1 files changed, 22 insertions, 4 deletions

diff --git a/crypto/ext4crypt/KeyStorage4.cpp b/crypto/ext4crypt/KeyStorage4.cpp
index cab88a19d..b91d6e46b 100644
--- a/crypto/ext4crypt/KeyStorage4.cpp
+++ b/crypto/ext4crypt/KeyStorage4.cpp
@@ -165,10 +165,28 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k
     std::string key_temp;
     Keymaster keymaster;
     if (!keymaster) return false;
-    if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
-    *key = KeyBuffer(key_temp.size());
-    memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
-    return true;
+
+    //Export once, if upgrade needed, upgrade and export again
+    bool export_again = true;
+    while (export_again) {
+        export_again = false;
+        auto ret = keymaster.exportKey(format, kmKey, "!", "!", &key_temp);
+        if (ret == km::ErrorCode::OK) {
+            *key = KeyBuffer(key_temp.size());
+            memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+            return true;
+        }
+        if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false;
+        LOG(DEBUG) << "Upgrading key";
+        std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size());
+        std::string newKey;
+        if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false;
+        memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size());
+        LOG(INFO) << "Key upgraded";
+        export_again = true;
+    }
+    //Should never come here
+    return false;
 }
 
 static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(