File: constants.h

package info (click to toggle)
chromium 138.0.7204.183-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 6,080,960 kB
  • sloc: cpp: 34,937,079; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,954; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,811; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (105 lines) | stat: -rw-r--r-- 4,876 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_NEARBY_SHARING_CERTIFICATES_CONSTANTS_H_
#define CHROME_BROWSER_NEARBY_SHARING_CERTIFICATES_CONSTANTS_H_

#include "base/time/time.h"

// The number of days a certificate is valid.
inline constexpr base::TimeDelta kNearbyShareCertificateValidityPeriod =
    base::Days(3);

// The maximum offset for obfuscating a private certificate's not before/after
// timestamps when converting to a public certificate.
inline constexpr base::TimeDelta
    kNearbyShareMaxPrivateCertificateValidityBoundOffset = base::Hours(2);

// To account for clock skew between the local device and remote devices, public
// certificates will be considered valid if the current time is within the
// bounds [not-before - tolerance, not-after + tolerance).
inline constexpr base::TimeDelta
    kNearbySharePublicCertificateValidityBoundOffsetTolerance =
        base::Minutes(30);

// The number of private certificates for a given visibility to be stored and
// rotated on the local device.
inline constexpr size_t kNearbyShareNumPrivateCertificates = 3;

// The number of bytes comprising the hash of the authentication token using the
// secret key.
inline constexpr size_t kNearbyShareNumBytesAuthenticationTokenHash = 6;

// Length of key in bytes required by AES-GCM encryption.
inline constexpr size_t kNearbyShareNumBytesAesGcmKey = 32;

// Length of salt in bytes required by AES-GCM encryption.
inline constexpr size_t kNearbyShareNumBytesAesGcmIv = 12;

// Length of salt in bytes required by AES-CTR encryption.
inline constexpr size_t kNearbyShareNumBytesAesCtrIv = 16;

// The number of bytes of the AES secret key used to encrypt/decrypt the
// metadata encryption key.
inline constexpr size_t kNearbyShareNumBytesSecretKey = 32;

// The number of the bytes of the AES key used to encryption personal info
// metadata, for example, name and picture data. These bytes are broadcast in an
// advertisement to other devices, thus the smaller byte size.
inline constexpr size_t kNearbyShareNumBytesMetadataEncryptionKey = 14;

// The number of bytes for the salt used for encryption of the metadata
// encryption key. These bytes are broadcast in the advertisement to other
// devices.
inline constexpr size_t kNearbyShareNumBytesMetadataEncryptionKeySalt = 2;

// The number of bytes used for the hash of the metadata encryption key.
inline constexpr size_t kNearbyShareNumBytesMetadataEncryptionKeyTag = 32;

// The number of bytes in a certificate's identifier.
inline constexpr size_t kNearbyShareNumBytesCertificateId = 32;

// The size of the random byte array used for the encryption frame's signed data
// if a valid signature cannot be generated. This size is consistent with the
// GmsCore implementation.
inline constexpr size_t kNearbyShareNumBytesRandomSignature = 72;

// Half of the possible 2-byte salt values.
//
// Note: Static identifiers can be tracked over time by setting up persistent
// scanners at known locations (eg. at different isles within a supermarket). As
// the scanners’ location is already known, anyone who walks past the scanner
// has their location recorded too. This can be used for heuristics (eg. number
// of customers in a store, customers who prefer product X also prefer product
// Y, dwell time), or can be attached to an identity (eg. rewards card when
// checking out at the cashier). By rotating our identifiers, we prevent
// inadvertently leaking location. However, even rotations can be tracked as we
// get closer to running out of salts. If tracked over a long enough time, the
// device that avoids salts that you’ve seen in the past is statistically likely
// to be the device you’re tracking. Therefore, we only use half of the
// available 2-byte salts.
inline constexpr size_t kNearbyShareMaxNumMetadataEncryptionKeySalts = 32768;

// The max number of retries allowed to generate a salt. This is a sanity check
// that will never be hit.
inline constexpr size_t
    kNearbyShareMaxNumMetadataEncryptionKeySaltGenerationRetries = 128;

// The prefix prepended to the UKEY2 authentication token by the sender before
// signing.
inline constexpr char kNearbyShareSenderVerificationPrefix = 0x01;

// The prefix prepended to the UKEY2 authentication token by the receiver before
// signing.
inline constexpr char kNearbyShareReceiverVerificationPrefix = 0x02;

// The maximum number of attempts to initialize LevelDB in Certificate Storage.
inline constexpr size_t kNearbyShareCertificateStorageMaxNumInitializeAttempts =
    3;

// The frequency with which to download public certificates.
inline constexpr base::TimeDelta kNearbySharePublicCertificateDownloadPeriod =
    base::Hours(12);

#endif  // CHROME_BROWSER_NEARBY_SHARING_CERTIFICATES_CONSTANTS_H_