aesdecwide128kl

AES Decrypt Wide 128-bit Key Locker

AESDECWIDE128KL m128

Decrypts 8 blocks using 128-bit Key Locker handle.

Details

Decrypts 8 AES blocks (128 bits each) in parallel using a 128-bit Key Locker encrypted key handle stored at the memory operand. The ciphertext blocks are implicit in XMM0–XMM7 (input) and plaintext results are written back to XMM0–XMM7 (output). The ZF flag is set to 0 on success or 1 if the key handle is invalid.

Pseudocode Operation

key_handle = load_from_memory_128bit(m128);
if (key_handle_invalid(key_handle)) {
  ZF = 1;
} else {
  for i = 0 to 7 {
    XMM[i] = AES_decrypt_block(XMM[i], key_handle);
  }
  ZF = 0;
}

Example

AESDECWIDE128KL [rbp-16]

Encoding

Binary Layout
F3
+0
0F
+1
38
+2
D8
+3
 
Format Legacy
Opcode F3 0F 38 D8 !(11):001:bbb
Extension KEYLOCKER_WIDE

Operands

  • dest
    128-bit memory operand

Reference (Intel® SDM)

Instruction Forms

Opcode Instruction Op/En 64/32-bit Mode CPUID Description
F3 0F 38 D8 !(11):001:bbb AESDECWIDE128KL m384, <XMM0-7> A V/V Decrypt XMM0-7 using 128-bit AES key indicated by handle at m384 and store each resultant block back to its corresponding register.

Instruction Operand Encoding

Op/En Operand 1 Operand 2 Operand 3
A N/A ModRM:r/m (r) Implicit XMM0-7 (r, w)

Description

The AESDECWIDE128KL1 instruction performs ten rounds of AES to decrypt each of the eight blocks in XMM0-7 using the 128-bit key indicated by the handle from the second operand. It replaces each input block in XMM0-7 with its corresponding decrypted block if the operation succeeds (e.g., does not run into a handle violation failure).

Operation

AESDECWIDE128KL
Handle := UnalignedLoad of 384 bit (SRC);      // Load is not guaranteed to be atomic.
Illegal Handle = (HandleReservedBitSet (Handle) ||
(Handle[0] AND (CPL > 0)) ||
Handle [2] ||
HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES128);
IF (Illegal Handle)
THEN RFLAGS.ZF := 1;
ELSE
(UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey);
IF Authentic == 0 {
THEN RFLAGS.ZF := 1;
ELSE
XMM0 := AES128Decrypt (XMM0, UnwrappedKey) ;
XMM1 := AES128Decrypt (XMM1, UnwrappedKey) ;
XMM2 := AES128Decrypt (XMM2, UnwrappedKey) ;
XMM3 := AES128Decrypt (XMM3, UnwrappedKey) ;
XMM4 := AES128Decrypt (XMM4, UnwrappedKey) ;
XMM5 := AES128Decrypt (XMM5, UnwrappedKey) ;
XMM6 := AES128Decrypt (XMM6, UnwrappedKey) ;
XMM7 := AES128Decrypt (XMM7, UnwrappedKey) ;
RFLAGS.ZF := 0;
FI;
FI;
RFLAGS.OF, SF, AF, PF, CF := 0;

Intel C/C++ Compiler Intrinsic Equivalent

AESDECWIDE128KLunsigned char _mm_aesdecwide128kl_u8(__m128i odata[8], const __m128i idata[8], const void* h);
Exceptions (All Operating Modes)
#UD                     If the LOCK prefix is used.
If CPUID.07H.00H:ECX.KEY_LOCKER[23] = 0.
If CR4.KL = 0.
If CPUID.19H:EBX.AESKLE[0] = 0.
If CR0.EM = 1.
If CR4.OSFXSR = 0.
If CPUID.19H:EBX.AES_WIDE[2] = 0.
#NM                    If CR0.TS = 1.
#PF                     If a page fault occurs.
#GP(0)                 If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit.
If the DS, ES, FS, or GS register is used to access memory and it contains a NULL segment
selector.
If the memory address is in a non-canonical form.
#SS(0)                 If a memory operand effective address is outside the SS segment limit.
If a memory address referencing the SS segment is in a non-canonical form.
AESDECWIDE128KL—Perform Ten Rounds of AES Decryption Flow With Key Locker on 8 Blocks Using 128-Bit Key                          Vol. 2A 3-42

Flags Affected

ZF is set to 0 if the operation succeeded and set to 1 if the operation failed due to a handle violation. The other arithmetic flags (OF, SF, AF, PF, CF) are cleared to 0. 1. Further details on Key Locker and usage of this instruction can be found here: https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html. AESDECWIDE128KL—Perform Ten Rounds of AES Decryption Flow With Key Locker on 8 Blocks Using 128-Bit Key Vol. 2A 3-41