C H A P T E R 4 - Cryptographics Test (cryptotest)

C H A P T E R 4

Cryptographics Test (cryptotest)

The Encryption Framework in Solaris 10 provides a user level API for access to cryptographic accelerators. This API is based on the PKCS#11 standard. Cryptographic accelerators are referred to as PKCS#11 tokens, and each cryptographic algorithm the token accelerates is referred to as a mechanism.

cryptotest tests the mechanism supported by PKCS#11 tokens in Solaris 10.

cryptotest supports the Sun Cyrpto Accelerator 500, Sun Cyrpto Accelerator 1000, Sun Cyrpto Accelerator 4000, Niagara Crypto Provider, and all future cryptographic accelerators developed for Solaris 10 onward. PKCS documents and information are available at: hppt://www.rsasecurity.com/rsalabs/PKCS

TABLE 4-1 Definitions of the Mechanisms Tested by cryptotest
Algorithm	Description
DSA	Digital Signature Algorithm
DES	Data Encryption Standard as defined in FIPS PUB 46-3
MD5 RSA	Data Security MD5 message-digest algorithm.
RSA	Public key cryptosystem.
SHA1	The Secure Hash Algorithm.
RNG	Random Number Generator Algorithm.

cryptotest Subtests

TABLE 4-2 cryptotest Subtests
Subtest	Description
DES	Tests DES bulk encryption
`3DES`	Tests 3DES bulk encryption
`RSA`	Tests RSA public and private keys
`DSA`	Tests DSA signature verification
`RNG`	Tests random number generation

cryptotest Options

To reach the dialog box below, right-click on the test name in the System Map and select Test Parameter Options. Because graphics test can test multiple types of frame buffers, the test name that is displayed will correspond to the particular framebuffer being tested. If you do not see this test in the System Map, you might need to expand the collapsed groups, or your system may not include the device appropriate to this test. Refer to the SunVTS User's Guide.

Screenshot of the cryptotest Test Parameter Options dialog box for dcatest FIGURE 4-1 dcatest Test Parameter Options Dialog Box

TABLE 4-3 dcatest Options
Option	Description
DES	Tests DES bulk encryption
3DES	Tests 3DES bulk encryption
RSA	Tests RSA public and private keys
DSA	Tests DSA signature verification
RNG	Tests random number generation

Screenshot of the cryptotest Test Parameter Options dialog box for vcatest FIGURE 4-2 vcatest Test Parameter Options Dialog Box

TABLE 4-4 vcatest Options
Option	Description
DES	Tests DES bulk encryption
3DES	Tests 3DES bulk encryption
MD5	Data Security MD5 message-digest algorithm.
SHA1	The Secure Hash Algorithm.
RSA	Tests RSA public and private keys
DSA	Tests DSA signature verification
RNG	Tests random number generation

cryptotest Test Modes

TABLE 4-5 cryptotest Supported Test Modes
Test Mode	Description
Functional	Runs the full set of tests.

cryptotest Command Line Syntax for dcatest

/opt/SUNWvts/bin/sparcv9/cryptotest -f -o dev=vca2|dca2, tl=RSA+DSA

TABLE 4-6 cryptotest Command Line Syntax for dcatest
Option	Description
`dev=dca`N	Specifies the instance of the device to test such as `dca0` or `dca2`. Defaults to `dca0` if not included. Note that `N` specifies the placement of the instance number of the device being tested.
`tl`=testlist	Specifies the list of subtests to be performed. The subtests for `tl` are separated by the + (plus) character. The supported subtests are DES, 3DES, DSA, RSA, and RNG, so `tl=DES+3DES+DSA+RSA+MD5+SHA1+RNG` enables all subtests. You can also insert `tl=all` which performs all tests. Defaults to `all` if no subtests are specified.

cryptotest Command Line Syntax for vcatest

/opt/SUNWvts/bin/sparcv9/cryptotest -f -o dev=vca2, tl=RSA+DSA

TABLE 4-7 cryptotest Command Line Syntax for vcatest
Option	Description
`dev=vca`N	Specifies the instance of the device to test such as `vca0` or `vca2`. Defaults to `vca0` if not included. Note that `N` specifies the placement of the instance number of the device being tested.
`tl`=testlist	Specifies the list of subtests to be performed. The subtests for `tl` are separated by the + (plus) character. The supported subtests are DES, 3DES, DSA, RSA, and RNG, so `tl=DES+3DES+DSA+RSA+MD5+SHA1+RNG` enables all subtests. You can also insert `tl=all` which performs all tests. Defaults to `all` if no subtests are specified.

Note - 64-bit tests are located in the /bin/64 directory, or the relative path in which you installed SunVTS. If a test is not present in this directory, then it might be available as a 32-bit test only. For more information, see 32-Bit and 64-Bit Tests.