The present invention relates to a method for computing a checksum.
When information is transmitted over a network, errors may be introduced. These errors may come from noise on the transmission line or other faults encountered during transmission. In order to detect such errors in information that is transmitted, an error detecting code can be used.
An error detecting code typically consists of a quantity that is computed based on a message, so that the quantity may be recomputed at the destination and the integrity of the transmitted information verified. An error detecting code called the Internet checksum is used by the Internet protocols IP, UDP, and TCP.
The Internet checksum uses a type of arithmetic called one""s complement as opposed to two""s complement. Two""s complement arithmetic is standard binary arithmetic, and is used in many processors. Addition in a two""s complement processor is performed by using carries so that, for example in a 4-bit processor, 1111+10 is equal to 0001 with a carry bit set. Negatives are represented by borrowing from a carry bit so that the all ones vector is equal to minus one. By contrast, in one""s complement arithmetic, negatives are represented by a logical not of the bits in a number. Accordingly, xe2x88x921 is represented as 1110. This means that there are two representations for 0, namely 0 and the number of all ones.
The Internet checksum is computed on a packet to be sent to another correspondent. The packet is represented as groups of 8 bits called octets. Octets are paired to form 16 bit integers. The Internet checksum is computed by finding the one""s complement sum of these 16 bit integers, and the one""s complement of the sum is placed into the checksum field. A checksum may be verified by computing the one""s complement sum over all of the octets and the checksum field. A correct checksum will yield the bit string consisting of all ones. When the checksum verification algorithm produces the bit string of all ones, the check succeeds.
Alternatively, the checksum could be recomputed from scratch using the octets in the message and not the checksum field. This recomputed checksum can then be compared to the checksum in the message header.
Some applications must change the information found in the header of a packet sent over the Internet. For example, when using a VPN (virtual private network) a message to the domain name server (DNS) may need to be redirected to a DNS on the VPN. The destination of the packet is indicated by a field in the header. To redirect the packet, an application could change the destination address in the header. In order for this changed message to be accepted, the checksum must also be updated so that the recipient does not reject the message as damaged in transit. In the Internet Request for Comments (RFC) 1071, a method is given for performing incremental updates of the Internet checksum. RFC 1071 shows computing a new sum Cxe2x80x2 from an original sum C when a message octet m is changed to mxe2x80x2. The formula Cxe2x80x2 is given as Cxe2x80x2=C+(mxe2x80x2xe2x88x92m). However, this method shows how to update a sum rather than the one""s complement of the sum, which is the value stored in the header. RFC 1141 points out this difference and teaches the formula xcx9cCxe2x80x2=xcx9cC+m+xcx9cmxe2x80x2, where xcx9c represents one""s complement.
However, it is shown in RFC 1624 that these methods do not work in all situations. There are certain conditions where the checksum computed by the earlier methods will not match the checksum if it were computed from scratch. Accordingly, RFC 1624 teaches another method of computing an incremental checksum. Referring to the header in the checksum as HC, and the new checksum in the header as HCxe2x80x2, RFC 1624 provides the formula HCxe2x80x2=HC+m+xcx9cmxe2x80x2 from RFC 1141 and shows why this does not work in certain situations. RFC 1624 then shows a formula, which does work: HCxe2x80x2=xcx9c(xcx9cHC+xcx9cm+mxe2x80x2), and an alternate formula is also given, namely HCxe2x80x2=HCxe2x88x92xcx9cmxe2x88x92mxe2x80x2. Whilst this technique provides an accurate value, it requires repeated operations which accordingly utilises significant resources. This formula requires one""s complement arithmetic to implement. It cannot be easily manipulated to allow alternate computation methods in view of the possible incorrect results of earlier formulae.
Constrained environments such as smart cards, pagers, cellular telephones, and personal digital assistants (PDA) have restrictions on memory usage, power consumption, and processor speed. These restrictions may make certain methods unsuitable for implementation on these systems.
The efficiency of the checksum computation affects the efficiency of all operations using the Internet protocols. Accordingly, there is a need for alternate methods of computing an incremental checksum that may be more efficient in certain environments.
It is an object of the present application to obviate or mitigate some of the above disadvantages.
A method of updating a checksum HC associated with a packet of information to be transferred between correspondents, the packet having a number of fields each having a discrete function, comprises the steps of:
a) changing a value m in one of the fields to a new value mxe2x80x2;
b) computing a complement of the checksum HC;
c) computing a first difference of the new value mxe2x80x2 and the value m;
d) computing a one""s complement difference from the first difference in accordance with an indication provided by the most significant bit of the first difference, the one""s complement difference being obtained by decrementing the first difference when the most significant bit indicates a negative first difference, and being equal to the first difference otherwise;
e) computing a first intermediate checksum value equal to the sum of the complement of the checksum HC and the one""s complement difference, and setting a carry flag in accordance with the sum;
f) computing a one""s complement intermediate checksum from the intermediate checksum in accordance with the carry flag, the one""s complement intermediate checksum being obtained by incrementing the first intermediate checksum when the carry flag is set, and being equal to the first intermediate checksum otherwise;
g) computing a complement of the one""s complement intermediate checksum to obtain an updated checksum;
h) replacing the checksum in the header with the updated checksum.
In a further embodiment, a method of updating a checksum HC associated with a packet of information to be transferred between correspondents, the packet having a number of fields each having a discrete function, wherein the packet contains a predetermined value m to be changed to a new predetermined value mxe2x80x2, comprises the steps of:
a) obtaining a one""s complement difference of the new value mxe2x80x2 and the value m;
b) computing a complement HC1 of the checksum HC;
c) computing a first intermediate checksum value HC2 equal to the sum of the complement HC1 of the checksum HC and the one""s complement difference, and setting a carry flag in accordance with the sum;
d) computing a one""s complement intermediate checksum from the intermediate checksum in accordance with the carry flag, the one""s complement intermediate checksum being obtained by incrementing the first intermediate checksum when the carry flag is set, and being equal to the first intermediate checksum otherwise;
e) computing a complement of the one""s complement intermediate checksum to obtain an updated checksum;
f) replacing the checksum in the header with the updated checksum.