Fred Douglis

Important changes to forums and questions

All forums and questions are now archived. To start a new conversation or read the latest updates go to forums.mbed.com.

6 years, 6 months ago.

Does debugging for PK exist? Examples?

I have been trying to debug the error I get when using the pk functions. I see some indications in the code that pk_debug exists, but I don't see it used much, and wonder if it was just a placeholder. Specifically, at the point where a function would actually be called, I see:

ctx->pk_info->debug_func( ctx->pk_ctx, items );

But if I recursively grep for debug_func, I only see three instances, two in mbedtls_pk_debug (checking for non-null and then this call) and the declaration in include/mbedtls/pk_internal.h ... nothing that ever actually sets it. Plus, in test_suite_pk.function, I see a line about it being unsupported:

test_suite_pk.function

 /* unsupported functions: check_pair, debug */
    TEST_ASSERT( mbedtls_pk_setup( &pk2,
                 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
    TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
                 == MBEDTLS_ERR_PK_TYPE_MISMATCH );
    TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
                 == MBEDTLS_ERR_PK_TYPE_MISMATCH );

Does this actually work, or am I diagnosing this correctly? If it does work, are there examples of use?

Thanks.

1 Answer

Gilles Peskine
6 years, 6 months ago.

Hi Fred,

debug_func is a method which is set when the pk object is initialized with mbedtls_pk_setup. If you're curious, the place it comes from is the “class” definitions in library/pk_wrap.c, where it's set to one of rsa_debug or eckey_debug. This method is then called by mbedtls_pk_debug.

The comment in test_suite_pk.function only refers to it not being unsupported by this particular test.

You're right that it isn't used much. You can call mbedtls_pk_debug from your own code to dump out the value of a key. There's an example of use in library/debug.c where it's used to dump all the information in a certificate.

If you have access to a debugger, that's usually more convenient. The pk debug facility is mostly useful when all you have to debug is your application logs.

Accepted Answer

Gilles, thanks for the info.

So I guess there is a constant structure with the field defined positionally, and that's why I wasn't seeing the variable assigned to ... makes more sense now.

I will probably try out the explcit debug call, as you suggest. I was hoping it was more along the lines of "we produce debugging output, which is usually ignored, but by setting something, we'll tell you more".

I guess it's the debugger for me then!

posted by Fred Douglis 05 Apr 2019