Document how Tink handles associatedData='' in AES SIV.

AES SIV allows the user to import a list of associated datas, but Tink only uses a single associated data in its interface. When the user inputs an empty associated data byte sequence, Tink will handle this as a list of one empty byte sequence, and not as an empty list. PiperOrigin-RevId: 527491521
author: juerg <juerg@google.com> 2023-04-27 00:02:20 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-04-27 00:03:45 -0700
commit: 39ecc214ccb8276fc1f770a9e9a90ad3a35aede7 (patch)
tree: b64fbb246ed2d69e66162b7edfb097611beea515 /java_src/proto
parent: 78c5b6225c7b160b9f3d244d18fcd644b2f3a57c (diff)
download: tink-39ecc214ccb8276fc1f770a9e9a90ad3a35aede7.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/java_src/proto/aes_siv.proto b/java_src/proto/aes_siv.proto
index d7ebedf24..ccb8d3cb9 100644
--- a/java_src/proto/aes_siv.proto
+++ b/java_src/proto/aes_siv.proto
@@ -22,6 +22,14 @@ option java_package = "com.google.crypto.tink.proto";
 option java_multiple_files = true;
 option go_package = "github.com/google/tink/go/proto/aes_siv_go_proto";
 
+// Tink implements RFC 5297 (https://www.rfc-editor.org/rfc/rfc5297) for
+// AES-SIV, putting the SIV/Tag at the beginning of the ciphertext.
+//
+// While the RFC 5297 supports a list of associated datas, Tink only supports
+// exactly one associated data, which corresponds to a list with one element in
+// RFC 5297. An empty associated data is a list with one empty element, and not
+// an empty list.
+
 message AesSivKeyFormat {
   // Only valid value is: 64.
   uint32 key_size = 1;
author	juerg <juerg@google.com>	2023-04-27 00:02:20 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-04-27 00:03:45 -0700
commit	39ecc214ccb8276fc1f770a9e9a90ad3a35aede7 (patch)
tree	b64fbb246ed2d69e66162b7edfb097611beea515 /java_src/proto
parent	78c5b6225c7b160b9f3d244d18fcd644b2f3a57c (diff)
download	tink-39ecc214ccb8276fc1f770a9e9a90ad3a35aede7.tar.gz