blake 0.10 permits construction of MAC variants with empty keys, but I don't think this is a valid construction of blake2. Using RFC7693 as reference:

Section 2.5 states the following:

The second (little-endian) byte of the parameter block, "kk", specifies the key size in bytes. Set kk = 00 for unkeyed hashing.

I've to understand this as keyed Blake2 is mutually exclusive with an empty key. Yet Blake2*Mac variants seem to permit this construction with new_with_params. This method will accept an empty key, perform operations to initialize blake2 in keyed mode (e.g. the operations in Section 3.3 that assume kk > 0), but then pass a key length of 0 to new_with_params, which then initializes the parameter block with kk = 0x00.

This results in a keyed construction of blake2 buffers with unkeyed initialization which seems incorrect?

If I'm correct, then I think we either need to special-case the empty key when provided to the MAC variants or have empty keys return an error?