pub(crate) fn encrypt_cose(
algorithm: CoseContentEncryptionAlgorithm,
builder: CoseEncryptBuilder,
protected_header: Header,
plaintext: &[u8],
cek: &[u8],
) -> Result<CoseEncrypt, CryptoError>Expand description
Encrypts plaintext into a multi-recipient COSE [CoseEncrypt] message, dispatching to the
CoseEncryptCipher selected by algorithm.
The chosen cipher declares its algorithm in the (authenticated) protected header, so
decrypt_cose can recover it from the message without the caller specifying it. The caller is
expected to have configured the recipient(s) on builder; cek is the content-encryption key
and must match the selected cipher’s key length.
If the protected_header declares a ContentFormat::Utf8 content type, the plaintext is
padded to a block boundary before encryption to hide its exact length. The corresponding
decrypt_cose removes the padding transparently.