Split general error into specific

Currently we have a large general error type.

Create specific error types for each function as needed so that a
function returns ever variant available in its return type.

Author: tcharding

examples/sign_verify_recovery.rs

@@ -4,6 +4,8 @@ extern crate secp256k1;
 use hashes::{sha256, Hash};
 use secp256k1::{ecdsa, Error, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification};
 
+// Notice that we provide a general error type for this crate and conversion
+// functions to it from all the other error types so `?` works as expected.
 fn recover<C: Verification>(
     secp: &Secp256k1<C>,
     msg: &[u8],
@@ -15,7 +17,8 @@ fn recover<C: Verification>(
     let id = ecdsa::RecoveryId::from_i32(recovery_id as i32)?;
     let sig = ecdsa::RecoverableSignature::from_compact(&sig, id)?;
 
-    secp.recover_ecdsa(&msg, &sig)
+    let pk = secp.recover_ecdsa(&msg, &sig)?;
+    Ok(pk)
 }
 
 fn sign_recovery<C: Signing>(

src/ecdh.rs

@@ -11,7 +11,13 @@ use secp256k1_sys::types::{c_int, c_uchar, c_void};
 
 use crate::ffi::{self, CPtr};
 use crate::key::{PublicKey, SecretKey};
-use crate::{constants, hex, Error};
+use crate::{constants, hex};
+
+#[rustfmt::skip]                // Keep public re-exports separate.
+pub use crate::{
+    error::InvalidSliceLengthError,
+    hex::FromHexError,
+};
 
 // The logic for displaying shared secrets relies on this (see `secret.rs`).
 const SHARED_SECRET_SIZE: usize = constants::SECRET_KEY_SIZE;
@@ -66,22 +72,20 @@ impl SharedSecret {
 
     /// Creates a shared secret from `bytes` slice.
     #[inline]
-    pub fn from_slice(bytes: &[u8]) -> Result<SharedSecret, Error> {
+    pub fn from_slice(bytes: &[u8]) -> Result<SharedSecret, InvalidSliceLengthError> {
         match <[u8; SHARED_SECRET_SIZE]>::try_from(bytes) {
             Ok(bytes) => Ok(SharedSecret(bytes)),
-            Err(_) => Err(Error::InvalidSharedSecret),
+            Err(_) =>
+                Err(InvalidSliceLengthError { got: bytes.len(), expected: SHARED_SECRET_SIZE }),
         }
     }
 }
 
 impl str::FromStr for SharedSecret {
-    type Err = Error;
+    type Err = FromHexError;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         let mut res = [0u8; SHARED_SECRET_SIZE];
-        match hex::from_hex(s, &mut res) {
-            Ok(SHARED_SECRET_SIZE) => Ok(SharedSecret::from_bytes(res)),
-            _ => Err(Error::InvalidSharedSecret),
-        }
+        hex::from_hex(s, &mut res).map(|_| SharedSecret::from_bytes(res))
     }
 }
 

src/ecdsa/mod.rs

@@ -10,12 +10,14 @@ pub mod serialized_signature;
 use core::{fmt, ptr, str};
 
 #[cfg(feature = "recovery")]
-pub use self::recovery::{RecoverableSignature, RecoveryId};
+pub use self::recovery::{InvalidRecoveryIdError, RecoverableSignature, RecoveryId};
 pub use self::serialized_signature::SerializedSignature;
+use crate::error::{write_err, InvalidSliceLengthError, SysError};
 use crate::ffi::CPtr;
+use crate::hex::{self, FromHexError};
 #[cfg(feature = "global-context")]
 use crate::SECP256K1;
-use crate::{ffi, hex, Error, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification};
+use crate::{ffi, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification};
 
 /// An ECDSA signature
 #[derive(Copy, Clone, PartialOrd, Ord, PartialEq, Eq, Hash)]
@@ -34,22 +36,21 @@ impl fmt::Display for Signature {
 }
 
 impl str::FromStr for Signature {
-    type Err = Error;
+    type Err = SignatureParseError;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         let mut res = [0u8; 72];
-        match hex::from_hex(s, &mut res) {
-            Ok(x) => Signature::from_der(&res[0..x]),
-            _ => Err(Error::InvalidSignature),
-        }
+        let len = hex::from_hex(s, &mut res)?;
+        let sig = Signature::from_der(&res[0..len])?;
+        Ok(sig)
     }
 }
 
 impl Signature {
     #[inline]
     /// Converts a DER-encoded byte slice to a signature
-    pub fn from_der(data: &[u8]) -> Result<Signature, Error> {
+    pub fn from_der(data: &[u8]) -> Result<Signature, SignatureError> {
         if data.is_empty() {
-            return Err(Error::InvalidSignature);
+            return Err(SignatureError::EmptySlice);
         }
 
         unsafe {
@@ -63,15 +64,15 @@ impl Signature {
             {
                 Ok(Signature(ret))
             } else {
-                Err(Error::InvalidSignature)
+                Err(SignatureError::Sys(SysError {}))
             }
         }
     }
 
     /// Converts a 64-byte compact-encoded byte slice to a signature
-    pub fn from_compact(data: &[u8]) -> Result<Signature, Error> {
+    pub fn from_compact(data: &[u8]) -> Result<Signature, SignatureError> {
         if data.len() != 64 {
-            return Err(Error::InvalidSignature);
+            return Err(SignatureError::invalid_length(data.len()));
         }
 
         unsafe {
@@ -84,7 +85,7 @@ impl Signature {
             {
                 Ok(Signature(ret))
             } else {
-                Err(Error::InvalidSignature)
+                Err(SignatureError::Sys(SysError {}))
             }
         }
     }
@@ -93,9 +94,9 @@ impl Signature {
     /// only useful for validating signatures in the Bitcoin blockchain from before
     /// 2016. It should never be used in new applications. This library does not
     /// support serializing to this "format"
-    pub fn from_der_lax(data: &[u8]) -> Result<Signature, Error> {
+    pub fn from_der_lax(data: &[u8]) -> Result<Signature, SignatureError> {
         if data.is_empty() {
-            return Err(Error::InvalidSignature);
+            return Err(SignatureError::EmptySlice);
         }
 
         unsafe {
@@ -109,7 +110,7 @@ impl Signature {
             {
                 Ok(Signature(ret))
             } else {
-                Err(Error::InvalidSignature)
+                Err(SignatureError::Sys(SysError {}))
             }
         }
     }
@@ -192,7 +193,7 @@ impl Signature {
     /// The signature must be normalized or verification will fail (see [`Signature::normalize_s`]).
     #[inline]
     #[cfg(feature = "global-context")]
-    pub fn verify(&self, msg: &Message, pk: &PublicKey) -> Result<(), Error> {
+    pub fn verify(&self, msg: &Message, pk: &PublicKey) -> Result<(), SysError> {
         SECP256K1.verify_ecdsa(msg, self, pk)
     }
 }
@@ -364,7 +365,7 @@ impl<C: Verification> Secp256k1<C> {
     ///
     /// ```rust
     /// # #[cfg(feature = "rand-std")] {
-    /// # use secp256k1::{rand, Secp256k1, Message, Error};
+    /// # use secp256k1::{ecdsa, rand, Secp256k1, Message, SysError};
     /// #
     /// # let secp = Secp256k1::new();
     /// # let (secret_key, public_key) = secp.generate_keypair(&mut rand::thread_rng());
@@ -374,7 +375,7 @@ impl<C: Verification> Secp256k1<C> {
     /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Ok(()));
     ///
     /// let message = Message::from_digest_slice(&[0xcd; 32]).expect("32 bytes");
-    /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Err(Error::IncorrectSignature));
+    /// assert!(matches!(secp.verify_ecdsa(&message, &sig, &public_key), Err(SysError)));
     /// # }
     /// ```
     #[inline]
@@ -383,7 +384,7 @@ impl<C: Verification> Secp256k1<C> {
         msg: &Message,
         sig: &Signature,
         pk: &PublicKey,
-    ) -> Result<(), Error> {
+    ) -> Result<(), SysError> {
         unsafe {
             if ffi::secp256k1_ecdsa_verify(
                 self.ctx.as_ptr(),
@@ -392,7 +393,7 @@ impl<C: Verification> Secp256k1<C> {
                 pk.as_c_ptr(),
             ) == 0
             {
-                Err(Error::IncorrectSignature)
+                Err(SysError {})
             } else {
                 Ok(())
             }
@@ -427,3 +428,91 @@ pub(crate) fn der_length_check(sig: &ffi::Signature, max_len: usize) -> bool {
     }
     len <= max_len
 }
+
+/// Signature is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+pub enum SignatureError {
+    /// Tried to create signature from an empty slice.
+    EmptySlice,
+    /// Tried to create signature from an invalid length slice.
+    InvalidSliceLength(InvalidSliceLengthError),
+    /// FFI call failed.
+    Sys(SysError),
+}
+
+impl SignatureError {
+    fn invalid_length(len: usize) -> Self {
+        InvalidSliceLengthError { got: len, expected: 64 }.into()
+    }
+}
+
+impl fmt::Display for SignatureError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        use SignatureError::*;
+
+        match *self {
+            EmptySlice => write!(f, "tried to create signature from an empty slice"),
+            InvalidSliceLength(ref e) =>
+                write_err!(f, "tried to create signature from an invalid length slice"; e),
+            Sys(ref e) => write_err!(f, "sys error"; e),
+        }
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for SignatureError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        use SignatureError::*;
+
+        match *self {
+            EmptySlice => None,
+            InvalidSliceLength(ref e) => Some(e),
+            Sys(ref e) => Some(e),
+        }
+    }
+}
+
+impl From<InvalidSliceLengthError> for SignatureError {
+    fn from(e: InvalidSliceLengthError) -> Self { Self::InvalidSliceLength(e) }
+}
+
+/// Signature string is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum SignatureParseError {
+    /// Invalid hex string.
+    Hex(FromHexError),
+    /// Invalid signature.
+    Sig(SignatureError),
+}
+
+impl fmt::Display for SignatureParseError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        use SignatureParseError::*;
+
+        match *self {
+            Hex(ref e) => write_err!(f, "error decoding hex"; e),
+            Sig(ref e) => write_err!(f, "invalid signature"; e),
+        }
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for SignatureParseError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        use SignatureParseError::*;
+
+        match *self {
+            Hex(ref e) => Some(e),
+            Sig(ref e) => Some(e),
+        }
+    }
+}
+
+impl From<FromHexError> for SignatureParseError {
+    fn from(e: FromHexError) -> Self { Self::Hex(e) }
+}
+
+impl From<SignatureError> for SignatureParseError {
+    fn from(e: SignatureError) -> Self { Self::Sig(e) }
+}

src/ecdsa/recovery.rs

@@ -4,13 +4,14 @@
 //! signature.
 //!
 
-use core::ptr;
+use core::{fmt, ptr};
 
 use self::super_ffi::CPtr;
-use super::ffi as super_ffi;
+use super::{ffi as super_ffi, SignatureError};
 use crate::ecdsa::Signature;
+use crate::error::SysError;
 use crate::ffi::recovery as ffi;
-use crate::{key, Error, Message, Secp256k1, Signing, Verification};
+use crate::{key, Message, Secp256k1, Signing, Verification};
 
 /// A tag used for recovering the public key from a compact signature.
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
@@ -23,10 +24,10 @@ pub struct RecoverableSignature(ffi::RecoverableSignature);
 impl RecoveryId {
     #[inline]
     /// Allows library users to create valid recovery IDs from i32.
-    pub fn from_i32(id: i32) -> Result<RecoveryId, Error> {
+    pub fn from_i32(id: i32) -> Result<RecoveryId, InvalidRecoveryIdError> {
         match id {
             0..=3 => Ok(RecoveryId(id)),
-            _ => Err(Error::InvalidRecoveryId),
+            other => Err(InvalidRecoveryIdError(other)),
         }
     }
 
@@ -39,16 +40,19 @@ impl RecoverableSignature {
     #[inline]
     /// Converts a compact-encoded byte slice to a signature. This
     /// representation is nonstandard and defined by the libsecp256k1 library.
-    pub fn from_compact(data: &[u8], recid: RecoveryId) -> Result<RecoverableSignature, Error> {
+    pub fn from_compact(
+        data: &[u8],
+        recid: RecoveryId,
+    ) -> Result<RecoverableSignature, SignatureError> {
         if data.is_empty() {
-            return Err(Error::InvalidSignature);
+            return Err(SignatureError::EmptySlice);
         }
 
         let mut ret = ffi::RecoverableSignature::new();
 
         unsafe {
             if data.len() != 64 {
-                Err(Error::InvalidSignature)
+                Err(SignatureError::invalid_length(data.len()))
             } else if ffi::secp256k1_ecdsa_recoverable_signature_parse_compact(
                 super_ffi::secp256k1_context_no_precomp,
                 &mut ret,
@@ -58,7 +62,7 @@ impl RecoverableSignature {
             {
                 Ok(RecoverableSignature(ret))
             } else {
-                Err(Error::InvalidSignature)
+                Err(SignatureError::Sys(SysError {}))
             }
         }
     }
@@ -113,7 +117,7 @@ impl RecoverableSignature {
     /// verify-capable context.
     #[inline]
     #[cfg(feature = "global-context")]
-    pub fn recover(&self, msg: &Message) -> Result<key::PublicKey, Error> {
+    pub fn recover(&self, msg: &Message) -> Result<key::PublicKey, SignatureError> {
         crate::SECP256K1.recover_ecdsa(msg, self)
     }
 }
@@ -191,7 +195,7 @@ impl<C: Verification> Secp256k1<C> {
         &self,
         msg: &Message,
         sig: &RecoverableSignature,
-    ) -> Result<key::PublicKey, Error> {
+    ) -> Result<key::PublicKey, SignatureError> {
         unsafe {
             let mut pk = super_ffi::PublicKey::new();
             if ffi::secp256k1_ecdsa_recover(
@@ -201,22 +205,39 @@ impl<C: Verification> Secp256k1<C> {
                 msg.as_c_ptr(),
             ) != 1
             {
-                return Err(Error::InvalidSignature);
+                return Err(SignatureError::Sys(SysError {}));
             }
             Ok(key::PublicKey::from(pk))
         }
     }
 }
 
+/// Recovery ID is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct InvalidRecoveryIdError(pub i32);
+
+impl fmt::Display for InvalidRecoveryIdError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "recovery ID is invalid: {}", self.0)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for InvalidRecoveryIdError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
 #[cfg(test)]
 #[allow(unused_imports)]
 mod tests {
     #[cfg(target_arch = "wasm32")]
     use wasm_bindgen_test::wasm_bindgen_test as test;
 
-    use super::{RecoverableSignature, RecoveryId};
+    use super::*;
     use crate::constants::ONE;
-    use crate::{Error, Message, Secp256k1, SecretKey};
+    use crate::{Message, Secp256k1, SecretKey};
 
     #[test]
     #[cfg(feature = "rand-std")]
@@ -316,7 +337,7 @@ mod tests {
 
         let msg = crate::random_32_bytes(&mut rand::thread_rng());
         let msg = Message::from_digest_slice(&msg).unwrap();
-        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(SysError {}));
 
         let recovered_key = s.recover_ecdsa(&msg, &sigr).unwrap();
         assert!(recovered_key != pk);
@@ -366,7 +387,7 @@ mod tests {
 
         // Zero is not a valid sig
         let sig = RecoverableSignature::from_compact(&[0; 64], RecoveryId(0)).unwrap();
-        assert_eq!(s.recover_ecdsa(&msg, &sig), Err(Error::InvalidSignature));
+        assert_eq!(s.recover_ecdsa(&msg, &sig), Err(SignatureError::Sys(SysError {})));
         // ...but 111..111 is
         let sig = RecoverableSignature::from_compact(&[1; 64], RecoveryId(0)).unwrap();
         assert!(s.recover_ecdsa(&msg, &sig).is_ok());

src/ecdsa/serialized_signature.rs

@@ -13,8 +13,7 @@ use core::{fmt, ops};
 
 pub use into_iter::IntoIter;
 
-use super::Signature;
-use crate::Error;
+use super::{Signature, SignatureError};
 
 pub(crate) const MAX_LEN: usize = 72;
 
@@ -123,13 +122,13 @@ impl<'a> From<&'a Signature> for SerializedSignature {
 }
 
 impl TryFrom<SerializedSignature> for Signature {
-    type Error = Error;
+    type Error = SignatureError;
 
     fn try_from(value: SerializedSignature) -> Result<Self, Self::Error> { value.to_signature() }
 }
 
 impl<'a> TryFrom<&'a SerializedSignature> for Signature {
-    type Error = Error;
+    type Error = SignatureError;
 
     fn try_from(value: &'a SerializedSignature) -> Result<Self, Self::Error> {
         value.to_signature()
@@ -164,7 +163,7 @@ impl SerializedSignature {
     /// Convert the serialized signature into the Signature struct.
     /// (This DER deserializes it)
     #[inline]
-    pub fn to_signature(&self) -> Result<Signature, Error> { Signature::from_der(self) }
+    pub fn to_signature(&self) -> Result<Signature, SignatureError> { Signature::from_der(self) }
 
     /// Create a SerializedSignature from a Signature.
     /// (this DER serializes it)

src/ellswift.rs

@@ -42,7 +42,7 @@ use core::str::FromStr;
 use ffi::CPtr;
 use secp256k1_sys::types::{c_int, c_uchar, c_void};
 
-use crate::{constants, ffi, hex, Error, PublicKey, Secp256k1, SecretKey, Verification};
+use crate::{constants, ffi, hex, PublicKey, Secp256k1, SecretKey, Verification};
 
 unsafe extern "C" fn hash_callback<F>(
     output: *mut c_uchar,
@@ -288,14 +288,14 @@ impl ElligatorSwiftParty {
 }
 
 impl FromStr for ElligatorSwift {
-    type Err = Error;
+    type Err = ParseError;
 
     fn from_str(hex: &str) -> Result<Self, Self::Err> {
         let mut ser = [0u8; 64];
         let parsed = hex::from_hex(hex, &mut ser);
         match parsed {
             Ok(64) => Ok(ElligatorSwift::from_array(ser)),
-            _ => Err(Error::InvalidEllSwift),
+            _ => Err(ParseError),
         }
     }
 }
@@ -320,6 +320,23 @@ impl ffi::CPtr for ElligatorSwift {
     fn as_c_ptr(&self) -> *const Self::Target { self.0.as_c_ptr() }
 }
 
+/// Error converting from a hex string.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct ParseError;
+
+impl core::fmt::Display for ParseError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(f, "error converting hex to ellswift")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for ParseError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
 #[cfg(test)]
 mod tests {
     use core::str::FromStr;

src/error.rs

@@ -0,0 +1,378 @@
+// SPDX-License-Identifier: CC0-1.0
+
+//! Error types and conversion functions.
+
+use core::fmt;
+
+use crate::context::NotEnoughMemoryError;
+use crate::hex::{FromHexError, ToHexError};
+use crate::key::error::{
+    ParityValueError, PublicKeyError, PublicKeySumError, SecretKeyError, TweakError,
+    XOnlyTweakError,
+};
+use crate::{ecdh, ecdsa, ellswift, scalar, schnorr, MessageLengthError};
+
+/// Implements `From<E> for $error` for all the errors in this crate.
+///
+/// Either pass in the variant to use or have a variant `Secp256k1` on `$error`.
+///
+/// # Examples
+///
+/// ```
+/// # #[cfg(feature =  "rand-std")] {
+/// use secp256k1::{PublicKey, SecretKey, Secp256k1};
+///
+/// // Use the a general `secp256k1::Error`.
+///
+/// /// Foo error.
+/// pub struct FooError;
+///
+/// // A custom error enum in your application.
+/// pub enum Error {
+///     Foo(FooError),
+///     Secp256k1(secp256k1::Error),
+/// }
+/// secp256k1::impl_from_for_all_crate_errors_for!(Error);
+///
+/// impl From<FooError> for Error {
+///     fn from(e: FooError) -> Self { Self::Foo(e) }
+/// }
+///
+/// /// Some useful function.
+/// pub fn foo() -> Result<(), FooError> {
+///     // Do some stuff.
+///     Err(FooError)
+/// }
+///
+/// // Call any secp256k1 function and convert to a single general error variant.
+/// fn bar() -> Result<(), Error> {
+///     let secp = Secp256k1::new();
+///     let key_data = [0_u8; 32]; // Dummy data.
+///     let _ = SecretKey::from_slice(&key_data)?;
+///     let _ = PublicKey::from_slice(&key_data)?;
+///     let _ = foo()?;
+///     Ok(())
+/// }
+/// # }
+/// ```
+// To find all errors in this crate use (note: -v 'git grep' to remove this comment):
+//
+//   git grep -e 'impl std::error' | grep -v 'git grep' | cut -d ' ' -f 4 | sort
+//
+#[macro_export]
+macro_rules! impl_from_for_all_crate_errors_for {
+    ($error:ty) => {
+        $crate::impl_from_for_all_crate_errors_for!($error, Secp256k1);
+    };
+    ($error:ty, $variant:ident) => {
+        impl From<$crate::Error> for $error {
+            fn from(e: $crate::Error) -> Self { Self::$variant(e) }
+        }
+
+        #[cfg(feature = "recovery")]
+        impl From<$crate::ecdsa::InvalidRecoveryIdError> for $error {
+            fn from(e: $crate::ecdsa::InvalidRecoveryIdError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::MessageLengthError> for $error {
+            fn from(e: $crate::MessageLengthError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::NotEnoughMemoryError> for $error {
+            fn from(e: $crate::NotEnoughMemoryError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::scalar::OutOfRangeError> for $error {
+            fn from(e: $crate::scalar::OutOfRangeError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::ParityValueError> for $error {
+            fn from(e: $crate::ParityValueError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::PublicKeyError> for $error {
+            fn from(e: $crate::PublicKeyError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::PublicKeySumError> for $error {
+            fn from(e: $crate::PublicKeySumError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::SecretKeyError> for $error {
+            fn from(e: $crate::SecretKeyError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::schnorr::SignatureError> for $error {
+            fn from(e: $crate::schnorr::SignatureError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::ecdsa::SignatureError> for $error {
+            fn from(e: $crate::ecdsa::SignatureError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::ecdsa::SignatureParseError> for $error {
+            fn from(e: $crate::ecdsa::SignatureParseError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::SysError> for $error {
+            fn from(e: $crate::SysError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::FromHexError> for $error {
+            fn from(e: $crate::FromHexError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::ToHexError> for $error {
+            fn from(e: $crate::ToHexError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::TweakError> for $error {
+            fn from(e: $crate::TweakError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::XOnlyTweakError> for $error {
+            fn from(e: $crate::XOnlyTweakError) -> Self { Self::$variant(e.into()) }
+        }
+
+        impl From<$crate::ellswift::ParseError> for $error {
+            fn from(e: $crate::ellswift::ParseError) -> Self { Self::$variant(e.into()) }
+        }
+    };
+}
+
+/// This is a general purpose error type that can be used to wrap all the errors in this crate.
+///
+/// Every error types in this crate can be converted (using `?`) to this type. We also support
+/// converting from any of the inner error types to this type, irrespective of the level of nesting.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[allow(missing_copy_implementations)] // For forward compatibility (combined with non_exhaustive).
+#[non_exhaustive]
+pub enum Error {
+    /// Error decoding from hex string.
+    FromHex(FromHexError),
+    /// Invalid recovery ID (ECDSA).
+    #[cfg(feature = "recovery")]
+    RecoveryId(ecdsa::InvalidRecoveryIdError),
+    /// Messages must be 32 bytes long.
+    MessageLength(MessageLengthError),
+    /// Not enough preallocated memory for the requested buffer size.
+    NotEnoughMemory(NotEnoughMemoryError),
+    /// Value of scalar is invalid - larger than the curve order.
+    InvalidScalar(scalar::OutOfRangeError),
+    /// Invalid value for parity - must be 0 or 1.
+    ParityValue(ParityValueError),
+    /// Public key is invalid.
+    PublicKey(PublicKeyError),
+    /// Public key summation is invalid.
+    PublicKeySum(PublicKeySumError),
+    /// Secret key is invalid.
+    SecretKey(SecretKeyError),
+    /// Schnorr signature is invalid.
+    SchnorrSignature(schnorr::SignatureError),
+    /// ECDSA signature is invalid.
+    EcdsaSignature(ecdsa::SignatureError),
+    /// ECDSA signature string invalid.
+    EcdsaSignatureParse(ecdsa::SignatureParseError),
+    /// Error calling into the FFI layer.
+    Sys(SysError),
+    /// Error encoding as hex string.
+    ToHex(ToHexError),
+    /// Invalid key tweak.
+    Tweak(TweakError),
+    /// X-only pubic key tweak failed.
+    XOnlyTweak(XOnlyTweakError),
+    /// Error converting hex string to ellswift.
+    Ellswift(ellswift::ParseError),
+    /// Invalid slice length.
+    InvalidSliceLength(InvalidSliceLengthError),
+}
+
+impl fmt::Display for Error {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        use Error::*;
+
+        // TODO: Check what gets out put in std and no-std builds an verify it is
+        // useful and does not contain redundant content.
+        match *self {
+            FromHex(ref e) => write_err!(f, "from hex"; e),
+            #[cfg(feature = "recovery")]
+            RecoveryId(ref e) => write_err!(f, "invalid recovery ID (ECDSA)"; e),
+            MessageLength(ref e) => write_err!(f, "invalid message length"; e),
+            NotEnoughMemory(ref e) => write_err!(f, "not enough memory"; e),
+            InvalidScalar(ref e) => write_err!(f, ""; e),
+            ParityValue(ref e) => write_err!(f, "invalid parity"; e),
+            PublicKey(ref e) => write_err!(f, "invalid public key"; e),
+            PublicKeySum(ref e) => write_err!(f, "invalid public key sum"; e),
+            SecretKey(ref e) => write_err!(f, "invalid secret key"; e),
+            SchnorrSignature(ref e) => write_err!(f, "invalid schnorr sig"; e),
+            EcdsaSignature(ref e) => write_err!(f, "invalid ECDSA sig"; e),
+            EcdsaSignatureParse(ref e) => write_err!(f, "invalid ECDSA sig string"; e),
+            Sys(ref e) => write_err!(f, "sys"; e),
+            ToHex(ref e) => write_err!(f, "to hex"; e),
+            Tweak(ref e) => write_err!(f, "invalid tweak"; e),
+            XOnlyTweak(ref e) => write_err!(f, "x-only tweak error"; e),
+            Ellswift(ref e) => write_err!(f, "ellswift error"; e),
+            InvalidSliceLength(ref e) => write_err!(f, "invalid slice"; e),
+        }
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for Error {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        use Error::*;
+
+        match *self {
+            FromHex(ref e) => Some(e),
+            #[cfg(feature = "recovery")]
+            RecoveryId(ref e) => Some(e),
+            MessageLength(ref e) => Some(e),
+            NotEnoughMemory(ref e) => Some(e),
+            InvalidScalar(ref e) => Some(e),
+            ParityValue(ref e) => Some(e),
+            PublicKey(ref e) => Some(e),
+            PublicKeySum(ref e) => Some(e),
+            SecretKey(ref e) => Some(e),
+            SchnorrSignature(ref e) => Some(e),
+            EcdsaSignature(ref e) => Some(e),
+            EcdsaSignatureParse(ref e) => Some(e),
+            Sys(ref e) => Some(e),
+            ToHex(ref e) => Some(e),
+            Tweak(ref e) => Some(e),
+            XOnlyTweak(ref e) => Some(e),
+            Ellswift(ref e) => Some(e),
+            InvalidSliceLength(ref e) => Some(e),
+        }
+    }
+}
+
+impl From<FromHexError> for Error {
+    fn from(e: FromHexError) -> Self { Self::FromHex(e) }
+}
+
+#[cfg(feature = "recovery")]
+impl From<ecdsa::InvalidRecoveryIdError> for Error {
+    fn from(e: ecdsa::InvalidRecoveryIdError) -> Self { Self::RecoveryId(e) }
+}
+
+impl From<MessageLengthError> for Error {
+    fn from(e: MessageLengthError) -> Self { Self::MessageLength(e) }
+}
+
+impl From<NotEnoughMemoryError> for Error {
+    fn from(e: NotEnoughMemoryError) -> Self { Self::NotEnoughMemory(e) }
+}
+
+impl From<scalar::OutOfRangeError> for Error {
+    fn from(e: scalar::OutOfRangeError) -> Self { Self::InvalidScalar(e) }
+}
+
+impl From<ParityValueError> for Error {
+    fn from(e: ParityValueError) -> Self { Self::ParityValue(e) }
+}
+
+impl From<PublicKeyError> for Error {
+    fn from(e: PublicKeyError) -> Self { Self::PublicKey(e) }
+}
+
+impl From<PublicKeySumError> for Error {
+    fn from(e: PublicKeySumError) -> Self { Self::PublicKeySum(e) }
+}
+
+impl From<SecretKeyError> for Error {
+    fn from(e: SecretKeyError) -> Self { Self::SecretKey(e) }
+}
+
+impl From<schnorr::SignatureError> for Error {
+    fn from(e: schnorr::SignatureError) -> Self { Self::SchnorrSignature(e) }
+}
+
+impl From<ecdsa::SignatureError> for Error {
+    fn from(e: ecdsa::SignatureError) -> Self { Self::EcdsaSignature(e) }
+}
+
+impl From<ecdsa::SignatureParseError> for Error {
+    fn from(e: ecdsa::SignatureParseError) -> Self { Self::EcdsaSignatureParse(e) }
+}
+
+impl From<SysError> for Error {
+    fn from(e: SysError) -> Self { Self::Sys(e) }
+}
+
+impl From<ToHexError> for Error {
+    fn from(e: ToHexError) -> Self { Self::ToHex(e) }
+}
+
+impl From<TweakError> for Error {
+    fn from(e: TweakError) -> Self { Self::Tweak(e) }
+}
+
+impl From<XOnlyTweakError> for Error {
+    fn from(e: XOnlyTweakError) -> Self { Self::XOnlyTweak(e) }
+}
+
+impl From<ellswift::ParseError> for Error {
+    fn from(e: ellswift::ParseError) -> Self { Self::Ellswift(e) }
+}
+
+impl From<ecdh::InvalidSliceLengthError> for Error {
+    fn from(e: ecdh::InvalidSliceLengthError) -> Self { Self::InvalidSliceLength(e) }
+}
+
+/// Error parsing a slice.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct InvalidSliceLengthError {
+    pub(crate) got: usize,
+    pub(crate) expected: usize,
+}
+
+impl core::fmt::Display for InvalidSliceLengthError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(f, "invalid slice length {}, expected {}", self.got, self.expected)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for InvalidSliceLengthError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Error calling into the FFI layer.
+// TODO: Do we want to include the error code returned for C function calls?
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct SysError {}
+
+impl core::fmt::Display for SysError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        f.write_str("FFI call failed")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for SysError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Formats error. If `std` feature is OFF appends error source (delimited by `: `). We do this
+/// because `e.source()` is only available in std builds, without this macro the error source is
+/// lost for no-std builds.
+macro_rules! write_err {
+    ($writer:expr, $string:literal $(, $args:expr),*; $source:expr) => {
+        {
+            #[cfg(feature = "std")]
+            {
+                let _ = &$source;   // Prevents clippy warnings.
+                write!($writer, $string $(, $args)*)
+            }
+            #[cfg(not(feature = "std"))]
+            {
+                write!($writer, concat!($string, ": {}") $(, $args)*, $source)
+            }
+        }
+    }
+}
+pub(crate) use write_err;

src/hex.rs

@@ -4,12 +4,21 @@
 
 use core::str;
 
+use crate::error::write_err;
+
 /// Utility function used to parse hex into a target u8 buffer. Returns
 /// the number of bytes converted or an error if it encounters an invalid
 /// character or unexpected end of string.
-pub(crate) fn from_hex(hex: &str, target: &mut [u8]) -> Result<usize, ()> {
-    if hex.len() % 2 == 1 || hex.len() > target.len() * 2 {
-        return Err(());
+pub(crate) fn from_hex(hex: &str, target: &mut [u8]) -> Result<usize, FromHexError> {
+    if hex.len() % 2 == 1 {
+        return Err(FromHexError::UnevenLength(UnevenLengthError { len: hex.len() }));
+    }
+
+    if hex.len() > target.len() * 2 {
+        return Err(FromHexError::BufferTooSmall(BufferTooSmallError {
+            hex: hex.len(),
+            buffer: target.len(),
+        }));
     }
 
     let mut b = 0;
@@ -20,7 +29,7 @@ pub(crate) fn from_hex(hex: &str, target: &mut [u8]) -> Result<usize, ()> {
             b'A'..=b'F' => b |= c - b'A' + 10,
             b'a'..=b'f' => b |= c - b'a' + 10,
             b'0'..=b'9' => b |= c - b'0',
-            _ => return Err(()),
+            byte => return Err(FromHexError::InvalidByte(InvalidByteError { invalid: byte })),
         }
         if (idx & 1) == 1 {
             target[idx / 2] = b;
@@ -35,10 +44,10 @@ pub(crate) fn from_hex(hex: &str, target: &mut [u8]) -> Result<usize, ()> {
 /// a reference to the target buffer as an str. Returns an error if the target
 /// buffer isn't big enough.
 #[inline]
-pub(crate) fn to_hex<'a>(src: &[u8], target: &'a mut [u8]) -> Result<&'a str, ()> {
+pub(crate) fn to_hex<'a>(src: &[u8], target: &'a mut [u8]) -> Result<&'a str, ToHexError> {
     let hex_len = src.len() * 2;
     if target.len() < hex_len {
-        return Err(());
+        return Err(ToHexError { hex: hex_len, buffer: target.len() });
     }
     const HEX_TABLE: [u8; 16] = *b"0123456789abcdef";
 
@@ -52,3 +61,131 @@ pub(crate) fn to_hex<'a>(src: &[u8], target: &'a mut [u8]) -> Result<&'a str, ()
     debug_assert!(str::from_utf8(result).is_ok());
     return unsafe { Ok(str::from_utf8_unchecked(result)) };
 }
+
+/// Error converting from a hex string.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+#[non_exhaustive]
+pub enum FromHexError {
+    /// Hex string length uneven.
+    UnevenLength(UnevenLengthError),
+    /// Target data buffer too small to decode hex.
+    BufferTooSmall(BufferTooSmallError),
+    /// Byte is not valid hex ASCII.
+    InvalidByte(InvalidByteError),
+}
+
+impl core::fmt::Display for FromHexError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        use FromHexError::*;
+
+        match *self {
+            UnevenLength(ref e) => write_err!(f, "uneven length, converting from hex"; e),
+            BufferTooSmall(ref e) => write_err!(f, "buffer too small, converting from hex"; e),
+            InvalidByte(ref e) => write_err!(f, "invalid byte, convening from hex"; e),
+        }
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for FromHexError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        use FromHexError::*;
+
+        match *self {
+            UnevenLength(ref e) => Some(e),
+            BufferTooSmall(ref e) => Some(e),
+            InvalidByte(ref e) => Some(e),
+        }
+    }
+}
+
+/// Hex string length uneven.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+#[non_exhaustive]
+pub struct UnevenLengthError {
+    len: usize,
+}
+
+impl core::fmt::Display for UnevenLengthError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(f, "hex string uneven: {}", self.len)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for UnevenLengthError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Target data buffer too small to decode hex.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+#[non_exhaustive]
+pub struct BufferTooSmallError {
+    /// Length of the hex string.
+    hex: usize,
+    /// Size of the target data buffer.
+    buffer: usize,
+}
+
+impl core::fmt::Display for BufferTooSmallError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(
+            f,
+            "buffer too small to decode hex (hex length: {}, buffer size: {})",
+            self.hex, self.buffer
+        )
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for BufferTooSmallError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Byte is not valid hex ASCII.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+#[non_exhaustive]
+pub struct InvalidByteError {
+    invalid: u8,
+}
+
+impl core::fmt::Display for InvalidByteError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(f, "byte is not valid hex ASCII: {:x}", self.invalid)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for InvalidByteError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Buffer too small to encode hex data.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct ToHexError {
+    /// Required length of the encoded hex string.
+    hex: usize,
+    /// Size of the buffer (must be equal or larger that hex length).
+    buffer: usize,
+}
+
+impl core::fmt::Display for ToHexError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        write!(
+            f,
+            "buffer too small to encode hex (required: {}, buffer: {})",
+            self.hex, self.buffer
+        )
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for ToHexError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}

src/key/error.rs

@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: CC0-1.0
+
+//! Error types for the `key` module.
+
+use core::fmt;
+
+use crate::error::write_err;
+
+/// X-only public key tweak is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+pub enum XOnlyTweakError {
+    /// Invalid tweak.
+    Tweak(TweakError),
+    /// Invalid public key.
+    PublicKey(PublicKeyError),
+    /// Invalid parity value.
+    ParityValue(ParityValueError),
+}
+
+impl fmt::Display for XOnlyTweakError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        use XOnlyTweakError::*;
+
+        // TODO: Check what gets out put in std and no-std builds an verify it useful and does not
+        // contain redundant content.
+        match *self {
+            Tweak(ref e) => write_err!(f, "invalid tweak"; e),
+            PublicKey(ref e) => write_err!(f, "invalid public key"; e),
+            ParityValue(ref e) => write_err!(f, "invalid parity value"; e),
+        }
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for XOnlyTweakError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        use XOnlyTweakError::*;
+
+        match *self {
+            Tweak(ref e) => Some(e),
+            PublicKey(ref e) => Some(e),
+            ParityValue(ref e) => Some(e),
+        }
+    }
+}
+
+impl From<TweakError> for XOnlyTweakError {
+    fn from(e: TweakError) -> Self { Self::Tweak(e) }
+}
+
+impl From<PublicKeyError> for XOnlyTweakError {
+    fn from(e: PublicKeyError) -> Self { Self::PublicKey(e) }
+}
+
+impl From<ParityValueError> for XOnlyTweakError {
+    fn from(e: ParityValueError) -> Self { Self::ParityValue(e) }
+}
+
+/// Secret key is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct SecretKeyError;
+
+impl core::fmt::Display for SecretKeyError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        f.write_str("secret key is invalid")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for SecretKeyError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Public key is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct PublicKeyError;
+
+impl core::fmt::Display for PublicKeyError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        f.write_str("public key is invalid")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for PublicKeyError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Public key summation is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct PublicKeySumError;
+
+impl core::fmt::Display for PublicKeySumError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        f.write_str("public key summation is invalid")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for PublicKeySumError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Invalid key tweak.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct TweakError;
+
+impl core::fmt::Display for TweakError {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
+        f.write_str("invalid key tweak")
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for TweakError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
+/// Invalid value for parity - must be 0 or 1.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct ParityValueError(pub i32);
+
+impl fmt::Display for ParityValueError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "invalid value {} for parity - must be 0 or 1", self.0)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for ParityValueError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}

src/key.rs src/key/mod.rs

@@ -166,6 +166,7 @@ pub mod constants;
 pub mod ecdh;
 pub mod ecdsa;
 pub mod ellswift;
+pub mod error;
 pub mod scalar;
 pub mod schnorr;
 #[cfg(feature = "serde")]
@@ -175,22 +176,33 @@ use core::marker::PhantomData;
 use core::ptr::NonNull;
 use core::{fmt, mem};
 
-#[cfg(feature = "global-context")]
-pub use context::global::SECP256K1;
 #[cfg(feature = "hashes")]
 use hashes::Hash;
+
+use crate::ffi::types::AlignedType;
+use crate::ffi::CPtr;
+
+#[rustfmt::skip]                // Keep public re-exports separate.
+pub use crate::{
+    context::*, // Includes NotEnoughMemoryError
+    hex::{FromHexError, ToHexError},
+    key::{PublicKey, SecretKey, *},
+    scalar::Scalar,
+    key::error::{
+        ParityValueError, PublicKeyError, PublicKeySumError, SecretKeyError, TweakError,
+        XOnlyTweakError,
+    },
+    error::{Error, SysError, InvalidSliceLengthError},
+};
+
+#[cfg(feature = "global-context")]
+pub use context::global::SECP256K1;
 #[cfg(feature = "rand")]
 pub use rand;
 pub use secp256k1_sys as ffi;
 #[cfg(feature = "serde")]
 pub use serde;
 
-pub use crate::context::*;
-use crate::ffi::types::AlignedType;
-use crate::ffi::CPtr;
-pub use crate::key::{PublicKey, SecretKey, *};
-pub use crate::scalar::Scalar;
-
 /// Trait describing something that promises to be a 32-byte random number; in particular,
 /// it has negligible probability of being zero or overflowing the group order. Such objects
 /// may be converted to `Message`s without any error paths.
@@ -229,7 +241,7 @@ impl Message {
     /// [secure signature](https://twitter.com/pwuille/status/1063582706288586752).
     #[inline]
     #[deprecated(since = "0.28.0", note = "use from_digest_slice instead")]
-    pub fn from_slice(digest: &[u8]) -> Result<Message, Error> {
+    pub fn from_slice(digest: &[u8]) -> Result<Message, MessageLengthError> {
         Message::from_digest_slice(digest)
     }
 
@@ -258,14 +270,14 @@ impl Message {
     ///
     /// [secure signature]: https://twitter.com/pwuille/status/1063582706288586752
     #[inline]
-    pub fn from_digest_slice(digest: &[u8]) -> Result<Message, Error> {
+    pub fn from_digest_slice(digest: &[u8]) -> Result<Message, MessageLengthError> {
         match digest.len() {
             constants::MESSAGE_SIZE => {
                 let mut ret = [0u8; constants::MESSAGE_SIZE];
                 ret[..].copy_from_slice(digest);
                 Ok(Message(ret))
             }
-            _ => Err(Error::InvalidMessage),
+            len => Err(MessageLengthError(len)),
         }
     }
 
@@ -311,76 +323,21 @@ impl fmt::Display for Message {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fmt::LowerHex::fmt(self, f) }
 }
 
-/// The main error type for this library.
-#[derive(Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Clone, Debug)]
-pub enum Error {
-    /// Signature failed verification.
-    IncorrectSignature,
-    /// Bad sized message ("messages" are actually fixed-sized digests [`constants::MESSAGE_SIZE`]).
-    InvalidMessage,
-    /// Bad public key.
-    InvalidPublicKey,
-    /// Bad signature.
-    InvalidSignature,
-    /// Bad secret key.
-    InvalidSecretKey,
-    /// Bad shared secret.
-    InvalidSharedSecret,
-    /// Bad recovery id.
-    InvalidRecoveryId,
-    /// Tried to add/multiply by an invalid tweak.
-    InvalidTweak,
-    /// Didn't pass enough memory to context creation with preallocated memory.
-    NotEnoughMemory,
-    /// Bad set of public keys.
-    InvalidPublicKeySum,
-    /// The only valid parity values are 0 or 1.
-    InvalidParityValue(key::InvalidParityValue),
-    /// Bad EllSwift value
-    InvalidEllSwift,
-}
+/// Messages must be 32 bytes long.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct MessageLengthError(pub usize);
 
-impl fmt::Display for Error {
+impl fmt::Display for MessageLengthError {
     fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
-        use Error::*;
-
-        match *self {
-            IncorrectSignature => f.write_str("signature failed verification"),
-            InvalidMessage => f.write_str("message was not 32 bytes (do you need to hash?)"),
-            InvalidPublicKey => f.write_str("malformed public key"),
-            InvalidSignature => f.write_str("malformed signature"),
-            InvalidSecretKey => f.write_str("malformed or out-of-range secret key"),
-            InvalidSharedSecret => f.write_str("malformed or out-of-range shared secret"),
-            InvalidRecoveryId => f.write_str("bad recovery id"),
-            InvalidTweak => f.write_str("bad tweak"),
-            NotEnoughMemory => f.write_str("not enough memory allocated"),
-            InvalidPublicKeySum => f.write_str(
-                "the sum of public keys was invalid or the input vector lengths was less than 1",
-            ),
-            InvalidParityValue(e) => write_err!(f, "couldn't create parity"; e),
-            InvalidEllSwift => f.write_str("malformed EllSwift value"),
-        }
+        write!(f, "messages must be 32 bytes long, got: {}", self.0)
     }
 }
 
 #[cfg(feature = "std")]
-impl std::error::Error for Error {
-    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
-        match self {
-            Error::IncorrectSignature => None,
-            Error::InvalidMessage => None,
-            Error::InvalidPublicKey => None,
-            Error::InvalidSignature => None,
-            Error::InvalidSecretKey => None,
-            Error::InvalidSharedSecret => None,
-            Error::InvalidRecoveryId => None,
-            Error::InvalidTweak => None,
-            Error::NotEnoughMemory => None,
-            Error::InvalidPublicKeySum => None,
-            Error::InvalidParityValue(error) => Some(error),
-            Error::InvalidEllSwift => None,
-        }
-    }
+impl std::error::Error for MessageLengthError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
 }
 
 /// The secp256k1 engine, used to execute all signature operations.
@@ -499,6 +456,10 @@ mod tests {
     use wasm_bindgen_test::wasm_bindgen_test as test;
 
     use super::*;
+    use crate::error::SysError;
+    use crate::{constants, ecdsa, hex, Message};
+    #[cfg(feature = "alloc")]
+    use crate::{ffi, PublicKey, Secp256k1, SecretKey};
 
     macro_rules! hex {
         ($hex:expr) => {{
@@ -814,60 +775,32 @@ mod tests {
 
         let msg = crate::random_32_bytes(&mut rand::thread_rng());
         let msg = Message::from_digest_slice(&msg).unwrap();
-        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(SysError {}));
     }
 
     #[test]
     fn test_bad_slice() {
         assert_eq!(
             ecdsa::Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE + 1]),
-            Err(Error::InvalidSignature)
+            Err(ecdsa::SignatureError::Sys(SysError {}))
         );
         assert_eq!(
             ecdsa::Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE]),
-            Err(Error::InvalidSignature)
+            Err(ecdsa::SignatureError::Sys(SysError {}))
         );
 
         assert_eq!(
             Message::from_digest_slice(&[0; constants::MESSAGE_SIZE - 1]),
-            Err(Error::InvalidMessage)
+            Err(MessageLengthError(31))
         );
         assert_eq!(
             Message::from_digest_slice(&[0; constants::MESSAGE_SIZE + 1]),
-            Err(Error::InvalidMessage)
+            Err(MessageLengthError(33))
         );
         assert!(Message::from_digest_slice(&[0; constants::MESSAGE_SIZE]).is_ok());
         assert!(Message::from_digest_slice(&[1; constants::MESSAGE_SIZE]).is_ok());
     }
 
-    #[test]
-    #[cfg(feature = "rand-std")]
-    fn test_hex() {
-        use rand::RngCore;
-
-        let mut rng = rand::thread_rng();
-        const AMOUNT: usize = 1024;
-        for i in 0..AMOUNT {
-            // 255 isn't a valid utf8 character.
-            let mut hex_buf = [255u8; AMOUNT * 2];
-            let mut src_buf = [0u8; AMOUNT];
-            let mut result_buf = [0u8; AMOUNT];
-            let src = &mut src_buf[0..i];
-            rng.fill_bytes(src);
-
-            let hex = hex::to_hex(src, &mut hex_buf).unwrap();
-            assert_eq!(hex::from_hex(hex, &mut result_buf).unwrap(), i);
-            assert_eq!(src, &result_buf[..i]);
-        }
-
-        assert!(hex::to_hex(&[1; 2], &mut [0u8; 3]).is_err());
-        assert!(hex::to_hex(&[1; 2], &mut [0u8; 4]).is_ok());
-        assert!(hex::from_hex("deadbeaf", &mut [0u8; 3]).is_err());
-        assert!(hex::from_hex("deadbeaf", &mut [0u8; 4]).is_ok());
-        assert!(hex::from_hex("a", &mut [0u8; 4]).is_err());
-        assert!(hex::from_hex("ag", &mut [0u8; 4]).is_err());
-    }
-
     #[test]
     #[cfg(not(secp256k1_fuzz))] // fuzz-sigs have fixed size/format
     #[cfg(any(feature = "alloc", feature = "std"))]
@@ -904,7 +837,7 @@ mod tests {
         let msg = Message::from_digest_slice(&msg[..]).unwrap();
 
         // without normalization we expect this will fail
-        assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Err(SysError {}));
         // after normalization it should pass
         sig.normalize_s();
         assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Ok(()));

src/lib.rs

@@ -70,25 +70,6 @@ macro_rules! impl_non_secure_erase {
     };
 }
 
-/// Formats error. If `std` feature is OFF appends error source (delimited by `: `). We do this
-/// because `e.source()` is only available in std builds, without this macro the error source is
-/// lost for no-std builds.
-macro_rules! write_err {
-    ($writer:expr, $string:literal $(, $args:expr),*; $source:expr) => {
-        {
-            #[cfg(feature = "std")]
-            {
-                let _ = &$source;   // Prevents clippy warnings.
-                write!($writer, $string $(, $args)*)
-            }
-            #[cfg(not(feature = "std"))]
-            {
-                write!($writer, concat!($string, ": {}") $(, $args)*, $source)
-            }
-        }
-    }
-}
-
 /// Implements fast unstable comparison methods for `$ty`.
 macro_rules! impl_fast_comparisons {
     ($ty:ident) => {

src/macros.rs

@@ -123,12 +123,10 @@ impl From<crate::SecretKey> for Scalar {
 }
 
 /// Error returned when the value of scalar is invalid - larger than the curve order.
-// Intentionally doesn't implement `Copy` to improve forward compatibility.
-// Same reason for `non_exhaustive`.
-#[allow(missing_copy_implementations)]
-#[derive(Debug, Clone, Eq, PartialEq, Hash)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 #[non_exhaustive]
-pub struct OutOfRangeError {}
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct OutOfRangeError;
 
 impl fmt::Display for OutOfRangeError {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -137,4 +135,6 @@ impl fmt::Display for OutOfRangeError {
 }
 
 #[cfg(feature = "std")]
-impl std::error::Error for OutOfRangeError {}
+impl std::error::Error for OutOfRangeError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}

src/scalar.rs

@@ -12,7 +12,7 @@ use crate::ffi::{self, CPtr};
 use crate::key::{Keypair, XOnlyPublicKey};
 #[cfg(feature = "global-context")]
 use crate::SECP256K1;
-use crate::{constants, hex, impl_array_newtype, Error, Message, Secp256k1, Signing, Verification};
+use crate::{constants, hex, impl_array_newtype, Message, Secp256k1, Signing, Verification};
 
 /// Represents a schnorr signature.
 #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
@@ -61,28 +61,28 @@ impl fmt::Display for Signature {
 }
 
 impl str::FromStr for Signature {
-    type Err = Error;
+    type Err = SignatureError;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         let mut res = [0u8; constants::SCHNORR_SIGNATURE_SIZE];
         match hex::from_hex(s, &mut res) {
             Ok(constants::SCHNORR_SIGNATURE_SIZE) =>
                 Signature::from_slice(&res[0..constants::SCHNORR_SIGNATURE_SIZE]),
-            _ => Err(Error::InvalidSignature),
+            _ => Err(SignatureError),
         }
     }
 }
 
 impl Signature {
     /// Creates a `Signature` directly from a slice.
     #[inline]
-    pub fn from_slice(data: &[u8]) -> Result<Signature, Error> {
+    pub fn from_slice(data: &[u8]) -> Result<Signature, SignatureError> {
         match data.len() {
             constants::SCHNORR_SIGNATURE_SIZE => {
                 let mut ret = [0u8; constants::SCHNORR_SIGNATURE_SIZE];
                 ret[..].copy_from_slice(data);
                 Ok(Signature(ret))
             }
-            _ => Err(Error::InvalidSignature),
+            _ => Err(SignatureError),
         }
     }
 
@@ -93,7 +93,7 @@ impl Signature {
     /// Verifies a schnorr signature for `msg` using `pk` and the global [`SECP256K1`] context.
     #[inline]
     #[cfg(feature = "global-context")]
-    pub fn verify(&self, msg: &Message, pk: &XOnlyPublicKey) -> Result<(), Error> {
+    pub fn verify(&self, msg: &Message, pk: &XOnlyPublicKey) -> Result<(), SignatureError> {
         SECP256K1.verify_schnorr(self, msg, pk)
     }
 }
@@ -166,7 +166,7 @@ impl<C: Verification> Secp256k1<C> {
         sig: &Signature,
         msg: &Message,
         pubkey: &XOnlyPublicKey,
-    ) -> Result<(), Error> {
+    ) -> Result<(), SignatureError> {
         unsafe {
             let ret = ffi::secp256k1_schnorrsig_verify(
                 self.ctx.as_ptr(),
@@ -179,12 +179,27 @@ impl<C: Verification> Secp256k1<C> {
             if ret == 1 {
                 Ok(())
             } else {
-                Err(Error::InvalidSignature)
+                Err(SignatureError)
             }
         }
     }
 }
 
+/// Signature is invalid.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive.
+pub struct SignatureError;
+
+impl fmt::Display for SignatureError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { f.write_str("signature is invalid") }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for SignatureError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
 #[cfg(test)]
 #[allow(unused_imports)]
 mod tests {
@@ -196,8 +211,8 @@ mod tests {
     use wasm_bindgen_test::wasm_bindgen_test as test;
 
     use super::*;
+    use crate::key::error::PublicKeyError;
     use crate::schnorr::{Keypair, Signature, XOnlyPublicKey};
-    use crate::Error::InvalidPublicKey;
     use crate::{constants, hex, Message, Secp256k1, SecretKey};
 
     #[cfg(all(not(secp256k1_fuzz), feature = "alloc"))]
@@ -308,8 +323,8 @@ mod tests {
 
     #[test]
     fn test_pubkey_from_slice() {
-        assert_eq!(XOnlyPublicKey::from_slice(&[]), Err(InvalidPublicKey));
-        assert_eq!(XOnlyPublicKey::from_slice(&[1, 2, 3]), Err(InvalidPublicKey));
+        assert_eq!(XOnlyPublicKey::from_slice(&[]), Err(PublicKeyError));
+        assert_eq!(XOnlyPublicKey::from_slice(&[1, 2, 3]), Err(PublicKeyError));
         let pk = XOnlyPublicKey::from_slice(&[
             0xB3, 0x3C, 0xC9, 0xED, 0xC0, 0x96, 0xD0, 0xA8, 0x34, 0x16, 0x96, 0x4B, 0xD3, 0xC6,
             0x24, 0x7B, 0x8F, 0xEC, 0xD2, 0x56, 0xE4, 0xEF, 0xA7, 0x87, 0x0D, 0x2C, 0x85, 0x4B,
@@ -349,26 +364,26 @@ mod tests {
         // Bad sizes
         assert_eq!(
             XOnlyPublicKey::from_slice(&[0; constants::SCHNORR_PUBLIC_KEY_SIZE - 1]),
-            Err(InvalidPublicKey)
+            Err(PublicKeyError)
         );
         assert_eq!(
             XOnlyPublicKey::from_slice(&[0; constants::SCHNORR_PUBLIC_KEY_SIZE + 1]),
-            Err(InvalidPublicKey)
+            Err(PublicKeyError)
         );
 
         // Bad parse
         assert_eq!(
             XOnlyPublicKey::from_slice(&[0xff; constants::SCHNORR_PUBLIC_KEY_SIZE]),
-            Err(InvalidPublicKey)
+            Err(PublicKeyError)
         );
         // In fuzzing mode restrictions on public key validity are much more
         // relaxed, thus the invalid check below is expected to fail.
         #[cfg(not(secp256k1_fuzz))]
         assert_eq!(
             XOnlyPublicKey::from_slice(&[0x55; constants::SCHNORR_PUBLIC_KEY_SIZE]),
-            Err(InvalidPublicKey)
+            Err(PublicKeyError)
         );
-        assert_eq!(XOnlyPublicKey::from_slice(&[]), Err(InvalidPublicKey));
+        assert_eq!(XOnlyPublicKey::from_slice(&[]), Err(PublicKeyError));
     }
 
     #[test]