From 30ca2923de8a221fdacf41ab104671b19f7c43ac Mon Sep 17 00:00:00 2001
From: mtu <maxence.tury@ssi.gouv.fr>
Date: Wed, 23 Aug 2017 16:48:30 +0200
Subject: [PATCH] Replace TLS prints with logging
---
scapy/layers/tls/automaton.py | 4 ++--
scapy/layers/tls/automaton_srv.py | 4 ++--
scapy/layers/tls/handshake.py | 15 ++++++++-------
scapy/layers/tls/handshake_sslv2.py | 8 ++++----
scapy/layers/tls/keyexchange_tls13.py | 10 +++++-----
scapy/layers/tls/record.py | 8 ++++----
scapy/layers/tls/record_sslv2.py | 4 ++--
scapy/layers/tls/record_tls13.py | 4 ++--
scapy/layers/tls/session.py | 18 +++++++++---------
9 files changed, 38 insertions(+), 37 deletions(-)
diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py
index 0e5d8457..b93f9afe 100644
--- a/scapy/layers/tls/automaton.py
+++ b/scapy/layers/tls/automaton.py
@@ -7,7 +7,7 @@
The _TLSAutomaton class provides methods common to both TLS client and server.
"""
-from __future__ import print_function
+import logging
import struct
from scapy.automaton import Automaton
@@ -219,5 +219,5 @@ class _TLSAutomaton(Automaton):
def vprint(self, s=""):
if self.verbose:
- print("> %s" % s)
+ logging.info("> %s" % s)
diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py
index f1f1a6f0..852f4bd0 100644
--- a/scapy/layers/tls/automaton_srv.py
+++ b/scapy/layers/tls/automaton_srv.py
@@ -788,14 +788,14 @@ class TLSServerAutomaton(_TLSAutomaton):
self.buffer_in = self.buffer_in[1:]
if hasattr(p, "load"):
cli_data = p.load
- self.vprint("Received: %s" % cli_data)
+ print("> Received: %s" % cli_data)
if cli_data.startswith("goodbye"):
self.vprint()
self.vprint("Seems like the client left...")
raise self.WAITING_CLIENT()
else:
cli_data = str(p)
- self.vprint("Received: %r" % p)
+ print("> Received: %r" % p)
lines = cli_data.split("\n")
stop = False
diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py
index 8e612041..b6c4e21e 100644
--- a/scapy/layers/tls/handshake.py
+++ b/scapy/layers/tls/handshake.py
@@ -10,7 +10,8 @@ This module covers the handshake TLS subprotocol, except for the key exchange
mechanisms which are addressed with keyexchange.py.
"""
-from __future__ import absolute_import, print_function
+from __future__ import absolute_import
+import logging
import math
from scapy.error import warning
@@ -715,7 +716,7 @@ class TLSServerKeyExchange(_TLSHandshake):
"""
s = self.tls_session
if s.prcs and s.prcs.key_exchange.no_ske:
- print("USELESS SERVER KEY EXCHANGE")
+ logging.info("USELESS SERVER KEY EXCHANGE")
if (s.prcs and
not s.prcs.key_exchange.anonymous and
s.client_random and s.server_random and
@@ -723,7 +724,7 @@ class TLSServerKeyExchange(_TLSHandshake):
m = s.client_random + s.server_random + str(self.params)
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- print("INVALID SERVER KEY EXCHANGE SIGNATURE")
+ logging.info("INVALID SERVER KEY EXCHANGE SIGNATURE")
###############################################################################
@@ -855,13 +856,13 @@ class TLSCertificateVerify(_TLSHandshake):
if s.client_certs and len(s.client_certs) > 0:
sig_test = self.sig._verify_sig(m, s.client_certs[0])
if not sig_test:
- print("INVALID CERTIFICATE VERIFY SIGNATURE")
+ logging.info("INVALID CERTIFICATE VERIFY SIGNATURE")
elif s.connection_end == "client":
# should be TLS 1.3 only
if s.server_certs and len(s.server_certs) > 0:
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- print("INVALID CERTIFICATE VERIFY SIGNATURE")
+ logging.info("INVALID CERTIFICATE VERIFY SIGNATURE")
###############################################################################
@@ -964,12 +965,12 @@ class TLSFinished(_TLSHandshake):
verify_data = s.rcs.prf.compute_verify_data(con_end, "read",
handshake_msg, ms)
if self.vdata != verify_data:
- print("INVALID TLS FINISHED RECEIVED")
+ logging.info("INVALID TLS FINISHED RECEIVED")
elif s.tls_version >= 0x0304:
con_end = s.connection_end
verify_data = s.compute_tls13_verify_data(con_end, "read")
if self.vdata != verify_data:
- print("INVALID TLS FINISHED RECEIVED")
+ logging.info("INVALID TLS FINISHED RECEIVED")
def post_build_tls_session_update(self, msg_str):
self.tls_session_update(msg_str)
diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py
index 43ad7450..fd682593 100644
--- a/scapy/layers/tls/handshake_sslv2.py
+++ b/scapy/layers/tls/handshake_sslv2.py
@@ -6,7 +6,7 @@
SSLv2 handshake fields & logic.
"""
-from __future__ import print_function
+import logging
import math
from scapy.error import warning
@@ -401,7 +401,7 @@ class SSLv2ServerVerify(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_challenge is not None:
if self.challenge != s.sslv2_challenge:
- print("INVALID TLS SERVER VERIFY RECEIVED")
+ logging.info("INVALID TLS SERVER VERIFY RECEIVED")
###############################################################################
@@ -477,7 +477,7 @@ class SSLv2ClientCertificate(_SSLv2Handshake):
s.server_certs[0].der)
sig_test = self.responsedata._verify_sig(m, s.client_certs[0])
if not sig_test:
- print("INVALID CLIENT CERTIFICATE VERIFY SIGNATURE")
+ logging.info("INVALID CLIENT CERTIFICATE VERIFY SIGNATURE")
def tls_session_update(self, msg_str):
super(SSLv2ClientCertificate, self).tls_session_update(msg_str)
@@ -508,7 +508,7 @@ class SSLv2ClientFinished(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_connection_id is not None:
if self.connection_id != s.sslv2_connection_id:
- print("INVALID TLS CLIENT FINISHED RECEIVED")
+ logging.info("INVALID TLS CLIENT FINISHED RECEIVED")
class SSLv2ServerFinished(_SSLv2Handshake):
diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py
index 07202a51..27e790fe 100644
--- a/scapy/layers/tls/keyexchange_tls13.py
+++ b/scapy/layers/tls/keyexchange_tls13.py
@@ -6,7 +6,7 @@
TLS 1.3 key exchange logic.
"""
-from __future__ import print_function
+import logging
import math
from scapy.config import conf, crypto_validator
@@ -141,7 +141,7 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
for kse in self.client_shares:
if kse.privkey:
if _tls_named_curves[kse.group] in privshares:
- print("Group %s used twice in the same ClientHello!" % kse.group)
+ logging.info("Group %s used twice in the same ClientHello!" % kse.group)
break
privshares[_tls_named_groups[kse.group]] = kse.privkey
return super(TLS_Ext_KeyShare_CH, self).post_build(pkt, pay)
@@ -152,7 +152,7 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
if kse.pubkey:
pubshares = self.tls_session.tls13_client_pubshares
if _tls_named_curves[kse.group] in pubshares:
- print("Group %s used twice in the same ClientHello!" % kse.group)
+ logging.info("Group %s used twice in the same ClientHello!" % kse.group)
break
pubshares[_tls_named_curves[kse.group]] = kse.pubkey
return super(TLS_Ext_KeyShare_CH, self).post_dissection(r)
@@ -176,7 +176,7 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a privkey, we assume the crypto library is ok
privshare = self.tls_session.tls13_server_privshare
if len(privshare) > 0:
- print("Server key share was already stored...?")
+ logging.info("Server key share was already stored...?")
group_name = _tls_named_groups[self.server_share.group]
privshare[group_name] = self.server_share.privkey
@@ -198,7 +198,7 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a pubkey, we assume the crypto library is ok
pubshare = self.tls_session.tls13_server_pubshare
if len(pubshare) > 0:
- print("Server key share was already stored...?")
+ logging.info("Server key share was already stored...?")
group_name = _tls_named_groups[self.server_share.group]
pubshare[group_name] = self.server_share.pubkey
diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py
index ab9d293c..76c7f656 100644
--- a/scapy/layers/tls/record.py
+++ b/scapy/layers/tls/record.py
@@ -12,7 +12,7 @@ ApplicationData submessages. For the Handshake type, see tls_handshake.py.
See the TLS class documentation for more information.
"""
-from __future__ import print_function
+import logging
import struct
from scapy.config import conf
@@ -303,7 +303,7 @@ class TLS(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- print("INTEGRITY CHECK FAILED")
+ logging.info("INTEGRITY CHECK FAILED")
return e.args
def _tls_decrypt(self, s):
@@ -424,7 +424,7 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ logging.info("INTEGRITY CHECK FAILED")
elif cipher_type == 'stream':
# Decrypt
@@ -448,7 +448,7 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ logging.info("INTEGRITY CHECK FAILED")
elif cipher_type == 'aead':
# Authenticated encryption
diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py
index b348b924..a8085bfc 100644
--- a/scapy/layers/tls/record_sslv2.py
+++ b/scapy/layers/tls/record_sslv2.py
@@ -6,7 +6,7 @@
SSLv2 Record.
"""
-from __future__ import print_function
+import logging
import struct
from scapy.config import conf
@@ -140,7 +140,7 @@ class SSLv2(TLS):
# Verify integrity
is_mac_ok = self._sslv2_mac_verify(cfrag + pad, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ logging.info("INTEGRITY CHECK FAILED")
reconstructed_body = mac + cfrag + pad
return hdr + reconstructed_body + r
diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py
index 45015dd8..28432bb6 100644
--- a/scapy/layers/tls/record_tls13.py
+++ b/scapy/layers/tls/record_tls13.py
@@ -11,7 +11,7 @@ ApplicationData submessages. For the Handshake type, see tls_handshake.py.
See the TLS class documentation for more information.
"""
-from __future__ import print_function
+import logging
import struct
from scapy.config import conf
@@ -117,7 +117,7 @@ class TLS13(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- print("INTEGRITY CHECK FAILED")
+ logging.info("INTEGRITY CHECK FAILED")
return e.args
def pre_dissect(self, s):
diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py
index 826c21e6..de8d69f8 100644
--- a/scapy/layers/tls/session.py
+++ b/scapy/layers/tls/session.py
@@ -7,7 +7,7 @@
TLS session handler.
"""
-from __future__ import print_function
+import logging
import random
import socket
import struct
@@ -109,7 +109,7 @@ class connState(object):
def debug_repr(self, name, secret):
if conf.debug_tls and secret:
- print("%s %s %s: %s" % (self.connection_end,
+ logging.debug("%s %s %s: %s" % (self.connection_end,
self.row,
name,
repr_hex(secret)))
@@ -526,7 +526,7 @@ class tlsSession(object):
self.server_random)
self.master_secret = ms
if conf.debug_tls:
- print("master secret: %s" % repr_hex(ms))
+ logging.debug("master secret: %s" % repr_hex(ms))
def compute_ms_and_derive_keys(self):
self.compute_master_secret()
@@ -554,8 +554,8 @@ class tlsSession(object):
2*self.pwcs.cipher.key_len)
self.sslv2_key_material = km
if conf.debug_tls:
- print("master secret: %s" % repr_hex(self.master_secret))
- print("key material: %s" % repr_hex(km))
+ logging.debug("master secret: %s" % repr_hex(self.master_secret))
+ logging.debug("key material: %s" % repr_hex(km))
def compute_sslv2_km_and_derive_keys(self):
self.compute_sslv2_key_material()
@@ -931,7 +931,7 @@ class _tls_sessions(object):
def add(self, session):
s = self.find(session)
if s:
- print("TLS session already exists. Not adding...")
+ logging.info("TLS session already exists. Not adding...")
return
h = session.hash()
@@ -943,7 +943,7 @@ class _tls_sessions(object):
def rem(self, session):
s = self.find(session)
if s:
- print("TLS session does not exist. Not removing...")
+ logging.info("TLS session does not exist. Not removing...")
return
h = session.hash()
@@ -955,10 +955,10 @@ class _tls_sessions(object):
for k in self.sessions[h]:
if k.eq(session):
if conf.tls_verbose:
- print("Found Matching session %s" % k)
+ logging.info("Found Matching session %s" % k)
return k
if conf.tls_verbose:
- print("Did not find matching session %s" % session)
+ logging.info("Did not find matching session %s" % session)
return None
def __repr__(self):
--
GitLab