aesencwide128kl
AES Encrypt Wide 128-bit Key Locker
AESENCWIDE128KL m128
Encrypts 8 blocks using 128-bit Key Locker handle.
Details
Encrypts eight 128-bit blocks in parallel using a 128-bit Key Locker handle, performing wide-block AES encryption for high-throughput scenarios. The handle is loaded from memory and used to derive keys without exposing them, setting ZF to indicate success. This instruction operates on XMM0-XMM7 implicitly as input and output blocks, and clears sensitive key material after use.
Pseudocode Operation
handle ← [handle_mem]; if (valid_handle) { XMM0-XMM7 ← AES_ENC_WIDE_128(XMM0-XMM7, handle); ZF ← 0; } else { ZF ← 1; }
Example
AESENCWIDE128KL [rbp-16]
Encoding
Binary Layout
F3
+0
0F
+1
38
+2
D8
+3
Operands
-
handle
Mem
Reference (Intel® SDM)
Instruction Forms
| Opcode | Instruction | Op/En | 64/32-bit Mode | CPUID | Description |
|---|---|---|---|---|---|
| F3 0F 38 D8 !(11):000:bbb | AESENCWIDE128KL m384, <XMM0-7> | A | V/V | AES_WIDE | Encrypt XMM0-7 using 128-bit AES key indicated by handle at m384 and store each resultant block back to its corresponding register. |
Instruction Operand Encoding
| Op/En | Operand 1 | Operand 2 | Operand 3 |
|---|---|---|---|
| A | N/A | ModRM:r/m (r) | Implicit XMM0-7 (r, w) |
Description
The AESENCWIDE128KL1 instruction performs ten rounds of AES to encrypt each of the eight blocks in XMM0-7 using the 128-bit key indicated by the handle from the second operand. It replaces each input block in XMM0-7 with its corresponding encrypted block if the operation succeeds (e.g., does not run into a handle violation failure).
Operation
AESENCWIDE128KL Handle := UnalignedLoad of 384 bit (SRC); // Load is not guaranteed to be atomic. Illegal Handle = ( HandleReservedBitSet (Handle) || (Handle[0] AND (CPL > 0)) || Handle [1] || HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES128 ); IF (Illegal Handle) THEN RFLAGS.ZF := 1; ELSE (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey); IF Authentic == 0 THEN RFLAGS.ZF := 1; ELSE XMM0 := AES128Encrypt (XMM0, UnwrappedKey) ; XMM1 := AES128Encrypt (XMM1, UnwrappedKey) ; XMM2 := AES128Encrypt (XMM2, UnwrappedKey) ; XMM3 := AES128Encrypt (XMM3, UnwrappedKey) ; XMM4 := AES128Encrypt (XMM4, UnwrappedKey) ; XMM5 := AES128Encrypt (XMM5, UnwrappedKey) ; XMM6 := AES128Encrypt (XMM6, UnwrappedKey) ; XMM7 := AES128Encrypt (XMM7, UnwrappedKey) ; RFLAGS.ZF := 0; FI; FI; RFLAGS.OF, SF, AF, PF, CF := 0; 1. Further details on Key Locker and usage of this instruction can be found here: https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html. AESENCWIDE128KL—Perform Ten Rounds of AES Encryption Flow With Key Locker on 8 Blocks Using 128-Bit Key Vol. 2A 3-53
Intel C/C++ Compiler Intrinsic Equivalent
AESENCWIDE128KLunsigned char _mm_aesencwide128kl_u8(__m128i odata[8], const __m128i idata[8], const void* h); Exceptions (All Operating Modes) #UD If the LOCK prefix is used. If CPUID.07H.00H:ECX.KEY_LOCKER[23] = 0. If CR4.KL = 0. If CPUID.19H:EBX.AESKLE[0] = 0. If CR0.EM = 1. If CR4.OSFXSR = 0. If CPUID.19H:EBX.AES_WIDE[2] = 0. #NM If CR0.TS = 1. #PF If a page fault occurs. #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a NULL segment selector. If the memory address is in a non-canonical form. #SS(0) If a memory operand effective address is outside the SS segment limit. If a memory address referencing the SS segment is in a non-canonical form. AESENCWIDE128KL—Perform Ten Rounds of AES Encryption Flow With Key Locker on 8 Blocks Using 128-Bit Key Vol. 2A 3-54
Flags Affected
ZF is set to 0 if the operation succeeded and set to 1 if the operation failed due to a handle violation. The other arithmetic flags (OF, SF, AF, PF, CF) are cleared to 0.