diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py
index f49734fc11fce93fe165688ac6f250f7fb4a1e3e..990c69c68b3afde3e4779a5308f623a8f86deb12 100644
--- a/scapy/layers/tls/handshake.py
+++ b/scapy/layers/tls/handshake.py
@@ -715,7 +715,8 @@ class TLSServerKeyExchange(_TLSHandshake):
"""
s = self.tls_session
if s.prcs and s.prcs.key_exchange.no_ske:
- log_runtime.info("TLS: useless ServerKeyExchange")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: useless ServerKeyExchange [%s]", pkt_info)
if (s.prcs and
not s.prcs.key_exchange.anonymous and
s.client_random and s.server_random and
@@ -723,7 +724,8 @@ class TLSServerKeyExchange(_TLSHandshake):
m = s.client_random + s.server_random + str(self.params)
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- log_runtime.info("TLS: invalid ServerKeyExchange signature")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid ServerKeyExchange signature [%s]", pkt_info)
###############################################################################
@@ -855,13 +857,15 @@ class TLSCertificateVerify(_TLSHandshake):
if s.client_certs and len(s.client_certs) > 0:
sig_test = self.sig._verify_sig(m, s.client_certs[0])
if not sig_test:
- log_runtime.info("TLS: invalid CertificateVerify signature")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid CertificateVerify signature [%s]", pkt_info)
elif s.connection_end == "client":
# should be TLS 1.3 only
if s.server_certs and len(s.server_certs) > 0:
sig_test = self.sig._verify_sig(m, s.server_certs[0])
if not sig_test:
- log_runtime.info("TLS: invalid CertificateVerify signature")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid CertificateVerify signature [%s]", pkt_info)
###############################################################################
@@ -964,12 +968,14 @@ class TLSFinished(_TLSHandshake):
verify_data = s.rcs.prf.compute_verify_data(con_end, "read",
handshake_msg, ms)
if self.vdata != verify_data:
- log_runtime.info("TLS: invalid Finished received")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid Finished received [%s]", pkt_info)
elif s.tls_version >= 0x0304:
con_end = s.connection_end
verify_data = s.compute_tls13_verify_data(con_end, "read")
if self.vdata != verify_data:
- log_runtime.info("TLS: invalid Finished received")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid Finished received [%s]", pkt_info)
def post_build_tls_session_update(self, msg_str):
self.tls_session_update(msg_str)
diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py
index d647a61a7ea642a9adea859e75426574375a29da..2a8f3f619b6095178b7d1317ba1bed82cc2a0b5d 100644
--- a/scapy/layers/tls/handshake_sslv2.py
+++ b/scapy/layers/tls/handshake_sslv2.py
@@ -400,7 +400,8 @@ class SSLv2ServerVerify(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_challenge is not None:
if self.challenge != s.sslv2_challenge:
- log_runtime.info("TLS: invalid ServerVerify received")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid ServerVerify received [%s]", pkt_info)
###############################################################################
@@ -476,7 +477,8 @@ class SSLv2ClientCertificate(_SSLv2Handshake):
s.server_certs[0].der)
sig_test = self.responsedata._verify_sig(m, s.client_certs[0])
if not sig_test:
- log_runtime.info("TLS: invalid client CertificateVerify signature")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: invalid client CertificateVerify signature [%s]", pkt_info)
def tls_session_update(self, msg_str):
super(SSLv2ClientCertificate, self).tls_session_update(msg_str)
@@ -507,7 +509,8 @@ class SSLv2ClientFinished(_SSLv2Handshake):
s = self.tls_session
if s.sslv2_connection_id is not None:
if self.connection_id != s.sslv2_connection_id:
- log_runtime.info("TLS: invalid client Finished received")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: invalid client Finished received [%s]", pkt_info)
class SSLv2ServerFinished(_SSLv2Handshake):
diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py
index cef3b75a02e06b983c2a467d585e1a582f80be20..957ef3d431a3109971bcf3309d2fcdf9a3c2b720 100644
--- a/scapy/layers/tls/keyexchange_tls13.py
+++ b/scapy/layers/tls/keyexchange_tls13.py
@@ -140,7 +140,8 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
for kse in self.client_shares:
if kse.privkey:
if _tls_named_curves[kse.group] in privshares:
- log_runtime.info("TLS: group %s used twice in the same ClientHello", kse.group)
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info)
break
privshares[_tls_named_groups[kse.group]] = kse.privkey
return super(TLS_Ext_KeyShare_CH, self).post_build(pkt, pay)
@@ -151,7 +152,8 @@ class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
if kse.pubkey:
pubshares = self.tls_session.tls13_client_pubshares
if _tls_named_curves[kse.group] in pubshares:
- log_runtime.info("TLS: group %s used twice in the same ClientHello", kse.group)
+ pkt_info = r.firstlayer().summary()
+ log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info)
break
pubshares[_tls_named_curves[kse.group]] = kse.pubkey
return super(TLS_Ext_KeyShare_CH, self).post_dissection(r)
@@ -175,7 +177,8 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a privkey, we assume the crypto library is ok
privshare = self.tls_session.tls13_server_privshare
if len(privshare) > 0:
- log_runtime.info("TLS: overwriting previous server key share")
+ pkt_info = pkt.firstlayer().summary()
+ log_runtime.info("TLS: overwriting previous server key share [%s]", pkt_info)
group_name = _tls_named_groups[self.server_share.group]
privshare[group_name] = self.server_share.privkey
@@ -197,7 +200,8 @@ class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown):
# if there is a pubkey, we assume the crypto library is ok
pubshare = self.tls_session.tls13_server_pubshare
if len(pubshare) > 0:
- log_runtime.info("TLS: overwriting previous server key share")
+ pkt_info = r.firstlayer().summary()
+ log_runtime.info("TLS: overwriting previous server key share [%s]", pkt_info)
group_name = _tls_named_groups[self.server_share.group]
pubshare[group_name] = self.server_share.pubkey
diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py
index 066a040d22e6a4e64937a4c11732d6f355507f0d..7933fe0c13f13abe1e1c05314c025aa2fe6a3cc8 100644
--- a/scapy/layers/tls/record.py
+++ b/scapy/layers/tls/record.py
@@ -303,7 +303,8 @@ class TLS(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- log_runtime.info("TLS: record integrity check failed")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
return e.args
def _tls_decrypt(self, s):
@@ -424,7 +425,8 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- log_runtime.info("TLS: record integrity check failed")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
elif cipher_type == 'stream':
# Decrypt
@@ -448,7 +450,8 @@ class TLS(_GenericTLSSessionInheritance):
chdr = hdr[:3] + struct.pack('!H', len(cfrag))
is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac)
if not is_mac_ok:
- log_runtime.info("TLS: record integrity check failed")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
elif cipher_type == 'aead':
# Authenticated encryption
diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py
index b79abd9a123282e85b76b2e9bcaa2195dd7dbb66..e65259585383273b4f36d35621f433a97e83346a 100644
--- a/scapy/layers/tls/record_sslv2.py
+++ b/scapy/layers/tls/record_sslv2.py
@@ -140,7 +140,8 @@ class SSLv2(TLS):
# Verify integrity
is_mac_ok = self._sslv2_mac_verify(cfrag + pad, mac)
if not is_mac_ok:
- log_runtime.info("TLS: record integrity check failed")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
reconstructed_body = mac + cfrag + pad
return hdr + reconstructed_body + r
diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py
index 1e79c9bb6036d6a40e0212d9740ae94289fe4bb5..c152cb8e8d14d88070101075dcf37d89df67f2f3 100644
--- a/scapy/layers/tls/record_tls13.py
+++ b/scapy/layers/tls/record_tls13.py
@@ -117,7 +117,8 @@ class TLS13(_GenericTLSSessionInheritance):
except CipherError as e:
return e.args
except AEADTagError as e:
- log_runtime.info("TLS: record integrity check failed")
+ pkt_info = self.firstlayer().summary()
+ log_runtime.info("TLS: record integrity check failed [%s]", pkt_info)
return e.args
def pre_dissect(self, s):