11-Security Command Reference

HomeSupportResource CenterNFVH3C VSRH3C VSRTechnical DocumentsCommandCommand ReferencesH3C VSR Series Virtual Services Routers Command References(V7)-R0621-6W30011-Security Command Reference
25-Crypto engine commands
Title Size Download
25-Crypto engine commands 44.54 KB

Crypto engine commands

display crypto-engine

Use display crypto-engine to display crypto engine information.

Syntax

display crypto-engine

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

If the device does not have hardware crypto engines, this command displays information only about software crypto engines.

Examples

# Display crypto engine information.

<Sysname> display crypto-engine

  Crypto engine name: Intel AES-NI engine

  Crypto engine state: Enabled

  Crypto engine type: Hardware

  Slot ID: 0

  CPU ID: 0

  Crypto engine ID: 0

  Crypto device name: Intel AES-NI device

  Crypto device serial number:

  Symmetric algorithms: aes-cbc

  Asymmetric algorithms:

  Random number generation function: Not Supported

 

  Crypto engine name: Software crypto engine

  Crypto engine state: Enabled

  Crypto engine type: Software

  Slot ID: 0

  CPU ID: 0

  Crypto engine ID: 1

  Crypto device name: Software

  Crypto device serial number:

  Symmetric algorithms:  des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac sm3 sm3-hmac sm4-cbc

  Asymmetric algorithms:

  Random number generation function: Supported

Table 1 Command output

Field

Description

Crypto engine state

Hardware crypto engine state:

·     Enabled.

·     Disabled.

This field always displays Enabled for software crypto engines.

Crypto engine type

Crypto engine type:

·     Hardware.

·     Software.

Crypto device name

Name of the crypto device.

This field displays Software for software crypto engines.

This field displays Intel AES-NI device for hardware crypto engines.

Crypto device serial number

Serial number of the crypto device.

This field is always empty for software crypto engines.

This field is always empty for hardware crypto engines.

Symmetric algorithms

Supported symmetric algorithms.

Asymmetric algorithms

Supported asymmetric algorithms.

Random number generation function

Whether random number generation function is supported:

·     Supported.

·     Not supported.

 

display crypto-engine statistics

Use display crypto-engine statistics to display crypto engine statistics.

Syntax

In standalone mode:

display crypto-engine statistics [ engine-id engine-id ]

In IRF mode:

display crypto-engine statistics [ engine-id engine-id slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295.

slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)

Usage guidelines

If hardware crypto engines are not enabled or the device does not have hardware crypto engines, this command displays statistics only for software crypto engines.

(In standalone mode.) If you do not specify any parameters, this command displays statistics for all crypto engines.

(In IRF mode.) If you do not specify any parameters, this command displays crypto engine statistics for all member devices.

Examples

# (In standalone mode.) Display all crypto engine statistics.

<Sysname> display crypto-engine statistics

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In IRF mode.) Display all crypto engine statistics.

<Sysname> display crypto-engine statistics

  Slot ID: 1

  CPU ID: 0

  Crypto engine ID: 0

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In standalone mode.) Display statistics for crypto engine 1.

<Sysname> display crypto-engine statistics engine-id 1

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In IRF mode.) Display statistics for crypto engine 1 on the specified slot.

<Sysname> display crypto-engine statistics engine-id 1 slot 1

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

Table 2 Command output

Field

Description

Submitted sessions

Number of established sessions.

Failed sessions

Number of failed sessions.

Symmetric operations

Number of operations using symmetric algorithms.

Symmetric errors

Number of failed operations using symmetric algorithms.

Asymmetric operations

Number of operations using asymmetric algorithms.

Asymmetric errors

Number of failed operations using asymmetric algorithms.

Get-random operations

Number of operations for obtaining random numbers.

Get-random errors

Number of failed operations for obtaining random numbers.

 

Related commands

reset crypto-engine statistics

reset crypto-engine statistics

Use reset crypto-engine statistics to clear crypto engine statistics.

Syntax

In standalone mode:

reset crypto-engine statistics [ engine-id engine-id ]

In IRF mode:

reset crypto-engine statistics [ engine-id engine-id slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295.

slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)

Usage guidelines

(In standalone mode.) If you do not specify any parameters, this command clears statistics for all crypto engines.

(In IRF mode.) If you do not specify any parameters, this command clears crypto engine statistics for all member devices.

Examples

# Clear statistics for all crypto engines.

<Sysname> reset crypto-engine statistics

# Clear statistics for crypto engine 1 on the specified slot.

<Sysname> reset crypto-engine statistics engine-id 1 slot 1

Related commands

display crypto-engine statistics