HLS: GMAC & Authentication (Tcp/IP)

By marco_semax , 12 April, 2016

Forums

Hey Guys,

Im trying to communicate with a Elster IP Module. It has IDIS Pack 2 standart and GMAC Authentification.

I dont understand which way i have to go (SecureClient/Client). My Module has:
Management client (0x01), HLS, security policy 0

See attached screenshot for working config in other software tool.

1.) I tried with a Secure Client:

GXDLMSSecureClient dlms = new GXDLMSSecureClient();
dlms.UseLogicalNameReferencing = true;
dlms.InterfaceType = InterfaceType.WRAPPER;

dlms.ClientAddress = 0x01;
dlms.ServerAddress = 0x01;

dlms.Authentication = Authentication.HighGMAC;
dlms.Password = ASCIIEncoding.ASCII.GetBytes("elster");

dlms.Ciphering.Security = Security.Authentication;
dlms.Ciphering.SystemTitle = GXCommon.HexToBytes("454c530000000000", false);
//SystemTitle should be "ELS-00000000")

dlms.Ciphering.AuthenticationKey = GXCommon.HexToBytes(authenticationkey, false);
dlms.Ciphering.BlockCipherKey = GXCommon.HexToBytes(cipherkey, false);

What is the BlockCipherKey? I need a Authentication and a Global encryption key.
Nothing really works. I can not connect

2.) I tried a Client with Authentication:

GXDLMSClient client = new GXDLMSClient();
client.UseLogicalNameReferencing = true;
client.InterfaceType = InterfaceType.WRAPPER;
client.ServerAddress = 0x01;
client.ClientAddress = 0x01;
client.Authentication = Authentication.HighGMAC;

Where do I put the Authentication key?

With this try it passes through AARE and AARQ (See attached command promt).

Image

command promt second try

I pass through AARQ AARE and after that:
"get available object"
XXXX
XXXX
XXXX
"Disconnect from meter"
XXX
XXX
XXX

Hi,

I'm not quite sure did you succeeded? But if one setting is wrong you can't connect.

You should use GXDLMSSecureClient.

There is one thing that you should change.

dlms.Ciphering.SystemTitle = ASCIIEncoding.ASCII.GetBytes("ELS-00000000");
BlockCipherKey is Global encryption key.
BlockCipherKey and AuthenticationKey seems to be defaut values.

BR,

Mikko

Error

I get this Error: (ocr from screenshot)

Initializing Network connection. Send AARQ request <—

— 16:51:23 00 01 00 12 00 01 00 55 60 53 A1 09 06 07 60 85 74 05 08 01 04 A • OR 04 08 45 4C 53 2D 30 30 30 30 8A 02 07 80 8B 07 60 85 74 OS 08 02 02 AC 08 :0 06 65 6C 73 74 65 72 BE 23 04 21 21 1F 10 00 00 00 00 01 00 00 00 06 SF 1F 04 00 1C 03 20 FF FF 36 74 81 OS D1 7C 93 CB OD 32 F2 4E — 16:51:28 00 01 00 12 00 01 00 55 60 53 A1 09 06 07 60 BS 74 O5 08 01 04 A6 OR 04 08 45 4C 53 2D 30 30 30 30 8A 02 07 80 8B 07 60 85 ?4 05 08 02 02 AC 08 :0 06 65 6C 73 74 65 72 BE 23 04 21 21 1F 10 00 00 00 00 01 00 00 00 06 SF 1F 04 00 1C 03 20 FF FF 36 74 81 05 D1 7C 93 CB OD 32 F2 4E — 16:51:33 00 01 00 12 00 01 00 55 60 53 Al 09 06 07 60 85 74 05 08 01 04 A • OR 04 08 45 4C 53 2D 30 30 30 30 8A 02 07 80 8B 07 60 85 74 05 08 02 02 AC 08 :0 06 65 6C 73 74 65 72 BE 23 04 21 21 1F 10 00 00 00 00 01 00 00 00 06 SF 1F 04 00 1C 03 20 FF FF 36 74 81 05 D1 7C 93 CB OD 32 F2 4E

That is all I get :(

Initializing Network connection. Send AARQ request

Hi,
There are some unknown bytes. Can you get first message from your other software.
We can solve settings from there.

BR,

Mikko

Log

This is the first part of the Log. If I put to much in here, I will get blocked (Spam) :(

14.04.2016 08:14:00 : I : Associate Application Request
14.04.2016 08:14:00 : I : Context id: 1 Initiate request: unciphered
14.04.2016 08:14:00 : D : AARQapdu
14.04.2016 08:14:00 : D : application-context-name
14.04.2016 08:14:00 : D : object identifier: { 2 16 756 5 8 1 1 }
14.04.2016 08:14:00 : D : calling-AP-title
14.04.2016 08:14:00 : D : 45 4C 53 11 11 11 11 11 'ELS.....'
14.04.2016 08:14:00 : D : sender-acse-requirements
14.04.2016 08:14:00 : D : object identifier: { 2 16 756 5 8 2 5 }
14.04.2016 08:14:00 : D : calling-authentication-value
14.04.2016 08:14:00 : D : 92 DD 5C D6 F7 3A CE B7 '..\..:..'
14.04.2016 08:14:00 : D : user-information
14.04.2016 08:14:00 : D : 01 00 00 00 06 5F 1F 04 00 40 3E DD 04 2E '....._...@>...'
14.04.2016 08:14:00 : D : initiateRequest
14.04.2016 08:14:00 : D : response-allowed: True
14.04.2016 08:14:00 : D : proposed-dlms-version-number: 6
14.04.2016 08:14:00 : D : proposed-conformance
14.04.2016 08:14:00 : D : bit string:
14.04.2016 08:14:00 : D : unused bits: 0
14.04.2016 08:14:00 : D : client-max-receive-pdu-size: 1070
14.04.2016 08:14:00 : D : Request: 6042a109060760857405080101a60a0408454c5311111111118a0207808b0760857405080205ac0a800892dd5cd6f73aceb7be10040e01000000065f1f0400403edd042e
14.04.2016 08:14:00 : D : Response: 614da109060760857405080101a203020100a305a10302010ea40a0408454c5367713390fcaa1680140000000000000000000000000000000000000000be10040e0800065f1f0400403add04c80007

HLS: GMAC & Authentication (Tcp/IP)

Hi,

You are missing this from your app.
//If authentication is required.
if (client.IsAuthenticationRequired)
{
foreach (byte[] it in client.GetApplicationAssociationRequest())
{
reply.Clear();
ReadDLMSPacket(it, reply);
}
client.ParseApplicationAssociationResponse(reply.Data);
}

BR,

Mikko

Requests, Reply

In GXCommunicatation.cs is the block "if(client.IsAuthenticationRequired)" included right after the AARQRequest.

But i never get trough the ReadDLMSPacket(it,reply);........................(Line 351: GXCommunicatation.cs)

I go into "Line 513" and it trys to send the AARQ three times but gets no reply from the module.

HLS: GMAC & Authentication (Tcp/IP)

Hi,

Your example uses settings:

target.Ciphering.SystemTitle = new byte[]{0x45, 0x4C, 0x53, 0x11, 0x11, 0x11, 0x11, 0x11};
target.Authentication = Authentication.HighGMAC;
target.CtoSChallenge = Helpers.HexToBytes("92DD5CD6F73ACEB7");
target.Password = ASCIIEncoding.ASCII.GetBytes("elster");

BR,

Mikko

Nothing really changed. I

Nothing really changed. I tried your settings.

LOG:
0x00;0x01;0x00;0x12;0x00;0x01;0x00;0x55;0x60;0x53;0xa1;0x09;0x06;0x07;0x60;0x85;0x74;0x05;0x08;0x01;0x04;0xa6;0x0a;0x04;0x08;0x45;0x4c;0x53;0x11;0x11;0x11;0x11;0x11;0x8a;0x02;0x07;0x80;0x8b;0x07;0x60;0x85;0x74;0x05;0x08;0x02;0x02;0xac;0x08;0x80;0x06;0x65;0x6c;0x73;0x74;0x65;0x72;0xbe;0x23;0x04;0x21;0x21;0x1f;0x10;0x00;0x00;0x00;0x00;0x01;0x00;0x00;0x00;0x06
.....

Off Topic: Every time I post a bit longer log, i get blocked, then I have to wait 2-6h for an email to reactivate my account :(

Pretty close

I think I am pretty close. But I dont understand the answer after the "disconnect from the meter":

http://imgur.com/l1lVXql

The parsed reply is wrong:
{61 1F A1 09 06 07 60 85 74 05 08 01 04 A2 03 02 01 01 A3 05 A1 03 02 01 01 BE 06 04 04 0E 01 06 00}

Blocking

Hi,

We received a lot of spam during last weeks and was forced to tight blocking for a while.
Now everything is back on normal and you are not blocked right a way.

Data package compare with Wireshark

I analysed both (working softwareTool<->gurux Client):

softwareTool:
00:01:00:01:00:01:00:44:60:42:a1:09:06:07:60:85:74:05:08:01:01:a6:0a:04:08:45:4c:53:11:11:11:11:11:8a:02:07:80:8b:07:60:85:74:05:08:02:05:ac:0a:80:08:1f:67:4d:c7:94:db:7c:79:be:10:04:0e:01:00:00:00:06:5f:1f:04:00:40:3e:dd:04:2e

Gurux:
00:01:00:01:00:01:00:57:60:55:a1:09:06:07:60:85:74:05:08:01:04:a6:0a:04:08:45:4c:53:11:11:11:11:11:8a:02:07:80:8b:07:60:85:74:05:08:02:05:ac:0a:80:08:92:dd:5c:d6:f7:3a:ce:b7:be:23:04:21:21:1f:10:00:00:00:00:01:00:00:00:06:5f:1f:04:00:1c:03:20:ff:ff:c8:c0:e0:7b:24:65:bd:99:25:b3:a6:68

Im trying to figure out what the Problem is :)

HLS: GMAC Authentication

Hi,

There was an issue. We did not send system title when non secured (ciphered) connection was used.
We fixed this. Get new version from GitHub. We will make new version from GXDLMSDirector where we have updated Gurux.DLMS component to fix this.

BR,

Mikko

AARQRequest must be wrong

I tried many many things. I dont know how you generate this AARQ but it is very different from my working AARQ request.

http://imgur.com/BZ585ml

What means the 0x57 (Gurux.Client/pink)?

HLS: GMAC Authentication

Hi,

Your connection is ciphered. Set
target.Ciphering.Security = Security.None;

Make also sure that you have updated your Project to use new version from Gurux.DLMS (8.1.0.8).

BR,

Mikko

Almost same result

The Request looks almost identical:

before:
00:01:00:01:00:01:00:57:60:55:a1:09:06:07:60:85:74:05:08:01:04:a6:0a:04:08:45:4c:53:11:11:11:11:11:8a:02:07:80:8b:07:60:85:74:05:08:02:05:ac:0a:80:08:92:dd:5c:d6:f7:3a:ce:b7:be:23:04:21:21:1f:10:00:00:00:00:01:00:00:00:06:5f:1f:04:00:1c:03:20:ff:ff:c8:c0:e0:7b:24:65:bd:99:25:b3:a6:68

after cypher.None:
00:01:00:01:00:91:00:44:60:42:a1:09:06:07:60:85:74:05:08:01:02:a6:0a:04:08:45:4c:53:11:11:11:11:11:8a:02:07:80:8b:07:60:85:74:05:08:02:05:ac:0a:80:08:dc:7d:54:49:cc:fb:ed:71:be:10:04:0e:01:00:00:00:06:5f:1f:04:00:1c:03:20:ff:ff

Settings: (If you edit the manufacturere in the Director I changes your manufacturer in Client too)
http://imgur.com/NYDTcuj
http://imgur.com/rsQ03mg

I tried also to change the security in the small window to None.

Almost same result

Hi,

If I compare data that you send before, generated by softwareTool and your last post. Following values are different:
You must set UseLogicalNameReferencing = true.

- Client To Server challenge.
This is generated for each connection, so it is OK that it's different.

- Conformance blocks.
You can set Action, GeneralProtection, GeneralBlockTransfer to true for GXDLMSLNSettings.
- Max PDU size.
You can set MaxPDUSize to 042E.

BR,

Mikko

Still not working

I change the settings and was trying different things (e.g. manipulating AAARQ Frame)

The MaxPDUSize will always be reset to FFFF. If I manipulate FF to 042E its still not working.
If I manipulate 91 to 01 I get a Error (address must be 145 (0x91)

00:01:00:01:00:91:00:6b:60:69:a1:09:06:07:60:85:74:05:08:01:01:a6:0a:04:08:45:4c:53:11:11:11:11:11:8a:02:07:80:8b:07:60:85:74:05:08:02:05:ac:31:80:2f:3c:53:76:4f:71:3b:60:5f:40:29:3c:2e:4c:51:4a:71:72:5a:24:66:2d:77:78:6a:27:74:76:33:30:4a:43:22:3f:31:79:5c:3f:2e:76:4d:6b:5c:3e:52:3c:62:57:be:10:04:0e:01:00:00:00:06:5f:1f:04:00:60:7e:1f:ff:ff

It is still not working. Why are there so many bytes more in the midle part? Why do I get this Error (address 145)

HLS: GMAC Authentication

Hi,

That is Client To Server challenge. It is random generated value 8 to 64 bytes.
You can try to set this to use static challenge.
client.CtoSChallenge = new byte[]{0x1F, 0x67, 0x4D, 0xC7, 0x94, 0xDB, 0x7C, 0x79};
This value is same what you are using in your working example.

If you want to use same Conformace bits as working example set this:
target.LNSettings.Action = target.LNSettings.SelectiveAccess = target.LNSettings.Set = target.LNSettings.Get = target.LNSettings.Access = target.LNSettings.DataNotification = target.LNSettings.MultipleReferences = target.LNSettings.ActionBlockTransfer = target.LNSettings.SetBlockTransfer = target.LNSettings.GetBlockTransfer = target.LNSettings.Attribute0GetReferencing = target.LNSettings.GeneralProtection = true;

MaxPDUSize is something that client propose and server tells the size. This is not the issue.

BR,

Mikko

Server port is wrong. Error

Thank you very much!

I got feedback from the module developer: "The Customer Software AARQ frame starts with invalid TCP/IP wrapper-destination-port: 145 (0x91). This logical device (“server address”) doesn’t exists in the module. You will need to change this setting to 1 (0x01). "

But if I try to manipulate/edit the port, I get an Error:

http://imgur.com/D4vCKY1

Why do I get this Error? Where do I find it?

HLS: GMAC Authentication

Hi,

Change ServerAddress to 1.
cl.ServerAddress = 1;

BR,

Mikko

Error: No Long Get or Read in Progress

I had to change:

client.ServiceClass = ServiceClass.Confirmed;

And masking the serveradress to 0x01, if I just set the address like client.ServerAddress = 0x01 it will be reset to 0x91.

Now I have access to the module :) But i get this Error:

http://imgur.com/8m59dBz

Its a bit difficult to find the exact line where the error occurs. Whats the meaning of this error? What is the big data block on the picture?

Thanks

HLS: GMAC Authentication

Hi,

Can you send your trace to me By email? We will check this.
BR,

Mikko

HLS: GMAC Authentication

Hi,

Have you made changes for the source code?
I checked this and this is not happening on our meters.

BR,

Mikko

For other users in Forum

Thank you! It is working now.

client.LNSettings.SelectiveAccess = client.LNSettings.Set = client.LNSettings.Get = client.LNSettings.SetBlockTransfer = client.LNSettings.GetBlockTransfer = true;

and

client.LNSettings.GeneralBlockTransfer = false;

solved the problem.

Further Info:
"The transfer stopped because of the stack doesn’t correctly ask for the next block as the general-block-transfer mode is enabled and the object list pdu is longer than the Max Receive PDU Size negotiated by the module and the stack. The stack should issue the next block by GBT pdu (General Block Transfer), currently the next block is requested by get-request-next service, which seems to mix two modes of block transfer defined in dlms/COSEM. The green book clearly specifies that: if one party sends a request or a response using GBT, the other party shall follow. The parties continue then using GBT until the end, i.e. until the complete response will have been received. This seems not to be the case in the trace you have sent me.

For your implementation I would expect that you don’t need general-block-transfer mechanism, when you disable the general-block-transfer bit in the conformance block field of the AARQ, you should receive the object list correctly."

General Block Transfer

Hi Marco,

Thanks from this info. We will implement this and I just added General Block Transfer to issues.
http://www.gurux.fi/node/5090

Thanks from all your help and have a nice weekend.

BR,

Mikko

AARQ request framing

I am new to DLMS. I am trying to read COSEM-TCP based meter. I want to know how to send AARQ frame to the meter. Please help me in preparing AARQ frame.