Change HpkeError::Secp256k1 into the opaque InvalidPublicKey error

Making this into an opaque error will prevent leaking implementation details
shinghim · Mar 5, 2025 · 459b518 · 459b518
1 parent df30f3b
commit 459b518
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/payjoin/src/hpke.rs b/payjoin/src/hpke.rs
@@ -271,7 +271,7 @@ fn pad_plaintext(msg: &mut Vec<u8>, padded_length: usize) -> Result<&[u8], HpkeE
 /// Error from de/encrypting a v2 Hybrid Public Key Encryption payload.
 #[derive(Debug, PartialEq)]
 pub enum HpkeError {
-    Secp256k1(secp256k1::Error),
+    InvalidPublicKey,
     Hpke(hpke::HpkeError),
     InvalidKeyLength,
     PayloadTooLarge { actual: usize, max: usize },
@@ -283,7 +283,14 @@ impl From<hpke::HpkeError> for HpkeError {
 }
 
 impl From<secp256k1::Error> for HpkeError {
-    fn from(value: secp256k1::Error) -> Self { Self::Secp256k1(value) }
+    fn from(value: secp256k1::Error) -> Self {
+        match &value {
+            // As of writing, this is the only relevant variant that could arise here.
+            // This may need to be updated if relevant variants are added to secp256k1
+            secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,
+            _ => panic!("Unsupported variant of secp256k1::Error"),
+        }
+    }
 }
 
 impl fmt::Display for HpkeError {
@@ -301,7 +308,7 @@ impl fmt::Display for HpkeError {
                 )
             }
             PayloadTooShort => write!(f, "Payload too small"),
-            Secp256k1(e) => e.fmt(f),
+            InvalidPublicKey => write!(f, "Invalid public key"),
         }
     }
 }
@@ -314,7 +321,7 @@ impl error::Error for HpkeError {
             Hpke(e) => Some(e),
             PayloadTooLarge { .. } => None,
             InvalidKeyLength | PayloadTooShort => None,
-            Secp256k1(e) => Some(e),
+            InvalidPublicKey => None,
         }
     }
 }