Hello,
I am trying to establish a "Management Client" session with a Kaifa MA110M meter.
Suit0, GMAC, AUTH+ENCRY
I am getting "Unmatched Type" at the authentication step:
13:48:22 Send SNRM request.
TX: 7E A0 07 03 21 93 0F 01 7E
13:48:22
RX: 7E A0 07 21 03 73 01 40 7E
13:48:22 Send AARQ request.
TX: 7E A0 2B 03 21 10 FB AF E6 E6 00 60 1D A1 09 06 07 60 85 74 05 08 01 01 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 62 1E 5D FF FF 88 55 7E
13:48:22
RX: 7E A0 37 21 03 30 6C 7C E6 E7 00 61 29 A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 00 A3 05 A1 03 02 01 00 BE 10 04 0E 08 00 06 5F 1F 04 00 00 00 10 02 80 00 07 F0 E6 7E
13:48:22
RX: 7E A0 15 21 03 52 5D 8A E6 E7 00 C4 01 C1 00 06 00 00 00 0C 11 D2 7E
13:48:22 Disconnect request
TX: 7E A0 07 03 21 53 03 C7 7E
13:48:22
RX: 7E A0 07 21 03 73 01 40 7E
13:48:22 Send SNRM request.
TX: 7E A0 07 03 03 93 8C 11 7E
13:48:22
RX: 7E A0 07 03 03 73 82 F6 7E
13:48:22 Send AARQ request.
TX: 7E A0 6B 03 03 10 CF A9 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 43 45 43 45 43 45 43 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 6A 65 0D 21 0D 0C 69 66 30 72 76 50 44 38 05 20 BE 23 04 21 21 1F 30 00 00 00 0D 78 BE 13 DD 1C FA 07 14 4E 30 EE 7A 39 8E 6E 1B BF 64 8E 5F 90 D4 D7 F2 4B B1 0A 80 7E
13:48:23
RX: 7E A0 77 03 03 30 58 DC E6 E7 00 61 69 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 4B 46 4D 66 75 E6 9E C6 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 12 80 10 F1 62 4E E4 88 63 D2 11 DC C2 A7 5D 26 9E 04 53 BE 23 04 21 28 1F 30 00 00 00 0C E1 C1 A3 C1 53 2D 5F D7 5A 4A 59 DC 50 05 34 0F B3 87 E1 C4 61 1C 13 36 DB 70 08 4C 7E
13:48:23 Authenticating.
TX: 7E A0 3F 03 03 32 25 0C E6 E6 00 CB 31 30 00 00 00 0E 41 6A B8 93 3A E5 6B C7 B6 96 CA 35 A5 7B 83 62 B7 D9 A3 94 01 76 06 CC F7 4B 50 77 F6 0B DF 08 FD 84 07 0E 03 B2 78 03 B2 3A 60 6D 38 D1 7E
13:48:23
RX: 7E A0 24 03 03 52 97 6C E6 E7 00 CF 16 30 00 00 00 0D B7 9C 47 3D F2 1A 11 15 5D 7C 60 CA 8B CB 6D D7 66 4A A3 7E
13:48:23
RX: 7E A0 07 03 03 73 82 F6 7E
Could you help me?
Thanks.
Hi, I checked this, but you…
Hi,
I checked this, but you are using different block cipher key (0F0E0D0C0B0A09080706050403020100) or authentication key (D0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF) than in your picture.
It's not possible to solve without the correct keys.
BR,
Mikko
Yes. Sorry. The picture is…
Yes. Sorry.
The picture is old. Was taken doing tests.
The used keys are:
BlockCipher key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Authentication Key:D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Hi again Mikko, I have more…
Hi again Mikko,
I have more info about this issue.
Theoretically, this meter is IDIS 2 compliant. I am communicating with Kaifa developers about this issue and they said to me:
---------------------------------------------------------------------------------------
According to the green book, for pass 3, there will use the encryption-authentication function twice, that’s to say the frame counter will increase twice, but please check the GXDLMSDirector sending frame, it only increased once:
13:48:23 Authenticating.
TX: 7E A0 3F 03 03 32 25 0C E6 E6 00 CB 31 30 00 00 00 0E 41 6A B8 93 3A E5 6B C7 B6 96 CA 35 A5 7B 83 62 B7 D9 A3 94 01 76 06 CC F7 4B 50 77 F6 0B DF 08 FD 84 07 0E 03 B2 78 03 B2 3A 60 6D 38 D1 7E
Decrypted frame: C3 01 C1 00 0F 00 00 28 00 00 FF 01 01 09 11 10 00 00 00 0E 5F 69 85 0D 65 6C 5A 78 4C CB 43 6A
---------------------------------------------------------------------------------------
And they highlighted the IC of the full frame and the IC of the encrypted actionRequest PDU. In both cases: "00 00 00 0E"
Now I am testing through PLC using your ANSI C library. I performed some tests in order to "play" with the invocation counter and I have managed to establish the session incrementing the invocation counter just before of "cl_getApplicationAssociationRequest()" and decrementing it when calling dlms_secure:
ret = dlms_secure(settings,
settings->cipher.invocationCounter-1,
...
TX: CB 31 30 00 00 00 10 D1 75 3E A2 1D 4F FC C3 56 6E 4D D8 63 3D 67 E5 9A B8 86 06 D4 61 39 96 C1 91 7C C5 79 17 C0 CF 65 2A 7E A6 CA 2B DF C5 40 C9 2C DF
RX: CF 2A 30 00 00 00 0F 2B 66 23 71 20 B9 11 11 35 D1 BC 76 03 C5 2D 2C D6 27 1C 27 D3 65 65 B8 63 D2 93 87 5B EF 2F 11 4F B9 EA 97 40
The question here is:
It is behavior according to the DLMS green book?
Is it a client bug?
Is it a server bug?
Thanks!
Hi Mikko Have you been able…
Hi Mikko
Have you been able to review anything on this issue?
I would greatly appreciate your help.
Thank you.
Kind Regards,
Manuel
Hi Manuel, Some meters…
Hi Manuel,
Some meters expect that Invocation Counter is increased for GMAC Authentication when connection is established. For that reason there is a IncreaseInvocationCounterForGMacAuthentication in the c# client interface. This property can't set on the GXDLMSDirector at the moment. This is not added for the ANSI C at the moment.
There is a little rush and I was not able to check this from the IDIS 2 documents right now, but DLMS doesn't define it.
I don't understand why you are decreasing the IV in your test. find cl_getApplicationAssociationRequest and increase iv after you call dlms_secure.
Somthing like this:
ret = dlms_secure(settings,
settings->cipher.invocationCounter,
& settings->stoCChallenge,
pw,
&challenge);
++settings->cipher.invocationCounter;
I'll add this for the work list and IncreaseInvocationCounterForGMacAuthentication property is added for the next release for ANSI C.
BR,
Mikko
Hi, Ok. I got the point. I…
Hi,
Ok. I got the point.
I will add this functionality to our project by adding a connection property in order to select one of both behaviors. I will do as you said increasing iv after you call dlms_secure.
Anyway, I think that to be interoperable only one of these behavior should be correct. I will research that.
I appreciate your help. It is so helpful.
Kind Regards,
Manuel
Hi again Mikko, As I told…
Hi again Mikko,
As I told you I have solved this in the ANSI C library according to your suggestion.
Now I am trying to do the same in the GXDLMSDirector.
I have cloned the repo using "Visual Studio" and I have achieved building it.
Now I am trying to increment the invocation counter when GMAC security.
First of all I have to say that is the first time that I work with a C# project and Visual Studio. Neither with NuGet. My background is C/C++ for embedded systems.
Returning to the topic, firstly I have tried to modify the GetApplicationAssociationRequest() but I cant modifay the source code. I suppose because it is a part of one of the NuGet packages.
So the second and last thing that I have tried is to modify GXDLMSCommunicator->InitializeConnection() in this way:
//If authentication is required.
if (client.Authentication > Authentication.Low)
{
reply.Clear();
client.IncreaseInvocationCounterForGMacAuthentication = true;
client.Settings.IncreaseInvocationCounterForGMacAuthentication = true;
ReadDataBlock(client.GetApplicationAssociationRequest(), "Authenticating What that Hel!.", reply);
client.ParseApplicationAssociationResponse(reply.Data);
}
But I am getting the same result, the invocation counter is not increased:
22:24:20 Send SNRM request.
TX: 7E A0 07 03 03 93 8C 11 7E
22:24:20
RX: 7E A0 07 03 03 73 82 F6 7E
22:24:20 Send AARQ request.
TX: 7E A0 6B 03 03 10 CF A9 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 43 45 43 45 43 45 43 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 4C 6D 67 54 3B 34 74 16 0E 08 26 2D 6F 28 51 44 BE 23 04 21 21 1F 30 00 00 00 26 48 30 CF 1A 16 44 2D C4 97 06 FE 08 09 2B 9E 78 75 06 52 39 14 F8 F1 CA 5C F8 77 23 7E
22:24:20
RX: 7E A0 77 03 03 30 58 DC E6 E7 00 61 69 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 4B 46 4D 66 75 E6 9E C6 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 12 80 10 9D B0 B5 7D 38 21 D5 B8 8C FF 67 A5 D0 58 7B 59 BE 23 04 21 28 1F 30 00 00 00 23 84 5B DD 7C 78 61 7E 1B FA BC 8B 72 55 E3 50 2E 20 0D 83 ED E6 AA 88 29 F3 4C 49 24 7E
22:24:20 Authenticating What that Hel!.
TX: 7E A0 3F 03 03 32 25 0C E6 E6 00 CB 31 30 00 00 00 28 55 4D AF A0 08 0C 8C 6A 3B 1C 13 A2 F4 C0 F7 85 35 69 FC D2 69 9D A1 5A DA 74 68 80 9D 69 DC 2C 8D 98 89 40 0D 0A F4 F9 DB 3E 45 69 6F 9F 7E
Could you help me again?
Thanks!!
Hi, This is added for the…
Hi,
This is added for the GXDLMSDirector. Before it's released you can use it like this:
Find InitializeConnection and add IncreaseInvocationCounterForGMacAuthentication
for the first line.
public void InitializeConnection(bool force)
{
client.IncreaseInvocationCounterForGMacAuthentication = true;
....
}
BR,
Mikko
Same result... The…
Same result...
The invocation counter doesn't increment:
13:39:15 Send AARQ request.
TX: 7E A0 6B 03 03 10 CF A9 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 43 45 43 45 43 45 43 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 26 16 4F 3E 10 23 10 69 53 59 07 50 4A 24 61 08 BE 23 04 21 21 1F 30 00 00 00 04 C4 D2 5A EE E1 30 11 EE F1 F9 0D 76 B5 33 A2 CB 78 11 F9 00 B7 80 3E 87 E4 AF 48 53 7E
13:39:15
RX: 7E A0 77 03 03 30 58 DC E6 E7 00 61 69 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 4B 46 4D 66 75 E6 9E C6 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 12 80 10 68 CA D1 20 33 D6 B2 57 FF 65 E5 96 34 FD 3E 08 BE 23 04 21 28 1F 30 00 00 00 03 F2 73 5F B6 57 3F D9 C6 FD 24 10 CA A0 37 48 B4 0A F8 A2 6C 68 F4 C0 D7 A4 CE 17 13 7E
13:39:15 Authenticating What that Hell!.
TX: 7E A0 3F 03 03 32 25 0C E6 E6 00 CB 31 30 00 00 00 06 1A 3A 0C 4E 25 E1 F7 62 AE 45 3E 9E 06 96 BE B5 40 45 33 F2 B2 9A 26 DD 66 97 A4 D8 AF F3 7A EA E7 63 A7 5E CF 5C BE FE B5 0E 24 74 95 17 7E
13:39:15
RX: 7E A0 24 03 03 52 97 6C E6 E7 00 CF 16 30 00 00 00 04 79 31 75 D5 10 66 3E 6A 1B E7 37 99 3D 14 A1 52 BF 52 FD 7E
13:39:15
RX: 7E A0 07 03 03 73 82 F6 7E
I found the problem. I have…
I found the problem.
I have achieved building the project by adding the Gurux.DLMS.Net project as a reference instead of a Nuget package.
The problem was that:
if (Settings.Cipher != null && Settings.IncreaseInvocationCounterForGMacAuthentication)
{
Settings.Cipher.InvocationCounter++;
}
is before of:
"challenge = GXSecure.Secure(Settings, Settings.Cipher, Settings.Cipher.InvocationCounter,
Settings.StoCChallenge, pw);"
It must be after GXSecure.Secure.
What do you think?
Anyway, I still have…
Anyway, I still have problems using my custom version.
When the association view is read, most of the obis are named "Invalid".
In addition, there are some obis like "PushSetup" that I can't read. GXDLMSDirector throws an error. It doesn't happen with your release, so something I am doing wrong building it...
Could you help me?
Thanks!
Ok. I think I found the…
Ok. I think I found the problem.
Is the version of the Gurux.DLMS.Net library.
The last release (9.0.2305.2402) doesn't work properly. There are some errors like the ones I described before.
Using the previous release (Version 9.0.2305.2401) works perfectly.
Hi, Update the…
Hi,
Update the GXDSLMDirector version 9.0.2306.0201. Then select "Advanced" from the device properties. Theck check "Increase invocation counter for GMAC authentication" and accept the changes.
BR,
Mikko
It doesn't work. You have…
It doesn't work.
You have not changed the GXDLMSClient.cs of Gurux.DLMS.Net.
The invocation increase is still being before the GXSecure.Secure call:
if (Settings.Cipher != null && Settings.IncreaseInvocationCounterForGMacAuthentication)
{
++Settings.Cipher.InvocationCounter;
}
challenge = GXSecure.Secure(Settings, Settings.Cipher,
Settings.Cipher.InvocationCounter,
Settings.StoCChallenge, pw);
The ++Settings.Cipher.InvocationCounter; must be after challenge = GXSecure.Secure(...)
I told you some messages before...
Hi, Please, don't add pics…
Hi,
Please, don't add pics. They are hard to read after compression.
Can you add the hex trace so I can check the bytes?
BR,
Mikko
The problem is in the HLS…
The problem is in the HLS authentication. In the action request, the invocation counter is the same for the full APDU and the encapsulated action request because of the ++Settings.Cipher.InvocationCounter is before the GXSecure.Secure(...) call. (Check the picture)
Here is the full log:
09:52:22 Send SNRM request.
TX: 7E A0 07 03 21 93 0F 01 7E
09:52:22
RX: 7E A0 07 21 03 73 01 40 7E
09:52:22 Send AARQ request.
TX: 7E A0 2B 03 21 10 FB AF E6 E6 00 60 1D A1 09 06 07 60 85 74 05 08 01 01 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 00 1E 1D FF FF C5 E4 7E
09:52:22
RX: 7E A0 37 21 03 30 6C 7C E6 E7 00 61 29 A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 00 A3 05 A1 03 02 01 00 BE 10 04 0E 08 00 06 5F 1F 04 00 00 00 10 02 80 00 07 F0 E6 7E
09:52:22
RX: 7E A0 15 21 03 52 5D 8A E6 E7 00 C4 01 C1 00 06 00 00 0F B0 3E 2E 7E
09:52:22 Disconnect request
TX: 7E A0 07 03 21 53 03 C7 7E
09:52:22
RX: 7E A0 07 21 03 73 01 40 7E
09:52:22 Send SNRM request.
TX: 7E A0 07 03 03 93 8C 11 7E
09:52:22
RX: 7E A0 07 03 03 73 82 F6 7E
09:52:22 Send AARQ request.
TX: 7E A0 6B 03 03 10 CF A9 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 43 45 43 45 43 45 43 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 20 07 44 77 73 4A 73 55 15 6B 6C 1D 30 29 41 6D BE 23 04 21 21 1F 30 00 00 0F B1 10 17 C4 6E 9A C1 28 6A C6 1C 30 00 C4 11 49 6F F0 92 C7 B8 40 A8 94 C5 F7 82 BA 00 7E
09:52:22
RX: 7E A0 77 03 03 30 58 DC E6 E7 00 61 69 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 4B 46 4D 66 75 E6 9E C6 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 12 80 10 23 50 88 80 BA C1 6C AD 54 D2 D2 A2 D2 59 76 8E BE 23 04 21 28 1F 30 00 00 0F A4 7B A4 2A B3 DF ED 0F 84 C9 62 B7 3A 1F B1 58 99 9E D3 FC F1 98 9D 04 8A 2B F2 FB 3B 7E
09:52:22 Authenticating.
TX: 7E A0 3F 03 03 32 25 0C E6 E6 00 CB 31 30 00 00 0F B2 CE A9 AF 3E B4 1F DC 80 5C 6A 3B 2B DB 30 93 FD F0 DD 23 EA AC 02 D0 E2 82 F0 CA 5D ED 0A D6 44 57 DC 48 25 85 D8 59 53 34 1A C3 7D 90 A7 7E
09:52:23
RX: 7E A0 24 03 03 52 97 6C E6 E7 00 CF 16 30 00 00 0F A5 C0 7B E5 97 07 FF 1A 5D FA 5E A3 FE 38 62 23 F4 A0 56 31 7E
09:52:23
RX: 7E A0 07 03 03 73 82 F6 7E
Here the ciphering fields:
System title: CECECECE (ASCII)
Server System Title: 4B 46 4D 66 75 E6 9E C6
Block Key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Auth Key: D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Hi, If your meter expects…
Hi,
If your meter expects that the invocation counter is increased select the Advanced tab and then check "Increase invocation counter for GMAC Authentication.".
BR,
Mikko
I have done so. This check…
I have done so. This check box is selected. But it still is not working properly.
If you pay attention to all the information I sent you in the previous posts you will realize that there is a bug in Gurux.DLMS.Net. You are incrementing the invocationCounter before the GXSecure.Secure(...) call instead of after this call, just as you recommended to me for the ANSI C version in some posts above.
I am not asking for help. I know what is happening and I am trying to help you to solve the problem. In fact, I have built a version that works properly. But I see that you don't pay much interest in my comments. So don't worry. You can close the subject.
Thank you.
Hi, There must be some kind…
Hi,
There must be some kind of misunderstanding. In the future, please, create a new topic if you have a new question. This topic started with ANSI C and now it's C#.
invocationCounter must increase second time before secure because some meters expect that IC Is increased twice in AARQ message.
That is the reason for this. IC is not increased a second time before the client sends CtoS challenge with an Action request.
<OctetString Value="100000000E //This is correct because this is count first.
5F69850D656C5A784CCB436A" />
Value="300000000E //This must be one bigger than the challenge,
416AB8933AE56BC7B696CA35A57B8362B7D9A394017606CCF74B5077F60BDF08FD84070E03B27803B23A606D" />
BR,
Mikko
I understand that more than…
I understand that more than a misunderstanding, it is that you are very busy and do not have enough time to pay enough attention to so many queries in the forum. Which I understand perfectly since it is a help that you provide unselfishly.
This post started about GXDLMSDirector. Then ANSI C and then again GXDLMSDirector.
C# is only a collateral topic because it is a part of GXDLMSDirector and in my last messages, you can notice that I only provide solutions and not questions. And what I was trying to do was to warn you about a possible bug in GXDLMSDirector.
The last release of GXDLMSDirector is still without increasing the invocation counter for the CtoS challenge with an Action request as we talked about for the ANSI C library (and you recommended to me how to do it) and as my meter needs. Theoretically, the meter is IDIS3 compliant. So it seems that it is needed for IDIS3 meters, but to be honest I didn't deep into the DLMS/IDIS specs to check it.
Anyway, as I said. I have built a custom version of GXDLMSDirector that do it. And I have added the same for the ANSI C library. Partly thanks to your help.
So, thanks again for your selfless help.
BR,
Manuel
Hi Manuel, I'll explain this…
Hi Manuel,
I'll explain this once again because I'm afraid that this will cause questions in the future.
Some meters expect that the invocation counter is increased two times when GMAC authentication is used with ciphered messages. This is not defined in the DLMS standard and most of the meters don't care about this at the moment.
When the client establishes the connection for the meter it sends AARQ like this. The invocation counter is now 101.
<glo_InitiateRequest Value="3000000065//IC 101
B0E675211E47314516511CC134CC98CA2038DAB33C34A6931576" />
</AssociationRequest>
When the client sends the challenge it will first generate a challenge and increases IC to 102. I have marked it below. When the generated challenge is encrypted the IC is increased to 103.
<ActionRequest>
<ActionRequestNormal>
# Priority: High, ServiceClass: Confirmed, Invoke ID: 1
<InvokeIdAndPriority Value="C1" />
<MethodDescriptor>
# AssociationLogicalName
<ClassId Value="000F" />
# 0.0.40.0.0.255
<InstanceId Value="0000280000FF" />
# Reply to HLS authentication
<MethodId Value="01" />
</MethodDescriptor>
<MethodInvocationParameters>
<OctetString Value="1000000066 //IC: 102
45AF50B68F7A699C675AC8F8" />
</MethodInvocationParameters>
</ActionRequestNormal>
</ActionRequest>
-->
<glo_ActionRequest Value="3000000067 //IC: 103
In my mind, this is what your meter expects.
I just read the meter with GXDLMSDirector and those messages are from it.
You don't need to reply to this. The purpose is only to clarify this problem.
BR,
Mikko