Stabilize BLS signatures and implement host functions

substrate/client/consensus/beefy/Cargo.toml

@@ -47,12 +47,3 @@ serde = { workspace = true, default-features = true }
 sp-mmr-primitives = { workspace = true, default-features = true }
 sp-tracing = { workspace = true, default-features = true }
 substrate-test-runtime-client = { workspace = true }
-
-[features]
-# This feature adds BLS crypto primitives. It should not be used in production since
-# the BLS implementation and interface may still be subject to significant change.
-bls-experimental = [
-	"sp-application-crypto/bls-experimental",
-	"sp-consensus-beefy/bls-experimental",
-	"sp-core/bls-experimental",
-]

substrate/client/consensus/beefy/src/keystore.rs

@@ -19,9 +19,7 @@ use codec::Decode;
 use log::warn;
 
 use sp_application_crypto::{key_types::BEEFY as BEEFY_KEY_TYPE, AppCrypto, RuntimeAppPublic};
-#[cfg(feature = "bls-experimental")]
-use sp_core::ecdsa_bls381;
-use sp_core::{ecdsa, keccak_256};
+use sp_core::{ecdsa, ecdsa_bls381, keccak_256};
 
 use sp_keystore::KeystorePtr;
 use std::marker::PhantomData;
@@ -99,7 +97,6 @@ impl<AuthorityId: AuthorityIdBound> BeefyKeystore<AuthorityId> {
 				sig_ref.to_vec()
 			},
 
-			#[cfg(feature = "bls-experimental")]
 			ecdsa_bls381::CRYPTO_ID => {
 				let public: ecdsa_bls381::Public =
 					ecdsa_bls381::Public::try_from(public.as_slice()).unwrap();
@@ -145,7 +142,6 @@ impl<AuthorityId: AuthorityIdBound> BeefyKeystore<AuthorityId> {
 					))
 				}),
 
-			#[cfg(feature = "bls-experimental")]
 			ecdsa_bls381::CRYPTO_ID => store
 				.ecdsa_bls381_public_keys(BEEFY_KEY_TYPE)
 				.drain(..)
@@ -183,10 +179,8 @@ impl<AuthorityId: AuthorityIdBound> From<Option<KeystorePtr>> for BeefyKeystore<
 
 #[cfg(test)]
 pub mod tests {
-	#[cfg(feature = "bls-experimental")]
-	use sp_consensus_beefy::ecdsa_bls_crypto;
 	use sp_consensus_beefy::{
-		ecdsa_crypto,
+		ecdsa_bls_crypto, ecdsa_crypto,
 		test_utils::{BeefySignerAuthority, Keyring},
 	};
 	use sp_core::Pair as PairT;
@@ -253,7 +247,6 @@ pub mod tests {
 				let pk = store.ecdsa_generate_new(key_type, optional_seed.as_deref()).ok().unwrap();
 				AuthorityId::decode(&mut pk.as_ref()).unwrap()
 			},
-			#[cfg(feature = "bls-experimental")]
 			ecdsa_bls381::CRYPTO_ID => {
 				let pk = store
 					.ecdsa_bls381_generate_new(key_type, optional_seed.as_deref())
@@ -270,7 +263,6 @@ pub mod tests {
 		pair_verify_should_work::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 	fn pair_verify_should_work_ecdsa_n_bls() {
 		pair_verify_should_work::<ecdsa_bls_crypto::AuthorityId>();
@@ -338,7 +330,6 @@ pub mod tests {
 		pair_works::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 	fn ecdsa_n_bls_pair_works() {
 		pair_works::<ecdsa_bls_crypto::AuthorityId>();
@@ -379,7 +370,6 @@ pub mod tests {
 		authority_id_works::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 	fn authority_id_works_for_ecdsa_n_bls() {
 		authority_id_works::<ecdsa_bls_crypto::AuthorityId>();
@@ -414,7 +404,6 @@ pub mod tests {
 		sign_works::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 	fn sign_works_for_ecdsa_n_bls() {
 		sign_works::<ecdsa_bls_crypto::AuthorityId>();
@@ -449,7 +438,6 @@ pub mod tests {
 		sign_error::<ecdsa_crypto::AuthorityId>("ecdsa_sign_prehashed() failed");
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 	fn sign_error_for_ecdsa_n_bls() {
 		sign_error::<ecdsa_bls_crypto::AuthorityId>("bls381_sign()  failed");
@@ -498,7 +486,6 @@ pub mod tests {
 		verify_works::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 
 	fn verify_works_for_ecdsa_n_bls() {
@@ -550,7 +537,6 @@ pub mod tests {
 		public_keys_works::<ecdsa_crypto::AuthorityId>();
 	}
 
-	#[cfg(feature = "bls-experimental")]
 	#[test]
 
 	fn public_keys_works_for_ecdsa_n_bls() {

substrate/client/keystore/Cargo.toml

@@ -29,14 +29,6 @@ thiserror = { workspace = true }
 tempfile = { workspace = true }
 
 [features]
-# This feature adds BLS crypto primitives.
-# It should not be used in production since the implementation and interface may still
-# be subject to significant changes.
-bls-experimental = [
-	"sp-core/bls-experimental",
-	"sp-keystore/bls-experimental",
-]
-
 # This feature adds Bandersnatch crypto primitives.
 # It should not be used in production since the implementation and interface may still
 # be subject to significant changes.

substrate/client/keystore/src/local.rs

@@ -37,9 +37,9 @@ sp_keystore::bandersnatch_experimental_enabled! {
 use sp_core::bandersnatch;
 }
 
-sp_keystore::bls_experimental_enabled! {
-use sp_core::{bls381, ecdsa_bls381, KeccakHasher, proof_of_possession::ProofOfPossessionGenerator};
-}
+use sp_core::{
+	bls381, ecdsa_bls381, proof_of_possession::ProofOfPossessionGenerator, KeccakHasher,
+};
 
 use crate::{Error, Result};
 
@@ -142,20 +142,18 @@ impl LocalKeystore {
 		Ok(pre_output)
 	}
 
-	sp_keystore::bls_experimental_enabled! {
-		fn generate_proof_of_possession<T: CorePair + ProofOfPossessionGenerator>(
-			&self,
-			key_type: KeyTypeId,
-			public: &T::Public,
-			owner: &[u8],
-		) -> std::result::Result<Option<T::ProofOfPossession>, TraitError> {
-			let proof_of_possession = self
-				.0
-				.read()
-				.key_pair_by_type::<T>(public, key_type)?
-				.map(|mut pair| pair.generate_proof_of_possession(owner));
-			Ok(proof_of_possession)
-		}
+	fn generate_proof_of_possession<T: CorePair + ProofOfPossessionGenerator>(
+		&self,
+		key_type: KeyTypeId,
+		public: &T::Public,
+		owner: &[u8],
+	) -> std::result::Result<Option<T::ProofOfPossession>, TraitError> {
+		let proof_of_possession = self
+			.0
+			.read()
+			.key_pair_by_type::<T>(public, key_type)?
+			.map(|mut pair| pair.generate_proof_of_possession(owner));
+		Ok(proof_of_possession)
 	}
 }
 
@@ -349,92 +347,93 @@ impl Keystore for LocalKeystore {
 		}
 	}
 
-	sp_keystore::bls_experimental_enabled! {
-		fn bls381_public_keys(&self, key_type: KeyTypeId) -> Vec<bls381::Public> {
-			self.public_keys::<bls381::Pair>(key_type)
-		}
+	fn bls381_public_keys(&self, key_type: KeyTypeId) -> Vec<bls381::Public> {
+		self.public_keys::<bls381::Pair>(key_type)
+	}
 
-		/// Generate a new pair compatible with the 'bls381' signature scheme.
-		///
-		/// If `[seed]` is `Some` then the key will be ephemeral and stored in memory.
-		fn bls381_generate_new(
-			&self,
-			key_type: KeyTypeId,
-			seed: Option<&str>,
-		) -> std::result::Result<bls381::Public, TraitError> {
-			self.generate_new::<bls381::Pair>(key_type, seed)
-		}
+	/// Generate a new pair compatible with the 'bls381' signature scheme.
+	///
+	/// If `[seed]` is `Some` then the key will be ephemeral and stored in memory.
+	fn bls381_generate_new(
+		&self,
+		key_type: KeyTypeId,
+		seed: Option<&str>,
+	) -> std::result::Result<bls381::Public, TraitError> {
+		self.generate_new::<bls381::Pair>(key_type, seed)
+	}
 
-		fn bls381_sign(
-			&self,
-			key_type: KeyTypeId,
-			public: &bls381::Public,
-			msg: &[u8],
-		) -> std::result::Result<Option<bls381::Signature>, TraitError> {
-			self.sign::<bls381::Pair>(key_type, public, msg)
-		}
+	fn bls381_sign(
+		&self,
+		key_type: KeyTypeId,
+		public: &bls381::Public,
+		msg: &[u8],
+	) -> std::result::Result<Option<bls381::Signature>, TraitError> {
+		self.sign::<bls381::Pair>(key_type, public, msg)
+	}
 
-		fn bls381_generate_proof_of_possession(
-			&self,
-			key_type: KeyTypeId,
-			public: &bls381::Public,
-			owner: &[u8],
-		) -> std::result::Result<Option<bls381::ProofOfPossession>, TraitError> {
-			self.generate_proof_of_possession::<bls381::Pair>(key_type, public, owner)
-		}
+	fn bls381_generate_proof_of_possession(
+		&self,
+		key_type: KeyTypeId,
+		public: &bls381::Public,
+		owner: &[u8],
+	) -> std::result::Result<Option<bls381::ProofOfPossession>, TraitError> {
+		self.generate_proof_of_possession::<bls381::Pair>(key_type, public, owner)
+	}
 
-		fn ecdsa_bls381_public_keys(&self, key_type: KeyTypeId) -> Vec<ecdsa_bls381::Public> {
-			self.public_keys::<ecdsa_bls381::Pair>(key_type)
-		}
+	fn ecdsa_bls381_public_keys(&self, key_type: KeyTypeId) -> Vec<ecdsa_bls381::Public> {
+		self.public_keys::<ecdsa_bls381::Pair>(key_type)
+	}
 
-		/// Generate a new pair of paired-keys compatible with the '(ecdsa,bls381)' signature scheme.
-		///
-		/// If `[seed]` is `Some` then the key will be ephemeral and stored in memory.
-		fn ecdsa_bls381_generate_new(
-			&self,
-			key_type: KeyTypeId,
-			seed: Option<&str>,
-		) -> std::result::Result<ecdsa_bls381::Public, TraitError> {
-			let pubkey = self.generate_new::<ecdsa_bls381::Pair>(key_type, seed)?;
+	/// Generate a new pair of paired-keys compatible with the '(ecdsa,bls381)' signature scheme.
+	///
+	/// If `[seed]` is `Some` then the key will be ephemeral and stored in memory.
+	fn ecdsa_bls381_generate_new(
+		&self,
+		key_type: KeyTypeId,
+		seed: Option<&str>,
+	) -> std::result::Result<ecdsa_bls381::Public, TraitError> {
+		let pubkey = self.generate_new::<ecdsa_bls381::Pair>(key_type, seed)?;
 
-			let s = self
-				.0
-				.read()
-				.additional
-				.get(&(key_type, pubkey.to_vec()))
-				.map(|s| s.to_string())
-				.expect("Can retrieve seed");
-
-			// This is done to give the keystore access to individual keys, this is necessary to avoid
-			// unnecessary host functions for paired keys and re-use host functions implemented for each
-			// element of the pair.
-			self.generate_new::<ecdsa::Pair>(key_type, Some(&*s)).expect("seed slice is valid");
-			self.generate_new::<bls381::Pair>(key_type, Some(&*s)).expect("seed slice is valid");
-
-			Ok(pubkey)
-		}
+		let s = self
+			.0
+			.read()
+			.additional
+			.get(&(key_type, pubkey.to_vec()))
+			.map(|s| s.to_string())
+			.expect("Can retrieve seed");
 
-		fn ecdsa_bls381_sign(
-			&self,
-			key_type: KeyTypeId,
-			public: &ecdsa_bls381::Public,
-			msg: &[u8],
-		) -> std::result::Result<Option<ecdsa_bls381::Signature>, TraitError> {
-			self.sign::<ecdsa_bls381::Pair>(key_type, public, msg)
-		}
+		// This is done to give the keystore access to individual keys, this is necessary to avoid
+		// unnecessary host functions for paired keys and re-use host functions implemented for each
+		// element of the pair.
+		self.generate_new::<ecdsa::Pair>(key_type, Some(&*s))
+			.expect("seed slice is valid");
+		self.generate_new::<bls381::Pair>(key_type, Some(&*s))
+			.expect("seed slice is valid");
 
-		fn ecdsa_bls381_sign_with_keccak256(
-			&self,
-			key_type: KeyTypeId,
-			public: &ecdsa_bls381::Public,
-			msg: &[u8],
-		) -> std::result::Result<Option<ecdsa_bls381::Signature>, TraitError> {
-			 let sig = self.0
+		Ok(pubkey)
+	}
+
+	fn ecdsa_bls381_sign(
+		&self,
+		key_type: KeyTypeId,
+		public: &ecdsa_bls381::Public,
+		msg: &[u8],
+	) -> std::result::Result<Option<ecdsa_bls381::Signature>, TraitError> {
+		self.sign::<ecdsa_bls381::Pair>(key_type, public, msg)
+	}
+
+	fn ecdsa_bls381_sign_with_keccak256(
+		&self,
+		key_type: KeyTypeId,
+		public: &ecdsa_bls381::Public,
+		msg: &[u8],
+	) -> std::result::Result<Option<ecdsa_bls381::Signature>, TraitError> {
+		let sig = self
+			.0
 			.read()
 			.key_pair_by_type::<ecdsa_bls381::Pair>(public, key_type)?
 			.map(|pair| pair.sign_with_hasher::<KeccakHasher>(msg));
-			Ok(sig)
-		}
+		Ok(sig)
 	}
 }
 
@@ -861,7 +860,6 @@ mod tests {
 	}
 
 	#[test]
-	#[cfg(feature = "bls-experimental")]
 	fn ecdsa_bls381_generate_with_none_works() {
 		use sp_core::testing::ECDSA_BLS381;
 
@@ -889,7 +887,6 @@ mod tests {
 	}
 
 	#[test]
-	#[cfg(feature = "bls-experimental")]
 	fn ecdsa_bls381_generate_with_seed_works() {
 		use sp_core::testing::ECDSA_BLS381;
 

substrate/primitives/application-crypto/Cargo.toml

@@ -48,11 +48,6 @@ full_crypto = [
 	"sp-io/disable_panic_handler",
 ]
 
-# This feature adds BLS crypto primitives.
-# It should not be used in production since the implementation and interface may still
-# be subject to significant changes.
-bls-experimental = ["sp-core/bls-experimental", "sp-io/bls-experimental"]
-
 # This feature adds Bandersnatch crypto primitives.
 # It should not be used in production since the implementation and interface may still
 # be subject to significant changes.

substrate/primitives/application-crypto/check-features-variants.sh

@@ -10,5 +10,3 @@ cargo check --release --target=$T --no-default-features  --features="full_crypto
 cargo check --release --target=$T --no-default-features  --features="serde"
 cargo check --release --target=$T --no-default-features  --features="serde,full_crypto"
 cargo check --release --target=$T --no-default-features  --features="bandersnatch-experimental"
-cargo check --release --target=$T --no-default-features  --features="bls-experimental"
-cargo check --release --target=$T --no-default-features  --features="bls-experimental,full_crypto"

substrate/primitives/application-crypto/src/lib.rs

@@ -47,10 +47,8 @@ pub use serde;
 
 #[cfg(feature = "bandersnatch-experimental")]
 pub mod bandersnatch;
-#[cfg(feature = "bls-experimental")]
 pub mod bls381;
 pub mod ecdsa;
-#[cfg(feature = "bls-experimental")]
 pub mod ecdsa_bls381;
 pub mod ed25519;
 pub mod sr25519;

substrate/primitives/application-crypto/test/Cargo.toml

@@ -22,6 +22,3 @@ sp-core = { workspace = true }
 sp-keystore = { workspace = true }
 sp-tracing = { workspace = true, default-features = true }
 substrate-test-runtime-client = { workspace = true }
-
-[features]
-bls-experimental = ["substrate-test-runtime-client/bls-experimental"]