table of contents
- bookworm 3.9.0-1
- testing 3.9.0-1+b1
- unstable 3.9.0-2
- experimental 4.3.1-1
ICASTATS(1) | icaststats user manual | ICASTATS(1) |
NAME¶
icastats - display statistic data for the libica cryptographic functions
SYNOPSIS¶
icastats [-v | --version] [-h | --help] [--reset-all | -R] [--reset | -r] [--delete-all |-D] [--delete | -d] [--all | -A] [--summary | -S] [[-U | --user] <username>]
DESCRIPTION¶
icastats displays statistic data about the usage of
cryptographic functions provided by libica.
Libica is a cryptographic library supporting SHA, RSA, ECC, DES and AES in
different modes of operations. The invocation of each call to all the
cryptographic functions is tracked with individual counters which can be
displayed and maintained with icastats.
Here is a shortened sample output:
function | # hardware | # software --------------+-----------------------+-------------------------
| ENC CRYPT DEC | ENC CRYPT DEC --------------|-----------------------|-------------------------
SHA-1 | 0 | 0
SHA-224 | 0 | 0
SHA-256 | 0 | 0
...
ECDSA Sign | 0 | 0
ECDSA Verify | 0 | 0
EC Keygen | 0 | 0
RSA-ME | 0 | 0
...
RSA-ME | 0 | 0
RSA-CRT | 0 | 0
...
AES CFB | 0 0 | 0 0
AES CTR | 0 0 | 0 0
AES CMAC | 0 0 | 0 0
AES XTS | 0 0 | 0 0
AES GCM | 0 0 | 0 0
For each cryptographic function the table shows the number of invocations where hardware support was involved or the libica fall back implementation in software was used. For the ciphering methods the invocation counter is further divided into encrypt and decrypt operation counter values.
All the counter values are stored and maintained in one shared memory page for each user. This memory area is created automatically with the first run of icastats and persists until it is explicitly removed (see the -d option) or system shut down. This also means that the statistical data shown with icastats is on a per user base and only the root user is able to see and maintain the collection of statistic data from libica at system scope.
Newer operating systems might remove these shared memory segments after the user has logged out from the system (systemd cleanup action). In this case all collected statistic data are gone. To prevent the statistic data from being removed you can configure the systemd to keep all shared memory segments after session exit by enabling the "RemoveIPC=no" paramater in "/etc/systemd/logind.conf". Alternatively you can setup the systemd user manager to enable user lingering by typing "loginctl enable-linger <user>".
Note that one single libica function may increase several different counters when internally using different hardware functions. For example, performing AES GCM on a z13 involves using the AES ECB, AES CTR and GHASH hardware functions. On a z14, the AES GCM counter increases to indicate the use of the KMA instruction. Depending on the input data, other counters may also increase. Therefore, by looking at the hardware counters, it is not possible to see how often a particular API function was called.
OPTIONS¶
- -v or --version
- show libica version and copyright
- -h or --help
- display this help and exit
- -R or --reset-all
- reset the statistic data for each user that has a shared memory segment to zero (only root user)
- -r or --reset
- reset the statistic data for the current user to zero
- -D or --delete-all
- delete all shared memory segments from all users who have an icastats shared memory segment (only root user)
- -d or --delete
- delete the libica shared memory area for the current user
- -A or --all
- show libica statistic data for each user in the system where a shared memory area exists in multiple tables (only root user)
- -S or --summary
- show libica statistic data for each user in the system where a shared memory area exists in one table accumulating all the per user counter values (only root user)
- -U <username> or --user <username>
- show statistic values from the given user (only root user)
FILES¶
/shm/dev/icastats_<userid>
RETURN VALUE¶
- 1
- unsupported or unknown argument, argument which requires root privileges given but not root user, failures at creating or attaching to the shared memory area ...
- 0
- normal and sucessful program execution
SEE ALSO¶
icainfo (1)
2013-12-06 | IBM |