Loading core/java/com/android/internal/widget/LockPatternUtils.java +17 −8 Original line number Diff line number Diff line Loading @@ -359,7 +359,8 @@ public class LockPatternUtils { * @return Whether the password matches any in the history. */ public boolean checkPasswordHistory(String password) { String passwordHashString = new String(passwordToHash(password)); String passwordHashString = new String( passwordToHash(password, getCurrentOrCallingUserId())); String passwordHistory = getString(PASSWORD_HISTORY_KEY); if (passwordHistory == null) { return false; Loading Loading @@ -828,7 +829,7 @@ public class LockPatternUtils { if (passwordHistoryLength == 0) { passwordHistory = ""; } else { byte[] hash = passwordToHash(password); byte[] hash = passwordToHash(password, userHandle); passwordHistory = new String(hash) + "," + passwordHistory; // Cut it to contain passwordHistoryLength hashes // and passwordHistoryLength -1 commas. Loading Loading @@ -944,13 +945,13 @@ public class LockPatternUtils { } } private String getSalt() { long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0); private String getSalt(int userId) { long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0, userId); if (salt == 0) { try { salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); setLong(LOCK_PASSWORD_SALT_KEY, salt); Log.v(TAG, "Initialized lock password salt"); setLong(LOCK_PASSWORD_SALT_KEY, salt, userId); Log.v(TAG, "Initialized lock password salt for user: " + userId); } catch (NoSuchAlgorithmException e) { // Throw an exception rather than storing a password we'll never be able to recover throw new IllegalStateException("Couldn't get SecureRandom number", e); Loading @@ -966,14 +967,14 @@ public class LockPatternUtils { * @param password the gesture pattern. * @return the hash of the pattern in a byte array. */ public byte[] passwordToHash(String password) { public byte[] passwordToHash(String password, int userId) { if (password == null) { return null; } String algo = null; byte[] hashed = null; try { byte[] saltedPassword = (password + getSalt()).getBytes(); byte[] saltedPassword = (password + getSalt(userId)).getBytes(); byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); hashed = (toHex(sha1) + toHex(md5)).getBytes(); Loading Loading @@ -1336,6 +1337,14 @@ public class LockPatternUtils { return true; } private long getLong(String secureSettingKey, long defaultValue, int userHandle) { try { return getLockSettings().getLong(secureSettingKey, defaultValue, userHandle); } catch (RemoteException re) { return defaultValue; } } private long getLong(String secureSettingKey, long defaultValue) { try { return getLockSettings().getLong(secureSettingKey, defaultValue, Loading services/core/java/com/android/server/LockSettingsService.java +3 −2 Original line number Diff line number Diff line Loading @@ -346,7 +346,8 @@ public class LockSettingsService extends ILockSettings.Stub { maybeUpdateKeystore(password, userId); writeFile(getLockPasswordFilename(userId), mLockPatternUtils.passwordToHash(password)); writeFile(getLockPasswordFilename(userId), mLockPatternUtils.passwordToHash(password, userId)); } @Override Loading Loading @@ -391,7 +392,7 @@ public class LockSettingsService extends ILockSettings.Stub { return true; } // Compare the hash from the file with the entered password's hash final byte[] hash = mLockPatternUtils.passwordToHash(password); final byte[] hash = mLockPatternUtils.passwordToHash(password, userId); final boolean matched = Arrays.equals(stored, hash); if (matched && !TextUtils.isEmpty(password)) { maybeUpdateKeystore(password, userId); Loading Loading
core/java/com/android/internal/widget/LockPatternUtils.java +17 −8 Original line number Diff line number Diff line Loading @@ -359,7 +359,8 @@ public class LockPatternUtils { * @return Whether the password matches any in the history. */ public boolean checkPasswordHistory(String password) { String passwordHashString = new String(passwordToHash(password)); String passwordHashString = new String( passwordToHash(password, getCurrentOrCallingUserId())); String passwordHistory = getString(PASSWORD_HISTORY_KEY); if (passwordHistory == null) { return false; Loading Loading @@ -828,7 +829,7 @@ public class LockPatternUtils { if (passwordHistoryLength == 0) { passwordHistory = ""; } else { byte[] hash = passwordToHash(password); byte[] hash = passwordToHash(password, userHandle); passwordHistory = new String(hash) + "," + passwordHistory; // Cut it to contain passwordHistoryLength hashes // and passwordHistoryLength -1 commas. Loading Loading @@ -944,13 +945,13 @@ public class LockPatternUtils { } } private String getSalt() { long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0); private String getSalt(int userId) { long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0, userId); if (salt == 0) { try { salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); setLong(LOCK_PASSWORD_SALT_KEY, salt); Log.v(TAG, "Initialized lock password salt"); setLong(LOCK_PASSWORD_SALT_KEY, salt, userId); Log.v(TAG, "Initialized lock password salt for user: " + userId); } catch (NoSuchAlgorithmException e) { // Throw an exception rather than storing a password we'll never be able to recover throw new IllegalStateException("Couldn't get SecureRandom number", e); Loading @@ -966,14 +967,14 @@ public class LockPatternUtils { * @param password the gesture pattern. * @return the hash of the pattern in a byte array. */ public byte[] passwordToHash(String password) { public byte[] passwordToHash(String password, int userId) { if (password == null) { return null; } String algo = null; byte[] hashed = null; try { byte[] saltedPassword = (password + getSalt()).getBytes(); byte[] saltedPassword = (password + getSalt(userId)).getBytes(); byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); hashed = (toHex(sha1) + toHex(md5)).getBytes(); Loading Loading @@ -1336,6 +1337,14 @@ public class LockPatternUtils { return true; } private long getLong(String secureSettingKey, long defaultValue, int userHandle) { try { return getLockSettings().getLong(secureSettingKey, defaultValue, userHandle); } catch (RemoteException re) { return defaultValue; } } private long getLong(String secureSettingKey, long defaultValue) { try { return getLockSettings().getLong(secureSettingKey, defaultValue, Loading
services/core/java/com/android/server/LockSettingsService.java +3 −2 Original line number Diff line number Diff line Loading @@ -346,7 +346,8 @@ public class LockSettingsService extends ILockSettings.Stub { maybeUpdateKeystore(password, userId); writeFile(getLockPasswordFilename(userId), mLockPatternUtils.passwordToHash(password)); writeFile(getLockPasswordFilename(userId), mLockPatternUtils.passwordToHash(password, userId)); } @Override Loading Loading @@ -391,7 +392,7 @@ public class LockSettingsService extends ILockSettings.Stub { return true; } // Compare the hash from the file with the entered password's hash final byte[] hash = mLockPatternUtils.passwordToHash(password); final byte[] hash = mLockPatternUtils.passwordToHash(password, userId); final boolean matched = Arrays.equals(stored, hash); if (matched && !TextUtils.isEmpty(password)) { maybeUpdateKeystore(password, userId); Loading
