List of x86 cryptographic instructions

Instructions that have been added to the x86 instruction set in order to assist efficient calculation of cryptographic primitives, such as e.g. AES encryption, SHA hash calculation and random number generation.

6 new instructions.

These instructions provide support for cryptographic hash functions such as SHA-1, SHA-256, SHA-512 and SM3. Each of these hash functions works on fixed-size data blocks, where the processing of each data-block mostly consists of two major phases:

• First expand the data-block using a message schedule (that is specific to each hash function)
• Then perform a series of rounds of a compression function to combine the expanded data into a hash state.

For each of the supported hash functions, separate instructions are provided to help compute the message schedule and to help perform the compression function rounds.

These instructions, available in Tiger Lake and later Intel processors, are designed to enable encryption/decryption with an AES key without having access to any unencrypted copies of the key during the actual encryption/decryption process.

The VIA/Zhaoxin PadLock instructions are instructions designed to apply cryptographic primitives in bulk, similar to the 8086 repeated string instructions. As such, unless otherwise specified, they take, as applicable, pointers to source data in ES:rSI and destination data in ES:rDI, and a data-size or count in rCX. Like the old string instructions, they are all designed to be interruptible.