blake2: Refuse empty keys in keyed hash construction (#510)

Author: edward-shen

blake2/src/macros.rs

@@ -274,9 +274,12 @@ macro_rules! blake2_mac_impl {
         {
             /// Create new instance using provided key, salt, and persona.
             ///
-            /// Key length should not be bigger than block size, salt and persona
-            /// length should not be bigger than quarter of block size. If any
-            /// of those conditions is false the method will return an error.
+            /// # Errors
+            ///
+            /// Key length should not be empty or bigger than the block size and
+            /// the salt and persona length should not be bigger than quarter of
+            /// block size. If any of those conditions is false the method will
+            /// return an error.
             #[inline]
             pub fn new_with_salt_and_personal(
                 key: &[u8],
@@ -286,7 +289,7 @@ macro_rules! blake2_mac_impl {
                 let kl = key.len();
                 let bs = <$hash as BlockSizeUser>::BlockSize::USIZE;
                 let qbs = bs / 4;
-                if kl > bs || salt.len() > qbs || persona.len() > qbs {
+                if kl == 0 || kl > bs || salt.len() > qbs || persona.len() > qbs {
                     return Err(InvalidLength);
                 }
                 let mut padded_key = Block::<$hash>::default();

blake2/tests/mac.rs

@@ -27,3 +27,9 @@ fn blake2b_new_test() {
     run::<blake2::Blake2sMac256>(&[0x42; 32]);
     run::<blake2::Blake2bMac512>(&[0x42; 64]);
 }
+
+#[test]
+fn mac_refuses_empty_keys() {
+    assert!(blake2::Blake2bMac512::new_with_salt_and_personal(&[], b"salt", b"persona").is_err());
+    assert!(blake2::Blake2sMac256::new_with_salt_and_personal(&[], b"salt", b"persona").is_err());
+}