/** Generate a new session ticket * * Signs the administrator configured key, using the private key associated with the * SSL context, then hashes the signature to get a key of an appropriate length, * which is fed to the hmac and encryption contexts for the session ticket. * * @param out Where to write the derived session ticket key. * @param pkey used to the create the signature. * @param key to be signed using the private key, then hashed. * @param keylen length of key to be signed. * @return 0 on success, -1 on failure. */ static int tls_session_ticket_key(uint8_t out[SHA256_DIGEST_LENGTH], EVP_PKEY *pkey, uint8_t const *key, size_t keylen) { int ret; const EVP_MD *md = EVP_sha256(); EVP_MD_CTX mdctx; unsigned int outlen; uint8_t *sig; EVP_MD_CTX_init(&mdctx); ret = EVP_DigestInit(&mdctx, md); if (ret != 1) { ERROR("Failed initialising digest: %s", ERR_error_string(ERR_get_error(), NULL)); return -1; } ret = EVP_SignInit(&mdctx, md); if (ret != 1) { ERROR("Failed initialising signing context: %s", ERR_error_string(ERR_get_error(), NULL)); error: EVP_MD_CTX_cleanup(&mdctx); return -1; } ret = EVP_SignUpdate(&mdctx, key, keylen); if (ret != 1) { ERROR("Failed signing key: %s", ERR_error_string(ERR_get_error(), NULL)); goto error; } ret = EVP_SignFinal(&mdctx, NULL, &outlen, pkey); if (ret != 1) { ERROR("Failed finalising digest signature: %s", ERR_error_string(ERR_get_error(), NULL)); goto error; } MEM(sig = talloc_array(NULL, uint8_t, outlen)); ret = EVP_SignFinal(&mdctx, sig, &outlen, pkey); if (ret != 1) { ERROR("Failed finalising digest signature: %s", ERR_error_string(ERR_get_error(), NULL)); goto error; } EVP_MD_CTX_cleanup(&mdctx); EVP_MD_CTX_init(&mdctx); ret = EVP_DigestInit(&mdctx, md); if (ret != 1) { ERROR("Failed initialising digest: %s", ERR_error_string(ERR_get_error(), NULL)); talloc_free(sig); goto error; } ret = EVP_DigestUpdate(&mdctx, sig, outlen); if (ret != 1) { ERROR("Failed updating digest: %s", ERR_error_string(ERR_get_error(), NULL)); talloc_free(sig); goto error; } ret = EVP_DigestFinal(&mdctx, out, NULL); talloc_free(sig); if (ret != 1) { ERROR("Failed updating digest: %s", ERR_error_string(ERR_get_error(), NULL)); goto error; } return 0; } Anyone have opinions on this? The idea is to allow multiple RADIUS servers to calculate the same key independently without a common store, and to ensure that the derived keys are sufficiently complex, regardless of what the administrator configures. There's no standard for this that i've seen, nor is there a situation that I can see where deploying heterogeneous RADIUS servers in a HA cluster is useful. RFC5077 recommends periodic key rotations, which is possible, as 'key', is the result of a template expansion, which could be an xlat, attr ref or exec. I've confirmed that if an incorrect key is provided via the SSL_CTX_set_tlsext_ticket_key_cb that auth continues normally as if no ticket had been presented, and a new ticket is generated. -Arran Tue Mar 31 05:57:15 2015 : Debug: (5) eap_peap: New session ticket: 0x6e8b68c6803654c78bf7e6db15d7ea00 Tue Mar 31 05:57:15 2015 : Debug: (5) eap_peap: Session ticket key: 0x35 Tue Mar 31 05:57:15 2015 : Debug: (5) eap_peap: Session ticket key (derived): 0x11ab45219b8ebafac633475ac0a9be597055b26a27c4d196ff542fa6834a860b Tue Mar 31 05:57:15 2015 : Debug: (5) eap_peap: TLS_accept: SSLv3 write session ticket A Tue Mar 31 05:57:15 2015 : Debug: (13) eap_peap: Got session ticket: 0x6e8b68c6803654c78bf7e6db15d7ea00 Tue Mar 31 05:57:15 2015 : Debug: (13) eap_peap: Session ticket key: 0x3133 Tue Mar 31 05:57:15 2015 : Debug: (13) eap_peap: Session ticket key (derived): 0x9a12beeaf8d3a9ed30d50e065c21e2260a62f9bbabd16616873f3923cb8e90a1 Tue Mar 31 05:57:15 2015 : Debug: (16) eap_peap: New session ticket: 0x6928501f7ea2e7cfddc26da251f6d7f2 Tue Mar 31 05:57:15 2015 : Debug: (16) eap_peap: Session ticket key: 0x3136 Tue Mar 31 05:57:15 2015 : Debug: (16) eap_peap: Session ticket key (derived): 0x5979e02312c1b500bd32f3a5ad785c19e4a9f1d0ba4b4c8083b39252ea216ce9 Tue Mar 31 05:57:15 2015 : Debug: (16) eap_peap: TLS_accept: SSLv3 write session ticket A Tue Mar 31 05:57:15 2015 : Debug: (24) eap_peap: Got session ticket: 0x6928501f7ea2e7cfddc26da251f6d7f2 Tue Mar 31 05:57:15 2015 : Debug: (24) eap_peap: Session ticket key: 0x3234 Tue Mar 31 05:57:15 2015 : Debug: (24) eap_peap: Session ticket key (derived): 0x31e2bb458f5d9ef76d0a7d63696e3b33d1f57d1e4ef5a3f2f6d880d6135b8b4a Tue Mar 31 05:57:15 2015 : Debug: (27) eap_peap: New session ticket: 0x62a418806a4c58025628864c5b3a8af0 Tue Mar 31 05:57:15 2015 : Debug: (27) eap_peap: Session ticket key: 0x3237 Tue Mar 31 05:57:15 2015 : Debug: (27) eap_peap: Session ticket key (derived): 0x6c09a944a07cece8fef510427b41041d831f2dd8d8430e9be49e9bb1233ad32f Tue Mar 31 05:57:15 2015 : Debug: (27) eap_peap: TLS_accept: SSLv3 write session ticket A Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2