Add comments to 448 optimised reduction
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 782a66a..b1e6338 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5524,7 +5524,6 @@
/* M = A1 */
memset(M, 0, (M_limbs * ciL));
-
/* Do not copy into the overflow limb, as this would read past the end of
* X. */
memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL));
@@ -5534,7 +5533,8 @@
X[i] = 0;
}
- /* X += A1 - Carry here fits in oversize X. Oversize M means it will get
+ /* X = X + M = A0 + A1 */
+ /* Carry here fits in oversize X. Oversize M means it will get
* added in, not returned as carry. */
(void) mbedtls_mpi_core_add(X, X, M, M_limbs);
@@ -5543,15 +5543,15 @@
mbedtls_mpi_core_sub(X, X, P, P_limbs);
}
- /* Q = B1, X += B1 */
+ /* Q = B1 */
memcpy(Q, M, (Q_limbs * ciL));
-
mbedtls_mpi_core_shift_r(Q, Q_limbs, 224);
+ /* X = X + Q = (A0 + A1) + B1 */
/* No carry here - only max 224 bits */
(void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
- /* M = (B0 + B1) * 2^224, X += M */
+ /* M = B0 */
if (sizeof(mbedtls_mpi_uint) > 4) {
M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
}
@@ -5559,10 +5559,15 @@
M[i] = 0;
}
+ /* M = M + Q = B0 + B1 */
(void) mbedtls_mpi_core_add(M, M, Q, Q_limbs);
+ /* M = (B0 + B1) * 2^224 */
/* Shifted carry bit from the addition fits in oversize M */
mbedtls_mpi_core_shift_l(M, M_limbs, 224);
+
+
+ /* X = X + M = (A0 + A1 + B1) + (B0 + B1) * 2^224 */
(void) mbedtls_mpi_core_add(X, X, M, M_limbs);
/* Deal with carry bit by subtracting P if necessary. */