aesdec256kl

AES Decrypt 256-bit Key Locker

AESDEC256KL m128, xmm

Decrypts data using 256-bit Key Locker handle.

Details

Decrypts a 128-bit ciphertext block (from XMM register) using a 256-bit Key Locker handle (from memory), storing the plaintext back into the XMM register. This requires KEYLOCKER support and performs AES-256 decryption with hardware-protected key material. Sets ZF to indicate success/failure of the operation; other flags undefined.

Pseudocode Operation

handle ← [dest]
plaintext ← AES_Decrypt_256(ciphertext=src, key_handle=handle)
src ← plaintext
ZF ← (operation_successful ? 0 : 1)

Example

AESDEC256KL [rbp-16], xmm0

Encoding

Binary Layout
F3
+0
0F
+1
38
+2
DD
+3
 
Format Legacy
Opcode F3 0F 38 DF !(11):rrr:bbb
Extension KEYLOCKER

Operands

  • dest
    128-bit memory operand
  • src
    128-bit SSE/AVX register (XMM)

Reference (Intel® SDM)

Instruction Forms

Opcode Instruction Op/En 64/32-bit Mode CPUID Description
F3 0F 38 DF !(11):rrr:bbb AESDEC256KL xmm, m512 A V/V AESKLE Decrypt xmm using 256-bit AES key indicated by handle at m512 and store result in xmm.

Instruction Operand Encoding

Op/En Tuple Type Operand 1 Operand 2 Operand 3 Operand 4
A N/A ModRM:reg (r, w) ModRM:r/m (r) N/A N/A

Description

The AESDEC256KL1 instruction performs 14 rounds of AES to decrypt the first operand using the 256-bit key indicated by the handle from the second operand. It stores the result in the first operand if the operation succeeds (e.g., does not run into a handle violation failure).

Operation

AESDEC256KL
Handle := UnalignedLoad of 512 bit (SRC);      // Load is not guaranteed to be atomic.
Illegal Handle = (HandleReservedBitSet (Handle) ||
(Handle[0] AND (CPL > 0)) ||
Handle [2] ||
HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES256);
IF (Illegal Handle)
THEN RFLAGS.ZF := 1;
ELSE
(UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey);
IF (Authentic == 0)
THEN RFLAGS.ZF := 1;
ELSE
DEST := AES256Decrypt (DEST, UnwrappedKey) ;
RFLAGS.ZF := 0;
FI;
FI;
RFLAGS.OF, SF, AF, PF, CF := 0;

Intel C/C++ Compiler Intrinsic Equivalent

AESDEC256KL   unsigned char _mm_aesdec256kl_u8(__m128i* odata, __m128i idata, const void* h);
1.  Further details on Key Locker and usage of this instruction can be found here:
https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html.
AESDEC256KL—Perform 14 Rounds of AES Decryption Flow With Key Locker Using 256-Bit Key                                              Vol. 2A 3-37
Exceptions (All Operating Modes)
#UD                     If the LOCK prefix is used.
If CPUID.07H.00H:ECX.KEY_LOCKER[23] = 0.
If CR4.KL = 0.
If CPUID.19H:EBX.AESKLE[0] = 0.
If CR0.EM = 1.
If CR4.OSFXSR = 0.
#NM                    If CR0.TS = 1.
#PF                     If a page fault occurs.
#GP(0)                 If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit.
If the DS, ES, FS, or GS register is used to access memory and it contains a NULL segment
selector.
If the memory address is in a non-canonical form.
#SS(0)                 If a memory operand effective address is outside the SS segment limit.
If a memory address referencing the SS segment is in a non-canonical form.
AESDEC256KL—Perform 14 Rounds of AES Decryption Flow With Key Locker Using 256-Bit Key                                              Vol. 2A 3-38

Flags Affected

ZF is set to 0 if the operation succeeded and set to 1 if the operation failed due to a handle violation. The other arithmetic flags (OF, SF, AF, PF, CF) are cleared to 0.