Cleanup the documentation to clarify a few concerns developers addressed (#4468)

charlotteliang · web-flow · commit 0eff50593d89 · 2019-12-09T15:29:22.000-08:00
diff --git a/Firebase/InstanceID/CHANGELOG.md b/Firebase/InstanceID/CHANGELOG.md
@@ -1,5 +1,6 @@
 # 2019-12 -- 4.2.8
 - [changed] Added heartbeat support for InstanceID (#4323)
+- [fixed] Fixed the documentations on a few random generation and hash methods to clarify its use case to avoid confusions. (#4469, #4444, #4326)
 
 # 2019-11-05 -- 4.2.7
 - [fixed] Fixed a crash in `checkTokenRefreshPolicyWithIID:` and ensure `tokenWithAuthorizedEntity:scope:options:handler` method is refreshing token if token is not freshed any more. (#4167)
diff --git a/Firebase/InstanceID/FIRInstanceIDCheckinService.m b/Firebase/InstanceID/FIRInstanceIDCheckinService.m
@@ -210,6 +210,9 @@ - (NSDictionary *)checkinParametersWithExistingCheckin:
   NSInteger userNumber = 0;        // Multi Profile may change this.
   NSInteger userSerialNumber = 0;  // Multi Profile may change this
 
+  // This ID is generated for logging purpose and it is only logged for performance
+  // information for backend, not secure information.
+  // TODO(chliang): Talk to backend team to see if this ID is still needed.
   uint32_t loggingID = arc4random();
   NSString *timeZone = [NSTimeZone localTimeZone].name;
   int64_t lastCheckingTimestampMillis = checkinPreferences.lastCheckinTimestampMillis;
diff --git a/Firebase/InstanceID/FIRInstanceIDKeyPairUtilities.m b/Firebase/InstanceID/FIRInstanceIDKeyPairUtilities.m
@@ -30,13 +30,14 @@
   return [encoding encode:data];
 }
 
+// This is NOT used for cryptographic purpose for any encryption or decryption.
+// This is solely to generate a random unique string for instanceID.
 NSData *FIRInstanceIDSHA1(NSData *data) {
-  unsigned int outputLength = CC_SHA1_DIGEST_LENGTH;
-  unsigned char output[outputLength];
+  unsigned char output[CC_SHA1_DIGEST_LENGTH];
   unsigned int length = (unsigned int)[data length];
 
   CC_SHA1(data.bytes, length, output);
-  return [NSMutableData dataWithBytes:output length:outputLength];
+  return [NSMutableData dataWithBytes:output length:CC_SHA1_DIGEST_LENGTH];
 }
 
 NSDictionary *FIRInstanceIDKeyPairQuery(NSString *tag, BOOL addReturnAttr, BOOL returnData) {
@@ -66,6 +67,7 @@
     return nil;
   }
   NSData *publicKeyData = keyPair.publicKeyData;
+  // This is used to generate a unique random string, not for encryption/decryption.
   NSData *publicKeySHA1 = FIRInstanceIDSHA1(publicKeyData);
 
   const uint8_t *bytes = publicKeySHA1.bytes;
