A cipher is referenced by the caller with a string. That string has the following semantics:
template(single block cipher)
where "template" and "single block cipher" is the aforementioned template and single block cipher, respectively. If applicable, additional templates may enclose other templates, such as
template1(template2(single block cipher)))
The kernel crypto API may provide multiple implementations of a template or a single block cipher. For example, AES on newer Intel hardware has the following implementations: AES-NI, assembler implementation, or straight C. Now, when using the string "aes" with the kernel crypto API, which cipher implementation is used? The answer to that question is the priority number assigned to each cipher implementation by the kernel crypto API. When a caller uses the string to refer to a cipher during initialization of a cipher handle, the kernel crypto API looks up all implementations providing an implementation with that name and selects the implementation with the highest priority.
Now, a caller may have the need to refer to a specific cipher implementation and thus does not want to rely on the priority-based selection. To accommodate this scenario, the kernel crypto API allows the cipher implementation to register a unique name in addition to common names. When using that unique name, a caller is therefore always sure to refer to the intended cipher implementation.
The list of available ciphers is given in /proc/crypto. However, that list does not specify all possible permutations of templates and ciphers. Each block listed in /proc/crypto may contain the following information -- if one of the components listed as follows are not applicable to a cipher, it is not displayed:
name: the generic name of the cipher that is subject to the priority-based selection -- this name can be used by the cipher allocation API calls (all names listed above are examples for such generic names)
driver: the unique name of the cipher -- this name can be used by the cipher allocation API calls
module: the kernel module providing the cipher implementation (or "kernel" for statically linked ciphers)
priority: the priority value of the cipher implementation
refcnt: the reference count of the respective cipher (i.e. the number of current consumers of this cipher)
selftest: specification whether the self test for the cipher passed
type:
blkcipher for synchronous block ciphers
ablkcipher for asynchronous block ciphers
cipher for single block ciphers that may be used with an additional template
shash for synchronous message digest
ahash for asynchronous message digest
aead for AEAD cipher type
compression for compression type transformations
rng for random number generator
givcipher for cipher with associated IV generator (see the geniv entry below for the specification of the IV generator type used by the cipher implementation)
blocksize: blocksize of cipher in bytes
keysize: key size in bytes
ivsize: IV size in bytes
seedsize: required size of seed data for random number generator
digestsize: output size of the message digest
geniv: IV generation type:
eseqiv for encrypted sequence number based IV generation
seqiv for sequence number based IV generation
chainiv for chain iv generation
<builtin> is a marker that the cipher implements IV generation and handling as it is specific to the given cipher