Problem: didn't verify secrets against public key in DirectPath

Solution:
- verify decreted secret against public key
- also verify leaf keypackage against leaf secret

chain-tx-enclave-next/mls/Cargo.toml

@@ -14,13 +14,13 @@ x509-parser = "0.8.0-beta4"
 secrecy = "0.7.0"
 sha2 = "0.9"
 hkdf = { version = "0.9", features = ["std"] }
-hpke = { version = "0.1.8", default-features = false, features = ["p256"] }
+hpke = { version = "0.1.8", default-features = false, features = ["p256", "std"] }
 aead = "0.3"
 rand = "0.7"
 chrono="0.4.13"
 ra-client = { path = "../enclave-ra/ra-client" }
 subtle = "2.2.3"
-chain-util = { path = "../../chain-util", default-features = false }
+chain-util = { path = "../../chain-util" }
 
 [dev-dependencies]
 chrono = "0.4"

chain-tx-enclave-next/mls/src/ciphersuite.rs

@@ -386,8 +386,7 @@ impl CipherSuite {
             CipherSuite::MLS10_128_DHKEMP256_AES128GCM_SHA256_P256 => {
                 let encapped_key = EncappedKey::<
                     <hpke::kem::DhP256HkdfSha256 as hpke::kem::Kem>::Kex,
-                >::unmarshal(&ct.kem_output)
-                .expect("valid encapped key");
+                >::unmarshal(&ct.kem_output)?;
                 let mut context = hpke::setup_receiver::<
                     AesGcm128,
                     hpke::kdf::HkdfSha256,
@@ -402,11 +401,9 @@ impl CipherSuite {
                 let payload_len = ct.ciphertext.len();
                 let mut payload = ct.ciphertext[0..payload_len - 16].to_vec();
                 let tag_bytes = &ct.ciphertext[payload_len - 16..payload_len];
-                let tag = AeadTag::<AesGcm128>::unmarshal(tag_bytes).expect("valid tag");
+                let tag = AeadTag::<AesGcm128>::unmarshal(tag_bytes)?;
 
-                context
-                    .open(&mut payload, aad, &tag)
-                    .expect("decryption failed");
+                context.open(&mut payload, aad, &tag)?;
                 Ok(payload)
             }
         }