Authentication: HighGMAC
Interface: HDLC
Media: Serial
Security: AuthenticationEncryption
When I use the 8.1.2005.1401 version(old version) gurux works fine with my meter, but when I try to establish an association with 8.2.2006.1702 version(new version), gurux sends the message:
Access Error: Device reports a hardware fault.
The meter is rejecting the association, It is an authentication problem with the authentication tag of the gmac function in the Response to challenge: f (StoC).
Reviewing, I found that with the previous version, when gurux sends an AARQ its IC is equal with 1 and when gurux sends f(StoC) its IC is equal with 4, but the IC value with which f(StoC) was calculated was 2.
On the other hand with the new version, the IC value with which f(StoC) was calculated was 3.
With the old version I take the value of the IC received along with the AARQ plus 1, and use it to calculate the gmac function tag.
With the new version I have to take the value of the IC received along with the f (StoC) minus 1 and use it to calculate the gmac function tag.
In a certification process, which do you consider to be the correct way?
Will the behavior of the new version be the definitive behavior when establishing association?
Reason why it's 3 is that invocation counter (IC) is increased by one when GMAC password is generated. IC was not increased before, but I notes this centense in Blue Book:
9.2.3.3.7.3 The initialization vector, IV
when the authenticated encryption function is used, the corresponding IC is used then it is incremented by 1
For this reason, IV is increased twice in AARQ. Once for generating GMAC and once for ciphering.
Hi,
Hi,
Reason why it's 3 is that invocation counter (IC) is increased by one when GMAC password is generated. IC was not increased before, but I notes this centense in Blue Book:
9.2.3.3.7.3 The initialization vector, IV
when the authenticated encryption function is used, the corresponding IC is used then it is incremented by 1
For this reason, IV is increased twice in AARQ. Once for generating GMAC and once for ciphering.
BR,
Mikko
Hi mikko,
Hi mikko,
The Galois/Counter Mode (GCM), is an algorithm for authenticated encryption with associated data.
GMAC is for generating a message authentication code (MAC) on data that is not encrypted.
So I think that the IC should not be increased when using GMAC, only when using GCM.
Regards!
Hi,
Hi,
The reason for this is that we have clients who are needed this. I have asked this from DLMS UA, but not received a reply yet.
I need to think about this. I'm not sure if we need to add a property to the GXDLMSClient when IV is increased or not.
IV should come in part of the data. Can you parse it there and use IV that the client has sent?
BR,
Mikko