pr suggestions part 1

Author: Velin92

MatrixSDK/Crypto/KeyBackup/MXKeyBackupPassword.h

@@ -34,17 +34,6 @@ NS_ASSUME_NONNULL_BEGIN
  */
 + (nullable NSData *)generatePrivateKeyWithPassword:(NSString*)password salt:(NSString * _Nullable *_Nonnull)salt iterations:(NSUInteger*)iterations error:(NSError * _Nullable *)error;
 
-/**
- Retrieve a private key from {password, salt, iterations}
-
- @param password the password used to generated the private key.
- @param salt the salt.
- @param iterations number of key derivations
- @param error the output error
- @return a private key.
- */
-+ (nullable NSData *)retrievePrivateKeyWithPassword:(NSString*)password salt:(NSString*)salt iterations:(NSUInteger)iterations error:(NSError * _Nullable *)error;
-
 @end
 
 NS_ASSUME_NONNULL_END

MatrixSDK/Crypto/KeyBackup/MXKeyBackupPassword.m

@@ -39,9 +39,4 @@ + (NSData *)generatePrivateKeyWithPassword:(NSString *)password salt:(NSString *
     return nil;
 }
 
-+ (NSData *)retrievePrivateKeyWithPassword:(NSString *)password salt:(NSString *)salt iterations:(NSUInteger)iterations error:(NSError *__autoreleasing  _Nullable *)error
-{
-    return nil;
-}
-
 @end

MatrixSDK/Crypto/KeyBackup/MXRecoveryKey.m

@@ -69,6 +69,20 @@ + (NSData *)decode:(NSString *)recoveryKey error:(NSError **)error
                                             }];
         return nil;
     }
+    
+    if (result.length !=
+        sizeof(kOlmRecoveryKeyPrefix) + [OLMPkDecryption privateKeyLength] + 1)
+    {
+        if (error)
+        {
+            *error = [NSError errorWithDomain:MXRecoveryKeyErrorDomain
+                                         code:MXRecoveryKeyErrorLengthCode
+                                     userInfo:@{
+                NSLocalizedDescriptionKey: @"Incorrect length",
+            }];
+        }
+        return nil;
+    }
 
     // Check the checksum
     UInt8 parity = 0;

MatrixSDK/Crypto/Recovery/MXRecoveryService.h

@@ -222,21 +222,6 @@ typedef NS_ENUM(NSInteger, MXRecoveryServiceErrorCode)
  */
 - (nullable NSData*)privateKeyFromRecoveryKey:(NSString*)recoveryKey error:(NSError**)error;
 
-/**
- Convert a passphrase into the private key.
- 
- This method is supposed to take time to avoid brut force attacks.
- 
- @param passphrase the passphrase
- 
- @param success A block object called when the operation succeeds.
- @param failure A block object called when the operation fails.
- */
-- (void)privateKeyFromPassphrase:(NSString*)passphrase
-                         success:(void (^)(NSData *privateKey))success
-                         failure:(void (^)(NSError *error))failure;
-
-
 @end
 
 NS_ASSUME_NONNULL_END

MatrixSDK/Crypto/Recovery/MXRecoveryService.m

@@ -769,60 +769,6 @@ - (nullable NSData*)privateKeyFromRecoveryKey:(NSString*)recoveryKey error:(NSEr
     return privateKey;
 }
 
-- (void)privateKeyFromPassphrase:(NSString*)passphrase
-                         success:(void (^)(NSData *privateKey))success
-                         failure:(void (^)(NSError *error))failure
-{
-    NSString *recoveryId = self.recoveryId;
-    if (!recoveryId)
-    {
-        // No SSSS
-        NSError *error = [NSError errorWithDomain:MXRecoveryServiceErrorDomain
-                                             code:MXRecoveryServiceNoSSSSErrorCode
-                                         userInfo:@{
-                                                    NSLocalizedDescriptionKey: @"MXRecoveryService: The account has no secret storage",
-                                                    }];
-        failure(error);
-        return;
-    }
-    
-    MXSecretStorageKeyContent *keyContent = [self.dependencies.secretStorage keyWithKeyId:self.recoveryId];
-    if (!keyContent.passphrase)
-    {
-        // No passphrase
-        NSError *error = [NSError errorWithDomain:MXRecoveryServiceErrorDomain
-                                             code:MXRecoveryServiceNotProtectedByPassphraseErrorCode
-                                         userInfo:@{
-                                                    NSLocalizedDescriptionKey: @"MXRecoveryService: Secret storage not protected by a passphrase",
-                                                    }];
-        failure(error);
-        return;
-    }
-    
-    
-    // Go to a queue for derivating the passphrase into a recovery key
-    dispatch_async(self.dependencies.cryptoQueue, ^{
-        
-        NSError *error;
-        NSData *privateKey = [MXKeyBackupPassword retrievePrivateKeyWithPassword:passphrase
-                                                                            salt:keyContent.passphrase.salt
-                                                                      iterations:keyContent.passphrase.iterations
-                                                                           error:&error];
-        
-        
-        dispatch_async(dispatch_get_main_queue(), ^{
-            if (privateKey)
-            {
-                success(privateKey);
-            }
-            else
-            {
-                failure(error);
-            }
-        });
-    });
-}
-
 
 #pragma mark - Private methods -
 

MatrixSDKTests/MXCryptoRecoveryServiceTests.m

@@ -111,47 +111,6 @@ - (void)doTestWithAliceWithCrossSigningAndKeyBackup:(XCTestCase*)testCase
     }];
 }
 
-// Test privateKeyFromRecoveryKey & privateKeyFromPassphrase
-//
-// - Have Alice with cross-signing bootstrapped
-// - Create a recovery with a passphrase
-// -> privateKeyFromRecoveryKey must return the same private key
-// -> privateKeyFromPassphrase must return the same private key
-- (void)testPrivateKeyTools
-{
-    // - Have Alice with cross-signing bootstrapped
-    [self doTestWithAliceWithCrossSigning:self readyToTest:^(MXSession *aliceSession, NSString *roomId, XCTestExpectation *expectation) {
-        
-        MXRecoveryService *recoveryService = aliceSession.crypto.recoveryService;
-        
-        // - Create a recovery with a passphrase
-        NSString *passphrase = @"A passphrase";
-        [recoveryService createRecoveryForSecrets:nil withPassphrase:passphrase createServicesBackups:NO  success:^(MXSecretStorageKeyCreationInfo * _Nonnull keyCreationInfo) {
-            
-            // -> privateKeyFromRecoveryKey must return the same private key
-            NSError *error;
-            NSData *privateKeyFromRecoveryKey = [recoveryService privateKeyFromRecoveryKey:keyCreationInfo.recoveryKey error:&error];
-            XCTAssertNil(error);
-            XCTAssertEqualObjects(privateKeyFromRecoveryKey, keyCreationInfo.privateKey);
-            
-            // -> privateKeyFromPassphrase must return the same private key
-            [recoveryService privateKeyFromPassphrase:passphrase success:^(NSData * _Nonnull privateKey) {
-                
-                XCTAssertEqualObjects(privateKey, keyCreationInfo.privateKey);
-                
-                [expectation fulfill];
-            } failure:^(NSError * _Nonnull error) {
-                XCTFail(@"The operation should not fail - NSError: %@", error);
-                [expectation fulfill];
-            }];
-            
-        } failure:^(NSError * _Nonnull error) {
-            XCTFail(@"The operation should not fail - NSError: %@", error);
-            [expectation fulfill];
-        }];
-    }];
-}
-
 
 // Test bad recovery key string format
 //
@@ -179,55 +138,6 @@ - (void)testBadRecoveryKeyFormat
     }];
 }
 
-// Test wrong private key
-//
-// - Have Alice with cross-signing bootstrapped
-// - Create a recovery with a passphrase
-// - Build a bad recovery key from a bad passphrase
-// - Try to recover with this bad key
-// -> It must error with expected NSError domain and code
-- (void)testWrongRecoveryKey
-{
-    // - Have Alice with cross-signing bootstrapped
-    [self doTestWithAliceWithCrossSigning:self readyToTest:^(MXSession *aliceSession, NSString *roomId, XCTestExpectation *expectation) {
-        
-        MXRecoveryService *recoveryService = aliceSession.crypto.recoveryService;
-        
-        // - Create a recovery with a passphrase
-        [recoveryService createRecoveryForSecrets:nil withPassphrase:@"A passphrase" createServicesBackups:NO success:^(MXSecretStorageKeyCreationInfo * _Nonnull keyCreationInfo) {
-            
-            // - Build a bad recovery key from a bad passphrase
-            [recoveryService privateKeyFromPassphrase:@"A bad passphrase" success:^(NSData * _Nonnull badPrivateKey) {
-                
-                // - Try to recover with this bad key
-                [recoveryService recoverSecrets:nil withPrivateKey:badPrivateKey recoverServices:NO success:^(MXSecretRecoveryResult * _Nonnull recoveryResult) {
-                    
-                    XCTFail(@"The operation should not succeed");
-                    [expectation fulfill];
-                    
-                } failure:^(NSError * _Nonnull error) {
-                    
-                    // -> It must error with expected NSError domain and code
-                    XCTAssertNotNil(error);
-                    XCTAssertEqualObjects(error.domain, MXRecoveryServiceErrorDomain);
-                    XCTAssertEqual(error.code, MXRecoveryServiceBadRecoveryKeyErrorCode);
-                    
-                    [expectation fulfill];
-                }];
-
-            } failure:^(NSError * _Nonnull error) {
-                XCTFail(@"The operation should not fail - NSError: %@", error);
-                [expectation fulfill];
-            }];
-            
-        } failure:^(NSError * _Nonnull error) {
-            XCTFail(@"The operation should not fail - NSError: %@", error);
-            [expectation fulfill];
-        }];
-    }];
-}
-
-
 // Test createRecoveryForSecrets when there is already a key backup with the private key stored locally
 //
 // - Have Alice with cross-signing and key backup bootstrapped