Fix/add comment to clarify.

ChangeLog

@@ -1,3 +1,10 @@
+2014-06-19  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/ecc-mont.c (compute_nQ): Add comment.
+
+	* src/mod.c (mod_inv): Fix comment. X^-1 = 0 when X=0
+	is important for Montgomery curve computation.
+
 2014-06-05  Niibe Yutaka  <gniibe@fsij.org>
 
 	* tool/add_openpgp_authkey_from_gpgssh.py: New.

src/ecc-mont.c

@@ -185,6 +185,11 @@ compute_nQ (bn256 *res, const bn256 *n, const bn256 *q_x)
     }
 
   /* We know the LSB of N is always 0.  Thus, result is always in P0.  */
+  /*
+   * p0->z may be zero here, but our mod_inv doesn't raise error for 0,
+   * but returns 0 (like the implementation of z^(p-2)), thus, RES will
+   * be 0 in that case, which is correct value.
+   */
   mod_inv (res, p0->z, p25519);
   mod25638_mul (res, res, p0->x);
   mod25519_reduce (res);

src/mod.c

@@ -147,7 +147,7 @@ mod_reduce (bn256 *X, const bn512 *A, const bn256 *B, const bn256 *MU_lower)
  * @brief C = X^(-1) mod N
  * 
  * Assume X and N are co-prime (or N is prime).
- * If N==0, return 0.
+ * NOTE: If X==0, it return 0.
  *
  */
 void