Arch86

Opcode	Encoding	16-bit	32-bit	64-bit	`CPUID` Feature Flag(s)	Description
`66 0F 38 DF /r` `AESDECLAST xmm1, xmm2/m128`	`rm`	Invalid	Valid	Valid	`aes`	Perform last round of AES decryption using one 128 bit state from xmm1 with one 128 bit round key from xmm2/m128. Store the result in xmm1.
Opcode: `66 0F 38 DF /r` Mnemonic: `AESDECLAST xmm1, xmm2/m128` Encoding: `rm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `aes` Perform last round of AES decryption using one 128 bit state from xmm1 with one 128 bit round key from xmm2/m128. Store the result in xmm1.
`VEX.128.66.0F38.WIG DF /r` `VAESDECLAST xmm1, xmm2, xmm3/m128`	`rvm`	Invalid	Valid	Valid	`avx` `aes`	Perform last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Store the result in xmm1.
Opcode: `VEX.128.66.0F38.WIG DF /r` Mnemonic: `VAESDECLAST xmm1, xmm2, xmm3/m128` Encoding: `rvm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `avx`, `aes` Perform last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Store the result in xmm1.
`VEX.256.66.0F38.WIG DF /r` `VAESDECLAST ymm1, ymm2, ymm3/m256`	`rvm`	Invalid	Valid	Valid	`avx` `vaes`	Perform last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Store the result in ymm1.
Opcode: `VEX.256.66.0F38.WIG DF /r` Mnemonic: `VAESDECLAST ymm1, ymm2, ymm3/m256` Encoding: `rvm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `avx`, `vaes` Perform last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Store the result in ymm1.
`EVEX.128.66.0F38.WIG DF /r` `VAESDECLAST xmm1, xmm2, xmm3/m128`	`ervm`	Invalid	Valid	Valid	`avx512-f` `avx512-vl` `vaes`	Perform last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Store the result in xmm1.
Opcode: `EVEX.128.66.0F38.WIG DF /r` Mnemonic: `VAESDECLAST xmm1, xmm2, xmm3/m128` Encoding: `ervm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `avx512-f`, `avx512-vl`, `vaes` Perform last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Store the result in xmm1.
`EVEX.256.66.0F38.WIG DF /r` `VAESDECLAST ymm1, ymm2, ymm3/m256`	`ervm`	Invalid	Valid	Valid	`avx512-f` `avx512-vl` `vaes`	Perform last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Store the result in ymm1.
Opcode: `EVEX.256.66.0F38.WIG DF /r` Mnemonic: `VAESDECLAST ymm1, ymm2, ymm3/m256` Encoding: `ervm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `avx512-f`, `avx512-vl`, `vaes` Perform last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Store the result in ymm1.
`EVEX.128.66.0F38.WIG DF /r` `VAESDECLAST zmm1, zmm2, zmm3/m512`	`ervm`	Invalid	Valid	Valid	`avx512-f` `vaes`	Perform last round of AES decryption using four 128 bit states from zmm2 with four 128 bit round keys from zmm4/m512. Store the result in zmm1.
Opcode: `EVEX.128.66.0F38.WIG DF /r` Mnemonic: `VAESDECLAST zmm1, zmm2, zmm3/m512` Encoding: `ervm` Validity (16/32/64 bit): invalid, valid, valid `CPUID` Feature Flag(s): `avx512-f`, `vaes` Perform last round of AES decryption using four 128 bit states from zmm2 with four 128 bit round keys from zmm4/m512. Store the result in zmm1.

Encoding

Encoding	Operand 1	Operand 2	Operand 3	Operand 4
`rm`	`n/a`	`ModRM.reg[rw]`	`ModRM.r/m[r]`
`rvm`	`n/a`	`ModRM.reg[rw]`	`VEX.vvvv[r]`	`ModRM.r/m[r]`
`ervm`	`full-mem`	`ModRM.reg[rw]`	`EVEX.vvvvv[r]`	`ModRM.r/m[r]`

Description

The (V)AESDECLAST instruction performs the last round of AES decryption using one, two, or four 128 bit states from the first source operand using 128 bit round keys from the second source operand. The result is stored in in the destination operand.

Due to the nature of AES, this instruction must be used for only the last decryption round. For all previous rounds, use the AESDEC (Perform One Round of AES Decryption) instruction.

All forms except the legacy SSE one will zero the upper (untouched) bits.

Operation

public void AESDECLAST(SimdU128 dest, SimdU128 src)
{
    U128 state = dest[0];
    state = AesInvShiftRows(state);
    state = AesInvSubBytes(state);
    dest[0] = state ^ src[0];
    // dest[1..] is unmodified
}

void VAESDECLAST(SimdU128 dest, SimdU128 src1, SimdU128 src2, int kl)
{
    for (int n = 0; n < kl; n++)
    {
        U128 state = src1[n];
        state = AesInvShiftRows(state);
        state = AesInvSubBytes(state);
        dest[n] = state ^ src2[n];
    }
    dest[kl..] = 0;
}

public void VAESDECLAST_Vex128(SimdU128 dest, SimdU128 src1, SimdU128 src2) =>
    VAESDECLAST(dest, src1, src2, 1);
public void VAESDECLAST_Vex256(SimdU128 dest, SimdU128 src1, SimdU128 src2) =>
    VAESDECLAST(dest, src1, src2, 2);

public void VAESDECLAST_Evex128(SimdU128 dest, SimdU128 src1, SimdU128 src2) =>
    VAESDECLAST(dest, src1, src2, 1);
public void VAESDECLAST_Evex256(SimdU128 dest, SimdU128 src1, SimdU128 src2) =>
    VAESDECLAST(dest, src1, src2, 2);
public void VAESDECLAST_Evex512(SimdU128 dest, SimdU128 src1, SimdU128 src2) =>
    VAESDECLAST(dest, src1, src2, 4);

Intrinsics

__m128i _mm_aesdeclast(__m128i state, __m128i key)

__m256i _mm256_aesdeclast_epi128(__m256i state, __m256i key)

__m512i _mm512_aesdeclast_epi128(__m512i state, __m512i key)

Exceptions

SIMD Floating-Point

None.

Other Exceptions

VEX Encoded Form: See Type 4 Exception Conditions.
EVEX Encoded Form: See Type E4NF Exception Conditions.