The different cipher handle allocation functions allow the specification of a type and mask flag. Both parameters have the following meaning (and are therefore not covered in the subsequent sections).
The type flag specifies the type of the cipher algorithm. The caller usually provides a 0 when the caller wants the default handling. Otherwise, the caller may provide the following selections which match the the aforementioned cipher types:
CRYPTO_ALG_TYPE_CIPHER Single block cipher
CRYPTO_ALG_TYPE_COMPRESS Compression
CRYPTO_ALG_TYPE_AEAD Authenticated Encryption with Associated Data (MAC)
CRYPTO_ALG_TYPE_BLKCIPHER Synchronous multi-block cipher
CRYPTO_ALG_TYPE_ABLKCIPHER Asynchronous multi-block cipher
CRYPTO_ALG_TYPE_GIVCIPHER Asynchronous multi-block cipher packed together with an IV generator (see geniv field in the /proc/crypto listing for the known IV generators)
CRYPTO_ALG_TYPE_DIGEST Raw message digest
CRYPTO_ALG_TYPE_HASH Alias for CRYPTO_ALG_TYPE_DIGEST
CRYPTO_ALG_TYPE_SHASH Synchronous multi-block hash
CRYPTO_ALG_TYPE_AHASH Asynchronous multi-block hash
CRYPTO_ALG_TYPE_RNG Random Number Generation
CRYPTO_ALG_TYPE_PCOMPRESS Enhanced version of CRYPTO_ALG_TYPE_COMPRESS allowing for segmented compression / decompression instead of performing the operation on one segment only. CRYPTO_ALG_TYPE_PCOMPRESS is intended to replace CRYPTO_ALG_TYPE_COMPRESS once existing consumers are converted.
The mask flag restricts the type of cipher. The only allowed flag is CRYPTO_ALG_ASYNC to restrict the cipher lookup function to asynchronous ciphers. Usually, a caller provides a 0 for the mask flag.
When the caller provides a mask and type specification, the caller limits the search the kernel crypto API can perform for a suitable cipher implementation for the given cipher name. That means, even when a caller uses a cipher name that exists during its initialization call, the kernel crypto API may not select it due to the used type and mask field.