| ICASTATS(1) | icaststats user manual | ICASTATS(1) |
icastats - display statistic data for the libica cryptographic functions
icastats [-v | --version] [-h | --help] [--reset-all | -R] [--reset | -r] [--delete-all |-D] [--delete | -d] [--all | -A] [--summary | -S] [[-U | --user] <username>]
icastats displays statistic data about the usage of
cryptographic functions provided by libica.
Libica is a cryptographic library supporting SHA, RSA, ECC, DES and AES in
different modes of operations. The invocation of each call to all the
cryptographic functions is tracked with individual counters which can be
displayed and maintained with icastats.
Here is a shortened sample output:
function | # hardware | # software --------------+-----------------------+-------------------------
| ENC CRYPT DEC | ENC CRYPT DEC --------------|-----------------------|-------------------------
SHA-1 | 0 | 0
SHA-224 | 0 | 0
SHA-256 | 0 | 0
...
ECDSA Sign | 0 | 0
ECDSA Verify | 0 | 0
EC Keygen | 0 | 0
RSA-ME | 0 | 0
...
RSA-ME | 0 | 0
RSA-CRT | 0 | 0
...
AES CFB | 0 0 | 0 0
AES CTR | 0 0 | 0 0
AES CMAC | 0 0 | 0 0
AES XTS | 0 0 | 0 0
AES GCM | 0 0 | 0 0
For each cryptographic function the table shows the number of invocations where hardware support was involved or the libica fall back implementation in software was used. For the ciphering methods the invocation counter is further divided into encrypt and decrypt operation counter values.
All the counter values are stored and maintained in one shared memory page for each user. This memory area is created automatically with the first run of icastats and persists until it is explicitly removed (see the -d option) or system shut down. This also means that the statistical data shown with icastats is on a per user base and only the root user is able to see and maintain the collection of statistic data from libica at system scope.
Newer operating systems might remove these shared memory segments after the user has logged out from the system (systemd cleanup action). In this case all collected statistic data are gone. To prevent the statistic data from being removed you can configure the systemd to keep all shared memory segments after session exit by enabling the "RemoveIPC=no" paramater in "/etc/systemd/logind.conf". Alternatively you can setup the systemd user manager to enable user lingering by typing "loginctl enable-linger <user>".
Note that one single libica function may increase several different counters when internally using different hardware functions. For example, performing AES GCM on a z13 involves using the AES ECB, AES CTR and GHASH hardware functions. On a z14, the AES GCM counter increases to indicate the use of the KMA instruction. Depending on the input data, other counters may also increase. Therefore, by looking at the hardware counters, it is not possible to see how often a particular API function was called.
/shm/dev/icastats_<userid>
icainfo (1)
| 2013-12-06 | IBM |