Support for keyring in runtimes (#2044)

This functionality is required for #1984.

This PR enables
[`sp-keyring`](https://github.com/paritytech/polkadot-sdk/blob/21d36b7b4229c4d5225944f197918cde23fda4ea/substrate/primitives/keyring/src/sr25519.rs#L31-L40)
in `no-std` environments, allowing to generate the public key (e.g.
`AccountKeyring::Alice.public().to_ss58check()`), which can be later
used in the any of built-in [_runtime-genesis-config_
variant](https://github.com/paritytech/polkadot-sdk/blob/21d36b7b4229c4d5225944f197918cde23fda4ea/polkadot/node/service/src/chain_spec.rs#L1066-L1073).


The proposal is as follows:
- expose [`core::Pair`
trait](https://github.com/paritytech/polkadot-sdk/blob/d6f15306282e3de848a09c9aa9cba6f95a7811f0/substrate/primitives/core/src/crypto.rs#L832)
in `no-std`,
- `full_crypto` feature enables `sign` method,
- `std` feature enables `generate_with_phrase` and `generate` methods
(randomness is required),
- All other functionality, currently gated by `full_crypto` will be
available unconditionally (`no-std`):
-- `from_string`
-- `from_string_with_seed`
-- `from seed`
-- `from_seed_slice`
-- `from_phrase`
-- `derive`
-- `verify`

---

Depends on rust-bitcoin/rust-bip39#57

---------

Co-authored-by: command-bot <>
Co-authored-by: Davide Galassi <davxy@datawok.net>

.gitlab/pipeline/check.yml

@@ -259,3 +259,19 @@ find-fail-ci-phrase:
       echo "No $ASSERT_REGEX was found, exiting with 0";
       exit 0;
       fi
+
+check-core-crypto-features:
+  stage: check
+  extends:
+    - .docker-env
+    - .common-refs
+  script:
+    - pushd substrate/primitives/core
+    - ./check-features-variants.sh
+    - popd
+    - pushd substrate/primitives/application-crypto
+    - ./check-features-variants.sh
+    - popd
+    - pushd substrate/primitives/keyring
+    - ./check-features-variants.sh
+    - popd

substrate/client/cli/Cargo.toml

@@ -32,7 +32,8 @@ rpassword = "7.0.0"
 serde = { workspace = true, default-features = true }
 serde_json = { workspace = true, default-features = true }
 thiserror = { workspace = true }
-bip39 = "2.0.0"
+# personal fork here as workaround for: https://github.com/rust-bitcoin/rust-bip39/pull/64
+bip39 = { features = ["rand"], git = "https://github.com/michalkucharczyk/rust-bip39.git", branch = "mku-unicode-normalization-in-no-std" }
 tokio = { version = "1.22.0", features = ["parking_lot", "rt-multi-thread", "signal"] }
 sc-client-api = { path = "../api" }
 sc-client-db = { path = "../db", default-features = false }

substrate/client/cli/src/commands/generate.rs

@@ -64,7 +64,7 @@ impl GenerateCmd {
 		let password = self.keystore_params.read_password()?;
 		let output = self.output_scheme.output_type;
 
-		let phrase = mnemonic.word_iter().join(" ");
+		let phrase = mnemonic.words().join(" ");
 
 		with_crypto_scheme!(
 			self.crypto_scheme.scheme,

substrate/primitives/application-crypto/check-features-variants.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env -S bash -eux
+
+export RUSTFLAGS="-Cdebug-assertions=y -Dwarnings"
+T=wasm32-unknown-unknown
+cargo check --release 
+cargo check --release --target=$T --no-default-features
+cargo check --release --target=$T --no-default-features  --features="full_crypto"
+cargo check --release --target=$T --no-default-features  --features="serde"
+cargo check --release --target=$T --no-default-features  --features="serde,full_crypto"
+cargo check --release --target=$T --no-default-features  --features="bandersnatch-experimental"
+cargo check --release --target=$T --no-default-features  --features="bls-experimental"
+cargo check --release --target=$T --no-default-features  --features="bls-experimental,full_crypto"

substrate/primitives/application-crypto/src/bls377.rs

@@ -19,14 +19,13 @@
 use crate::{KeyTypeId, RuntimePublic};
 
 pub use sp_core::bls::bls377::*;
+use sp_std::vec::Vec;
 
 mod app {
 	crate::app_crypto!(super, sp_core::testing::BLS377);
 }
 
-#[cfg(feature = "full_crypto")]
-pub use app::Pair as AppPair;
-pub use app::{Public as AppPublic, Signature as AppSignature};
+pub use app::{Pair as AppPair, Public as AppPublic, Signature as AppSignature};
 
 impl RuntimePublic for Public {
 	type Signature = Signature;

substrate/primitives/application-crypto/src/ecdsa.rs

@@ -27,9 +27,7 @@ mod app {
 	crate::app_crypto!(super, sp_core::testing::ECDSA);
 }
 
-#[cfg(feature = "full_crypto")]
-pub use app::Pair as AppPair;
-pub use app::{Public as AppPublic, Signature as AppSignature};
+pub use app::{Pair as AppPair, Public as AppPublic, Signature as AppSignature};
 
 impl RuntimePublic for Public {
 	type Signature = Signature;

substrate/primitives/application-crypto/src/ecdsa_bls377.rs

@@ -18,6 +18,7 @@
 //! ECDSA and BLS12-377 paired crypto applications.
 
 use crate::{KeyTypeId, RuntimePublic};
+use sp_std::vec::Vec;
 
 pub use sp_core::paired_crypto::ecdsa_bls377::*;
 

substrate/primitives/application-crypto/src/ed25519.rs

@@ -27,9 +27,7 @@ mod app {
 	crate::app_crypto!(super, sp_core::testing::ED25519);
 }
 
-#[cfg(feature = "full_crypto")]
-pub use app::Pair as AppPair;
-pub use app::{Public as AppPublic, Signature as AppSignature};
+pub use app::{Pair as AppPair, Public as AppPublic, Signature as AppSignature};
 
 impl RuntimePublic for Public {
 	type Signature = Signature;

substrate/primitives/application-crypto/src/lib.rs

@@ -20,12 +20,9 @@
 #![warn(missing_docs)]
 #![cfg_attr(not(feature = "std"), no_std)]
 
-pub use sp_core::crypto::{key_types, CryptoTypeId, KeyTypeId};
+pub use sp_core::crypto::{key_types, CryptoTypeId, DeriveJunction, KeyTypeId, Ss58Codec};
 #[doc(hidden)]
-#[cfg(feature = "full_crypto")]
 pub use sp_core::crypto::{DeriveError, Pair, SecretStringError};
-#[cfg(any(feature = "full_crypto", feature = "serde"))]
-pub use sp_core::crypto::{DeriveJunction, Ss58Codec};
 #[doc(hidden)]
 pub use sp_core::{
 	self,
@@ -85,7 +82,7 @@ macro_rules! app_crypto {
 			$module::CRYPTO_ID
 		);
 		$crate::app_crypto_signature_common!($module::Signature, $key_type);
-		$crate::app_crypto_pair!($module::Pair, $key_type, $module::CRYPTO_ID);
+		$crate::app_crypto_pair_common!($module::Pair, $key_type, $module::CRYPTO_ID);
 	};
 }
 
@@ -116,13 +113,15 @@ macro_rules! app_crypto {
 			$module::CRYPTO_ID
 		);
 		$crate::app_crypto_signature_common!($module::Signature, $key_type);
+		$crate::app_crypto_pair_common!($module::Pair, $key_type, $module::CRYPTO_ID);
 	};
 }
 
 /// Declares `Pair` type which is functionally equivalent to `$pair`, but is
 /// new application-specific type whose identifier is `$key_type`.
+/// It is a common part shared between full_crypto and non full_crypto environments.
 #[macro_export]
-macro_rules! app_crypto_pair {
+macro_rules! app_crypto_pair_common {
 	($pair:ty, $key_type:expr, $crypto_type:expr) => {
 		$crate::wrap! {
 			/// A generic `AppPublic` wrapper type over $pair crypto; this has no specific App.
@@ -140,7 +139,14 @@ macro_rules! app_crypto_pair {
 			type Signature = Signature;
 
 			$crate::app_crypto_pair_functions_if_std!($pair);
+			$crate::app_crypto_pair_functions_if_full_crypto!($pair);
 
+			fn from_phrase(
+				phrase: &str,
+				password: Option<&str>,
+			) -> Result<(Self, Self::Seed), $crate::SecretStringError> {
+				<$pair>::from_phrase(phrase, password).map(|r| (Self(r.0), r.1))
+			}
 			fn derive<Iter: Iterator<Item = $crate::DeriveJunction>>(
 				&self,
 				path: Iter,
@@ -154,9 +160,6 @@ macro_rules! app_crypto_pair {
 			fn from_seed_slice(seed: &[u8]) -> Result<Self, $crate::SecretStringError> {
 				<$pair>::from_seed_slice(seed).map(Self)
 			}
-			fn sign(&self, msg: &[u8]) -> Self::Signature {
-				Signature(self.0.sign(msg))
-			}
 			fn verify<M: AsRef<[u8]>>(
 				sig: &Self::Signature,
 				message: M,
@@ -203,13 +206,6 @@ macro_rules! app_crypto_pair_functions_if_std {
 			let r = <$pair>::generate_with_phrase(password);
 			(Self(r.0), r.1, r.2)
 		}
-
-		fn from_phrase(
-			phrase: &str,
-			password: Option<&str>,
-		) -> Result<(Self, Self::Seed), $crate::SecretStringError> {
-			<$pair>::from_phrase(phrase, password).map(|r| (Self(r.0), r.1))
-		}
 	};
 }
 
@@ -220,6 +216,25 @@ macro_rules! app_crypto_pair_functions_if_std {
 	($pair:ty) => {};
 }
 
+/// Implements functions for the `Pair` trait when `feature = "full_crypto"` is enabled.
+#[doc(hidden)]
+#[cfg(feature = "full_crypto")]
+#[macro_export]
+macro_rules! app_crypto_pair_functions_if_full_crypto {
+	($pair:ty) => {
+		fn sign(&self, msg: &[u8]) -> Self::Signature {
+			Signature(self.0.sign(msg))
+		}
+	};
+}
+
+#[doc(hidden)]
+#[cfg(not(feature = "full_crypto"))]
+#[macro_export]
+macro_rules! app_crypto_pair_functions_if_full_crypto {
+	($pair:ty) => {};
+}
+
 /// Declares `Public` type which is functionally equivalent to `$public` but is
 /// new application-specific type whose identifier is `$key_type`.
 /// For full functionality, `app_crypto_public_common!` must be called too.
@@ -267,7 +282,7 @@ macro_rules! app_crypto_public_not_full_crypto {
 		$crate::wrap! {
 			/// A generic `AppPublic` wrapper type over $public crypto; this has no specific App.
 			#[derive(
-				Clone, Eq, PartialEq, Ord, PartialOrd,
+				Clone, Eq, Hash, PartialEq, Ord, PartialOrd,
 				$crate::codec::Encode,
 				$crate::codec::Decode,
 				$crate::RuntimeDebug,
@@ -277,10 +292,13 @@ macro_rules! app_crypto_public_not_full_crypto {
 			pub struct Public($public);
 		}
 
-		impl $crate::CryptoType for Public {}
+		impl $crate::CryptoType for Public {
+			type Pair = Pair;
+		}
 
 		impl $crate::AppCrypto for Public {
 			type Public = Public;
+			type Pair = Pair;
 			type Signature = Signature;
 			const ID: $crate::KeyTypeId = $key_type;
 			const CRYPTO_ID: $crate::CryptoTypeId = $crypto_type;
@@ -452,10 +470,13 @@ macro_rules! app_crypto_signature_not_full_crypto {
 			pub struct Signature($sig);
 		}
 
-		impl $crate::CryptoType for Signature {}
+		impl $crate::CryptoType for Signature {
+			type Pair = Pair;
+		}
 
 		impl $crate::AppCrypto for Signature {
 			type Public = Public;
+			type Pair = Pair;
 			type Signature = Signature;
 			const ID: $crate::KeyTypeId = $key_type;
 			const CRYPTO_ID: $crate::CryptoTypeId = $crypto_type;

substrate/primitives/application-crypto/src/sr25519.rs

@@ -27,9 +27,7 @@ mod app {
 	crate::app_crypto!(super, sp_core::testing::SR25519);
 }
 
-#[cfg(feature = "full_crypto")]
-pub use app::Pair as AppPair;
-pub use app::{Public as AppPublic, Signature as AppSignature};
+pub use app::{Pair as AppPair, Public as AppPublic, Signature as AppSignature};
 
 impl RuntimePublic for Public {
 	type Signature = Signature;

substrate/primitives/application-crypto/src/traits.rs

@@ -18,9 +18,7 @@
 use codec::Codec;
 use scale_info::TypeInfo;
 
-#[cfg(feature = "full_crypto")]
-use sp_core::crypto::Pair;
-use sp_core::crypto::{CryptoType, CryptoTypeId, IsWrappedBy, KeyTypeId, Public};
+use sp_core::crypto::{CryptoType, CryptoTypeId, IsWrappedBy, KeyTypeId, Pair, Public};
 use sp_std::{fmt::Debug, vec::Vec};
 
 /// Application-specific cryptographic object.
@@ -45,24 +43,14 @@ pub trait AppCrypto: 'static + Sized + CryptoType {
 	type Signature: AppSignature;
 
 	/// The corresponding key pair type in this application scheme.
-	#[cfg(feature = "full_crypto")]
 	type Pair: AppPair;
 }
 
 /// Type which implements Hash in std, not when no-std (std variant).
-#[cfg(any(feature = "std", feature = "full_crypto"))]
 pub trait MaybeHash: sp_std::hash::Hash {}
-#[cfg(any(feature = "std", feature = "full_crypto"))]
 impl<T: sp_std::hash::Hash> MaybeHash for T {}
 
-/// Type which implements Hash in std, not when no-std (no-std variant).
-#[cfg(all(not(feature = "std"), not(feature = "full_crypto")))]
-pub trait MaybeHash {}
-#[cfg(all(not(feature = "std"), not(feature = "full_crypto")))]
-impl<T> MaybeHash for T {}
-
 /// Application-specific key pair.
-#[cfg(feature = "full_crypto")]
 pub trait AppPair:
 	AppCrypto + Pair<Public = <Self as AppCrypto>::Public, Signature = <Self as AppCrypto>::Signature>
 {