AESDECLAST—Perform Last Round of an AES Decryption Flow

Opcode/

Op/

64/32-bit

CPUID

Description

Instruction

En

Mode

Feature Flag

66 0F 38 DF /r

A

V/V

AES

Perform the last round of an AES decryption flow,

AESDECLAST xmm1, xmm2/m128

using the Equivalent Inverse Cipher, using one 128-bit data (state) from xmm1 with one 128-bit round key from xmm2/m128.

VEX.128.66.0F38.WIG DF /r

B

V/V

AES

Perform the last round of an AES decryption flow,

VAESDECLAST xmm1, xmm2, xmm3/m128

AVX

using the Equivalent Inverse Cipher, using one 128-bit data (state) from xmm2 with one 128-bit round key from xmm3/m128; store the result in xmm1.

VEX.256.66.0F38.WIG DF /r

B

V/V

VAES

Perform the last round of an AES decryption flow,

VAESDECLAST ymm1, ymm2, ymm3/m256

using the Equivalent Inverse Cipher, using two 128-bit data (state) from ymm2 with two 128-bit round keys from ymm3/m256; store the result in ymm1.

EVEX.128.66.0F38.WIG DF /r

C

V/V

VAES

Perform the last round of an AES decryption flow,

VAESDECLAST xmm1, xmm2, xmm3/m128

AVX512VL

using the Equivalent Inverse Cipher, using one 128-bit data (state) from xmm2 with one 128-bit round key from xmm3/m128; store the result in xmm1.

EVEX.256.66.0F38.WIG DF /r

C

V/V

VAES

Perform the last round of an AES decryption flow,

VAESDECLAST ymm1, ymm2, ymm3/m256

AVX512VL

using the Equivalent Inverse Cipher, using two 128-bit data (state) from ymm2 with two 128-bit round keys from ymm3/m256; store the result in ymm1.

EVEX.512.66.0F38.WIG DF /r

C

V/V

VAES

Perform the last round of an AES decryption flow,

VAESDECLAST zmm1, zmm2, zmm3/m512

AVX512F

using the Equivalent Inverse Cipher, using four128-bit data (state) from zmm2 with four 128-bit round keys from zmm3/m512; store the result in zmm1.

Instruction Operand Encoding

Op/En

Tuple

Operand 1

Operand 2

Operand 3

Operand 4

A

NA

ModRM:reg (r, w)

ModRM:r/m (r)

NA

NA

B

NA

ModRM:reg (w)

VEX.vvvv (r)

ModRM:r/m (r)

NA

C

Full Mem

ModRM:reg (w)

EVEX.vvvv (r)

ModRM:r/m (r)

NA

Description

This instruction performs the last round of the AES decryption flow using the Equivalent Inverse Cipher, using one/two/four (depending on vector length) 128-bit data (state) from the first source operand with one/two/four (depending on vector length) round key(s) from the second source operand, and stores the result in the destination operand.

VEX and EVEX encoded versions of the instruction allow 3-operand (non-destructive) operation. The legacy encoded versions of the instruction require that the first source operand and the destination operand are the same and must be an XMM register.

The EVEX encoded form of this instruction does not support memory fault suppression.

Operation

AESDECLAST

STATE := SRC1;
RoundKey := SRC2;
STATE := InvShiftRows( STATE );
STATE := InvSubBytes( STATE );
DEST[127:0] := STATE XOR RoundKey;
DEST[MAXVL-1:128] (Unmodified)

VAESDECLAST (128b and 256b VEX encoded versions)

(KL,VL) = (1,128), (2,256)
FOR i = 0 to KL-1:
    STATE := SRC1.xmm[i]
    RoundKey := SRC2.xmm[i]
    STATE := InvShiftRows( STATE )
    STATE := InvSubBytes( STATE )
    DEST.xmm[i] := STATE XOR RoundKey
DEST[MAXVL-1:VL] := 0

VAESDECLAST (EVEX encoded version)

(KL,VL) = (1,128), (2,256), (4,512)
FOR i = 0 to KL-1:
    STATE := SRC1.xmm[i]
    RoundKey := SRC2.xmm[i]
    STATE := InvShiftRows( STATE )
    STATE := InvSubBytes( STATE )
    DEST.xmm[i] := STATE XOR RoundKey
DEST[MAXVL-1:VL] := 0

Intel C/C++ Compiler Intrinsic Equivalent

(V)AESDECLAST

__m128i _mm_aesdeclast (__m128i, __m128i)

VAESDECLAST

__m256i _mm256_aesdeclast_epi128(__m256i, __m256i);

VAESDECLAST

__m512i _mm512_aesdeclast_epi128(__m512i, __m512i);

SIMD Floating-Point Exceptions

None

Other Exceptions

See Table 2-21, “Type 4 Class Exception Conditions”.

EVEX-encoded: See Table 2-50, “Type E4NF Class Exception Conditions”.