Perform 14 Rounds of AES-256 Encryption with Key Locker on Eight Blocks

Encoding

EncodingOperand
mModRM.r/m[r]

Description

The AESENCWIDE256KL instruction performs 14 rounds of AES-256 encryption against eight separate blocks stored in XMM0 through XMM7. The operand points to a 512 bit key locker handle containing the key. If the handle is legal and authentic, the results are stored in the register the data came from.

Operation

public void AESENCWIDE256KL(bit[] handle)
{
    bool illegal =
        HandleAnyReservedBitSet(handle) ||
        (handle[0] && CPL > 0) ||
        handle[2] ||
        HandleKeyType(handle) != HANDLE_KEY_TYPE_AES256;

    if (illegal)
    {
        EFLAGS.ZF = true;
    }
    else
    {
        bool authentic = UnwrapKeyAndAuthenticate512(handle, out U256 key);
        if (!authentic)
        {
            EFLAGS.ZF = true;
        }
        else
        {
            XMM0 = AES256Encrypt(XMM0, key);
            XMM1 = AES256Encrypt(XMM1, key);
            XMM2 = AES256Encrypt(XMM2, key);
            XMM3 = AES256Encrypt(XMM3, key);
            XMM4 = AES256Encrypt(XMM4, key);
            XMM5 = AES256Encrypt(XMM5, key);
            XMM6 = AES256Encrypt(XMM6, key);
            XMM7 = AES256Encrypt(XMM7, key);
            EFLAGS.ZF = false;
        }
    }

    EFLAGS.CF = false;
    EFLAGS.PF = false;
    EFLAGS.AF = false;
    // EFLAGS.ZF handled above
    EFLAGS.SF = false;
    EFLAGS.OF = false;
}

Flags Affected

CF (carry flag)
Cleared.
PF (parity flag)
Cleared.
AF (auxiliary flag)
Cleared.
ZF (zero flag)
Cleared if the handle was legal and authentic. Set otherwise.
SF (sign flag)
Cleared.
OF (overflow flag)
Cleared.

Intrinsics

Exceptions

Real-Address Mode

#UD
  • If in Real Mode.

Virtual-8086 Mode

#UD
  • If in Virtual-8086 Mode.

Protected Mode

#UD
  • If any of the required CPUID feature flags need enabling, but are not.
  • If the LOCK prefix is used.
  • If CR0.EM is set.
  • If CR0.TS is set.
  • If CR4.OSFXSR is cleared.
  • If CR4.KL is cleared.
#NM
  • If
  • CR0.TS
  • is set.
#SS(0)
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#GP(0)
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#PF(fc)
  • If a page fault occurs.

Compatibility Mode

#UD
  • If any of the required CPUID feature flags need enabling, but are not.
  • If the LOCK prefix is used.
  • If CR0.EM is set.
  • If CR0.TS is set.
  • If CR4.OSFXSR is cleared.
  • If CR4.KL is cleared.
#NM
  • If
  • CR0.TS
  • is set.
#SS(0)
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#GP(0)
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#PF(fc)
  • If a page fault occurs.

Long Mode

#UD
  • If any of the required CPUID feature flags need enabling, but are not.
  • If the LOCK prefix is used.
  • If CR0.EM is set.
  • If CR0.TS is set.
  • If CR4.OSFXSR is cleared.
  • If CR4.KL is cleared.
#NM
  • If
  • CR0.TS
  • is set.
#SS(0)
  • If a memory operand using the SS segment is in non-canonical form.
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand using the SS segment has an effective address that is outside the SS segment's limit.
#GP(0)
  • If a memory operand (using a segment other than SS) is in non-canonical form.
  • If a memory operand uses a segment containing a NULL selector.
  • If a memory operand (using a segment other than SS) has an effective address that is outside the segment's limit.
#PF(fc)
  • If a page fault occurs.