Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index e1e3537..54fd26b 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5077,20 +5077,20 @@
RESET;
- SUB_LAST; NEXT; // A0
+ /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */
+ SUB_LAST; NEXT; // A0 += -last_c
NEXT; // A1
NEXT; // A2
- ADD_LAST; NEXT; // A3
+ ADD_LAST; NEXT; // A3 += last_c
NEXT; // A4
NEXT; // A5
// A6
-
RESET;
- SUB_LAST; NEXT; // A0
+ SUB_LAST; NEXT; // A0 += -last_c
NEXT; // A1
NEXT; // A2
- ADD_LAST; NEXT; // A3
+ ADD_LAST; NEXT; // A3 += last_c
NEXT; // A4
NEXT; // A5
// A6
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 2669aec..ff11876 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -96,6 +96,21 @@
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+/** Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
+ *
+ * \param[in,out] Np The address of the MPI to be converted.
+ * Must have exact limb size that stores a 448-bit MPI
+ * (double the bitlength of the modulus).
+ * Upon return holds the reduced value which is
+ * in range `0 <= X < 2 * N` (where N is the modulus).
+ * The bitlength of the reduced value is the same as
+ * that of the modulus (224 bits).
+ * \param[in] Nn The length of \p Nn in limbs.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p Nn is not the limb
+ * size that sores a 448-bit MPI.
+ */
MBEDTLS_STATIC_TESTABLE
int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn);