diff options
| author | 2022-07-22 19:01:03 +0000 | |
|---|---|---|
| committer | 2022-07-28 17:18:03 +0000 | |
| commit | bd3558749e71f323e656ad8fedb5ee99155af15b (patch) | |
| tree | 5774b42ae329787cb8a2e26a7488ccb31937b886 /libs/androidfw/StringPool.cpp | |
| parent | e8b1a8986a3ff538fd00aae777fc852abd473b5b (diff) | |
Remove unused and insecure fallback to legacy password history hash
Since users with an LSKF now always have a synthetic password, the
hashFactor needed by passwordToHistoryHash() is always available.
Therefore, new hashes in the password history always use
passwordToHistoryHash(), and the fallback to legacyPasswordToHash() is
unused. Also, since the legacy algorithm can be easily bruteforced,
falling back to it would be a security vulnerability. Therefore, remove
this dangerous and unnecessary code.
To make it clear that hashFactor is always available, also move the call
to updatePasswordHistory() into setLockCredentialWithSpLocked(), where
the SP is available. This makes it so that the SP doesn't need to be
unwrapped by updatePasswordHistory(). This shouldn't have failed
anyway, but this avoids needing to consider this case at all.
For now, legacyPasswordToHash() itself is still needed for checking the
password history on devices that have legacy hashes in their database.
However, remove one of its two overloads that is no longer needed.
Finally, add a couple unit tests, as the password history functionality
didn't have any unit tests.
Test: atest com.android.server.locksettings
Test: atest LockscreenCredentialTest
Change-Id: Ib48f05fba2e63397a89da2c323b60a4641852827
Diffstat (limited to 'libs/androidfw/StringPool.cpp')
0 files changed, 0 insertions, 0 deletions