Change HpkeError::Secp256k1 into the opaque InvalidPublicKey error

shinghim · shinghim · commit 459b518707be · 2025-03-04T19:57:10.000-06:00
Making this into an opaque error will prevent leaking implementation
details
diff --git a/payjoin/src/hpke.rs b/payjoin/src/hpke.rs
@@ -271,7 +271,7 @@ fn pad_plaintext(msg: &mut Vec<u8>, padded_length: usize) -> Result<&[u8], HpkeE
 /// Error from de/encrypting a v2 Hybrid Public Key Encryption payload.
 #[derive(Debug, PartialEq)]
 pub enum HpkeError {
-    Secp256k1(secp256k1::Error),
+    InvalidPublicKey,
     Hpke(hpke::HpkeError),
     InvalidKeyLength,
     PayloadTooLarge { actual: usize, max: usize },
@@ -283,7 +283,14 @@ impl From<hpke::HpkeError> for HpkeError {
 }
 
 impl From<secp256k1::Error> for HpkeError {
-    fn from(value: secp256k1::Error) -> Self { Self::Secp256k1(value) }
+    fn from(value: secp256k1::Error) -> Self {
+        match &value {
+            // As of writing, this is the only relevant variant that could arise here.
+            // This may need to be updated if relevant variants are added to secp256k1
+            secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,
+            _ => panic!("Unsupported variant of secp256k1::Error"),
+        }
+    }
 }
 
 impl fmt::Display for HpkeError {
@@ -301,7 +308,7 @@ impl fmt::Display for HpkeError {
                 )
             }
             PayloadTooShort => write!(f, "Payload too small"),
-            Secp256k1(e) => e.fmt(f),
+            InvalidPublicKey => write!(f, "Invalid public key"),
         }
     }
 }
@@ -314,7 +321,7 @@ impl error::Error for HpkeError {
             Hpke(e) => Some(e),
             PayloadTooLarge { .. } => None,
             InvalidKeyLength | PayloadTooShort => None,
-            Secp256k1(e) => Some(e),
+            InvalidPublicKey => None,
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -271,7 +271,7 @@ fn pad_plaintext(msg: &mut Vec<u8>, padded_length: usize) -> Result<&[u8], HpkeE`
`271`	`271`	`/// Error from de/encrypting a v2 Hybrid Public Key Encryption payload.`
`272`	`272`	`#[derive(Debug, PartialEq)]`
`273`	`273`	`pub enum HpkeError {`
`274`		`- Secp256k1(secp256k1::Error),`
	`274`	`+ InvalidPublicKey,`
`275`	`275`	`Hpke(hpke::HpkeError),`
`276`	`276`	`InvalidKeyLength,`
`277`	`277`	`PayloadTooLarge { actual: usize, max: usize },`
`@@ -283,7 +283,14 @@ impl From<hpke::HpkeError> for HpkeError {`
`283`	`283`	`}`
`284`	`284`
`285`	`285`	`impl From<secp256k1::Error> for HpkeError {`
`286`		`- fn from(value: secp256k1::Error) -> Self { Self::Secp256k1(value) }`
	`286`	`+ fn from(value: secp256k1::Error) -> Self {`
	`287`	`+ match &value {`
	`288`	`+ // As of writing, this is the only relevant variant that could arise here.`
	`289`	`+ // This may need to be updated if relevant variants are added to secp256k1`
	`290`	`+ secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,`
	`291`	`+ _ => panic!("Unsupported variant of secp256k1::Error"),`
	`292`	`+ }`
	`293`	`+ }`
`287`	`294`	`}`
`288`	`295`
`289`	`296`	`impl fmt::Display for HpkeError {`
`@@ -301,7 +308,7 @@ impl fmt::Display for HpkeError {`
`301`	`308`	`)`
`302`	`309`	`}`
`303`	`310`	`PayloadTooShort => write!(f, "Payload too small"),`
`304`		`- Secp256k1(e) => e.fmt(f),`
	`311`	`+ InvalidPublicKey => write!(f, "Invalid public key"),`
`305`	`312`	`}`
`306`	`313`	`}`
`307`	`314`	`}`
`@@ -314,7 +321,7 @@ impl error::Error for HpkeError {`
`314`	`321`	`Hpke(e) => Some(e),`
`315`	`322`	`PayloadTooLarge { .. } => None,`
`316`	`323`	`InvalidKeyLength \| PayloadTooShort => None,`
`317`		`- Secp256k1(e) => Some(e),`
	`324`	`+ InvalidPublicKey => None,`
`318`	`325`	`}`
`319`	`326`	`}`
`320`	`327`	`}`