Merge pull request #18 from HMAKT99/feature/multi-device-support

feat: multi-device support — unique service UUID, identify-on-reconnect, broadcast challenge

Author: HMAKT99

companion/TouchBridge/Core/BLEClient.swift

@@ -82,6 +82,11 @@ public class BLEClient: NSObject {
     /// The connected peripheral's UUID, if any.
     public var connectedPeripheralID: UUID? { connectedPeripheral?.identifier }
 
+    /// The BLE service UUID to scan for and connect to.
+    /// Set to the paired Mac's unique service UUID after pairing.
+    /// Defaults to the shared protocol UUID (used only during initial discovery).
+    public var serviceUUID: String = TouchBridgeConstants.serviceUUID
+
     public override init() {
         super.init()
         self.centralManager = CBCentralManager(
@@ -102,9 +107,9 @@ public class BLEClient: NSObject {
             return
         }
 
-        let serviceUUID = CBUUID(string: TouchBridgeConstants.serviceUUID)
+        let targetUUID = CBUUID(string: serviceUUID)
         centralManager.scanForPeripherals(
-            withServices: [serviceUUID],
+            withServices: [targetUUID],
             options: [CBCentralManagerScanOptionAllowDuplicatesKey: true]
         )
         isScanning = true
@@ -188,7 +193,7 @@ public class BLEClient: NSObject {
 
     private func discoverServices(for peripheral: CBPeripheral) {
         peripheral.delegate = self
-        peripheral.discoverServices([CBUUID(string: TouchBridgeConstants.serviceUUID)])
+        peripheral.discoverServices([CBUUID(string: serviceUUID)])
     }
 
     private func subscribeToNotifications(for peripheral: CBPeripheral) {
@@ -316,7 +321,7 @@ extension BLEClient: CBPeripheralDelegate {
         }
 
         guard let services = peripheral.services else { return }
-        let targetUUID = CBUUID(string: TouchBridgeConstants.serviceUUID)
+        let targetUUID = CBUUID(string: serviceUUID)
 
         for service in services where service.uuid == targetUUID {
             peripheral.discoverCharacteristics(nil, for: service)

companion/TouchBridge/Core/CompanionCoordinator.swift

@@ -149,11 +149,45 @@ public final class CompanionCoordinator: NSObject, @unchecked Sendable {
             challengeHandler.sessionCrypto = crypto
 
             logger.info("ECDH session established with Mac")
+
+            // Immediately identify ourselves to the daemon.
+            // This allows the Mac to recognise us as a previously-paired device
+            // without going through the full pairing ceremony again.
+            sendIdentify(using: crypto)
         } catch {
             logger.error("ECDH failed: \(error.localizedDescription)")
         }
     }
 
+    /// Send an encrypted identify message to the Mac after ECDH.
+    ///
+    /// Wire format: [version=1][type=6(identify)] + AES-GCM encrypted JSON
+    /// The Mac decrypts it, looks up deviceID in the keychain, and marks
+    /// this session as identified so it can receive challenges.
+    private func sendIdentify(using crypto: SessionCryptoWrapper) {
+        struct IdentifyPayload: Codable {
+            let deviceID: String
+            let deviceName: String
+        }
+
+        do {
+            let payload = IdentifyPayload(
+                deviceID: deviceID,
+                deviceName: UIDevice.current.name
+            )
+            let plaintext = try JSONEncoder().encode(payload)
+            let encrypted = try crypto.encrypt(plaintext: plaintext)
+
+            var wireData = Data([1, 6]) // version=1, type=identify(6)
+            wireData.append(encrypted)
+
+            _ = bleClient.sendPairingData(wireData)
+            logger.info("Sent identify for device \(self.deviceID)")
+        } catch {
+            logger.error("Failed to send identify: \(error.localizedDescription)")
+        }
+    }
+
     // MARK: - Pairing
 
     /// Send pairing request to Mac with our signing public key.
@@ -243,6 +277,11 @@ extension CompanionCoordinator: BLEClientDelegate {
             // Store pairing info
             UserDefaults.standard.set(macID, forKey: "pairedMacID")
 
+            // Lock future BLE scans to this Mac's unique service UUID.
+            // Without this, the app would scan for the generic protocol UUID
+            // and connect to any TouchBridge Mac nearby (other people's Macs).
+            bleClient.serviceUUID = macID
+
             DispatchQueue.main.async {
                 self.onPairingComplete?(macID)
             }

daemon/Sources/TouchBridgeCore/BLEServer.swift

@@ -76,6 +76,9 @@ public class BLEServer: NSObject {
     // RSSI proximity gate
     private let rssiThreshold: Int
 
+    // Per-Mac unique service UUID
+    private let serviceUUID: String
+
     public weak var delegate: BLEServerDelegate?
 
     /// Whether the peripheral manager is powered on and ready.
@@ -84,8 +87,12 @@ public class BLEServer: NSObject {
     /// Whether we are currently advertising.
     public private(set) var isAdvertising: Bool = false
 
-    public init(rssiThreshold: Int = TouchBridgeConstants.defaultRSSIThreshold) {
+    public init(
+        rssiThreshold: Int = TouchBridgeConstants.defaultRSSIThreshold,
+        serviceUUID: String = TouchBridgeConstants.serviceUUID
+    ) {
         self.rssiThreshold = rssiThreshold
+        self.serviceUUID = serviceUUID
         super.init()
         self.peripheralManager = CBPeripheralManager(delegate: self, queue: nil)
     }
@@ -100,7 +107,7 @@ public class BLEServer: NSObject {
         }
 
         peripheralManager.startAdvertising([
-            CBAdvertisementDataServiceUUIDsKey: [CBUUID(string: TouchBridgeConstants.serviceUUID)],
+            CBAdvertisementDataServiceUUIDsKey: [CBUUID(string: serviceUUID)],
             CBAdvertisementDataLocalNameKey: "TouchBridge",
         ])
         isAdvertising = true
@@ -181,7 +188,7 @@ public class BLEServer: NSObject {
     // MARK: - Private
 
     private func buildService() {
-        let serviceUUID = CBUUID(string: TouchBridgeConstants.serviceUUID)
+        let serviceUUID = CBUUID(string: self.serviceUUID)
 
         // Session key exchange: writable by central + notifiable
         sessionKeyChar = CBMutableCharacteristic(

daemon/Sources/TouchBridgeCore/DaemonConfig.swift

@@ -0,0 +1,59 @@
+import Foundation
+import OSLog
+
+/// Persistent daemon configuration stored in
+/// `~/Library/Application Support/TouchBridge/config.json`.
+///
+/// The most important field is `serviceUUID` — a UUID generated once at first run
+/// and never changed. This UUID is unique to this Mac and is used as the BLE
+/// service UUID, ensuring that only phones paired with *this* Mac connect to it.
+/// Without a unique service UUID every TouchBridge phone in the area would
+/// connect to every TouchBridge Mac (they all share the same protocol-level UUID).
+public struct DaemonConfig: Sendable {
+    /// BLE service UUID unique to this Mac.
+    public let serviceUUID: String
+
+    private static let logger = Logger(subsystem: "dev.touchbridge", category: "DaemonConfig")
+    private static let filename = "config.json"
+
+    private struct Stored: Codable {
+        let serviceUUID: String
+    }
+
+    /// Load existing config or create a new one with a fresh service UUID.
+    /// Always succeeds — falls back to the shared constant if the config
+    /// directory is somehow unwritable (e.g. sandboxed test environment).
+    public static func load() -> DaemonConfig {
+        let home = FileManager.default.homeDirectoryForCurrentUser.path
+        let dir = "\(home)/Library/Application Support/TouchBridge"
+        let path = "\(dir)/\(filename)"
+
+        if let data = FileManager.default.contents(atPath: path),
+           let stored = try? JSONDecoder().decode(Stored.self, from: data),
+           !stored.serviceUUID.isEmpty {
+            logger.info("Loaded service UUID: \(stored.serviceUUID)")
+            return DaemonConfig(serviceUUID: stored.serviceUUID)
+        }
+
+        let newUUID = UUID().uuidString
+        logger.info("Generating new service UUID: \(newUUID)")
+
+        do {
+            try FileManager.default.createDirectory(
+                atPath: dir, withIntermediateDirectories: true, attributes: nil
+            )
+            let data = try JSONEncoder().encode(Stored(serviceUUID: newUUID))
+            FileManager.default.createFile(atPath: path, contents: data, attributes: [
+                .posixPermissions: 0o600
+            ])
+        } catch {
+            logger.error("Failed to persist config: \(error.localizedDescription) — using ephemeral UUID")
+        }
+
+        return DaemonConfig(serviceUUID: newUUID)
+    }
+
+    private init(serviceUUID: String) {
+        self.serviceUUID = serviceUUID
+    }
+}

daemon/Sources/TouchBridgeCore/DaemonCoordinator.swift

@@ -42,14 +42,15 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
         auditLog: AuditLog = AuditLog(),
         challengeManager: ChallengeManager = ChallengeManager(),
         pairingManager: PairingManager? = nil,
-        rssiThreshold: Int = TouchBridgeConstants.defaultRSSIThreshold
+        rssiThreshold: Int = TouchBridgeConstants.defaultRSSIThreshold,
+        serviceUUID: String = TouchBridgeConstants.serviceUUID
     ) {
         self.keychainStore = keychainStore
         self.auditLog = auditLog
         self.challengeManager = challengeManager
-        self.bleServer = BLEServer(rssiThreshold: rssiThreshold)
+        self.bleServer = BLEServer(rssiThreshold: rssiThreshold, serviceUUID: serviceUUID)
 
-        let pm = pairingManager ?? PairingManager(keychainStore: keychainStore)
+        let pm = pairingManager ?? PairingManager(keychainStore: keychainStore, serviceUUID: serviceUUID)
         self.pairingManager = pm
 
         super.init()
@@ -126,18 +127,24 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
         }
     }
 
-    /// Authenticate a PAM request by issuing a challenge to a connected companion.
+    /// Authenticate a PAM request by issuing challenges to all identified companion devices.
     ///
     /// Called by `SocketServer` when a PAM module connects.
-    /// Blocks (async) until the companion responds or the timeout expires.
+    /// Broadcasts to every connected, paired device simultaneously.
+    /// The first valid response wins — other challenges expire naturally.
+    /// Blocks until a response arrives or the timeout expires.
     public func authenticateFromPAM(
         user: String,
         service: String,
         pid: Int,
         timeout: TimeInterval
     ) async -> (success: Bool, reason: String?) {
-        guard let centralID = readyCentrals.first else {
-            logger.warning("PAM auth: no companion connected")
+        // Only challenge sessions that have completed ECDH AND identified as a known paired device.
+        // Unknown/anonymous centrals (e.g. stranger's phone that happens to be nearby) are excluded.
+        let targets = readyCentrals.filter { sessions[$0]?.deviceID != nil }
+
+        guard !targets.isEmpty else {
+            logger.warning("PAM auth: no identified companion connected (ready=\(self.readyCentrals.count))")
             await auditLog.log(AuditEntry(
                 sessionID: UUID().uuidString,
                 surface: "pam_\(service)",
@@ -148,28 +155,37 @@ public final class DaemonCoordinator: NSObject, PAMAuthHandler, @unchecked Senda
             return (false, "no_companion_connected")
         }
 
-        // Issue challenge and await result with timeout
+        logger.info("PAM auth: broadcasting challenge to \(targets.count) device(s)")
+
+        // Issue challenges to all identified devices and race for the first valid response.
+        // Each challengeID maps to the same continuation — first response wins, subsequent
+        // responses find their entry already removed from pendingAuthentications (no-op).
         let result: ChallengeResult? = await withTaskGroup(of: ChallengeResult?.self) { group in
             group.addTask {
-                // Issue challenge and wait for BLE response
                 await withCheckedContinuation { (continuation: CheckedContinuation<ChallengeResult, Never>) in
                     Task {
-                        guard let challengeID = await self.issueChallenge(to: centralID, reason: service) else {
+                        var issued = 0
+                        for centralID in targets {
+                            if let challengeID = await self.issueChallenge(to: centralID, reason: service) {
+                                self.pendingAuthentications[challengeID] = continuation
+                                issued += 1
+                            }
+                        }
+                        // If every issueChallenge call failed (BLE queue full, etc.) fail immediately.
+                        if issued == 0 {
                             continuation.resume(returning: .unknownChallenge)
-                            return
                         }
-                        self.pendingAuthentications[challengeID] = continuation
+                        // Otherwise: wait — the first device response resumes the continuation.
                     }
                 }
             }
 
             group.addTask {
-                // Timeout
+                // Global timeout covers the entire broadcast, not per-device.
                 try? await Task.sleep(nanoseconds: UInt64(timeout * 1_000_000_000))
                 return nil
             }
 
-            // Return whichever finishes first
             let first = await group.next() ?? nil
             group.cancelAll()
             return first
@@ -370,4 +386,45 @@ extension DaemonCoordinator: BLEServerDelegate {
             }
         }
     }
+
+    // MARK: - Identify
+
+    /// Handle an encrypted identify message from a reconnecting companion.
+    ///
+    /// A previously-paired device sends this after ECDH to tell the daemon its deviceID
+    /// without going through a full pairing ceremony. The daemon looks up the deviceID in
+    /// the keychain and, if found, marks the session as identified so it can receive challenges.
+    private func handleIdentify(data: Data, from centralID: UUID) async throws {
+        guard let session = sessions[centralID],
+              let crypto = session.sessionCrypto else {
+            logger.warning("Identify from \(centralID): no session crypto — ignoring")
+            return
+        }
+
+        // Strip the 2-byte wire header, then decrypt.
+        let encryptedPayload = data.dropFirst(2)
+        let plaintext = try crypto.decrypt(ciphertext: Data(encryptedPayload))
+
+        // The payload is a JSON object with deviceID and deviceName.
+        // We use a local struct to avoid importing TouchBridgeProtocol's IdentifyMessage
+        // (which is fine here since we're in the daemon — same package as DaemonCoordinator).
+        let msg = try WireFormat.decodePayload(IdentifyMessage.self, from: plaintext)
+
+        // Verify this device is actually in the keychain (was paired at some point).
+        guard (try? keychainStore.retrievePairedDevice(deviceID: msg.deviceID)) != nil else {
+            logger.warning("Identify from \(centralID): unknown deviceID \(msg.deviceID) — ignoring")
+            return
+        }
+
+        sessions[centralID]?.deviceID = msg.deviceID
+        logger.info("Identified \(msg.deviceName) (\(msg.deviceID)) on central \(centralID)")
+
+        await auditLog.log(AuditEntry(
+            sessionID: centralID.uuidString,
+            surface: "identify",
+            companionDevice: msg.deviceName,
+            deviceID: msg.deviceID,
+            result: "IDENTIFIED"
+        ))
+    }
 }

daemon/Sources/TouchBridgeCore/PairingManager.swift

@@ -31,6 +31,7 @@ public actor PairingManager {
 
     private let keychainStore: KeychainStore
     private let macName: String
+    private let serviceUUID: String
     private let tokenExpiry: TimeInterval
 
     /// Active pairing token and its creation time.
@@ -39,10 +40,12 @@ public actor PairingManager {
     public init(
         keychainStore: KeychainStore,
         macName: String? = nil,
+        serviceUUID: String = TouchBridgeConstants.serviceUUID,
         tokenExpiry: TimeInterval = 300 // 5 minutes
     ) {
         self.keychainStore = keychainStore
         self.macName = macName ?? Host.current().localizedName ?? "Mac"
+        self.serviceUUID = serviceUUID
         self.tokenExpiry = tokenExpiry
     }
 
@@ -61,7 +64,7 @@ public actor PairingManager {
         activePairing = (token: token, createdAt: Date())
 
         let payload = PairingPayload(
-            serviceUUID: TouchBridgeConstants.serviceUUID,
+            serviceUUID: serviceUUID,
             pairingToken: token,
             macName: macName
         )

daemon/Sources/touchbridged/main.swift

@@ -121,8 +121,9 @@ struct Serve: ParsableCommand {
     private func runNormalMode() throws {
         print("touchbridged v1.0.0 starting...")
 
+        let config = DaemonConfig.load()
         let policyEngine = PolicyEngine()
-        let coordinator = DaemonCoordinator(rssiThreshold: rssiThreshold)
+        let coordinator = DaemonCoordinator(rssiThreshold: rssiThreshold, serviceUUID: config.serviceUUID)
 
         // Proximity auto-lock
         var proximityMonitor: ProximityMonitor?