feat: Add biometric security demo component and integrate biometric storage options

- Introduced `BiometricSecurityDemo` component for demonstrating biometric storage and retrieval.
- Updated `App.tsx` to include the new biometric security demo component.
- Enhanced iOS `SensitiveInfo` implementation to support biometric and StrongBox security levels.
- Updated `SensitiveInfo.nitro.ts` to define new security levels and options for biometric authentication.
- Created `useSensitiveInfo` hook to manage sensitive data with biometric capabilities.
- Implemented utility functions for biometric authentication in `BiometricAuthenticator.ts`.
- Updated existing storage methods to accept security level options.
- Added comprehensive error handling and user feedback for biometric operations.

Author: mCodex

android/build.gradle

@@ -128,5 +128,9 @@ dependencies {
 
   // Secure storage support
   implementation "androidx.security:security-crypto:1.0.0"
+  
+  // Biometric authentication support
+  implementation "androidx.biometric:biometric:1.1.0"
+  implementation "androidx.fragment:fragment-ktx:1.6.2"
 }
 

android/src/main/java/com/margelo/nitro/sensitiveinfo/SensitiveInfo.kt

@@ -2,16 +2,21 @@ package com.margelo.nitro.sensitiveinfo
 
 import android.content.Context
 import android.os.Build
+import android.security.keystore.KeyGenParameterSpec
+import android.security.keystore.KeyProperties
+import androidx.biometric.BiometricManager
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKeys
 import com.facebook.proguard.annotations.DoNotStrip
 import com.margelo.nitro.core.Promise
 import com.margelo.nitro.NitroModules
-import com.margelo.nitro.sensitiveinfo.HybridSensitiveInfoSpec
+import java.security.KeyStore
+import javax.crypto.KeyGenerator
 
 /**
- * Secure storage implementation using AndroidX EncryptedSharedPreferences.
- * Uses StrongBox if available (API 28+), otherwise falls back to Android Keystore.
+ * Secure storage implementation with multiple security levels.
+ * Uses AndroidX EncryptedSharedPreferences with StrongBox when available.
+ * Note: Biometric authentication must be handled at the JavaScript layer.
  */
 @DoNotStrip
 class SensitiveInfo : HybridSensitiveInfoSpec() {
@@ -20,41 +25,152 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
     get() = NitroModules.applicationContext
       ?: throw IllegalStateException("ReactApplicationContext is null")
 
-  // Initialize EncryptedSharedPreferences with StrongBox when possible
-  private val prefs by lazy {
+  companion object {
+    private const val STRONGBOX_KEYSTORE_ALIAS = "SensitiveInfoStrongBoxKey"
+  }
+
+  // Standard EncryptedSharedPreferences
+  private val standardPrefs by lazy {
     val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
 
     EncryptedSharedPreferences.create(
-      "react_native_sensitive_info",
+      "react_native_sensitive_info_standard",
       masterKeyAlias,
       context,
       EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
       EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
     )
   }
 
+  // StrongBox EncryptedSharedPreferences (API 28+)
+  private val strongBoxPrefs by lazy {
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P && isStrongBoxAvailableInternal()) {
+      try {
+        val masterKeyAlias = MasterKeys.getOrCreate(
+          KeyGenParameterSpec.Builder(
+            STRONGBOX_KEYSTORE_ALIAS,
+            KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
+          )
+            .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+            .setKeySize(256)
+            .setIsStrongBoxBacked(true)
+            .build()
+        )
+
+        EncryptedSharedPreferences.create(
+          "react_native_sensitive_info_strongbox",
+          masterKeyAlias,
+          context,
+          EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+          EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+        )
+      } catch (e: Exception) {
+        // Fallback to standard if StrongBox fails
+        standardPrefs
+      }
+    } else {
+      standardPrefs
+    }
+  }
+
+  // Biometric storage uses standard encryption but requires JS-level authentication
+  private val biometricPrefs by lazy {
+    val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
+
+    EncryptedSharedPreferences.create(
+      "react_native_sensitive_info_biometric",
+      masterKeyAlias,
+      context,
+      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+    )
+  }
+
+  private fun getPreferencesForSecurityLevel(securityLevel: SecurityLevel?): android.content.SharedPreferences {
+    return when (securityLevel) {
+      SecurityLevel.BIOMETRIC -> biometricPrefs
+      SecurityLevel.STRONGBOX -> strongBoxPrefs
+      else -> standardPrefs
+    }
+  }
+
   @DoNotStrip
-  override fun getItem(key: String): Promise<String?> = Promise.async {
+  override fun getItem(key: String, options: StorageOptions?): Promise<String?> = Promise.async {
+    val securityLevel = options?.securityLevel
+    val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.getString(key, null)
   }
 
   @DoNotStrip
-  override fun setItem(key: String, value: String): Promise<Unit> = Promise.async {
+  override fun setItem(key: String, value: String, options: StorageOptions?): Promise<Unit> = Promise.async {
+    val securityLevel = options?.securityLevel
+    val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().putString(key, value).apply()
   }
 
   @DoNotStrip
-  override fun removeItem(key: String): Promise<Unit> = Promise.async {
+  override fun removeItem(key: String, options: StorageOptions?): Promise<Unit> = Promise.async {
+    val securityLevel = options?.securityLevel
+    val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().remove(key).apply()
   }
 
   @DoNotStrip
-  override fun getAllItems(): Promise<Map<String, String>> = Promise.async {
+  override fun getAllItems(options: StorageOptions?): Promise<Map<String, String>> = Promise.async {
+    val securityLevel = options?.securityLevel
+    val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.all.mapValues { it.value as? String ?: "" }
   }
 
   @DoNotStrip
-  override fun clear(): Promise<Unit> = Promise.async {
+  override fun clear(options: StorageOptions?): Promise<Unit> = Promise.async {
+    val securityLevel = options?.securityLevel
+    val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().clear().apply()
   }
+
+  @DoNotStrip
+  override fun isBiometricAvailable(): Promise<Boolean> = Promise.async {
+    val biometricManager = BiometricManager.from(context)
+    when (biometricManager.canAuthenticate(BiometricManager.Authenticators.BIOMETRIC_STRONG)) {
+      BiometricManager.BIOMETRIC_SUCCESS -> true
+      else -> false
+    }
+  }
+
+  @DoNotStrip
+  override fun isStrongBoxAvailable(): Promise<Boolean> = Promise.async {
+    isStrongBoxAvailableInternal()
+  }
+
+  private fun isStrongBoxAvailableInternal(): Boolean {
+    return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+      try {
+        val keyStore = KeyStore.getInstance("AndroidKeyStore")
+        keyStore.load(null)
+
+        val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore")
+        val keyGenParameterSpec = KeyGenParameterSpec.Builder(
+          "test_strongbox_key",
+          KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
+        )
+          .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+          .setIsStrongBoxBacked(true)
+          .build()
+
+        keyGenerator.init(keyGenParameterSpec)
+        keyGenerator.generateKey()
+        
+        // Clean up test key
+        keyStore.deleteEntry("test_strongbox_key")
+        true
+      } catch (e: Exception) {
+        false
+      }
+    } else {
+      false
+    }
+  }
 }

example/src/App.tsx

@@ -18,6 +18,7 @@ import {
   SearchItemForm,
   StoredItemsList,
   SecurityInfo,
+  BiometricSecurityDemo,
 } from './components';
 import { useSensitiveInfo, useTheme } from './hooks';
 import { commonStyles } from './styles/commonStyles';
@@ -133,6 +134,8 @@ export default function App() {
           onRemoveItem={removeItemById}
         />
 
+        <BiometricSecurityDemo />
+
         <SecurityInfo theme={theme} />
 
         <AppFooter theme={theme} />