Why must all inputs to AES be multiples of 16?

2020-02-14 05:41发布

问题:

I'm using the PyCrypto implementation of AES and I'm trying to encrypt some text (24 bytes) using a 24 byte key.

aes_ecb = AES.new('\x00'*24, AES.MODE_ECB)
aes_ecb.encrypt("123456"*4)

I get this surprising error ValueError: Input strings must be a multiple of 16 in length
So why is it that my input must be a multiple of 16? It would make more sense to me that the input string length must be a multiple of my key size, because this would allow nice bitwise operations between the key and blocks of plaintext.

回答1:

AES is a block cipher. Quote from the Wikipedia page: “a block cipher is a deterministic algorithm operating on fixed-length groups of bits”.

AES can only work with blocks of 128 bits (that is, 16 chars, as you noticed).

If your input can have lengths others than a multiple of 128, depending on your application, you may have to be extremely careful how you handle padding.



回答2:

Just want to add info about mods of operations

Yes, AES is a 128-bit (16-byte) block cipher with multiple possible key length (128, 192, 256), but the cause of this text padding limitation (and error msg) is ECB mode of operation. ECB is the simplest of the encryption modes. I don't know your goals, so will just skip the part that it doesn't provide serious message confidentiality.

CBC and CTR are more common and usually appropriate to use and in CTR mode you don't need 128-bit message length.

There is also ciphertext stealing (CTS) method for ECB and CBC modes.

Method of using a block cipher mode of operation that allows for processing of messages that are not evenly divisible into blocks without resulting in any expansion of the ciphertext, at the cost of slightly increased complexity

But Ciphertext stealing for ECB mode requires the plaintext to be longer than one 128-bit block.



回答3:

Because the block size is 16 bytes, the way to handle this is to add padding when encrypting.



标签: aes pycrypto