1 files changed, 25 insertions, 12 deletions

diff --git a/services/companion/java/com/android/server/companion/securechannel/SecureChannel.java b/services/companion/java/com/android/server/companion/securechannel/SecureChannel.java
index 6c7c9b3e073d..4c62c0deb2df 100644
--- a/services/companion/java/com/android/server/companion/securechannel/SecureChannel.java
+++ b/services/companion/java/com/android/server/companion/securechannel/SecureChannel.java
@@ -73,6 +73,8 @@ public class SecureChannel {
     private int mVerificationResult = FLAG_FAILURE_UNKNOWN;
     private boolean mPskVerified;
 
+    private final Object mHandshakeLock = new Object();
+
 
     /**
      * Create a new secure channel object. This secure channel allows secure messages to be
@@ -342,20 +344,22 @@ public class SecureChannel {
     }
 
     private void initiateHandshake() throws IOException, BadHandleException , HandshakeException {
-        if (mConnectionContext != null) {
-            Slog.d(TAG, "Ukey2 handshake is already completed.");
-            return;
-        }
+        synchronized (mHandshakeLock) {
+            if (mConnectionContext != null) {
+                Slog.d(TAG, "Ukey2 handshake is already completed.");
+                return;
+            }
 
-        mRole = Role.INITIATOR;
-        mHandshakeContext = D2DHandshakeContext.forInitiator();
-        mClientInit = mHandshakeContext.getNextHandshakeMessage();
+            mRole = Role.INITIATOR;
+            mHandshakeContext = D2DHandshakeContext.forInitiator();
+            mClientInit = mHandshakeContext.getNextHandshakeMessage();
 
-        // Send Client Init
-        if (DEBUG) {
-            Slog.d(TAG, "Sending Ukey2 Client Init message");
+            // Send Client Init
+            if (DEBUG) {
+                Slog.d(TAG, "Sending Ukey2 Client Init message");
+            }
+            sendMessage(MessageType.HANDSHAKE_INIT, constructHandshakeInitMessage(mClientInit));
         }
-        sendMessage(MessageType.HANDSHAKE_INIT, constructHandshakeInitMessage(mClientInit));
     }
 
     // In an occasion where both participants try to initiate a handshake, resolve the conflict
@@ -414,8 +418,17 @@ public class SecureChannel {
         // Mark "in-progress" upon receiving the first message
         mInProgress = true;
 
+        // Complete a series of handshake exchange and processing
+        synchronized (mHandshakeLock) {
+            completeHandshake(handshakeInitMessage);
+        }
+    }
+
+    private void completeHandshake(byte[] initMessage) throws IOException, HandshakeException,
+            BadHandleException, CryptoException, AlertException {
+
         // Handle a potential collision where both devices tried to initiate a connection
-        byte[] handshakeMessage = handleHandshakeCollision(handshakeInitMessage);
+        byte[] handshakeMessage = handleHandshakeCollision(initMessage);
 
         // Proceed with the rest of Ukey2 handshake
         if (mHandshakeContext == null) { // Server-side logic