From e2967396ac73cb7410787886cdaf072a184ffc49 Mon Sep 17 00:00:00 2001
From: irungentoo <irungentoo@gmail.com>
Date: Tue, 2 Jul 2013 09:53:34 -0400
Subject: Added NaCl crypto library.

---
 nacl/crypto_scalarmult/curve25519/athlon/api.h     |    2 +
 nacl/crypto_scalarmult/curve25519/athlon/base.c    |    8 +
 nacl/crypto_scalarmult/curve25519/athlon/const.s   |  114 +
 .../curve25519/athlon/fromdouble.s                 |  195 +
 .../curve25519/athlon/implementors                 |    1 +
 nacl/crypto_scalarmult/curve25519/athlon/init.s    |   13 +
 .../crypto_scalarmult/curve25519/athlon/mainloop.s | 3990 ++++++++++++++++++++
 nacl/crypto_scalarmult/curve25519/athlon/mult.s    |  410 ++
 nacl/crypto_scalarmult/curve25519/athlon/smult.c   |   91 +
 nacl/crypto_scalarmult/curve25519/athlon/square.s  |  298 ++
 .../crypto_scalarmult/curve25519/athlon/todouble.s |  144 +
 nacl/crypto_scalarmult/curve25519/checksum         |    1 +
 nacl/crypto_scalarmult/curve25519/donna_c64/api.h  |    2 +
 nacl/crypto_scalarmult/curve25519/donna_c64/base.c |    8 +
 .../curve25519/donna_c64/implementors              |    1 +
 .../crypto_scalarmult/curve25519/donna_c64/smult.c |  477 +++
 nacl/crypto_scalarmult/curve25519/ref/api.h        |    2 +
 nacl/crypto_scalarmult/curve25519/ref/base.c       |   16 +
 nacl/crypto_scalarmult/curve25519/ref/implementors |    1 +
 nacl/crypto_scalarmult/curve25519/ref/smult.c      |  265 ++
 nacl/crypto_scalarmult/curve25519/used             |    0
 nacl/crypto_scalarmult/measure.c                   |   61 +
 nacl/crypto_scalarmult/try.c                       |  126 +
 nacl/crypto_scalarmult/wrapper-base.cpp            |   11 +
 nacl/crypto_scalarmult/wrapper-mult.cpp            |   12 +
 25 files changed, 6249 insertions(+)
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/api.h
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/base.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/const.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/fromdouble.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/implementors
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/init.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/mainloop.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/mult.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/smult.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/square.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/athlon/todouble.s
 create mode 100644 nacl/crypto_scalarmult/curve25519/checksum
 create mode 100644 nacl/crypto_scalarmult/curve25519/donna_c64/api.h
 create mode 100644 nacl/crypto_scalarmult/curve25519/donna_c64/base.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/donna_c64/implementors
 create mode 100644 nacl/crypto_scalarmult/curve25519/donna_c64/smult.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/ref/api.h
 create mode 100644 nacl/crypto_scalarmult/curve25519/ref/base.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/ref/implementors
 create mode 100644 nacl/crypto_scalarmult/curve25519/ref/smult.c
 create mode 100644 nacl/crypto_scalarmult/curve25519/used
 create mode 100644 nacl/crypto_scalarmult/measure.c
 create mode 100644 nacl/crypto_scalarmult/try.c
 create mode 100644 nacl/crypto_scalarmult/wrapper-base.cpp
 create mode 100644 nacl/crypto_scalarmult/wrapper-mult.cpp

(limited to 'nacl/crypto_scalarmult')

diff --git a/nacl/crypto_scalarmult/curve25519/athlon/api.h b/nacl/crypto_scalarmult/curve25519/athlon/api.h
new file mode 100644
index 00000000..60339596
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_SCALARBYTES 32
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/base.c b/nacl/crypto_scalarmult/curve25519/athlon/base.c
new file mode 100644
index 00000000..dde929ec
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/base.c
@@ -0,0 +1,8 @@
+#include "crypto_scalarmult.h"
+
+static char basepoint[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
+{
+  return crypto_scalarmult(q,n,basepoint);
+}
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/const.s b/nacl/crypto_scalarmult/curve25519/athlon/const.s
new file mode 100644
index 00000000..9042c2fb
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/const.s
@@ -0,0 +1,114 @@
+.data
+.section .rodata
+.p2align 5
+
+.globl crypto_scalarmult_curve25519_athlon_scale
+.globl crypto_scalarmult_curve25519_athlon_121665
+.globl crypto_scalarmult_curve25519_athlon_alpha26
+.globl crypto_scalarmult_curve25519_athlon_alpha51
+.globl crypto_scalarmult_curve25519_athlon_alpha77
+.globl crypto_scalarmult_curve25519_athlon_alpha102
+.globl crypto_scalarmult_curve25519_athlon_alpha128
+.globl crypto_scalarmult_curve25519_athlon_alpha153
+.globl crypto_scalarmult_curve25519_athlon_alpha179
+.globl crypto_scalarmult_curve25519_athlon_alpha204
+.globl crypto_scalarmult_curve25519_athlon_alpha230
+.globl crypto_scalarmult_curve25519_athlon_alpha255
+.globl crypto_scalarmult_curve25519_athlon_in0offset
+.globl crypto_scalarmult_curve25519_athlon_in1offset
+.globl crypto_scalarmult_curve25519_athlon_in2offset
+.globl crypto_scalarmult_curve25519_athlon_in3offset
+.globl crypto_scalarmult_curve25519_athlon_in4offset
+.globl crypto_scalarmult_curve25519_athlon_in5offset
+.globl crypto_scalarmult_curve25519_athlon_in6offset
+.globl crypto_scalarmult_curve25519_athlon_in7offset
+.globl crypto_scalarmult_curve25519_athlon_in8offset
+.globl crypto_scalarmult_curve25519_athlon_in9offset
+.globl crypto_scalarmult_curve25519_athlon_out0offset
+.globl crypto_scalarmult_curve25519_athlon_out1offset
+.globl crypto_scalarmult_curve25519_athlon_out2offset
+.globl crypto_scalarmult_curve25519_athlon_out3offset
+.globl crypto_scalarmult_curve25519_athlon_out4offset
+.globl crypto_scalarmult_curve25519_athlon_out5offset
+.globl crypto_scalarmult_curve25519_athlon_out6offset
+.globl crypto_scalarmult_curve25519_athlon_out7offset
+.globl crypto_scalarmult_curve25519_athlon_out8offset
+.globl crypto_scalarmult_curve25519_athlon_out9offset
+.globl crypto_scalarmult_curve25519_athlon_two0
+.globl crypto_scalarmult_curve25519_athlon_two1
+.globl crypto_scalarmult_curve25519_athlon_zero
+.globl crypto_scalarmult_curve25519_athlon_rounding
+
+crypto_scalarmult_curve25519_athlon_scale:
+	.long 0x0,0x30430000
+crypto_scalarmult_curve25519_athlon_121665:
+	.long 0x0,0x40fdb410
+crypto_scalarmult_curve25519_athlon_in0offset:
+	.long 0x0,0x43300000
+crypto_scalarmult_curve25519_athlon_in1offset:
+	.long 0x0,0x45300000
+crypto_scalarmult_curve25519_athlon_in2offset:
+	.long 0x0,0x46b00000
+crypto_scalarmult_curve25519_athlon_in3offset:
+	.long 0x0,0x48300000
+crypto_scalarmult_curve25519_athlon_in4offset:
+	.long 0x0,0x49b00000
+crypto_scalarmult_curve25519_athlon_in5offset:
+	.long 0x0,0x4b300000
+crypto_scalarmult_curve25519_athlon_in6offset:
+	.long 0x0,0x4d300000
+crypto_scalarmult_curve25519_athlon_in7offset:
+	.long 0x0,0x4eb00000
+crypto_scalarmult_curve25519_athlon_in8offset:
+	.long 0x0,0x50300000
+crypto_scalarmult_curve25519_athlon_in9offset:
+	.long 0x0,0x51b00000
+crypto_scalarmult_curve25519_athlon_alpha26:
+	.long 0x0,0x45880000
+crypto_scalarmult_curve25519_athlon_alpha51:
+	.long 0x0,0x47180000
+crypto_scalarmult_curve25519_athlon_alpha77:
+	.long 0x0,0x48b80000
+crypto_scalarmult_curve25519_athlon_alpha102:
+	.long 0x0,0x4a480000
+crypto_scalarmult_curve25519_athlon_alpha128:
+	.long 0x0,0x4be80000
+crypto_scalarmult_curve25519_athlon_alpha153:
+	.long 0x0,0x4d780000
+crypto_scalarmult_curve25519_athlon_alpha179:
+	.long 0x0,0x4f180000
+crypto_scalarmult_curve25519_athlon_alpha204:
+	.long 0x0,0x50a80000
+crypto_scalarmult_curve25519_athlon_alpha230:
+	.long 0x0,0x52480000
+crypto_scalarmult_curve25519_athlon_alpha255:
+	.long 0x0,0x53d80000
+crypto_scalarmult_curve25519_athlon_two0:
+	.long 0x0,0x3ff00000
+crypto_scalarmult_curve25519_athlon_two1:
+	.long 0x0,0x40000000
+crypto_scalarmult_curve25519_athlon_zero:
+	.long 0x0,0x0
+crypto_scalarmult_curve25519_athlon_out0offset:
+	.long 0x1fffffed,0x43380000
+crypto_scalarmult_curve25519_athlon_out1offset:
+	.long 0xffffff8,0x44d80000
+crypto_scalarmult_curve25519_athlon_out2offset:
+	.long 0x1ffffff8,0x46680000
+crypto_scalarmult_curve25519_athlon_out3offset:
+	.long 0xffffff8,0x48080000
+crypto_scalarmult_curve25519_athlon_out4offset:
+	.long 0x1ffffff8,0x49980000
+crypto_scalarmult_curve25519_athlon_out5offset:
+	.long 0xffffff8,0x4b380000
+crypto_scalarmult_curve25519_athlon_out6offset:
+	.long 0x1ffffff8,0x4cc80000
+crypto_scalarmult_curve25519_athlon_out7offset:
+	.long 0xffffff8,0x4e680000
+crypto_scalarmult_curve25519_athlon_out8offset:
+	.long 0x1ffffff8,0x4ff80000
+crypto_scalarmult_curve25519_athlon_out9offset:
+	.long 0x1fffff8,0x51980000
+crypto_scalarmult_curve25519_athlon_rounding:
+	.byte 0x7f
+	.byte 0x13
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/fromdouble.s b/nacl/crypto_scalarmult/curve25519/athlon/fromdouble.s
new file mode 100644
index 00000000..221ca35f
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/fromdouble.s
@@ -0,0 +1,195 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_fromdouble
+.globl crypto_scalarmult_curve25519_athlon_fromdouble
+_crypto_scalarmult_curve25519_athlon_fromdouble:
+crypto_scalarmult_curve25519_athlon_fromdouble:
+mov %esp,%eax
+and $31,%eax
+add $192,%eax
+sub %eax,%esp
+movl %ebp,0(%esp)
+movl 8(%esp,%eax),%ecx
+fldl 0(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out0offset
+fstpl 96(%esp)
+fldl 8(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out1offset
+fstpl 104(%esp)
+fldl 16(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out2offset
+fstpl 112(%esp)
+fldl 24(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out3offset
+fstpl 120(%esp)
+fldl 32(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out4offset
+fstpl 128(%esp)
+fldl 40(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out5offset
+fstpl 136(%esp)
+fldl 48(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out6offset
+fstpl 144(%esp)
+fldl 56(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out7offset
+fstpl 152(%esp)
+fldl 64(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out8offset
+fstpl 160(%esp)
+fldl 72(%ecx)
+faddl crypto_scalarmult_curve25519_athlon_out9offset
+fstpl 168(%esp)
+movl 96(%esp),%ecx
+movl %ecx,4(%esp)
+movl 104(%esp),%ecx
+shl  $26,%ecx
+movl %ecx,40(%esp)
+movl 104(%esp),%ecx
+shr  $6,%ecx
+movl %ecx,8(%esp)
+movl 112(%esp),%ecx
+shl  $19,%ecx
+movl %ecx,44(%esp)
+movl 112(%esp),%ecx
+shr  $13,%ecx
+movl %ecx,12(%esp)
+movl 120(%esp),%ecx
+shl  $13,%ecx
+movl %ecx,48(%esp)
+movl 120(%esp),%ecx
+shr  $19,%ecx
+movl %ecx,16(%esp)
+movl 128(%esp),%ecx
+shl  $6,%ecx
+movl %ecx,52(%esp)
+movl 128(%esp),%ecx
+shr  $26,%ecx
+movl 136(%esp),%edx
+add  %edx,%ecx
+movl %ecx,20(%esp)
+movl 144(%esp),%ecx
+shl  $25,%ecx
+movl %ecx,56(%esp)
+movl 144(%esp),%ecx
+shr  $7,%ecx
+movl %ecx,24(%esp)
+movl 152(%esp),%ecx
+shl  $19,%ecx
+movl %ecx,60(%esp)
+movl 152(%esp),%ecx
+shr  $13,%ecx
+movl %ecx,28(%esp)
+movl 160(%esp),%ecx
+shl  $12,%ecx
+movl %ecx,64(%esp)
+movl 160(%esp),%ecx
+shr  $20,%ecx
+movl %ecx,32(%esp)
+movl 168(%esp),%ecx
+shl  $6,%ecx
+movl %ecx,68(%esp)
+movl 168(%esp),%ecx
+shr  $26,%ecx
+movl %ecx,36(%esp)
+mov  $0,%ecx
+movl %ecx,72(%esp)
+movl 4(%esp),%ecx
+addl 40(%esp),%ecx
+movl %ecx,4(%esp)
+movl 8(%esp),%ecx
+adcl 44(%esp),%ecx
+movl %ecx,8(%esp)
+movl 12(%esp),%ecx
+adcl 48(%esp),%ecx
+movl %ecx,12(%esp)
+movl 16(%esp),%ecx
+adcl 52(%esp),%ecx
+movl %ecx,16(%esp)
+movl 20(%esp),%ecx
+adcl 56(%esp),%ecx
+movl %ecx,20(%esp)
+movl 24(%esp),%ecx
+adcl 60(%esp),%ecx
+movl %ecx,24(%esp)
+movl 28(%esp),%ecx
+adcl 64(%esp),%ecx
+movl %ecx,28(%esp)
+movl 32(%esp),%ecx
+adcl 68(%esp),%ecx
+movl %ecx,32(%esp)
+movl 36(%esp),%ecx
+adcl 72(%esp),%ecx
+movl %ecx,36(%esp)
+movl 4(%esp),%ecx
+adc  $0x13,%ecx
+movl %ecx,40(%esp)
+movl 8(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,44(%esp)
+movl 12(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,48(%esp)
+movl 16(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,52(%esp)
+movl 20(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,56(%esp)
+movl 24(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,60(%esp)
+movl 28(%esp),%ecx
+adc  $0,%ecx
+movl %ecx,64(%esp)
+movl 32(%esp),%ecx
+adc  $0x80000000,%ecx
+movl %ecx,68(%esp)
+movl 36(%esp),%ebp
+adc  $0xffffffff,%ebp
+and  $0x80000000,%ebp
+sar  $31,%ebp
+movl 4(%esp,%eax),%ecx
+movl 4(%esp),%edx
+xorl 40(%esp),%edx
+and  %ebp,%edx
+xorl 40(%esp),%edx
+movl %edx,0(%ecx)
+movl 8(%esp),%edx
+xorl 44(%esp),%edx
+and  %ebp,%edx
+xorl 44(%esp),%edx
+movl %edx,4(%ecx)
+movl 12(%esp),%edx
+xorl 48(%esp),%edx
+and  %ebp,%edx
+xorl 48(%esp),%edx
+movl %edx,8(%ecx)
+movl 16(%esp),%edx
+xorl 52(%esp),%edx
+and  %ebp,%edx
+xorl 52(%esp),%edx
+movl %edx,12(%ecx)
+movl 20(%esp),%edx
+xorl 56(%esp),%edx
+and  %ebp,%edx
+xorl 56(%esp),%edx
+movl %edx,16(%ecx)
+movl 24(%esp),%edx
+xorl 60(%esp),%edx
+and  %ebp,%edx
+xorl 60(%esp),%edx
+movl %edx,20(%ecx)
+movl 28(%esp),%edx
+xorl 64(%esp),%edx
+and  %ebp,%edx
+xorl 64(%esp),%edx
+movl %edx,24(%ecx)
+movl 32(%esp),%edx
+xorl 68(%esp),%edx
+and  %ebp,%edx
+xorl 68(%esp),%edx
+movl %edx,28(%ecx)
+movl 0(%esp),%ebp
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/implementors b/nacl/crypto_scalarmult/curve25519/athlon/implementors
new file mode 100644
index 00000000..f6fb3c73
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/implementors
@@ -0,0 +1 @@
+Daniel J. Bernstein
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/init.s b/nacl/crypto_scalarmult/curve25519/athlon/init.s
new file mode 100644
index 00000000..edd3c589
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/init.s
@@ -0,0 +1,13 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_init
+.globl crypto_scalarmult_curve25519_athlon_init
+_crypto_scalarmult_curve25519_athlon_init:
+crypto_scalarmult_curve25519_athlon_init:
+mov %esp,%eax
+and $31,%eax
+add $0,%eax
+sub %eax,%esp
+fldcw crypto_scalarmult_curve25519_athlon_rounding
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/mainloop.s b/nacl/crypto_scalarmult/curve25519/athlon/mainloop.s
new file mode 100644
index 00000000..47412905
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/mainloop.s
@@ -0,0 +1,3990 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_mainloop
+.globl crypto_scalarmult_curve25519_athlon_mainloop
+_crypto_scalarmult_curve25519_athlon_mainloop:
+crypto_scalarmult_curve25519_athlon_mainloop:
+mov %esp,%eax
+and $31,%eax
+add $704,%eax
+sub %eax,%esp
+lea 256(%esp),%edx
+lea 512(%esp),%ecx
+fldl crypto_scalarmult_curve25519_athlon_two0
+fldl crypto_scalarmult_curve25519_athlon_zero
+movl %eax,160(%ecx)
+movl %ebx,164(%ecx)
+movl %esi,168(%ecx)
+movl %edi,172(%ecx)
+movl %ebp,176(%ecx)
+movl 4(%esp,%eax),%ebx
+fxch %st(1)
+fstl 0(%esp)
+fxch %st(1)
+fstl 8(%esp)
+fstl 16(%esp)
+fstl 24(%esp)
+fstl 32(%esp)
+fstl 40(%esp)
+fstl 48(%esp)
+fstl -120(%edx)
+fstl -112(%edx)
+fstl -104(%edx)
+fstl -96(%edx)
+fstl -88(%edx)
+fstl -80(%edx)
+fstl -72(%edx)
+fstl -64(%edx)
+fstl -56(%edx)
+fstl -48(%edx)
+fstl -40(%edx)
+fstl -32(%edx)
+fstl -24(%edx)
+fxch %st(1)
+fstpl 64(%edx)
+fstl 72(%edx)
+fstl 80(%edx)
+fstl 88(%edx)
+fstl 96(%edx)
+fstl 104(%edx)
+fstl 112(%edx)
+fstl 120(%edx)
+fstl -128(%ecx)
+fstpl -120(%ecx)
+fldl 0(%ebx)
+fldl 8(%ebx)
+fldl 16(%ebx)
+fldl 24(%ebx)
+fxch %st(3)
+fstl -16(%edx)
+fstpl 56(%esp)
+fldl 32(%ebx)
+fxch %st(2)
+fstl -8(%edx)
+fstpl 64(%esp)
+fldl 40(%ebx)
+fxch %st(1)
+fstl 0(%edx)
+fstpl 72(%esp)
+fldl 48(%ebx)
+fxch %st(3)
+fstl 8(%edx)
+fstpl 80(%esp)
+fldl 56(%ebx)
+fxch %st(2)
+fstl 16(%edx)
+fstpl 88(%esp)
+fldl 64(%ebx)
+fxch %st(1)
+fstl 24(%edx)
+fstpl 96(%esp)
+fldl 72(%ebx)
+fxch %st(3)
+fstl 32(%edx)
+fstpl 104(%esp)
+fxch %st(1)
+fstl 40(%edx)
+fstpl 112(%esp)
+fstl 48(%edx)
+fstpl 120(%esp)
+fstl 56(%edx)
+fstpl -128(%edx)
+movl 8(%esp,%eax),%ebx
+mov  $28,%edi
+mov  $31,%ebp
+movl 28(%ebx),%esi
+rol  $1,%esi
+._morebytes:
+movl %edi,188(%ecx)
+._morebits:
+rol  $1,%esi
+movl %esi,180(%ecx)
+movl %ebp,184(%ecx)
+and  $1,%esi
+movl  $0x43300000,-108(%ecx)
+movl %esi,-112(%ecx)
+fldl -96(%edx)
+fldl 0(%esp)
+fadd %st(0),%st(1)
+fsubl -96(%edx)
+fldl 64(%edx)
+fldl -16(%edx)
+fadd %st(0),%st(1)
+fsubl 64(%edx)
+fldl -88(%edx)
+fldl 8(%esp)
+fadd %st(0),%st(1)
+fsubl -88(%edx)
+fxch %st(5)
+fstpl 0(%esp)
+fxch %st(3)
+fstpl -96(%edx)
+fldl 72(%edx)
+fldl -8(%edx)
+fadd %st(0),%st(1)
+fsubl 72(%edx)
+fxch %st(3)
+fstpl -16(%edx)
+fxch %st(1)
+fstpl 64(%edx)
+fldl -80(%edx)
+fldl 16(%esp)
+fadd %st(0),%st(1)
+fsubl -80(%edx)
+fxch %st(4)
+fstpl 8(%esp)
+fxch %st(4)
+fstpl -88(%edx)
+fldl 80(%edx)
+fldl 0(%edx)
+fadd %st(0),%st(1)
+fsubl 80(%edx)
+fxch %st(2)
+fstpl -8(%edx)
+fxch %st(2)
+fstpl 72(%edx)
+fldl -72(%edx)
+fldl 24(%esp)
+fadd %st(0),%st(1)
+fsubl -72(%edx)
+fxch %st(5)
+fstpl 16(%esp)
+fxch %st(3)
+fstpl -80(%edx)
+fldl 88(%edx)
+fldl 8(%edx)
+fadd %st(0),%st(1)
+fsubl 88(%edx)
+fxch %st(3)
+fstpl 0(%edx)
+fxch %st(1)
+fstpl 80(%edx)
+fldl -64(%edx)
+fldl 32(%esp)
+fadd %st(0),%st(1)
+fsubl -64(%edx)
+fxch %st(4)
+fstpl 24(%esp)
+fxch %st(4)
+fstpl -72(%edx)
+fldl 96(%edx)
+fldl 16(%edx)
+fadd %st(0),%st(1)
+fsubl 96(%edx)
+fxch %st(2)
+fstpl 8(%edx)
+fxch %st(2)
+fstpl 88(%edx)
+fldl -56(%edx)
+fldl 40(%esp)
+fadd %st(0),%st(1)
+fsubl -56(%edx)
+fxch %st(5)
+fstpl 32(%esp)
+fxch %st(3)
+fstpl -64(%edx)
+fldl 104(%edx)
+fldl 24(%edx)
+fadd %st(0),%st(1)
+fsubl 104(%edx)
+fxch %st(3)
+fstpl 16(%edx)
+fxch %st(1)
+fstpl 96(%edx)
+fldl -48(%edx)
+fldl 48(%esp)
+fadd %st(0),%st(1)
+fsubl -48(%edx)
+fxch %st(4)
+fstpl 40(%esp)
+fxch %st(4)
+fstpl -56(%edx)
+fldl 112(%edx)
+fldl 32(%edx)
+fadd %st(0),%st(1)
+fsubl 112(%edx)
+fxch %st(2)
+fstpl 24(%edx)
+fxch %st(2)
+fstpl 104(%edx)
+fldl -40(%edx)
+fldl -120(%edx)
+fadd %st(0),%st(1)
+fsubl -40(%edx)
+fxch %st(5)
+fstpl 48(%esp)
+fxch %st(3)
+fstpl -48(%edx)
+fldl 120(%edx)
+fldl 40(%edx)
+fadd %st(0),%st(1)
+fsubl 120(%edx)
+fxch %st(3)
+fstpl 32(%edx)
+fxch %st(1)
+fstpl 112(%edx)
+fldl -32(%edx)
+fldl -112(%edx)
+fadd %st(0),%st(1)
+fsubl -32(%edx)
+fxch %st(4)
+fstpl -120(%edx)
+fxch %st(4)
+fstpl -40(%edx)
+fldl -128(%ecx)
+fldl 48(%edx)
+fadd %st(0),%st(1)
+fsubl -128(%ecx)
+fxch %st(2)
+fstpl 40(%edx)
+fxch %st(2)
+fstpl 120(%edx)
+fldl -24(%edx)
+fldl -104(%edx)
+fadd %st(0),%st(1)
+fsubl -24(%edx)
+fxch %st(5)
+fstpl -112(%edx)
+fxch %st(3)
+fstpl -32(%edx)
+fldl -120(%ecx)
+fldl 56(%edx)
+fadd %st(0),%st(1)
+fsubl -120(%ecx)
+fxch %st(3)
+fstpl 48(%edx)
+fxch %st(1)
+fstpl -128(%ecx)
+fldl -112(%ecx)
+fsubl crypto_scalarmult_curve25519_athlon_in0offset
+fldl crypto_scalarmult_curve25519_athlon_two0
+fsub %st(1),%st(0)
+fxch %st(4)
+fstpl -104(%edx)
+fxch %st(4)
+fstpl -24(%edx)
+fstpl 56(%edx)
+fstpl -120(%ecx)
+fxch %st(1)
+fstl 136(%ecx)
+fldl 0(%esp)
+fmul %st(2),%st(0)
+fldl -16(%edx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmul %st(3),%st(0)
+fldl -8(%edx)
+fmul %st(3),%st(0)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(4),%st(0)
+fldl 0(%edx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmul %st(5),%st(0)
+fldl 8(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -112(%ecx)
+fldl 32(%esp)
+fmul %st(5),%st(0)
+fldl 16(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fstpl -104(%ecx)
+fldl 40(%esp)
+fmul %st(5),%st(0)
+fldl 24(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(1)
+fstpl -96(%ecx)
+fldl 48(%esp)
+fmul %st(5),%st(0)
+fldl 32(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -88(%ecx)
+fldl -120(%edx)
+fmul %st(5),%st(0)
+fldl 40(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fstpl -80(%ecx)
+fldl -112(%edx)
+fmul %st(5),%st(0)
+fldl 48(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(1)
+fstpl -72(%ecx)
+fldl -104(%edx)
+fmul %st(5),%st(0)
+fldl 56(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -64(%ecx)
+fldl -96(%edx)
+fmul %st(5),%st(0)
+fldl 64(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fstpl -56(%ecx)
+fldl -88(%edx)
+fmul %st(5),%st(0)
+fldl 72(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(1)
+fstpl -48(%ecx)
+fldl -80(%edx)
+fmul %st(5),%st(0)
+fldl 80(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -40(%ecx)
+fldl -72(%edx)
+fmul %st(5),%st(0)
+fldl 88(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fstpl -32(%ecx)
+fldl -64(%edx)
+fmul %st(5),%st(0)
+fldl 96(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(1)
+fstpl -24(%ecx)
+fldl -56(%edx)
+fmul %st(5),%st(0)
+fldl 104(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -16(%ecx)
+fldl -48(%edx)
+fmul %st(5),%st(0)
+fldl 112(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fstpl -8(%ecx)
+fldl -40(%edx)
+fmul %st(5),%st(0)
+fldl 120(%edx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(1)
+fstpl 0(%ecx)
+fldl -32(%edx)
+fmul %st(5),%st(0)
+fldl -128(%ecx)
+fmul %st(5),%st(0)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl 8(%ecx)
+fldl -24(%edx)
+fmulp %st(0),%st(5)
+fldl -120(%ecx)
+fmulp %st(0),%st(4)
+fxch %st(3)
+faddp %st(0),%st(4)
+fstpl 16(%ecx)
+fxch %st(1)
+fstpl 24(%ecx)
+fstpl 32(%ecx)
+fstpl 40(%ecx)
+fldl -24(%edx)
+fmull 56(%edx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(1)
+fldl -88(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl -96(%edx)
+fmull 56(%edx)
+fldl -80(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(2)
+fldl -88(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(1)
+fldl -72(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(2)
+fldl -80(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl -64(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(2)
+fldl -72(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+fldl -88(%edx)
+fmull 56(%edx)
+fldl -56(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(3)
+fldl -64(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(2)
+fldl -80(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(1)
+fldl -48(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(3)
+fldl -56(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(2)
+fldl -72(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl -40(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(3)
+fldl -48(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(2)
+fldl -64(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+fldl -32(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(3)
+fldl -40(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(2)
+fldl -56(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl -80(%edx)
+fmull 56(%edx)
+fldl -48(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(2)
+fldl -32(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl -72(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(2)
+fldl -40(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(3)
+fldl -24(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl -64(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(2)
+fldl -72(%edx)
+fmull 56(%edx)
+fldl -32(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl -56(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(3)
+fldl -64(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl -48(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(3)
+fldl -56(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(2)
+fldl -24(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl -40(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(3)
+fldl -64(%edx)
+fmull 56(%edx)
+fldl -48(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(3)
+fldl -32(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 64(%ecx)
+fldl -56(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(5)
+fldl -40(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl -24(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -48(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(5)
+fldl -32(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 72(%ecx)
+fldl -56(%edx)
+fmull 56(%edx)
+fldl -40(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(5)
+fldl -24(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(3)
+fldl -96(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl -48(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(2)
+fldl -32(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl -40(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(2)
+fldl -24(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(6)
+fldl -96(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl -48(%edx)
+fmull 56(%edx)
+fldl -32(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl -40(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(7)
+fldl -24(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(3)
+fldl -96(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(2)
+fldl -80(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl 48(%ecx)
+fldl -32(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl -40(%edx)
+fmull 56(%edx)
+fldl -24(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(6)
+fldl -96(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(3)
+fldl -80(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl -32(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(4)
+fldl -72(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl 56(%ecx)
+fldl -24(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl -96(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(6)
+fldl -80(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl -32(%edx)
+fmull 56(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(6)
+fldl -72(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl -24(%edx)
+fmull 48(%edx)
+faddp %st(0),%st(6)
+fldl -96(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(2)
+fldl -80(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(7)
+fldl -64(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl -24(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -88(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(5)
+fldl -72(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl -96(%edx)
+fmull 40(%edx)
+faddp %st(0),%st(3)
+fldl -80(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(4)
+fldl -64(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl -88(%edx)
+fmull 32(%edx)
+faddp %st(0),%st(4)
+fldl -72(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(5)
+fldl -56(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl -96(%edx)
+fldl -80(%edx)
+fmull 24(%edx)
+faddp %st(0),%st(3)
+fldl -64(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl -88(%edx)
+fldl -72(%edx)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+fldl -56(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl -64(%edx)
+fmull 8(%edx)
+faddp %st(0),%st(2)
+fldl -48(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl -56(%edx)
+fmull 0(%edx)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl -80(%edx)
+fldl -48(%edx)
+fmull -8(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl -40(%edx)
+fmull -16(%edx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 64(%ecx)
+fldl 72(%ecx)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl -72(%edx)
+fxch %st(2)
+fstpl -64(%edx)
+fstpl -56(%edx)
+fstpl -48(%edx)
+fldl -104(%edx)
+fmull -120(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull -120(%ecx)
+fldl 16(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(2)
+fldl 8(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(2)
+fldl 16(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(1)
+fldl 32(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(2)
+fldl 24(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -120(%ecx)
+fldl 40(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(2)
+fldl 16(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(2)
+fldl 24(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(1)
+fldl -120(%edx)
+fmull 72(%edx)
+faddp %st(0),%st(3)
+fldl 48(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(1)
+fldl -112(%edx)
+fmull 64(%edx)
+faddp %st(0),%st(3)
+fldl -120(%edx)
+fmull 80(%edx)
+faddp %st(0),%st(2)
+fldl 40(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -120(%ecx)
+fldl 48(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(2)
+fldl -112(%edx)
+fmull 72(%edx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl 24(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(2)
+fldl -120(%edx)
+fmull 88(%edx)
+faddp %st(0),%st(3)
+fldl -104(%edx)
+fmull 64(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 32(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(2)
+fldl 24(%esp)
+fmull -120(%ecx)
+fldl -112(%edx)
+fmull 80(%edx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl 40(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl 48(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(2)
+fldl -104(%edx)
+fmull 72(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl -120(%edx)
+fmull 96(%edx)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmull -120(%ecx)
+fldl 48(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(3)
+fldl -112(%edx)
+fmull 88(%edx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 8(%edx)
+fldl 40(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(5)
+fldl -120(%edx)
+fmull 104(%edx)
+faddp %st(0),%st(1)
+fldl -104(%edx)
+fmull 80(%edx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 48(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(5)
+fldl -112(%edx)
+fmull 96(%edx)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 16(%edx)
+fldl 40(%esp)
+fmull -120(%ecx)
+fldl -120(%edx)
+fmull 112(%edx)
+faddp %st(0),%st(5)
+fldl -104(%edx)
+fmull 88(%edx)
+faddp %st(0),%st(3)
+fldl 0(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl 48(%esp)
+fmull -128(%ecx)
+faddp %st(0),%st(2)
+fldl -112(%edx)
+fmull 104(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl -120(%edx)
+fmull 120(%edx)
+faddp %st(0),%st(2)
+fldl -104(%edx)
+fmull 96(%edx)
+faddp %st(0),%st(6)
+fldl 0(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl 48(%esp)
+fmull -120(%ecx)
+fldl -112(%edx)
+fmull 112(%edx)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl -120(%edx)
+fmull -128(%ecx)
+faddp %st(0),%st(7)
+fldl -104(%edx)
+fmull 104(%edx)
+faddp %st(0),%st(3)
+fldl 0(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(2)
+fldl 16(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl -40(%edx)
+fldl -112(%edx)
+fmull 120(%edx)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl -120(%edx)
+fmull -120(%ecx)
+fldl -104(%edx)
+fmull 112(%edx)
+faddp %st(0),%st(6)
+fldl 0(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(3)
+fldl 16(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl -112(%edx)
+fmull -128(%ecx)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(4)
+fldl 24(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl -32(%edx)
+fldl -104(%edx)
+fmull 120(%edx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(6)
+fldl 16(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl -112(%edx)
+fmull -120(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(6)
+fldl 24(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl -104(%edx)
+fmull -128(%ecx)
+faddp %st(0),%st(6)
+fldl 0(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(2)
+fldl 16(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(7)
+fldl 32(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl -104(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(5)
+fldl 24(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl 0(%esp)
+fmull 120(%edx)
+faddp %st(0),%st(3)
+fldl 16(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(4)
+fldl 32(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl 8(%esp)
+fmull 112(%edx)
+faddp %st(0),%st(4)
+fldl 24(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(5)
+fldl 40(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl -16(%edx)
+fldl 16(%esp)
+fmull 104(%edx)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl -8(%edx)
+fldl 24(%esp)
+fmull 96(%edx)
+faddp %st(0),%st(1)
+fldl 40(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl 32(%esp)
+fmull 88(%edx)
+faddp %st(0),%st(2)
+fldl 48(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl 40(%esp)
+fmull 80(%edx)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl 0(%edx)
+fldl 48(%esp)
+fmull 72(%edx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl -120(%edx)
+fmull 64(%edx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 8(%edx)
+fldl 16(%edx)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl 8(%edx)
+fxch %st(2)
+fstpl 16(%edx)
+fstpl 24(%edx)
+fstpl 32(%edx)
+fldl -40(%ecx)
+fmul %st(0),%st(0)
+fldl -112(%ecx)
+fadd %st(0),%st(0)
+fldl -104(%ecx)
+fadd %st(0),%st(0)
+fldl -96(%ecx)
+fadd %st(0),%st(0)
+fldl -56(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -40(%ecx)
+fmul %st(4),%st(0)
+fldl -48(%ecx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstl 0(%esp)
+fxch %st(3)
+fstl 8(%esp)
+fxch %st(3)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl -64(%ecx)
+fxch %st(5)
+fmul %st(0),%st(3)
+fxch %st(3)
+faddp %st(0),%st(1)
+fxch %st(2)
+fadd %st(0),%st(0)
+fldl -56(%ecx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(4)
+fxch %st(1)
+fstl 16(%esp)
+fldl -72(%ecx)
+fxch %st(5)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fadd %st(0),%st(0)
+fstpl 48(%esp)
+fldl -88(%ecx)
+fadd %st(0),%st(0)
+fstl 24(%esp)
+fldl -64(%ecx)
+fmul %st(1),%st(0)
+faddp %st(0),%st(4)
+fmul %st(4),%st(0)
+faddp %st(0),%st(2)
+fxch %st(3)
+fadd %st(0),%st(0)
+fstpl 40(%esp)
+fldl -80(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fldl 8(%esp)
+fldl -40(%ecx)
+fmul %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(0),%st(1)
+fldl -48(%ecx)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fldl 24(%esp)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(2)
+fldl -80(%ecx)
+fadd %st(0),%st(0)
+fstl 32(%esp)
+fmull -72(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(5),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(5)
+fldl -56(%ecx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(2)
+fldl -64(%ecx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fxch %st(3)
+fmull 40(%esp)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -120(%edx)
+fldl -72(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(3)
+fstpl -112(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 24(%esp)
+fmull -40(%ecx)
+fldl -112(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull -104(%ecx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(2)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(3)
+fldl -64(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -96(%ecx)
+faddp %st(0),%st(1)
+fldl -104(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 64(%edx)
+fldl 32(%esp)
+fmull -40(%ecx)
+fldl 40(%esp)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -88(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -96(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(2)
+fxch %st(3)
+fstpl 72(%edx)
+fldl 40(%esp)
+fmull -40(%ecx)
+fldl 48(%esp)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl -56(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -80(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -88(%ecx)
+faddp %st(0),%st(1)
+fldl -96(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(3)
+fxch %st(1)
+fstpl 80(%edx)
+fldl 48(%esp)
+fldl -40(%ecx)
+fmul %st(0),%st(1)
+fmul %st(5),%st(0)
+fxch %st(5)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -72(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -80(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -88(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 88(%edx)
+fldl -48(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(4)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -64(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -72(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -80(%ecx)
+faddp %st(0),%st(1)
+fldl -88(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fldl -48(%ecx)
+fadd %st(0),%st(0)
+fmull -40(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -64(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -72(%ecx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull -80(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fldl -120(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fldl -112(%edx)
+fxch %st(1)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(2)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstpl 96(%edx)
+fxch %st(4)
+fstpl 104(%edx)
+fxch %st(1)
+fstpl 112(%edx)
+fstpl 120(%edx)
+fxch %st(1)
+fstpl -128(%ecx)
+fstpl -120(%ecx)
+fldl 40(%ecx)
+fmul %st(0),%st(0)
+fldl -32(%ecx)
+fadd %st(0),%st(0)
+fldl -24(%ecx)
+fadd %st(0),%st(0)
+fldl -16(%ecx)
+fadd %st(0),%st(0)
+fldl 24(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 40(%ecx)
+fmul %st(4),%st(0)
+fldl 32(%ecx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstl 0(%esp)
+fxch %st(3)
+fstl 8(%esp)
+fxch %st(3)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%ecx)
+fxch %st(5)
+fmul %st(0),%st(3)
+fxch %st(3)
+faddp %st(0),%st(1)
+fxch %st(2)
+fadd %st(0),%st(0)
+fldl 24(%ecx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(4)
+fxch %st(1)
+fstl 16(%esp)
+fldl 8(%ecx)
+fxch %st(5)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fadd %st(0),%st(0)
+fstpl 48(%esp)
+fldl -8(%ecx)
+fadd %st(0),%st(0)
+fstl 24(%esp)
+fldl 16(%ecx)
+fmul %st(1),%st(0)
+faddp %st(0),%st(4)
+fmul %st(4),%st(0)
+faddp %st(0),%st(2)
+fxch %st(3)
+fadd %st(0),%st(0)
+fstpl 40(%esp)
+fldl 0(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fldl 8(%esp)
+fldl 40(%ecx)
+fmul %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(0),%st(1)
+fldl 32(%ecx)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fldl 24(%esp)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(2)
+fldl 0(%ecx)
+fadd %st(0),%st(0)
+fstl 32(%esp)
+fmull 8(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(5),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(5)
+fldl 24(%ecx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(2)
+fldl 16(%ecx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fxch %st(3)
+fmull 40(%esp)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -120(%edx)
+fldl 8(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(3)
+fstpl -112(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 24(%esp)
+fmull 40(%ecx)
+fldl -32(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull -24(%ecx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(2)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(3)
+fldl 16(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -16(%ecx)
+faddp %st(0),%st(1)
+fldl -24(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl -112(%ecx)
+fldl 32(%esp)
+fmull 40(%ecx)
+fldl 40(%esp)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -8(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -16(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(2)
+fxch %st(3)
+fstpl -104(%ecx)
+fldl 40(%esp)
+fmull 40(%ecx)
+fldl 48(%esp)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl 24(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 0(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -8(%ecx)
+faddp %st(0),%st(1)
+fldl -16(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(3)
+fxch %st(1)
+fstpl -96(%ecx)
+fldl 48(%esp)
+fldl 40(%ecx)
+fmul %st(0),%st(1)
+fmul %st(5),%st(0)
+fxch %st(5)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 8(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 0(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -8(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl -88(%ecx)
+fldl 32(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(4)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 16(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 8(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 0(%ecx)
+faddp %st(0),%st(1)
+fldl -8(%ecx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fldl 32(%ecx)
+fadd %st(0),%st(0)
+fmull 40(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 16(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 8(%ecx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull 0(%ecx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fldl -120(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fldl -112(%edx)
+fxch %st(1)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(2)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstpl -80(%ecx)
+fxch %st(4)
+fstpl -72(%ecx)
+fxch %st(1)
+fstpl -64(%ecx)
+fstpl -56(%ecx)
+fxch %st(1)
+fstpl -48(%ecx)
+fstpl -40(%ecx)
+fldl -40(%edx)
+fldl 48(%ecx)
+fadd %st(0),%st(1)
+fsubl -40(%edx)
+fxch %st(1)
+fstpl -120(%edx)
+fstpl -40(%edx)
+fldl -32(%edx)
+fldl 56(%ecx)
+fadd %st(0),%st(1)
+fsubl -32(%edx)
+fxch %st(1)
+fstpl -112(%edx)
+fstpl -32(%edx)
+fldl -104(%edx)
+fldl -24(%edx)
+fadd %st(0),%st(1)
+fsubl -104(%edx)
+fxch %st(1)
+fstpl -104(%edx)
+fstpl -24(%edx)
+fldl -16(%edx)
+fldl -96(%edx)
+fadd %st(0),%st(1)
+fsubl -16(%edx)
+fxch %st(1)
+fstpl -96(%edx)
+fstpl -16(%edx)
+fldl -8(%edx)
+fldl -88(%edx)
+fadd %st(0),%st(1)
+fsubl -8(%edx)
+fxch %st(1)
+fstpl -88(%edx)
+fstpl -8(%edx)
+fldl 0(%edx)
+fldl -80(%edx)
+fadd %st(0),%st(1)
+fsubl 0(%edx)
+fxch %st(1)
+fstpl -80(%edx)
+fstpl 0(%edx)
+fldl 8(%edx)
+fldl -72(%edx)
+fadd %st(0),%st(1)
+fsubl 8(%edx)
+fxch %st(1)
+fstpl -72(%edx)
+fstpl 8(%edx)
+fldl 16(%edx)
+fldl -64(%edx)
+fadd %st(0),%st(1)
+fsubl 16(%edx)
+fxch %st(1)
+fstpl -64(%edx)
+fstpl 16(%edx)
+fldl 24(%edx)
+fldl -56(%edx)
+fadd %st(0),%st(1)
+fsubl 24(%edx)
+fxch %st(1)
+fstpl -56(%edx)
+fstpl 24(%edx)
+fldl 32(%edx)
+fldl -48(%edx)
+fadd %st(0),%st(1)
+fsubl 32(%edx)
+fxch %st(1)
+fstpl -48(%edx)
+fstpl 32(%edx)
+fldl 64(%edx)
+fsubl -112(%ecx)
+fstpl -32(%ecx)
+fldl 72(%edx)
+fsubl -104(%ecx)
+fstpl -24(%ecx)
+fldl 80(%edx)
+fsubl -96(%ecx)
+fstpl -16(%ecx)
+fldl 88(%edx)
+fsubl -88(%ecx)
+fstpl -8(%ecx)
+fldl 96(%edx)
+fsubl -80(%ecx)
+fstpl 0(%ecx)
+fldl 104(%edx)
+fsubl -72(%ecx)
+fstpl 8(%ecx)
+fldl 112(%edx)
+fsubl -64(%ecx)
+fstpl 16(%ecx)
+fldl 120(%edx)
+fsubl -56(%ecx)
+fstpl 24(%ecx)
+fldl -128(%ecx)
+fsubl -48(%ecx)
+fstpl 32(%ecx)
+fldl -120(%ecx)
+fsubl -40(%ecx)
+fstpl 40(%ecx)
+fldl -48(%edx)
+fmul %st(0),%st(0)
+fldl -120(%edx)
+fadd %st(0),%st(0)
+fldl -112(%edx)
+fadd %st(0),%st(0)
+fldl -104(%edx)
+fadd %st(0),%st(0)
+fldl -64(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -48(%edx)
+fmul %st(4),%st(0)
+fldl -56(%edx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstl 0(%esp)
+fxch %st(3)
+fstl 8(%esp)
+fxch %st(3)
+fmull -56(%edx)
+faddp %st(0),%st(1)
+fldl -72(%edx)
+fxch %st(5)
+fmul %st(0),%st(3)
+fxch %st(3)
+faddp %st(0),%st(1)
+fxch %st(2)
+fadd %st(0),%st(0)
+fldl -64(%edx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(4)
+fxch %st(1)
+fstl 16(%esp)
+fldl -80(%edx)
+fxch %st(5)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fadd %st(0),%st(0)
+fstpl 48(%esp)
+fldl -96(%edx)
+fadd %st(0),%st(0)
+fstl 24(%esp)
+fldl -72(%edx)
+fmul %st(1),%st(0)
+faddp %st(0),%st(4)
+fmul %st(4),%st(0)
+faddp %st(0),%st(2)
+fxch %st(3)
+fadd %st(0),%st(0)
+fstpl 40(%esp)
+fldl -88(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fldl 8(%esp)
+fldl -48(%edx)
+fmul %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(0),%st(1)
+fldl -56(%edx)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fldl 24(%esp)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(2)
+fldl -88(%edx)
+fadd %st(0),%st(0)
+fstl 32(%esp)
+fmull -80(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(5),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(5)
+fldl -64(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(2)
+fldl -72(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fxch %st(3)
+fmull 40(%esp)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl 48(%edx)
+fldl -80(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(3)
+fstpl 56(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 24(%esp)
+fmull -48(%edx)
+fldl -120(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull -56(%edx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull -112(%edx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull -64(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(2)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(3)
+fldl -72(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -104(%edx)
+faddp %st(0),%st(1)
+fldl -112(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl -120(%edx)
+fldl 32(%esp)
+fmull -48(%edx)
+fldl 40(%esp)
+fmull -56(%edx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull -64(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -96(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -104(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(2)
+fxch %st(3)
+fstpl -112(%edx)
+fldl 40(%esp)
+fmull -48(%edx)
+fldl 48(%esp)
+fmull -56(%edx)
+faddp %st(0),%st(1)
+fldl -64(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -88(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -96(%edx)
+faddp %st(0),%st(1)
+fldl -104(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(3)
+fxch %st(1)
+fstpl -104(%edx)
+fldl 48(%esp)
+fldl -48(%edx)
+fmul %st(0),%st(1)
+fmul %st(5),%st(0)
+fxch %st(5)
+fmull -56(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -80(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -88(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -96(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 40(%edx)
+fldl -56(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(4)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -72(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -80(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -88(%edx)
+faddp %st(0),%st(1)
+fldl -96(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fldl -56(%edx)
+fadd %st(0),%st(0)
+fmull -48(%edx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -64(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -72(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -80(%edx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull -88(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fldl 48(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fldl 56(%edx)
+fxch %st(1)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(2)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstpl -96(%edx)
+fxch %st(4)
+fstpl -88(%edx)
+fxch %st(1)
+fstpl -80(%edx)
+fstpl -72(%edx)
+fxch %st(1)
+fstpl -64(%edx)
+fstpl -56(%edx)
+fldl 32(%edx)
+fmul %st(0),%st(0)
+fldl -40(%edx)
+fadd %st(0),%st(0)
+fldl -32(%edx)
+fadd %st(0),%st(0)
+fldl -24(%edx)
+fadd %st(0),%st(0)
+fldl 16(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 32(%edx)
+fmul %st(4),%st(0)
+fldl 24(%edx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstl 0(%esp)
+fxch %st(3)
+fstl 8(%esp)
+fxch %st(3)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 8(%edx)
+fxch %st(5)
+fmul %st(0),%st(3)
+fxch %st(3)
+faddp %st(0),%st(1)
+fxch %st(2)
+fadd %st(0),%st(0)
+fldl 16(%edx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(4)
+fxch %st(1)
+fstl 16(%esp)
+fldl 0(%edx)
+fxch %st(5)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fadd %st(0),%st(0)
+fstpl 48(%esp)
+fldl -16(%edx)
+fadd %st(0),%st(0)
+fstl 24(%esp)
+fldl 8(%edx)
+fmul %st(1),%st(0)
+faddp %st(0),%st(4)
+fmul %st(4),%st(0)
+faddp %st(0),%st(2)
+fxch %st(3)
+fadd %st(0),%st(0)
+fstpl 40(%esp)
+fldl -8(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fldl 8(%esp)
+fldl 32(%edx)
+fmul %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(0),%st(1)
+fldl 24(%edx)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fldl 24(%esp)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(2)
+fldl -8(%edx)
+fadd %st(0),%st(0)
+fstl 32(%esp)
+fmull 0(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(5),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(5)
+fldl 16(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(2)
+fldl 8(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fxch %st(3)
+fmull 40(%esp)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl -48(%edx)
+fldl 0(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(3)
+fstpl 48(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 24(%esp)
+fmull 32(%edx)
+fldl -40(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull -32(%edx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(2)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(3)
+fldl 8(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -24(%edx)
+faddp %st(0),%st(1)
+fldl -32(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 56(%ecx)
+fldl 32(%esp)
+fmull 32(%edx)
+fldl 40(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -16(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -24(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(2)
+fxch %st(3)
+fstpl 64(%ecx)
+fldl 40(%esp)
+fmull 32(%edx)
+fldl 48(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 16(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull -8(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -16(%edx)
+faddp %st(0),%st(1)
+fldl -24(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(3)
+fxch %st(1)
+fstpl 72(%ecx)
+fldl 48(%esp)
+fldl 32(%edx)
+fmul %st(0),%st(1)
+fmul %st(5),%st(0)
+fxch %st(5)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 0(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull -8(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -16(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 80(%ecx)
+fldl 24(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(4)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 8(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 0(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull -8(%edx)
+faddp %st(0),%st(1)
+fldl -16(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fldl 24(%edx)
+fadd %st(0),%st(0)
+fmull 32(%edx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 8(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 0(%edx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull -8(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fldl -48(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fldl 48(%edx)
+fxch %st(1)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(2)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstpl 88(%ecx)
+fxch %st(4)
+fstpl 96(%ecx)
+fxch %st(1)
+fstpl 104(%ecx)
+fstpl 112(%ecx)
+fxch %st(1)
+fstpl 120(%ecx)
+fstpl 128(%ecx)
+fldl 32(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 40(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl 0(%esp)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(1)
+fstpl 8(%esp)
+fldl -32(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl -24(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -48(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fldl -16(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -40(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fldl -8(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -32(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fldl 0(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -24(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fldl 8(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -16(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl 16(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl -8(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 24(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_121665
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl 0(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fldl 0(%esp)
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl 8(%edx)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 8(%esp)
+fadd %st(1),%st(0)
+fxch %st(1)
+fsubrp %st(0),%st(2)
+fxch %st(1)
+fstpl 16(%edx)
+fstpl 48(%ecx)
+fldl -120(%ecx)
+fmull -40(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl 72(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl 64(%edx)
+fmull -40(%ecx)
+fldl 80(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(2)
+fldl 72(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl 88(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl 96(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(2)
+fldl 88(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(1)
+fldl 72(%edx)
+fmull -40(%ecx)
+fldl 104(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(3)
+fldl 96(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(1)
+fldl 112(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(3)
+fldl 104(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(2)
+fldl 88(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl 120(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(3)
+fldl 112(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(2)
+fldl 96(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(1)
+fldl -128(%ecx)
+fmull -112(%ecx)
+faddp %st(0),%st(3)
+fldl 120(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(2)
+fldl 104(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(1)
+fldl 80(%edx)
+fmull -40(%ecx)
+fldl 112(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(2)
+fldl -128(%ecx)
+fmull -104(%ecx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl 88(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(2)
+fldl 120(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(3)
+fldl -120(%ecx)
+fmull -112(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 96(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(2)
+fldl 88(%edx)
+fmull -40(%ecx)
+fldl -128(%ecx)
+fmull -96(%ecx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl 104(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(3)
+fldl 96(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl 112(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(3)
+fldl 104(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(2)
+fldl -120(%ecx)
+fmull -104(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl 120(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(3)
+fldl 96(%edx)
+fmull -40(%ecx)
+fldl 112(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(3)
+fldl -128(%ecx)
+fmull -88(%ecx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 0(%esp)
+fldl 104(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(5)
+fldl 120(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(1)
+fldl -120(%ecx)
+fmull -96(%ecx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 112(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(5)
+fldl -128(%ecx)
+fmull -80(%ecx)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 8(%esp)
+fldl 104(%edx)
+fmull -40(%ecx)
+fldl 120(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(5)
+fldl -120(%ecx)
+fmull -88(%ecx)
+faddp %st(0),%st(3)
+fldl 64(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl 112(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(2)
+fldl -128(%ecx)
+fmull -72(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl 120(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(2)
+fldl -120(%ecx)
+fmull -80(%ecx)
+faddp %st(0),%st(6)
+fldl 64(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl 112(%edx)
+fmull -40(%ecx)
+fldl -128(%ecx)
+fmull -64(%ecx)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl 120(%edx)
+fmull -48(%ecx)
+faddp %st(0),%st(7)
+fldl -120(%ecx)
+fmull -72(%ecx)
+faddp %st(0),%st(3)
+fldl 64(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl 16(%esp)
+fldl -128(%ecx)
+fmull -56(%ecx)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl 120(%edx)
+fmull -40(%ecx)
+fldl -120(%ecx)
+fmull -64(%ecx)
+faddp %st(0),%st(6)
+fldl 64(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(3)
+fldl 80(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl -128(%ecx)
+fmull -48(%ecx)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(4)
+fldl 88(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl 24(%esp)
+fldl -120(%ecx)
+fmull -56(%ecx)
+faddp %st(0),%st(1)
+fldl 64(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(6)
+fldl 80(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl -128(%ecx)
+fmull -40(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(6)
+fldl 88(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl -120(%ecx)
+fmull -48(%ecx)
+faddp %st(0),%st(6)
+fldl 64(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(7)
+fldl 96(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl 32(%esp)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(5)
+fldl 88(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl 64(%edx)
+fmull -56(%ecx)
+faddp %st(0),%st(3)
+fldl 80(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(4)
+fldl 96(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl 72(%edx)
+fmull -64(%ecx)
+faddp %st(0),%st(4)
+fldl 88(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(5)
+fldl 104(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl 40(%esp)
+fldl 80(%edx)
+fmull -72(%ecx)
+faddp %st(0),%st(3)
+fldl 96(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl 48(%esp)
+fldl 88(%edx)
+fmull -80(%ecx)
+faddp %st(0),%st(1)
+fldl 104(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl 96(%edx)
+fmull -88(%ecx)
+faddp %st(0),%st(2)
+fldl 112(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl 104(%edx)
+fmull -96(%ecx)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl 24(%edx)
+fldl 112(%edx)
+fmull -104(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl 120(%edx)
+fmull -112(%ecx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 0(%esp)
+fldl 8(%esp)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl 32(%edx)
+fxch %st(2)
+fstpl 48(%edx)
+fstpl 56(%edx)
+fstpl -112(%ecx)
+fldl -48(%edx)
+faddl 64(%edx)
+fstpl -104(%ecx)
+fldl -40(%edx)
+faddl 72(%edx)
+fstpl -96(%ecx)
+fldl -32(%edx)
+faddl 80(%edx)
+fstpl -88(%ecx)
+fldl -24(%edx)
+faddl 88(%edx)
+fstpl -80(%ecx)
+fldl -16(%edx)
+faddl 96(%edx)
+fstpl -16(%edx)
+fldl -8(%edx)
+faddl 104(%edx)
+fstpl -8(%edx)
+fldl 0(%edx)
+faddl 112(%edx)
+fstpl 0(%edx)
+fldl 8(%edx)
+faddl 120(%edx)
+fstpl 8(%edx)
+fldl 16(%edx)
+faddl -128(%ecx)
+fstpl 16(%edx)
+fldl 48(%ecx)
+faddl -120(%ecx)
+fstpl 80(%edx)
+fldl 128(%ecx)
+fmull -128(%edx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 56(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(1)
+fldl 64(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(1)
+fldl 56(%ecx)
+fmull -128(%edx)
+fldl 72(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(2)
+fldl 64(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(1)
+fldl 80(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(2)
+fldl 72(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(1)
+fldl 88(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(2)
+fldl 80(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(1)
+fldl 64(%ecx)
+fmull -128(%edx)
+fldl 96(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(3)
+fldl 88(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(2)
+fldl 72(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(1)
+fldl 104(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(3)
+fldl 96(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(2)
+fldl 80(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(1)
+fldl 112(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(3)
+fldl 104(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(2)
+fldl 88(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(1)
+fldl 120(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(3)
+fldl 112(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(2)
+fldl 96(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(1)
+fldl 72(%ecx)
+fmull -128(%edx)
+fldl 104(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(2)
+fldl 120(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl 80(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(2)
+fldl 112(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(3)
+fldl 128(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 88(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(2)
+fldl 80(%ecx)
+fmull -128(%edx)
+fldl 120(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl 96(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(3)
+fldl 88(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl 104(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(3)
+fldl 96(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(2)
+fldl 128(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl 112(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(3)
+fldl 88(%ecx)
+fmull -128(%edx)
+fldl 104(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(3)
+fldl 120(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 0(%esp)
+fldl 96(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(5)
+fldl 112(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(1)
+fldl 128(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 104(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(5)
+fldl 120(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 56(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 8(%esp)
+fldl 96(%ecx)
+fmull -128(%edx)
+fldl 112(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(5)
+fldl 128(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(3)
+fldl 56(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl 104(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(2)
+fldl 120(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl 112(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(2)
+fldl 128(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(6)
+fldl 56(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl 104(%ecx)
+fmull -128(%edx)
+fldl 120(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl 112(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(7)
+fldl 128(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(3)
+fldl 56(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(2)
+fldl 72(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl -48(%edx)
+fldl 120(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl 112(%ecx)
+fmull -128(%edx)
+fldl 128(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(6)
+fldl 56(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(3)
+fldl 72(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl 120(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(4)
+fldl 80(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl -40(%edx)
+fldl 128(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(1)
+fldl 56(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(6)
+fldl 72(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl 120(%ecx)
+fmull -128(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(6)
+fldl 80(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl 128(%ecx)
+fmull 120(%esp)
+faddp %st(0),%st(6)
+fldl 56(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(2)
+fldl 72(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(7)
+fldl 88(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl -32(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 64(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(5)
+fldl 80(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl 56(%ecx)
+fmull 112(%esp)
+faddp %st(0),%st(3)
+fldl 72(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(4)
+fldl 88(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl 64(%ecx)
+fmull 104(%esp)
+faddp %st(0),%st(4)
+fldl 80(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(5)
+fldl 96(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl -24(%edx)
+fldl 72(%ecx)
+fmull 96(%esp)
+faddp %st(0),%st(3)
+fldl 88(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl 96(%edx)
+fldl 80(%ecx)
+fmull 88(%esp)
+faddp %st(0),%st(1)
+fldl 96(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl 88(%ecx)
+fmull 80(%esp)
+faddp %st(0),%st(2)
+fldl 104(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl 96(%ecx)
+fmull 72(%esp)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl 104(%edx)
+fldl 104(%ecx)
+fmull 64(%esp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl 112(%ecx)
+fmull 56(%esp)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 0(%esp)
+fldl 8(%esp)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl 112(%edx)
+fxch %st(2)
+fstpl 120(%edx)
+fstpl -128(%ecx)
+fstpl -120(%ecx)
+fldl 80(%edx)
+fmull 40(%ecx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -104(%ecx)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl -96(%ecx)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl -104(%ecx)
+fmull 40(%ecx)
+fldl -88(%ecx)
+fmull 16(%ecx)
+faddp %st(0),%st(2)
+fldl -96(%ecx)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl -80(%ecx)
+fmull 8(%ecx)
+faddp %st(0),%st(2)
+fldl -88(%ecx)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl -16(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(2)
+fldl -80(%ecx)
+fmull 16(%ecx)
+faddp %st(0),%st(1)
+fldl -96(%ecx)
+fmull 40(%ecx)
+fldl -8(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(3)
+fldl -16(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(2)
+fldl -88(%ecx)
+fmull 32(%ecx)
+faddp %st(0),%st(1)
+fldl 0(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(3)
+fldl -8(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(2)
+fldl -80(%ecx)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl 8(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(3)
+fldl 0(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(2)
+fldl -16(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(1)
+fldl 16(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(3)
+fldl 8(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(2)
+fldl -8(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(1)
+fldl -88(%ecx)
+fmull 40(%ecx)
+fldl 0(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl -80(%ecx)
+fmull 32(%ecx)
+faddp %st(0),%st(2)
+fldl 8(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(3)
+fldl 80(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl -16(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(2)
+fldl -80(%ecx)
+fmull 40(%ecx)
+fldl 16(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl -8(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(3)
+fldl -16(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl 0(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(3)
+fldl -8(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl 8(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(3)
+fldl -16(%edx)
+fmull 40(%ecx)
+fldl 0(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(3)
+fldl 16(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 0(%esp)
+fldl -8(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(5)
+fldl 8(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(1)
+fldl 80(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(5)
+fldl 16(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -104(%ecx)
+fmull -32(%ecx)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 8(%esp)
+fldl -8(%edx)
+fmull 40(%ecx)
+fldl 8(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(5)
+fldl 80(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(3)
+fldl -104(%ecx)
+fmull -24(%ecx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl 0(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull -32(%ecx)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl 8(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(2)
+fldl 80(%edx)
+fmull 0(%ecx)
+faddp %st(0),%st(6)
+fldl -104(%ecx)
+fmull -16(%ecx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl 0(%edx)
+fmull 40(%ecx)
+fldl 16(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull -24(%ecx)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl 8(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(7)
+fldl 80(%edx)
+fmull 8(%ecx)
+faddp %st(0),%st(3)
+fldl -104(%ecx)
+fmull -8(%ecx)
+faddp %st(0),%st(2)
+fldl -88(%ecx)
+fmull -32(%ecx)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl 64(%edx)
+fldl 16(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull -16(%ecx)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl 8(%edx)
+fmull 40(%ecx)
+fldl 80(%edx)
+fmull 16(%ecx)
+faddp %st(0),%st(6)
+fldl -104(%ecx)
+fmull 0(%ecx)
+faddp %st(0),%st(3)
+fldl -88(%ecx)
+fmull -24(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl 16(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull -8(%ecx)
+faddp %st(0),%st(4)
+fldl -80(%ecx)
+fmull -32(%ecx)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl 72(%edx)
+fldl 80(%edx)
+fmull 24(%ecx)
+faddp %st(0),%st(1)
+fldl -104(%ecx)
+fmull 8(%ecx)
+faddp %st(0),%st(6)
+fldl -88(%ecx)
+fmull -16(%ecx)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl 16(%edx)
+fmull 40(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull 0(%ecx)
+faddp %st(0),%st(6)
+fldl -80(%ecx)
+fmull -24(%ecx)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl 80(%edx)
+fmull 32(%ecx)
+faddp %st(0),%st(6)
+fldl -104(%ecx)
+fmull 16(%ecx)
+faddp %st(0),%st(2)
+fldl -88(%ecx)
+fmull -8(%ecx)
+faddp %st(0),%st(7)
+fldl -16(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl 80(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl -96(%ecx)
+fmull 8(%ecx)
+faddp %st(0),%st(5)
+fldl -80(%ecx)
+fmull -16(%ecx)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl -104(%ecx)
+fmull 24(%ecx)
+faddp %st(0),%st(3)
+fldl -88(%ecx)
+fmull 0(%ecx)
+faddp %st(0),%st(4)
+fldl -16(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl -96(%ecx)
+fmull 16(%ecx)
+faddp %st(0),%st(4)
+fldl -80(%ecx)
+fmull -8(%ecx)
+faddp %st(0),%st(5)
+fldl -8(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl 88(%edx)
+fldl -88(%ecx)
+fmull 8(%ecx)
+faddp %st(0),%st(3)
+fldl -16(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl -104(%ecx)
+fldl -80(%ecx)
+fmull 0(%ecx)
+faddp %st(0),%st(1)
+fldl -8(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl -16(%edx)
+fmull -8(%ecx)
+faddp %st(0),%st(2)
+fldl 0(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl -8(%edx)
+fmull -16(%ecx)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl -96(%ecx)
+fldl 0(%edx)
+fmull -24(%ecx)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl 8(%edx)
+fmull -32(%ecx)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 0(%esp)
+fldl 8(%esp)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl -88(%ecx)
+fxch %st(2)
+fstpl -80(%ecx)
+fstpl -72(%ecx)
+fstpl -64(%ecx)
+fldl 136(%ecx)
+fldl -120(%edx)
+fldl 16(%esp)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 16(%esp)
+fxch %st(1)
+fstpl -16(%edx)
+fstpl 0(%esp)
+fldl -112(%edx)
+fldl 24(%esp)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 24(%esp)
+fxch %st(1)
+fstpl -8(%edx)
+fstpl 8(%esp)
+fldl -104(%edx)
+fldl 32(%esp)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 32(%esp)
+fxch %st(1)
+fstpl 0(%edx)
+fstpl 16(%esp)
+fldl 40(%edx)
+fldl 40(%esp)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 40(%esp)
+fxch %st(1)
+fstpl 8(%edx)
+fstpl 24(%esp)
+fldl -96(%edx)
+fldl 48(%esp)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 48(%esp)
+fxch %st(1)
+fstpl 16(%edx)
+fstpl 32(%esp)
+fldl -88(%edx)
+fldl 24(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 24(%edx)
+fxch %st(1)
+fstpl 24(%edx)
+fstpl 40(%esp)
+fldl -80(%edx)
+fldl 32(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 32(%edx)
+fxch %st(1)
+fstpl 32(%edx)
+fstpl 48(%esp)
+fldl -72(%edx)
+fldl 48(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 48(%edx)
+fxch %st(1)
+fstpl 40(%edx)
+fstpl -120(%edx)
+fldl -64(%edx)
+fldl 56(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 56(%edx)
+fxch %st(1)
+fstpl 48(%edx)
+fstpl -112(%edx)
+fldl -56(%edx)
+fldl -112(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -112(%ecx)
+fxch %st(1)
+fstpl 56(%edx)
+fstpl -104(%edx)
+fldl -48(%edx)
+fldl 64(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 64(%edx)
+fxch %st(1)
+fstpl 64(%edx)
+fstpl -96(%edx)
+fldl -40(%edx)
+fldl 72(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 72(%edx)
+fxch %st(1)
+fstpl 72(%edx)
+fstpl -88(%edx)
+fldl -32(%edx)
+fldl 80(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 80(%edx)
+fxch %st(1)
+fstpl 80(%edx)
+fstpl -80(%edx)
+fldl -24(%edx)
+fldl 88(%edx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl 88(%edx)
+fxch %st(1)
+fstpl 88(%edx)
+fstpl -72(%edx)
+fldl 96(%edx)
+fldl -104(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -104(%ecx)
+fxch %st(1)
+fstpl 96(%edx)
+fstpl -64(%edx)
+fldl 104(%edx)
+fldl -96(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -96(%ecx)
+fxch %st(1)
+fstpl 104(%edx)
+fstpl -56(%edx)
+fldl 112(%edx)
+fldl -88(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -88(%ecx)
+fxch %st(1)
+fstpl 112(%edx)
+fstpl -48(%edx)
+fldl 120(%edx)
+fldl -80(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -80(%ecx)
+fxch %st(1)
+fstpl 120(%edx)
+fstpl -40(%edx)
+fldl -128(%ecx)
+fldl -72(%ecx)
+fsubr %st(1),%st(0)
+fmul %st(2),%st(0)
+fsubr %st(0),%st(1)
+faddl -72(%ecx)
+fxch %st(1)
+fstpl -128(%ecx)
+fstpl -32(%edx)
+fldl -120(%ecx)
+fldl -64(%ecx)
+fsubr %st(1),%st(0)
+fmulp %st(0),%st(2)
+fsub %st(1),%st(0)
+fxch %st(1)
+faddl -64(%ecx)
+fxch %st(1)
+fstpl -120(%ecx)
+fstpl -24(%edx)
+movl 180(%ecx),%esi
+movl 184(%ecx),%ebp
+sub  $1,%ebp
+ja ._morebits
+movl 188(%ecx),%edi
+sub  $4,%edi
+jb ._done
+movl (%ebx,%edi),%esi
+mov  $32,%ebp
+jmp ._morebytes
+._done:
+movl 4(%esp,%eax),%eax
+fldl 0(%esp)
+fstpl 0(%eax)
+fldl 8(%esp)
+fstpl 8(%eax)
+fldl 16(%esp)
+fstpl 16(%eax)
+fldl 24(%esp)
+fstpl 24(%eax)
+fldl 32(%esp)
+fstpl 32(%eax)
+fldl 40(%esp)
+fstpl 40(%eax)
+fldl 48(%esp)
+fstpl 48(%eax)
+fldl -120(%edx)
+fstpl 56(%eax)
+fldl -112(%edx)
+fstpl 64(%eax)
+fldl -104(%edx)
+fstpl 72(%eax)
+fldl -96(%edx)
+fstpl 80(%eax)
+fldl -88(%edx)
+fstpl 88(%eax)
+fldl -80(%edx)
+fstpl 96(%eax)
+fldl -72(%edx)
+fstpl 104(%eax)
+fldl -64(%edx)
+fstpl 112(%eax)
+fldl -56(%edx)
+fstpl 120(%eax)
+fldl -48(%edx)
+fstpl 128(%eax)
+fldl -40(%edx)
+fstpl 136(%eax)
+fldl -32(%edx)
+fstpl 144(%eax)
+fldl -24(%edx)
+fstpl 152(%eax)
+movl 160(%ecx),%eax
+movl 164(%ecx),%ebx
+movl 168(%ecx),%esi
+movl 172(%ecx),%edi
+movl 176(%ecx),%ebp
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/mult.s b/nacl/crypto_scalarmult/curve25519/athlon/mult.s
new file mode 100644
index 00000000..16f0e908
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/mult.s
@@ -0,0 +1,410 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_mult
+.globl crypto_scalarmult_curve25519_athlon_mult
+_crypto_scalarmult_curve25519_athlon_mult:
+crypto_scalarmult_curve25519_athlon_mult:
+mov %esp,%eax
+and $31,%eax
+add $32,%eax
+sub %eax,%esp
+movl %ebp,0(%esp)
+movl 4(%esp,%eax),%ecx
+movl 8(%esp,%eax),%edx
+movl 12(%esp,%eax),%ebp
+fldl 72(%edx)
+fmull 72(%ebp)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(1)
+fldl 8(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(1)
+fldl 0(%edx)
+fmull 72(%ebp)
+fldl 16(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(2)
+fldl 8(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(1)
+fldl 24(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(1)
+fldl 32(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(2)
+fldl 24(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(1)
+fldl 8(%edx)
+fmull 72(%ebp)
+fldl 40(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(3)
+fldl 32(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(1)
+fldl 48(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(3)
+fldl 40(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(2)
+fldl 24(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(1)
+fldl 56(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(3)
+fldl 48(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(2)
+fldl 32(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(1)
+fldl 64(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(3)
+fldl 56(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(2)
+fldl 40(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(1)
+fldl 16(%edx)
+fmull 72(%ebp)
+fldl 48(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(2)
+fldl 64(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(4),%st(0)
+fldl 24(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(2)
+fldl 56(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(3)
+fldl 72(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fldl 32(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(2)
+fldl 24(%edx)
+fmull 72(%ebp)
+fldl 64(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fldl 40(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(3)
+fldl 32(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(2)
+fsubrp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(4),%st(0)
+fldl 48(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(3)
+fldl 40(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(2)
+fldl 72(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fldl 56(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(3)
+fldl 32(%edx)
+fmull 72(%ebp)
+fldl 48(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(3)
+fldl 64(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(4)
+fxch %st(1)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(5)
+fxch %st(5)
+fstpl 64(%ecx)
+fldl 40(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(5)
+fldl 56(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(1)
+fldl 72(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(2)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 48(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(5)
+fldl 64(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(3)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(2)
+fxch %st(3)
+fstpl 72(%ecx)
+fldl 40(%edx)
+fmull 72(%ebp)
+fldl 56(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(5)
+fldl 72(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(3)
+fldl 0(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fldl 48(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(2)
+fldl 64(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(6)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(5)
+fxch %st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fldl 56(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(2)
+fldl 72(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(6)
+fldl 0(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(2)
+fldl 48(%edx)
+fmull 72(%ebp)
+fldl 64(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(2)
+fxch %st(5)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(5),%st(0)
+fldl 56(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(7)
+fldl 72(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(3)
+fldl 0(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(5)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fxch %st(3)
+fstpl 0(%ecx)
+fldl 64(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(6)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(2)
+fxch %st(2)
+fadd %st(0),%st(3)
+fsubrp %st(0),%st(4)
+fldl 56(%edx)
+fmull 72(%ebp)
+fldl 72(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(6)
+fldl 0(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(3)
+fldl 16(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(4),%st(0)
+fldl 64(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(2)
+fxch %st(6)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(4)
+fldl 24(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(3)
+fxch %st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fxch %st(5)
+fstpl 8(%ecx)
+fldl 72(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(1)
+fldl 0(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(6)
+fldl 16(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(3)
+fxch %st(4)
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(3)
+fldl 64(%edx)
+fmull 72(%ebp)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(6)
+fldl 24(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fldl 72(%edx)
+fmull 64(%ebp)
+faddp %st(0),%st(6)
+fldl 0(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(2)
+fldl 16(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(7)
+fldl 32(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(4)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fxch %st(4)
+fstpl 16(%ecx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 8(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(5)
+fldl 24(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(6)
+fxch %st(3)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(1)
+fldl 0(%edx)
+fmull 56(%ebp)
+faddp %st(0),%st(3)
+fldl 16(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(4)
+fldl 32(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(2),%st(0)
+fldl 8(%edx)
+fmull 48(%ebp)
+faddp %st(0),%st(4)
+fldl 24(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(5)
+fldl 40(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(6)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fxch %st(1)
+fstpl 24(%ecx)
+fldl 16(%edx)
+fmull 40(%ebp)
+faddp %st(0),%st(3)
+fldl 32(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(4)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(1)
+fstpl 32(%ecx)
+fldl 24(%edx)
+fmull 32(%ebp)
+faddp %st(0),%st(1)
+fldl 40(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(3),%st(0)
+fldl 32(%edx)
+fmull 24(%ebp)
+faddp %st(0),%st(2)
+fldl 48(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fldl 40(%edx)
+fmull 16(%ebp)
+faddp %st(0),%st(2)
+fadd %st(0),%st(2)
+fsubrp %st(0),%st(3)
+fxch %st(2)
+fstpl 40(%ecx)
+fldl 48(%edx)
+fmull 8(%ebp)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fldl 56(%edx)
+fmull 0(%ebp)
+faddp %st(0),%st(3)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fldl 64(%ecx)
+fldl 72(%ecx)
+fxch %st(2)
+fadd %st(0),%st(4)
+fsubrp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(4),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(0),%st(1)
+fsubrp %st(0),%st(4)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+faddp %st(0),%st(2)
+fxch %st(2)
+fstpl 48(%ecx)
+fxch %st(2)
+fstpl 56(%ecx)
+fstpl 64(%ecx)
+fstpl 72(%ecx)
+movl 0(%esp),%ebp
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/smult.c b/nacl/crypto_scalarmult/curve25519/athlon/smult.c
new file mode 100644
index 00000000..157f1e6c
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/smult.c
@@ -0,0 +1,91 @@
+#include "crypto_scalarmult.h"
+
+#define mult crypto_scalarmult_curve25519_athlon_mult
+#define square crypto_scalarmult_curve25519_athlon_square
+
+void crypto_scalarmult_curve25519_athlon_recip(double out[10],const double z[10])
+{
+  double z2[10];
+  double z9[10];
+  double z11[10];
+  double z2_5_0[10];
+  double z2_10_0[10];
+  double z2_20_0[10];
+  double z2_50_0[10];
+  double z2_100_0[10];
+  double t0[10];
+  double t1[10];
+  int i;
+
+  /* 2 */ square(z2,z);
+  /* 4 */ square(t1,z2);
+  /* 8 */ square(t0,t1);
+  /* 9 */ mult(z9,t0,z);
+  /* 11 */ mult(z11,z9,z2);
+  /* 22 */ square(t0,z11);
+  /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ square(t0,z2_5_0);
+  /* 2^7 - 2^2 */ square(t1,t0);
+  /* 2^8 - 2^3 */ square(t0,t1);
+  /* 2^9 - 2^4 */ square(t1,t0);
+  /* 2^10 - 2^5 */ square(t0,t1);
+  /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ square(t0,z2_10_0);
+  /* 2^12 - 2^2 */ square(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ square(t0,z2_20_0);
+  /* 2^22 - 2^2 */ square(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ square(t1,t0);
+  /* 2^42 - 2^2 */ square(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ square(t0,z2_50_0);
+  /* 2^52 - 2^2 */ square(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ square(t1,z2_100_0);
+  /* 2^102 - 2^2 */ square(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ square(t0,t1);
+  /* 2^202 - 2^2 */ square(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ square(t1,t0);
+  /* 2^252 - 2^2 */ square(t0,t1);
+  /* 2^253 - 2^3 */ square(t1,t0);
+  /* 2^254 - 2^4 */ square(t0,t1);
+  /* 2^255 - 2^5 */ square(t1,t0);
+  /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  double work[30];
+  unsigned char e[32];
+  int i;
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  crypto_scalarmult_curve25519_athlon_init();
+  crypto_scalarmult_curve25519_athlon_todouble(work,p);
+  crypto_scalarmult_curve25519_athlon_mainloop(work,e);
+  crypto_scalarmult_curve25519_athlon_recip(work + 10,work + 10);
+  mult(work + 20,work,work + 10);
+  crypto_scalarmult_curve25519_athlon_fromdouble(q,work + 20);
+  return 0;
+}
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/square.s b/nacl/crypto_scalarmult/curve25519/athlon/square.s
new file mode 100644
index 00000000..754def78
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/square.s
@@ -0,0 +1,298 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_square
+.globl crypto_scalarmult_curve25519_athlon_square
+_crypto_scalarmult_curve25519_athlon_square:
+crypto_scalarmult_curve25519_athlon_square:
+mov %esp,%eax
+and $31,%eax
+add $64,%eax
+sub %eax,%esp
+movl 8(%esp,%eax),%edx
+movl 4(%esp,%eax),%ecx
+fldl 72(%edx)
+fmul %st(0),%st(0)
+fldl 0(%edx)
+fadd %st(0),%st(0)
+fldl 8(%edx)
+fadd %st(0),%st(0)
+fldl 16(%edx)
+fadd %st(0),%st(0)
+fldl 56(%edx)
+fxch %st(4)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 72(%edx)
+fmul %st(4),%st(0)
+fldl 64(%edx)
+fmul %st(4),%st(0)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstl 0(%esp)
+fxch %st(3)
+fstl 8(%esp)
+fxch %st(3)
+fmull 64(%edx)
+faddp %st(0),%st(1)
+fldl 48(%edx)
+fxch %st(5)
+fmul %st(0),%st(3)
+fxch %st(3)
+faddp %st(0),%st(1)
+fxch %st(2)
+fadd %st(0),%st(0)
+fldl 56(%edx)
+fmul %st(2),%st(0)
+faddp %st(0),%st(4)
+fxch %st(1)
+fstl 16(%esp)
+fldl 40(%edx)
+fxch %st(5)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fadd %st(0),%st(0)
+fstpl 48(%esp)
+fldl 24(%edx)
+fadd %st(0),%st(0)
+fstl 24(%esp)
+fldl 48(%edx)
+fmul %st(1),%st(0)
+faddp %st(0),%st(4)
+fmul %st(4),%st(0)
+faddp %st(0),%st(2)
+fxch %st(3)
+fadd %st(0),%st(0)
+fstpl 40(%esp)
+fldl 32(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fldl 8(%esp)
+fldl 72(%edx)
+fmul %st(0),%st(1)
+fldl 16(%esp)
+fmul %st(0),%st(1)
+fldl 64(%edx)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(3)
+fldl 24(%esp)
+fmul %st(0),%st(1)
+fxch %st(1)
+faddp %st(0),%st(2)
+fldl 32(%edx)
+fadd %st(0),%st(0)
+fstl 32(%esp)
+fmull 40(%edx)
+faddp %st(0),%st(6)
+fxch %st(3)
+faddp %st(0),%st(5)
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(5),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(5)
+fldl 56(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fldl 32(%esp)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(2)
+fldl 48(%edx)
+fmul %st(0),%st(4)
+fxch %st(4)
+faddp %st(0),%st(3)
+fxch %st(3)
+fmull 40(%esp)
+faddp %st(0),%st(1)
+fxch %st(3)
+fstpl 64(%ecx)
+fldl 40(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fxch %st(2)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fxch %st(3)
+fstpl 72(%ecx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 24(%esp)
+fmull 72(%edx)
+fldl 0(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fldl 32(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(1)
+fldl 0(%esp)
+fmull 8(%edx)
+faddp %st(0),%st(3)
+fldl 40(%esp)
+fmull 56(%edx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(2)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(3)
+fldl 48(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(2)
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+fldl 8(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 0(%ecx)
+fldl 32(%esp)
+fmull 72(%edx)
+fldl 40(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(1)
+fldl 48(%esp)
+fmull 56(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 16(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(2)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(2),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(2)
+fxch %st(3)
+fstpl 8(%ecx)
+fldl 40(%esp)
+fmull 72(%edx)
+fldl 48(%esp)
+fmull 64(%edx)
+faddp %st(0),%st(1)
+fldl 56(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+fldl 16(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(3)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(3),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(3)
+fxch %st(1)
+fstpl 16(%ecx)
+fldl 48(%esp)
+fldl 72(%edx)
+fmul %st(0),%st(1)
+fmul %st(5),%st(0)
+fxch %st(5)
+fmull 64(%edx)
+faddp %st(0),%st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 24(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(2)
+fstpl 24(%ecx)
+fldl 64(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(4)
+fxch %st(3)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 48(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+fldl 24(%edx)
+fmul %st(0),%st(0)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fldl 64(%edx)
+fadd %st(0),%st(0)
+fmull 72(%edx)
+fmull crypto_scalarmult_curve25519_athlon_scale
+fldl 0(%esp)
+fmull 56(%edx)
+faddp %st(0),%st(1)
+fldl 8(%esp)
+fmull 48(%edx)
+faddp %st(0),%st(1)
+fldl 16(%esp)
+fmull 40(%edx)
+faddp %st(0),%st(1)
+fldl 24(%esp)
+fmull 32(%edx)
+faddp %st(0),%st(1)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fldl 64(%ecx)
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fldl 72(%ecx)
+fxch %st(1)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(2)
+faddp %st(0),%st(1)
+fxch %st(4)
+fstpl 32(%ecx)
+fxch %st(4)
+fstpl 40(%ecx)
+fxch %st(1)
+fstpl 48(%ecx)
+fstpl 56(%ecx)
+fxch %st(1)
+fstpl 64(%ecx)
+fstpl 72(%ecx)
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/athlon/todouble.s b/nacl/crypto_scalarmult/curve25519/athlon/todouble.s
new file mode 100644
index 00000000..c37aa447
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/athlon/todouble.s
@@ -0,0 +1,144 @@
+.text
+.p2align 5
+.globl _crypto_scalarmult_curve25519_athlon_todouble
+.globl crypto_scalarmult_curve25519_athlon_todouble
+_crypto_scalarmult_curve25519_athlon_todouble:
+crypto_scalarmult_curve25519_athlon_todouble:
+mov %esp,%eax
+and $31,%eax
+add $96,%eax
+sub %eax,%esp
+movl 8(%esp,%eax),%ecx
+movl 0(%ecx),%edx
+movl  $0x43300000,4(%esp)
+movl %edx,0(%esp)
+movl 4(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x45300000,12(%esp)
+movl %edx,8(%esp)
+movl 7(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x46b00000,20(%esp)
+movl %edx,16(%esp)
+movl 10(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x48300000,28(%esp)
+movl %edx,24(%esp)
+movl 13(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x49b00000,36(%esp)
+movl %edx,32(%esp)
+movl 16(%ecx),%edx
+movl  $0x4b300000,44(%esp)
+movl %edx,40(%esp)
+movl 20(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x4d300000,52(%esp)
+movl %edx,48(%esp)
+movl 23(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x4eb00000,60(%esp)
+movl %edx,56(%esp)
+movl 26(%ecx),%edx
+and  $0xffffff,%edx
+movl  $0x50300000,68(%esp)
+movl %edx,64(%esp)
+movl 28(%ecx),%ecx
+shr  $8,%ecx
+and  $0x7fffff,%ecx
+movl  $0x51b00000,76(%esp)
+movl %ecx,72(%esp)
+movl 4(%esp,%eax),%ecx
+fldl 72(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in9offset
+fldl crypto_scalarmult_curve25519_athlon_alpha255
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha255
+fsubr %st(0),%st(1)
+fldl 0(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in0offset
+fxch %st(1)
+fmull crypto_scalarmult_curve25519_athlon_scale
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha26
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha26
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 0(%ecx)
+fldl 8(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in1offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha51
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha51
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 8(%ecx)
+fldl 16(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in2offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha77
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha77
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 16(%ecx)
+fldl 24(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in3offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha102
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha102
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 24(%ecx)
+fldl 32(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in4offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha128
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha128
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 32(%ecx)
+fldl 40(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in5offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha153
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha153
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 40(%ecx)
+fldl 48(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in6offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha179
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha179
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 48(%ecx)
+fldl 56(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in7offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha204
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha204
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 56(%ecx)
+fldl 64(%esp)
+fsubl crypto_scalarmult_curve25519_athlon_in8offset
+faddp %st(0),%st(1)
+fldl crypto_scalarmult_curve25519_athlon_alpha230
+fadd %st(1),%st(0)
+fsubl crypto_scalarmult_curve25519_athlon_alpha230
+fsubr %st(0),%st(1)
+fxch %st(1)
+fstpl 64(%ecx)
+faddp %st(0),%st(1)
+fstpl 72(%ecx)
+add %eax,%esp
+ret
diff --git a/nacl/crypto_scalarmult/curve25519/checksum b/nacl/crypto_scalarmult/curve25519/checksum
new file mode 100644
index 00000000..ce2d395b
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/checksum
@@ -0,0 +1 @@
+dacdae4a0f12353dfc66757f2fd1fff538fe6616115dace9afb8016a55be2a52
diff --git a/nacl/crypto_scalarmult/curve25519/donna_c64/api.h b/nacl/crypto_scalarmult/curve25519/donna_c64/api.h
new file mode 100644
index 00000000..60339596
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/donna_c64/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_SCALARBYTES 32
diff --git a/nacl/crypto_scalarmult/curve25519/donna_c64/base.c b/nacl/crypto_scalarmult/curve25519/donna_c64/base.c
new file mode 100644
index 00000000..f33419e8
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/donna_c64/base.c
@@ -0,0 +1,8 @@
+#include "crypto_scalarmult.h"
+
+static const unsigned char basepoint[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
+{
+  return crypto_scalarmult(q, n, basepoint);
+}
diff --git a/nacl/crypto_scalarmult/curve25519/donna_c64/implementors b/nacl/crypto_scalarmult/curve25519/donna_c64/implementors
new file mode 100644
index 00000000..0ce43280
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/donna_c64/implementors
@@ -0,0 +1 @@
+Adam Langley (Google)
diff --git a/nacl/crypto_scalarmult/curve25519/donna_c64/smult.c b/nacl/crypto_scalarmult/curve25519/donna_c64/smult.c
new file mode 100644
index 00000000..6d26956b
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/donna_c64/smult.c
@@ -0,0 +1,477 @@
+/* Copyright 2008, Google Inc.
+ * All rights reserved.
+ *
+ * Code released into the public domain.
+ *
+ * curve25519-donna: Curve25519 elliptic curve, public key function
+ *
+ * http://code.google.com/p/curve25519-donna/
+ *
+ * Adam Langley <agl@imperialviolet.org>
+ *
+ * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * More information about curve25519 can be found here
+ *   http://cr.yp.to/ecdh.html
+ *
+ * djb's sample implementation of curve25519 is written in a special assembly
+ * language called qhasm and uses the floating point registers.
+ *
+ * This is, almost, a clean room reimplementation from the curve25519 paper. It
+ * uses many of the tricks described therein. Only the crecip function is taken
+ * from the sample implementation.
+ */
+
+#include <string.h>
+#include <stdint.h>
+#include "crypto_scalarmult.h"
+
+typedef uint8_t u8;
+typedef uint64_t felem;
+// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit
+// platforms only as far as I know.
+typedef unsigned uint128_t __attribute__((mode(TI)));
+
+/* Sum two numbers: output += in */
+static void fsum(felem *output, const felem *in) {
+  unsigned i;
+  for (i = 0; i < 5; ++i) output[i] += in[i];
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!)
+ */
+static void fdifference_backwards(felem *ioutput, const felem *iin) {
+  static const int64_t twotothe51 = (1l << 51);
+  const int64_t *in = (const int64_t *) iin;
+  int64_t *out = (int64_t *) ioutput;
+
+  out[0] = in[0] - out[0];
+  out[1] = in[1] - out[1];
+  out[2] = in[2] - out[2];
+  out[3] = in[3] - out[3];
+  out[4] = in[4] - out[4];
+
+  // An arithmetic shift right of 63 places turns a positive number to 0 and a
+  // negative number to all 1's. This gives us a bitmask that lets us avoid
+  // side-channel prone branches.
+  int64_t t;
+
+#define NEGCHAIN(a,b) \
+  t = out[a] >> 63; \
+  out[a] += twotothe51 & t; \
+  out[b] -= 1 & t;
+
+#define NEGCHAIN19(a,b) \
+  t = out[a] >> 63; \
+  out[a] += twotothe51 & t; \
+  out[b] -= 19 & t;
+
+  NEGCHAIN(0, 1);
+  NEGCHAIN(1, 2);
+  NEGCHAIN(2, 3);
+  NEGCHAIN(3, 4);
+  NEGCHAIN19(4, 0);
+  NEGCHAIN(0, 1);
+  NEGCHAIN(1, 2);
+  NEGCHAIN(2, 3);
+  NEGCHAIN(3, 4);
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void fscalar_product(felem *output, const felem *in, const felem scalar) {
+  uint128_t a;
+
+  a = ((uint128_t) in[0]) * scalar;
+  output[0] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[1]) * scalar + (a >> 51);
+  output[1] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[2]) * scalar + (a >> 51);
+  output[2] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[3]) * scalar + (a >> 51);
+  output[3] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[4]) * scalar + (a >> 51);
+  output[4] = a & 0x7ffffffffffff;
+
+  output[0] += (a >> 51) * 19;
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ */
+static void fmul(felem *output, const felem *in2, const felem *in) {
+  uint128_t t[9];
+
+  t[0] = ((uint128_t) in[0]) * in2[0];
+  t[1] = ((uint128_t) in[0]) * in2[1] +
+         ((uint128_t) in[1]) * in2[0];
+  t[2] = ((uint128_t) in[0]) * in2[2] +
+         ((uint128_t) in[2]) * in2[0] +
+         ((uint128_t) in[1]) * in2[1];
+  t[3] = ((uint128_t) in[0]) * in2[3] +
+         ((uint128_t) in[3]) * in2[0] +
+         ((uint128_t) in[1]) * in2[2] +
+         ((uint128_t) in[2]) * in2[1];
+  t[4] = ((uint128_t) in[0]) * in2[4] +
+         ((uint128_t) in[4]) * in2[0] +
+         ((uint128_t) in[3]) * in2[1] +
+         ((uint128_t) in[1]) * in2[3] +
+         ((uint128_t) in[2]) * in2[2];
+  t[5] = ((uint128_t) in[4]) * in2[1] +
+         ((uint128_t) in[1]) * in2[4] +
+         ((uint128_t) in[2]) * in2[3] +
+         ((uint128_t) in[3]) * in2[2];
+  t[6] = ((uint128_t) in[4]) * in2[2] +
+         ((uint128_t) in[2]) * in2[4] +
+         ((uint128_t) in[3]) * in2[3];
+  t[7] = ((uint128_t) in[3]) * in2[4] +
+         ((uint128_t) in[4]) * in2[3];
+  t[8] = ((uint128_t) in[4]) * in2[4];
+
+  t[0] += t[5] * 19;
+  t[1] += t[6] * 19;
+  t[2] += t[7] * 19;
+  t[3] += t[8] * 19;
+
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51;
+  t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51;
+  t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51);
+  t[4] &= 0x7ffffffffffff;
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+
+  output[0] = t[0];
+  output[1] = t[1];
+  output[2] = t[2];
+  output[3] = t[3];
+  output[4] = t[4];
+}
+
+static void
+fsquare(felem *output, const felem *in) {
+  uint128_t t[9];
+
+  t[0] = ((uint128_t) in[0]) * in[0];
+  t[1] = ((uint128_t) in[0]) * in[1] * 2;
+  t[2] = ((uint128_t) in[0]) * in[2] * 2 +
+         ((uint128_t) in[1]) * in[1];
+  t[3] = ((uint128_t) in[0]) * in[3] * 2 +
+         ((uint128_t) in[1]) * in[2] * 2;
+  t[4] = ((uint128_t) in[0]) * in[4] * 2 +
+         ((uint128_t) in[3]) * in[1] * 2 +
+         ((uint128_t) in[2]) * in[2];
+  t[5] = ((uint128_t) in[4]) * in[1] * 2 +
+         ((uint128_t) in[2]) * in[3] * 2;
+  t[6] = ((uint128_t) in[4]) * in[2] * 2 +
+         ((uint128_t) in[3]) * in[3];
+  t[7] = ((uint128_t) in[3]) * in[4] * 2;
+  t[8] = ((uint128_t) in[4]) * in[4];
+
+  t[0] += t[5] * 19;
+  t[1] += t[6] * 19;
+  t[2] += t[7] * 19;
+  t[3] += t[8] * 19;
+
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51;
+  t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51;
+  t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51);
+  t[4] &= 0x7ffffffffffff;
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+
+  output[0] = t[0];
+  output[1] = t[1];
+  output[2] = t[2];
+  output[3] = t[3];
+  output[4] = t[4];
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+fexpand(felem *output, const u8 *in) {
+  output[0] = *((const uint64_t *)(in)) & 0x7ffffffffffff;
+  output[1] = (*((const uint64_t *)(in+6)) >> 3) & 0x7ffffffffffff;
+  output[2] = (*((const uint64_t *)(in+12)) >> 6) & 0x7ffffffffffff;
+  output[3] = (*((const uint64_t *)(in+19)) >> 1) & 0x7ffffffffffff;
+  output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0x7ffffffffffff;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+static void
+fcontract(u8 *output, const felem *input) {
+  uint128_t t[5];
+
+  t[0] = input[0];
+  t[1] = input[1];
+  t[2] = input[2];
+  t[3] = input[3];
+  t[4] = input[4];
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  /* now t is between 0 and 2^255-1, properly carried. */
+  /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+
+  t[0] += 19;
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+
+  t[0] += 0x8000000000000 - 19;
+  t[1] += 0x8000000000000 - 1;
+  t[2] += 0x8000000000000 - 1;
+  t[3] += 0x8000000000000 - 1;
+  t[4] += 0x8000000000000 - 1;
+
+  /* now between 2^255 and 2^256-20, and offset by 2^255. */
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[4] &= 0x7ffffffffffff;
+
+  *((uint64_t *)(output)) = t[0] | (t[1] << 51);
+  *((uint64_t *)(output+8)) = (t[1] >> 13) | (t[2] << 38);
+  *((uint64_t *)(output+16)) = (t[2] >> 26) | (t[3] << 25);
+  *((uint64_t *)(output+24)) = (t[3] >> 39) | (t[4] << 12);
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ */
+static void
+fmonty(felem *x2, felem *z2, /* output 2Q */
+       felem *x3, felem *z3, /* output Q + Q' */
+       felem *x, felem *z,   /* input Q */
+       felem *xprime, felem *zprime, /* input Q' */
+       const felem *qmqp /* input Q - Q' */) {
+  felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5],
+        zzprime[5], zzzprime[5];
+
+  memcpy(origx, x, 5 * sizeof(felem));
+  fsum(x, z);
+  fdifference_backwards(z, origx);  // does x - z
+
+  memcpy(origxprime, xprime, sizeof(felem) * 5);
+  fsum(xprime, zprime);
+  fdifference_backwards(zprime, origxprime);
+  fmul(xxprime, xprime, z);
+  fmul(zzprime, x, zprime);
+  memcpy(origxprime, xxprime, sizeof(felem) * 5);
+  fsum(xxprime, zzprime);
+  fdifference_backwards(zzprime, origxprime);
+  fsquare(x3, xxprime);
+  fsquare(zzzprime, zzprime);
+  fmul(z3, zzzprime, qmqp);
+
+  fsquare(xx, x);
+  fsquare(zz, z);
+  fmul(x2, xx, zz);
+  fdifference_backwards(zz, xx);  // does zz = xx - zz
+  fscalar_product(zzz, zz, 121665);
+  fsum(zzz, xx);
+  fmul(z2, zz, zzz);
+}
+
+// -----------------------------------------------------------------------------
+// Maybe swap the contents of two felem arrays (@a and @b), each @len elements
+// long. Perform the swap iff @swap is non-zero.
+//
+// This function performs the swap without leaking any side-channel
+// information.
+// -----------------------------------------------------------------------------
+static void
+swap_conditional(felem *a, felem *b, unsigned len, felem iswap) {
+  unsigned i;
+  const felem swap = -iswap;
+
+  for (i = 0; i < len; ++i) {
+    const felem x = swap & (a[i] ^ b[i]);
+    a[i] ^= x;
+    b[i] ^= x;
+  }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a little endian, 32-byte number
+ *   q: a point of the curve (short form)
+ */
+static void
+cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q) {
+  felem a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0};
+  felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+  felem e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1};
+  felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+  unsigned i, j;
+
+  memcpy(nqpqx, q, sizeof(felem) * 5);
+
+  for (i = 0; i < 32; ++i) {
+    u8 byte = n[31 - i];
+    for (j = 0; j < 8; ++j) {
+      const felem bit = byte >> 7;
+
+      swap_conditional(nqx, nqpqx, 5, bit);
+      swap_conditional(nqz, nqpqz, 5, bit);
+      fmonty(nqx2, nqz2,
+             nqpqx2, nqpqz2,
+             nqx, nqz,
+             nqpqx, nqpqz,
+             q);
+      swap_conditional(nqx2, nqpqx2, 5, bit);
+      swap_conditional(nqz2, nqpqz2, 5, bit);
+
+      t = nqx;
+      nqx = nqx2;
+      nqx2 = t;
+      t = nqz;
+      nqz = nqz2;
+      nqz2 = t;
+      t = nqpqx;
+      nqpqx = nqpqx2;
+      nqpqx2 = t;
+      t = nqpqz;
+      nqpqz = nqpqz2;
+      nqpqz2 = t;
+
+      byte <<= 1;
+    }
+  }
+
+  memcpy(resultx, nqx, sizeof(felem) * 5);
+  memcpy(resultz, nqz, sizeof(felem) * 5);
+}
+
+// -----------------------------------------------------------------------------
+// Shamelessly copied from djb's code
+// -----------------------------------------------------------------------------
+static void
+crecip(felem *out, const felem *z) {
+  felem z2[5];
+  felem z9[5];
+  felem z11[5];
+  felem z2_5_0[5];
+  felem z2_10_0[5];
+  felem z2_20_0[5];
+  felem z2_50_0[5];
+  felem z2_100_0[5];
+  felem t0[5];
+  felem t1[5];
+  int i;
+
+  /* 2 */ fsquare(z2,z);
+  /* 4 */ fsquare(t1,z2);
+  /* 8 */ fsquare(t0,t1);
+  /* 9 */ fmul(z9,t0,z);
+  /* 11 */ fmul(z11,z9,z2);
+  /* 22 */ fsquare(t0,z11);
+  /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ fsquare(t0,z2_5_0);
+  /* 2^7 - 2^2 */ fsquare(t1,t0);
+  /* 2^8 - 2^3 */ fsquare(t0,t1);
+  /* 2^9 - 2^4 */ fsquare(t1,t0);
+  /* 2^10 - 2^5 */ fsquare(t0,t1);
+  /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ fsquare(t0,z2_10_0);
+  /* 2^12 - 2^2 */ fsquare(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ fsquare(t0,z2_20_0);
+  /* 2^22 - 2^2 */ fsquare(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ fsquare(t1,t0);
+  /* 2^42 - 2^2 */ fsquare(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ fsquare(t0,z2_50_0);
+  /* 2^52 - 2^2 */ fsquare(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ fsquare(t1,z2_100_0);
+  /* 2^102 - 2^2 */ fsquare(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ fsquare(t0,t1);
+  /* 2^202 - 2^2 */ fsquare(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ fsquare(t1,t0);
+  /* 2^252 - 2^2 */ fsquare(t0,t1);
+  /* 2^253 - 2^3 */ fsquare(t1,t0);
+  /* 2^254 - 2^4 */ fsquare(t0,t1);
+  /* 2^255 - 2^5 */ fsquare(t1,t0);
+  /* 2^255 - 21 */ fmul(out,t1,z11);
+}
+
+int
+crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
+  felem bp[5], x[5], z[5], zmone[5];
+  unsigned char e[32];
+  int i;
+  for (i = 0;i < 32;++i) e[i] = secret[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fexpand(bp, basepoint);
+  cmult(x, z, e, bp);
+  crecip(zmone, z);
+  fmul(z, x, zmone);
+  fcontract(mypublic, z);
+  return 0;
+}
diff --git a/nacl/crypto_scalarmult/curve25519/ref/api.h b/nacl/crypto_scalarmult/curve25519/ref/api.h
new file mode 100644
index 00000000..60339596
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/ref/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_SCALARBYTES 32
diff --git a/nacl/crypto_scalarmult/curve25519/ref/base.c b/nacl/crypto_scalarmult/curve25519/ref/base.c
new file mode 100644
index 00000000..ac2d7eb4
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/ref/base.c
@@ -0,0 +1,16 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult.h"
+
+const unsigned char base[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,
+  const unsigned char *n)
+{
+  return crypto_scalarmult(q,n,base);
+}
diff --git a/nacl/crypto_scalarmult/curve25519/ref/implementors b/nacl/crypto_scalarmult/curve25519/ref/implementors
new file mode 100644
index 00000000..aa551790
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/ref/implementors
@@ -0,0 +1 @@
+Matthew Dempsky (Mochi Media)
diff --git a/nacl/crypto_scalarmult/curve25519/ref/smult.c b/nacl/crypto_scalarmult/curve25519/ref/smult.c
new file mode 100644
index 00000000..6a479558
--- /dev/null
+++ b/nacl/crypto_scalarmult/curve25519/ref/smult.c
@@ -0,0 +1,265 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult.h"
+
+static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; }
+  u += a[31] + b[31]; out[31] = u;
+}
+
+static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 218;
+  for (j = 0;j < 31;++j) {
+    u += a[j] + 65280 - b[j];
+    out[j] = u & 255;
+    u >>= 8;
+  }
+  u += a[31] - b[31];
+  out[31] = u;
+}
+
+static void squeeze(unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u;
+}
+
+static const unsigned int minusp[32] = {
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128
+} ;
+
+static void freeze(unsigned int a[32])
+{
+  unsigned int aorig[32];
+  unsigned int j;
+  unsigned int negative;
+
+  for (j = 0;j < 32;++j) aorig[j] = a[j];
+  add(a,a,minusp);
+  negative = -((a[31] >> 7) & 1);
+  for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]);
+}
+
+static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += a[j] * b[i - j];
+    for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j];
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static void mult121665(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+
+  u = 0;
+  for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; }
+  u += 121665 * a[31]; out[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; }
+  u += out[j]; out[j] = u;
+}
+
+static void square(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j < i - j;++j) u += a[j] * a[i - j];
+    for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j];
+    u *= 2;
+    if ((i & 1) == 0) {
+      u += a[i / 2] * a[i / 2];
+      u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+    }
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b)
+{
+  unsigned int j;
+  unsigned int t;
+  unsigned int bminus1;
+
+  bminus1 = b - 1;
+  for (j = 0;j < 64;++j) {
+    t = bminus1 & (r[j] ^ s[j]);
+    p[j] = s[j] ^ t;
+    q[j] = r[j] ^ t;
+  }
+}
+
+static void mainloop(unsigned int work[64],const unsigned char e[32])
+{
+  unsigned int xzm1[64];
+  unsigned int xzm[64];
+  unsigned int xzmb[64];
+  unsigned int xzm1b[64];
+  unsigned int xznb[64];
+  unsigned int xzn1b[64];
+  unsigned int a0[64];
+  unsigned int a1[64];
+  unsigned int b0[64];
+  unsigned int b1[64];
+  unsigned int c1[64];
+  unsigned int r[32];
+  unsigned int s[32];
+  unsigned int t[32];
+  unsigned int u[32];
+  unsigned int i;
+  unsigned int j;
+  unsigned int b;
+  int pos;
+
+  for (j = 0;j < 32;++j) xzm1[j] = work[j];
+  xzm1[32] = 1;
+  for (j = 33;j < 64;++j) xzm1[j] = 0;
+
+  xzm[0] = 1;
+  for (j = 1;j < 64;++j) xzm[j] = 0;
+
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    select(xzmb,xzm1b,xzm,xzm1,b);
+    add(a0,xzmb,xzmb + 32);
+    sub(a0 + 32,xzmb,xzmb + 32);
+    add(a1,xzm1b,xzm1b + 32);
+    sub(a1 + 32,xzm1b,xzm1b + 32);
+    square(b0,a0);
+    square(b0 + 32,a0 + 32);
+    mult(b1,a1,a0 + 32);
+    mult(b1 + 32,a1 + 32,a0);
+    add(c1,b1,b1 + 32);
+    sub(c1 + 32,b1,b1 + 32);
+    square(r,c1 + 32);
+    sub(s,b0,b0 + 32);
+    mult121665(t,s);
+    add(u,t,b0);
+    mult(xznb,b0,b0 + 32);
+    mult(xznb + 32,s,u);
+    square(xzn1b,c1);
+    mult(xzn1b + 32,r,work);
+    select(xzm,xzm1,xznb,xzn1b,b);
+  }
+
+  for (j = 0;j < 64;++j) work[j] = xzm[j];
+}
+
+static void recip(unsigned int out[32],const unsigned int z[32])
+{
+  unsigned int z2[32];
+  unsigned int z9[32];
+  unsigned int z11[32];
+  unsigned int z2_5_0[32];
+  unsigned int z2_10_0[32];
+  unsigned int z2_20_0[32];
+  unsigned int z2_50_0[32];
+  unsigned int z2_100_0[32];
+  unsigned int t0[32];
+  unsigned int t1[32];
+  int i;
+
+  /* 2 */ square(z2,z);
+  /* 4 */ square(t1,z2);
+  /* 8 */ square(t0,t1);
+  /* 9 */ mult(z9,t0,z);
+  /* 11 */ mult(z11,z9,z2);
+  /* 22 */ square(t0,z11);
+  /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ square(t0,z2_5_0);
+  /* 2^7 - 2^2 */ square(t1,t0);
+  /* 2^8 - 2^3 */ square(t0,t1);
+  /* 2^9 - 2^4 */ square(t1,t0);
+  /* 2^10 - 2^5 */ square(t0,t1);
+  /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ square(t0,z2_10_0);
+  /* 2^12 - 2^2 */ square(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ square(t0,z2_20_0);
+  /* 2^22 - 2^2 */ square(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ square(t1,t0);
+  /* 2^42 - 2^2 */ square(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ square(t0,z2_50_0);
+  /* 2^52 - 2^2 */ square(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ square(t1,z2_100_0);
+  /* 2^102 - 2^2 */ square(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ square(t0,t1);
+  /* 2^202 - 2^2 */ square(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ square(t1,t0);
+  /* 2^252 - 2^2 */ square(t0,t1);
+  /* 2^253 - 2^3 */ square(t1,t0);
+  /* 2^254 - 2^4 */ square(t0,t1);
+  /* 2^255 - 2^5 */ square(t1,t0);
+  /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned int work[96];
+  unsigned char e[32];
+  unsigned int i;
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  for (i = 0;i < 32;++i) work[i] = p[i];
+  mainloop(work,e);
+  recip(work + 32,work + 32);
+  mult(work + 64,work,work + 32);
+  freeze(work + 64);
+  for (i = 0;i < 32;++i) q[i] = work[64 + i];
+  return 0;
+}
diff --git a/nacl/crypto_scalarmult/curve25519/used b/nacl/crypto_scalarmult/curve25519/used
new file mode 100644
index 00000000..e69de29b
diff --git a/nacl/crypto_scalarmult/measure.c b/nacl/crypto_scalarmult/measure.c
new file mode 100644
index 00000000..0c7265d5
--- /dev/null
+++ b/nacl/crypto_scalarmult/measure.c
@@ -0,0 +1,61 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_scalarmult.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION;
+const char *implementationversion = crypto_scalarmult_VERSION;
+const char *sizenames[] = { "outputbytes", "scalarbytes", 0 };
+const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES };
+
+static unsigned char *m;
+static unsigned char *n;
+static unsigned char *p;
+static unsigned char *q;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  m = alignedcalloc(crypto_scalarmult_SCALARBYTES);
+  n = alignedcalloc(crypto_scalarmult_SCALARBYTES);
+  p = alignedcalloc(crypto_scalarmult_BYTES);
+  q = alignedcalloc(crypto_scalarmult_BYTES);
+}
+
+#define TIMINGS 63
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    randombytes(m,crypto_scalarmult_SCALARBYTES);
+    randombytes(n,crypto_scalarmult_SCALARBYTES);
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_scalarmult_base(p,m);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"base_cycles",cycles,TIMINGS);
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_scalarmult(q,n,p);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"cycles",cycles,TIMINGS);
+  }
+}
diff --git a/nacl/crypto_scalarmult/try.c b/nacl/crypto_scalarmult/try.c
new file mode 100644
index 00000000..560ce493
--- /dev/null
+++ b/nacl/crypto_scalarmult/try.c
@@ -0,0 +1,126 @@
+/*
+ * crypto_scalarmult/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_scalarmult.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION;
+
+#define mlen crypto_scalarmult_SCALARBYTES
+#define nlen crypto_scalarmult_SCALARBYTES
+#define plen crypto_scalarmult_BYTES
+#define qlen crypto_scalarmult_BYTES
+#define rlen crypto_scalarmult_BYTES
+
+static unsigned char *m;
+static unsigned char *n;
+static unsigned char *p;
+static unsigned char *q;
+static unsigned char *r;
+
+static unsigned char *m2;
+static unsigned char *n2;
+static unsigned char *p2;
+static unsigned char *q2;
+static unsigned char *r2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  m = alignedcalloc(mlen);
+  n = alignedcalloc(nlen);
+  p = alignedcalloc(plen);
+  q = alignedcalloc(qlen);
+  r = alignedcalloc(rlen);
+  m2 = alignedcalloc(mlen + crypto_scalarmult_BYTES);
+  n2 = alignedcalloc(nlen + crypto_scalarmult_BYTES);
+  p2 = alignedcalloc(plen + crypto_scalarmult_BYTES);
+  q2 = alignedcalloc(qlen + crypto_scalarmult_BYTES);
+  r2 = alignedcalloc(rlen + crypto_scalarmult_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_scalarmult(q,n,p);
+  crypto_scalarmult_base(r,n);
+}
+
+char checksum[crypto_scalarmult_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+  long long tests;
+
+  for (i = 0;i < mlen;++i) m[i] = i;
+  for (i = 0;i < nlen;++i) n[i] = i + 1;
+  for (i = 0;i < plen;++i) p[i] = i + 2;
+  for (i = 0;i < qlen;++i) q[i] = i + 3;
+  for (i = 0;i < rlen;++i) r[i] = i + 4;
+
+  for (i = -16;i < 0;++i) p[i] = random();
+  for (i = -16;i < 0;++i) n[i] = random();
+  for (i = plen;i < plen + 16;++i) p[i] = random();
+  for (i = nlen;i < nlen + 16;++i) n[i] = random();
+  for (i = -16;i < plen + 16;++i) p2[i] = p[i];
+  for (i = -16;i < nlen + 16;++i) n2[i] = n[i];
+
+  if (crypto_scalarmult_base(p,n) != 0) return "crypto_scalarmult_base returns nonzero";
+
+  for (i = -16;i < nlen + 16;++i) if (n2[i] != n[i]) return "crypto_scalarmult_base overwrites input";
+  for (i = -16;i < 0;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes before output";
+  for (i = plen;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes after output";
+
+  for (tests = 0;tests < 100;++tests) {
+    for (i = -16;i < 0;++i) q[i] = random();
+    for (i = -16;i < 0;++i) p[i] = random();
+    for (i = -16;i < 0;++i) m[i] = random();
+    for (i = qlen;i < qlen + 16;++i) q[i] = random();
+    for (i = plen;i < plen + 16;++i) p[i] = random();
+    for (i = mlen;i < mlen + 16;++i) m[i] = random();
+    for (i = -16;i < qlen + 16;++i) q2[i] = q[i];
+    for (i = -16;i < plen + 16;++i) p2[i] = p[i];
+    for (i = -16;i < mlen + 16;++i) m2[i] = m[i];
+
+    if (crypto_scalarmult(q,m,p) != 0) return "crypto_scalarmult returns nonzero";
+
+    for (i = -16;i < mlen + 16;++i) if (m2[i] != m[i]) return "crypto_scalarmult overwrites n input";
+    for (i = -16;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult overwrites p input";
+    for (i = -16;i < 0;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes before output";
+    for (i = qlen;i < qlen + 16;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes after output";
+
+    if (crypto_scalarmult(m2,m2,p) != 0) return "crypto_scalarmult returns nonzero";
+    for (i = 0;i < qlen;++i) if (q[i] != m2[i]) return "crypto_scalarmult does not handle n overlap";
+    for (i = 0;i < qlen;++i) m2[i] = m[i];
+
+    if (crypto_scalarmult(p2,m2,p2) != 0) return "crypto_scalarmult returns nonzero";
+    for (i = 0;i < qlen;++i) if (q[i] != p2[i]) return "crypto_scalarmult does not handle p overlap";
+
+    if (crypto_scalarmult(r,n,q) != 0) return "crypto_scalarmult returns nonzero";
+    if (crypto_scalarmult(q,n,p) != 0) return "crypto_scalarmult returns nonzero";
+    if (crypto_scalarmult(p,m,q) != 0) return "crypto_scalarmult returns nonzero";
+    for (j = 0;j < plen;++j) if (p[j] != r[j]) return "crypto_scalarmult not associative";
+    for (j = 0;j < mlen;++j) m[j] ^= q[j % qlen];
+    for (j = 0;j < nlen;++j) n[j] ^= p[j % plen];
+  }
+
+  for (i = 0;i < crypto_scalarmult_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (p[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & p[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}
diff --git a/nacl/crypto_scalarmult/wrapper-base.cpp b/nacl/crypto_scalarmult/wrapper-base.cpp
new file mode 100644
index 00000000..f71ce19a
--- /dev/null
+++ b/nacl/crypto_scalarmult/wrapper-base.cpp
@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_scalarmult.h"
+
+string crypto_scalarmult_base(const string &n)
+{
+  unsigned char q[crypto_scalarmult_BYTES];
+  if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length";
+  crypto_scalarmult_base(q,(const unsigned char *) n.c_str());
+  return string((char *) q,sizeof q);
+}
diff --git a/nacl/crypto_scalarmult/wrapper-mult.cpp b/nacl/crypto_scalarmult/wrapper-mult.cpp
new file mode 100644
index 00000000..fc693cf0
--- /dev/null
+++ b/nacl/crypto_scalarmult/wrapper-mult.cpp
@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_scalarmult.h"
+
+string crypto_scalarmult(const string &n,const string &p)
+{
+  unsigned char q[crypto_scalarmult_BYTES];
+  if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length";
+  if (p.size() != crypto_scalarmult_BYTES) throw "incorrect element length";
+  crypto_scalarmult(q,(const unsigned char *) n.c_str(),(const unsigned char *) p.c_str());
+  return string((char *) q,sizeof q);
+}
-- 
cgit v1.2.3