Add TweakHexDecodeError for hex decoding

Velnbur · Velnbur · commit 3536c2dd1280 · 2025-11-01T22:04:26.000+02:00
Introduces a new error type to properly handle hex decoding
failures in blinding factor conversions, replacing unsafe
transmute workarounds with idiomatic error handling.
diff --git a/src/confidential.rs b/src/confidential.rs
@@ -29,7 +29,6 @@ use secp256k1_zkp::{
 #[cfg(feature = "serde")]
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 
-use std::mem;
 use std::{
     fmt, io,
     ops::{AddAssign, Neg},
@@ -712,6 +711,60 @@ impl<'de> Deserialize<'de> for Nonce {
     }
 }
 
+/// Error decoding hexadecimal string into tweak-like value.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum TweakHexDecodeError {
+    /// Invalid hexadecimal string.
+    InvalidHex(hex_conservative::DecodeFixedLengthBytesError),
+    /// Invalid tweak after decoding hexadecimal string.
+    InvalidTweak(secp256k1_zkp::Error),
+}
+
+impl fmt::Display for TweakHexDecodeError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            TweakHexDecodeError::InvalidHex(err) => {
+                write!(f, "Invalid hex: {}", err)
+            }
+            TweakHexDecodeError::InvalidTweak(err) => {
+                write!(f, "Invalid tweak: {}", err)
+            }
+        }
+    }
+}
+
+#[doc(hidden)]
+impl From<hex_conservative::DecodeFixedLengthBytesError> for TweakHexDecodeError {
+    fn from(err: hex_conservative::DecodeFixedLengthBytesError) -> Self {
+        TweakHexDecodeError::InvalidHex(err)
+    }
+}
+
+#[doc(hidden)]
+impl From<secp256k1_zkp::Error> for TweakHexDecodeError {
+    fn from(err: secp256k1_zkp::Error) -> Self {
+        TweakHexDecodeError::InvalidTweak(err)
+    }
+}
+
+impl From<TweakHexDecodeError> for encode::Error {
+    fn from(value: TweakHexDecodeError) -> Self {
+        match value {
+            TweakHexDecodeError::InvalidHex(err) => encode::Error::HexFixedError(err),
+            TweakHexDecodeError::InvalidTweak(err) => encode::Error::Secp256k1zkp(err),
+        }
+    }
+}
+
+impl std::error::Error for TweakHexDecodeError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        match self {
+            TweakHexDecodeError::InvalidHex(err) => Some(err),
+            TweakHexDecodeError::InvalidTweak(err) => Some(err),
+        }
+    }
+}
+
 /// Blinding factor used for asset commitments.
 #[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord, Hash)]
 pub struct AssetBlindingFactor(pub(crate) Tweak);
@@ -739,24 +792,12 @@ impl AssetBlindingFactor {
 }
 
 impl hex::FromHex for AssetBlindingFactor {
-    type Error = hex_conservative::DecodeFixedLengthBytesError;
+    type Error = TweakHexDecodeError;
 
     fn from_hex(s: &str) -> Result<Self, Self::Error> {
         let slice: [u8; 32] = decode_to_array(s)?;
 
-        let inner = Tweak::from_inner(slice).map_err(|_e| {
-            // FIXME(Velnbur): hex_conservative disallows creation of it's internal errors
-            // that's why we use this unsafe hack to make it compile
-            //
-            // Also, this is incorrect Return Error
-            // See: https://github.com/rust-bitcoin/bitcoin_hashes/issues/124
-            let error = unsafe {
-                mem::transmute::<(u8, usize), hex_conservative::error::InvalidCharError>((
-                    0u8, 0usize,
-                ))
-            };
-            hex_conservative::DecodeFixedLengthBytesError::InvalidChar(error)
-        })?;
+        let inner = Tweak::from_inner(slice)?;
         Ok(AssetBlindingFactor(inner))
     }
 }
@@ -956,23 +997,11 @@ impl Neg for ValueBlindingFactor {
 }
 
 impl hex::FromHex for ValueBlindingFactor {
-    type Error = hex_conservative::DecodeFixedLengthBytesError;
+    type Error = TweakHexDecodeError;
 
     fn from_hex(s: &str) -> Result<Self, Self::Error> {
         let slice: [u8; 32] = decode_to_array(s)?;
-        let inner = Tweak::from_inner(slice).map_err(|_e| {
-            // FIXME(Velnbur): hex_conservative disallows creation of it's internal errors
-            // that's why we use this unsafe hack to make it compile
-            //
-            // Also, this is incorrect Return Error
-            // See: https://github.com/rust-bitcoin/bitcoin_hashes/issues/124
-            let error = unsafe {
-                mem::transmute::<(u8, usize), hex_conservative::error::InvalidCharError>((
-                    0u8, 0usize,
-                ))
-            };
-            hex_conservative::DecodeFixedLengthBytesError::InvalidChar(error)
-        })?;
+        let inner = Tweak::from_inner(slice)?;
         Ok(ValueBlindingFactor(inner))
     }
 }
