Add safe catch-all for secp256k1::Error conversion in HpkeError (#1298)

spacebear21 · web-flow · commit 762fbaf3022c · 2026-03-05T11:39:28.000-05:00
diff --git a/payjoin/src/core/hpke.rs b/payjoin/src/core/hpke.rs
@@ -276,6 +276,7 @@ pub enum HpkeError {
     InvalidKeyLength,
     PayloadTooLarge { actual: usize, max: usize },
     PayloadTooShort,
+    UnexpectedSecp256k1Error,
 }
 
 impl From<hpke::HpkeError> for HpkeError {
@@ -285,10 +286,11 @@ impl From<hpke::HpkeError> for HpkeError {
 impl From<secp256k1::Error> for HpkeError {
     fn from(value: secp256k1::Error) -> Self {
         match value {
-            // As of writing, this is the only relevant variant that could arise here.
-            // This may need to be updated if relevant variants are added to secp256k1
+            // As of writing, this is the only relevant variant that could arise here. The other variant has
+            // been added due to new secp256k1::Error variants that may be added in the future. update this
+            // match statement if relevant error variants that are needed are added to secp256k1
             secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,
-            _ => panic!("Unsupported variant of secp256k1::Error"),
+            _other => Self::UnexpectedSecp256k1Error,
         }
     }
 }
@@ -308,6 +310,7 @@ impl fmt::Display for HpkeError {
             }
             PayloadTooShort => write!(f, "Payload too small"),
             InvalidPublicKey => write!(f, "Invalid public key"),
+            UnexpectedSecp256k1Error => write!(f, "Unexpected secp256k1 error"),
         }
     }
 }
@@ -321,6 +324,7 @@ impl error::Error for HpkeError {
             PayloadTooLarge { .. } => None,
             InvalidKeyLength | PayloadTooShort => None,
             InvalidPublicKey => None,
+            UnexpectedSecp256k1Error => None,
         }
     }
 }
@@ -329,6 +333,25 @@ impl error::Error for HpkeError {
 mod test {
     use super::*;
 
+    #[test]
+    fn secp256k1_error_conversion_no_panic() {
+        // Test the known variant that maps to InvalidPublicKey(update if new variants are added)
+        let err = secp256k1::Error::InvalidPublicKey;
+        let hpke_err: HpkeError = err.into();
+        assert_eq!(hpke_err, HpkeError::InvalidPublicKey);
+        // Test other variants that may arise
+        let other_variants = [
+            secp256k1::Error::InvalidSecretKey,
+            secp256k1::Error::InvalidRecoveryId,
+            secp256k1::Error::InvalidTweak,
+            secp256k1::Error::NotEnoughMemory,
+        ];
+        for err in other_variants {
+            let hpke_err: HpkeError = err.into();
+            assert_eq!(hpke_err, HpkeError::UnexpectedSecp256k1Error);
+        }
+    }
+
     #[test]
     fn message_a_round_trip() {
         let mut plaintext = "foo".as_bytes().to_vec();

Original file line number	Diff line number	Diff line change
`@@ -276,6 +276,7 @@ pub enum HpkeError {`
`276`	`276`	`InvalidKeyLength,`
`277`	`277`	`PayloadTooLarge { actual: usize, max: usize },`
`278`	`278`	`PayloadTooShort,`
	`279`	`+ UnexpectedSecp256k1Error,`
`279`	`280`	`}`
`280`	`281`
`281`	`282`	`impl From<hpke::HpkeError> for HpkeError {`
`@@ -285,10 +286,11 @@ impl From<hpke::HpkeError> for HpkeError {`
`285`	`286`	`impl From<secp256k1::Error> for HpkeError {`
`286`	`287`	`fn from(value: secp256k1::Error) -> Self {`
`287`	`288`	`match value {`
`288`		`- // As of writing, this is the only relevant variant that could arise here.`
`289`		`- // This may need to be updated if relevant variants are added to secp256k1`
	`289`	`+ // As of writing, this is the only relevant variant that could arise here. The other variant has`
	`290`	`+ // been added due to new secp256k1::Error variants that may be added in the future. update this`
	`291`	`+ // match statement if relevant error variants that are needed are added to secp256k1`
`290`	`292`	`secp256k1::Error::InvalidPublicKey => Self::InvalidPublicKey,`
`291`		`- _ => panic!("Unsupported variant of secp256k1::Error"),`
	`293`	`+ _other => Self::UnexpectedSecp256k1Error,`
`292`	`294`	`}`
`293`	`295`	`}`
`294`	`296`	`}`
`@@ -308,6 +310,7 @@ impl fmt::Display for HpkeError {`
`308`	`310`	`}`
`309`	`311`	`PayloadTooShort => write!(f, "Payload too small"),`
`310`	`312`	`InvalidPublicKey => write!(f, "Invalid public key"),`
	`313`	`+ UnexpectedSecp256k1Error => write!(f, "Unexpected secp256k1 error"),`
`311`	`314`	`}`
`312`	`315`	`}`
`313`	`316`	`}`
`@@ -321,6 +324,7 @@ impl error::Error for HpkeError {`
`321`	`324`	`PayloadTooLarge { .. } => None,`
`322`	`325`	`InvalidKeyLength \| PayloadTooShort => None,`
`323`	`326`	`InvalidPublicKey => None,`
	`327`	`+ UnexpectedSecp256k1Error => None,`
`324`	`328`	`}`
`325`	`329`	`}`
`326`	`330`	`}`
`@@ -329,6 +333,25 @@ impl error::Error for HpkeError {`
`329`	`333`	`mod test {`
`330`	`334`	`use super::*;`
`331`	`335`
	`336`	`+ #[test]`
	`337`	`+ fn secp256k1_error_conversion_no_panic() {`
	`338`	`+ // Test the known variant that maps to InvalidPublicKey(update if new variants are added)`
	`339`	`+ let err = secp256k1::Error::InvalidPublicKey;`
	`340`	`+ let hpke_err: HpkeError = err.into();`
	`341`	`+ assert_eq!(hpke_err, HpkeError::InvalidPublicKey);`
	`342`	`+ // Test other variants that may arise`
	`343`	`+ let other_variants = [`
	`344`	`+ secp256k1::Error::InvalidSecretKey,`
	`345`	`+ secp256k1::Error::InvalidRecoveryId,`
	`346`	`+ secp256k1::Error::InvalidTweak,`
	`347`	`+ secp256k1::Error::NotEnoughMemory,`
	`348`	`+ ];`
	`349`	`+ for err in other_variants {`
	`350`	`+ let hpke_err: HpkeError = err.into();`
	`351`	`+ assert_eq!(hpke_err, HpkeError::UnexpectedSecp256k1Error);`
	`352`	`+ }`
	`353`	`+ }`
	`354`	`+`
`332`	`355`	`#[test]`
`333`	`356`	`fn message_a_round_trip() {`
`334`	`357`	`let mut plaintext = "foo".as_bytes().to_vec();`