Merge changes Iba3687cb,Iced66ee2 into main

                // Verify the parent credential again, to make sure we have a fresh enough

                // auth token such that getDecryptedPasswordForTiedProfile() inside

                // setLockCredentialInternal() can function correctly.

                verifyCredential(savedCredential, mUserManager.getProfileParent(userId).id,

                        0 /* flags */);

                doVerifyCredential(

                        savedCredential,

                        mUserManager.getProfileParent(userId).id,

                        /* progressCallback= */ null,

                        /* flags= */ 0);

                savedCredential.zeroize();

                savedCredential = LockscreenCredential.createNone();

            }

            passwordHistory = "";

        } else {

            Slogf.d(TAG, "Adding new password to password history for user %d", userHandle);

            final byte[] hashFactor = getHashFactor(password, userHandle);

            final byte[] hashFactor = getHashFactorInternal(password, userHandle);

            final byte[] salt = getSalt(userHandle).getBytes();

            String hash = password.passwordToHistoryHash(salt, hashFactor);

            if (hash == null) {

                // This should never happen, as all information needed to compute the hash should be

                // available.  In particular, unwrapping the SP in getHashFactor() should always

                // succeed, as we're using the LSKF that was just set.

                // available. In particular, unwrapping the SP in getHashFactorInternal() should

                // always succeed, as we're using the LSKF that was just set.

                Slog.e(TAG, "Failed to compute password hash; password history won't be updated");

                return;

            }

    }

    /**

     * Returns a fixed pseudorandom byte string derived from the user's synthetic password.

     * This is used to salt the password history hash to protect the hash against offline

     * bruteforcing, since rederiving this value requires a successful authentication.

     * If user is a profile with unified challenge, currentCredential is ignored.

     * Returns a fixed pseudorandom byte string derived from the user's synthetic password. This is

     * used to salt the password history hash to protect the hash against offline bruteforcing,

     * since rederiving this value requires a successful authentication. If user is a profile with

     * unified challenge, currentCredential is ignored.

     */

    @Override

    public byte[] getHashFactor(LockscreenCredential currentCredential, int userId) {

        checkPasswordReadPermission();

    private byte[] getHashFactorInternal(LockscreenCredential currentCredential, int userId) {

        try {

            Slogf.d(TAG, "Getting password history hash factor for user %d", userId);

            if (isProfileWithUnifiedLock(userId)) {

        }

    }

    @Override

    public byte[] getHashFactor(LockscreenCredential currentCredential, int userId) {

        checkPasswordReadPermission();

        return getHashFactorInternal(currentCredential, userId);

    }

    private long addEscrowToken(@NonNull byte[] token, @TokenType int type, int userId,

            @NonNull EscrowTokenStateChangeCallback callback) {

        Slogf.i(TAG, "Adding escrow token for user %d", userId);