diff options
author | Narayan Kamath <narayan@google.com> | 2014-12-17 13:39:32 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2014-12-17 13:39:32 +0000 |
commit | 681e6df1221ca7671f574d368d428f62184448b0 (patch) | |
tree | 4ec08ed81bd569fdf60b5550a8c21fe3cc72f5bc /core/java/com/android/internal/widget/LockPatternUtils.java | |
parent | 68a81bd8817e997cace3bedf8a013d2cdaff9daa (diff) | |
parent | 6d41504d2c2111a55a4c06dd6b183318efd7c598 (diff) | |
download | frameworks_base-681e6df1221ca7671f574d368d428f62184448b0.zip frameworks_base-681e6df1221ca7671f574d368d428f62184448b0.tar.gz frameworks_base-681e6df1221ca7671f574d368d428f62184448b0.tar.bz2 |
am 6d41504d: Merge "Move frameworks users over to libcore hex encoding API."
* commit '6d41504d2c2111a55a4c06dd6b183318efd7c598':
Move frameworks users over to libcore hex encoding API.
Diffstat (limited to 'core/java/com/android/internal/widget/LockPatternUtils.java')
-rw-r--r-- | core/java/com/android/internal/widget/LockPatternUtils.java | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index d6885da..3326e42 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -48,6 +48,9 @@ import android.widget.Button; import com.android.internal.R; import com.google.android.collect.Lists; +import java.io.ByteArrayOutputStream; +import java.nio.charset.StandardCharsets; +import libcore.util.HexEncoding; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -359,7 +362,7 @@ public class LockPatternUtils { */ public boolean checkPasswordHistory(String password) { String passwordHashString = new String( - passwordToHash(password, getCurrentOrCallingUserId())); + passwordToHash(password, getCurrentOrCallingUserId()), StandardCharsets.UTF_8); String passwordHistory = getString(PASSWORD_HISTORY_KEY); if (passwordHistory == null) { return false; @@ -860,7 +863,7 @@ public class LockPatternUtils { passwordHistory = ""; } else { byte[] hash = passwordToHash(password, userHandle); - passwordHistory = new String(hash) + "," + passwordHistory; + passwordHistory = new String(hash, StandardCharsets.UTF_8) + "," + passwordHistory; // Cut it to contain passwordHistoryLength hashes // and passwordHistoryLength -1 commas. passwordHistory = passwordHistory.substring(0, Math.min(hash.length @@ -1040,34 +1043,30 @@ public class LockPatternUtils { * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash. * Not the most secure, but it is at least a second level of protection. First level is that * the file is in a location only readable by the system process. + * * @param password the gesture pattern. + * * @return the hash of the pattern in a byte array. */ public byte[] passwordToHash(String password, int userId) { if (password == null) { return null; } - String algo = null; - byte[] hashed = null; + try { byte[] saltedPassword = (password + getSalt(userId)).getBytes(); - byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); - byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); - hashed = (toHex(sha1) + toHex(md5)).getBytes(); - } catch (NoSuchAlgorithmException e) { - Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo); - } - return hashed; - } + byte[] sha1 = MessageDigest.getInstance("SHA-1").digest(saltedPassword); + byte[] md5 = MessageDigest.getInstance("MD5").digest(saltedPassword); - private static String toHex(byte[] ary) { - final String hex = "0123456789ABCDEF"; - String ret = ""; - for (int i = 0; i < ary.length; i++) { - ret += hex.charAt((ary[i] >> 4) & 0xf); - ret += hex.charAt(ary[i] & 0xf); + byte[] combined = new byte[sha1.length + md5.length]; + System.arraycopy(sha1, 0, combined, 0, sha1.length); + System.arraycopy(md5, 0, combined, sha1.length, md5.length); + + final char[] hexEncoded = HexEncoding.encode(combined); + return new String(hexEncoded).getBytes(StandardCharsets.UTF_8); + } catch (NoSuchAlgorithmException e) { + throw new AssertionError("Missing digest algorithm: ", e); } - return ret; } /** |