x/crypto/argon2: fix panic when calling IDKey or Key with keyLen == 0

[psampaz]

Calling IDKey or Key functions using 0 as KeyLen panics. This change fixes this error by returning an empty byte slice.

Fixes golang/go#33583

[gopherbot]

This PR (HEAD: 7e2d075) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/189878 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[guidovranken]

I think it's slightly more technically correct to put this after the time/threads checks directly below

[psampaz]

It seems you are right. Done

[gopherbot]

This PR (HEAD: 205e825) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/189878 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

This PR (HEAD: 096cba9) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/189878 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Zach Jones:

Patch Set 4:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/189878.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Akhil Indurti:

Patch Set 8:

Relaying my comments from the issue here:

Doesn't argon2 expect a minimum keyLen of 4 as per https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-3.1?

In that case, how about intentionally panicking on a keyLen < 4? Something like,

if keyLen < 4 {
    panic("argon2: tag length is too small")
}

The panic is currently happening because blake2b expects a hash size of at least 1, so maybe we should error out instead.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/189878.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Zach Jones:

Patch Set 4:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/189878.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Akhil Indurti:

Patch Set 8:

Relaying my comments from the issue here:

Doesn't argon2 expect a minimum keyLen of 4 as per https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-3.1?

In that case, how about intentionally panicking on a keyLen < 4? Something like,

if keyLen < 4 {
    panic("argon2: tag length is too small")
}

The panic is currently happening because blake2b expects a hash size of at least 1, so maybe we should error out instead.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/189878.
After addressing review feedback, remember to publish your drafts!