Move MBEDTLS_MPI_IS_* macros to bignum_core.h
These macros are not part of any public or internal API, ideally they
would be defined in the source files. The reason to put them in
bignum_core.h to avoid duplication as macros for this purpose are
needed in both bignum.c and bignum_core.c.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 26c61f5..a945be3 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -44,27 +44,6 @@
goto cleanup; \
} while (0)
-/* Constants to identify whether a value is public or secret. If a parameter is marked as secret by
- * this constant, the function must be constant time with respect to the parameter.
- *
- * This is only needed for functions with the _optionally_safe postfix. All other functions have
- * fixed behavior that can't be changed at runtime and are constant time with respect to their
- * parameters as prescribed by their documentation or by conventions in their module's documentation.
- *
- * Parameters should be named X_public where X is the name of the
- * corresponding input parameter.
- *
- * Implementation should always check using
- * if (X_public == MBEDTLS_MPI_IS_PUBLIC) {
- * // unsafe path
- * } else {
- * // safe path
- * }
- * not the other way round, in order to prevent misuse. (This is, if a value
- * other than the two below is passed, default to the safe path.) */
-#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a
-#define MBEDTLS_MPI_IS_SECRET 0
-
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
*/
diff --git a/library/bignum_core.h b/library/bignum_core.h
index d208daf..ee69aa7 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -90,6 +90,27 @@
#define GET_BYTE(X, i) \
(((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff)
+/* Constants to identify whether a value is public or secret. If a parameter is marked as secret by
+ * this constant, the function must be constant time with respect to the parameter.
+ *
+ * This is only needed for functions with the _optionally_safe postfix. All other functions have
+ * fixed behavior that can't be changed at runtime and are constant time with respect to their
+ * parameters as prescribed by their documentation or by conventions in their module's documentation.
+ *
+ * Parameters should be named X_public where X is the name of the
+ * corresponding input parameter.
+ *
+ * Implementation should always check using
+ * if (X_public == MBEDTLS_MPI_IS_PUBLIC) {
+ * // unsafe path
+ * } else {
+ * // safe path
+ * }
+ * not the other way round, in order to prevent misuse. (This is, if a value
+ * other than the two below is passed, default to the safe path.) */
+#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a
+#define MBEDTLS_MPI_IS_SECRET 0
+
/** Count leading zero bits in a given integer.
*
* \warning The result is undefined if \p a == 0