AESDECLAST: Perform Last Round of AES Decryption

For information about interpreting this page, see the help page.
Opcode and MnemonicEncoding16 bit Mode32 bit Mode64 bit ModeCPUID Feature FlagDescription
66 0F 38 DF /r
AESDECLAST xmm1, xmm2/m128
LEGACYInvalidValidValidAESPerforms the last round of AES decryption using one 128 bit state from xmm1 with one 128 bit round key from xmm2/m128. Stores the result in xmm1.
VEX.128.66.0F38.WIG DF /r
VAESDECLAST xmm1, xmm2, xmm2/m128
VEXInvalidValidValidAES
AVX
Performs the last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Stores the result in xmm1.
VEX.256.66.0F38.WIG DF /r
VAESDECLAST ymm1, ymm2, ymm2/m256
VEXInvalidValidValidVAESPerforms the last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Stores the results in ymm1.
EVEX.128.66.0F38.WIG DF /r
VAESDECLAST xmm1, xmm2, xmm2/m128
EVEXInvalidValidValidVAES
AVX512VL
Performs the last round of AES decryption using one 128 bit state from xmm2 with one 128 bit round key from xmm3/m128. Stores the result in xmm1.
EVEX.256.66.0F38.WIG DF /r
VAESDECLAST ymm1, ymm2, ymm2/m256
EVEXInvalidValidValidVAES
AVX512VL
Performs the last round of AES decryption using two 128 bit states from ymm2 with two 128 bit round keys from ymm3/m256. Stores the results in ymm1.
EVEX.512.66.0F38.WIG DF /r
VAESDECLAST zmm1, zmm2, zmm2/m512
EVEXInvalidValidValidVAES
AVX512VL
Performs the last round of AES decryption using four 128 bit states from zmm2 with four 128 bit round keys from zmm3/m512. Stores the results in zmm1.

Encoding

EncodingTuple TypeOperand 1Operand 2Operand 3
LEGACYN/AModRM.reg[rw]ModRM.r/m[r]
VEXN/AModRM.reg[w]VEX.vvvv[r]ModRM.r/m[r]
EVEXFullModRM.reg[w]EVEX.vvvv[r]ModRM.r/m[r]

Description

The (V)AESDECLAST instruction performs the last round of AES decryption using one, two, or four 128 bit states from the first source operand using 128 bit round keys from the second source operand. The result is stored in in the destination operand.

Due to the nature of AES, this instruction must be used for the last decryption round. For all but the last, use the AESDEC (Perform One Round of AES Decryption) instruction. Failure to do this correctly will result in an incorrect result after all the rounds.

The EVEX form of this instruction does not support memory fault suppression.

All versions except the legacy SSE version zero the unused upper SIMD register bits.

Operation

This pseudo-code uses C# syntax. A list of the types used is available here.
public void AESDECLAST(SimdU128 dest, SimdU128 src)
{
  U128 state = dest[0];
  state = AesInvShiftRows(state);
  state = AesInvSubBytes(state);
  dest[0] = state ^ src[0];
  // dest[1..Simd.MAX] (unmodified)
}

void VAESDECLAST(SimdU128 dest, SimdU128 src1, SimdU128 src2, int kl)
{
  for (int n = 0; n < kl, n++)
  {
    U128 state = src1[n];
    state = AesInvShiftRows(state);
    state = AesInvSubBytes(state);
    dest[n] = state ^ src2[n];
  }
  dest[kl..Simd.MAX] = 0;
}
public void VAESDECLAST_Vex128(SimdU128 dest, SimdU128 src1, SimdU128 src2)
{
  VAESDECLAST(dest, src1, src2, 1);
}
public void VAESDECLAST_Vex256(SimdU128 dest, SimdU128 src1, SimdU128 src2)
{
  VAESDECLAST(dest, src1, src2, 2);
}

public void VAESDECLAST_Evex128(SimdU128 dest, SimdU128 src1, SimdU128 src2)
{
  VAESDECLAST(dest, src1, src2, 1);
}
public void VAESDECLAST_Evex256(SimdU128 dest, SimdU128 src1, SimdU128 src2)
{
  VAESDECLAST(dest, src1, src2, 2);
}
public void VAESDECLAST_Evex512(SimdU128 dest, SimdU128 src1, SimdU128 src2)
{
  VAESDECLAST(dest, src1, src2, 4);
}

C Intrinsics

Exceptions

SIMD Floating-Point

None

Other

VEX encoded form: see Exceptions Type 4.

EVEX encoded form: see Exceptions Type E4NF.