Multi-Precision-Integer Subsystem Architecture (The Libgcrypt Reference Manual)

Next: Prime-Number-Generator Subsystem Architecture, Previous: Hashing and MACing Subsystem Architecture, Up: Architecture [Contents][Index]

17.4 Multi-Precision-Integer Subsystem Architecture ¶

The implementation of Libgcrypt’s big integer computation code is based on an old release of GNU Multi-Precision Library (GMP). The decision not to use the GMP library directly was due to stalled development at that time and due to security requirements which could not be provided by the code in GMP. As GMP does, Libgcrypt provides high performance assembler implementations of low level code for several CPUS to gain much better performance than with a generic C implementation.

Major features of Libgcrypt’s multi-precision-integer code compared to GMP are:

Avoidance of stack based allocations to allow protection against swapping out of sensitive data and for easy zeroing of sensitive intermediate results.
Optional use of secure memory and tracking of its use so that results are also put into secure memory.
MPIs are identified by a handle (implemented as a pointer) to give better control over allocations and to augment them with extra properties like opaque data.
Removal of unnecessary code to reduce complexity.
Functions specialized for public key cryptography.