3 files changed, 28 insertions, 3 deletions

diff --git a/Keymaster.cpp b/Keymaster.cpp
index eb70b1c..b991418 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -260,7 +260,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
                                              const uint8_t* object,
                                              const size_t object_size,
                                              uint8_t** signature_buffer,
-                                             size_t* signature_buffer_size)
+                                             size_t* signature_buffer_size,
+                                             uint8_t* key_buffer,
+                                             uint32_t key_buffer_size,
+                                             uint32_t* key_out_size)
 {
     Keymaster dev;
     if (!dev) {
@@ -287,6 +290,24 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
         if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
             sleep(ratelimit);
             continue;
+        } else if (op.errorCode() == ErrorCode::KEY_REQUIRES_UPGRADE) {
+            std::string newKey;
+            bool ret = dev.upgradeKey(key, paramBuilder, &newKey);
+            if(ret == false) {
+                LOG(ERROR) << "Error upgradeKey: ";
+                return -1;
+            }
+
+            if (key_out_size) {
+                *key_out_size = newKey.size();
+            }
+
+            if (key_buffer_size < newKey.size()) {
+                return -1;
+            }
+
+            std::copy(newKey.data(), newKey.data() + newKey.size(), key_buffer);
+            key = newKey;
         } else break;
     }
 
diff --git a/Keymaster.h b/Keymaster.h
index f4a30ae..fccf257 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -173,7 +173,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
                                              const uint8_t* object,
                                              const size_t object_size,
                                              uint8_t** signature_buffer,
-                                             size_t* signature_buffer_size);
+                                             size_t* signature_buffer_size,
+                                             uint8_t* key_buffer,
+                                             uint32_t key_buffer_size,
+                                             uint32_t* key_out_size);
 
 __END_DECLS
 
diff --git a/cryptfs.cpp b/cryptfs.cpp
index 313cde2..e2bafc5 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -329,7 +329,8 @@ static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
             return -1;
     }
     return keymaster_sign_object_for_cryptfs_scrypt(ftr->keymaster_blob, ftr->keymaster_blob_size,
-            KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size);
+            KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size,
+            ftr->keymaster_blob, KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size);
 #endif
 }