Before you execute this command, make sure the device is installed with the GM-capable hardware crypto engine. If you fail to do so, data encryption/decryption by GM algorithms might terminates due to lack of the corresponding hardware crypto engine, which will interrupts the services related with GM algorithms. To identify whether a GM-capable hardware crypto engine is available, execute the display crypto-engine accelerator gm-algorithm status command. As a best practice, do not use the GM-capable hardware crypto engine for device management services. If you fail to do so, you will fail to log in to the device when the GM-capable hardware crypto engine is faulty.

Compatibility description

Only the devices with GM-capable hardware crypto engines supports this command.

Application scenarios

By default, the device uses software crypto engines for data encryption/decryption by GM algorithms, including SM2, SM3, and SM4 algorithms. That is, the system uses its own software algorithms for data encryption/decryption. This consumes system resources and is less efficient. When the device is installed with the GM-capable hardware crypto engine, you can execute this command to enable the hardware crypto engine for a specific GM algorithm. Then, data encryption/decryption by that GM algorithm will not consume system resources, which improves device processing efficiency.

Restrictions and guidelines

You can execute this command multiple times to specify multiple GM algorithms.

Examples

# Enable the GM-capable hardware crypto engine for SM2 algorithm.

<Sysname> system-view

[Sysname] crypto-engine accelerator enable gm-algorithm sm2

Related commands

display crypto-engine accelerator gm-algorithm status

display crypto-engine

Use display crypto-engine to display crypto engine information.

Syntax

display crypto-engine

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display crypto engine information.

<Sysname> display crypto-engine

Crypto engine name: Software crypto engine

Crypto engine state: Enabled

Crypto engine type: Software

Slot ID: 1

CPU ID:0

Crypto engine ID: 0

Crypto device name: Software

Crypto device serial number:

Symmetric algorithms: des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac

Asymmetric algorithms:

Random number generation function: Supported

Table 1 Command output

Field	Description
Crypto engine state	This field always displays Enabled for software crypto engines.
Crypto engine type	Crypto engine type, which is Software.
Crypto device name	Name of the crypto device. This field displays Software for software crypto engines.
Crypto device serial number	Serial number of the crypto device. This field is always empty for software crypto engines.
Symmetric algorithms	Supported symmetric algorithms.
Asymmetric algorithms	Supported asymmetric algorithms.
Random number generation function	Whether random number generation function is supported: · Supported. · Not supported.

‌

display crypto-engine accelerator gm-algorithm status

Use display crypto-engine accelerator gm-algorithm status to display the enabling status of the GM-capable hardware crypto engine for GM algorithms.

Syntax

display crypto-engine accelerator gm-algorithm status

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

You can install a GM-capable hardware crypto engine to the device and execute the crypto-engine accelerator enable gm-algorithm command to enable the GM-capable hardware crypto engine for GM algorithms. In this case, you can execute the display crypto-engine accelerator gm-algorithm status command to obtain whether the GM-capable hardware crypto engine is available and enabled for the specified GM algorithms.

Examples

# Display crypto engine acceleration status for GM algorithms when a GM-capable hardware crypto engine is installed.

<Sysname> display crypto-engine accelerator gm-algorithm status

sm2: Accelerating

sm3: Accelerating

sm4: Disable

Table 2 Command output

Field	Description
sm2	Status of the GM-capable hardware crypto engine for SM2 algorithm: · Accelerating—The GM-capable hardware crypto engine is enabled for SM2 algorithm. · Not accelerating (no available hardware engine)—No GM-capable hardware crypto engine is available. · Disable—The GM-capable hardware crypto engine is disabled for SM2 algorithm.
sm3	Status of the GM-capable hardware crypto engine for SM3 algorithm: · Accelerating—The GM-capable hardware crypto engine is enabled for SM2 algorithm. · Not accelerating (no available hardware engine)—No GM-capable hardware crypto engine is available. · Disable—The GM-capable hardware crypto engine is disabled for SM3 algorithm.
sm4	Status of the GM-capable hardware crypto engine for SM4 algorithm: · Accelerating—The GM-capable hardware crypto engine is enabled for SM4 algorithm. · Not accelerating (no available hardware engine)—No GM-capable hardware crypto engine is available. · Disable—The GM-capable hardware crypto engine is disabled for SM4 algorithm.

Related commands

crypto-engine accelerator enable gm-algorithm

display crypto-engine statistics

Use display crypto-engine statistics to display crypto engine statistics.

Syntax

display crypto-engine statistics [ engine-id engine-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295.

Usage guidelines

‌If you do not specify any parameters, this command displays statistics for all crypto engines.

Examples

# ‌Display all crypto engine statistics.

<Sysname> display crypto-engine statistics

Submitted sessions: 0

Failed sessions: 0

Symmetric operations: 0

Symmetric errors: 0

Asymmetric operations: 0

Asymmetric errors: 0

Get-random operations: 0

Get-random errors: 0

Table 3 Command output

Field	Description
Submitted sessions	Number of established sessions.
Failed sessions	Number of failed sessions.
Symmetric operations	Number of operations using symmetric algorithms.
Symmetric errors	Number of failed operations using symmetric algorithms.
Asymmetric operations	Number of operations using asymmetric algorithms.
Asymmetric errors	Number of failed operations using asymmetric algorithms.
Get-random operations	Number of operations for obtaining random numbers.
Get-random errors	Number of failed operations for obtaining random numbers.

Related commands

reset crypto-engine statistics

Use reset crypto-engine statistics to clear crypto engine statistics.

Syntax

reset crypto-engine statistics [ engine-id engine-id ]

Views

User view

Predefined user roles

network-admin

Parameters

engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295.

Usage guidelines

‌If you do not specify any parameters, this command clears statistics for all crypto engines.

Examples

# Clear statistics for all crypto engines.

<Sysname> reset crypto-engine statistics

Related commands

display crypto-engine statistics

16-Security Command Reference

Crypto engine commands

crypto-engine accelerator enable gm-algorithm

Prerequisites

Compatibility description

Application scenarios

Restrictions and guidelines

display crypto-engine

display crypto-engine accelerator gm-algorithm status

display crypto-engine statistics

reset crypto-engine statistics

Cloud & AI

Intelligent Connection

Intelligent Computing

Intelligent Storage

Security

SMB Products

Intelligent Terminal Products

Industry Solutions

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Technical Blogs

Training & Certification

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Partner Business Management

Service Business

Profile

News & Events

Online Exhibition Center

Contact Us