Document how Tink handles associatedData='' in AES SIV.

AES SIV allows the user to import a list of associated datas, but Tink only uses a single associated data in its interface. When the user inputs an empty associated data byte sequence, Tink will handle this as a list of one empty byte sequence, and not as an empty list. PiperOrigin-RevId: 527491521 Change-Id: Iedfcbee204db27856d5891027a57709ef8a5c754 (cherry picked from commit c851f9e)
tink-crypto · Apr 27, 2023 · 808dbb7 · 808dbb7
1 parent 0ca4fe5
commit 808dbb7
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/proto/aes_siv.proto b/proto/aes_siv.proto
@@ -22,6 +22,14 @@ option java_package = "com.google.crypto.tink.proto";
 option java_multiple_files = true;
 option go_package = "github.com/google/tink/go/proto/aes_siv_go_proto";
 
+// Tink implements RFC 5297 (https://www.rfc-editor.org/rfc/rfc5297) for
+// AES-SIV, putting the SIV/Tag at the beginning of the ciphertext.
+//
+// While the RFC 5297 supports a list of associated datas, Tink only supports
+// exactly one associated data, which corresponds to a list with one element in
+// RFC 5297. An empty associated data is a list with one empty element, and not
+// an empty list.
+
 message AesSivKeyFormat {
   // Only valid value is: 64.
   uint32 key_size = 1;