SM4 encryption and decryption
This instruction reads 16 bytes of input data from each 128-bit segment of the first source vector, together with four iterations of 32-bit round keys from the corresponding 128-bit segments of the second source vector. Each block of data is encrypted by four rounds in accordance with the SM4 standard, and destructively placed in the corresponding segments of the first source vector. This instruction is unpredicated.
ID_AA64ZFR0_EL1.SM4 indicates whether this instruction is implemented.
This instruction is illegal when executed in Streaming SVE mode, unless FEAT_SME_FA64 is implemented and enabled.
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| 0 | 1 | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 0 | 0 | 0 | Zm | Zdn | ||||||||
| size | op | o2 | |||||||||||||||||||||||||||||
if !IsFeatureImplemented(FEAT_SVE_SM4) then EndOfDecode(Decode_UNDEF); end; let m : integer = UInt(Zm); let dn : integer = UInt(Zdn);
| <Zdn> |
Is the name of the first source and destination scalable vector register, encoded in the "Zdn" field. |
| <Zm> |
Is the name of the second source scalable vector register, encoded in the "Zm" field. |
CheckNonStreamingSVEEnabled(); let VL : integer{} = CurrentVL(); let segments : integer = VL DIV 128; let operand1 : bits(VL) = Z{}(dn); let operand2 : bits(VL) = Z{}(m); var result : bits(VL); for s = 0 to segments-1 do let key : bits(128) = operand2[s*:128]; var intval : bits(32); var roundresult : bits(128) = operand1[s*:128]; var roundkey : bits(32); for index = 0 to 3 do roundkey = key[index*:32]; intval = roundresult[127:96] XOR roundresult[95:64] XOR roundresult[63:32] XOR roundkey; for i = 0 to 3 do intval[i*:8] = Sbox(intval[i*:8]); end; intval = (intval XOR ROL(intval, 2) XOR ROL(intval, 10) XOR ROL(intval, 18) XOR ROL(intval, 24)); intval = intval XOR roundresult[31:0]; roundresult[31:0] = roundresult[63:32]; roundresult[63:32] = roundresult[95:64]; roundresult[95:64] = roundresult[127:96]; roundresult[127:96] = intval; end; result[s*:128] = roundresult; end; Z{VL}(dn) = result;
This instruction is a data-independent-time instruction as described in About PSTATE.DIT.
2026-03_rel 2026-03-26 20:48:11
Copyright © 2010-2026 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.