1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun #ifndef _CRYPTO_FIPS140_EVAL_TESTING_H 4*4882a593Smuzhiyun #define _CRYPTO_FIPS140_EVAL_TESTING_H 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun #include <linux/ioctl.h> 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun /* 9*4882a593Smuzhiyun * This header defines the ioctls that are available on the fips140 character 10*4882a593Smuzhiyun * device. These ioctls expose some of the module's services to userspace so 11*4882a593Smuzhiyun * that they can be tested by the FIPS certification lab; this is a required 12*4882a593Smuzhiyun * part of getting a FIPS 140 certification. These ioctls do not have any other 13*4882a593Smuzhiyun * purpose, and they do not need to be present in production builds. 14*4882a593Smuzhiyun */ 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun /* 17*4882a593Smuzhiyun * Call the fips140_is_approved_service() function. The argument must be the 18*4882a593Smuzhiyun * service name as a NUL-terminated string. The return value will be 1 if 19*4882a593Smuzhiyun * fips140_is_approved_service() returned true, or 0 if it returned false. 20*4882a593Smuzhiyun */ 21*4882a593Smuzhiyun #define FIPS140_IOCTL_IS_APPROVED_SERVICE _IO('F', 0) 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun /* 24*4882a593Smuzhiyun * Call the fips140_module_version() function. The argument must be a pointer 25*4882a593Smuzhiyun * to a buffer of size >= 256 chars. The NUL-terminated string returned by 26*4882a593Smuzhiyun * fips140_module_version() will be written to this buffer. 27*4882a593Smuzhiyun */ 28*4882a593Smuzhiyun #define FIPS140_IOCTL_MODULE_VERSION _IOR('F', 1, char[256]) 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun #endif /* _CRYPTO_FIPS140_EVAL_TESTING_H */ 31