hostap: add WPA2 EAP_TLS support

Add basic wpa2 EAP_TLS support. Support set CA/client cert and client key. Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
zephyrproject-rtos · Jul 29, 2024 · 10cc4b1 · 10cc4b1
1 parent 81ea7eb
commit 10cc4b1
Show file tree

Hide file tree

Showing 13 changed files with 656 additions and 5 deletions.
diff --git a/include/zephyr/net/wifi.h b/include/zephyr/net/wifi.h
@@ -118,6 +118,10 @@ const char *wifi_band_txt(enum wifi_frequency_bands band);
 #define WIFI_SAE_PSWD_MAX_LEN 128
 /** MAC address length */
 #define WIFI_MAC_ADDR_LEN 6
+/** Max enterprise identity length */
+#define WIFI_ENT_IDENTITY_MAX_LEN 64
+/** Max enterprise password length */
+#define WIFI_ENT_PSWD_MAX_LEN 128
 
 /** Minimum channel number */
 #define WIFI_CHANNEL_MIN 1

diff --git a/include/zephyr/net/wifi_mgmt.h b/include/zephyr/net/wifi_mgmt.h
@@ -95,6 +95,8 @@ enum net_request_wifi_cmd {
 	NET_REQUEST_WIFI_CMD_AP_CONFIG_PARAM,
 	/** Flush PMKSA cache entries */
 	NET_REQUEST_WIFI_CMD_PMKSA_FLUSH,
+	/** Set enterprise mode credential */
+	NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS,
 /** @cond INTERNAL_HIDDEN */
 	NET_REQUEST_WIFI_CMD_MAX
 /** @endcond */
@@ -214,6 +216,12 @@ NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_AP_CONFIG_PARAM);
 
 NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_PMKSA_FLUSH);
 
+/** Set Wi-Fi enterprise mode CA/client Cert and key */
+#define NET_REQUEST_WIFI_ENTERPRISE_CREDS                               \
+	(_NET_WIFI_BASE | NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS)
+
+NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_ENTERPRISE_CREDS);
+
 /** @brief Wi-Fi management events */
 enum net_event_wifi_cmd {
 	/** Scan results available */
@@ -418,6 +426,14 @@ struct wifi_connect_req_params {
 	uint8_t bssid[WIFI_MAC_ADDR_LEN];
 	/** Connect timeout in seconds, SYS_FOREVER_MS for no timeout */
 	int timeout;
+	/** anonymous identity */
+	const uint8_t *anon_id;
+	/** anon_id length */
+	uint8_t aid_length; /* Max 64 */
+	/** Private key passwd for enterprise mode */
+	const uint8_t *key_passwd;
+	/** Private key passwd length */
+	uint8_t key_passwd_length; /* Max 128 */
 };
 
 /** @brief Wi-Fi connect result codes. To be overlaid on top of \ref wifi_status
@@ -639,6 +655,22 @@ struct wifi_twt_flow_info {
 	uint32_t twt_wake_ahead_duration;
 };
 
+/** Wi-Fi enterprise mode credentials */
+struct wifi_enterprise_creds_params {
+	/** CA certification */
+	uint8_t *ca_cert;
+	/** CA certification length */
+	uint32_t ca_cert_len;
+	/** Client certification */
+	uint8_t *client_cert;
+	/** Client certification length */
+	uint32_t client_cert_len;
+	/** Client key */
+	uint8_t *client_key;
+	/** Client key length */
+	uint32_t client_key_len;
+};
+
 /** @brief Wi-Fi power save configuration */
 struct wifi_ps_config {
 	/** Number of TWT flows */
@@ -980,6 +1012,14 @@ struct wifi_mgmt_ops {
 	 * @return 0 if ok, < 0 if error
 	 */
 	int (*pmksa_flush)(const struct device *dev);
+	/** Set Wi-Fi enterprise mode CA/client Cert and key
+	 *
+	 * @param dev Pointer to the device structure for the driver instance.
+	 * @param creds Pointer to the CA/client Cert and key.
+	 *
+	 * @return 0 if ok, < 0 if error
+	 */
+	int (*enterprise_creds)(const struct device *dev, struct wifi_enterprise_creds_params *creds);
 };
 
 /** Wi-Fi management offload API */

diff --git a/modules/hostap/src/supp_api.c b/modules/hostap/src/supp_api.c
@@ -45,6 +45,10 @@ enum status_thread_state {
 
 #define DISCONNECT_TIMEOUT_MS 5000
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+static struct wifi_enterprise_creds_params enterprise_creds;
+#endif
+
 K_MUTEX_DEFINE(wpa_supplicant_mutex);
 
 extern struct k_work_q *get_workq(void);
@@ -323,6 +327,59 @@ static inline enum wifi_security_type wpas_key_mgmt_to_zephyr(int key_mgmt, int
 	}
 }
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+int supplicant_add_enterprise_creds(const struct device *dev, struct wifi_enterprise_creds_params *creds)
+{
+	int ret = 0;
+
+	if (!creds) {
+		ret = -1;
+		wpa_printf(MSG_ERROR, "enterprise creds is NULL");
+		goto out;
+	}
+
+	memcpy((void *)&enterprise_creds, (void *)creds, sizeof(struct wifi_enterprise_creds_params));
+
+out:
+	return ret;
+}
+
+static int wpas_config_process_blob(struct wpa_config *config, char *name, uint8_t *data,
+				uint32_t data_len)
+{
+	struct wpa_config_blob *blob;
+
+	if (!data || !data_len) {
+		return -1;
+	}
+
+	blob = os_zalloc(sizeof(*blob));
+	if (blob == NULL) {
+		return -1;
+	}
+
+	blob->data = os_zalloc(data_len);
+	if (blob->data == NULL) {
+		os_free(blob);
+		return -1;
+	}
+
+	blob->name = os_strdup(name);
+
+	if (blob->name == NULL) {
+		wpa_config_free_blob(blob);
+		return -1;
+	}
+
+	os_memcpy(blob->data, data, data_len);
+	blob->len = data_len;
+
+	wpa_config_set_blob(config, blob);
+
+	return 0;
+}
+#endif
+
 static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
 				       struct wifi_connect_req_params *params,
 				       bool mode_ap)
@@ -445,6 +502,66 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
 					goto out;
 				}
 			}
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+		} else if (params->security == WIFI_SECURITY_TYPE_EAP_TLS) {
+			if (!wpa_cli_cmd_v("set_network %d key_mgmt WPA-EAP",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d proto RSN",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d eap TLS",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d anonymous_identity \"%s\"",
+					   resp.network_id, params->anon_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "ca_cert",
+					   enterprise_creds.ca_cert,
+					   enterprise_creds.ca_cert_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d ca_cert \"blob://ca_cert\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "client_cert",
+					   enterprise_creds.client_cert,
+					   enterprise_creds.client_cert_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d client_cert \"blob://client_cert\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "private_key",
+					   enterprise_creds.client_key,
+					   enterprise_creds.client_key_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d private_key \"blob://private_key\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d private_key_passwd \"%s\"",
+					   resp.network_id, params->key_passwd)) {
+				goto out;
+			}
+#endif
 		} else {
 			ret = -1;
 			wpa_printf(MSG_ERROR, "Unsupported security type: %d",

diff --git a/modules/hostap/src/supp_api.h b/modules/hostap/src/supp_api.h
@@ -127,6 +127,17 @@ int supplicant_reg_domain(const struct device *dev, struct wifi_reg_domain *reg_
  */
 int supplicant_mode(const struct device *dev, struct wifi_mode_info *mode);
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+/** Set Wi-Fi enterprise mode CA/client Cert and key
+ *
+ * @param dev Pointer to the device structure for the driver instance
+ * @param file Pointer to the CA/client Cert and key.
+ *
+ * @return 0 if ok, < 0 if error
+ */
+int supplicant_add_enterprise_creds(const struct device *dev, struct wifi_enterprise_creds_params *creds);
+#endif
+
 /**
  * @brief Set Wi-Fi packet filter for sniffing operation
  *

diff --git a/modules/hostap/src/supp_main.c b/modules/hostap/src/supp_main.c
@@ -66,6 +66,7 @@ static const struct wifi_mgmt_ops mgmt_ops = {
 	.ap_sta_disconnect = supplicant_ap_sta_disconnect,
 #endif /* CONFIG_AP */
 	.pmksa_flush = supplicant_pmksa_flush,
+	.enterprise_creds = supplicant_add_enterprise_creds,
 };
 
 DEFINE_WIFI_NM_INSTANCE(wifi_supplicant, &mgmt_ops);

diff --git a/subsys/net/l2/wifi/CMakeLists.txt b/subsys/net/l2/wifi/CMakeLists.txt
@@ -8,6 +8,9 @@ zephyr_library_include_directories_ifdef(
 zephyr_library_compile_definitions_ifdef(
   CONFIG_NEWLIB_LIBC __LINUX_ERRNO_EXTENSIONS__
   )
+zephyr_library_include_directories_ifdef(
+  CONFIG_WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE test_certs
+  )
 
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_MGMT wifi_mgmt.c)
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_SHELL wifi_shell.c)

diff --git a/subsys/net/l2/wifi/test_certs/ca-cert.h b/subsys/net/l2/wifi/test_certs/ca-cert.h
@@ -0,0 +1,70 @@
+/**
+ * Copyright 2024 NXP
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+const unsigned char ca_cert_test[] = {
+    0x30, 0x82, 0x04, 0xa1, 0x30, 0x82, 0x03, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x39, 0x27, 0xf3, 0x9b,
+    0x20, 0x1e, 0xa5, 0xe3, 0xda, 0xdb, 0x44, 0x64, 0x0d, 0x71, 0x24, 0xb6, 0x8a, 0x94, 0x33, 0x64, 0x30, 0x0d, 0x06,
+    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02,
+    0x4d, 0x48, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x04, 0x50, 0x55, 0x4e, 0x45, 0x31, 0x0c,
+    0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x03, 0x4e, 0x58, 0x50, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x03, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x19, 0x30, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x09, 0x01, 0x16, 0x0a, 0x63, 0x61, 0x40, 0x6e, 0x78, 0x70, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x32,
+    0x33, 0x30, 0x33, 0x31, 0x35, 0x31, 0x34, 0x32, 0x33, 0x31, 0x33, 0x5a, 0x18, 0x0f, 0x33, 0x30, 0x32, 0x32, 0x30,
+    0x37, 0x31, 0x36, 0x31, 0x34, 0x32, 0x33, 0x31, 0x33, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x49, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x4d, 0x48,
+    0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x04, 0x50, 0x55, 0x4e, 0x45, 0x31, 0x0c, 0x30, 0x0a,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x03, 0x4e, 0x58, 0x50, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x02, 0x43, 0x41, 0x31, 0x19, 0x30, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+    0x16, 0x0a, 0x63, 0x61, 0x40, 0x6e, 0x78, 0x70, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0xa2, 0x30, 0x0d, 0x06,
+    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8f, 0x00, 0x30, 0x82,
+    0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0xdd, 0x70, 0x03, 0x4e, 0xb4, 0x53, 0xdf, 0x45, 0xfb, 0xf2, 0x9f, 0x74,
+    0x0b, 0x1e, 0x53, 0x0e, 0x98, 0x30, 0x5b, 0x68, 0x26, 0x8f, 0x59, 0xba, 0xfc, 0x3c, 0xd6, 0x80, 0x33, 0xd4, 0xf1,
+    0x16, 0x44, 0x42, 0xc7, 0x7e, 0x77, 0xfe, 0x0b, 0xae, 0x92, 0x50, 0x4c, 0x3b, 0xeb, 0x3f, 0x28, 0x53, 0x4d, 0xa0,
+    0x58, 0xad, 0xd9, 0x88, 0x4a, 0xd8, 0xac, 0x52, 0xfb, 0x35, 0x5a, 0x34, 0x07, 0xb9, 0x14, 0xd4, 0x0f, 0x3d, 0xa5,
+    0x7a, 0xa8, 0x44, 0x17, 0x9c, 0x97, 0xb6, 0x7f, 0x0e, 0x7a, 0x05, 0x33, 0x65, 0x58, 0x42, 0xf0, 0x61, 0xd8, 0x20,
+    0x1f, 0xaa, 0xc6, 0xdc, 0xcf, 0x6b, 0x50, 0xb5, 0x13, 0x55, 0x19, 0x3f, 0x57, 0x6d, 0x15, 0x8f, 0x33, 0xe9, 0x86,
+    0x98, 0x85, 0xdf, 0xb3, 0x72, 0x4b, 0x8b, 0xa1, 0xe3, 0xa9, 0xa5, 0x43, 0x84, 0xcd, 0x61, 0x6a, 0x61, 0xbc, 0x1a,
+    0xb9, 0xd6, 0x57, 0xaa, 0x53, 0x4e, 0xa3, 0x1c, 0x8a, 0xab, 0x81, 0x40, 0x84, 0xaa, 0x11, 0x55, 0xcf, 0x37, 0xb4,
+    0x69, 0xe5, 0x65, 0x59, 0x27, 0x74, 0x78, 0xfb, 0xa3, 0xf0, 0x1a, 0xa1, 0xdd, 0xaf, 0xd7, 0x5e, 0x65, 0x72, 0x99,
+    0x1b, 0x40, 0x44, 0x99, 0x9f, 0x67, 0x30, 0x5f, 0x12, 0x3c, 0xb7, 0x6a, 0x03, 0xe3, 0x35, 0x10, 0xc2, 0x02, 0x80,
+    0x66, 0x80, 0xc2, 0xa6, 0x50, 0x9a, 0x9a, 0xa1, 0xa1, 0xf3, 0xc4, 0x06, 0x3b, 0x87, 0x3f, 0xb3, 0x0a, 0x52, 0x4d,
+    0xb7, 0x3c, 0x8b, 0x8d, 0x17, 0x23, 0x4f, 0x4c, 0x27, 0x7d, 0x1c, 0xb2, 0xb2, 0x6c, 0x19, 0x0c, 0xef, 0x6c, 0xf2,
+    0x2a, 0xfc, 0x6a, 0x98, 0xb4, 0x7f, 0x46, 0xa2, 0xf2, 0xf1, 0x36, 0x46, 0xbf, 0x40, 0x06, 0x47, 0xf3, 0xdd, 0xa7,
+    0xe7, 0xe4, 0xef, 0xd3, 0x1e, 0xc5, 0x01, 0xb1, 0xb0, 0x1a, 0x8b, 0x86, 0x06, 0x5f, 0x66, 0xc4, 0x3a, 0xa5, 0x49,
+    0x09, 0xaa, 0xf6, 0x64, 0x51, 0x41, 0x14, 0x8a, 0x7b, 0x9c, 0x06, 0xfa, 0xff, 0x06, 0xa0, 0xf2, 0x12, 0xa9, 0xef,
+    0x14, 0x2d, 0xd3, 0x6e, 0xee, 0x0f, 0x35, 0x10, 0xb0, 0x7a, 0x1b, 0xbb, 0x58, 0x44, 0xe8, 0x18, 0x5c, 0xc0, 0x26,
+    0x1c, 0xfb, 0xc3, 0x80, 0x97, 0xc1, 0xae, 0x56, 0x44, 0xd1, 0x5e, 0xd8, 0xe1, 0x66, 0xfd, 0x43, 0xea, 0x3e, 0x1f,
+    0x88, 0x00, 0x73, 0xb1, 0x05, 0xd5, 0xbb, 0x70, 0xe6, 0xea, 0xab, 0x6a, 0x63, 0xe7, 0xa2, 0x3b, 0xad, 0x50, 0xe0,
+    0xc8, 0x79, 0x22, 0x71, 0x8d, 0x31, 0x5c, 0x7d, 0xf6, 0xea, 0x0b, 0x92, 0x7a, 0x1d, 0x46, 0xde, 0xf7, 0x33, 0x4d,
+    0xca, 0xb0, 0xa4, 0x81, 0x1b, 0xd8, 0xd3, 0xf1, 0x8d, 0xa7, 0xc1, 0xe2, 0x84, 0x24, 0x31, 0x19, 0x71, 0x8c, 0xe6,
+    0xfe, 0x5d, 0xdb, 0xcd, 0x8b, 0xae, 0xa3, 0x25, 0xdd, 0x2d, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30,
+    0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xc5, 0x31, 0x78, 0x1d, 0x4a, 0xde, 0xf0,
+    0x95, 0x0c, 0xdd, 0xd2, 0x21, 0x41, 0x2c, 0x8c, 0xfa, 0xc8, 0x20, 0x2d, 0xb1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+    0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc5, 0x31, 0x78, 0x1d, 0x4a, 0xde, 0xf0, 0x95, 0x0c, 0xdd, 0xd2, 0x21,
+    0x41, 0x2c, 0x8c, 0xfa, 0xc8, 0x20, 0x2d, 0xb1, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
+    0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0xb1, 0x1b, 0x2b, 0xdc, 0xf0, 0x60, 0x19, 0xa8, 0x83, 0xb9, 0x10, 0xc3,
+    0x69, 0x40, 0x52, 0x09, 0x14, 0x41, 0x85, 0x5c, 0x07, 0x73, 0xbc, 0x0f, 0x19, 0xae, 0xcd, 0x40, 0xb2, 0x88, 0x60,
+    0x12, 0x15, 0x49, 0x8a, 0x37, 0x82, 0xb5, 0x66, 0xa6, 0xea, 0x3e, 0x94, 0xe0, 0x17, 0x64, 0x1d, 0x9f, 0x40, 0x49,
+    0x03, 0x8e, 0x0b, 0x0d, 0x4e, 0x16, 0xdf, 0x3d, 0x0d, 0x1d, 0x79, 0xe5, 0xaf, 0xd0, 0x20, 0x48, 0xe2, 0x4b, 0x07,
+    0xc1, 0x3a, 0x23, 0x10, 0x21, 0xc2, 0x72, 0xe1, 0xb4, 0xd6, 0x78, 0xd8, 0xe5, 0xa9, 0xa8, 0x34, 0x2c, 0x74, 0x70,
+    0x09, 0x30, 0xb7, 0xbe, 0xde, 0x3e, 0x25, 0x02, 0x74, 0xfc, 0xe4, 0x1c, 0xfa, 0xb9, 0xa7, 0x70, 0x94, 0xfa, 0x52,
+    0x5f, 0x32, 0x73, 0x93, 0x1b, 0x1c, 0x11, 0xb4, 0xc6, 0x7a, 0xd9, 0x72, 0x18, 0xf5, 0x74, 0x06, 0xce, 0xb6, 0xb1,
+    0x0f, 0x5c, 0x45, 0x21, 0xca, 0x52, 0xda, 0x14, 0x50, 0x8a, 0x1a, 0x30, 0xbd, 0xd3, 0xed, 0x13, 0x10, 0x5c, 0x94,
+    0x93, 0xb0, 0x45, 0x46, 0x31, 0xbb, 0xb1, 0x61, 0xc8, 0xa9, 0xad, 0x91, 0xee, 0xe1, 0xea, 0xeb, 0x1f, 0x8e, 0x67,
+    0x22, 0xc4, 0x3a, 0x54, 0xd8, 0x52, 0xeb, 0xde, 0xcf, 0x6d, 0x72, 0x31, 0xaf, 0x75, 0x8c, 0xd2, 0x2c, 0xa8, 0x72,
+    0x8d, 0x1a, 0x35, 0x53, 0x4b, 0x10, 0x98, 0xc7, 0xd8, 0x3d, 0x59, 0x18, 0x24, 0xdf, 0x57, 0xe6, 0x31, 0x91, 0x55,
+    0x17, 0x2e, 0x40, 0x1d, 0x82, 0x34, 0xa6, 0x2d, 0x99, 0x23, 0x73, 0xd6, 0x1c, 0x2b, 0x66, 0xe2, 0x50, 0x18, 0xc2,
+    0x9d, 0x85, 0x32, 0x12, 0xac, 0x7e, 0x41, 0x76, 0x33, 0x39, 0x5b, 0x6d, 0x22, 0xd4, 0x0b, 0xb0, 0xc2, 0x26, 0x53,
+    0x72, 0x2c, 0x18, 0xbf, 0x45, 0x13, 0x8f, 0xce, 0xc8, 0x28, 0x3c, 0x6d, 0x13, 0x83, 0x02, 0x79, 0xe0, 0x38, 0xb7,
+    0x14, 0x74, 0x1e, 0xab, 0xc8, 0x9d, 0xad, 0xe2, 0x64, 0xae, 0x4f, 0x16, 0xd6, 0x60, 0xa1, 0x0d, 0x90, 0x11, 0xce,
+    0x9b, 0x9b, 0x51, 0xe0, 0xba, 0x7c, 0xa2, 0xb5, 0xfd, 0xa4, 0x40, 0x7f, 0xee, 0xaa, 0x5f, 0xf1, 0xbd, 0xf8, 0x04,
+    0x8f, 0x5a, 0x82, 0x50, 0x80, 0xf5, 0x27, 0x18, 0x8d, 0x37, 0x86, 0x35, 0xb5, 0xf2, 0xfa, 0x18, 0x71, 0x82, 0x24,
+    0x9a, 0xdd, 0x37, 0x1e, 0xf1, 0xee, 0xd8, 0xd2, 0x16, 0xf4, 0x93, 0xa7, 0x35, 0x46, 0xa0, 0x54, 0x1c, 0x3b, 0x7d,
+    0x77, 0x48, 0x4e, 0x76, 0x46, 0x27, 0x2d, 0x83, 0x40, 0x76, 0x66, 0x1b, 0x3c, 0x7b, 0x57, 0x68, 0x2d, 0x9d, 0x21,
+    0xa4, 0x70, 0xf5, 0xff, 0x58, 0xce, 0x3c, 0xf3, 0xc9, 0x67, 0x8c, 0x9d, 0x5a, 0x9c, 0xa0, 0x02, 0xf3, 0x0c, 0x44,
+    0x65, 0x1b, 0xe3, 0x51, 0x79, 0xcd, 0xf7, 0xb6, 0x66, 0xb3, 0x9d};
+unsigned int ca_cert_test_len = 1189;