Overview#CHACHA20-POLY1305 is decribed in RFC 7539
- A 256-bit key
- A 96-bit nonce -- different for each invocation with the same key
- An arbitrary length plaintext
- Arbitrary length additional authenticated data (AAD)
Some protocols may have unique per-invocation inputs that are not 96 bits in length. For example, IPsec may specify a 64-bit nonce. In such a case, it is up to the protocol document to define how to transform the protocol nonce into a 96-bit nonce, for example, by concatenating a constant value.