aesenc256kl
AES Encrypt 256-bit Key Locker
AESENC256KL m128, xmm
Encrypts data using 256-bit Key Locker handle.
Details
Encrypts a 128-bit plaintext block (from XMM register) using a 256-bit Key Locker handle (from memory), storing the ciphertext back into the XMM register. This requires KEYLOCKER support and performs AES-256 encryption with hardware-protected key material. Sets ZF to indicate success/failure of the operation; other flags undefined.
Pseudocode Operation
handle ← [dest]
ciphertext ← AES_Encrypt_256(plaintext=src, key_handle=handle)
src ← ciphertext
ZF ← (operation_successful ? 0 : 1)
Example
AESENC256KL [rbp-16], xmm0
Encoding
Binary Layout
F3
+0
0F
+1
38
+2
DC
+3
Operands
-
dest
128-bit memory operand -
src
128-bit SSE/AVX register (XMM)
Reference (Intel® SDM)
Instruction Forms
| Opcode | Instruction | Op/En | 64/32-bit Mode | CPUID | Description |
|---|---|---|---|---|---|
| F3 0F 38 DE !(11):rrr:bbb | AESENC256KL xmm, m512 | A | V/V | AESKLE | Encrypt xmm using 256-bit AES key indicated by handle at m512 and store result in xmm. |
Instruction Operand Encoding
| Op/En | Tuple Type | Operand 1 | Operand 2 | Operand 3 | Operand 4 |
|---|---|---|---|---|---|
| A | N/A | ModRM:reg (r, w) | ModRM:r/m (r) | N/A | N/A |
Description
The AESENC256KL1 instruction performs 14 rounds of AES to encrypt the first operand using the 256-bit key indicated by the handle from the second operand. It stores the result in the first operand if the operation succeeds (e.g., does not run into a handle violation failure).
Operation
AESENC256KL Handle := UnalignedLoad of 512 bit (SRC); // Load is not guaranteed to be atomic. Illegal Handle = ( HandleReservedBitSet (Handle) || (Handle[0] AND (CPL > 0)) || Handle [1] || HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES256 ); IF (Illegal Handle) THEN RFLAGS.ZF := 1; ELSE (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey); IF (Authentic == 0) THEN RFLAGS.ZF := 1; ELSE DEST := AES256Encrypt (DEST, UnwrappedKey) ; RFLAGS.ZF := 0; FI; FI; RFLAGS.OF, SF, AF, PF, CF := 0;
Intel C/C++ Compiler Intrinsic Equivalent
AESENC256KL unsigned char _mm_aesenc256kl_u8(__m128i* odata, __m128i idata, const void* h); 1. Further details on Key Locker and usage of this instruction can be found here: https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html. AESENC256KL—Perform 14 Rounds of AES Encryption Flow With Key Locker Using 256-Bit Key Vol. 2A 3-49 Exceptions (All Operating Modes) #UD If the LOCK prefix is used. If CPUID.07H.00H:ECX.KEY_LOCKER[23] = 0. If CR4.KL = 0. If CPUID.19H:EBX.AESKLE[0] = 0. If CR0.EM = 1. If CR4.OSFXSR = 0. #NM If CR0.TS = 1. #PF If a page fault occurs. #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a NULL segment selector. If the memory address is in a non-canonical form. #SS(0) If a memory operand effective address is outside the SS segment limit. If a memory address referencing the SS segment is in a non-canonical form. AESENC256KL—Perform 14 Rounds of AES Encryption Flow With Key Locker Using 256-Bit Key Vol. 2A 3-50
Flags Affected
ZF is set to 0 if the operation succeeded and set to 1 if the operation failed due to a handle violation. The other arithmetic flags (OF, SF, AF, PF, CF) are cleared to 0.