Blake2 parameters cannot be used without a key

[threema-lenny]

The personal and salt parameters for Blake2 can only be used in combination with a key because the non-MAC variants don't expose the parameters as input.

I've also tried using the MAC variant with an empty key, but it appears an initial Blake2 round is done with an all-zero key in that case.

Would it be acceptable if we change the signature of the Mac variant so that (either):

1. key is Option, or
2. a key of length 0 does not do the initial Blake2 round?

Or would it be considered a strict violation to use a MAC without a key?

[edward-shen]

Related: #509

I don't think it's correct to even construct a zero-key-length blake2 MAC variant, and right now I think blake 0.10 permits this in a way that leads to incorrect blake2 construction.

[edward-shen]

Closing the loop, #510 was merged to deny constructing zero-length keys for blake2Mac variants.

[threema-lenny]

Thanks for taking care of the empty key construction bit! There's still the use case of using Blake2 without a key but with personal and salt and that's the only reason why I currently have to maintain a fork. But at least #510 makes it more clear what the proposed solution would have to be which is making key an Option.