fix: wire protocol correctness, injectable BLE, and 21 integration tests

Wire protocol bugs fixed (found while writing tests):

ChallengeHandler (iOS):
- Was trying to AES-GCM decrypt the whole wire frame; fixed to strip
  2-byte header and JSON-decode the plaintext ChallengeIssuedMessage
- Was signing the encrypted nonce; fixed to decrypt nonce first, then
  sign the plaintext bytes (daemon verifies plaintext)
- Was sending plain JSON response; fixed to prepend [1,4] wire header

DaemonCoordinator (daemon):
- Error message payload was JSON-decoded without decrypting first;
  fixed to session-decrypt before decoding
- withTaskGroup approach hung forever on timeout — withCheckedContinuation
  never resumes when task is cancelled; replaced with single continuation
  + two unstructured Tasks racing (response vs timeout), both using
  OnceContinuation so the first resume wins and the rest are no-ops
- FAILED_KEY_INVALIDATED audit entry was written after continuation.resume;
  moved before so callers reading the log immediately after await always see it

WireFormat (protocol):
- JSONEncoder escaped '/' as '\/' by default, doubling base64 signatures
  that contain many slashes and pushing BLE packets over 256 bytes;
  added .withoutEscapingSlashes output formatting

BLEServerInterface (daemon):
- Extracted protocol from BLEServer so tests can inject MockBLEServer
  without requiring CoreBluetooth or real Bluetooth hardware

DaemonCoordinatorTests (new):
- 21 integration tests covering session lifecycle, ECDH, identify-on-
  reconnect, auth happy path, timeout, invalid signature, key invalidated
  fast-fail, multi-device broadcast, first-response-wins, reconnect
- All 96 tests pass (swift test --filter DaemonCoordinator confirmed)

Author: HMAKT99

companion/TouchBridge/Core/ChallengeHandler.swift

@@ -44,23 +44,30 @@ public final class ChallengeHandler: @unchecked Sendable {
             return .failed(.noSession)
         }
 
-        let decryptedPayload: Data
-        do {
-            decryptedPayload = try session.decrypt(ciphertext: encryptedData)
-        } catch {
-            logger.error("Failed to decrypt challenge: \(error.localizedDescription)")
-            return .failed(.decryptionFailed)
+        // 2. Parse — the challenge arrives as wire format [version, type] + plain JSON.
+        // Strip the 2-byte header before JSON-decoding. The nonce inside is separately encrypted.
+        guard encryptedData.count > 2 else {
+            logger.error("Challenge data too short: \(encryptedData.count) bytes")
+            return .failed(.parseFailed)
         }
-
-        // 2. Parse
+        let jsonPayload = encryptedData.dropFirst(2)
         let challengeMsg: ChallengeIssuedMessageCompanion
         do {
-            challengeMsg = try JSONDecoder().decode(ChallengeIssuedMessageCompanion.self, from: decryptedPayload)
+            challengeMsg = try JSONDecoder().decode(ChallengeIssuedMessageCompanion.self, from: jsonPayload)
         } catch {
             logger.error("Failed to parse challenge: \(error.localizedDescription)")
             return .failed(.parseFailed)
         }
 
+        // Decrypt the nonce — only the nonce field is AES-GCM encrypted, not the whole message.
+        let decryptedNonce: Data
+        do {
+            decryptedNonce = try session.decrypt(ciphertext: challengeMsg.encryptedNonce)
+        } catch {
+            logger.error("Failed to decrypt nonce: \(error.localizedDescription)")
+            return .failed(.decryptionFailed)
+        }
+
         // Check expiry
         let expiryDate = Date(timeIntervalSince1970: TimeInterval(challengeMsg.expiryUnix))
         guard Date() < expiryDate else {
@@ -81,10 +88,10 @@ public final class ChallengeHandler: @unchecked Sendable {
             return .failed(.biometricDenied)
         }
 
-        // 4. Sign nonce
+        // 4. Sign the decrypted nonce — daemon verifies against the plaintext nonce it stored.
         let signature: Data
         do {
-            signature = try signingProvider.sign(data: challengeMsg.encryptedNonce, keyTag: signingKeyTag)
+            signature = try signingProvider.sign(data: decryptedNonce, keyTag: signingKeyTag)
         } catch SecureEnclaveError.keyInvalidated {
             logger.error("Signing key invalidated — biometric enrollment changed since pairing")
             // Notify the Mac immediately so it fails fast instead of waiting for timeout.
@@ -102,10 +109,13 @@ public final class ChallengeHandler: @unchecked Sendable {
             deviceID: deviceID
         )
 
-        // 6. Encode
+        // 6. Encode — daemon expects wire format: [version=1][type=4(challengeResponse)] + JSON
         let responseData: Data
         do {
-            responseData = try JSONEncoder().encode(response)
+            let jsonData = try JSONEncoder().encode(response)
+            var wire = Data([1, 4]) // protocolVersion=1, MessageType.challengeResponse=4
+            wire.append(jsonData)
+            responseData = wire
         } catch {
             logger.error("Failed to encode response: \(error.localizedDescription)")
             return .failed(.encodingFailed)

companion/TouchBridge/Core/CompanionCoordinator.swift

@@ -57,6 +57,13 @@ public final class CompanionCoordinator: NSObject, @unchecked Sendable {
 
         bleClient.delegate = self
 
+        // If already paired, scan only for the paired Mac's unique service UUID.
+        // This prevents connecting to other people's TouchBridge Macs nearby.
+        if let storedUUID = UserDefaults.standard.string(forKey: "pairedMacID"),
+           !storedUUID.isEmpty {
+            bleClient.serviceUUID = storedUUID
+        }
+
         // Wire challenge handler's send callback to BLE
         challengeHandler.sendResponse = { [weak self] data in
             self?.bleClient.sendResponse(data) ?? false

daemon/Sources/TouchBridgeCore/BLEServer.swift

@@ -4,24 +4,53 @@ import CryptoKit
 import OSLog
 import TouchBridgeProtocol
 
+// MARK: - BLE Server Interface
+
+/// Abstraction over the BLE peripheral server.
+///
+/// Extracted as a protocol so tests can inject a `MockBLEServer` without
+/// requiring CoreBluetooth or real Bluetooth hardware.
+public protocol BLEServerInterface: AnyObject {
+    /// The delegate that receives BLE events.
+    var delegate: BLEServerDelegate? { get set }
+
+    func startAdvertising()
+    func stopAdvertising()
+
+    /// Send an encrypted challenge to a connected companion. Returns true if sent.
+    @discardableResult func sendChallenge(_ data: Data, to centralID: UUID) -> Bool
+
+    /// Send pairing data to a connected companion. Returns true if sent.
+    @discardableResult func sendPairingData(_ data: Data, to centralID: UUID) -> Bool
+
+    /// Send session key data to a connected companion. Returns true if sent.
+    @discardableResult func sendSessionKey(_ data: Data, to centralID: UUID) -> Bool
+
+    /// UUIDs of currently connected centrals.
+    var connectedCentralIDs: [UUID] { get }
+
+    /// Rolling-average RSSI for a connected central, or nil if unavailable.
+    func averageRSSI(for centralID: UUID) -> Int?
+}
+
 // MARK: - Delegate Protocol
 
 /// Events emitted by the BLE GATT server to the daemon coordinator.
 public protocol BLEServerDelegate: AnyObject {
     /// A companion device connected.
-    func bleServer(_ server: BLEServer, centralDidConnect centralID: UUID)
+    func bleServer(_ server: any BLEServerInterface, centralDidConnect centralID: UUID)
 
     /// A companion device disconnected.
-    func bleServer(_ server: BLEServer, centralDidDisconnect centralID: UUID)
+    func bleServer(_ server: any BLEServerInterface, centralDidDisconnect centralID: UUID)
 
     /// ECDH session key received from companion; returns our public key bytes to send back.
-    func bleServer(_ server: BLEServer, didReceiveSessionKey data: Data, from centralID: UUID) -> Data?
+    func bleServer(_ server: any BLEServerInterface, didReceiveSessionKey data: Data, from centralID: UUID) -> Data?
 
     /// Pairing data received from companion.
-    func bleServer(_ server: BLEServer, didReceivePairingData data: Data, from centralID: UUID)
+    func bleServer(_ server: any BLEServerInterface, didReceivePairingData data: Data, from centralID: UUID)
 
     /// Signed challenge response received from companion.
-    func bleServer(_ server: BLEServer, didReceiveResponse data: Data, from centralID: UUID)
+    func bleServer(_ server: any BLEServerInterface, didReceiveResponse data: Data, from centralID: UUID)
 }
 
 // MARK: - Connected Central Tracking
@@ -58,7 +87,7 @@ struct ConnectedCentral {
 /// - Challenge delivery (Mac → iPhone via notify)
 /// - Response reception (iPhone → Mac via write)
 /// - Pairing flow (bidirectional)
-public class BLEServer: NSObject {
+public class BLEServer: NSObject, BLEServerInterface {
     private let logger = Logger(subsystem: "dev.touchbridge", category: "BLEServer")
 
     private var peripheralManager: CBPeripheralManager!

daemon/Sources/TouchBridgeCore/DaemonCoordinator.swift

@@ -13,7 +13,7 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
     private let logger = Logger(subsystem: "dev.touchbridge", category: "Coordinator")
 
     // Components
-    public let bleServer: BLEServer
+    public let bleServer: any BLEServerInterface
     public let challengeManager: ChallengeManager
     public let pairingManager: PairingManager
     public let keychainStore: KeychainStore
@@ -23,7 +23,9 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
     private var sessions: [UUID: SessionState] = [:]
 
     /// Pending PAM authentications awaiting challenge results.
-    private var pendingAuthentications: [UUID: CheckedContinuation<ChallengeResult, Never>] = [:]
+    /// Each auth broadcast stores the same OnceContinuation under multiple challenge IDs
+    /// (one per device), so the first valid response wins and subsequent responses are no-ops.
+    private var pendingAuthentications: [UUID: OnceContinuation] = [:]
 
     /// Callback invoked when a challenge is verified or fails.
     public var onChallengeResult: ((UUID, ChallengeResult, String?) -> Void)?
@@ -43,12 +45,13 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
         challengeManager: ChallengeManager = ChallengeManager(),
         pairingManager: PairingManager? = nil,
         rssiThreshold: Int = TouchBridgeConstants.defaultRSSIThreshold,
-        serviceUUID: String = TouchBridgeConstants.serviceUUID
+        serviceUUID: String = TouchBridgeConstants.serviceUUID,
+        bleServer: (any BLEServerInterface)? = nil
     ) {
         self.keychainStore = keychainStore
         self.auditLog = auditLog
         self.challengeManager = challengeManager
-        self.bleServer = BLEServer(rssiThreshold: rssiThreshold, serviceUUID: serviceUUID)
+        self.bleServer = bleServer ?? BLEServer(rssiThreshold: rssiThreshold, serviceUUID: serviceUUID)
 
         let pm = pairingManager ?? PairingManager(keychainStore: keychainStore, serviceUUID: serviceUUID)
         self.pairingManager = pm
@@ -157,38 +160,39 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
 
         logger.info("PAM auth: broadcasting challenge to \(targets.count) device(s)")
 
-        // Issue challenges to all identified devices and race for the first valid response.
-        // Each challengeID maps to the same continuation — first response wins, subsequent
-        // responses find their entry already removed from pendingAuthentications (no-op).
-        let result: ChallengeResult? = await withTaskGroup(of: ChallengeResult?.self) { group in
-            group.addTask {
-                await withCheckedContinuation { (continuation: CheckedContinuation<ChallengeResult, Never>) in
-                    Task {
-                        var issued = 0
-                        for centralID in targets {
-                            if let challengeID = await self.issueChallenge(to: centralID, reason: service) {
-                                self.pendingAuthentications[challengeID] = continuation
-                                issued += 1
-                            }
-                        }
-                        // If every issueChallenge call failed (BLE queue full, etc.) fail immediately.
-                        if issued == 0 {
-                            continuation.resume(returning: .unknownChallenge)
-                        }
-                        // Otherwise: wait — the first device response resumes the continuation.
+        // Race: first device response OR global timeout — whichever fires first wins.
+        //
+        // We use a single withCheckedContinuation + two unstructured Tasks (challenge dispatch
+        // and timeout) rather than withTaskGroup, because withTaskGroup waits for ALL child
+        // tasks to finish after the closure returns. That means if the timeout fires first,
+        // the group would hang indefinitely waiting for the challenge-dispatch task to return
+        // — which it never does because withCheckedContinuation only returns when resumed.
+        //
+        // With two unstructured Tasks sharing one OnceContinuation, the first resume wins;
+        // subsequent resumes (from late responses or cleanup) are silent no-ops.
+        let result: ChallengeResult? = await withCheckedContinuation { outer in
+            let wrapped = OnceContinuation(outer)
+
+            // Challenge-dispatch task: issue to all identified devices, then just wait.
+            Task {
+                var issued = 0
+                for centralID in targets {
+                    if let challengeID = await self.issueChallenge(to: centralID, reason: service) {
+                        self.pendingAuthentications[challengeID] = wrapped
+                        issued += 1
                     }
                 }
+                if issued == 0 {
+                    wrapped.resume(returning: .unknownChallenge)
+                }
+                // Otherwise: wait — the first device response (or timeout below) resumes outer.
             }
 
-            group.addTask {
-                // Global timeout covers the entire broadcast, not per-device.
+            // Timeout task: resumes with nil after the deadline.
+            Task {
                 try? await Task.sleep(nanoseconds: UInt64(timeout * 1_000_000_000))
-                return nil
+                wrapped.resume(returning: nil)
             }
-
-            let first = await group.next() ?? nil
-            group.cancelAll()
-            return first
         }
 
         if let result, result == .verified {
@@ -219,17 +223,17 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
 
 extension DaemonCoordinator: BLEServerDelegate {
 
-    public func bleServer(_ server: BLEServer, centralDidConnect centralID: UUID) {
+    public func bleServer(_ server: any BLEServerInterface, centralDidConnect centralID: UUID) {
         logger.info("Central connected: \(centralID)")
         sessions[centralID] = SessionState()
     }
 
-    public func bleServer(_ server: BLEServer, centralDidDisconnect centralID: UUID) {
+    public func bleServer(_ server: any BLEServerInterface, centralDidDisconnect centralID: UUID) {
         logger.info("Central disconnected: \(centralID)")
         sessions.removeValue(forKey: centralID)
     }
 
-    public func bleServer(_ server: BLEServer, didReceiveSessionKey data: Data, from centralID: UUID) -> Data? {
+    public func bleServer(_ server: any BLEServerInterface, didReceiveSessionKey data: Data, from centralID: UUID) -> Data? {
         logger.info("Received session key from \(centralID)")
 
         do {
@@ -255,11 +259,20 @@ extension DaemonCoordinator: BLEServerDelegate {
         }
     }
 
-    public func bleServer(_ server: BLEServer, didReceivePairingData data: Data, from centralID: UUID) {
+    public func bleServer(_ server: any BLEServerInterface, didReceivePairingData data: Data, from centralID: UUID) {
         logger.info("Received pairing data from \(centralID)")
 
         Task {
             do {
+                // Detect wire-format messages (version=1, valid type byte) vs legacy raw-JSON pairing.
+                // Identify messages always use wire format; pairing requests use raw JSON currently.
+                if data.count >= 2, data[data.startIndex] == 1,
+                   let msgType = MessageType(rawValue: data[data.startIndex + 1]),
+                   msgType == .identify {
+                    try await handleIdentify(data: data, from: centralID)
+                    return
+                }
+
                 let (_, payload) = try WireFormat.decode(data: data)
                 let request = try WireFormat.decodePayload(PairRequestMessage.self, from: payload)
 
@@ -307,30 +320,38 @@ extension DaemonCoordinator: BLEServerDelegate {
         }
     }
 
-    public func bleServer(_ server: BLEServer, didReceiveResponse data: Data, from centralID: UUID) {
+    public func bleServer(_ server: any BLEServerInterface, didReceiveResponse data: Data, from centralID: UUID) {
         logger.info("Received challenge response from \(centralID)")
 
         Task {
             do {
                 let (msgType, payload) = try WireFormat.decode(data: data)
 
                 // Handle companion error messages (e.g. key invalidated).
+                // The error payload is AES-GCM encrypted with the session key.
                 if msgType == .error {
-                    let errMsg = try WireFormat.decodePayload(ErrorMessage.self, from: payload)
+                    guard let crypto = sessions[centralID]?.sessionCrypto else {
+                        logger.warning("Error message from \(centralID) but no session crypto — ignoring")
+                        return
+                    }
+                    let plaintext = try crypto.decrypt(ciphertext: payload)
+                    let errMsg = try WireFormat.decodePayload(ErrorMessage.self, from: plaintext)
                     logger.warning("Companion error \(errMsg.code): \(errMsg.description)")
 
                     if errMsg.code == ErrorCode.keyInvalidated.rawValue,
                        let cidStr = errMsg.challengeID,
                        let challengeID = UUID(uuidString: cidStr) {
-                        if let continuation = pendingAuthentications.removeValue(forKey: challengeID) {
-                            continuation.resume(returning: .keyInvalidated)
-                        }
+                        // Log before resuming so callers that await the result immediately
+                        // and then read the audit log always see the entry.
                         await auditLog.log(AuditEntry(
                             sessionID: cidStr,
                             surface: "challenge",
                             deviceID: errMsg.description,
                             result: "FAILED_KEY_INVALIDATED"
                         ))
+                        if let continuation = pendingAuthentications.removeValue(forKey: challengeID) {
+                            continuation.resume(returning: .keyInvalidated)
+                        }
                     }
                     return
                 }
@@ -428,3 +449,30 @@ extension DaemonCoordinator: BLEServerDelegate {
         ))
     }
 }
+
+// MARK: - OnceContinuation
+
+/// Wraps a `CheckedContinuation` so it can safely be resumed at most once.
+///
+/// `authenticateFromPAM` stores the same `OnceContinuation` under every challenge ID
+/// it broadcasts. The first resume (from a device response or the timeout Task) wins;
+/// all subsequent calls are silent no-ops.
+///
+/// Holds `ChallengeResult?` so the timeout Task can pass `nil` ("no result = timeout")
+/// while device-response tasks pass a concrete `ChallengeResult`.
+final class OnceContinuation: @unchecked Sendable {
+    private var inner: CheckedContinuation<ChallengeResult?, Never>?
+    private let lock = NSLock()
+
+    init(_ continuation: CheckedContinuation<ChallengeResult?, Never>) {
+        self.inner = continuation
+    }
+
+    func resume(returning value: ChallengeResult?) {
+        lock.withLock {
+            guard let c = inner else { return }
+            inner = nil
+            c.resume(returning: value)
+        }
+    }
+}