Replace panic with Secp256k1 variant in HpkeError

The From<secp256k1::Error> impl for HpkeError panicked on any
variant other than InvalidPublicKey. If secp256k1 adds new Error
variants, this would cause a runtime panic instead of returning
a proper error.

Add a Secp256k1(secp256k1::Error) variant to HpkeError that
wraps unexpected secp256k1 errors, mirroring the existing
Hpke(hpke::HpkeError) pattern. Update Display and Error impls
to delegate to the wrapped error. Add a test verifying that
non-InvalidPublicKey variants convert safely.

Author: agentbox

payjoin/src/core/hpke.rs

@@ -274,6 +274,7 @@ fn pad_plaintext(msg: &mut Vec<u8>, padded_length: usize) -> Result<&[u8], HpkeE
 pub enum HpkeError {
     InvalidPublicKey,
     Hpke(hpke::HpkeError),
+    Secp256k1(secp256k1::Error),
     InvalidKeyLength,
     PayloadTooLarge { actual: usize, max: usize },
     PayloadTooShort,
@@ -286,10 +287,8 @@ impl From<hpke::HpkeError> for HpkeError {
 impl From<secp256k1::Error> for HpkeError {
     fn from(value: secp256k1::Error) -> Self {
         match value {
-            // As of writing, this is the only relevant variant that could arise here.
-            // This may need to be updated if relevant variants are added to secp256k1
             secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,
-            _ => panic!("Unsupported variant of secp256k1::Error"),
+            other => Self::Secp256k1(other),
         }
     }
 }
@@ -300,6 +299,7 @@ impl fmt::Display for HpkeError {
 
         match &self {
             Hpke(e) => e.fmt(f),
+            Secp256k1(e) => e.fmt(f),
             InvalidKeyLength => write!(f, "Invalid Length"),
             PayloadTooLarge { actual, max } => {
                 write!(
@@ -319,6 +319,7 @@ impl error::Error for HpkeError {
 
         match &self {
             Hpke(e) => Some(e),
+            Secp256k1(e) => Some(e),
             PayloadTooLarge { .. } => None,
             InvalidKeyLength | PayloadTooShort => None,
             InvalidPublicKey => None,
@@ -492,6 +493,18 @@ mod test {
         );
     }
 
+    #[test]
+    fn secp256k1_error_conversion_does_not_panic() {
+        let invalid_pk: HpkeError = secp256k1::Error::InvalidPublicKey.into();
+        assert_eq!(invalid_pk, HpkeError::InvalidPublicKey);
+
+        let invalid_sk: HpkeError = secp256k1::Error::InvalidSecretKey.into();
+        assert_eq!(invalid_sk, HpkeError::Secp256k1(secp256k1::Error::InvalidSecretKey));
+
+        let invalid_sig: HpkeError = secp256k1::Error::InvalidSignature.into();
+        assert_eq!(invalid_sig, HpkeError::Secp256k1(secp256k1::Error::InvalidSignature));
+    }
+
     /// Test that the encrypted payloads are uniform.
     ///
     /// This randomized test will generate a false negative with negligible probability