Scroll to navigation

ICASTATS(1) icaststats user manual ICASTATS(1)

NAME

icastats - display statistic data for the libica cryptographic functions

SYNOPSIS

icastats [-v | --version] [-h | --help] [--reset-all | -R] [--reset | -r] [--delete-all |-D] [--delete | -d] [--all | -A] [--summary | -S] [[-U | --user] <username>]

DESCRIPTION

icastats displays statistic data about the usage of cryptographic functions provided by libica.
Libica is a cryptographic library supporting SHA, RSA, ECC, DES and AES in different modes of operations. The invocation of each call to all the cryptographic functions is tracked with individual counters which can be displayed and maintained with icastats.
Here is a shortened sample output:


function | # hardware | # software --------------+-----------------------+-------------------------
| ENC CRYPT DEC | ENC CRYPT DEC --------------|-----------------------|-------------------------
SHA-1 | 0 | 0
SHA-224 | 0 | 0
SHA-256 | 0 | 0
...
ECDSA Sign | 0 | 0
ECDSA Verify | 0 | 0
EC Keygen | 0 | 0
RSA-ME | 0 | 0
...
RSA-ME | 0 | 0
RSA-CRT | 0 | 0
...
AES CFB | 0 0 | 0 0
AES CTR | 0 0 | 0 0
AES CMAC | 0 0 | 0 0
AES XTS | 0 0 | 0 0
AES GCM | 0 0 | 0 0

For each cryptographic function the table shows the number of invocations where hardware support was involved or the libica fall back implementation in software was used. For the ciphering methods the invocation counter is further divided into encrypt and decrypt operation counter values.

All the counter values are stored and maintained in one shared memory page for each user. This memory area is created automatically with the first run of icastats and persists until it is explicitly removed (see the -d option) or system shut down. This also means that the statistical data shown with icastats is on a per user base and only the root user is able to see and maintain the collection of statistic data from libica at system scope.

Newer operating systems might remove these shared memory segments after the user has logged out from the system (systemd cleanup action). In this case all collected statistic data are gone. To prevent the statistic data from being removed you can configure the systemd to keep all shared memory segments after session exit by enabling the "RemoveIPC=no" paramater in "/etc/systemd/logind.conf". Alternatively you can setup the systemd user manager to enable user lingering by typing "loginctl enable-linger <user>".

Note that one single libica function may increase several different counters when internally using different hardware functions. For example, performing AES GCM on a z13 involves using the AES ECB, AES CTR and GHASH hardware functions. On a z14, the AES GCM counter increases to indicate the use of the KMA instruction. Depending on the input data, other counters may also increase. Therefore, by looking at the hardware counters, it is not possible to see how often a particular API function was called.

OPTIONS

show libica version and copyright
display this help and exit
reset the statistic data for each user that has a shared memory segment to zero (only root user)
reset the statistic data for the current user to zero
delete all shared memory segments from all users who have an icastats shared memory segment (only root user)
delete the libica shared memory area for the current user
show libica statistic data for each user in the system where a shared memory area exists in multiple tables (only root user)
show libica statistic data for each user in the system where a shared memory area exists in one table accumulating all the per user counter values (only root user)
show statistic values from the given user (only root user)

FILES

/shm/dev/icastats_<userid>

RETURN VALUE

1
unsupported or unknown argument, argument which requires root privileges given but not root user, failures at creating or attaching to the shared memory area ...
0
normal and sucessful program execution

SEE ALSO

icainfo (1)

2013-12-06 IBM