diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py
index 4b76353f8b7230d4f59a731649c12d24f01427d0..8e260d4d68801b1f9aa54025efa682074c973c53 100644
--- a/scapy/layers/tls/__init__.py
+++ b/scapy/layers/tls/__init__.py
@@ -5,6 +5,7 @@
"""
Tools for handling TLS sessions and digital certificates.
+Use load_layer('tls') to load them to the main namespace.
Prerequisites:
diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py
index 0e5d8457f63e3606cd06725faba6d39bed87a4a6..db18bd2d21a67afce298983727781bbde8baa156 100644
--- a/scapy/layers/tls/automaton.py
+++ b/scapy/layers/tls/automaton.py
@@ -7,10 +7,10 @@
The _TLSAutomaton class provides methods common to both TLS client and server.
"""
-from __future__ import print_function
import struct
from scapy.automaton import Automaton
+from scapy.error import log_interactive
from scapy.packet import Raw
from scapy.layers.tls.basefields import _tls_type
from scapy.layers.tls.cert import Cert, PrivKey
@@ -219,5 +219,5 @@ class _TLSAutomaton(Automaton):
def vprint(self, s=""):
if self.verbose:
- print("> %s" % s)
+ log_interactive.info("> %s", s)
diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py
index f1f1a6f00dde42c7153efe08e390026c70bea42b..852f4bd026f6b0f5121743af813b5fc24433dcbb 100644
--- a/scapy/layers/tls/automaton_srv.py
+++ b/scapy/layers/tls/automaton_srv.py
@@ -788,14 +788,14 @@ class TLSServerAutomaton(_TLSAutomaton):
self.buffer_in = self.buffer_in[1:]
if hasattr(p, "load"):
cli_data = p.load
- self.vprint("Received: %s" % cli_data)
+ print("> Received: %s" % cli_data)
if cli_data.startswith("goodbye"):
self.vprint()
self.vprint("Seems like the client left...")
raise self.WAITING_CLIENT()
else:
cli_data = str(p)
- self.vprint("Received: %r" % p)
+ print("> Received: %r" % p)
lines = cli_data.split("\n")
stop = False
diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py
index 8e6120411c8b153d39ee0b82f5ebf8f6944efe71..990c69c68b3afde3e4779a5308f623a8f86deb12 100644
--- a/scapy/layers/tls/handshake.py
+++ b/scapy/layers/tls/handshake.py
@@ -10,10 +10,10 @@ This module covers the handshake TLS subprotocol, except for the key exchange
mechanisms which are addressed with keyexchange.py.
"""
-from __future__ import absolute_import, print_function
+from __future__ import absolute_import
import math
-from scapy.error import warning
+from scapy.error import log_runtime, warning
from scapy.fields import *
from scapy.packet import Packet, Raw, Padding
from scapy.utils import repr_hex
@@ -715,7 +715,8 @@ class TLSServerKeyExchange(_TLSHandshake):
"""
s = self.tls_session
if s.prcs and s.prcs.key_exchange.no_ske:
- print("USELESS SERVER KEY EXCHANGE")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: useless ServerKeyExchange [%s]", pkt_info)
if (s.prcs and
not s.prcs.key_exchange.anonymous and
s.client_random and s.server_random and
@@ -723,7 +724,8 @@ class TLSServerKeyExchange(_TLSHandshake):
m = s.client_random + s.server_random + str(self.params)
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- print("INVALID SERVER KEY EXCHANGE SIGNATURE")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid ServerKeyExchange signature [%s]", pkt_info)
###############################################################################
@@ -855,13 +857,15 @@ class TLSCertificateVerify(_TLSHandshake):
if s.client_certs and len(s.client_certs) > 0:
sig_test = self.sig._verify_sig(m, s.client_certs[0])
if not sig_test:
- print("INVALID CERTIFICATE VERIFY SIGNATURE")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid CertificateVerify signature [%s]", pkt_info)
elif s.connection_end == "client":
# should be TLS 1.3 only
if s.server_certs and len(s.server_certs) > 0:
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- print("INVALID CERTIFICATE VERIFY SIGNATURE")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid CertificateVerify signature [%s]", pkt_info)
###############################################################################
@@ -964,12 +968,14 @@ class TLSFinished(_TLSHandshake):
verify_data = s.rcs.prf.compute_verify_data(con_end, "read",
handshake_msg, ms)
if self.vdata != verify_data:
- print("INVALID TLS FINISHED RECEIVED")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid Finished received [%s]", pkt_info)
elif s.tls_version >= 0x0304:
con_end = s.connection_end
verify_data = s.compute_tls13_verify_data(con_end, "read")
if self.vdata != verify_data:
- print("INVALID TLS FINISHED RECEIVED")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid Finished received [%s]", pkt_info)
def post_build_tls_session_update(self, msg_str):
self.tls_session_update(msg_str)
diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py
index 43ad745033471ab0772f8421b2f38d80733f7e19..2a8f3f619b6095178b7d1317ba1bed82cc2a0b5d 100644
--- a/scapy/layers/tls/handshake_sslv2.py
+++ b/scapy/layers/tls/handshake_sslv2.py
@@ -6,10 +6,9 @@
SSLv2 handshake fields & logic.
"""
-from __future__ import print_function
import math
-from scapy.error import warning
+from scapy.error import log_runtime, warning
from scapy.fields import *
from scapy.packet import Packet, Raw, Padding
from scapy.layers.tls.cert import Cert, PrivKey, PubKey
@@ -401,7 +400,8 @@ class SSLv2ServerVerify(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_challenge is not None:
if self.challenge != s.sslv2_challenge:
- print("INVALID TLS SERVER VERIFY RECEIVED")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid ServerVerify received [%s]", pkt_info)
###############################################################################
@@ -477,7 +477,8 @@ class SSLv2ClientCertificate(_SSLv2Handshake):
s.server_certs[0].der)
sig_test = self.responsedata._verify_sig(m, s.client_certs[0])
if not sig_test:
- print("INVALID CLIENT CERTIFICATE VERIFY SIGNATURE")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: invalid client CertificateVerify signature [%s]", pkt_info)
def tls_session_update(self, msg_str):
super(SSLv2ClientCertificate, self).tls_session_update(msg_str)
@@ -508,7 +509,8 @@ class SSLv2ClientFinished(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_connection_id is not None:
if self.connection_id != s.sslv2_connection_id:
- print("INVALID TLS CLIENT FINISHED RECEIVED")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid client Finished received [%s]", pkt_info)
class SSLv2ServerFinished(_SSLv2Handshake):
diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py
index 07202a51a682cc0220cc094e7fef8c8f784c6a3d..957ef3d431a3109971bcf3309d2fcdf9a3c2b720 100644
--- a/scapy/layers/tls/keyexchange_tls13.py
+++ b/scapy/layers/tls/keyexchange_tls13.py
@@ -6,11 +6,10 @@
TLS 1.3 key exchange logic.
"""
-from __future__ import print_function
import math
from scapy.config import conf, crypto_validator
-from scapy.error import warning
+from scapy.error import log_runtime, warning
from scapy.fields import *
from scapy.packet import Packet, Raw, Padding
from scapy.layers.tls.cert import PubKeyRSA, PrivKeyRSA
@@ -141,7 +140,8 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
for kse in self.client_shares:
if kse.privkey:
if _tls_named_curves[kse.group] in privshares:
- print("Group %s used twice in the same ClientHello!" % kse.group)
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info)
break
privshares[_tls_named_groups[kse.group]] = kse.privkey
return super(TLS_Ext_KeyShare_CH, self).post_build(pkt, pay)
@@ -152,7 +152,8 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
if kse.pubkey:
pubshares = self.tls_session.tls13_client_pubshares
if _tls_named_curves[kse.group] in pubshares:
- print("Group %s used twice in the same ClientHello!" % kse.group)
+ pkt_info = r.firstlayer().summary()
+ log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info)
break
pubshares[_tls_named_curves[kse.group]] = kse.pubkey
return super(TLS_Ext_KeyShare_CH, self).post_dissection(r)
@@ -176,7 +177,8 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a privkey, we assume the crypto library is ok
privshare = self.tls_session.tls13_server_privshare
if len(privshare) > 0:
- print("Server key share was already stored...?")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: overwriting previous server key share [%s]", pkt_info)
group_name = _tls_named_groups[self.server_share.group]
privshare[group_name] = self.server_share.privkey
@@ -198,7 +200,8 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a pubkey, we assume the crypto library is ok
pubshare = self.tls_session.tls13_server_pubshare
if len(pubshare) > 0:
- print("Server key share was already stored...?")
+ pkt_info = r.firstlayer().summary()
+ log_runtime.info("TLS: overwriting previous server key share [%s]", pkt_info)
group_name = _tls_named_groups[self.server_share.group]
pubshare[group_name] = self.server_share.pubkey
diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py
index ab9d293c5fe0fa91831eb481a496b04e20de7fb4..7933fe0c13f13abe1e1c05314c025aa2fe6a3cc8 100644
--- a/scapy/layers/tls/record.py
+++ b/scapy/layers/tls/record.py
@@ -12,10 +12,10 @@ ApplicationData submessages. For the Handshake type, see tls_handshake.py.
See the TLS class documentation for more information.
"""
-from __future__ import print_function
import struct
from scapy.config import conf
+from scapy.error import log_runtime
from scapy.fields import *
from scapy.compat import *
from scapy.packet import *
@@ -303,7 +303,8 @@ class TLS(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- print("INTEGRITY CHECK FAILED")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
return e.args
def _tls_decrypt(self, s):
@@ -424,7 +425,8 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
elif cipher_type == 'stream':
# Decrypt
@@ -448,7 +450,8 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
elif cipher_type == 'aead':
# Authenticated encryption
diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py
index b348b92447e8df3932ba843855b59c53e8ead0ad..e65259585383273b4f36d35621f433a97e83346a 100644
--- a/scapy/layers/tls/record_sslv2.py
+++ b/scapy/layers/tls/record_sslv2.py
@@ -6,10 +6,10 @@
SSLv2 Record.
"""
-from __future__ import print_function
import struct
from scapy.config import conf
+from scapy.error import log_runtime
from scapy.fields import *
from scapy.packet import *
from scapy.layers.tls.session import _GenericTLSSessionInheritance
@@ -140,7 +140,8 @@ class SSLv2(TLS):
# Verify integrity
is_mac_ok = self._sslv2_mac_verify(cfrag + pad, mac)
if not is_mac_ok:
- print("INTEGRITY CHECK FAILED")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
reconstructed_body = mac + cfrag + pad
return hdr + reconstructed_body + r
diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py
index 45015dd8fead2236c1f1bbbda95328f8c6d20bc0..c152cb8e8d14d88070101075dcf37d89df67f2f3 100644
--- a/scapy/layers/tls/record_tls13.py
+++ b/scapy/layers/tls/record_tls13.py
@@ -11,10 +11,10 @@ ApplicationData submessages. For the Handshake type, see tls_handshake.py.
See the TLS class documentation for more information.
"""
-from __future__ import print_function
import struct
from scapy.config import conf
+from scapy.error import log_runtime
from scapy.fields import *
from scapy.packet import *
from scapy.layers.tls.session import _GenericTLSSessionInheritance
@@ -117,7 +117,8 @@ class TLS13(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- print("INTEGRITY CHECK FAILED")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
return e.args
def pre_dissect(self, s):
diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py
index 826c21e65999214bf167ecafd3aadcb13ae7015b..cf3a5b734d731cb1cf8471695fcbc05015f734bb 100644
--- a/scapy/layers/tls/session.py
+++ b/scapy/layers/tls/session.py
@@ -7,13 +7,12 @@
TLS session handler.
"""
-from __future__ import print_function
import random
import socket
import struct
from scapy.config import conf
-from scapy.error import warning
+from scapy.error import log_runtime, warning
from scapy.packet import Packet
from scapy.utils import repr_hex, strxor
from scapy.layers.tls.crypto.compression import Comp_NULL
@@ -109,10 +108,11 @@ class connState(object):
def debug_repr(self, name, secret):
if conf.debug_tls and secret:
- print("%s %s %s: %s" % (self.connection_end,
- self.row,
- name,
- repr_hex(secret)))
+ log_runtime.debug("TLS: %s %s %s: %s",
+ self.connection_end,
+ self.row,
+ name,
+ repr_hex(secret))
def derive_keys(self,
client_random="",
@@ -526,7 +526,7 @@ class tlsSession(object):
self.server_random)
self.master_secret = ms
if conf.debug_tls:
- print("master secret: %s" % repr_hex(ms))
+ log_runtime.debug("TLS: master secret: %s", repr_hex(ms))
def compute_ms_and_derive_keys(self):
self.compute_master_secret()
@@ -554,8 +554,8 @@ class tlsSession(object):
2*self.pwcs.cipher.key_len)
self.sslv2_key_material = km
if conf.debug_tls:
- print("master secret: %s" % repr_hex(self.master_secret))
- print("key material: %s" % repr_hex(km))
+ log_runtime.debug("TLS: master secret: %s", repr_hex(self.master_secret))
+ log_runtime.debug("TLS: key material: %s", repr_hex(km))
def compute_sslv2_km_and_derive_keys(self):
self.compute_sslv2_key_material()
@@ -931,7 +931,7 @@ class _tls_sessions(object):
def add(self, session):
s = self.find(session)
if s:
- print("TLS session already exists. Not adding...")
+ log_runtime.info("TLS: previous session shall not be overwritten")
return
h = session.hash()
@@ -943,7 +943,7 @@ class _tls_sessions(object):
def rem(self, session):
s = self.find(session)
if s:
- print("TLS session does not exist. Not removing...")
+ log_runtime.info("TLS: previous session shall not be overwritten")
return
h = session.hash()
@@ -955,10 +955,10 @@ class _tls_sessions(object):
for k in self.sessions[h]:
if k.eq(session):
if conf.tls_verbose:
- print("Found Matching session %s" % k)
+ log_runtime.info("TLS: found session matching %s", k)
return k
if conf.tls_verbose:
- print("Did not find matching session %s" % session)
+ log_runtime.info("TLS: did not find session matching %s", session)
return None
def __repr__(self):