Use case for const eval - Domain Separated Hash

[elichai]

Hi, @oli-obk You asked for use cases so this is on you ;) I think that being able to hash in a const fn is a needed use case in production. Domain separation between hashing different messages is good practice in cryptography [0],[1],[2] so I'd want to do something along these lines: const TaggedHashAppA: Sha256 = Sha256::new().input(b"AppA") or even:

const TagAppA: [u8; 32] = Sha256::new().input("AppA").finalize();
const TaggedHashAppA: Sha256 = Sha256::new().input(&TagAppA).input(&TagAppA);

you'll then use it like that:

let mut hashing = TaggedHashAppA;
hashing.input(&msg);
let hash = hashing.finalize();

This is a naive implementation that manages to do everything under const eval (you can search for "Replacement" to see stuff I had to replace to make it work) except the input function on line 60 https://play.rust-lang.org/?version=nightly&mode=debug&edition=2018&gist=2a3be44298313834597b0e834a6050af

Had to replace: W[..16].copy_from_slice(&block); with:

unsafe {
    let w16 = &mut W as *mut [u32] as *mut [u32; 16];
    *w16 = block;
}

And unroll a couple of loops.

[0] https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-05#section-2.2.5 [1] https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf Section 2.3 "Domain Separation" [2] https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki "Tagged Hashes"

[Centril]

@oli-obk should we move this to the const eval repo?