Why must all inputs to AES be multiples of 16?

Question

I'm using the PyCrypto implementation of AES and I'm trying to encrypt some text (24 bytes) using a 24 byte key.

aes_ecb = AES.new('\x00'*24, AES.MODE_ECB)
aes_ecb.encrypt("123456"*4)

I get this surprising error ValueError: Input strings must be a multiple of 16 in length
So why is it that my input must be a multiple of 16? It would make more sense to me that the input string length must be a multiple of my key size, because this would allow nice bitwise operations between the key and blocks of plaintext.

Answer 1

AES is a block cipher. Quote from the Wikipedia page: “a block cipher is a deterministic algorithm operating on fixed-length groups of bits”.

AES can only work with blocks of 128 bits (that is, 16 chars, as you noticed).

If your input can have lengths others than a multiple of 128, depending on your application, you may have to be extremely careful how you handle padding.

Answer 2

Just want to add info about mods of operations

Yes, AES is a 128-bit (16-byte) block cipher with multiple possible key length (128, 192, 256), but the cause of this text padding limitation (and error msg) is ECB mode of operation. ECB is the simplest of the encryption modes. I don't know your goals, so will just skip the part that it doesn't provide serious message confidentiality.

CBC and CTR are more common and usually appropriate to use and in CTR mode you don't need 128-bit message length.

There is also ciphertext stealing (CTS) method for ECB and CBC modes.

Method of using a block cipher mode of operation that allows for processing of messages that are not evenly divisible into blocks without resulting in any expansion of the ciphertext, at the cost of slightly increased complexity

But Ciphertext stealing for ECB mode requires the plaintext to be longer than one 128-bit block.