Zero Checksum for the Stream Control Transmission Protocol

Zero Checksum for the Stream Control Transmission Protocol Münster University of Applied Sciences

Stegerwaldstrasse 39 48565 Steinfurt Germany tuexen@fh-muenster.de

Google

Kungsbron 2 Stockholm 11122 Sweden boivie@google.com

Google

Kungsbron 2 Stockholm 11122 Sweden orphis@google.com

Mozilla Corporation

1835 Horse Shoe Trl Malvern PA 19355 US randell-ietf@jesup.org

The Stream Control Transmission Protocol (SCTP) uses a 32-bit checksum in the common header of each packet to provide some level of data integrity. When some method used by SCTP provides already the same or a higher level of data integrity, computing this checksum does not provide any additional protection, but does require computing resources. This document provides a simple extension to SCTP allowing to save these computing resources by using the constant 0 as a checksum in a backwards compatible way.

Introduction SCTP as specified in uses a CRC32c to provide some level of data integrity. When using, for example, Datagram Transport Layer Security (DTLS) as the lower layer for SCTP as specified in , using the CRC32c does not provide any additional protection over the one already provided by DTLS. However, computing the CRC32c at the sender and receiver side does require computationally resources for no benefit. This is in particular important for computational limited end points using SCTP encapsulated in DTLS. The extension described in this document allows an SCTP end point to declare that it accepts SCTP packets with a checksum of zero when using a specified alternate error detection method. This declaration happens during the setup of the SCTP association and allows end points supporting this extension to be interoperable with end points not supporting the extension described in this document. To provide this backwards compatibility, end points using this extension still need to implement the CRC32c checksum algorithm.

Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

A New Chunk Parameter The Zero Checksum Acceptable Chunk Parameter is defined by the following figure.

Zero Checksum Acceptable Chunk Parameter 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x8001 (suggested) | Length = 8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error Detection Method Identifier (EDMID) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type: 16 bits (unsigned integer): This field holds the IANA defined parameter type for the "Zero Checksum Acceptable" chunk parameter. IANA is requested to assign the value 32769 (0x8001) (suggested) for this parameter type.
Length: 16 bits (unsigned integer): This field holds the length in bytes of the chunk parameter; the value MUST be 8.
Error Detection Method Identifier (EDMID): 32 bits (unsigned integer): An IANA registered value specifying the alternate error detection method the sender of this parameter is willing to use for received packets.

All transported integer numbers are in "network byte order" a.k.a., Big Endian. The Zero Checksum Acceptable Chunk Parameter MAY appear in INIT and INIT ACK chunks. It MUST NOT appear more than once in INIT and INIT ACK chunks and it MUST NOT appear in any other chunk. If an end point not supporting the extension described in this document receives this parameter in an INIT or INIT ACK chunk, it skips this parameter and continues to process further parameters in the chunk. This behavior is REQUIRED by because the highest-order two bits of the Type are '10'.

Procedures

Declaration of Feature Support If some alternate error detection method provides an equal or better level of data integrity protection than the one provided by using the CRC32c algorithm, the computation of the CRC32c checksum requires computational resources without providing any benefit. To avoid this, an SCTP end point MAY be willing to accept SCTP packets with an incorrect CRC32c checksum value of zero in addition to SCTP packets with correct CRC32c checksum values. An SCTP endpoint MUST NOT be willing to accept SCTP packets with an incorrect CRC32c checksum value of zero, if the alternate error detection method does not provide at least the level of data integrity the CRC32c checksum algorithm provides. One example of an alternate error detection method is the use of SCTP over DTLS as described in (as used in the WebRTC context). A counter example is the use of SCTP over UDP as specified in . If middle boxes expecting correct CRC32c checksums in SCTP packets might impact the communication, an incorrect zero checksum MUST NOT be used. An SCTP implementation MAY also require the upper layer to indicate that it is fine to use a specific alternate error detection method for accepting SCTP packets with an incorrect CRC32c value of zero. An end point willing to accept SCTP packets with an incorrect checksum of zero MUST include the Zero Checksum Acceptable Chunk Parameter indicating the alternate error detection method in the INIT or INIT ACK chunk it sends.

Sender Side Considerations If an end point has received an INIT or INIT ACK chunk containing a Zero Checksum Acceptable Chunk Parameter indicating an alternate error detection method it supports from its peer during the association setup, it SHOULD use zero as the checksum for all packets sent in this association with the following four exceptions:

When an end point sends a packet containing an INIT chunk, it MUST include a correct CRC32c checksum in the packet containing the INIT chunk.
When an end point sends a packet containing a COOKIE ECHO chunk, it MUST include a correct CRC32c checksum in the packet containing the COOKIE ECHO chunk.
When an end point supports the dynamic address reconfiguration specified in and sends a packet containing an ASCONF chunk, it MUST include a correct CRC32c checksum in the packet containing the ASCONF chunk.
Alternate error detection methods might have some additional conditions requiring that the sender MUST include a correct CRC32c checksum in the packet.

The first exception allows backwards compatibility and the second and third exception allow a simpler implementation of the extension defined in this document. The last condition covers alternate error detection method specific constraints. When an end point responds to an "Out of the Blue" (OOTB) SCTP packet, it MUST include a correct CRC32c checksum in the response packet. An SCTP end point MAY only send packets with an incorrect checksum of zero, if the upper layer allowed the use of the alternate error detection method that was announced by the peer.

Receiver Side Considerations Zero is a valid result of the CRC32c algorithm. Therefore, a receiver of an SCTP packet fulfilling the constraints of the alternate error detection method and containing a checksum value of zero cannot determine whether the sender included an incorrect CRC32c of zero to reduce the CPU cost or the result of the CRC32c computation was actually zero. However, if the receiver has sent the Zero Checksum Acceptable Chunk Parameter during the handshake, this ambiguity is irrelevant, since the receiver is fine with not using the CRC32c to protect incoming packets fulfilling the constraints of the alternate error detection method. If an end point has sent the Zero Checksum Acceptable Chunk Parameter indicating the support of an alternate error detection method in an INIT or INIT ACK chunk, it MUST accept SCTP packets fulfilling the requirements of the announced alternate error detection method using an incorrect checksum value of zero in addition to SCTP packets containing the correct CRC32c checksum value for this association. An SCTP implementation MAY process OOTB SCTP packets having an incorrect zero checksum in addition to OOTB packets with a correct CRC32c checksum.

Error Detection via SCTP over DTLS Using SCTP over DTLS as specified in provides a better error detection method than using the CRC32c. Since middle boxes will not observe the unencrypted SCTP packet, there is no risk in interferring with using zero as an incorrect checksum. There are no additional error detection specific constraints on packets when using DTLS encapsulation. IANA is requested to assign the Error Detection Method Identifier of 1 for this method.

Socket API Considerations This section describes how the socket API defined in needs to be extended to provide a way for the application to control the acceptance of a zero checksum. Please note that this section is informational only. A socket API implementation based on is extended by supporting one new write-only IPPROTO_SCTP-level socket option.

Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM) This IPPROTO_SCTP-level socket option with name SCTP_ACCEPT_ZERO_CHECKSUM can be used to control the acceptance of a zero checksum. It is a write-only socket option and applies only to future SCTP associations on the socket. This option expects an unsigned integer. Possible values include:

SCTP_EDMID_NONE:: Disable the use of alternate error detection method. This means that all SCTP packets being sent have a correct CRC32c.
SCTP_EDMID_LOWER_LAYER_DTLS:: Use the alternate error detection method described in .

An implementation might only send packets with an incorrect checksum of zero, if the alternate error detection method announced by the peer is also enabled locally via this socket option. The default for this socket option is that the use of alternate error detection methods is disabled.

IANA Considerations [NOTE to RFC-Editor: "RFCXXXX" is to be replaced by the RFC number you assign this document.] [NOTE to RFC-Editor: The suggested value for the parameter type is tentative and to be confirmed by IANA.] This document (RFCXXXX) is the reference for the registration described in this section. A new chunk parameter type has to be assigned by IANA. This requires an additional line in the "Chunk Parameter Types" registry for SCTP: New entry in "Chunk Parameter Types" registry

ID Value	Chunk Parameter Type	Reference
32769 (suggested)	Zero Checksum Acceptable (0x8001 (suggested))	[RFCXXXX]

Furthermore, IANA is requested to establish a new "Error Detection Method" registry for SCTP. The assignment of new error detection methods is done through a First Come First Served policy as defined in . Documentation for a new error detection method MUST contain the following information:

A name of an alternate error detection method.
A reference describing the alternate error detection method, in particular any method specific constraints.

IANA is requested to use the following as the initial contents of the registry: Initial Contents of the "Error Detection Method" registry

ID Value	Error Detection Method	Reference
0	Reserved	[RFCXXXX]
1	SCTP over DTLS	[RFCXXXX]
2 - 4294967295	Unassigned

Security Considerations This document does not change the considerations given in .

References Normative References Informative References

Acknowledgments The authors wish to thank , , , , , and for their invaluable comments.