Arch86

Opcode	Encoding	16-bit	32-bit	64-bit	`CPUID` Feature Flag(s)	Description
`F3 0F 38 DF !(11):rrr:bbb` `AESDEC256KL xmm1, m512`	`rm`	Invalid	Valid	Valid	`kl` `aeskle`	Decrypt xmm1 using a 256 bit AES key indicated by the handle in m512. Store the result in xmm1.
Opcode: `F3 0F 38 DF !(11):rrr:bbb` Mnemonic: `AESDEC256KL xmm1, m512` Encoding: `rm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `kl`, `aeskle` Decrypt xmm1 using a 256 bit AES key indicated by the handle in m512. Store the result in xmm1.

Encoding

Encoding	Operand 1	Operand 2
`mr`	`ModRM.reg[rw]`	`ModRM.r/m[r]`

Description

The AESDEC256KL instruction performs 14 rounds of AES-256 to decrypt the first operand. The second operand points to a 512 bit key locker handle containing the key. If the handle is legal and authentic, the result is stored in the first operand.

Operation

public void AESDEC256KL(ref U128 dest, bit[] handle)
{
    bool illegal =
        HandleAnyReservedBitSet(handle) ||
        (handle[0] && CPL > 0) ||
        handle[2] ||
        HandleKeyType(handle) != HANDLE_KEY_TYPE_AES256;

    if (illegal)
    {
        EFLAGS.ZF = true;
    }
    else
    {
        bool authentic = UnwrapKeyAndAuthenticate512(handle, out U256 key);
        if (!authentic)
        {
            EFLAGS.ZF = true;
        }
        else
        {
            dest = AES256Decrypt(dest, key);
            EFLAGS.ZF = false;
        }
    }

    EFLAGS.CF = false;
    EFLAGS.PF = false;
    EFLAGS.AF = false;
    // EFLAGS.ZF handled above
    EFLAGS.SF = false;
    EFLAGS.OF = false;
}

Flags Affected

CF (carry flag): Cleared.
PF (parity flag): Cleared.
AF (auxiliary flag): Cleared.
ZF (zero flag): Cleared if the handle was legal and authentic. Set otherwise.
SF (sign flag): Cleared.
OF (overflow flag): Cleared.

Intrinsics

unsigned char _mm_aesdec256kl_u8(__m128i* odata, __m128i idata, const void* h)

Exceptions

Real-Address Mode

#UD

If in Real Mode.

Virtual-8086 Mode

#UD

If in Virtual-8086 Mode.

Protected Mode

#UD

If any of the required CPUID feature flags need enabling, but are not.
If the LOCK prefix is used.
If CR0.EM is set.
If CR0.TS is set.
If CR4.OSFXSR is cleared.
If CR4.KL is cleared.

#NM

If
CR0.TS
is set.

#SS(0)

If a memory operand uses a segment containing a NULL selector.
If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.

#GP(0)

If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#PF(fc)

If a page fault occurs.

Compatibility Mode

#UD

If any of the required CPUID feature flags need enabling, but are not.
If the LOCK prefix is used.
If CR0.EM is set.
If CR0.TS is set.
If CR4.OSFXSR is cleared.
If CR4.KL is cleared.

#NM

If
CR0.TS
is set.

#SS(0)

If a memory operand uses a segment containing a NULL selector.
If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.

#GP(0)

If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#PF(fc)

If a page fault occurs.

Long Mode

#UD

If any of the required CPUID feature flags need enabling, but are not.
If the LOCK prefix is used.
If CR0.EM is set.
If CR0.TS is set.
If CR4.OSFXSR is cleared.
If CR4.KL is cleared.

#NM

If
CR0.TS
is set.

#SS(0)

If a memory operand using the SS segment is in non-canonical form.
If a memory operand uses a segment containing a NULL selector.
If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.

#GP(0)

If a memory operand (using a segment other than SS) is in non-canonical form.
If a memory operand uses a segment containing a NULL selector.
If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.

#PF(fc)

If a page fault occurs.