encodekey256
Encode 256-bit Key
ENCODEKEY256 r32, r32
Wraps a 256-bit AES key into a handle.
Details
Wraps a 256-bit AES key (provided in XMM registers via the second operand's implicit XMM context) into an encrypted handle stored in memory. This instruction is part of Intel Key Locker and requires the KEYLOCKER CPU feature. It performs cryptographic key material encoding that protects against certain side-channel attacks. No flags are modified.
Pseudocode Operation
handle ← AES_KW_Wrap_256bit(key_material)
dest ← handle
// XMM registers implicitly contain the 256-bit key to be encoded
Example
ENCODEKEY256 eax, eax
Encoding
Binary Layout
F3
+0
0F
+1
38
+2
FB
+3
Operands
-
dest
32-bit general-purpose register (e.g. EAX) -
src
32-bit general-purpose register (e.g. EAX)
Reference (Intel® SDM)
Instruction Forms
| Opcode | Instruction | Op/En | 64/32-bit Mode | CPUID | Description |
|---|---|---|---|---|---|
| F3 0F 38 FB 11:rrr:bbb | ENCODEKEY256 r32, r32 <XMM0-6> | A | V/V | AESKLE | Wrap a 256-bit AES key from XMM1:XMM0 into a key handle and store it in XMM0—3. |
Instruction Operand Encoding
| Op/En | Tuple Type | Operand 1 | Operand 2 | Operand 3 | Operand 4 |
|---|---|---|---|---|---|
| A | N/A | ModRM:reg (w) | ModRM:r/m (r) | Implicit XMM0—1 (r, w) | Implicit XMM2—6 (w) |
Description
The ENCODEKEY2561 instruction wraps a 256-bit AES key from the implicit operand XMM1:XMM0 into a key handle that is then stored in the implicit destination operands XMM0-3.
The explicit source operand is a general-purpose register and specifies what handle restrictions should be built into the handle.
The explicit destination operand is populated with information on the source of the key and its attributes. XMM4 through XMM6 are reserved for future usages and software should not rely upon them being zeroed.
Operation
ENCODEKEY256 #GP (0) if a reserved bit2 in SRC[31:0] is set InputKey[255:0] := XMM1:XMM0; KeyMetadata[2:0] = SRC[2:0]; KeyMetadata[23:3] = 0; // Reserved for future usage KeyMetadata[27:24] = 1; // KeyType is AES-256 (value of 1) KeyMetadata[127:28] = 0; // Reserved for future usage // KeyMetadata is the AAD input and InputKey is the Plaintext input for WrapKey256 Handle[511:0] := WrapKey256(InputKey[255:0], KeyMetadata[127:0], IWKey.Integrity Key[127:0], IWKey.Encryption Key[255:0]); DEST[0] := IWKey.NoBackup; DEST[4:1] := IWKey.KeySource[3:0]; DEST[31:5] = 0; XMM0 := Handle[127:0]; // AAD XMM1 := Handle[255:128]; // Integrity Tag XMM2 := Handle[383:256]; // CipherText[127:0] XMM3 := Handle[511:384]; // CipherText[255:128] XMM4 := 0; // Reserved for future usage XMM5 := 0; // Reserved for future usage XMM6 := 0; // Reserved for future usage RFLAGS.OF, SF, ZF, AF, PF, CF := 0; 1. Further details on Key Locker and usage of this instruction can be found here: https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html. 2. SRC[31:3] are currently reserved for future usages. SRC[2], which indicates a no-decrypt restriction, is reserved if CPUID.19H:EAX[2] is 0. SRC[1], which indicates a no-encrypt restriction, is reserved if CPUID.19H:EAX[1] is 0. SRC[0], which indicates a CPL0-only restriction, is reserved if CPUID.19H:EAX[0] is 0. ENCODEKEY256—Encode 256-Bit Key With Key Locker Vol. 2A 3-285
Intel C/C++ Compiler Intrinsic Equivalent
ENCODEKEY256 unsigned int _mm_encodekey256_u32(unsigned int htype, __m128i key_lo, __m128i key_hi, void* h); Exceptions (All Operating Modes) #GP If reserved bit is set in source register value. #UD If the LOCK prefix is used. If CPUID.07H.00H:ECX.KEY_LOCKER[23] = 0. If CR4.KL = 0. If CPUID.19H:EBX.AESKLE[0] = 0. If CR0.EM = 1. If CR4.OSFXSR = 0. #NM If CR0.TS = 1. ENCODEKEY256—Encode 256-Bit Key With Key Locker Vol. 2A 3-286
Flags Affected
All arithmetic flags (OF, SF, ZF, AF, PF, CF) are cleared to 0. Although they are cleared for the currently defined operations, future extensions may report information in the flags.