hash pincode

2025-10-05 15:52:47 +02:00 · 2023-03-06 16:56:21 +01:00
parent 8595bd2be8
commit b03e53136c
2 changed files with 30 additions and 4 deletions
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/util/Hash.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/util/Hash.kt
@@ -22,8 +22,15 @@ import java.util.Locale
 /**
 * Compute a Hash of a String, using md5 algorithm.
 */
-fun String.md5() = try {
-    val digest = MessageDigest.getInstance("md5")
+fun String.md5() = hashString("md5")
+
+/**
+ * Compute a Hash of a String, using sha256 algorithm.
+ */
+fun String.sha256() = hashString("SHA-256")
+
+private fun String.hashString(type: String) = try {
+    val digest = MessageDigest.getInstance(type)
    digest.update(toByteArray())
    digest.digest()
            .joinToString("") { String.format("%02X", it) }
--- a/vector/src/main/java/im/vector/app/features/pin/lockscreen/pincode/PinCodeHelper.kt
+++ b/vector/src/main/java/im/vector/app/features/pin/lockscreen/pincode/PinCodeHelper.kt
@@ -16,7 +16,10 @@

 package im.vector.app.features.pin.lockscreen.pincode

+import android.content.SharedPreferences
+import androidx.core.content.edit
 import im.vector.app.features.pin.lockscreen.crypto.LockScreenKeyRepository
+import org.matrix.android.sdk.api.util.sha256
 import javax.inject.Inject

 /**
@@ -25,6 +28,7 @@ import javax.inject.Inject
 class PinCodeHelper @Inject constructor(
        private val lockScreenKeyRepository: LockScreenKeyRepository,
        private val encryptedStorage: EncryptedPinCodeStorage,
+        private val sharedPreferences: SharedPreferences,
 ) {

    /**
@@ -36,8 +40,12 @@ class PinCodeHelper @Inject constructor(
     * Creates a PIN code key if needed and stores the PIN code encrypted with it.
     */
    suspend fun createPinCode(pinCode: String) {
-        val encryptedValue = lockScreenKeyRepository.encryptPinCode(pinCode)
+        val encryptedValue = lockScreenKeyRepository.encryptPinCode(pinCode.sha256())
        encryptedStorage.savePinCode(encryptedValue)
+
+        sharedPreferences.edit {
+            putBoolean(IS_HASHED_PIN_CODE, true)
+        }
    }

    /**
@@ -45,7 +53,14 @@ class PinCodeHelper @Inject constructor(
     */
    suspend fun verifyPinCode(pinCode: String): Boolean {
        val encryptedPinCode = encryptedStorage.getPinCode() ?: return false
-        return lockScreenKeyRepository.decryptPinCode(encryptedPinCode) == pinCode
+        val decryptedPinCode = lockScreenKeyRepository.decryptPinCode(encryptedPinCode)
+
+        return if (!sharedPreferences.getBoolean(IS_HASHED_PIN_CODE, false)) {
+            createPinCode(decryptedPinCode)
+            verifyPinCode(pinCode)
+        } else {
+            decryptedPinCode == pinCode.sha256()
+        }
    }

    /**
@@ -55,4 +70,8 @@ class PinCodeHelper @Inject constructor(
        encryptedStorage.deletePinCode()
        lockScreenKeyRepository.deletePinCodeKey()
    }
+
+    companion object {
+        private const val IS_HASHED_PIN_CODE = "IS_HASHED_PIN_CODE"
+    }
 }