16-Security Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C Access Controllers Command References(R5426P02)-6W10416-Security Command Reference
20-Crypto engine commands
Title Size Download
20-Crypto engine commands 49.51 KB

Crypto engine commands

The following compatibility matrixes show the support of hardware platforms for crypto engines:

 

Hardware series

Model

Product code

Crypto engine compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes: WX2508H-PWR-LTE

No:

·     WX2510H

·     WX2510H-F

·     WX2540H

·     WX2540H-F

·     WX2560H

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

No: WX3508H

Yes:

·     WX3510H

·     WX3520H

·     WX3520H-F

·     WX3540H

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Crypto engine compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes:

·     WX1804H

·     WX1810H

·     WX1820H

No: WX1840H

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

The WX1800H series, WX2500H series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode.

display crypto-engine

Use display crypto-engine to display crypto engine information.

Syntax

display crypto-engine

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

If the device does not have hardware crypto engines, this command displays information only about software crypto engines.

Examples

# Display crypto engine information.

<Sysname> display crypto-engine

  Crypto engine name: Software crypto engine

  Crypto engine state: Enabled

  Crypto engine type: Software

  Slot ID: 1

  CPU ID: 0

  Crypto engine ID: 0

  Symmetric algorithms:  des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac

  Asymmetric algorithms:

  Random number generation function: Supported

 

  Crypto engine name: SAE-XLP

  Crypto engine state: Enabled

  Crypto engine type: Hardware

  Slot ID: 1

  CPU ID: 0

  Crypto engine ID: 1

  Symmetric algorithms: des-cbc des-ecb 3des-cbc 3des-ecb aes-cbc aes-ecb rc4 md5 sha1 md5-hmac sha1-hmac

  Asymmetric algorithms:

  Random number generation function: Supported

 

# Display crypto engine information.

<Sysname> display crypto-engine

  Crypto engine name: Software crypto engine

  Crypto engine state: Enabled

  Crypto engine type: Software

  Slot ID: 1

  CPU ID: 0

  Crypto engine ID: 0

  Symmetric algorithms:  des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac

  Asymmetric algorithms:

  Random number generation function: Supported

Table 1 Command output

Field

Description

Crypto engine state

Hardware crypto engine state:

·     Enabled.

·     Disabled.

This field always displays Enabled for software crypto engines.

Crypto engine type

Crypto engine type:

·     Hardware.

·     Software.

Symmetric algorithms

Supported symmetric algorithms.

Asymmetric algorithms

Supported asymmetric algorithms.

Random number generation function

Whether random number generation function is supported:

·     Supported.

·     Not supported.

 

display crypto-engine statistics

Use display crypto-engine statistics to display crypto engine statistics.

Syntax

In standalone mode:

display crypto-engine statistics [ engine-id engine-id ]

In IRF mode:

display crypto-engine statistics [ engine-id engine-id slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295

slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)

Usage guidelines

If hardware crypto engines are not enabled or the device does not have hardware crypto engines, this command displays statistics only for software crypto engines.

(In standalone mode.) If you do not specify any parameters, this command displays statistics for all crypto engines.

(In IRF mode.) If you do not specify any parameters, this command displays crypto engine statistics for all member devices.

Examples

# (In standalone mode.) Display all crypto engine statistics.

<Sysname> display crypto-engine statistics

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In IRF mode.) Display all crypto engine statistics.

<Sysname> display crypto-engine statistics

  Slot ID: 1

  CPU ID: 0

  Crypto engine ID: 0

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In standalone mode.) Display statistics for crypto engine 1.

<Sysname> display crypto-engine statistics engine-id 1

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

# (In IRF mode.) Display statistics for crypto engine 1 on the specified slot.

<Sysname> display crypto-engine statistics engine-id 1 slot 1

  Submitted sessions: 0

  Failed sessions: 0

  Symmetric operations: 0

  Symmetric errors: 0

  Asymmetric operations: 0

  Asymmetric errors: 0

  Get-random operations: 0

  Get-random errors: 0

Table 2 Command output

Field

Description

Submitted sessions

Number of established sessions.

Failed sessions

Number of failed sessions.

Symmetric operations

Number of operations using symmetric algorithms.

Symmetric errors

Number of failed operations using symmetric algorithms.

Asymmetric operations

Number of operations using asymmetric algorithms.

Asymmetric errors

Number of failed operations using asymmetric algorithms.

Get-random operations

Number of operations for obtaining random numbers.

Get-random errors

Number of failed operations for obtaining random numbers.

 

Related commands

reset crypto-engine statistics

reset crypto-engine statistics

Use reset crypto-engine statistics to clear crypto engine statistics.

Syntax

In standalone mode:

reset crypto-engine statistics [ engine-id engine-id ]

In IRF mode:

reset crypto-engine statistics [ engine-id engine-id slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295

slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)

Usage guidelines

(In standalone mode.) If you do not specify any parameters, this command clears statistics for all crypto engines.

(In IRF mode.) If you do not specify any parameters, this command clears crypto engine statistics for all member devices.

Examples

# Clear statistics for all crypto engines.

<Sysname> reset crypto-engine statistics

# Clear statistics for crypto engine 1 on the specified slot.

<Sysname> reset crypto-engine statistics engine-id 1 slot 1

Related commands

display crypto-engine statistics