}}AyS=@(FZ@YxvusgL?N7F=Ylv-Of`J7!UiK|(rkMY*#lV0ywDp{&GWDM
z8$k8luuWdfP#jtR<cu)do&{!e?*Z+%-A@3<6u8t>jw4J5WD#v3f!K2Q-F%&H&FbA%
zX=SuCfM8+~u>b$$cpz?N$ok3HBnfS`akBoP7SybpTcNaj6s#$jghKSmeEu4c!<aph
zy8dQKK&Aow)FLVG`Sm8)-=#E@KM{r&hXsqLHw<u1i-qQdTKOe3KCCh1^>SP*2gD3$
zsT01l;#^A<?EPx;-N%4nRa8n_s2}FJ9i4Wxe4EGxB=nt_XN`#%=2cEnYV~FY;T(s-
zCY|O_-HT@6ar3_C0dSI>qWRV2r1WJg7rO!j>WviNfHY5XTIBWjz+S2V0J;c)lq}gQ
zU(7;&Zl+o2tZ;}vKBq|)Ox0&qwYK9wFilxVHEuRJ3pGa)n1j0A637;h<<7%{Rv?nz
zT`8Ht6e?;H3dLU=cp`xSlF{Pv>b-wI+?fzill8zq6VO*WANEOmT8;8~tm+_O=c&@a
ztNcHKheH}4VBHlI7e1trW<mpS3&DDBDP-W4>$hI{YJYX4(M>|rzf%EY?03<I5T>@e
z0Bhv@8o)a^<RlIS@a-s%1K<(Vb^nbN+oEQI<jHG5fw8%YNu@b5fdE#`B3p=cdK*#=
zYQi=n8(oIdeHE#<cAIfgD(NC-n!o6C-Z1KZ&&8ZNhHyQq5OCaXRF3=Gmn`Rjk+iXM
z)NJ2p11t3v?I^qZ#7b>B-zb90|K{Fyyvnqnc3+~}$i+zO4%L4H#G8p@w5e#}L1h2W
z0bU`gESO1lk)vIa6mBpji^jkM80;v3!qE{pfF9K=D%+~aJST!6vOb?)vT(Cx4@9;j
z!lHm&fgtNiJ*zVpCodl+yKb?^7UKo-W7y2(^DX=gkyXYh524AdCBcPbe25ZQ1@95}
zk6q+&nI#%rWKb=mO`dR_TE|0o69$Rdlh|Cv-U9!_b<q<$D5VY}EV1g?ZTuQhC9A@8
zu7fAQm8xYm@2y~R@W=ccxnYrga@Co2nRl#>nbxmqpFc=qse_bo;QAd+C&+;yim3?y
z2Ja2$GVbN>uf)DGtDGavPUaw6e<|dgP}sI-azViRyJ9j$Nrv6xa*SfD%d~wf=@Jy5
zb8|em=38jxd$JT-q+ID&$pd`}l>*bU)M~@{NJ)}st%U$suJ%=Cgg)UJ#DmQE%qnup
zG-t4{+Wm*QgfSV!g`HhOjx9GDR2P5hZcp9lkP(r$6SfI(Fc+}-kzZ?69vwgITby0~
z9I#rQyqSZt4<PFCeC(GL(&qAJ@`GW7l<R>&4NiYQb1V7S($n@xmXGK`b<xN5tZi%L
zj0HLKHpKzIqfsX?=llUtwmX4eCs`CAxNOOFl83f44>6c8dKS5u7X25BVfw<~ndOE_
zfC|c<T_U)0LxY~{m6Mdw%7S3!ZaJ28X^jLcgt<&DDGSqMYTeosM#t;5Clhx9u5rCh
zv+V5_h#ijIexDsQtHbvg>V$cLBE4le%$bMjuS=PEfj|ZJ><=y?70g8#bqq{u+Y3$$
zD6oi|Gg6GhhFV0}^Joo&kMr7%SJ92~A%~|Htt4XxMRO~45UO|e;}{=6D{|i@L--~C
z2CZ3>GDRe*7YR6Lu3K5ILzb8QQ~Q<$?$gX`T#5eRw!Qvh;Y31^^WAa(YN56YioLvW
zvaUMrnU^`&=9MZK{PZzVwpv`31pYhmW|4X(O0d94&HO;r;J+}nd>;VsnxY=wIMBhZ
z-QL>WA>7BHcRI=-Ws3pW-KBGd46?#~x+)W%ARE1{g-N=*h3}+wzwj`9ULXnd4;dCi
z0^uM-=fegkv@I~W&-zys4t_}nBfvg4pj~d!mTaUzQDT)KIwMiIo88E$66CKr#?cPy
zKrUCej*5Dhm!n|OdvL!>GzsTGa!2G_QN8-j{1R%wIzaxa-O$D+Fv4y5o&Z^bT>A&v
zaj;MY7k%q+WHU6FDQqxj2AF~n_DU)u<5|3O8f=gYTHok0ka5!>bOB97y=sMfwc$QB
z8AYpTU>#il$O(tq;l)b9B#R5yEItuoV`$a0W&FsxJR&I0OuTOkBG=gqe4o+;%4wyj
zKVU813%5!>4}qvJRH}x{9J^SAq)uRFRdjxwK2=FJ!WLdBjsW?W&)&jOp{D7Z%3LsP
znC*}?O7eH#Y-H2)_pfr<Ll>2szn?}R=nK6F_U$-zQ8J*=#f-OQfB-<MZt?en(HMLm
z>6pNSbIO}AA+ZwhJO5V~pAfsbhjk1hvF&A{gFpj4HK$T?0Nf->-Xs}`>d8=vD3`~4
ze_en8R!aG}$(}Q&Xu%JLsGrqSC$u8~nk<F821!M8GzNv3U;2t7FMeCp>k^B?>its@
zN;KsD<$d}gfz-A0M-HWrFf#sK>U6gJ_1Y}xiBw#>D`B4dm)$FoVIa_$MdA#*m-*%p
zF0^%JZg_wod~<5WuK9Uns4xg%54@Le=Wrsf>fEr?{>(!@Z+`@wV`y9O>#1A7wtEla
z$Jz#bm8-^FiP#4#UF&iwTp^QakuJ%zzUBr2#E-8f+eiuWfFNByoo-*wYSA4e`KvHQ
z&&5&GkAQC0wz>Vii0_b~OQ@;HvJlX5oaE%r|BkOt9+JEs11N3pDJn?$c`=eecl;j~
zz7c5Qs;1r^RKb3x!=Ere#S}8C{6cTw(V_iyl?vgfpGiqUpCNi6{^P;2wB(<-|0tz&
zqxDaKfIuCEd0i4|bN2gzLfJ9a2W@D4tiQ0N?=KoZLkAX;E1~6(%0YgHL%fLTv?X6S
zaH2Wq$c?(XsjELnne+{n<cqgN!(f%c*q|{UoF*@JSk4mAWx@$N^l_jZmXDGhn?!&>
zfT<zWmnw!RR{s`@Gm#`!I*mCwVCM>K6&|Pw7{T|ok1}C@SE|binSIFZo}dj{<Y*@T
zag=8%XO1K<+3qC{-9S`O;s?1iL;|P?9<4dqU<>(9A*0{XHpqhU10IM3FiQ$rGW?tR
zmP&^FjJ2Em5!z6u?(1jFf*`VDXoFufv#<1OWzIDcbkTrd42V1!B^7B%2j|Htw7T75
z%{ucd0c_%+@gyCw!%9kCD~CE($Uz}b5U5f~MU~jU44;`9#~vy=%{R%vpdO_m(Wor2
zAjn=MsGXf(1f(BhyrZ%v9frae^EK3_6Ot<zt6$4dF78OOd2)Zij<O$CfM8@dEp7FC
zyYd_y(gP)lFFMu5-ASFu1cnkL0;i(lyvcvIHn`waVrpp^Hq7Vl0m4CY|7fgME1w+%
zRK)~^bHg{HJWVV~^JQ!@fgwb}$FIIGGM3QgkUr8VBC|F7@}_e^X0<{i7VHhN+l!>k
zC<!om8vf>>kri>&x{892_01aQ+NmfOdUo?5TZTJs6V)hLeOi}H8e2(QfdC7FQiq(P
zN8UW~Aj(*_QUnaTJ866*r#VuY!5Mur*Ze%BPZ&g5kCyd3TSU?vQtnN&Y~PCSG}nQ|
z!iX0GM<{C~cDy3OYa!;t$^>Px0u>cOs&$&8jj+>(A+Y`Ko)Yqh33M@ZEXy@neM|<R
z-zFMIe9y7g804r_f=e5lgwlZkY?KBf<PA6aVa=6BhjWp}?a~DN+M*VNOmtwPKkQ8*
zD=NlY&xsC|EsW}p))fX<XV{cwR1h}h<ZvEOeO+@tB3k!<I>hK`lfNWurf`t!9c{Ty
zl5xCKnpI?_0y~qjSPkQ~ttN~bnofxXf$a7t6?eVd9WHTnbqRXRRqt~lFbUNsfilh=
zI(7W=;8z`b#c;VUPag(<`ye3Lmf+;t;YS-h@4)}pgc5-u<@6liDPJS7+VRu#{vAio
z;||eN0&cgnDI*7>p)>Z>3|Jlhj&Tm&U2Gt`+uTW}UY7W33v9(vrftF7J^QI#h~o)1
zGq@eLH<@3b1=5)A!W5maXEv3TkaVa#aVg$maGMz(G<NJCHT7-u@Rnr$FU6#|-a+br
zsGmmf$`qLW<-HPmr%^{J+;w^0W<oQ&fgrI5vyg~rA=gE~u&jd(@~DYRh&dnfl|-Py
za}QCvrC;%G4c(D?U%sYN)}viLCcZAAu{X4V{m#5ZX2G1e5b(xUAU~YQEIfv&?*c-L
zLS1}5NG_jG=n?AAfIh}o*R5AcRDMxdZkG*9WRKkaF3X##v*w3nJXTZdDNT5v<KE5A
z5n)#}4;W&?n-kEU(oisUJRg5KuhNG91rs^MU029Rg#(kc5ijK+)9ww8<p>ViOeXcC
zxyp*4fk3T1&7x#9F)+U!vv58q5^;9>s(Wf(qH%|Vy7}^t&C~6i(;D2zlqdd8@IMxE
zrR7|!4Y2goG}vG?4KJWu{;+<ML01M!B+&5=GL!d;CU)b+H#G7sPNP1FI7`ugN)K5z
zL3z$dr_sT>HRtztHT8yo@aUWQBq~n`b0XQEP;)k@=>vOj8~fx|6szkmaZziO%JvwA
z9o+iILYg6WzCeLMsT2wNX-Z1dN}RF5Q%aPVnp^8R0E4Ec8%jhrbZem?^Lh_Hm&&OX
zYL4U(wLWJIa6KIv{J4mJ713A#0{uK)4yyPZJSMn@H@u_xh#<673k}8Aq%7?YE;tM+
zv|yxi<m~Giz$6|smu(jVG`1pmRT2&MU#5OqPsWKj^jm^vT!;|AjE#dKbL(ihA<0^Q
THI^F#l<?zgVZ`^fDYt$?+q-dd

literal 0
HcmV?d00001

diff --git a/ofb/tests/data/aes256.blb b/ofb/tests/data/aes256.blb
new file mode 100644
index 0000000000000000000000000000000000000000..8940b5f43a18504c23a0fab4b32d64ece1debeb4
GIT binary patch
literal 4589
zcmV<J5fbhIKyN{tOlUep)_o&Rs%uyFBKZ>DWqsYUfT2wcxo7Q_A0QdHh=33A&=FxI
z_nrFXPyQf15}2Q_LArInrw%L3FQOtKEo%T?jXTEbpJLpjZAY%9K&d5nV0mcU?%_3}
zPTVgtW0Gx`6dx>YpO(M@FGbO_uppPe>+B3JcLdM^+-e`wX#qgHC~#i+<rNzIbK{6_
zCG{b7+qHV*Zmh+uPMDjWX}|eEltF2=5VC?*1))nK>bi7H8SXIJZq}FMxOqZfCV+y8
zK*Y!T)>B-#aY|f3cbbc#(o;Sow6a)pDqDB~^y6`-lptQYGZVOR{}#E5o6AEp4R2s=
z3$S@(gmLLP)Ke6O!AvEZ?#A=L4gJ=@P^h}7Alq@w5-d&(7ZvYS^O;&}@G4AT4^&}s
zS<pZH8~XcTDKOUn^rWcf-IJ6?WYQVL#ZBHD1XJO2^%!)n{bZuy;&v0TKzu|b&l<$n
zTF&d+A~>n=I5ar)Q?I30a=DDp!`vfH#2_?-f^)}&i*Ux_tF3v?6D5EE%bLiWc#tgM
zorGs85rL-y{h9<Y;@qi3-hnl6D`sJu=)mHy914*-_(I7wTvQMqo!9zKhWAT{oU&ZZ
zrbxhbfB;?aJB^Xc4qd2gp$O{Oe#c_T2WPD5Yvu)*wD0Ki)A%?zC#9Jf5B=S<=|NHA
zFYekrkYyTae>gPYHsnnO2C_ggil@gg2LF|W4;S*e&jJ2_0}%!P0otZ-`B*gMdv9DI
z4k*0_1G5|^B?CpF7(kEwfFLD*KgdNl6^m%duMry_p0po`L1=2R=}d3YI)9%e)ip4j
zGzuNl)Rt~TnnAg_a9HUFFJV6U!K{^whb!t?_=6i)i(~G>*A-S*`BU=3H(P)px=y^@
ziB4_hPmdjZ%dwsl(yk1qYz4s%FOa&@>A2gJ?sss*Re2`@ok{&GKY*YRC9e*8G%`2)
zVqLxNg*JWPy?<t8wGqw7=rXdz*&iGZKpkB~4&lcqK=-@qUA2d>#e+jc@R77;YQ=G5
z8~8-&%peem5{~?ROx$9fICRG+sw{v&=;-YN!8@2zCrsR6ss3J4sk<))U}^E9BbhvM
z<N-kQ`z)&~CveR?&ms9ajs!0_?*{p(buN?T-_cGAsRcF%)>rfM?ZNG%Le{i<c0itl
zL2R<WZ-m6TDW2kBb~Eo4fIz5XDLdMOI*Qfthg}}OUR@;u1Es7lY!3pTEKypDa}XF}
zXa<4?N395oDg8T6lCWP#)ny(xXNH`eD3B1xl4{u2OqlYgR8HNlB_c9&aRZ$9SH@Wu
zNwc+^PFjSur?Nn3YuZx>K9ty~5jw(=pzgtiG$n*Z7){SsO|;Ghex<1(@XZ}(3<Dd=
z4Z+s*vz;HvfM8u9w9ulgL(BLQ52@NXc@@{dt73;OEX>14u>lppH{fm;PJkD^xOD1w
zGEKq*l3_6Z63cJ}?6aF2C(s>AuqtYetR?O44ZA_?V+o`m^$n>X5w0zvp!|#D{kjxO
z2pYLdcE<~cYba(qO5|wO%%Ol_(%tZE;Fb0iEG&|otdI6QM}sX#OZ65DUU5RIXt~03
zYi}A!Ia*R*2Fh07UwJ{SIj01Ti5$$K4r&y4lu@TZw1rH#a<sE<nS`hNode$J!fP#h
zBjb0YYO`BynkM@>djlX0@y3{cZJ?4(ae?3iK%l=6z_k4(QqpS4>B7I7KBuF7H6}CP
z5z690<fnu4N+2NHgEW}4ef(Hv$1=KlBBX%;C$CBqTTBl#>;vWh<58*Yta{pyV#EGu
zPU1oSs<U7)sw~CIy_57;5bh;5Q@k?p!Q!;ZTIgw&b7k7iakx6-()p0lZ7>=5`o!lb
z)Hcui{tkj@WET3AWXBlmjRA{rr~mU&^NB{kv}<$x?I%XIZRd=W3AJ|(DegpohV&YN
zfdB>}^neQh97OIuKBUTUB#Zq4s03SVq+mz+xf>$q3$RXZOVZp|SrI8`&wb1G))Pj7
zt??pnQO2L%`SFogQCF;Jj+qG8<f`Kz<#Puv;Wlq%sPP!rnCAD=*kX`Rq(v2tE|=8P
zjMxPE@(1x6Z^|U(WQFX8wdrt~il+TlBN;#tiU!CM^2*CzQX0z8>c*zqGWsqZ8*PX;
znA+3ZU9<`yx~<u{p+bPvVGTiOTsF6Ofgsg?vn_7P(-{mD#Q{=*{u}iLX*Jmdtn7Cp
ztRI3_Q=`g2kvL$ypuGFHjh~u9^p|Vo3zh6N;rCFe=>H_BvV=0{_~)kc;7M-_fBWb#
zoi@0BxefQdO`no9RFUw#2)xxF@FIto8YeKgrv8L>gkht7eT6~CcufRt_P#B>;In&<
zg3(OS*S-d42adHmE`EU^^4O})QF&NRXujPr9orlWj&2JA(3n|7#hduQigKB@l^DBr
z944=Qq6Dlj?FN!@ps%ra!~BQ@D8PQJu;Eb_LvijO#nJiL;W8bIJ#&a2sc2_P)s+k^
zf9BmsbN}D7mkMRujx%_FB-`zYNAYA!#<-`ND;YwCiTjHaHzj+eI%;VAD<NRuccTa3
zr|ZMKKpk(Zj*dyzBhSdu1@KMJt6&#heYE{WE~I0#Ojc)>6(B1AGB!o{uFsML=S2xp
zCQpGtSRGLty+j=~G3R=b3elAG4T@>DJk~jE?|(PNCRBy89&%sGBEpyKq{BfbjEb+-
z&<CInMTxXMwS*%KF_W){sJYjDx$I6U#?-43O3-32Y&!E#)a+rny#nSAOXB5sA9^7D
zD#<G}zM&x;>#LPW2&>CLkOe3uFoEck9ZL_(t3IL<9AOqzwXz8f7$Y!h&Et`)BHr@L
zHHVR7Pt_I7fk14fc~nm%JhBH*>ly9ADEgx|HP-IX$WTxwX@(7crf5PbfmEwSUwPX_
z{c_;Wh}4o0B5X*WoE82FAz~PCd&`#L<(jD1{MnZ%_Zml!pY6d3p%G##W4Pw$HXwU9
zt-lU$Ns#S!v?Me~KajhOb;^D8eRA5iAF#%KCRG9<d`?*lH8$AS$Dlf7b6$selq2*D
z5<8AV9y_{4zZpAhO7K8d#gAMeLCEX_C$XlxjuZTZ5-AUida`n-m_;!~ape*qqYDd_
z#eQg)v<&Fo)F75tAoXLMoab&sP|inK+5}exG9bJoiS>h4oc#Eo2^y)R^1eVP70cEi
zG?YiCR!;mOSTNixcvCPtW^q`6pX|I4_7Vml0@MPzKw0stW-9NX0X2XbKn(@14!zZn
z&i^hrFcjVf64uAmXvDIG%HBhlETGmyt3b|J#Y=?jD*g<z{Z-a2MvFTfTJ%}_PMIIg
zvLd7zeEL9PWzQYNjIGQYplJ2aHP&f<LZEj}B|Qy+=OH0V!ZA-E3`gXUv&cO%18%~5
z=giL{V8hOHi(0FzgAC2sE<9L{3cb+BoFZzH-M3E`Hk@!-Jd-)Mx_1v?dPKrMuc_G?
zBVaR@;|&sOSsLGDiE(9gvm^cB7DEB&2Bm|gKjuF+d92SKJTD&T_W2(UOX|NFtbRas
zzLln>L;$kkw1whMtr+bfrY0Y{g4354WQMY6#HYs~J2_g@MGRKR@vO?Sq<i5WfB<Nc
z{9HXq^yZ2zF^_>)?wD`SY=xri=L`?raGX$23b45r2E_3@$-L$9q2SI&mJ8@?HN07Z
zL4cRKC@qL~2<m_UQe=Ood<J!OKXO`+)J9?|E&nJ%<{C!ad3hv}u?Y=JVWNmiRW9Xg
zi4GR3nYqB_d8U%%W^LA#94SSbN+2K!K=ue<BQfYv+ngp;+RIz78D8}&5qa7mfOJmQ
zYtt4BUmz!wRj;$3XB@<)+*6kbZ?}LTufX_zB~nI-DS|Nsq!bvuTaZAuGGlg{b)w;M
z2Fp^OS)Tk^SU(y)2{N&77h80seJz7DdJx)faAHDN-J%QW4Uq#c3?_l(GQa5-)5LZD
zfFSzs(^U15ZZv?k^$YixzN3@b^ikm_p}%t*3-8rlM18^${Uw-dn}iCZjUyEh+_5!}
z1CZDy0+bWwt_PG9OYqo?T$G+(x;~q`<UDT`mMTE2c3*vnXE-ViYp-=&FO+^{^X$F`
zDLg)QKLiWqxryZ<f362S4!QqETh#CQ`4c9%fIxQk(uWwgi0NALRwG2p`>n2#oAJI%
zRzgh%C|T7yEmraOPF9eS#U)xgKD)qDsqW4|<)9~cV2C`+j?v=36@g^Y$!+mp`Z~ce
zT5#b%k*~SBd+oOuUD3C6E_BGb5!HY|Q4(K$0|UJao}tcGg5-HQaFsOQHDJnoi7Hz<
zHl?I@eIbA?wWY7IH9ps&beG5%Z^{HCOLl*GJQAa3rGS?Sf#t!!0lA9bb{b)*a%KW|
zDhT*JACh1({tfZM#Ed!6Kw;%fFl}r8k2R&)qE4qVzQ+)`9|4f_hrp-nD1)yh#2~BZ
zXFlcL)jL>%Fp^!Gx7L7Qd_rbHkWp2rQlmz#Wu~HO!DM?ARwR;_4fy#_u(&mnOUeSS
zCD-&>DrlDHX(#^Gj+^^RPY;M7XG{YHDr4C(%-<k1)2L1on;ah&zo7q#K7dk!zNdC9
z3+34Fd1T8Wg4PftdoTS`7%6vHs1H}!fMCL*eQ!8&xBeD!D~;sbvFbvc8|%f&unYln
z+*#+CC67{hVSd~cCb9PDgHbsC?ML-0e4!JMST`AAZjOrYXZ&*D+6_Luz$VbIDQMG*
zF4s&8C%kfA9!S9BgLz0YAVNxAQ04`7Y^BXlhnil8TjW42@@z}GcAU#c<~>f#Z=i6+
zs>Z<9wIXq}h@VnJhUEYtWn8hem{eRomB;(DgjR#VfdFt`KP9^y5!5kmjdr(^0-{Ft
zS3gW!!lJ|OEyn2yFChMui1Z-N-QAR6G+40&K2LDrfeG$m{03ZII>V~~I0)Z6MUcJ8
zG2bFj&<W>kqNX<eLcZU)j*lNoa@>3l*v*r;6O$-gFmebf_Muh6{3SS<HEEc8vLf}@
z8yDJ5BUFI^5%wq{_}cBgrIo>X4AkeFCOy9u^kM1}!tAflsUMxJSAlYa6VW_4`#!#r
zklPhVbxoXKbjA#{!Z_&Fgu)mVk#E!BdLP3}$i-yugwwA0{qysA#rO&X{S>Wr(n}x}
zNGB8EH?GPbl978m@22?DM3{{V@7^pX`sv44oTC2JK;E6fpVPaiY%`6Wf=YRX2sd_x
zWLLQo{sE9pM|6&p`yfl}a+??@74V-w2C4;-!Kr~DKJ0ybA{62&fFEzV*j})SSl$<X
z=Zoqiqkt1ry(@IyWP9szBI<+bM<mXx;syz@D@#5pOGb5B(D~){y$5QH4-6*<q#pTj
z`H-+JIB-{sn@aOk1c*}m<cNNIY$L%OD+1?TS_#(h&z%7b8o^d*r7JE0KTy{kYjoH{
zRj34`sJAaAr_HZx#Orjx)I6Uvfgl}UH$ohaWY2k})|41XviDBJ9aWk3l>v@vh>8-v
zA3e=cTkG5zWbMY#9%Qmq{KeN!8J05<g>rz!+*4%49ueq7x+N<&?6X*JNyya(nc%(s
z<g1Y*&=4v(Ds%Ev!ZTEXe0OoLq$?H5f<@^hE=}qhrW_gc9^`ZkmvAOCv#tA3$Z8f!
zGhF5<?`2kZW)(n~sh1vxfNab(l@V{yZOPG6FX(_^{oTWEgm2R+(nm-jnS;&*j~VYk
zLj_C&ssRh`fj|JtqB9wfQM>h%Ku=kMX_vI>ICF*1bWD@apbl^@j~4%0r{Q{<U?ATQ
z4dm)-yEwe@*LQ&mgBbRkUV{bp*C+6A0E<iPEoIG2QEa52V*4+VZznuOyK*b+c*7R?
z3trXUZt>G*U_9+GJP_kO)ybZ)`IOsQcxT$1QxC+@xy~X?ZmW0@HJq0-&yze?HWAYw
z&GYfwhtJV_=k%m-ptONNO9yBEz|_45$D9vVQri085YNtu<0YNyl+%(@#z2G&D67lh
z@5)o$gt6~cdG_xp!V~mGA`1g=<5Af?%H@7#O28dC_;M3+KMF=IRW`UYZL3^;FUKhO
zWp!(X_fla*84d&z!xSb^VQszV&EbBCdSI<N@}V;gf(h|5GtN{o{ah(>IQX;wQ=|Kd
X$U$hZPx_C4Q{hZDqSF#hXrh0$$pOFb

literal 0
HcmV?d00001

diff --git a/pcbc/CHANGELOG.md b/pcbc/CHANGELOG.md
new file mode 100644
index 0000000..b6059ab
--- /dev/null
+++ b/pcbc/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.1.0 (2022-02-10)
+- Initial release ([#2])
+
+[#2]: https://github.com/RustCrypto/block-modes/pull/2
diff --git a/pcbc/Cargo.toml b/pcbc/Cargo.toml
new file mode 100644
index 0000000..35161c1
--- /dev/null
+++ b/pcbc/Cargo.toml
@@ -0,0 +1,30 @@
+[package]
+name = "pcbc"
+version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
+description = "Propagating Cipher Block Chaining (PCBC) block cipher mode of operation"
+authors = ["RustCrypto Developers"]
+license = "MIT OR Apache-2.0"
+edition = "2021"
+rust-version = "1.56"
+readme = "README.md"
+documentation = "https://docs.rs/pcbc"
+repository = "https://github.com/RustCrypto/block-ciphers"
+keywords = ["crypto", "block-mode", "ciphers"]
+categories = ["cryptography", "no-std"]
+
+[dependencies]
+cipher = "0.4"
+
+[dev-dependencies]
+aes = "0.8"
+cipher = { version = "0.4", features = ["dev"] }
+hex-literal = "0.3.3"
+
+[features]
+default = ["block-padding"]
+block-padding = ["cipher/block-padding"]
+zeroize = ["cipher/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/pcbc/LICENSE-APACHE b/pcbc/LICENSE-APACHE
new file mode 100644
index 0000000..78173fa
--- /dev/null
+++ b/pcbc/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/pcbc/LICENSE-MIT b/pcbc/LICENSE-MIT
new file mode 100644
index 0000000..d19d409
--- /dev/null
+++ b/pcbc/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018 Artyom Pavlov
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/pcbc/README.md b/pcbc/README.md
new file mode 100644
index 0000000..ab64cf1
--- /dev/null
+++ b/pcbc/README.md
@@ -0,0 +1,60 @@
+# RustCrypto: PCBC
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Generic implementation of the [Propagating Cipher Block Chaining][PCBC] (PCBC)
+block cipher mode of operation.
+
+<img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/pcbc_enc.svg" width="50%"><img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/pcbc_dec.svg" width="50%">
+
+See [documentation][cipher-doc] of the `cipher` crate for additional information.
+
+## Minimum Supported Rust Version
+
+Rust **1.56** or higher.
+
+Minimum supported Rust version can be changed in the future, but it will be
+done with a minor version bump.
+
+## SemVer Policy
+
+- All on-by-default features of this library are covered by SemVer
+- MSRV is considered exempt from SemVer as noted above
+
+## License
+
+Licensed under either of:
+
+ * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+ * [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://img.shields.io/crates/v/pcbc.svg
+[crate-link]: https://crates.io/crates/pcbc
+[docs-image]: https://docs.rs/pcbc/badge.svg
+[docs-link]: https://docs.rs/pcbc/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/308460-block-modes
+[build-image]: https://github.com/RustCrypto/block-modes/workflows/pcbc/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/block-modes/actions?query=workflow%3Apcbc+branch%3Amaster
+
+[//]: # (general links)
+
+[PCBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Propagating_cipher_block_chaining_(PCBC)
+[cipher-doc]: https://docs.rs/cipher/
diff --git a/pcbc/benches/aes128.rs b/pcbc/benches/aes128.rs
new file mode 100644
index 0000000..5abeae5
--- /dev/null
+++ b/pcbc/benches/aes128.rs
@@ -0,0 +1,16 @@
+#![feature(test)]
+extern crate test;
+
+use aes::Aes128;
+
+cipher::block_encryptor_bench!(
+    KeyIv: pcbc::Encryptor<Aes128>,
+    pcbc_aes128_encrypt_block,
+    pcbc_aes128_encrypt_blocks,
+);
+
+cipher::block_decryptor_bench!(
+    KeyIv: pcbc::Decryptor<Aes128>,
+    pcbc_aes128_decrypt_block,
+    pcbc_aes128_decrypt_blocks,
+);
diff --git a/pcbc/src/decrypt.rs b/pcbc/src/decrypt.rs
new file mode 100644
index 0000000..0abc781
--- /dev/null
+++ b/pcbc/src/decrypt.rs
@@ -0,0 +1,181 @@
+use crate::xor;
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockDecryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// PCBC mode decryptor.
+#[derive(Clone)]
+pub struct Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockDecryptMut for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    fn decrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.decrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> InnerUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            iv: iv.clone(),
+        }
+    }
+}
+
+impl<C> IvState for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("pcbc::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Decryptor<C>
+where
+    C: BlockDecryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("pcbc::Decryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockDecryptMut + BlockCipher> Drop for Decryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockDecryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Decryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let t = self.iv.clone();
+        *self.iv = block.clone_in();
+        self.backend.proc_block(block.reborrow());
+        let res = block.get_out();
+        xor(res, &t);
+        xor(self.iv, res);
+    }
+}
diff --git a/pcbc/src/encrypt.rs b/pcbc/src/encrypt.rs
new file mode 100644
index 0000000..c54dc4c
--- /dev/null
+++ b/pcbc/src/encrypt.rs
@@ -0,0 +1,181 @@
+use crate::xor;
+use cipher::{
+    consts::U1,
+    crypto_common::{InnerUser, IvSizeUser},
+    generic_array::{ArrayLength, GenericArray},
+    inout::InOut,
+    AlgorithmName, Block, BlockBackend, BlockCipher, BlockClosure, BlockEncryptMut, BlockSizeUser,
+    InnerIvInit, Iv, IvState, ParBlocksSizeUser,
+};
+use core::fmt;
+
+#[cfg(feature = "zeroize")]
+use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
+
+/// PCBC mode encryptor.
+#[derive(Clone)]
+pub struct Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    cipher: C,
+    iv: Block<C>,
+}
+
+impl<C> BlockSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type BlockSize = C::BlockSize;
+}
+
+impl<C> BlockEncryptMut for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    fn encrypt_with_backend_mut(&mut self, f: impl BlockClosure<BlockSize = Self::BlockSize>) {
+        let Self { cipher, iv } = self;
+        cipher.encrypt_with_backend_mut(Closure { iv, f })
+    }
+}
+
+impl<C> InnerUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type Inner = C;
+}
+
+impl<C> IvSizeUser for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    type IvSize = C::BlockSize;
+}
+
+impl<C> InnerIvInit for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn inner_iv_init(cipher: C, iv: &Iv<Self>) -> Self {
+        Self {
+            cipher,
+            iv: iv.clone(),
+        }
+    }
+}
+
+impl<C> IvState for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher,
+{
+    #[inline]
+    fn iv_state(&self) -> Iv<Self> {
+        self.iv.clone()
+    }
+}
+
+impl<C> AlgorithmName for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("pcbc::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str(">")
+    }
+}
+
+impl<C> fmt::Debug for Encryptor<C>
+where
+    C: BlockEncryptMut + BlockCipher + AlgorithmName,
+{
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("pcbc::Encryptor<")?;
+        <C as AlgorithmName>::write_alg_name(f)?;
+        f.write_str("> { ... }")
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher> Drop for Encryptor<C> {
+    fn drop(&mut self) {
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))]
+impl<C: BlockEncryptMut + BlockCipher + ZeroizeOnDrop> ZeroizeOnDrop for Encryptor<C> {}
+
+struct Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    f: BC,
+}
+
+impl<'a, BS, BC> BlockSizeUser for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BC> BlockClosure for Closure<'a, BS, BC>
+where
+    BS: ArrayLength<u8>,
+    BC: BlockClosure<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn call<B: BlockBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+        let Self { iv, f } = self;
+        f.call(&mut Backend { iv, backend });
+    }
+}
+
+struct Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    iv: &'a mut GenericArray<u8, BS>,
+    backend: &'a mut BK,
+}
+
+impl<'a, BS, BK> BlockSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type BlockSize = BS;
+}
+
+impl<'a, BS, BK> ParBlocksSizeUser for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    type ParBlocksSize = U1;
+}
+
+impl<'a, BS, BK> BlockBackend for Backend<'a, BS, BK>
+where
+    BS: ArrayLength<u8>,
+    BK: BlockBackend<BlockSize = BS>,
+{
+    #[inline(always)]
+    fn proc_block(&mut self, mut block: InOut<'_, '_, Block<Self>>) {
+        let mut t = block.clone_in();
+        xor(&mut t, self.iv);
+        *self.iv = block.clone_in();
+        let b = (&t, block.get_out()).into();
+        self.backend.proc_block(b);
+        xor(self.iv, block.get_out());
+    }
+}
diff --git a/pcbc/src/lib.rs b/pcbc/src/lib.rs
new file mode 100644
index 0000000..de6829d
--- /dev/null
+++ b/pcbc/src/lib.rs
@@ -0,0 +1,85 @@
+//! [Propagating Cipher Block Chaining][1] (PCBC) mode.
+//!
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/pcbc_enc.svg" width="49%" />
+//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/pcbc_dec.svg" width="49%"/>
+//!
+//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
+//!
+//! # ⚠️ Security Warning: Hazmat!
+//!
+//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
+//! is not verified, which can lead to serious vulnerabilities!
+//!
+//! # Example
+//! ```
+//! use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+//! use hex_literal::hex;
+//!
+//! type Aes128PcbcEnc = pcbc::Encryptor<aes::Aes128>;
+//! type Aes128PcbcDec = pcbc::Decryptor<aes::Aes128>;
+//!
+//! let key = [0x42; 16];
+//! let iv = [0x24; 16];
+//! let plaintext = b"hello world! this is my plaintext.";
+//! let ciphertext = hex!(
+//!     "c7fe247ef97b21f07cbdd26cb5d346bf"
+//!     "ab13156d0b2f05f91c4837db5157bad5"
+//!     "62cb0b6fa7816e254a2fc8d852fb4315"
+//! );
+//!
+//! // encrypt/decrypt in-place
+//! // buffer must be big enough for padded plaintext
+//! let mut buf = vec![0u8; 48];
+//! let pt_len = plaintext.len();
+//! buf[..pt_len].copy_from_slice(&plaintext[..]);
+//! let ct = Aes128PcbcEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_mut::<Pkcs7>(&mut buf, pt_len)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let pt = Aes128PcbcDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_mut::<Pkcs7>(&mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//!
+//! // encrypt/decrypt from buffer to buffer
+//! let mut buf = vec![0u8; 48];
+//! let ct = Aes128PcbcEnc::new(&key.into(), &iv.into())
+//!     .encrypt_padded_b2b_mut::<Pkcs7>(&plaintext[..], &mut buf)
+//!     .unwrap();
+//! assert_eq!(ct, &ciphertext[..]);
+//!
+//! let mut buf = vec![0u8; 48];
+//! let pt = Aes128PcbcDec::new(&key.into(), &iv.into())
+//!     .decrypt_padded_b2b_mut::<Pkcs7>(&ct, &mut buf)
+//!     .unwrap();
+//! assert_eq!(pt, &plaintext[..]);
+//! ```
+//!
+//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Propagating_cipher_block_chaining_(PCBC)
+
+#![no_std]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
+    html_root_url = "https://docs.rs/pcbc/0.1.0"
+)]
+#![forbid(unsafe_code)]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![warn(missing_docs, rust_2018_idioms)]
+
+mod decrypt;
+mod encrypt;
+
+pub use cipher;
+pub use decrypt::Decryptor;
+pub use encrypt::Encryptor;
+
+use cipher::generic_array::{ArrayLength, GenericArray};
+
+#[inline(always)]
+fn xor<N: ArrayLength<u8>>(out: &mut GenericArray<u8, N>, buf: &GenericArray<u8, N>) {
+    for (a, b) in out.iter_mut().zip(buf) {
+        *a ^= *b;
+    }
+}
diff --git a/pcbc/tests/aes.rs b/pcbc/tests/aes.rs
new file mode 100644
index 0000000..5a18387
--- /dev/null
+++ b/pcbc/tests/aes.rs
@@ -0,0 +1,12 @@
+use aes::{Aes128, Aes128Dec, Aes128Enc};
+use cipher::{block_mode_dec_test, block_mode_enc_test, iv_state_test};
+use pcbc::{Decryptor, Encryptor};
+
+iv_state_test!(aes128_pcbc_enc_iv_state, Encryptor<Aes128>, encrypt);
+iv_state_test!(aes128_pcbc_dec_iv_state, Decryptor<Aes128>, decrypt);
+
+// The test vectors are generated using this implementation.
+block_mode_enc_test!(aes128_pcbc_enc_test, "aes128", Encryptor<Aes128>);
+block_mode_dec_test!(aes128_pcbc_dec_test, "aes128", Decryptor<Aes128>);
+block_mode_enc_test!(aes128enc_pcbc_enc_test, "aes128", Encryptor<Aes128Enc>);
+block_mode_dec_test!(aes128dec_pcbc_dec_test, "aes128", Decryptor<Aes128Dec>);
diff --git a/pcbc/tests/data/aes128.blb b/pcbc/tests/data/aes128.blb
new file mode 100644
index 0000000000000000000000000000000000000000..4eedb9299254fd9752013bc7e73a16f1e8a5635b
GIT binary patch
literal 167
zcmZQjU|?ioW?^Mx=iubx=HcbzR}c^s5*85^6PJ*bl9rK`lW$-k1ZEbbv@bmSOn6W3
zgKeL@WvZ5VoY;BT!OkRo#i<*U9llyOFtGo7U-IxObKV5LcY=LWCQa@<-@>8F{o}}*
tSuSnCDLc$V9ysf~y4k<{RO}Xxh`009gLN<Si9Yw8#naNf?8bJZ3;<_KG+Y1x

literal 0
HcmV?d00001