Statistics from icastats

Use the libica icastats utility to find out whether libica uses hardware acceleration features or works with software fallbacks.

icastats collects the statistical data per user and not per system. The command also shows which specific functions of libica are used. For a standard user, icastats shows a statistics table with all cryptographic operations that are used by the user’s processes. For the root user, icastats provides statistics for all users or processes on the system using the --all option.

Example

To display the current use of libica functions issue:
# icastats

View an excerpt of a sample output produced by this command:


 function     |          # hardware      |       # software
--------------+--------------------------+-------------------------
              |       ENC    CRYPT   DEC |        ENC    CRYPT   DEC
--------------+--------------------------+-------------------------
        SHA-1 |               0          |                0
      SHA-224 |               0          |                0
          ... 
     SHA3-384 |             507          |                0
          ...
    SHAKE-256 |            8276          |                0
          ... 
        P_RNG |              55          |                0
 DRBG-SHA-512 |           29400          |                0
         ECDH |            4188          |                0
   ECDSA Sign |            1480          |                0
 ECDSA Verify |            1480          |                0       
    EC Keygen |             132          |                0
       RSA-ME |             351          |                1
      RSA-CRT |              64          |                0
      DES ECB |         0              0 |         0             0
      DES CBC |         0              0 |         0             0
          ...   
     AES CMAC |         0              0 |         0             0
      AES XTS |         0              0 |         0             0
      AES GCM |         0              0 |         0             0
 

Notes:

  • The libica self-tests may be performed whenever libica is loaded, for example, loaded by IBMCA. These self-tests also increase certain counters, thus not all non-zero counters displayed by icastats may actually be increased for cryptographic operations performed by IBMCA. Look for counters that keep increasing when IBMCA workload is performed.
  • If icastats shows counts for symmetric ciphers and hashes which cannot come from outside of OpenSSL, then IBMCA is configured in a non-optimal way.

For more information, read icastats - Show use of libica functions in the libica Programmer's Reference publication.

To monitor CPACF activity, you can use the cpacfstats command. For an example, see SSH usage scenario including HW support.