SHA256 does not count correctly in ANSI C

By labasvakaras , 1 February, 2024
Forums
Gurux.DLMS

Hello,

did some more investigation:

HEX bytes that needs to be converted to SHA256: 47 75 72 75 78 41 42 43 44 45 46 47 48 38 06 6D 79 07 09 1D 49 26 60 59 79 68 3E 0D 5F 70 38 9C CE 67 B3 59 AC 56 AB 55 2A 15 8A 45 22

gxsha256_encrypt returns: E5 36 DE FB B3 1B 6D 14 9D 80 F0 23 E8 C0 50 BA 85 83 77 A7 AF EF D0 7F 00 12 01 75 30 B4 A4 B8

If i use the same hex bytes with other calculators I get:

c93338aa6d325e19efd1d5a7e067dd252c8fb193ecc2091103596b0b5fc71876

Also, Java server returns:

INFO: Invalid CtoS:C93338AA6D325E19EFD1D5A7E067DD252C8FB193ECC2091103596B0B5FC71876-E536DEFBB31B6D149D80F023E8C050BA858377A7AFEFD07F0012017530B4A4B8
Client Disconnected.

This confirms, that SHA256 is not calculated correctly in Ansi C DLMS library.

labasvakaras

2 years 4 months ago

Also, i can reproduce this on C++:

./bin/gurux.dlms.client.bin -h localhost -p 4061 -P Gurux -c 22 -a HighSha256 -t Verbose
InitializeConnection
TX: 11:46:26 7E A0 07 03 2D 93 AF A8 7E
RX: 11:46:26 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E
TX: 11:46:26 7E A0 4C 03 2D 10 9E C8 E6 E6 00 60 3E A1 09 06 07 60 85 74 05 08 01 01 8A 02 07 80 8B 07 60 85 74 05 08 02 06 AC 12 80 10 67 C6 69 73 51 FF 4A EC 29 CD BA AB F2 FB E3 46 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 00 1E 5D FF FF BA 72 7E
RX: 11:46:26 7E A0 70 2D 03 30 59 98 E6 E7 00 61 62 A1 09 06 07 60 85 74 05 08 01 01 A6 0A 04 08 41 42 43 44 45 46 47 48 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 41 42 43 44 45 46 47 48 88 02 07 80 89 07 60 85 74 05 08 02 06 AA 12 80 10 51 10 3F 56 51 10 79 75 44 2E 49 54 69 2D 74 1A BE 10 04 0E 08 00 06 5F 1F 04 00 00 1E 5D 04 00 00 07 29 78 7E
TX: 11:46:26 7E A0 3B 03 2D 32 EA C7 E6 E6 00 C3 01 81 00 0F 00 00 28 00 00 FF 01 01 09 20 B2 AB 08 08 BF AB 37 16 08 82 52 79 EF 11 51 FE B5 6B 37 54 14 33 AB FA 88 E3 54 4F 19 8E A8 0E 80 D3 7E
RX: 11:46:26 7E A0 11 2D 03 52 12 5D E6 E7 00 C7 01 81 03 00 E2 98 7E
Authentication failed (3) Access Error : Device reports Read-Write denied.
TX: 11:46:26 7E A0 07 03 2D 53 A3 6E 7E
RX: 11:46:26 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E

labasvakaras

2 years 4 months ago

Also, SHA1 not working correctly. Looked into it and got it working by doing this:

(bb_attach sets capacity 0x80000... and then getUint returns OUT OF MEMORY)

Index: libdlms-fa855d2e/development/src/client.c
===================================================================
--- libdlms-fa855d2e.orig/development/src/client.c
+++ libdlms-fa855d2e/development/src/client.c
@@ -410,7 +410,7 @@ int cl_getApplicationAssociationRequest(
message* messages)
{
int ret;
- gxByteBuffer challenge;
+ gxByteBuffer challenge = { 0 };
gxByteBuffer* pw;
dlmsVARIANT data;
#ifndef DLMS_IGNORE_HIGH_GMAC
@@ -423,7 +423,6 @@ int cl_getApplicationAssociationRequest(
#else
static unsigned char APPLICATION_ASSOCIATION_REQUEST[32];
#endif //DLMS_IGNORE_HIGH_GMAC
- bb_attach(&challenge, APPLICATION_ASSOCIATION_REQUEST, 0, sizeof(APPLICATION_ASSOCIATION_REQUEST));
if (settings->authentication != DLMS_AUTHENTICATION_HIGH_ECDSA &&
#ifndef DLMS_IGNORE_HIGH_GMAC
settings->authentication != DLMS_AUTHENTICATION_HIGH_GMAC &&
@@ -482,7 +481,6 @@ int cl_getApplicationAssociationRequest(
}
}
#ifndef DLMS_IGNORE_MALLOC
- var_clear(&data);
bb_clear(&challenge);
#endif //DLMS_IGNORE_MALLOC
}

labasvakaras

2 years 4 months ago

hello, wanted to ask for a feedback, maybe there is some success finding bug here?

labasvakaras

2 years 3 months ago

Hello, wanted to ask for a feedback.

Also i've tested gurux dlms C server and GMAC security not working! (it works fine with Java server)

Kurumi

2 years 3 months ago

Hi,

Are you using the same block cipher and authentication keys? I just checked GMAC and it works without problems. What compiler you are using?

BR,
Mikko

labasvakaras

2 years 3 months ago

Launched gurux dlms server:

./bin/gurux.dlms.server.bin
TCP/IP server started in port: 4061
----------------------------------------------------------
Authentication levels:
None: Client address 16 (0x10)
Low: Client address 17 (0x11)
High: Client address 18 (0x12)
HighGMac: Client address 1 (1)

gurux dlms client:

./bin/gurux.dlms.client.bin -c 1 -p 4061 -h localhost -a HighGmac -D 00112233445566778899AABBCCDDEEFF -T 4775727578313233 -B 000102030405060708090A0B0C0D0E0F
Connecting to localhost:4061
InitializeConnection
AARQRequest failed DecipheringError
DecipheringError

Kurumi

2 years 3 months ago

Hi,

CMAC example uses a secured connection. You need to add arguments.

-C AuthenticationEncryption -v 0.0.43.1.0.255

BR,
Mikko

labasvakaras

2 years 3 months ago

This worked perfectly, but wanted to ask: why i can connect to java server without these options?

Kurumi

2 years 3 months ago

Hi,

Because the Java example doesn't use the encrypted connection with GMAC. There are multiple parameters and if one is different than the meter expects the connection fails. The amount of error codes in DLMS is very limited and it's always hard to say what is the reason.

BR,
Mikko

labasvakaras

2 years 2 months ago

Hello, added crypto.h and calculated correct hash, but there are other problems which do not let me authenticate connection.

Maybe there are any news about sha256 fix?

labasvakaras

2 years ago

Using C client with Java server:

[Debug ] TX: 7E A0 07 03 2D 93 AF A8 7E
[Debug ] RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E

[Debug ] TX: 7E A0 4C 03 2D 10 9E C8 E6 E6 00 60 3E A1 09 06 07 60 85 74 05 08 01 01 8A 02 07 80 8B 07 60 85 74 05 08 02 06 AC 12 80 10 91 C8 E4 72 39 1C 8E 47 A3 D1 E8 74 BA DD 6E 37 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 40 1E 1D FF FF 41 93 7E
[Debug ] RX: 7E A0 70 2D 03 30 59 98 E6 E7 00 61 62 A1 09 06 07 60 85 74 05 08 01 01 A6 0A 04 08 41 42 43 44 45 46 47 48 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 41 42 43 44 45 46 47 48 88 02 07 80 89 07 60 85 74 05 08 02 06 AA 12 80 10 43 07 56 19 58 4C 69 0A 59 09 77 47 3A 61 5B 33 BE 10 04 0E 08 00 06 5F 1F 04 00 40 1E 1D 04 00 00 07 C4 AA 7E

I am getting error from cl_getApplicationAssociationRequest: Invalid parameter.

labasvakaras

2 years ago

Sorry, yes, that was the problem. But i still have a question: no matter what i try to read, i am getting read-write denied. Is this intended with Java server?

[Debug ] TX: 7E A0 07 03 2D 93 AF A8 7E
[Debug ] RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E
[Debug ] TX: 7E A0 4C 03 2D 10 9E C8 E6 E6 00 60 3E A1 09 06 07 60 85 74 05 08 01 01 8A 02 07 80 8B 07 60 85 74 05 08 02 06 AC 12 80 10 91 C8 E4 72 39 1C 8E 47 A3 D1 E8 74 BA DD 6E 37 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 40 1E 1D FF FF 41 93 7E
[Debug ] RX: 7E A0 70 2D 03 30 59 98 E6 E7 00 61 62 A1 09 06 07 60 85 74 05 08 01 01 A6 0A 04 08 41 42 43 44 45 46 47 48 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 41 42 43 44 45 46 47 48 88 02 07 80 89 07 60 85 74 05 08 02 06 AA 12 80 10 5F 4D 17 27 5A 0A 23 06 69 22 25 50 25 41 42 1B BE 10 04 0E 08 00 06 5F 1F 04 00 40 1E 1D 04 00 00 07 DF 81 7E
[Debug ] TX: 7E A0 3B 03 2D 32 EA C7 E6 E6 00 C3 01 C1 00 0F 00 00 28 00 00 FF 01 01 09 20 2F A5 A8 B1 AB DC 6C 3F 0F 9B A9 8C A8 56 E6 F2 CF A4 93 FA 80 2E B8 2D F9 A1 1D 73 AE 41 DF 13 47 E5 7E
[Debug ] RX: 7E A0 11 2D 03 52 12 5D E6 E7 00 C7 01 C1 03 00 94 9E 7E

labasvakaras

2 years ago

Looked into Java server logs and i am getting:

CtoS:947DAA9F966A2CA4F71B53BA30E2711C0B4513C0F6E57CCD6C8FA513CD4DBC9F-E2AC2AC6344947E3B3580FFCDF4601F7BBDE6649EB62750834CAAB7AA384FB50

Kurumi

2 years ago

Hi,

Your client address is 16 and it Java server uses 22.
Your client and server must use the same password. In default it's Gurux.

BR,
Mikko

labasvakaras

2 years ago

I am using correct password (Gurux) and I am using 22 client address. You can see that in provided logs (first TX).

Kurumi

2 years ago

Hi,

From the latest log you added, I can see that you tried connecting with client address 16 and not 22. I can't see what password you used.

You can try this with ANSI C client example with arguments:

-h localhost -p 4061 -c 22 -a HighSHA256 -P Gurux -T 4775727578313233 -t Verbose

BR,
Mikko

labasvakaras

2 years ago

I am getting the same error with latest C server. Do i need to use new java server?

./bin/gurux.dlms.client.bin -h localhost -p 4061 -c 22 -a HighSHA256 -P Gurux -T 4775727578313233 -t Verbose
Connecting to localhost:4061
InitializeConnection

TX: 7E A0 07 03 2D 93 AF A8 7E

RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E

TX: 7E A0 4C 03 2D 10 9E C8 E6 E6 00 60 3E A1 09 06 07 60 85 74 05 08 01 01 8A 02 07 80 8B 07 60 85 74 05 08 02 06 AC 12 80 10 70 38 9C CE 67 B3 59 AC 56 AB 55 2A 15 8A 45 22 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 40 1E 1D FF FF 31 4A 7E

RX: 7E A0 70 2D 03 30 59 98 E6 E7 00 61 62 A1 09 06 07 60 85 74 05 08 01 01 A6 0A 04 08 41 42 43 44 45 46 47 48 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 41 42 43 44 45 46 47 48 88 02 07 80 89 07 60 85 74 05 08 02 06 AA 12 80 10 5C 26 6E 39 25 45 6C 05 2A 51 51 56 54 64 55 2B BE 10 04 0E 08 00 06 5F 1F 04 00 40 1E 1D 04 00 00 07 D3 39 7E

TX: 7E A0 3B 03 2D 32 EA C7 E6 E6 00 C3 01 C1 00 0F 00 00 28 00 00 FF 01 01 09 20 02 36 27 32 75 27 9E 4C DF 9D C3 AA 75 BF E5 00 B4 32 6A 13 FD 7E EB 3C 5E 43 BB C0 BD 4D 08 00 C3 8A 7E

RX: 7E A0 11 2D 03 52 12 5D E6 E7 00 C7 01 C1 03 00 94 9E 7E

TX: 7E A0 07 03 2D 53 A3 6E 7E

RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E
Access Error : Device reports Read-Write denied.

Kurumi

2 years ago

Hi,

Get the latest version from ANSI C. You can now connect to Java server.

High SHA256 is not implemented for the ANSI C server example. You can modify it for your needs and add SHA256 support.

BR,
Mikko

labasvakaras

2 years ago

I know, that ansi C server does not have sha256. I am using Java server and ANSI C client.

Sorry, but i am still unable to read data from Java server. Also, ANSI C server does not compile. Fixed it with changing:

from:

unsigned char svr_isTarget(
dlmsSettings* settings,
unsigned long serverAddress,
unsigned long clientAddress)
{

to:

unsigned char svr_isTarget(
dlmsSettings* settings,
uint32_t serverAddress,
uint32_t clientAddress)
{

Ansi C client:

./bin/gurux.dlms.client.bin -h localhost -p 4061 -c 22 -a HighSHA256 -P Gurux -T 4775727578313233 -t Verbose
Connecting to localhost:4061
InitializeConnection

TX: 7E A0 07 03 2D 93 AF A8 7E

RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E

TX: 7E A0 4C 03 2D 10 9E C8 E6 E6 00 60 3E A1 09 06 07 60 85 74 05 08 01 01 8A 02 07 80 8B 07 60 85 74 05 08 02 06 AC 12 80 10 70 38 9C CE 67 B3 59 AC 56 AB 55 2A 15 8A 45 22 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 40 1E 1D FF FF 31 4A 7E

RX: 7E A0 70 2D 03 30 59 98 E6 E7 00 61 62 A1 09 06 07 60 85 74 05 08 01 01 A6 0A 04 08 41 42 43 44 45 46 47 48 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 41 42 43 44 45 46 47 48 88 02 07 80 89 07 60 85 74 05 08 02 06 AA 12 80 10 4D 38 00 65 36 71 77 13 24 76 10 37 60 46 3C 17 BE 10 04 0E 08 00 06 5F 1F 04 00 40 1E 1D 04 00 00 07 C0 87 7E

TX: 7E A0 3B 03 2D 32 EA C7 E6 E6 00 C3 01 C1 00 0F 00 00 28 00 00 FF 01 01 09 20 3C C8 7D EE 79 42 1D FB 11 C5 7E 90 92 56 C9 EB 5C FC 81 64 DF 89 63 55 2E D6 0A 1B A1 72 4C 4B A3 D5 7E

RX: 7E A0 11 2D 03 52 12 5D E6 E7 00 C7 01 C1 03 00 94 9E 7E

TX: 7E A0 07 03 2D 53 A3 6E 7E

RX: 7E A0 1E 2D 03 73 60 DF 81 80 12 05 01 80 06 01 80 07 04 00 00 00 01 08 04 00 00 00 01 53 3B 7E
Access Error : Device reports Read-Write denied.

Java Server:

java -jar ./target/gurux.dlms.server.example.java-0.0.1-SNAPSHOT.jar
System Title: 41 42 43 44 45 46 47 48
Authentication key: D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Block cipher key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Client System title:
Master key (KEK) title:
Short Name DLMS Server in port 4060
Example connection settings:
Gurux.DLMS.Client.Example.Net -r sn -h localhost -p 4060
----------------------------------------------------------
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<GfG1
System Title: 41 42 43 44 45 46 47 48
Authentication key: D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Block cipher key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Client System title:
Master key (KEK) title:
Logical Name DLMS Server in port 4061
Example connection settings:
Gurux.DLMS.Client.Example.Net -h=localhost -p 4061
----------------------------------------------------------
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<GfG1
System Title: 41 42 43 44 45 46 47 48
Authentication key: D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Block cipher key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Client System title:
Master key (KEK) title:
Short Name DLMS Server with IEC 62056-47 in port 4062
Example connection settings:
Gurux.DLMS.Client.Example.Net -r sn -h localhost -w -p 4062
----------------------------------------------------------
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<GfG1
System Title: 41 42 43 44 45 46 47 48
Authentication key: D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF
Block cipher key: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Client System title:
Master key (KEK) title:
Logical Name DLMS Server with IEC 62056-47 in port 4063
Example connection settings:
Gurux.DLMS.Client.Example.Net -h localhost -w -p 4063
Press Enter to close.
Client Connected.
Jun 07, 2024 3:01:48 PM gurux.dlms.objects.GXDLMSAssociationLogicalName replyToHlsAuthentication
INFO: Invalid CtoS:DA29DB55A200450614F071E060FBCF1543619F1A508DEEA3BE341FF31AB46243-3CC87DEE79421DFB11C57E909256C9EB5CFC8164DF8963552ED60A1BA1724C4B
Client Disconnected.

Kurumi

2 years ago

Hi,

Can you run gcc --version and add output here?

Did you build the library in the development folder and then rebuild the client?

BR,
Mikko

labasvakaras

2 years ago

gcc --version
gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
Copyright (C) 2019 Free Software Foundation, Inc.

Yes, i build the development first and rebuild client.