Update documentation and add comments

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/ecp_curves.c

@@ -4926,10 +4926,13 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn)
 
     RESET;
 
-    ADD_LAST; NEXT;
+    /* Use the reduction for the carry as well:
-    ADD_LAST; NEXT;
+     * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192
+     */
+    ADD_LAST; NEXT;                 // A0 += last_carry
+    ADD_LAST; NEXT;                 // A1 += last_carry
 
-    LAST;
+    LAST;                           // A2 += carry
 
     return 0;
 }

library/ecp_invasive.h

@@ -79,9 +79,13 @@ int mbedtls_ecp_gen_privkey_mx(size_t n_bits,
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
 
 /** Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
+ *
+ * This operation expects a 384 bit MPI and the result of the reduction
+ * is a 192 bit MPI.
  *
  * \param[in,out]   Np  The address of the MPI to be converted.
- *                      Must have twice as many limbs as \p Nn.
+ *                      Must have twice as many limbs as the modulus so
+ *                      384 bits in length.
  * \param[in]       Nn  The length of \p Np in limbs.
  */
 MBEDTLS_STATIC_TESTABLE