From 7e00ec1a9b6de167756811bf5cffc2bac5e2b5fc Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 3 Nov 2015 12:39:51 +0100
Subject: [PATCH] Import the raw Sandy2x curve25519 implementation

---
 .../curve25519/sandy2x/base.c                 |   44 +
 .../curve25519/sandy2x/consts.S               |   38 +
 .../curve25519/sandy2x/consts_namespace.h     |   22 +
 .../crypto_scalarmult/curve25519/sandy2x/fe.h |   25 +
 .../curve25519/sandy2x/fe51.h                 |   25 +
 .../curve25519/sandy2x/fe51_invert.c          |   53 +
 .../curve25519/sandy2x/fe51_mul.S             |  185 +++
 .../curve25519/sandy2x/fe51_namespace.h       |   16 +
 .../curve25519/sandy2x/fe51_nsquare.S         |  155 ++
 .../curve25519/sandy2x/fe51_pack.S            |  209 +++
 .../curve25519/sandy2x/fe_frombytes.c         |   72 +
 .../curve25519/sandy2x/ladder.S               | 1422 +++++++++++++++++
 .../curve25519/sandy2x/ladder.h               |   10 +
 .../curve25519/sandy2x/ladder_base.S          | 1277 +++++++++++++++
 .../curve25519/sandy2x/ladder_base.h          |   10 +
 .../sandy2x/ladder_base_namespace.h           |    8 +
 .../curve25519/sandy2x/ladder_namespace.h     |    8 +
 .../curve25519/sandy2x/scalarmult.c           |   57 +
 18 files changed, 3636 insertions(+)
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/base.c
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes.c
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h
 create mode 100644 src/libsodium/crypto_scalarmult/curve25519/sandy2x/scalarmult.c

diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/base.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/base.c
new file mode 100644
index 00000000..42a0d95b
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/base.c
@@ -0,0 +1,44 @@
+#include "crypto_scalarmult.h"
+
+#include "fe.h"
+#include "fe51.h"
+#include "ladder_base.h"
+
+#define x2 var[0]
+#define z2 var[1]
+
+int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
+{
+  unsigned char e[32];
+  unsigned int i;
+
+  fe var[3]; 
+
+  fe51 x_51;
+  fe51 z_51;
+
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  ladder_base(var, e);
+
+  z_51.v[0] = (z2[1] << 26) + z2[0];
+  z_51.v[1] = (z2[3] << 26) + z2[2];
+  z_51.v[2] = (z2[5] << 26) + z2[4];
+  z_51.v[3] = (z2[7] << 26) + z2[6];
+  z_51.v[4] = (z2[9] << 26) + z2[8];
+
+  x_51.v[0] = (x2[1] << 26) + x2[0];
+  x_51.v[1] = (x2[3] << 26) + x2[2];
+  x_51.v[2] = (x2[5] << 26) + x2[4];
+  x_51.v[3] = (x2[7] << 26) + x2[6];
+  x_51.v[4] = (x2[9] << 26) + x2[8];
+
+  fe51_invert(&z_51, &z_51);
+  fe51_mul(&x_51, &x_51, &z_51);
+  fe51_pack(q, &x_51);
+
+  return 0;
+}
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S
new file mode 100644
index 00000000..d7b64f91
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S
@@ -0,0 +1,38 @@
+/*
+   REDMASK51 is from amd64-51/consts.s.
+*/
+#include "consts_namespace.h"
+.data
+.globl v0_0
+.globl v1_0
+.globl v2_1
+.globl v2_2
+.globl v9_0
+.globl v9_9
+.globl v19_19
+.globl v38_1
+.globl v38_19
+.globl v38_38
+.globl v121666_121666
+.globl m25
+.globl m26
+.globl subc0
+.globl subc2
+.globl REDMASK51
+.p2align 4
+v0_0: .quad 0, 0
+v1_0: .quad 1, 0
+v2_1: .quad 2, 1
+v2_2: .quad 2, 2
+v9_0: .quad 9, 0
+v9_9: .quad 9, 9
+v19_19: .quad 19, 19
+v38_1: .quad 38, 1
+v38_19: .quad 38, 19
+v38_38: .quad 38, 38
+v121666_121666: .quad 121666, 121666
+m25: .quad 33554431, 33554431
+m26: .quad 67108863, 67108863
+subc0: .quad 0x07FFFFDA, 0x03FFFFFE
+subc2: .quad 0x07FFFFFE, 0x03FFFFFE
+REDMASK51:   .quad 0x0007FFFFFFFFFFFF
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h
new file mode 100644
index 00000000..42ef7421
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h
@@ -0,0 +1,22 @@
+#ifndef CONSTS_NAMESPACE_H
+#define CONSTS_NAMESPACE_H
+
+#define v0_0 crypto_scalarmult_curve25519_sandy2x_v0_0
+#define v1_0 crypto_scalarmult_curve25519_sandy2x_v1_0
+#define v2_1 crypto_scalarmult_curve25519_sandy2x_v2_1
+#define v2_2 crypto_scalarmult_curve25519_sandy2x_v2_2
+#define v9_0 crypto_scalarmult_curve25519_sandy2x_v9_0
+#define v9_9 crypto_scalarmult_curve25519_sandy2x_v9_9
+#define v19_19 crypto_scalarmult_curve25519_sandy2x_v19_19
+#define v38_1 crypto_scalarmult_curve25519_sandy2x_v38_1
+#define v38_19 crypto_scalarmult_curve25519_sandy2x_v38_19
+#define v38_38 crypto_scalarmult_curve25519_sandy2x_v38_38
+#define v121666_121666 crypto_scalarmult_curve25519_sandy2x_v121666_121666
+#define m25 crypto_scalarmult_curve25519_sandy2x_m25
+#define m26 crypto_scalarmult_curve25519_sandy2x_m26
+#define subc0 crypto_scalarmult_curve25519_sandy2x_subc0
+#define subc2 crypto_scalarmult_curve25519_sandy2x_subc2
+#define REDMASK51 crypto_scalarmult_curve25519_sandy2x_REDMASK51
+
+#endif //ifndef CONSTS_NAMESPACE_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h
new file mode 100644
index 00000000..fbca8867
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h
@@ -0,0 +1,25 @@
+/*
+   This file is adapted from ref10/fe.h:
+   All the redundant functions are removed.
+*/
+
+#ifndef FE_H
+#define FE_H
+
+#include "crypto_uint64.h"
+
+typedef crypto_uint64 fe[10];
+
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+
+#define fe_frombytes crypto_scalarmult_curve25519_sandy2x_fe_frombytes
+
+extern void fe_frombytes(fe, const unsigned char *);
+
+#endif
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h
new file mode 100644
index 00000000..a579f000
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h
@@ -0,0 +1,25 @@
+/*
+   This file is adapted from amd64-51/fe25519.h:
+   'fe25519' is renamed as 'fe51';
+   All the redundant functions are removed;
+   New function fe51_nsquare is introduced.
+*/
+
+#ifndef FE51_H
+#define FE51_H
+
+#include "crypto_uint64.h"
+#include "fe51_namespace.h"
+
+typedef struct 
+{
+  crypto_uint64 v[5]; 
+}
+fe51;
+
+extern void fe51_pack(unsigned char *, const fe51 *);
+extern void fe51_mul(fe51 *, const fe51 *, const fe51 *);
+extern void fe51_nsquare(fe51 *, const fe51 *, int);
+extern void fe51_invert(fe51 *, const fe51 *);
+
+#endif
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c
new file mode 100644
index 00000000..364eb355
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c
@@ -0,0 +1,53 @@
+/*
+   This file is adapted from amd64-51/fe25519_invert.c:
+   Loops of squares are replaced by nsquares for better performance.
+*/
+
+#include "fe51.h"
+
+#define fe51_square(x, y) fe51_nsquare(x, y, 1)
+
+void fe51_invert(fe51 *r, const fe51 *x)
+{
+	fe51 z2;
+	fe51 z9;
+	fe51 z11;
+	fe51 z2_5_0;
+	fe51 z2_10_0;
+	fe51 z2_20_0;
+	fe51 z2_50_0;
+	fe51 z2_100_0;
+	fe51 t;
+	
+	/* 2 */ fe51_square(&z2,x);
+	/* 4 */ fe51_square(&t,&z2);
+	/* 8 */ fe51_square(&t,&t);
+	/* 9 */ fe51_mul(&z9,&t,x);
+	/* 11 */ fe51_mul(&z11,&z9,&z2);
+	/* 22 */ fe51_square(&t,&z11);
+	/* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
+
+	/* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5); 
+	/* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
+
+	/* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10); 
+	/* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
+
+	/* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20); 
+	/* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
+
+	/* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
+	/* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
+
+	/* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50); 
+	/* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
+
+	/* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100); 
+	/* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
+
+	/* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
+	/* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
+
+	/* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
+	/* 2^255 - 21 */ fe51_mul(r,&t,&z11);
+}
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
new file mode 100644
index 00000000..55c2b62e
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
@@ -0,0 +1,185 @@
+/*
+   This file is basically amd64-51/fe25519_mul.s.
+*/
+#include "fe51_namespace.h"
+#include "consts_namespace.h"
+.text
+.p2align 5
+.globl _fe51_mul
+.globl fe51_mul
+_fe51_mul:
+fe51_mul:
+mov %rsp,%r11
+and $31,%r11
+add $96,%r11
+sub %r11,%rsp
+movq %r11,0(%rsp)
+movq %r12,8(%rsp)
+movq %r13,16(%rsp)
+movq %r14,24(%rsp)
+movq %r15,32(%rsp)
+movq %rbx,40(%rsp)
+movq %rbp,48(%rsp)
+movq %rdi,56(%rsp)
+mov  %rdx,%rcx
+movq   24(%rsi),%rdx
+imulq  $19,%rdx,%rax
+movq %rax,64(%rsp)
+mulq  16(%rcx)
+mov  %rax,%r8
+mov  %rdx,%r9
+movq   32(%rsi),%rdx
+imulq  $19,%rdx,%rax
+movq %rax,72(%rsp)
+mulq  8(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   0(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   0(%rsi),%rax
+mulq  8(%rcx)
+mov  %rax,%r10
+mov  %rdx,%r11
+movq   0(%rsi),%rax
+mulq  16(%rcx)
+mov  %rax,%r12
+mov  %rdx,%r13
+movq   0(%rsi),%rax
+mulq  24(%rcx)
+mov  %rax,%r14
+mov  %rdx,%r15
+movq   0(%rsi),%rax
+mulq  32(%rcx)
+mov  %rax,%rbx
+mov  %rdx,%rbp
+movq   8(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq   8(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   8(%rsi),%rax
+mulq  16(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   8(%rsi),%rax
+mulq  24(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq   8(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  32(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   16(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   16(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   16(%rsi),%rax
+mulq  16(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq   16(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  24(%rcx)
+add  %rax,%r8
+adc %rdx,%r9
+movq   16(%rsi),%rdx
+imulq  $19,%rdx,%rax
+mulq  32(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq   24(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq   24(%rsi),%rax
+mulq  8(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq 64(%rsp),%rax
+mulq  24(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq 64(%rsp),%rax
+mulq  32(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq   32(%rsi),%rax
+mulq  0(%rcx)
+add  %rax,%rbx
+adc %rdx,%rbp
+movq 72(%rsp),%rax
+mulq  16(%rcx)
+add  %rax,%r10
+adc %rdx,%r11
+movq 72(%rsp),%rax
+mulq  24(%rcx)
+add  %rax,%r12
+adc %rdx,%r13
+movq 72(%rsp),%rax
+mulq  32(%rcx)
+add  %rax,%r14
+adc %rdx,%r15
+movq REDMASK51,%rsi
+shld $13,%r8,%r9
+and  %rsi,%r8
+shld $13,%r10,%r11
+and  %rsi,%r10
+add  %r9,%r10
+shld $13,%r12,%r13
+and  %rsi,%r12
+add  %r11,%r12
+shld $13,%r14,%r15
+and  %rsi,%r14
+add  %r13,%r14
+shld $13,%rbx,%rbp
+and  %rsi,%rbx
+add  %r15,%rbx
+imulq  $19,%rbp,%rdx
+add  %rdx,%r8
+mov  %r8,%rdx
+shr  $51,%rdx
+add  %r10,%rdx
+mov  %rdx,%rcx
+shr  $51,%rdx
+and  %rsi,%r8
+add  %r12,%rdx
+mov  %rdx,%r9
+shr  $51,%rdx
+and  %rsi,%rcx
+add  %r14,%rdx
+mov  %rdx,%rax
+shr  $51,%rdx
+and  %rsi,%r9
+add  %rbx,%rdx
+mov  %rdx,%r10
+shr  $51,%rdx
+and  %rsi,%rax
+imulq  $19,%rdx,%rdx
+add  %rdx,%r8
+and  %rsi,%r10
+movq   %r8,0(%rdi)
+movq   %rcx,8(%rdi)
+movq   %r9,16(%rdi)
+movq   %rax,24(%rdi)
+movq   %r10,32(%rdi)
+movq 0(%rsp),%r11
+movq 8(%rsp),%r12
+movq 16(%rsp),%r13
+movq 24(%rsp),%r14
+movq 32(%rsp),%r15
+movq 40(%rsp),%rbx
+movq 48(%rsp),%rbp
+add %r11,%rsp
+mov %rdi,%rax
+mov %rsi,%rdx
+ret
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h
new file mode 100644
index 00000000..1eee4b61
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h
@@ -0,0 +1,16 @@
+#ifndef FE51_NAMESPACE_H
+#define FE51_NAMESPACE_H
+
+#define  fe51              crypto_scalarmult_curve25519_sandy2x_fe51
+#define _fe51             _crypto_scalarmult_curve25519_sandy2x_fe51
+#define  fe51_pack         crypto_scalarmult_curve25519_sandy2x_fe51_pack
+#define _fe51_pack        _crypto_scalarmult_curve25519_sandy2x_fe51_pack
+#define  fe51_mul          crypto_scalarmult_curve25519_sandy2x_fe51_mul
+#define _fe51_mul         _crypto_scalarmult_curve25519_sandy2x_fe51_mul
+#define  fe51_nsquare      crypto_scalarmult_curve25519_sandy2x_fe51_nsquare
+#define _fe51_nsquare     _crypto_scalarmult_curve25519_sandy2x_fe51_nsquare
+
+#define  fe51_invert       crypto_scalarmult_curve25519_sandy2x_fe51_invert
+
+#endif //ifndef FE51_NAMESPACE_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
new file mode 100644
index 00000000..9b4e0114
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
@@ -0,0 +1,155 @@
+/*
+   This file is adapted from amd64-51/fe25519_square.s:
+   Adding loop to perform n squares.
+*/
+#include "fe51_namespace.h"
+#include "consts_namespace.h"
+.p2align 5
+.global _fe51_nsquare
+.global fe51_nsquare
+_fe51_nsquare:
+fe51_nsquare:
+mov %rsp,%r11
+and $31,%r11
+add $64,%r11
+sub %r11,%rsp
+movq %r11,0(%rsp)
+movq %r12,8(%rsp)
+movq %r13,16(%rsp)
+movq %r14,24(%rsp)
+movq %r15,32(%rsp)
+movq %rbx,40(%rsp)
+movq %rbp,48(%rsp)
+movq   0(%rsi),%rcx
+movq   8(%rsi),%r8
+movq   16(%rsi),%r9
+movq   24(%rsi),%rax
+movq   32(%rsi),%rsi
+movq   %r9,16(%rdi)
+movq   %rax,24(%rdi)
+movq   %rsi,32(%rdi)
+mov  %rdx,%rsi
+._loop:
+sub  $1,%rsi
+mov  %rcx,%rax
+mul  %rcx
+add  %rcx,%rcx
+mov  %rax,%r9
+mov  %rdx,%r10
+mov  %rcx,%rax
+mul  %r8
+mov  %rax,%r11
+mov  %rdx,%r12
+mov  %rcx,%rax
+mulq  16(%rdi)
+mov  %rax,%r13
+mov  %rdx,%r14
+mov  %rcx,%rax
+mulq  24(%rdi)
+mov  %rax,%r15
+mov  %rdx,%rbx
+mov  %rcx,%rax
+mulq  32(%rdi)
+mov  %rax,%rcx
+mov  %rdx,%rbp
+mov  %r8,%rax
+mul  %r8
+add  %r8,%r8
+add  %rax,%r13
+adc %rdx,%r14
+mov  %r8,%rax
+mulq  16(%rdi)
+add  %rax,%r15
+adc %rdx,%rbx
+mov  %r8,%rax
+imulq  $19, %r8,%r8
+mulq  24(%rdi)
+add  %rax,%rcx
+adc %rdx,%rbp
+mov  %r8,%rax
+mulq  32(%rdi)
+add  %rax,%r9
+adc %rdx,%r10
+movq   16(%rdi),%rax
+mulq  16(%rdi)
+add  %rax,%rcx
+adc %rdx,%rbp
+shld $13,%rcx,%rbp
+movq   16(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  24(%rdi)
+add  %rax,%r9
+adc %rdx,%r10
+shld $13,%r9,%r10
+movq   16(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r11
+adc %rdx,%r12
+movq   24(%rdi),%rax
+imulq  $19, %rax,%rax
+mulq  24(%rdi)
+add  %rax,%r11
+adc %rdx,%r12
+shld $13,%r11,%r12
+movq   24(%rdi),%rax
+imulq  $38, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r13
+adc %rdx,%r14
+shld $13,%r13,%r14
+movq   32(%rdi),%rax
+imulq  $19, %rax,%rax
+mulq  32(%rdi)
+add  %rax,%r15
+adc %rdx,%rbx
+shld $13,%r15,%rbx
+movq REDMASK51,%rdx
+and  %rdx,%rcx
+add  %rbx,%rcx
+and  %rdx,%r9
+and  %rdx,%r11
+add  %r10,%r11
+and  %rdx,%r13
+add  %r12,%r13
+and  %rdx,%r15
+add  %r14,%r15
+imulq  $19, %rbp,%rbp
+lea  (%r9,%rbp),%r9
+mov  %r9,%rax
+shr  $51,%r9
+add  %r11,%r9
+and  %rdx,%rax
+mov  %r9,%r8
+shr  $51,%r9
+add  %r13,%r9
+and  %rdx,%r8
+mov  %r9,%r10
+shr  $51,%r9
+add  %r15,%r9
+and  %rdx,%r10
+movq   %r10,16(%rdi)
+mov  %r9,%r10
+shr  $51,%r9
+add  %rcx,%r9
+and  %rdx,%r10
+movq   %r10,24(%rdi)
+mov  %r9,%r10
+shr  $51,%r9
+imulq  $19, %r9,%r9
+lea  (%rax,%r9),%rcx
+and  %rdx,%r10
+movq   %r10,32(%rdi)
+cmp  $0,%rsi
+jne ._loop
+movq   %rcx,0(%rdi)
+movq   %r8,8(%rdi)
+movq 0(%rsp),%r11
+movq 8(%rsp),%r12
+movq 16(%rsp),%r13
+movq 24(%rsp),%r14
+movq 32(%rsp),%r15
+movq 40(%rsp),%rbx
+movq 48(%rsp),%rbp
+add %r11,%rsp
+ret
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
new file mode 100644
index 00000000..eaa15590
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
@@ -0,0 +1,209 @@
+/*
+   This file is the result of merging 
+   amd64-51/fe25519_pack.c and amd64-51/fe25519_freeze.s.
+*/
+#include "fe51_namespace.h"
+#include "consts_namespace.h"
+.p2align 5
+.global _fe51_pack
+.global fe51_pack
+_fe51_pack:
+fe51_pack:
+mov %rsp,%r11
+and $31,%r11
+add $32,%r11
+sub %r11,%rsp
+movq %r11,0(%rsp)
+movq %r12,8(%rsp)
+movq   0(%rsi),%rdx
+movq   8(%rsi),%rcx
+movq   16(%rsi),%r8
+movq   24(%rsi),%r9
+movq   32(%rsi),%rsi
+movq REDMASK51,%rax
+lea  -18(%rax),%r10
+mov  $3,%r11
+._reduceloop:
+mov  %rdx,%r12
+shr  $51,%r12
+and  %rax,%rdx
+add  %r12,%rcx
+mov  %rcx,%r12
+shr  $51,%r12
+and  %rax,%rcx
+add  %r12,%r8
+mov  %r8,%r12
+shr  $51,%r12
+and  %rax,%r8
+add  %r12,%r9
+mov  %r9,%r12
+shr  $51,%r12
+and  %rax,%r9
+add  %r12,%rsi
+mov  %rsi,%r12
+shr  $51,%r12
+and  %rax,%rsi
+imulq  $19, %r12,%r12
+add  %r12,%rdx
+sub  $1,%r11
+ja ._reduceloop
+mov  $1,%r12
+cmp  %r10,%rdx
+cmovl %r11,%r12
+cmp  %rax,%rcx
+cmovne %r11,%r12
+cmp  %rax,%r8
+cmovne %r11,%r12
+cmp  %rax,%r9
+cmovne %r11,%r12
+cmp  %rax,%rsi
+cmovne %r11,%r12
+neg  %r12
+and  %r12,%rax
+and  %r12,%r10
+sub  %r10,%rdx
+sub  %rax,%rcx
+sub  %rax,%r8
+sub  %rax,%r9
+sub  %rax,%rsi
+mov  %rdx,%rax
+and  $0xFF,%eax
+movb   %al,0(%rdi)
+mov  %rdx,%rax
+shr  $8,%rax
+and  $0xFF,%eax
+movb   %al,1(%rdi)
+mov  %rdx,%rax
+shr  $16,%rax
+and  $0xFF,%eax
+movb   %al,2(%rdi)
+mov  %rdx,%rax
+shr  $24,%rax
+and  $0xFF,%eax
+movb   %al,3(%rdi)
+mov  %rdx,%rax
+shr  $32,%rax
+and  $0xFF,%eax
+movb   %al,4(%rdi)
+mov  %rdx,%rax
+shr  $40,%rax
+and  $0xFF,%eax
+movb   %al,5(%rdi)
+mov  %rdx,%rdx
+shr  $48,%rdx
+mov  %rcx,%rax
+shl  $3,%rax
+and  $0xF8,%eax
+xor  %rdx,%rax
+movb   %al,6(%rdi)
+mov  %rcx,%rdx
+shr  $5,%rdx
+and  $0xFF,%edx
+movb   %dl,7(%rdi)
+mov  %rcx,%rdx
+shr  $13,%rdx
+and  $0xFF,%edx
+movb   %dl,8(%rdi)
+mov  %rcx,%rdx
+shr  $21,%rdx
+and  $0xFF,%edx
+movb   %dl,9(%rdi)
+mov  %rcx,%rdx
+shr  $29,%rdx
+and  $0xFF,%edx
+movb   %dl,10(%rdi)
+mov  %rcx,%rdx
+shr  $37,%rdx
+and  $0xFF,%edx
+movb   %dl,11(%rdi)
+mov  %rcx,%rdx
+shr  $45,%rdx
+mov  %r8,%rcx
+shl  $6,%rcx
+and  $0xC0,%ecx
+xor  %rdx,%rcx
+movb   %cl,12(%rdi)
+mov  %r8,%rdx
+shr  $2,%rdx
+and  $0xFF,%edx
+movb   %dl,13(%rdi)
+mov  %r8,%rdx
+shr  $10,%rdx
+and  $0xFF,%edx
+movb   %dl,14(%rdi)
+mov  %r8,%rdx
+shr  $18,%rdx
+and  $0xFF,%edx
+movb   %dl,15(%rdi)
+mov  %r8,%rdx
+shr  $26,%rdx
+and  $0xFF,%edx
+movb   %dl,16(%rdi)
+mov  %r8,%rdx
+shr  $34,%rdx
+and  $0xFF,%edx
+movb   %dl,17(%rdi)
+mov  %r8,%rdx
+shr  $42,%rdx
+movb   %dl,18(%rdi)
+mov  %r8,%rdx
+shr  $50,%rdx
+mov  %r9,%rcx
+shl  $1,%rcx
+and  $0xFE,%ecx
+xor  %rdx,%rcx
+movb   %cl,19(%rdi)
+mov  %r9,%rdx
+shr  $7,%rdx
+and  $0xFF,%edx
+movb   %dl,20(%rdi)
+mov  %r9,%rdx
+shr  $15,%rdx
+and  $0xFF,%edx
+movb   %dl,21(%rdi)
+mov  %r9,%rdx
+shr  $23,%rdx
+and  $0xFF,%edx
+movb   %dl,22(%rdi)
+mov  %r9,%rdx
+shr  $31,%rdx
+and  $0xFF,%edx
+movb   %dl,23(%rdi)
+mov  %r9,%rdx
+shr  $39,%rdx
+and  $0xFF,%edx
+movb   %dl,24(%rdi)
+mov  %r9,%rdx
+shr  $47,%rdx
+mov  %rsi,%rcx
+shl  $4,%rcx
+and  $0xF0,%ecx
+xor  %rdx,%rcx
+movb   %cl,25(%rdi)
+mov  %rsi,%rdx
+shr  $4,%rdx
+and  $0xFF,%edx
+movb   %dl,26(%rdi)
+mov  %rsi,%rdx
+shr  $12,%rdx
+and  $0xFF,%edx
+movb   %dl,27(%rdi)
+mov  %rsi,%rdx
+shr  $20,%rdx
+and  $0xFF,%edx
+movb   %dl,28(%rdi)
+mov  %rsi,%rdx
+shr  $28,%rdx
+and  $0xFF,%edx
+movb   %dl,29(%rdi)
+mov  %rsi,%rdx
+shr  $36,%rdx
+and  $0xFF,%edx
+movb   %dl,30(%rdi)
+mov  %rsi,%rsi
+shr  $44,%rsi
+movb   %sil,31(%rdi)
+movq 0(%rsp),%r11
+movq 8(%rsp),%r12
+add %r11,%rsp
+ret
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes.c
new file mode 100644
index 00000000..54770f48
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes.c
@@ -0,0 +1,72 @@
+/*
+   This file is basically ref10/fe_frombytes.h.
+*/
+
+#include "fe.h"
+#include "crypto_uint64.h"
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+void fe_frombytes(fe h,const unsigned char *s)
+{
+  crypto_uint64 h0 = load_4(s);
+  crypto_uint64 h1 = load_3(s + 4) << 6;
+  crypto_uint64 h2 = load_3(s + 7) << 5;
+  crypto_uint64 h3 = load_3(s + 10) << 3;
+  crypto_uint64 h4 = load_3(s + 13) << 2;
+  crypto_uint64 h5 = load_4(s + 16);
+  crypto_uint64 h6 = load_3(s + 20) << 7;
+  crypto_uint64 h7 = load_3(s + 23) << 5;
+  crypto_uint64 h8 = load_3(s + 26) << 4;
+  crypto_uint64 h9 = load_3(s + 29) << 2;
+  crypto_uint64 carry0;
+  crypto_uint64 carry1;
+  crypto_uint64 carry2;
+  crypto_uint64 carry3;
+  crypto_uint64 carry4;
+  crypto_uint64 carry5;
+  crypto_uint64 carry6;
+  crypto_uint64 carry7;
+  crypto_uint64 carry8;
+  crypto_uint64 carry9;
+
+  carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF;
+  carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF;
+  carry3 = h3 >> 25; h4 += carry3; h3 &= 0x1FFFFFF;
+  carry5 = h5 >> 25; h6 += carry5; h5 &= 0x1FFFFFF;
+  carry7 = h7 >> 25; h8 += carry7; h7 &= 0x1FFFFFF;
+
+  carry0 = h0 >> 26; h1 += carry0; h0 &= 0x3FFFFFF;
+  carry2 = h2 >> 26; h3 += carry2; h2 &= 0x3FFFFFF;
+  carry4 = h4 >> 26; h5 += carry4; h4 &= 0x3FFFFFF;
+  carry6 = h6 >> 26; h7 += carry6; h6 &= 0x3FFFFFF;
+  carry8 = h8 >> 26; h9 += carry8; h8 &= 0x3FFFFFF;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
new file mode 100644
index 00000000..e223c76c
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
@@ -0,0 +1,1422 @@
+#include "ladder_namespace.h"
+#include "consts_namespace.h"
+.p2align 5
+.global _ladder
+.global ladder
+_ladder:
+ladder:
+mov %rsp,%r11
+and $31,%r11
+add $1856,%r11
+sub %r11,%rsp
+movq %r11,1824(%rsp)
+movq %r12,1832(%rsp)
+movq %r13,1840(%rsp)
+movq %r14,1848(%rsp)
+movdqa v0_0,%xmm0
+movdqa v1_0,%xmm1
+movdqu   0(%rdi),%xmm2
+movdqa %xmm2,0(%rsp)
+movdqu   16(%rdi),%xmm2
+movdqa %xmm2,16(%rsp)
+movdqu   32(%rdi),%xmm2
+movdqa %xmm2,32(%rsp)
+movdqu   48(%rdi),%xmm2
+movdqa %xmm2,48(%rsp)
+movdqu   64(%rdi),%xmm2
+movdqa %xmm2,64(%rsp)
+movdqa %xmm1,80(%rsp)
+movdqa %xmm0,96(%rsp)
+movdqa %xmm0,112(%rsp)
+movdqa %xmm0,128(%rsp)
+movdqa %xmm0,144(%rsp)
+movdqa %xmm1,%xmm0
+pxor %xmm1,%xmm1
+pxor %xmm2,%xmm2
+pxor %xmm3,%xmm3
+pxor %xmm4,%xmm4
+pxor %xmm5,%xmm5
+pxor %xmm6,%xmm6
+pxor %xmm7,%xmm7
+pxor %xmm8,%xmm8
+pxor %xmm9,%xmm9
+movdqu   0(%rdi),%xmm10
+movdqa %xmm10,160(%rsp)
+movdqu   16(%rdi),%xmm10
+movdqa %xmm10,176(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,192(%rsp)
+movdqu   32(%rdi),%xmm10
+movdqa %xmm10,208(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,224(%rsp)
+movdqu   48(%rdi),%xmm10
+movdqa %xmm10,240(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,256(%rsp)
+movdqu   64(%rdi),%xmm10
+movdqa %xmm10,272(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,288(%rsp)
+movdqu   8(%rdi),%xmm10
+pmuludq v2_1,%xmm10
+movdqa %xmm10,304(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,320(%rsp)
+movdqu   24(%rdi),%xmm10
+pmuludq v2_1,%xmm10
+movdqa %xmm10,336(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,352(%rsp)
+movdqu   40(%rdi),%xmm10
+pmuludq v2_1,%xmm10
+movdqa %xmm10,368(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,384(%rsp)
+movdqu   56(%rdi),%xmm10
+pmuludq v2_1,%xmm10
+movdqa %xmm10,400(%rsp)
+pmuludq v19_19,%xmm10
+movdqa %xmm10,416(%rsp)
+movdqu   0(%rdi),%xmm10
+movdqu   64(%rdi),%xmm11
+blendps $12, %xmm11, %xmm10
+pshufd $2,%xmm10,%xmm10
+pmuludq v38_1,%xmm10
+movdqa %xmm10,432(%rsp)
+movq   0(%rsi),%rdx
+movq   8(%rsi),%rcx
+movq   16(%rsi),%r8
+movq   24(%rsi),%r9
+shrd $1,%rcx,%rdx
+shrd $1,%r8,%rcx
+shrd $1,%r9,%r8
+shr  $1,%r9
+xorq 0(%rsi),%rdx
+xorq 8(%rsi),%rcx
+xorq 16(%rsi),%r8
+xorq 24(%rsi),%r9
+leaq 800(%rsp),%rsi
+mov  $64,%rax
+._small_loop:
+mov  %rdx,%r10
+mov  %rcx,%r11
+mov  %r8,%r12
+mov  %r9,%r13
+shr  $1,%rdx
+shr  $1,%rcx
+shr  $1,%r8
+shr  $1,%r9
+and  $1,%r10d
+and  $1,%r11d
+and  $1,%r12d
+and  $1,%r13d
+neg  %r10
+neg  %r11
+neg  %r12
+neg  %r13
+movl   %r10d,0(%rsi)
+movl   %r11d,256(%rsi)
+movl   %r12d,512(%rsi)
+movl   %r13d,768(%rsi)
+add  $4,%rsi
+sub  $1,%rax
+jne ._small_loop
+mov  $255,%rdx
+add  $760,%rsi
+._loop:
+sub  $1,%rdx
+vbroadcastss 0(%rsi),%xmm10
+sub  $4,%rsi
+movdqa 0(%rsp),%xmm11
+movdqa 80(%rsp),%xmm12
+vpxor %xmm11,%xmm0,%xmm13
+pand %xmm10,%xmm13
+pxor %xmm13,%xmm0
+pxor %xmm13,%xmm11
+vpxor %xmm12,%xmm1,%xmm13
+pand %xmm10,%xmm13
+pxor %xmm13,%xmm1
+pxor %xmm13,%xmm12
+movdqa 16(%rsp),%xmm13
+movdqa 96(%rsp),%xmm14
+vpxor %xmm13,%xmm2,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm2
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm3,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm3
+pxor %xmm15,%xmm14
+movdqa %xmm13,0(%rsp)
+movdqa %xmm14,16(%rsp)
+movdqa 32(%rsp),%xmm13
+movdqa 112(%rsp),%xmm14
+vpxor %xmm13,%xmm4,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm4
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm5,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm5
+pxor %xmm15,%xmm14
+movdqa %xmm13,32(%rsp)
+movdqa %xmm14,80(%rsp)
+movdqa 48(%rsp),%xmm13
+movdqa 128(%rsp),%xmm14
+vpxor %xmm13,%xmm6,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm6
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm7,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm7
+pxor %xmm15,%xmm14
+movdqa %xmm13,48(%rsp)
+movdqa %xmm14,96(%rsp)
+movdqa 64(%rsp),%xmm13
+movdqa 144(%rsp),%xmm14
+vpxor %xmm13,%xmm8,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm8
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm9,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm9
+pxor %xmm15,%xmm14
+movdqa %xmm13,64(%rsp)
+movdqa %xmm14,112(%rsp)
+vpaddq subc0,%xmm11,%xmm10
+psubq %xmm12,%xmm10
+paddq %xmm12,%xmm11
+vpunpckhqdq %xmm10,%xmm11,%xmm12
+vpunpcklqdq %xmm10,%xmm11,%xmm10
+vpaddq %xmm1,%xmm0,%xmm11
+paddq subc0,%xmm0
+psubq %xmm1,%xmm0
+vpunpckhqdq %xmm11,%xmm0,%xmm1
+vpunpcklqdq %xmm11,%xmm0,%xmm0
+vpmuludq %xmm0,%xmm10,%xmm11
+vpmuludq %xmm1,%xmm10,%xmm13
+movdqa %xmm1,128(%rsp)
+paddq %xmm1,%xmm1
+vpmuludq %xmm0,%xmm12,%xmm14
+movdqa %xmm0,144(%rsp)
+paddq %xmm14,%xmm13
+vpmuludq %xmm1,%xmm12,%xmm0
+movdqa %xmm1,448(%rsp)
+vpaddq %xmm3,%xmm2,%xmm1
+paddq subc2,%xmm2
+psubq %xmm3,%xmm2
+vpunpckhqdq %xmm1,%xmm2,%xmm3
+vpunpcklqdq %xmm1,%xmm2,%xmm1
+vpmuludq %xmm1,%xmm10,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq %xmm3,%xmm10,%xmm2
+movdqa %xmm3,464(%rsp)
+paddq %xmm3,%xmm3
+vpmuludq %xmm1,%xmm12,%xmm14
+movdqa %xmm1,480(%rsp)
+paddq %xmm14,%xmm2
+vpmuludq %xmm3,%xmm12,%xmm1
+movdqa %xmm3,496(%rsp)
+vpaddq %xmm5,%xmm4,%xmm3
+paddq subc2,%xmm4
+psubq %xmm5,%xmm4
+vpunpckhqdq %xmm3,%xmm4,%xmm5
+vpunpcklqdq %xmm3,%xmm4,%xmm3
+vpmuludq %xmm3,%xmm10,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq %xmm5,%xmm10,%xmm4
+movdqa %xmm5,512(%rsp)
+paddq %xmm5,%xmm5
+vpmuludq %xmm3,%xmm12,%xmm14
+movdqa %xmm3,528(%rsp)
+paddq %xmm14,%xmm4
+vpaddq %xmm7,%xmm6,%xmm3
+paddq subc2,%xmm6
+psubq %xmm7,%xmm6
+vpunpckhqdq %xmm3,%xmm6,%xmm7
+vpunpcklqdq %xmm3,%xmm6,%xmm3
+vpmuludq %xmm3,%xmm10,%xmm6
+vpmuludq %xmm5,%xmm12,%xmm14
+movdqa %xmm5,544(%rsp)
+pmuludq v19_19,%xmm5
+movdqa %xmm5,560(%rsp)
+paddq %xmm14,%xmm6
+vpmuludq %xmm7,%xmm10,%xmm5
+movdqa %xmm7,576(%rsp)
+paddq %xmm7,%xmm7
+vpmuludq %xmm3,%xmm12,%xmm14
+movdqa %xmm3,592(%rsp)
+paddq %xmm14,%xmm5
+pmuludq v19_19,%xmm3
+movdqa %xmm3,608(%rsp)
+vpaddq %xmm9,%xmm8,%xmm3
+paddq subc2,%xmm8
+psubq %xmm9,%xmm8
+vpunpckhqdq %xmm3,%xmm8,%xmm9
+vpunpcklqdq %xmm3,%xmm8,%xmm3
+movdqa %xmm3,624(%rsp)
+vpmuludq %xmm7,%xmm12,%xmm8
+movdqa %xmm7,640(%rsp)
+pmuludq v19_19,%xmm7
+movdqa %xmm7,656(%rsp)
+vpmuludq %xmm3,%xmm10,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq %xmm9,%xmm10,%xmm7
+movdqa %xmm9,672(%rsp)
+paddq %xmm9,%xmm9
+vpmuludq %xmm3,%xmm12,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+movdqa %xmm3,688(%rsp)
+pmuludq v19_19,%xmm12
+vpmuludq %xmm9,%xmm12,%xmm3
+movdqa %xmm9,704(%rsp)
+paddq %xmm3,%xmm11
+movdqa 0(%rsp),%xmm3
+movdqa 16(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 480(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 464(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 528(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 512(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 592(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 576(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 624(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+pmuludq 672(%rsp),%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 448(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 480(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 496(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 528(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 544(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 592(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 640(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 624(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+pmuludq 704(%rsp),%xmm9
+paddq %xmm9,%xmm0
+movdqa 32(%rsp),%xmm3
+movdqa 80(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 480(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 464(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 528(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 512(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 592(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 576(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 624(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+pmuludq 672(%rsp),%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 448(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 480(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 496(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 528(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 544(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 592(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 640(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 624(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+pmuludq 704(%rsp),%xmm9
+paddq %xmm9,%xmm1
+movdqa 48(%rsp),%xmm3
+movdqa 96(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 480(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 464(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 528(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 512(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 592(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 576(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 624(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+pmuludq 672(%rsp),%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 448(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 480(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 496(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 528(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 544(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 592(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 640(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 624(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+pmuludq 704(%rsp),%xmm9
+paddq %xmm9,%xmm6
+movdqa 64(%rsp),%xmm3
+movdqa 112(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 480(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 464(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 528(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 512(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 592(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 576(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 624(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+pmuludq 672(%rsp),%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 448(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 480(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 496(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 528(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 544(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 592(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 640(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 624(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+pmuludq 704(%rsp),%xmm9
+paddq %xmm9,%xmm8
+vpsrlq $25,%xmm4,%xmm3
+paddq %xmm3,%xmm6
+pand m25,%xmm4
+vpsrlq $26,%xmm11,%xmm3
+paddq %xmm3,%xmm13
+pand m26,%xmm11
+vpsrlq $26,%xmm6,%xmm3
+paddq %xmm3,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm13,%xmm3
+paddq %xmm3,%xmm0
+pand m25,%xmm13
+vpsrlq $25,%xmm5,%xmm3
+paddq %xmm3,%xmm8
+pand m25,%xmm5
+vpsrlq $26,%xmm0,%xmm3
+paddq %xmm3,%xmm2
+pand m26,%xmm0
+vpsrlq $26,%xmm8,%xmm3
+paddq %xmm3,%xmm7
+pand m26,%xmm8
+vpsrlq $25,%xmm2,%xmm3
+paddq %xmm3,%xmm1
+pand m25,%xmm2
+vpsrlq $25,%xmm7,%xmm3
+vpsllq $4,%xmm3,%xmm9
+paddq %xmm3,%xmm11
+psllq $1,%xmm3
+paddq %xmm3,%xmm9
+paddq %xmm9,%xmm11
+pand m25,%xmm7
+vpsrlq $26,%xmm1,%xmm3
+paddq %xmm3,%xmm4
+pand m26,%xmm1
+vpsrlq $26,%xmm11,%xmm3
+paddq %xmm3,%xmm13
+pand m26,%xmm11
+vpsrlq $25,%xmm4,%xmm3
+paddq %xmm3,%xmm6
+pand m25,%xmm4
+vpunpcklqdq %xmm13,%xmm11,%xmm3
+vpunpckhqdq %xmm13,%xmm11,%xmm9
+vpaddq subc0,%xmm9,%xmm10
+psubq %xmm3,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm3,%xmm10,%xmm9
+punpcklqdq %xmm3,%xmm10
+vpmuludq %xmm10,%xmm10,%xmm3
+paddq %xmm10,%xmm10
+vpmuludq %xmm9,%xmm10,%xmm11
+vpunpcklqdq %xmm2,%xmm0,%xmm12
+vpunpckhqdq %xmm2,%xmm0,%xmm0
+vpaddq subc2,%xmm0,%xmm2
+psubq %xmm12,%xmm2
+paddq %xmm0,%xmm12
+vpunpckhqdq %xmm12,%xmm2,%xmm0
+punpcklqdq %xmm12,%xmm2
+vpmuludq %xmm2,%xmm10,%xmm12
+vpaddq %xmm9,%xmm9,%xmm13
+vpmuludq %xmm13,%xmm9,%xmm9
+paddq %xmm9,%xmm12
+vpmuludq %xmm0,%xmm10,%xmm9
+vpmuludq %xmm2,%xmm13,%xmm14
+paddq %xmm14,%xmm9
+vpunpcklqdq %xmm4,%xmm1,%xmm14
+vpunpckhqdq %xmm4,%xmm1,%xmm1
+vpaddq subc2,%xmm1,%xmm4
+psubq %xmm14,%xmm4
+paddq %xmm1,%xmm14
+vpunpckhqdq %xmm14,%xmm4,%xmm1
+punpcklqdq %xmm14,%xmm4
+movdqa %xmm1,0(%rsp)
+paddq %xmm1,%xmm1
+movdqa %xmm1,16(%rsp)
+pmuludq v19_19,%xmm1
+movdqa %xmm1,32(%rsp)
+vpmuludq %xmm4,%xmm10,%xmm1
+vpmuludq %xmm2,%xmm2,%xmm14
+paddq %xmm14,%xmm1
+vpmuludq 0(%rsp),%xmm10,%xmm14
+vpmuludq %xmm4,%xmm13,%xmm15
+paddq %xmm15,%xmm14
+vpunpcklqdq %xmm5,%xmm6,%xmm15
+vpunpckhqdq %xmm5,%xmm6,%xmm5
+vpaddq subc2,%xmm5,%xmm6
+psubq %xmm15,%xmm6
+paddq %xmm5,%xmm15
+vpunpckhqdq %xmm15,%xmm6,%xmm5
+punpcklqdq %xmm15,%xmm6
+movdqa %xmm6,48(%rsp)
+pmuludq v19_19,%xmm6
+movdqa %xmm6,64(%rsp)
+movdqa %xmm5,80(%rsp)
+pmuludq v38_38,%xmm5
+movdqa %xmm5,96(%rsp)
+vpmuludq 48(%rsp),%xmm10,%xmm5
+vpaddq %xmm0,%xmm0,%xmm6
+vpmuludq %xmm6,%xmm0,%xmm0
+paddq %xmm0,%xmm5
+vpmuludq 80(%rsp),%xmm10,%xmm0
+vpmuludq %xmm4,%xmm6,%xmm15
+paddq %xmm15,%xmm0
+vpmuludq %xmm6,%xmm13,%xmm15
+paddq %xmm15,%xmm1
+vpmuludq %xmm6,%xmm2,%xmm15
+paddq %xmm15,%xmm14
+vpunpcklqdq %xmm7,%xmm8,%xmm15
+vpunpckhqdq %xmm7,%xmm8,%xmm7
+vpaddq subc2,%xmm7,%xmm8
+psubq %xmm15,%xmm8
+paddq %xmm7,%xmm15
+vpunpckhqdq %xmm15,%xmm8,%xmm7
+punpcklqdq %xmm15,%xmm8
+movdqa %xmm8,112(%rsp)
+pmuludq v19_19,%xmm8
+movdqa %xmm8,448(%rsp)
+vpmuludq 112(%rsp),%xmm10,%xmm8
+vpmuludq %xmm7,%xmm10,%xmm10
+vpmuludq v38_38,%xmm7,%xmm15
+vpmuludq %xmm15,%xmm7,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq %xmm15,%xmm13,%xmm7
+paddq %xmm7,%xmm3
+vpmuludq %xmm15,%xmm2,%xmm7
+paddq %xmm7,%xmm11
+vpmuludq 80(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq 16(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 48(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm0
+vpmuludq 112(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm10
+vpmuludq %xmm15,%xmm6,%xmm7
+paddq %xmm7,%xmm12
+vpmuludq %xmm15,%xmm4,%xmm7
+paddq %xmm7,%xmm9
+vpaddq %xmm2,%xmm2,%xmm2
+vpmuludq %xmm4,%xmm2,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 448(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm3
+vpmuludq 448(%rsp),%xmm6,%xmm7
+paddq %xmm7,%xmm11
+vpmuludq 0(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm0
+vpmuludq 48(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq 80(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 96(%rsp),%xmm4,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq %xmm4,%xmm4,%xmm2
+paddq %xmm2,%xmm8
+vpaddq %xmm4,%xmm4,%xmm2
+vpmuludq 448(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm12
+vpmuludq 16(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq 48(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm14
+vpmuludq 96(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm3
+movdqa 16(%rsp),%xmm4
+pmuludq 448(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 16(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm8
+vpmuludq 48(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 80(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm4
+paddq %xmm4,%xmm5
+vpmuludq 112(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm0
+movdqa 48(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 448(%rsp),%xmm4
+paddq %xmm4,%xmm1
+movdqa 80(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 448(%rsp),%xmm4
+paddq %xmm4,%xmm14
+vpmuludq 64(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm3
+movdqa 16(%rsp),%xmm4
+pmuludq 64(%rsp),%xmm4
+paddq %xmm4,%xmm11
+movdqa 16(%rsp),%xmm4
+pmuludq 96(%rsp),%xmm4
+paddq %xmm4,%xmm12
+movdqa 48(%rsp),%xmm4
+pmuludq 96(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 0(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm10
+movdqa 32(%rsp),%xmm2
+pmuludq 0(%rsp),%xmm2
+paddq %xmm2,%xmm3
+movdqa 64(%rsp),%xmm2
+pmuludq 48(%rsp),%xmm2
+paddq %xmm2,%xmm12
+movdqa 96(%rsp),%xmm2
+pmuludq 80(%rsp),%xmm2
+paddq %xmm2,%xmm1
+movdqa 448(%rsp),%xmm2
+pmuludq 112(%rsp),%xmm2
+paddq %xmm2,%xmm5
+vpsrlq $26,%xmm3,%xmm2
+paddq %xmm2,%xmm11
+pand m26,%xmm3
+vpsrlq $25,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm14
+vpsrlq $25,%xmm11,%xmm2
+paddq %xmm2,%xmm12
+pand m25,%xmm11
+vpsrlq $26,%xmm5,%xmm2
+paddq %xmm2,%xmm0
+pand m26,%xmm5
+vpsrlq $26,%xmm12,%xmm2
+paddq %xmm2,%xmm9
+pand m26,%xmm12
+vpsrlq $25,%xmm0,%xmm2
+paddq %xmm2,%xmm8
+pand m25,%xmm0
+vpsrlq $25,%xmm9,%xmm2
+paddq %xmm2,%xmm1
+pand m25,%xmm9
+vpsrlq $26,%xmm8,%xmm2
+paddq %xmm2,%xmm10
+pand m26,%xmm8
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pand m26,%xmm1
+vpsrlq $25,%xmm10,%xmm2
+vpsllq $4,%xmm2,%xmm4
+paddq %xmm2,%xmm3
+psllq $1,%xmm2
+paddq %xmm2,%xmm4
+paddq %xmm4,%xmm3
+pand m25,%xmm10
+vpsrlq $25,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm14
+vpsrlq $26,%xmm3,%xmm2
+paddq %xmm2,%xmm11
+pand m26,%xmm3
+vpunpckhqdq %xmm11,%xmm3,%xmm2
+movdqa %xmm2,0(%rsp)
+pshufd $0,%xmm3,%xmm2
+pshufd $0,%xmm11,%xmm3
+vpmuludq 160(%rsp),%xmm2,%xmm4
+vpmuludq 432(%rsp),%xmm3,%xmm6
+paddq %xmm6,%xmm4
+vpmuludq 176(%rsp),%xmm2,%xmm6
+vpmuludq 304(%rsp),%xmm3,%xmm7
+paddq %xmm7,%xmm6
+vpmuludq 208(%rsp),%xmm2,%xmm7
+vpmuludq 336(%rsp),%xmm3,%xmm11
+paddq %xmm11,%xmm7
+vpmuludq 240(%rsp),%xmm2,%xmm11
+vpmuludq 368(%rsp),%xmm3,%xmm13
+paddq %xmm13,%xmm11
+vpmuludq 272(%rsp),%xmm2,%xmm2
+vpmuludq 400(%rsp),%xmm3,%xmm3
+paddq %xmm3,%xmm2
+vpunpckhqdq %xmm9,%xmm12,%xmm3
+movdqa %xmm3,16(%rsp)
+pshufd $0,%xmm12,%xmm3
+pshufd $0,%xmm9,%xmm9
+vpmuludq 288(%rsp),%xmm3,%xmm12
+paddq %xmm12,%xmm4
+vpmuludq 416(%rsp),%xmm9,%xmm12
+paddq %xmm12,%xmm4
+vpmuludq 160(%rsp),%xmm3,%xmm12
+paddq %xmm12,%xmm6
+vpmuludq 432(%rsp),%xmm9,%xmm12
+paddq %xmm12,%xmm6
+vpmuludq 176(%rsp),%xmm3,%xmm12
+paddq %xmm12,%xmm7
+vpmuludq 304(%rsp),%xmm9,%xmm12
+paddq %xmm12,%xmm7
+vpmuludq 208(%rsp),%xmm3,%xmm12
+paddq %xmm12,%xmm11
+vpmuludq 336(%rsp),%xmm9,%xmm12
+paddq %xmm12,%xmm11
+vpmuludq 240(%rsp),%xmm3,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 368(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpunpckhqdq %xmm14,%xmm1,%xmm3
+movdqa %xmm3,32(%rsp)
+pshufd $0,%xmm1,%xmm1
+pshufd $0,%xmm14,%xmm3
+vpmuludq 256(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm4
+vpmuludq 384(%rsp),%xmm3,%xmm9
+paddq %xmm9,%xmm4
+vpmuludq 288(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm6
+vpmuludq 416(%rsp),%xmm3,%xmm9
+paddq %xmm9,%xmm6
+vpmuludq 160(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm7
+vpmuludq 432(%rsp),%xmm3,%xmm9
+paddq %xmm9,%xmm7
+vpmuludq 176(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm11
+vpmuludq 304(%rsp),%xmm3,%xmm9
+paddq %xmm9,%xmm11
+vpmuludq 208(%rsp),%xmm1,%xmm1
+paddq %xmm1,%xmm2
+vpmuludq 336(%rsp),%xmm3,%xmm1
+paddq %xmm1,%xmm2
+vpunpckhqdq %xmm0,%xmm5,%xmm1
+movdqa %xmm1,48(%rsp)
+pshufd $0,%xmm5,%xmm1
+pshufd $0,%xmm0,%xmm0
+vpmuludq 224(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 352(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 256(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 384(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 288(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 416(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 160(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 432(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 176(%rsp),%xmm1,%xmm1
+paddq %xmm1,%xmm2
+vpmuludq 304(%rsp),%xmm0,%xmm0
+paddq %xmm0,%xmm2
+vpunpckhqdq %xmm10,%xmm8,%xmm0
+movdqa %xmm0,64(%rsp)
+pshufd $0,%xmm8,%xmm0
+pshufd $0,%xmm10,%xmm1
+vpmuludq 192(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 320(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 224(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 352(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 256(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 384(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 288(%rsp),%xmm0,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 416(%rsp),%xmm1,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 160(%rsp),%xmm0,%xmm0
+paddq %xmm0,%xmm2
+vpmuludq 432(%rsp),%xmm1,%xmm0
+paddq %xmm0,%xmm2
+movdqa %xmm4,80(%rsp)
+movdqa %xmm6,96(%rsp)
+movdqa %xmm7,112(%rsp)
+movdqa %xmm11,448(%rsp)
+movdqa %xmm2,496(%rsp)
+movdqa 144(%rsp),%xmm0
+vpmuludq %xmm0,%xmm0,%xmm1
+paddq %xmm0,%xmm0
+movdqa 128(%rsp),%xmm2
+vpmuludq %xmm2,%xmm0,%xmm3
+movdqa 480(%rsp),%xmm4
+vpmuludq %xmm4,%xmm0,%xmm5
+movdqa 464(%rsp),%xmm6
+vpmuludq %xmm6,%xmm0,%xmm7
+movdqa 528(%rsp),%xmm8
+vpmuludq %xmm8,%xmm0,%xmm9
+vpmuludq 512(%rsp),%xmm0,%xmm10
+vpmuludq 592(%rsp),%xmm0,%xmm11
+vpmuludq 576(%rsp),%xmm0,%xmm12
+vpmuludq 624(%rsp),%xmm0,%xmm13
+movdqa 672(%rsp),%xmm14
+vpmuludq %xmm14,%xmm0,%xmm0
+vpmuludq v38_38,%xmm14,%xmm15
+vpmuludq %xmm15,%xmm14,%xmm14
+paddq %xmm14,%xmm13
+vpaddq %xmm6,%xmm6,%xmm14
+vpmuludq %xmm14,%xmm6,%xmm6
+paddq %xmm6,%xmm11
+vpaddq %xmm2,%xmm2,%xmm6
+vpmuludq %xmm6,%xmm2,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq %xmm15,%xmm6,%xmm2
+paddq %xmm2,%xmm1
+vpmuludq %xmm15,%xmm4,%xmm2
+paddq %xmm2,%xmm3
+vpmuludq 544(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 592(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 640(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 624(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq %xmm4,%xmm6,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq %xmm14,%xmm6,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq %xmm8,%xmm6,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq %xmm15,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq %xmm15,%xmm8,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq %xmm4,%xmm4,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq %xmm14,%xmm4,%xmm2
+paddq %xmm2,%xmm10
+vpaddq %xmm4,%xmm4,%xmm2
+vpmuludq %xmm8,%xmm2,%xmm4
+paddq %xmm4,%xmm11
+vpmuludq 688(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq 688(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm3
+vpmuludq 512(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm12
+vpmuludq 592(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm13
+vpmuludq 576(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq 656(%rsp),%xmm8,%xmm2
+paddq %xmm2,%xmm3
+vpmuludq %xmm8,%xmm14,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq %xmm8,%xmm8,%xmm2
+paddq %xmm2,%xmm13
+vpaddq %xmm8,%xmm8,%xmm2
+vpmuludq 688(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm5
+vpmuludq 544(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 592(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 656(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm1
+movdqa 544(%rsp),%xmm4
+pmuludq 688(%rsp),%xmm4
+paddq %xmm4,%xmm7
+vpmuludq 544(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm13
+vpmuludq 592(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm0
+vpmuludq 640(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm11
+vpmuludq 624(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm12
+movdqa 592(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 688(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 608(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm1
+movdqa 544(%rsp),%xmm4
+pmuludq 608(%rsp),%xmm4
+paddq %xmm4,%xmm3
+movdqa 544(%rsp),%xmm4
+pmuludq 656(%rsp),%xmm4
+paddq %xmm4,%xmm5
+movdqa 592(%rsp),%xmm4
+pmuludq 656(%rsp),%xmm4
+paddq %xmm4,%xmm7
+movdqa 640(%rsp),%xmm4
+pmuludq 688(%rsp),%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 512(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm0
+movdqa 560(%rsp),%xmm2
+pmuludq 512(%rsp),%xmm2
+paddq %xmm2,%xmm1
+movdqa 608(%rsp),%xmm2
+pmuludq 592(%rsp),%xmm2
+paddq %xmm2,%xmm5
+movdqa 656(%rsp),%xmm2
+pmuludq 576(%rsp),%xmm2
+paddq %xmm2,%xmm9
+movdqa 688(%rsp),%xmm2
+pmuludq 624(%rsp),%xmm2
+paddq %xmm2,%xmm11
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm3
+pand m26,%xmm1
+vpsrlq $25,%xmm10,%xmm2
+paddq %xmm2,%xmm11
+pand m25,%xmm10
+vpsrlq $25,%xmm3,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm3
+vpsrlq $26,%xmm11,%xmm2
+paddq %xmm2,%xmm12
+pand m26,%xmm11
+vpsrlq $26,%xmm5,%xmm2
+paddq %xmm2,%xmm7
+pand m26,%xmm5
+vpsrlq $25,%xmm12,%xmm2
+paddq %xmm2,%xmm13
+pand m25,%xmm12
+vpsrlq $25,%xmm7,%xmm2
+paddq %xmm2,%xmm9
+pand m25,%xmm7
+vpsrlq $26,%xmm13,%xmm2
+paddq %xmm2,%xmm0
+pand m26,%xmm13
+vpsrlq $26,%xmm9,%xmm2
+paddq %xmm2,%xmm10
+pand m26,%xmm9
+vpsrlq $25,%xmm0,%xmm2
+vpsllq $4,%xmm2,%xmm4
+paddq %xmm2,%xmm1
+psllq $1,%xmm2
+paddq %xmm2,%xmm4
+paddq %xmm4,%xmm1
+pand m25,%xmm0
+vpsrlq $25,%xmm10,%xmm2
+paddq %xmm2,%xmm11
+pand m25,%xmm10
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm3
+pand m26,%xmm1
+vpunpckhqdq %xmm3,%xmm1,%xmm2
+vpunpcklqdq %xmm3,%xmm1,%xmm1
+movdqa %xmm1,464(%rsp)
+vpaddq subc0,%xmm2,%xmm3
+psubq %xmm1,%xmm3
+vpunpckhqdq %xmm3,%xmm2,%xmm1
+vpunpcklqdq %xmm3,%xmm2,%xmm2
+movdqa %xmm2,480(%rsp)
+movdqa %xmm1,512(%rsp)
+psllq $1,%xmm1
+movdqa %xmm1,528(%rsp)
+pmuludq v121666_121666,%xmm3
+movdqa 80(%rsp),%xmm1
+vpunpcklqdq %xmm1,%xmm3,%xmm2
+vpunpckhqdq %xmm1,%xmm3,%xmm1
+vpunpckhqdq %xmm7,%xmm5,%xmm3
+vpunpcklqdq %xmm7,%xmm5,%xmm4
+movdqa %xmm4,544(%rsp)
+vpaddq subc2,%xmm3,%xmm5
+psubq %xmm4,%xmm5
+vpunpckhqdq %xmm5,%xmm3,%xmm4
+vpunpcklqdq %xmm5,%xmm3,%xmm3
+movdqa %xmm3,560(%rsp)
+movdqa %xmm4,576(%rsp)
+psllq $1,%xmm4
+movdqa %xmm4,592(%rsp)
+pmuludq v121666_121666,%xmm5
+movdqa 96(%rsp),%xmm3
+vpunpcklqdq %xmm3,%xmm5,%xmm4
+vpunpckhqdq %xmm3,%xmm5,%xmm3
+vpunpckhqdq %xmm10,%xmm9,%xmm5
+vpunpcklqdq %xmm10,%xmm9,%xmm6
+movdqa %xmm6,608(%rsp)
+vpaddq subc2,%xmm5,%xmm7
+psubq %xmm6,%xmm7
+vpunpckhqdq %xmm7,%xmm5,%xmm6
+vpunpcklqdq %xmm7,%xmm5,%xmm5
+movdqa %xmm5,624(%rsp)
+movdqa %xmm6,640(%rsp)
+psllq $1,%xmm6
+movdqa %xmm6,656(%rsp)
+pmuludq v121666_121666,%xmm7
+movdqa 112(%rsp),%xmm5
+vpunpcklqdq %xmm5,%xmm7,%xmm6
+vpunpckhqdq %xmm5,%xmm7,%xmm5
+vpunpckhqdq %xmm12,%xmm11,%xmm7
+vpunpcklqdq %xmm12,%xmm11,%xmm8
+movdqa %xmm8,672(%rsp)
+vpaddq subc2,%xmm7,%xmm9
+psubq %xmm8,%xmm9
+vpunpckhqdq %xmm9,%xmm7,%xmm8
+vpunpcklqdq %xmm9,%xmm7,%xmm7
+movdqa %xmm7,688(%rsp)
+movdqa %xmm8,704(%rsp)
+psllq $1,%xmm8
+movdqa %xmm8,720(%rsp)
+pmuludq v121666_121666,%xmm9
+movdqa 448(%rsp),%xmm7
+vpunpcklqdq %xmm7,%xmm9,%xmm8
+vpunpckhqdq %xmm7,%xmm9,%xmm7
+vpunpckhqdq %xmm0,%xmm13,%xmm9
+vpunpcklqdq %xmm0,%xmm13,%xmm0
+movdqa %xmm0,448(%rsp)
+vpaddq subc2,%xmm9,%xmm10
+psubq %xmm0,%xmm10
+vpunpckhqdq %xmm10,%xmm9,%xmm0
+vpunpcklqdq %xmm10,%xmm9,%xmm9
+movdqa %xmm9,736(%rsp)
+movdqa %xmm0,752(%rsp)
+psllq $1,%xmm0
+movdqa %xmm0,768(%rsp)
+pmuludq v121666_121666,%xmm10
+movdqa 496(%rsp),%xmm0
+vpunpcklqdq %xmm0,%xmm10,%xmm9
+vpunpckhqdq %xmm0,%xmm10,%xmm0
+vpsrlq $26,%xmm2,%xmm10
+paddq %xmm10,%xmm1
+pand m26,%xmm2
+vpsrlq $25,%xmm5,%xmm10
+paddq %xmm10,%xmm8
+pand m25,%xmm5
+vpsrlq $25,%xmm1,%xmm10
+paddq %xmm10,%xmm4
+pand m25,%xmm1
+vpsrlq $26,%xmm8,%xmm10
+paddq %xmm10,%xmm7
+pand m26,%xmm8
+vpsrlq $26,%xmm4,%xmm10
+paddq %xmm10,%xmm3
+pand m26,%xmm4
+vpsrlq $25,%xmm7,%xmm10
+paddq %xmm10,%xmm9
+pand m25,%xmm7
+vpsrlq $25,%xmm3,%xmm10
+paddq %xmm10,%xmm6
+pand m25,%xmm3
+vpsrlq $26,%xmm9,%xmm10
+paddq %xmm10,%xmm0
+pand m26,%xmm9
+vpsrlq $26,%xmm6,%xmm10
+paddq %xmm10,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm0,%xmm10
+vpsllq $4,%xmm10,%xmm11
+paddq %xmm10,%xmm2
+psllq $1,%xmm10
+paddq %xmm10,%xmm11
+paddq %xmm11,%xmm2
+pand m25,%xmm0
+vpsrlq $25,%xmm5,%xmm10
+paddq %xmm10,%xmm8
+pand m25,%xmm5
+vpsrlq $26,%xmm2,%xmm10
+paddq %xmm10,%xmm1
+pand m26,%xmm2
+vpunpckhqdq %xmm1,%xmm2,%xmm10
+movdqa %xmm10,80(%rsp)
+vpunpcklqdq %xmm1,%xmm2,%xmm1
+vpunpckhqdq %xmm3,%xmm4,%xmm2
+movdqa %xmm2,96(%rsp)
+vpunpcklqdq %xmm3,%xmm4,%xmm2
+vpunpckhqdq %xmm5,%xmm6,%xmm3
+movdqa %xmm3,112(%rsp)
+vpunpcklqdq %xmm5,%xmm6,%xmm3
+vpunpckhqdq %xmm7,%xmm8,%xmm4
+movdqa %xmm4,128(%rsp)
+vpunpcklqdq %xmm7,%xmm8,%xmm4
+vpunpckhqdq %xmm0,%xmm9,%xmm5
+movdqa %xmm5,144(%rsp)
+vpunpcklqdq %xmm0,%xmm9,%xmm0
+movdqa 464(%rsp),%xmm5
+paddq %xmm5,%xmm1
+vpunpcklqdq %xmm1,%xmm5,%xmm6
+vpunpckhqdq %xmm1,%xmm5,%xmm1
+vpmuludq 512(%rsp),%xmm6,%xmm5
+vpmuludq 480(%rsp),%xmm1,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 560(%rsp),%xmm6,%xmm7
+vpmuludq 528(%rsp),%xmm1,%xmm8
+paddq %xmm8,%xmm7
+vpmuludq 576(%rsp),%xmm6,%xmm8
+vpmuludq 560(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm8
+vpmuludq 624(%rsp),%xmm6,%xmm9
+vpmuludq 592(%rsp),%xmm1,%xmm10
+paddq %xmm10,%xmm9
+vpmuludq 640(%rsp),%xmm6,%xmm10
+vpmuludq 624(%rsp),%xmm1,%xmm11
+paddq %xmm11,%xmm10
+vpmuludq 688(%rsp),%xmm6,%xmm11
+vpmuludq 656(%rsp),%xmm1,%xmm12
+paddq %xmm12,%xmm11
+vpmuludq 704(%rsp),%xmm6,%xmm12
+vpmuludq 688(%rsp),%xmm1,%xmm13
+paddq %xmm13,%xmm12
+vpmuludq 736(%rsp),%xmm6,%xmm13
+vpmuludq 720(%rsp),%xmm1,%xmm14
+paddq %xmm14,%xmm13
+vpmuludq 752(%rsp),%xmm6,%xmm14
+vpmuludq 736(%rsp),%xmm1,%xmm15
+paddq %xmm15,%xmm14
+vpmuludq 480(%rsp),%xmm6,%xmm6
+pmuludq v19_19,%xmm1
+vpmuludq 768(%rsp),%xmm1,%xmm1
+paddq %xmm1,%xmm6
+movdqa 544(%rsp),%xmm1
+paddq %xmm1,%xmm2
+vpunpcklqdq %xmm2,%xmm1,%xmm15
+vpunpckhqdq %xmm2,%xmm1,%xmm1
+vpmuludq 480(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 512(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 560(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 576(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 624(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 640(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 688(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 704(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm15
+vpmuludq 736(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm6
+pmuludq 752(%rsp),%xmm15
+paddq %xmm15,%xmm5
+vpmuludq 480(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 528(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 560(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 592(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 624(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 656(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 688(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 720(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 736(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+pmuludq 768(%rsp),%xmm1
+paddq %xmm1,%xmm7
+movdqa 608(%rsp),%xmm1
+paddq %xmm1,%xmm3
+vpunpcklqdq %xmm3,%xmm1,%xmm2
+vpunpckhqdq %xmm3,%xmm1,%xmm1
+vpmuludq 480(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm9
+vpmuludq 512(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm10
+vpmuludq 560(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 576(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm12
+vpmuludq 624(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 640(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 688(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 704(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 736(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm7
+pmuludq 752(%rsp),%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 480(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 528(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 560(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 592(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 624(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 656(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 688(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq 720(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 736(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+pmuludq 768(%rsp),%xmm1
+paddq %xmm1,%xmm9
+movdqa 672(%rsp),%xmm1
+paddq %xmm1,%xmm4
+vpunpcklqdq %xmm4,%xmm1,%xmm2
+vpunpckhqdq %xmm4,%xmm1,%xmm1
+vpmuludq 480(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 512(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm12
+vpmuludq 560(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 576(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 624(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 640(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 688(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 704(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 736(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm9
+pmuludq 752(%rsp),%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 480(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 528(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 560(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 592(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 624(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq 656(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 688(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 720(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 736(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+pmuludq 768(%rsp),%xmm1
+paddq %xmm1,%xmm11
+movdqa 448(%rsp),%xmm1
+paddq %xmm1,%xmm0
+vpunpcklqdq %xmm0,%xmm1,%xmm2
+vpunpckhqdq %xmm0,%xmm1,%xmm0
+vpmuludq 480(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm13
+vpmuludq 512(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 560(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm6
+vpmuludq 576(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm5
+vpmuludq 624(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm7
+vpmuludq 640(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm8
+vpmuludq 688(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm9
+vpmuludq 704(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm10
+vpmuludq 736(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm11
+pmuludq 752(%rsp),%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 480(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm14
+pmuludq v19_19,%xmm0
+vpmuludq 528(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm6
+vpmuludq 560(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm5
+vpmuludq 592(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm7
+vpmuludq 624(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm8
+vpmuludq 656(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm9
+vpmuludq 688(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm10
+vpmuludq 720(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm11
+vpmuludq 736(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm12
+pmuludq 768(%rsp),%xmm0
+paddq %xmm0,%xmm13
+vpsrlq $26,%xmm6,%xmm0
+paddq %xmm0,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm10,%xmm0
+paddq %xmm0,%xmm11
+pand m25,%xmm10
+vpsrlq $25,%xmm5,%xmm0
+paddq %xmm0,%xmm7
+pand m25,%xmm5
+vpsrlq $26,%xmm11,%xmm0
+paddq %xmm0,%xmm12
+pand m26,%xmm11
+vpsrlq $26,%xmm7,%xmm0
+paddq %xmm0,%xmm8
+pand m26,%xmm7
+vpsrlq $25,%xmm12,%xmm0
+paddq %xmm0,%xmm13
+pand m25,%xmm12
+vpsrlq $25,%xmm8,%xmm0
+paddq %xmm0,%xmm9
+pand m25,%xmm8
+vpsrlq $26,%xmm13,%xmm0
+paddq %xmm0,%xmm14
+pand m26,%xmm13
+vpsrlq $26,%xmm9,%xmm0
+paddq %xmm0,%xmm10
+pand m26,%xmm9
+vpsrlq $25,%xmm14,%xmm0
+vpsllq $4,%xmm0,%xmm1
+paddq %xmm0,%xmm6
+psllq $1,%xmm0
+paddq %xmm0,%xmm1
+paddq %xmm1,%xmm6
+pand m25,%xmm14
+vpsrlq $25,%xmm10,%xmm0
+paddq %xmm0,%xmm11
+pand m25,%xmm10
+vpsrlq $26,%xmm6,%xmm0
+paddq %xmm0,%xmm5
+pand m26,%xmm6
+vpunpckhqdq %xmm5,%xmm6,%xmm1
+vpunpcklqdq %xmm5,%xmm6,%xmm0
+vpunpckhqdq %xmm8,%xmm7,%xmm3
+vpunpcklqdq %xmm8,%xmm7,%xmm2
+vpunpckhqdq %xmm10,%xmm9,%xmm5
+vpunpcklqdq %xmm10,%xmm9,%xmm4
+vpunpckhqdq %xmm12,%xmm11,%xmm7
+vpunpcklqdq %xmm12,%xmm11,%xmm6
+vpunpckhqdq %xmm14,%xmm13,%xmm9
+vpunpcklqdq %xmm14,%xmm13,%xmm8
+cmp  $0,%rdx
+jne ._loop
+movdqu   %xmm1,160(%rdi)
+movdqu   %xmm0,80(%rdi)
+movdqu   %xmm3,176(%rdi)
+movdqu   %xmm2,96(%rdi)
+movdqu   %xmm5,192(%rdi)
+movdqu   %xmm4,112(%rdi)
+movdqu   %xmm7,208(%rdi)
+movdqu   %xmm6,128(%rdi)
+movdqu   %xmm9,224(%rdi)
+movdqu   %xmm8,144(%rdi)
+movq 1824(%rsp),%r11
+movq 1832(%rsp),%r12
+movq 1840(%rsp),%r13
+movq 1848(%rsp),%r14
+add %r11,%rsp
+ret
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h
new file mode 100644
index 00000000..afd22350
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h
@@ -0,0 +1,10 @@
+#ifndef LADDER_H
+#define LADDER_H
+
+#include "fe.h"
+#include "ladder_namespace.h"
+
+extern void ladder(fe *, const unsigned char *);
+
+#endif //ifndef LADDER_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
new file mode 100644
index 00000000..b8d634a5
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
@@ -0,0 +1,1277 @@
+#include "ladder_base_namespace.h"
+#include "consts_namespace.h"
+.p2align 5
+.global _ladder_base
+.global ladder_base
+_ladder_base:
+ladder_base:
+mov %rsp,%r11
+and $31,%r11
+add $1568,%r11
+sub %r11,%rsp
+movq %r11,1536(%rsp)
+movq %r12,1544(%rsp)
+movq %r13,1552(%rsp)
+movdqa v0_0,%xmm0
+movdqa v1_0,%xmm1
+movdqa v9_0,%xmm2
+movdqa %xmm2,0(%rsp)
+movdqa %xmm0,16(%rsp)
+movdqa %xmm0,32(%rsp)
+movdqa %xmm0,48(%rsp)
+movdqa %xmm0,64(%rsp)
+movdqa %xmm1,80(%rsp)
+movdqa %xmm0,96(%rsp)
+movdqa %xmm0,112(%rsp)
+movdqa %xmm0,128(%rsp)
+movdqa %xmm0,144(%rsp)
+movdqa %xmm1,%xmm0
+pxor %xmm1,%xmm1
+pxor %xmm2,%xmm2
+pxor %xmm3,%xmm3
+pxor %xmm4,%xmm4
+pxor %xmm5,%xmm5
+pxor %xmm6,%xmm6
+pxor %xmm7,%xmm7
+pxor %xmm8,%xmm8
+pxor %xmm9,%xmm9
+movq   0(%rsi),%rdx
+movq   8(%rsi),%rcx
+movq   16(%rsi),%r8
+movq   24(%rsi),%r9
+shrd $1,%rcx,%rdx
+shrd $1,%r8,%rcx
+shrd $1,%r9,%r8
+shr  $1,%r9
+xorq 0(%rsi),%rdx
+xorq 8(%rsi),%rcx
+xorq 16(%rsi),%r8
+xorq 24(%rsi),%r9
+leaq 512(%rsp),%rsi
+mov  $64,%rax
+._small_loop:
+mov  %rdx,%r10
+mov  %rcx,%r11
+mov  %r8,%r12
+mov  %r9,%r13
+shr  $1,%rdx
+shr  $1,%rcx
+shr  $1,%r8
+shr  $1,%r9
+and  $1,%r10d
+and  $1,%r11d
+and  $1,%r12d
+and  $1,%r13d
+neg  %r10
+neg  %r11
+neg  %r12
+neg  %r13
+movl   %r10d,0(%rsi)
+movl   %r11d,256(%rsi)
+movl   %r12d,512(%rsi)
+movl   %r13d,768(%rsi)
+add  $4,%rsi
+sub  $1,%rax
+jne ._small_loop
+mov  $255,%rdx
+add  $760,%rsi
+._loop:
+sub  $1,%rdx
+vbroadcastss 0(%rsi),%xmm10
+sub  $4,%rsi
+movdqa 0(%rsp),%xmm11
+movdqa 80(%rsp),%xmm12
+vpxor %xmm11,%xmm0,%xmm13
+pand %xmm10,%xmm13
+pxor %xmm13,%xmm0
+pxor %xmm13,%xmm11
+vpxor %xmm12,%xmm1,%xmm13
+pand %xmm10,%xmm13
+pxor %xmm13,%xmm1
+pxor %xmm13,%xmm12
+movdqa 16(%rsp),%xmm13
+movdqa 96(%rsp),%xmm14
+vpxor %xmm13,%xmm2,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm2
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm3,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm3
+pxor %xmm15,%xmm14
+movdqa %xmm13,0(%rsp)
+movdqa %xmm14,16(%rsp)
+movdqa 32(%rsp),%xmm13
+movdqa 112(%rsp),%xmm14
+vpxor %xmm13,%xmm4,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm4
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm5,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm5
+pxor %xmm15,%xmm14
+movdqa %xmm13,32(%rsp)
+movdqa %xmm14,80(%rsp)
+movdqa 48(%rsp),%xmm13
+movdqa 128(%rsp),%xmm14
+vpxor %xmm13,%xmm6,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm6
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm7,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm7
+pxor %xmm15,%xmm14
+movdqa %xmm13,48(%rsp)
+movdqa %xmm14,96(%rsp)
+movdqa 64(%rsp),%xmm13
+movdqa 144(%rsp),%xmm14
+vpxor %xmm13,%xmm8,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm8
+pxor %xmm15,%xmm13
+vpxor %xmm14,%xmm9,%xmm15
+pand %xmm10,%xmm15
+pxor %xmm15,%xmm9
+pxor %xmm15,%xmm14
+movdqa %xmm13,64(%rsp)
+movdqa %xmm14,112(%rsp)
+vpaddq subc0,%xmm11,%xmm10
+psubq %xmm12,%xmm10
+paddq %xmm12,%xmm11
+vpunpckhqdq %xmm10,%xmm11,%xmm12
+vpunpcklqdq %xmm10,%xmm11,%xmm10
+vpaddq %xmm1,%xmm0,%xmm11
+paddq subc0,%xmm0
+psubq %xmm1,%xmm0
+vpunpckhqdq %xmm11,%xmm0,%xmm1
+vpunpcklqdq %xmm11,%xmm0,%xmm0
+vpmuludq %xmm0,%xmm10,%xmm11
+vpmuludq %xmm1,%xmm10,%xmm13
+movdqa %xmm1,128(%rsp)
+paddq %xmm1,%xmm1
+vpmuludq %xmm0,%xmm12,%xmm14
+movdqa %xmm0,144(%rsp)
+paddq %xmm14,%xmm13
+vpmuludq %xmm1,%xmm12,%xmm0
+movdqa %xmm1,160(%rsp)
+vpaddq %xmm3,%xmm2,%xmm1
+paddq subc2,%xmm2
+psubq %xmm3,%xmm2
+vpunpckhqdq %xmm1,%xmm2,%xmm3
+vpunpcklqdq %xmm1,%xmm2,%xmm1
+vpmuludq %xmm1,%xmm10,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq %xmm3,%xmm10,%xmm2
+movdqa %xmm3,176(%rsp)
+paddq %xmm3,%xmm3
+vpmuludq %xmm1,%xmm12,%xmm14
+movdqa %xmm1,192(%rsp)
+paddq %xmm14,%xmm2
+vpmuludq %xmm3,%xmm12,%xmm1
+movdqa %xmm3,208(%rsp)
+vpaddq %xmm5,%xmm4,%xmm3
+paddq subc2,%xmm4
+psubq %xmm5,%xmm4
+vpunpckhqdq %xmm3,%xmm4,%xmm5
+vpunpcklqdq %xmm3,%xmm4,%xmm3
+vpmuludq %xmm3,%xmm10,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq %xmm5,%xmm10,%xmm4
+movdqa %xmm5,224(%rsp)
+paddq %xmm5,%xmm5
+vpmuludq %xmm3,%xmm12,%xmm14
+movdqa %xmm3,240(%rsp)
+paddq %xmm14,%xmm4
+vpaddq %xmm7,%xmm6,%xmm3
+paddq subc2,%xmm6
+psubq %xmm7,%xmm6
+vpunpckhqdq %xmm3,%xmm6,%xmm7
+vpunpcklqdq %xmm3,%xmm6,%xmm3
+vpmuludq %xmm3,%xmm10,%xmm6
+vpmuludq %xmm5,%xmm12,%xmm14
+movdqa %xmm5,256(%rsp)
+pmuludq v19_19,%xmm5
+movdqa %xmm5,272(%rsp)
+paddq %xmm14,%xmm6
+vpmuludq %xmm7,%xmm10,%xmm5
+movdqa %xmm7,288(%rsp)
+paddq %xmm7,%xmm7
+vpmuludq %xmm3,%xmm12,%xmm14
+movdqa %xmm3,304(%rsp)
+paddq %xmm14,%xmm5
+pmuludq v19_19,%xmm3
+movdqa %xmm3,320(%rsp)
+vpaddq %xmm9,%xmm8,%xmm3
+paddq subc2,%xmm8
+psubq %xmm9,%xmm8
+vpunpckhqdq %xmm3,%xmm8,%xmm9
+vpunpcklqdq %xmm3,%xmm8,%xmm3
+movdqa %xmm3,336(%rsp)
+vpmuludq %xmm7,%xmm12,%xmm8
+movdqa %xmm7,352(%rsp)
+pmuludq v19_19,%xmm7
+movdqa %xmm7,368(%rsp)
+vpmuludq %xmm3,%xmm10,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq %xmm9,%xmm10,%xmm7
+movdqa %xmm9,384(%rsp)
+paddq %xmm9,%xmm9
+vpmuludq %xmm3,%xmm12,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+movdqa %xmm3,400(%rsp)
+pmuludq v19_19,%xmm12
+vpmuludq %xmm9,%xmm12,%xmm3
+movdqa %xmm9,416(%rsp)
+paddq %xmm3,%xmm11
+movdqa 0(%rsp),%xmm3
+movdqa 16(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 192(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 176(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 240(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 224(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 304(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 288(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 336(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+pmuludq 384(%rsp),%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 160(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 192(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 208(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 240(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 256(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 304(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 352(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 336(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+pmuludq 416(%rsp),%xmm9
+paddq %xmm9,%xmm0
+movdqa 32(%rsp),%xmm3
+movdqa 80(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 192(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 176(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 240(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 224(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 304(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 288(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 336(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+pmuludq 384(%rsp),%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 160(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 192(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 208(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 240(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 256(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 304(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 352(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 336(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+pmuludq 416(%rsp),%xmm9
+paddq %xmm9,%xmm1
+movdqa 48(%rsp),%xmm3
+movdqa 96(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm5
+vpmuludq 192(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 176(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 240(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 224(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 304(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 288(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 336(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+pmuludq 384(%rsp),%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 160(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 192(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 208(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 240(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 256(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 304(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 352(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 336(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+pmuludq 416(%rsp),%xmm9
+paddq %xmm9,%xmm6
+movdqa 64(%rsp),%xmm3
+movdqa 112(%rsp),%xmm9
+vpaddq subc2,%xmm3,%xmm10
+psubq %xmm9,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm10,%xmm3,%xmm9
+vpunpcklqdq %xmm10,%xmm3,%xmm3
+vpmuludq 144(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm8
+vpmuludq 128(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm7
+pmuludq v19_19,%xmm3
+vpmuludq 192(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm11
+vpmuludq 176(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm13
+vpmuludq 240(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm0
+vpmuludq 224(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm2
+vpmuludq 304(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm1
+vpmuludq 288(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm4
+vpmuludq 336(%rsp),%xmm3,%xmm10
+paddq %xmm10,%xmm6
+pmuludq 384(%rsp),%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 144(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm7
+pmuludq v19_19,%xmm9
+vpmuludq 160(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 192(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 208(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm0
+vpmuludq 240(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm2
+vpmuludq 256(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm1
+vpmuludq 304(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm4
+vpmuludq 352(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 336(%rsp),%xmm9,%xmm3
+paddq %xmm3,%xmm5
+pmuludq 416(%rsp),%xmm9
+paddq %xmm9,%xmm8
+vpsrlq $25,%xmm4,%xmm3
+paddq %xmm3,%xmm6
+pand m25,%xmm4
+vpsrlq $26,%xmm11,%xmm3
+paddq %xmm3,%xmm13
+pand m26,%xmm11
+vpsrlq $26,%xmm6,%xmm3
+paddq %xmm3,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm13,%xmm3
+paddq %xmm3,%xmm0
+pand m25,%xmm13
+vpsrlq $25,%xmm5,%xmm3
+paddq %xmm3,%xmm8
+pand m25,%xmm5
+vpsrlq $26,%xmm0,%xmm3
+paddq %xmm3,%xmm2
+pand m26,%xmm0
+vpsrlq $26,%xmm8,%xmm3
+paddq %xmm3,%xmm7
+pand m26,%xmm8
+vpsrlq $25,%xmm2,%xmm3
+paddq %xmm3,%xmm1
+pand m25,%xmm2
+vpsrlq $25,%xmm7,%xmm3
+vpsllq $4,%xmm3,%xmm9
+paddq %xmm3,%xmm11
+psllq $1,%xmm3
+paddq %xmm3,%xmm9
+paddq %xmm9,%xmm11
+pand m25,%xmm7
+vpsrlq $26,%xmm1,%xmm3
+paddq %xmm3,%xmm4
+pand m26,%xmm1
+vpsrlq $26,%xmm11,%xmm3
+paddq %xmm3,%xmm13
+pand m26,%xmm11
+vpsrlq $25,%xmm4,%xmm3
+paddq %xmm3,%xmm6
+pand m25,%xmm4
+vpunpcklqdq %xmm13,%xmm11,%xmm3
+vpunpckhqdq %xmm13,%xmm11,%xmm9
+vpaddq subc0,%xmm9,%xmm10
+psubq %xmm3,%xmm10
+paddq %xmm9,%xmm3
+vpunpckhqdq %xmm3,%xmm10,%xmm9
+punpcklqdq %xmm3,%xmm10
+vpmuludq %xmm10,%xmm10,%xmm3
+paddq %xmm10,%xmm10
+vpmuludq %xmm9,%xmm10,%xmm11
+vpunpcklqdq %xmm2,%xmm0,%xmm12
+vpunpckhqdq %xmm2,%xmm0,%xmm0
+vpaddq subc2,%xmm0,%xmm2
+psubq %xmm12,%xmm2
+paddq %xmm0,%xmm12
+vpunpckhqdq %xmm12,%xmm2,%xmm0
+punpcklqdq %xmm12,%xmm2
+vpmuludq %xmm2,%xmm10,%xmm12
+vpaddq %xmm9,%xmm9,%xmm13
+vpmuludq %xmm13,%xmm9,%xmm9
+paddq %xmm9,%xmm12
+vpmuludq %xmm0,%xmm10,%xmm9
+vpmuludq %xmm2,%xmm13,%xmm14
+paddq %xmm14,%xmm9
+vpunpcklqdq %xmm4,%xmm1,%xmm14
+vpunpckhqdq %xmm4,%xmm1,%xmm1
+vpaddq subc2,%xmm1,%xmm4
+psubq %xmm14,%xmm4
+paddq %xmm1,%xmm14
+vpunpckhqdq %xmm14,%xmm4,%xmm1
+punpcklqdq %xmm14,%xmm4
+movdqa %xmm1,0(%rsp)
+paddq %xmm1,%xmm1
+movdqa %xmm1,16(%rsp)
+pmuludq v19_19,%xmm1
+movdqa %xmm1,32(%rsp)
+vpmuludq %xmm4,%xmm10,%xmm1
+vpmuludq %xmm2,%xmm2,%xmm14
+paddq %xmm14,%xmm1
+vpmuludq 0(%rsp),%xmm10,%xmm14
+vpmuludq %xmm4,%xmm13,%xmm15
+paddq %xmm15,%xmm14
+vpunpcklqdq %xmm5,%xmm6,%xmm15
+vpunpckhqdq %xmm5,%xmm6,%xmm5
+vpaddq subc2,%xmm5,%xmm6
+psubq %xmm15,%xmm6
+paddq %xmm5,%xmm15
+vpunpckhqdq %xmm15,%xmm6,%xmm5
+punpcklqdq %xmm15,%xmm6
+movdqa %xmm6,48(%rsp)
+pmuludq v19_19,%xmm6
+movdqa %xmm6,64(%rsp)
+movdqa %xmm5,80(%rsp)
+pmuludq v38_38,%xmm5
+movdqa %xmm5,96(%rsp)
+vpmuludq 48(%rsp),%xmm10,%xmm5
+vpaddq %xmm0,%xmm0,%xmm6
+vpmuludq %xmm6,%xmm0,%xmm0
+paddq %xmm0,%xmm5
+vpmuludq 80(%rsp),%xmm10,%xmm0
+vpmuludq %xmm4,%xmm6,%xmm15
+paddq %xmm15,%xmm0
+vpmuludq %xmm6,%xmm13,%xmm15
+paddq %xmm15,%xmm1
+vpmuludq %xmm6,%xmm2,%xmm15
+paddq %xmm15,%xmm14
+vpunpcklqdq %xmm7,%xmm8,%xmm15
+vpunpckhqdq %xmm7,%xmm8,%xmm7
+vpaddq subc2,%xmm7,%xmm8
+psubq %xmm15,%xmm8
+paddq %xmm7,%xmm15
+vpunpckhqdq %xmm15,%xmm8,%xmm7
+punpcklqdq %xmm15,%xmm8
+movdqa %xmm8,112(%rsp)
+pmuludq v19_19,%xmm8
+movdqa %xmm8,160(%rsp)
+vpmuludq 112(%rsp),%xmm10,%xmm8
+vpmuludq %xmm7,%xmm10,%xmm10
+vpmuludq v38_38,%xmm7,%xmm15
+vpmuludq %xmm15,%xmm7,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq %xmm15,%xmm13,%xmm7
+paddq %xmm7,%xmm3
+vpmuludq %xmm15,%xmm2,%xmm7
+paddq %xmm7,%xmm11
+vpmuludq 80(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq 16(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 48(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm0
+vpmuludq 112(%rsp),%xmm13,%xmm7
+paddq %xmm7,%xmm10
+vpmuludq %xmm15,%xmm6,%xmm7
+paddq %xmm7,%xmm12
+vpmuludq %xmm15,%xmm4,%xmm7
+paddq %xmm7,%xmm9
+vpaddq %xmm2,%xmm2,%xmm2
+vpmuludq %xmm4,%xmm2,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 160(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm3
+vpmuludq 160(%rsp),%xmm6,%xmm7
+paddq %xmm7,%xmm11
+vpmuludq 0(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm0
+vpmuludq 48(%rsp),%xmm2,%xmm7
+paddq %xmm7,%xmm8
+vpmuludq 80(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 96(%rsp),%xmm4,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq %xmm4,%xmm4,%xmm2
+paddq %xmm2,%xmm8
+vpaddq %xmm4,%xmm4,%xmm2
+vpmuludq 160(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm12
+vpmuludq 16(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq 48(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm14
+vpmuludq 96(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm3
+movdqa 16(%rsp),%xmm4
+pmuludq 160(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 16(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm8
+vpmuludq 48(%rsp),%xmm6,%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 80(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm4
+paddq %xmm4,%xmm5
+vpmuludq 112(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm0
+movdqa 48(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 160(%rsp),%xmm4
+paddq %xmm4,%xmm1
+movdqa 80(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 160(%rsp),%xmm4
+paddq %xmm4,%xmm14
+vpmuludq 64(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm3
+movdqa 16(%rsp),%xmm4
+pmuludq 64(%rsp),%xmm4
+paddq %xmm4,%xmm11
+movdqa 16(%rsp),%xmm4
+pmuludq 96(%rsp),%xmm4
+paddq %xmm4,%xmm12
+movdqa 48(%rsp),%xmm4
+pmuludq 96(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 0(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm10
+movdqa 32(%rsp),%xmm2
+pmuludq 0(%rsp),%xmm2
+paddq %xmm2,%xmm3
+movdqa 64(%rsp),%xmm2
+pmuludq 48(%rsp),%xmm2
+paddq %xmm2,%xmm12
+movdqa 96(%rsp),%xmm2
+pmuludq 80(%rsp),%xmm2
+paddq %xmm2,%xmm1
+movdqa 160(%rsp),%xmm2
+pmuludq 112(%rsp),%xmm2
+paddq %xmm2,%xmm5
+vpsrlq $26,%xmm3,%xmm2
+paddq %xmm2,%xmm11
+pand m26,%xmm3
+vpsrlq $25,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm14
+vpsrlq $25,%xmm11,%xmm2
+paddq %xmm2,%xmm12
+pand m25,%xmm11
+vpsrlq $26,%xmm5,%xmm2
+paddq %xmm2,%xmm0
+pand m26,%xmm5
+vpsrlq $26,%xmm12,%xmm2
+paddq %xmm2,%xmm9
+pand m26,%xmm12
+vpsrlq $25,%xmm0,%xmm2
+paddq %xmm2,%xmm8
+pand m25,%xmm0
+vpsrlq $25,%xmm9,%xmm2
+paddq %xmm2,%xmm1
+pand m25,%xmm9
+vpsrlq $26,%xmm8,%xmm2
+paddq %xmm2,%xmm10
+pand m26,%xmm8
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pand m26,%xmm1
+vpsrlq $25,%xmm10,%xmm2
+vpsllq $4,%xmm2,%xmm4
+paddq %xmm2,%xmm3
+psllq $1,%xmm2
+paddq %xmm2,%xmm4
+paddq %xmm4,%xmm3
+pand m25,%xmm10
+vpsrlq $25,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm14
+vpsrlq $26,%xmm3,%xmm2
+paddq %xmm2,%xmm11
+pand m26,%xmm3
+vpunpckhqdq %xmm11,%xmm3,%xmm2
+movdqa %xmm2,0(%rsp)
+vpunpcklqdq %xmm11,%xmm3,%xmm2
+pmuludq v9_9,%xmm2
+movdqa %xmm2,80(%rsp)
+vpunpckhqdq %xmm9,%xmm12,%xmm2
+movdqa %xmm2,16(%rsp)
+vpunpcklqdq %xmm9,%xmm12,%xmm2
+pmuludq v9_9,%xmm2
+movdqa %xmm2,96(%rsp)
+vpunpckhqdq %xmm14,%xmm1,%xmm2
+movdqa %xmm2,32(%rsp)
+vpunpcklqdq %xmm14,%xmm1,%xmm1
+pmuludq v9_9,%xmm1
+movdqa %xmm1,112(%rsp)
+vpunpckhqdq %xmm0,%xmm5,%xmm1
+movdqa %xmm1,48(%rsp)
+vpunpcklqdq %xmm0,%xmm5,%xmm0
+pmuludq v9_9,%xmm0
+movdqa %xmm0,160(%rsp)
+vpunpckhqdq %xmm10,%xmm8,%xmm0
+movdqa %xmm0,64(%rsp)
+vpunpcklqdq %xmm10,%xmm8,%xmm0
+pmuludq v9_9,%xmm0
+movdqa %xmm0,208(%rsp)
+movdqa 144(%rsp),%xmm0
+vpmuludq %xmm0,%xmm0,%xmm1
+paddq %xmm0,%xmm0
+movdqa 128(%rsp),%xmm2
+vpmuludq %xmm2,%xmm0,%xmm3
+movdqa 192(%rsp),%xmm4
+vpmuludq %xmm4,%xmm0,%xmm5
+movdqa 176(%rsp),%xmm6
+vpmuludq %xmm6,%xmm0,%xmm7
+movdqa 240(%rsp),%xmm8
+vpmuludq %xmm8,%xmm0,%xmm9
+vpmuludq 224(%rsp),%xmm0,%xmm10
+vpmuludq 304(%rsp),%xmm0,%xmm11
+vpmuludq 288(%rsp),%xmm0,%xmm12
+vpmuludq 336(%rsp),%xmm0,%xmm13
+movdqa 384(%rsp),%xmm14
+vpmuludq %xmm14,%xmm0,%xmm0
+vpmuludq v38_38,%xmm14,%xmm15
+vpmuludq %xmm15,%xmm14,%xmm14
+paddq %xmm14,%xmm13
+vpaddq %xmm6,%xmm6,%xmm14
+vpmuludq %xmm14,%xmm6,%xmm6
+paddq %xmm6,%xmm11
+vpaddq %xmm2,%xmm2,%xmm6
+vpmuludq %xmm6,%xmm2,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq %xmm15,%xmm6,%xmm2
+paddq %xmm2,%xmm1
+vpmuludq %xmm15,%xmm4,%xmm2
+paddq %xmm2,%xmm3
+vpmuludq 256(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 304(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 352(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 336(%rsp),%xmm6,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq %xmm4,%xmm6,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq %xmm14,%xmm6,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq %xmm8,%xmm6,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq %xmm15,%xmm14,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq %xmm15,%xmm8,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq %xmm4,%xmm4,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq %xmm14,%xmm4,%xmm2
+paddq %xmm2,%xmm10
+vpaddq %xmm4,%xmm4,%xmm2
+vpmuludq %xmm8,%xmm2,%xmm4
+paddq %xmm4,%xmm11
+vpmuludq 400(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm1
+vpmuludq 400(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm3
+vpmuludq 224(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm12
+vpmuludq 304(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm13
+vpmuludq 288(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm0
+vpmuludq 368(%rsp),%xmm8,%xmm2
+paddq %xmm2,%xmm3
+vpmuludq %xmm8,%xmm14,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq %xmm8,%xmm8,%xmm2
+paddq %xmm2,%xmm13
+vpaddq %xmm8,%xmm8,%xmm2
+vpmuludq 400(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm5
+vpmuludq 256(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 304(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 368(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm1
+movdqa 256(%rsp),%xmm4
+pmuludq 400(%rsp),%xmm4
+paddq %xmm4,%xmm7
+vpmuludq 256(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm13
+vpmuludq 304(%rsp),%xmm14,%xmm4
+paddq %xmm4,%xmm0
+vpmuludq 352(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm11
+vpmuludq 336(%rsp),%xmm15,%xmm4
+paddq %xmm4,%xmm12
+movdqa 304(%rsp),%xmm4
+paddq %xmm4,%xmm4
+pmuludq 400(%rsp),%xmm4
+paddq %xmm4,%xmm9
+vpmuludq 320(%rsp),%xmm2,%xmm4
+paddq %xmm4,%xmm1
+movdqa 256(%rsp),%xmm4
+pmuludq 320(%rsp),%xmm4
+paddq %xmm4,%xmm3
+movdqa 256(%rsp),%xmm4
+pmuludq 368(%rsp),%xmm4
+paddq %xmm4,%xmm5
+movdqa 304(%rsp),%xmm4
+pmuludq 368(%rsp),%xmm4
+paddq %xmm4,%xmm7
+movdqa 352(%rsp),%xmm4
+pmuludq 400(%rsp),%xmm4
+paddq %xmm4,%xmm10
+vpmuludq 224(%rsp),%xmm2,%xmm2
+paddq %xmm2,%xmm0
+movdqa 272(%rsp),%xmm2
+pmuludq 224(%rsp),%xmm2
+paddq %xmm2,%xmm1
+movdqa 320(%rsp),%xmm2
+pmuludq 304(%rsp),%xmm2
+paddq %xmm2,%xmm5
+movdqa 368(%rsp),%xmm2
+pmuludq 288(%rsp),%xmm2
+paddq %xmm2,%xmm9
+movdqa 400(%rsp),%xmm2
+pmuludq 336(%rsp),%xmm2
+paddq %xmm2,%xmm11
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm3
+pand m26,%xmm1
+vpsrlq $25,%xmm10,%xmm2
+paddq %xmm2,%xmm11
+pand m25,%xmm10
+vpsrlq $25,%xmm3,%xmm2
+paddq %xmm2,%xmm5
+pand m25,%xmm3
+vpsrlq $26,%xmm11,%xmm2
+paddq %xmm2,%xmm12
+pand m26,%xmm11
+vpsrlq $26,%xmm5,%xmm2
+paddq %xmm2,%xmm7
+pand m26,%xmm5
+vpsrlq $25,%xmm12,%xmm2
+paddq %xmm2,%xmm13
+pand m25,%xmm12
+vpsrlq $25,%xmm7,%xmm2
+paddq %xmm2,%xmm9
+pand m25,%xmm7
+vpsrlq $26,%xmm13,%xmm2
+paddq %xmm2,%xmm0
+pand m26,%xmm13
+vpsrlq $26,%xmm9,%xmm2
+paddq %xmm2,%xmm10
+pand m26,%xmm9
+vpsrlq $25,%xmm0,%xmm2
+vpsllq $4,%xmm2,%xmm4
+paddq %xmm2,%xmm1
+psllq $1,%xmm2
+paddq %xmm2,%xmm4
+paddq %xmm4,%xmm1
+pand m25,%xmm0
+vpsrlq $25,%xmm10,%xmm2
+paddq %xmm2,%xmm11
+pand m25,%xmm10
+vpsrlq $26,%xmm1,%xmm2
+paddq %xmm2,%xmm3
+pand m26,%xmm1
+vpunpckhqdq %xmm3,%xmm1,%xmm2
+vpunpcklqdq %xmm3,%xmm1,%xmm1
+movdqa %xmm1,176(%rsp)
+vpaddq subc0,%xmm2,%xmm3
+psubq %xmm1,%xmm3
+vpunpckhqdq %xmm3,%xmm2,%xmm1
+vpunpcklqdq %xmm3,%xmm2,%xmm2
+movdqa %xmm2,192(%rsp)
+movdqa %xmm1,224(%rsp)
+psllq $1,%xmm1
+movdqa %xmm1,240(%rsp)
+pmuludq v121666_121666,%xmm3
+movdqa 80(%rsp),%xmm1
+vpunpcklqdq %xmm1,%xmm3,%xmm2
+vpunpckhqdq %xmm1,%xmm3,%xmm1
+vpunpckhqdq %xmm7,%xmm5,%xmm3
+vpunpcklqdq %xmm7,%xmm5,%xmm4
+movdqa %xmm4,256(%rsp)
+vpaddq subc2,%xmm3,%xmm5
+psubq %xmm4,%xmm5
+vpunpckhqdq %xmm5,%xmm3,%xmm4
+vpunpcklqdq %xmm5,%xmm3,%xmm3
+movdqa %xmm3,272(%rsp)
+movdqa %xmm4,288(%rsp)
+psllq $1,%xmm4
+movdqa %xmm4,304(%rsp)
+pmuludq v121666_121666,%xmm5
+movdqa 96(%rsp),%xmm3
+vpunpcklqdq %xmm3,%xmm5,%xmm4
+vpunpckhqdq %xmm3,%xmm5,%xmm3
+vpunpckhqdq %xmm10,%xmm9,%xmm5
+vpunpcklqdq %xmm10,%xmm9,%xmm6
+movdqa %xmm6,320(%rsp)
+vpaddq subc2,%xmm5,%xmm7
+psubq %xmm6,%xmm7
+vpunpckhqdq %xmm7,%xmm5,%xmm6
+vpunpcklqdq %xmm7,%xmm5,%xmm5
+movdqa %xmm5,336(%rsp)
+movdqa %xmm6,352(%rsp)
+psllq $1,%xmm6
+movdqa %xmm6,368(%rsp)
+pmuludq v121666_121666,%xmm7
+movdqa 112(%rsp),%xmm5
+vpunpcklqdq %xmm5,%xmm7,%xmm6
+vpunpckhqdq %xmm5,%xmm7,%xmm5
+vpunpckhqdq %xmm12,%xmm11,%xmm7
+vpunpcklqdq %xmm12,%xmm11,%xmm8
+movdqa %xmm8,384(%rsp)
+vpaddq subc2,%xmm7,%xmm9
+psubq %xmm8,%xmm9
+vpunpckhqdq %xmm9,%xmm7,%xmm8
+vpunpcklqdq %xmm9,%xmm7,%xmm7
+movdqa %xmm7,400(%rsp)
+movdqa %xmm8,416(%rsp)
+psllq $1,%xmm8
+movdqa %xmm8,432(%rsp)
+pmuludq v121666_121666,%xmm9
+movdqa 160(%rsp),%xmm7
+vpunpcklqdq %xmm7,%xmm9,%xmm8
+vpunpckhqdq %xmm7,%xmm9,%xmm7
+vpunpckhqdq %xmm0,%xmm13,%xmm9
+vpunpcklqdq %xmm0,%xmm13,%xmm0
+movdqa %xmm0,160(%rsp)
+vpaddq subc2,%xmm9,%xmm10
+psubq %xmm0,%xmm10
+vpunpckhqdq %xmm10,%xmm9,%xmm0
+vpunpcklqdq %xmm10,%xmm9,%xmm9
+movdqa %xmm9,448(%rsp)
+movdqa %xmm0,464(%rsp)
+psllq $1,%xmm0
+movdqa %xmm0,480(%rsp)
+pmuludq v121666_121666,%xmm10
+movdqa 208(%rsp),%xmm0
+vpunpcklqdq %xmm0,%xmm10,%xmm9
+vpunpckhqdq %xmm0,%xmm10,%xmm0
+vpsrlq $26,%xmm2,%xmm10
+paddq %xmm10,%xmm1
+pand m26,%xmm2
+vpsrlq $25,%xmm5,%xmm10
+paddq %xmm10,%xmm8
+pand m25,%xmm5
+vpsrlq $25,%xmm1,%xmm10
+paddq %xmm10,%xmm4
+pand m25,%xmm1
+vpsrlq $26,%xmm8,%xmm10
+paddq %xmm10,%xmm7
+pand m26,%xmm8
+vpsrlq $26,%xmm4,%xmm10
+paddq %xmm10,%xmm3
+pand m26,%xmm4
+vpsrlq $25,%xmm7,%xmm10
+paddq %xmm10,%xmm9
+pand m25,%xmm7
+vpsrlq $25,%xmm3,%xmm10
+paddq %xmm10,%xmm6
+pand m25,%xmm3
+vpsrlq $26,%xmm9,%xmm10
+paddq %xmm10,%xmm0
+pand m26,%xmm9
+vpsrlq $26,%xmm6,%xmm10
+paddq %xmm10,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm0,%xmm10
+vpsllq $4,%xmm10,%xmm11
+paddq %xmm10,%xmm2
+psllq $1,%xmm10
+paddq %xmm10,%xmm11
+paddq %xmm11,%xmm2
+pand m25,%xmm0
+vpsrlq $25,%xmm5,%xmm10
+paddq %xmm10,%xmm8
+pand m25,%xmm5
+vpsrlq $26,%xmm2,%xmm10
+paddq %xmm10,%xmm1
+pand m26,%xmm2
+vpunpckhqdq %xmm1,%xmm2,%xmm10
+movdqa %xmm10,80(%rsp)
+vpunpcklqdq %xmm1,%xmm2,%xmm1
+vpunpckhqdq %xmm3,%xmm4,%xmm2
+movdqa %xmm2,96(%rsp)
+vpunpcklqdq %xmm3,%xmm4,%xmm2
+vpunpckhqdq %xmm5,%xmm6,%xmm3
+movdqa %xmm3,112(%rsp)
+vpunpcklqdq %xmm5,%xmm6,%xmm3
+vpunpckhqdq %xmm7,%xmm8,%xmm4
+movdqa %xmm4,128(%rsp)
+vpunpcklqdq %xmm7,%xmm8,%xmm4
+vpunpckhqdq %xmm0,%xmm9,%xmm5
+movdqa %xmm5,144(%rsp)
+vpunpcklqdq %xmm0,%xmm9,%xmm0
+movdqa 176(%rsp),%xmm5
+paddq %xmm5,%xmm1
+vpunpcklqdq %xmm1,%xmm5,%xmm6
+vpunpckhqdq %xmm1,%xmm5,%xmm1
+vpmuludq 224(%rsp),%xmm6,%xmm5
+vpmuludq 192(%rsp),%xmm1,%xmm7
+paddq %xmm7,%xmm5
+vpmuludq 272(%rsp),%xmm6,%xmm7
+vpmuludq 240(%rsp),%xmm1,%xmm8
+paddq %xmm8,%xmm7
+vpmuludq 288(%rsp),%xmm6,%xmm8
+vpmuludq 272(%rsp),%xmm1,%xmm9
+paddq %xmm9,%xmm8
+vpmuludq 336(%rsp),%xmm6,%xmm9
+vpmuludq 304(%rsp),%xmm1,%xmm10
+paddq %xmm10,%xmm9
+vpmuludq 352(%rsp),%xmm6,%xmm10
+vpmuludq 336(%rsp),%xmm1,%xmm11
+paddq %xmm11,%xmm10
+vpmuludq 400(%rsp),%xmm6,%xmm11
+vpmuludq 368(%rsp),%xmm1,%xmm12
+paddq %xmm12,%xmm11
+vpmuludq 416(%rsp),%xmm6,%xmm12
+vpmuludq 400(%rsp),%xmm1,%xmm13
+paddq %xmm13,%xmm12
+vpmuludq 448(%rsp),%xmm6,%xmm13
+vpmuludq 432(%rsp),%xmm1,%xmm14
+paddq %xmm14,%xmm13
+vpmuludq 464(%rsp),%xmm6,%xmm14
+vpmuludq 448(%rsp),%xmm1,%xmm15
+paddq %xmm15,%xmm14
+vpmuludq 192(%rsp),%xmm6,%xmm6
+pmuludq v19_19,%xmm1
+vpmuludq 480(%rsp),%xmm1,%xmm1
+paddq %xmm1,%xmm6
+movdqa 256(%rsp),%xmm1
+paddq %xmm1,%xmm2
+vpunpcklqdq %xmm2,%xmm1,%xmm15
+vpunpckhqdq %xmm2,%xmm1,%xmm1
+vpmuludq 192(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 224(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 272(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 288(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 336(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 352(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 400(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 416(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm15
+vpmuludq 448(%rsp),%xmm15,%xmm2
+paddq %xmm2,%xmm6
+pmuludq 464(%rsp),%xmm15
+paddq %xmm15,%xmm5
+vpmuludq 192(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 240(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 272(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 304(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 336(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 368(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 400(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 432(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 448(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+pmuludq 480(%rsp),%xmm1
+paddq %xmm1,%xmm7
+movdqa 320(%rsp),%xmm1
+paddq %xmm1,%xmm3
+vpunpcklqdq %xmm3,%xmm1,%xmm2
+vpunpckhqdq %xmm3,%xmm1,%xmm1
+vpmuludq 192(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm9
+vpmuludq 224(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm10
+vpmuludq 272(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 288(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm12
+vpmuludq 336(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 352(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 400(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 416(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 448(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm7
+pmuludq 464(%rsp),%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 192(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 240(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm11
+vpmuludq 272(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 304(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 336(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 368(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 400(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq 432(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 448(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+pmuludq 480(%rsp),%xmm1
+paddq %xmm1,%xmm9
+movdqa 384(%rsp),%xmm1
+paddq %xmm1,%xmm4
+vpunpcklqdq %xmm4,%xmm1,%xmm2
+vpunpckhqdq %xmm4,%xmm1,%xmm1
+vpmuludq 192(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm11
+vpmuludq 224(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm12
+vpmuludq 272(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm13
+vpmuludq 288(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 336(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm6
+vpmuludq 352(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm5
+vpmuludq 400(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm7
+vpmuludq 416(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm8
+vpmuludq 448(%rsp),%xmm2,%xmm3
+paddq %xmm3,%xmm9
+pmuludq 464(%rsp),%xmm2
+paddq %xmm2,%xmm10
+vpmuludq 192(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 240(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm13
+vpmuludq 272(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm14
+pmuludq v19_19,%xmm1
+vpmuludq 304(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm6
+vpmuludq 336(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm5
+vpmuludq 368(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm7
+vpmuludq 400(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm8
+vpmuludq 432(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm9
+vpmuludq 448(%rsp),%xmm1,%xmm2
+paddq %xmm2,%xmm10
+pmuludq 480(%rsp),%xmm1
+paddq %xmm1,%xmm11
+movdqa 160(%rsp),%xmm1
+paddq %xmm1,%xmm0
+vpunpcklqdq %xmm0,%xmm1,%xmm2
+vpunpckhqdq %xmm0,%xmm1,%xmm0
+vpmuludq 192(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm13
+vpmuludq 224(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm14
+pmuludq v19_19,%xmm2
+vpmuludq 272(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm6
+vpmuludq 288(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm5
+vpmuludq 336(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm7
+vpmuludq 352(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm8
+vpmuludq 400(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm9
+vpmuludq 416(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm10
+vpmuludq 448(%rsp),%xmm2,%xmm1
+paddq %xmm1,%xmm11
+pmuludq 464(%rsp),%xmm2
+paddq %xmm2,%xmm12
+vpmuludq 192(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm14
+pmuludq v19_19,%xmm0
+vpmuludq 240(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm6
+vpmuludq 272(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm5
+vpmuludq 304(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm7
+vpmuludq 336(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm8
+vpmuludq 368(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm9
+vpmuludq 400(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm10
+vpmuludq 432(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm11
+vpmuludq 448(%rsp),%xmm0,%xmm1
+paddq %xmm1,%xmm12
+pmuludq 480(%rsp),%xmm0
+paddq %xmm0,%xmm13
+vpsrlq $26,%xmm6,%xmm0
+paddq %xmm0,%xmm5
+pand m26,%xmm6
+vpsrlq $25,%xmm10,%xmm0
+paddq %xmm0,%xmm11
+pand m25,%xmm10
+vpsrlq $25,%xmm5,%xmm0
+paddq %xmm0,%xmm7
+pand m25,%xmm5
+vpsrlq $26,%xmm11,%xmm0
+paddq %xmm0,%xmm12
+pand m26,%xmm11
+vpsrlq $26,%xmm7,%xmm0
+paddq %xmm0,%xmm8
+pand m26,%xmm7
+vpsrlq $25,%xmm12,%xmm0
+paddq %xmm0,%xmm13
+pand m25,%xmm12
+vpsrlq $25,%xmm8,%xmm0
+paddq %xmm0,%xmm9
+pand m25,%xmm8
+vpsrlq $26,%xmm13,%xmm0
+paddq %xmm0,%xmm14
+pand m26,%xmm13
+vpsrlq $26,%xmm9,%xmm0
+paddq %xmm0,%xmm10
+pand m26,%xmm9
+vpsrlq $25,%xmm14,%xmm0
+vpsllq $4,%xmm0,%xmm1
+paddq %xmm0,%xmm6
+psllq $1,%xmm0
+paddq %xmm0,%xmm1
+paddq %xmm1,%xmm6
+pand m25,%xmm14
+vpsrlq $25,%xmm10,%xmm0
+paddq %xmm0,%xmm11
+pand m25,%xmm10
+vpsrlq $26,%xmm6,%xmm0
+paddq %xmm0,%xmm5
+pand m26,%xmm6
+vpunpckhqdq %xmm5,%xmm6,%xmm1
+vpunpcklqdq %xmm5,%xmm6,%xmm0
+vpunpckhqdq %xmm8,%xmm7,%xmm3
+vpunpcklqdq %xmm8,%xmm7,%xmm2
+vpunpckhqdq %xmm10,%xmm9,%xmm5
+vpunpcklqdq %xmm10,%xmm9,%xmm4
+vpunpckhqdq %xmm12,%xmm11,%xmm7
+vpunpcklqdq %xmm12,%xmm11,%xmm6
+vpunpckhqdq %xmm14,%xmm13,%xmm9
+vpunpcklqdq %xmm14,%xmm13,%xmm8
+cmp  $0,%rdx
+jne ._loop
+movdqu   %xmm1,80(%rdi)
+movdqu   %xmm0,0(%rdi)
+movdqu   %xmm3,96(%rdi)
+movdqu   %xmm2,16(%rdi)
+movdqu   %xmm5,112(%rdi)
+movdqu   %xmm4,32(%rdi)
+movdqu   %xmm7,128(%rdi)
+movdqu   %xmm6,48(%rdi)
+movdqu   %xmm9,144(%rdi)
+movdqu   %xmm8,64(%rdi)
+movq 1536(%rsp),%r11
+movq 1544(%rsp),%r12
+movq 1552(%rsp),%r13
+add %r11,%rsp
+ret
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h
new file mode 100644
index 00000000..1d6a84c1
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h
@@ -0,0 +1,10 @@
+#ifndef LADDER_BASE_H
+#define LADDER_BASE_H
+
+#include "fe.h"
+#include "ladder_base_namespace.h"
+
+extern void ladder_base(fe *, const unsigned char *);
+
+#endif //ifndef LADDER_BASE_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h
new file mode 100644
index 00000000..332fd98c
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h
@@ -0,0 +1,8 @@
+#ifndef LADDER_BASE_NAMESPACE_H
+#define LADDER_BASE_NAMESPACE_H
+
+#define  ladder_base  crypto_scalarmult_curve25519_sandy2x_ladder_base
+#define _ladder_base _crypto_scalarmult_curve25519_sandy2x_ladder_base
+
+#endif //ifndef LADDER_BASE_NAMESPACE_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h
new file mode 100644
index 00000000..26c76297
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h
@@ -0,0 +1,8 @@
+#ifndef LADDER_NAMESPACE_H
+#define LADDER_NAMESPACE_H
+
+#define  ladder  crypto_scalarmult_curve25519_sandy2x_ladder
+#define _ladder _crypto_scalarmult_curve25519_sandy2x_ladder
+
+#endif //ifndef LADDER_NAMESPACE_H
+
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/scalarmult.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/scalarmult.c
new file mode 100644
index 00000000..162d215a
--- /dev/null
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/scalarmult.c
@@ -0,0 +1,57 @@
+/*
+   This file is adapted from ref10/scalarmult.c:
+   The code for Mongomery ladder is replace by the ladder assembly function;
+   Inversion is done in the same way as amd64-51/.
+   (fe is first converted into fe51 after Mongomery ladder)
+*/
+
+#include "crypto_scalarmult.h"
+
+#include "fe.h"
+#include "fe51.h"
+#include "ladder.h"
+
+#define x1 var[0]
+#define x2 var[1]
+#define z2 var[2]
+
+int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned char e[32];
+  unsigned int i;
+
+  fe var[3]; 
+
+  fe51 x_51;
+  fe51 z_51;
+
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  fe_frombytes(x1, p);
+
+  ladder(var, e);
+
+  z_51.v[0] = (z2[1] << 26) + z2[0];
+  z_51.v[1] = (z2[3] << 26) + z2[2];
+  z_51.v[2] = (z2[5] << 26) + z2[4];
+  z_51.v[3] = (z2[7] << 26) + z2[6];
+  z_51.v[4] = (z2[9] << 26) + z2[8];
+
+  x_51.v[0] = (x2[1] << 26) + x2[0];
+  x_51.v[1] = (x2[3] << 26) + x2[2];
+  x_51.v[2] = (x2[5] << 26) + x2[4];
+  x_51.v[3] = (x2[7] << 26) + x2[6];
+  x_51.v[4] = (x2[9] << 26) + x2[8];
+
+  fe51_invert(&z_51, &z_51);
+  fe51_mul(&x_51, &x_51, &z_51);
+  fe51_pack(q, &x_51);
+
+  return 0;
+}
+