Add CONTRIBUTING.md #1431

pull jonasnick wants to merge 4 commits into bitcoin-core:master from jonasnick:contributing changing 2 files +113 −23
  1. jonasnick commented at 12:40 pm on October 18, 2023: contributor

    Following offline discussions, this PR documents the scope of the library and the requirements for adding new modules. I think this fixes most of #997. It also updates the README very slightly.

    In addition, I added some coding conventions that I remembered explaining to new contributors in the past year. Even though it’s far from exhaustive, I think this is an easy improvement to the CONTRIBUTING.md. Feel free to suggest more conventions.

  2. bitcoin-core deleted a comment on Oct 26, 2023
  3. in CONTRIBUTING.md:40 in 1e0a7c273d outdated
    35+The easiest way to participate on IRC is with the web client, [web.libera.chat](https://web.libera.chat/#secp256k1).
    36+Chat history logs can be found at https://gnusha.org/secp256k1/.
    37+
    38+## Contributor Workflow & Peer Review
    39+
    40+The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Core's workflow and review processes described in Core's [CONTRIBUTING.md](https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md).
    


    sipa commented at 3:16 pm on November 2, 2023:
    Nit: I don’t like the use of “Core” to refer to “Bitcoin Core”. Maybe just say “its CONTRIBUTING.md”?

    jonasnick commented at 7:17 pm on December 1, 2023:
    fixed
  4. in CONTRIBUTING.md:30 in 1e0a7c273d outdated
    24+
    25+These are not the only factors taken into account when considering to add new functionality.
    26+The proposed new libsecp256k1 code must be of high quality, including API documentation and tests, as well as featuring a misuse-resistant API design.
    27+
    28+We recommend reaching out to other contributors (see [Communication Channels](#communication-channels)) and get feedback before implementing new functionality.
    29+## Communication Channels
    


    katesalazar commented at 7:01 pm on November 6, 2023:
    nit: empty line missing?

    jonasnick commented at 7:17 pm on December 1, 2023:
    fixed
  5. real-or-random added the label development on Nov 13, 2023
  6. real-or-random added this to the milestone 0.4.1 or 0.5.0 on Nov 20, 2023
  7. siv2r commented at 9:11 am on November 23, 2023: contributor

    You can mention these points as well if they are relevant:

    • API documentation is in their header files (see include)
    • API input parameters must have a specific order (see include/secp256k1.h)
    • To ensure algorithm correctness, exhaustive testing is performed on a smaller subgroup of secp256k1-like curves using all possible scalars and group elements (see src/tests_exhaustive.c)
    • There is a custom run_benchmark function available to evaluate the runtime performance of APIs, measuring min, avg, and max execution times (see src/bench.h)
  8. jonasnick force-pushed on Dec 1, 2023
  9. jonasnick commented at 7:18 pm on December 1, 2023: contributor

    @siv2r Thanks. I incorporated your suggestions, except:

    API documentation is in their header files (see include)

    I don’t think the CONTRIBUTING.md is the right place for that because this information is relevant to all users, not just developers of the library.

  10. in CONTRIBUTING.md:58 in 02a091b16c outdated
    53+
    54+#### Style Conventions
    55+
    56+- Commits should be atomic and diffs should be easy to read. For this reason, do not mix any formatting fixes or code moves with actual code changes. Make sure each individual commit is hygienic: that it builds successfully on its own without warnings, errors, regressions, or test failures.
    57+- Use `void *ptr` instead of `void* ptr`.
    58+- Avoid trailing whitespaces.
    


    real-or-random commented at 12:24 pm on December 4, 2023:
    0- Avoid trailing whitespace.
    
  11. in CONTRIBUTING.md:64 in 02a091b16c outdated
    59+
    60+### Tests
    61+
    62+#### Coverage
    63+
    64+This library aims to have full coverage of the reachable lines and branches.
    


    real-or-random commented at 12:25 pm on December 4, 2023:
    0This library aims to have full coverage of reachable lines and branches.
    
  12. in CONTRIBUTING.md:104 in 02a091b16c outdated
    83+#### Exhaustive Tests
    84+
    85+There are tests of several functions in which a small group replaces secp256k1.
    86+These tests are *exhaustive* since they provide all elements and scalars of the small group as input arguments (see [src/tests_exhaustive.c]).
    87+
    88+
    


    real-or-random commented at 12:26 pm on December 4, 2023:
    nit: one empty line is enough
  13. in README.md:8 in 02a091b16c outdated
    4@@ -5,7 +5,7 @@ libsecp256k1
    5 ![Dependencies: None](https://img.shields.io/badge/dependencies-none-success)
    6 [![irc.libera.chat #secp256k1](https://img.shields.io/badge/irc.libera.chat-%23secp256k1-success)](https://web.libera.chat/#secp256k1)
    7 
    8-Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1.
    9+Optimized C library for digital signatures and other cryptographic schemes on curve secp256k1.
    


    real-or-random commented at 12:56 pm on December 4, 2023:

    (I may be quite nitpicky here, but I think this line is rather important because it should become our new “short description” as often included by package managers and also presented at the right-hand side of the GitHub page.)

    I think “other schemes” is a bit strange because “digital signatures” is not a scheme. It’s a “cryptographic primitive”. That word is a bit uncommon outside academia, but I think it’s okay.

    I very much like the wording in the new file: “libsecp256k1 is a library for elliptic curve cryptography”. But yeah, it may still make sense to mention signatures. Here are a few suggestions:

    • Optimized C library for digital signatures and other cryptographic primitives on elliptic curve secp256k1
    • Optimized C library for digital signatures and other cryptography on elliptic curve secp256k1
    • Optimized C library for elliptic curve cryptography (incl. digital signatures) on curve secp256k1
    • Optimized C library for elliptic curve cryptography on curve secp256k1, with a focus on the Bitcoin ecosystem

    Independently, I suggest dropping “Optimized”… It’s not wrong, but I think it made sense when the library was created because performance was by far the main feature. Today, it’s rather a combination of performance and assurance. We could call it “high-performance high-assurance” but I want others to judge this. (Also, it sounds like stolen from djb, and it just makes the description longer.)


    jonasnick commented at 8:07 pm on December 4, 2023:
    Agree that it’s valuable to have a single sentence that describes the lib well. Thanks for the suggestions. I like the first one. Also, I agree with replacing “optimized” with something more descriptive. “High-performance high-assurance” sounds pretty good in my opinion.

    real-or-random commented at 3:45 pm on December 5, 2023:

    “High-performance high-assurance” sounds pretty good in my opinion.

    Okay, let’s take it. :D I think we can certainly claim it.

    A final nit now that I see your new push: “on elliptic curve secp256k1” -> “on the secp256k1 elliptic curve” sounds a bit more natural

    That makes it: High-performance high-assurance C library for digital signatures and other cryptographic primitives on the secp256k1 elliptic curve.

    cc @sipa What do you think about this description line?


    jonasnick commented at 8:49 pm on December 5, 2023:

    “on elliptic curve secp256k1” -> “on the secp256k1 elliptic curve” sounds a bit more natural

    done


    sipa commented at 9:12 pm on December 5, 2023:

    High-performance high-assurance C library for digital signatures and other cryptographic primitives on the secp256k1 elliptic curve.

    ACK

  14. in CONTRIBUTING.md:47 in 02a091b16c outdated
    42+
    43+### Coding Conventions
    44+
    45+In addition, libsecp256k1 tries to maintain the following coding conventions:
    46+
    47+- No runtime heap allocation (e.g., no `malloc`).
    


    real-or-random commented at 12:59 pm on December 4, 2023:
    There are a few exceptions to this rule, e.g., context creation and scratch space. Maybe the rule is rather something like “Runtime heap allocation is always optional” with an additional explanation.

    jonasnick commented at 8:09 pm on December 4, 2023:
    This was mindlessly copied from the README. Added a better explanation.
  15. in CONTRIBUTING.md:30 in 02a091b16c outdated
    25+These are not the only factors taken into account when considering to add new functionality.
    26+The proposed new libsecp256k1 code must be of high quality, including API documentation and tests, as well as featuring a misuse-resistant API design.
    27+
    28+We recommend reaching out to other contributors (see [Communication Channels](#communication-channels)) and get feedback before implementing new functionality.
    29+
    30+## Communication Channels
    


    real-or-random commented at 1:00 pm on December 4, 2023:
    (global, nit:) We only capitalize the first word in README currently
  16. in CONTRIBUTING.md:12 in 02a091b16c outdated
     7+
     8+## Adding new functionality or modules
     9+
    10+The libsecp256k1 project welcomes contributions in the form of new functionality or modules, provided they are within the project's scope.
    11+
    12+It is the responsibility of the contributors to convince the maintainers that the proposed functionality should be merged.
    


    real-or-random commented at 1:01 pm on December 4, 2023:

    style nit:

    0It is the responsibility of the contributors to convince the maintainers that the proposed functionality suits the goals and the scope of the library. 
    

    jonasnick commented at 8:10 pm on December 4, 2023:
    Changed to a slightly different wording.
  17. in CONTRIBUTING.md:18 in 02a091b16c outdated
    13+Contributors are recommended to provide the following in addition to the new code:
    14+
    15+* **Specification:**
    16+    A specification can help significantly in reviewing the new code as it provides documentation and context.
    17+    It may justify various design decisions, give a motivation and outline security goals.
    18+    If the specification contains pseudocode, a reference implementation or test vectors, these could be used to compare with the proposed libsecp256k1 code.
    


    real-or-random commented at 1:01 pm on December 4, 2023:

    style nit:

    0    If the specification contains pseudocode, a reference implementation or test vectors, these can be used to compare with the proposed libsecp256k1 code.
    
  18. in CONTRIBUTING.md:21 in 02a091b16c outdated
    16+    A specification can help significantly in reviewing the new code as it provides documentation and context.
    17+    It may justify various design decisions, give a motivation and outline security goals.
    18+    If the specification contains pseudocode, a reference implementation or test vectors, these could be used to compare with the proposed libsecp256k1 code.
    19+* **Security Arguments:**
    20+    In addition to a defining the security goals, it should be argued that the new functionality meets these goals.
    21+    Depending on the nature of the new functionality, a wide range of security arguments are acceptable, ranging from being 'obviously secure' to rigorous proofs of security.
    


    real-or-random commented at 1:02 pm on December 4, 2023:

    nit:

    0    Depending on the nature of the new functionality, a wide range of security arguments are acceptable, ranging from being "obviously secure" to rigorous proofs of security.
    
  19. in CONTRIBUTING.md:23 in 02a091b16c outdated
    18+    If the specification contains pseudocode, a reference implementation or test vectors, these could be used to compare with the proposed libsecp256k1 code.
    19+* **Security Arguments:**
    20+    In addition to a defining the security goals, it should be argued that the new functionality meets these goals.
    21+    Depending on the nature of the new functionality, a wide range of security arguments are acceptable, ranging from being 'obviously secure' to rigorous proofs of security.
    22+* **Relevance Arguments:**
    23+    The relevance of the new functionality for the Bitcoin space should be argued by outlining clear use cases.
    


    real-or-random commented at 1:03 pm on December 4, 2023:

    style nit:

    0    The relevance of the new functionality for the Bitcoin ecosystem should be argued by outlining clear use cases.
    
  20. in CONTRIBUTING.md:72 in 02a091b16c outdated
    52+- Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h).
    53+
    54+#### Style Conventions
    55+
    56+- Commits should be atomic and diffs should be easy to read. For this reason, do not mix any formatting fixes or code moves with actual code changes. Make sure each individual commit is hygienic: that it builds successfully on its own without warnings, errors, regressions, or test failures.
    57+- Use `void *ptr` instead of `void* ptr`.
    


    real-or-random commented at 1:09 pm on December 4, 2023:
    except for context pointers?

    jonasnick commented at 4:57 pm on December 4, 2023:
    Why? We don’t make an exception for context pointers right now.

    real-or-random commented at 10:55 pm on December 4, 2023:
    Sorry, I was misremembering this
  21. in CONTRIBUTING.md:54 in 02a091b16c outdated
    50+- Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
    51+- Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
    52+- Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h).
    53+
    54+#### Style Conventions
    55+
    


    real-or-random commented at 1:14 pm on December 4, 2023:
    • New code should adhere to the style of existing, in particular surrounding, code. Other than that, we do not enforce strict rules for code formatting.
    • User-facing comment lines in headers should be limited to 80 chars if possible.
    • All identifiers in file scope should start with _secp256k1.

    jonasnick commented at 8:10 pm on December 4, 2023:
    Added the suggested conventions.
  22. in CONTRIBUTING.md:43 in 02a091b16c outdated
    38+
    39+## Contributor Workflow & Peer Review
    40+
    41+The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Core's workflow and review processes described in its [CONTRIBUTING.md](https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md).
    42+
    43+### Coding Conventions
    


    real-or-random commented at 1:19 pm on December 4, 2023:

    A larger addition that comes to my mind is some explanation for ARG_CHECK, VERIFY, VERIFY_CHECK.

    (Could also be done later in another PR. I think the most important thing here to get started with a document…)


    jonasnick commented at 8:11 pm on December 4, 2023:
    That would definitely be useful. I vote for doing it in another PR.
  23. in CONTRIBUTING.md:52 in 02a091b16c outdated
    47+- No runtime heap allocation (e.g., no `malloc`).
    48+- The tests should cover all lines and branches of the library (see [Test coverage](#coverage)).
    49+- Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)).
    50+- Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
    51+- Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
    52+- Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h).
    


    real-or-random commented at 1:19 pm on December 4, 2023:

    nit: should this point go to style conventions?

    Alternatively, and depending on your definition, some of the points I suggested for style conventions should go here… I don’t care too much.


    jonasnick commented at 8:12 pm on December 4, 2023:
    Should have been in style conventions. Moved it.
  24. in CONTRIBUTING.md:86 in 02a091b16c outdated
    81+    $ gcovr --exclude 'src/bench*' --html --html-details -o coverage/coverage.html
    82+
    83+#### Exhaustive Tests
    84+
    85+There are tests of several functions in which a small group replaces secp256k1.
    86+These tests are *exhaustive* since they provide all elements and scalars of the small group as input arguments (see [src/tests_exhaustive.c]).
    


    siv2r commented at 3:22 pm on December 4, 2023:
    0These tests are *exhaustive* since they provide all elements and scalars of the small group as input arguments (see [src/tests_exhaustive.c](src/tests_exhaustive.c)).
    

    jonasnick commented at 8:12 pm on December 4, 2023:
    Thanks, fixed.
  25. Add CONTRIBUTING.md including scope and guidelines for new code 76880e4015
  26. docs: move coverage report instructions to CONTRIBUTING 0922a047fb
  27. jonasnick force-pushed on Dec 4, 2023
  28. in CONTRIBUTING.md:72 in 56d103c334 outdated
    53+
    54+#### Style conventions
    55+
    56+- Commits should be atomic and diffs should be easy to read. For this reason, do not mix any formatting fixes or code moves with actual code changes. Make sure each individual commit is hygienic: that it builds successfully on its own without warnings, errors, regressions, or test failures.
    57+- New code should adhere to the style of existing, in particular surrounding, code. Other than that, we do not enforce strict rules for code formatting.
    58+- Use `void *ptr` instead of `void* ptr`.
    


    real-or-random commented at 4:02 pm on December 5, 2023:

    We forgot the most important thing…

     0- The code conforms to C89. Most notably, that means that only `/* ... */` comments are allowed (no `//` line comments). Moreover, any declarations in a `{ ... }` block (e.g., a function) must appear at the beginning of the block before any statements. When you would like to declare a variable in the middle of a block, you can open a new block:
     1    ```C
     2    void secp256k_foo(void) {
     3        unsigned int x;              /* declaration */
     4        int y = 2*x;                 /* declaration */
     5
     6        x = 17;                      /* statement */
     7        {
     8            int a, b;                /* declaration */
     9
    10            a = x + y;               /* statement */
    11            secp256k_bar(x, &b);     /* statement */
    12        }
    13    }
    14    ```
    15- Use `unsigned int` instead of just `int`.
    16- Use `void *ptr` instead of `void* ptr`.
    

    (Note the indentation with 4 spaces to have the ``` block in the bullet point, I had to look this up…)


    jonasnick commented at 8:46 pm on December 5, 2023:
    added with a slight change to the second bullet point since we use int for booleans.

    real-or-random commented at 10:04 pm on December 5, 2023:

    Ah, lol, I meant to write this: “Use unsigned int instead of just unsigned”. So this was just a remark about spelling out the entire type.

    But yeah, we should add a bullet point about integers, but perhaps in the next PR. It’s a bit more complicated with the stdint.h types etc.

  29. jonasnick force-pushed on Dec 5, 2023
  30. README: update first sentence
    libsecp256k1 has become more than a library for just ECDSA and key tweaking.
    1a432cb982
  31. jonasnick force-pushed on Dec 5, 2023
  32. CONTRIBUTING: add some coding and style conventions 0e5ea62207
  33. jonasnick force-pushed on Dec 6, 2023
  34. sipa commented at 6:33 pm on December 6, 2023: contributor
    ACK 0e5ea6220707d9c96e06efc43bce3d5a3b3a06f2
  35. real-or-random approved
  36. real-or-random commented at 8:16 am on December 7, 2023: contributor
    ACK 0e5ea6220707d9c96e06efc43bce3d5a3b3a06f2
  37. real-or-random merged this on Dec 7, 2023
  38. real-or-random closed this on Dec 7, 2023

  39. real-or-random commented at 8:18 am on December 7, 2023: contributor

    Additional points suggested in this thread:

    • Some explanation for ARG_CHECK, VERIFY, VERIFY_CHECK.
    • Something about integers. It’s a bit more complicated with the stdint.h types etc.
  40. real-or-random cross-referenced this on Dec 7, 2023 from issue Scope of the library by real-or-random

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 02:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me