The message is "padded" (extended) so that its length (in bytes) is congruent to 0, modulo 16. That is, the message is extended so that it is a multiple of 16 bytes long. Padding is always performed, even if the length of the message is already congruent to 0, modulo 16.
Padding is performed as follows: "i" bytes of value "i" are appended to the message so that the length in bytes of the padded message becomes congruent to 0, modulo 16. At least one byte and at most 16 bytes are appended.
At this point the resulting message (after padding with bytes) has a length that is an exact multiple of 16 bytes. Let M[0 ... N-1] denote the bytes of the resulting message, where N is a multiple of 16.
A 16-byte checksum of the message is appended to the result of the previous step.
This step uses a 256-byte "random" permutation constructed from the digits of pi. Let S[i] denote the i-th element of this table. The table is given in the appendix.
Do the following:
/* Clear checksum. */
For i ← 0 TO 15
C[i] ← 0
NEXT i
L ← 0.
/* Process each 16-word block. */
block ← N / 16
For i ← 0 To block - 1
/* Checksum block i. */
For j ← 0 to 15
c ← M[i * 16 + j].
C[j] ← S[c xor L].
L ← C[j].
NEXT j
NEXT i
The 16-byte checksum C[0 ... 15] is appended to the message.
A 48-byte buffer X is used to compute the message digest. The buffer is initialized to zero.
This step uses the same 256-byte permutation S as step 2 does.
Do the following:
/* Process each 16-word block. */
For i ← 0 TO block - 1
/* Copy block i into X. */
For j ← 0 TO 15
X[16 + j] ← M[i * 16 + j].
X[32 + j] ← (X[16 + j] xor X[j]).
NEXT j
t ← 0.
/* Do 18 rounds. */
For j ← 0 TO 17
/* Round j. */
For k = 0 to 47 do
t ← X[k] ← (X[k] xor S[t]).
NEXT k
t ← (t + j) modulo 256.
NEXT j
NEXT iThe message digest produced as output is X[0 ... 15]. That is, we begin with X[0], and end with X[15].
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 41 | 46 | 67 | 201 | 162 | 216 | 124 | 1 | 61 | 54 | 84 | 161 | 236 | 240 | 6 | 19 | 98 | 167 | 5 | 243 |
| 20 | 192 | 199 | 115 | 140 | 152 | 147 | 43 | 217 | 188 | 76 | 130 | 202 | 30 | 155 | 87 | 60 | 253 | 212 | 224 | 22 |
| 40 | 103 | 66 | 111 | 24 | 138 | 23 | 229 | 18 | 190 | 78 | 196 | 214 | 218 | 158 | 222 | 73 | 160 | 251 | 245 | 142 |
| 60 | 187 | 47 | 238 | 122 | 169 | 104 | 121 | 145 | 21 | 178 | 7 | 63 | 148 | 194 | 16 | 137 | 11 | 34 | 95 | 33 |
| 80 | 128 | 127 | 93 | 154 | 90 | 144 | 50 | 39 | 53 | 62 | 204 | 231 | 191 | 247 | 151 | 3 | 255 | 25 | 48 | 179 |
| 100 | 72 | 165 | 181 | 209 | 215 | 94 | 146 | 42 | 172 | 86 | 170 | 198 | 79 | 184 | 56 | 210 | 150 | 164 | 125 | 182 |
| 120 | 118 | 252 | 107 | 226 | 156 | 116 | 4 | 241 | 69 | 157 | 112 | 89 | 100 | 113 | 135 | 32 | 134 | 91 | 207 | 101 |
| 140 | 230 | 45 | 168 | 2 | 27 | 96 | 37 | 173 | 174 | 176 | 185 | 246 | 28 | 70 | 97 | 105 | 52 | 64 | 126 | 15 |
| 160 | 85 | 71 | 163 | 35 | 221 | 81 | 175 | 58 | 195 | 92 | 249 | 206 | 186 | 197 | 234 | 38 | 44 | 83 | 13 | 110 |
| 180 | 133 | 40 | 132 | 9 | 211 | 223 | 205 | 244 | 65 | 129 | 77 | 82 | 106 | 220 | 55 | 200 | 108 | 193 | 171 | 250 |
| 200 | 36 | 225 | 123 | 8 | 12 | 189 | 177 | 74 | 120 | 136 | 149 | 139 | 227 | 99 | 232 | 109 | 233 | 203 | 213 | 254 |
| 220 | 59 | 0 | 29 | 57 | 242 | 239 | 183 | 14 | 102 | 88 | 208 | 228 | 166 | 119 | 114 | 248 | 235 | 117 | 75 | 10 |