commit a264831cffe3ffe279dd1283d18703be7596a97b
author Gabor Mezei <gabor.mezei@arm.com> Mon Feb 13 16:29:05 2023 +0100
committer Gabor Mezei <gabor.mezei@arm.com> Mon Feb 13 16:29:05 2023 +0100
tree e2fa0a48c9f19eec2c112e138a7817cf46522f6a
parent 5c9f401e4759d3f798ce4899241bff766fefefe7

Update documentation and add comments

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/ecp_curves.c

diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index f3ae509..ae82cb7 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -4926,10 +4926,13 @@
 
     RESET;
 
-    ADD_LAST; NEXT;
-    ADD_LAST; NEXT;
+    /* Use the reduction for the carry as well:
+     * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192
+     */
+    ADD_LAST; NEXT;                 // A0 += last_carry
+    ADD_LAST; NEXT;                 // A1 += last_carry
 
-    LAST;
+    LAST;                           // A2 += carry
 
     return 0;
 }

library/ecp_invasive.h

diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 752fceb..bf31f0c 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -80,8 +80,12 @@
 
 /** Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
  *
+ * This operation expects a 384 bit MPI and the result of the reduction
+ * is a 192 bit MPI.
+ *
  * \param[in,out]   Np  The address of the MPI to be converted.
- *                      Must have twice as many limbs as \p Nn.
+ *                      Must have twice as many limbs as the modulus so
+ *                      384 bits in length.
  * \param[in]       Nn  The length of \p Np in limbs.
  */
 MBEDTLS_STATIC_TESTABLE