AARQ failed in suite 1

18 posts / 0 new
Last post
aoudumbarpawar
AARQ failed in suite 1

Hii,

My meter is in suite 1 and i want to communicate with the meter in suite 1 mode.

I have successfully shared the certificates of each other (Gurux client and meter) using certificate attributes and methods in suite 0.

Now i have changed the settings from "Secured Connections" tab which snap is attached here with this post.

When i click on connect button i found that Gurux send AARQ frame request in which No signing tag and no signature is there in the frame:

Log :

13:12:56 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 C1 93 05 72 81 80 14 05 02 02 00 06 02 02 00 07 04 00 00 00 01 08 04 00 00 00 01 6F EF 7E
13:13:06 Failed to receive reply from the device in given time.
13:13:06 Send Disconnect request.
TX: 7E A0 0A 00 02 BA 69 C1 53 B3 96 7E
13:13:16 Failed to receive reply from the device in given time.

AARQ plain data : 01 00 00 00 06 5F 1F 04 00 00 1E 1D FF FF

Can please suggest where i am doing mistack in settings?

Best Regards,
Aoudumbar Pawar

Kurumi
Kurumi's picture

Hi,

The meter is not answering for SNRM message. Check your server and client addresses.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,
Sorry!!! wrong log was mentioned

Please find the below log:

14:52:24 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 61 93 FA DD 81 80 14 05 02 01 F5 06 02 01 F2 07 04 00 00 00 01 08 04 00 00 00 01 2C 01 7E
14:52:24
RX: 7E A0 23 61 00 02 BA 69 73 09 85 81 80 14 05 02 02 00 06 02 02 00 07 04 00 00 00 01 08 04 00 00 00 01 6F EF 7E
14:52:24 Send AARQ request.
TX: 7E A0 6E 00 02 BA 69 61 10 20 82 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 31 32 33 34 35 36 37 38 8A 02 07 80 8B 07 60 85 74 05 08 02 02 AC 12 80 10 45 64 41 16 14 21 49 76 27 22 27 77 23 5F 0D 6A BE 23 04 21 21 1F 31 00 00 00 00 77 D6 3D C5 1C ED 11 35 27 29 A1 4C 2B 00 A1 00 5B 26 AC 59 BD B4 9C 85 1D 5D 46 C4 7E
14:52:34 Failed to receive reply from the device in given time.

Kurumi
Kurumi's picture

Hi,

Connect to the device and read Security setup. Check that Suite is Ecdsa256 and not GMac or Ecdsa384.
http://gurux.fi/PublicKeyCryptography

Change suite to Ecdsa256 if it's GMAC.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,
I have set the suite to ecdsa256, but problem remains same.

Please find the attached snaps

Log:
15:54:39 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 61 93 FA DD 81 80 14 05 02 01 F5 06 02 01 F2 07 04 00 00 00 01 08 04 00 00 00 01 2C 01 7E
15:54:39
RX: 7E A0 23 61 00 02 BA 69 73 09 85 81 80 14 05 02 02 00 06 02 02 00 07 04 00 00 00 01 08 04 00 00 00 01 6F EF 7E
15:54:39 Send AARQ request.
TX: 7E A0 6E 00 02 BA 69 61 10 20 82 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 31 32 33 34 35 36 37 38 8A 02 07 80 8B 07 60 85 74 05 08 02 02 AC 12 80 10 26 37 2A 12 31 51 1F 5D 04 07 53 4D 25 29 59 5E BE 23 04 21 21 1F 31 00 00 00 00 8E 91 A5 76 70 B8 F3 EF 2A D9 34 56 84 50 9D 86 AC 9C 58 CE 2E 61 13 0B CA 1D 51 04 7E
15:54:49 Failed to receive reply from the device in given time.

Image: 
Kurumi
Kurumi's picture

Hi,

In the pic your server system title is not correct. Is the meter our example meters or is it the real meter?

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,
This is my testing meter and i have put server meter system title to 12345678

Kurumi
Kurumi's picture

Hi,

What programming language you are using? I believe that example servers don't handle ECDSA yet.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,

Below is the difference between our suite0 AARQ and gurux suite1 AARQ,

Our Suite 0 AARQ frame suite0 7E A0 6E 0 2 BA 69 61 10 20 82 E6 E6 0 60 5D A1 9 6 7 60 85 74 5 8 1 3 A6 0A 4 8 31 32 33 34 35 36 37 38 8A 2 7 80 8B 7 60 85 74 5 8 2 2 AC 12 80 10 31 32 33 34 35 36 37 38 39 31 32 33 34 35 36 37 BE 23 4 21 21 1F 30 0 0 0 12 26 DB C6 A8 76 30 7 79 0D 9F 4F 4 0E 2D 51 36 4D 4A 9A 11 34 10 5E B6 D0 6 EF 7F 7E
gurux suite 1 frame suite 1 7E A0 6E 0 2 BA 69 61 10 20 82 E6 E6 0 60 5D A1 9 6 7 60 85 74 5 8 1 3 A6 0A 4 8 31 32 33 34 35 36 37 38 8A 2 7 80 8B 7 60 85 74 5 8 2 2 AC 12 80 10 5B 65 23 2A 5 21 0E 46 6A 4C 72 11 34 0E 6B 36 BE 23 4 21 21 1F 31 0 0 0 0 8E 91 A5 76 70 B8 F3 EF 2A D9 34 56 84 50 9B 60 CC AD 0F 1E 7F E6 F4 E7 E3 D5 D0 96 7E

as per observations, there is no signing tag and signature in gurux suite 1 frame , only getting IV as 31

aoudumbarpawar

Hii,

I am not using any testing meter, it is a real meter which supports the ECDSA (Tested with CTT tool).

To verify that meter is supporting or not supporting ECDSA, first client must have to sent AARQ (suite1) to the meter.

Regards,
Aoudumbar

Kurumi
Kurumi's picture

Hi,

ECDSA is started to use after the connection is made for the meter.
It's not sent in AARQ or AARE messages. It's not possible to update the ephemeral key pair in Ephemeral Unified Model before the connection is established.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

hii,
Please find below log:

17:14:01 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 61 93 FA DD 81 80 14 05 02 01 F5 06 02 01 F2 07 04 00 00 00 01 08 04 00 00 00 01 2C 01 7E
17:14:02
RX: 7E A0 23 61 00 02 BA 69 73 09 85 81 80 14 05 02 02 00 06 02 02 00 07 04 00 00 00 01 08 04 00 00 00 01 6F EF 7E
17:14:02 Send AARQ request.
TX: 7E A0 6E 00 02 BA 69 61 10 20 82 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 31 32 33 34 35 36 37 38 8A 02 07 80 8B 07 60 85 74 05 08 02 02 AC 12 80 10 45 3B 2C 02 51 30 07 43 74 0E 48 15 40 2A 4D 28 BE 23 04 21 21 1F 31 00 00 00 00 8E 91 A5 76 70 B8 F3 EF 2A D9 34 56 84 50 9B 60 CC AD 0F 1E 7F E6 F4 E7 E3 D5 1C F9 7E
17:14:02
RX: 7E A0 7A 61 00 02 BA 69 30 60 C6 E6 E7 00 61 69 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 0E A4 0A 04 08 31 32 33 34 35 36 37 38 88 02 07 80 89 07 60 85 74 05 08 02 02 AA 12 80 10 61 62 63 64 65 66 67 68 69 6A 6B 6C 00 00 05 35 BE 23 04 21 28 1F 30 00 00 00 00 87 91 A3 29 69 E3 EC EB 3A C4 28 4B 7B A8 1A 82 08 C5 AB 04 C2 F3 FD B5 07 05 A3 90 7E
17:14:02 Authenticating.
TX: 7E A0 E4 00 02 BA 69 61 32 7A EF E6 E6 00 DD 08 00 00 00 00 00 00 00 01 08 31 32 33 34 35 36 37 38 08 31 32 33 34 35 36 37 38 00 00 01 02 01 01 81 80 95 2D C0 AF C4 41 D3 36 80 AF E0 29 51 69 C6 34 A8 CC 79 3D 66 FB 7C 63 8B CF 2C CF 90 7A 35 D4 FB FE 76 4F 70 3C 1F F2 CD F4 7A 62 21 72 2C 21 4E E1 88 08 19 21 2C C0 1B 6E 7D DD E8 22 14 25 FF D4 08 33 D3 A2 C8 7A 17 B9 6B 3F 66 DE 90 58 F9 0B 2D AE 14 92 8C 75 EC 83 09 C9 0F 4F 24 1C CA 36 F5 AC 20 99 87 C0 7D 8F 3C 42 AE 97 1B 40 08 15 A1 4F 89 A8 54 F9 86 CE D4 57 F6 8A AD B7 30 31 00 00 00 00 14 BD 5C C6 35 B3 BF 83 D3 84 2A 7D E8 E5 6A FA EF 9B A0 BC EC BF 51 C9 98 97 2D 3A 13 B8 F3 AF 81 98 5A 8E 4C 00 5D 35 0F CE 11 0E 40 7E
17:14:03
RX: 7E A0 7D 61 00 02 BA 69 52 6C 41 E6 E7 00 00 6C 31 00 00 00 00 50 91 AD 47 44 D4 D8 DE 1C EE 12 43 4A 9D 71 6B C6 C5 AF 5E 4C 32 7E 67 6B EB BD 19 08 8E 07 2A 97 ED 57 E6 C8 61 D5 5B 9F 4F 7A 6D C6 36 CB CF 4A 8F 3E 45 F1 36 81 D5 74 15 57 93 50 94 F8 8E 40 46 7B 86 8F AC 25 2C 03 F6 08 CD D2 92 D9 10 CD 46 00 BA C2 A5 D4 48 3E 29 FA 0C 16 91 24 27 16 32 27 A3 54 12 AC 2D FE 7E

Client added DD (general signing tag), also msg is not encrypted and no signature

aoudumbarpawar

Hii,
How to setsetting to General signing(0xdf) in gurux?

Kurumi
Kurumi's picture

Hi,

Check "General Protection" from "Supported Services" -tab.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Kurumi
Kurumi's picture

Hi,

In my mind message is encrypted with One-Pass Diffie-Hellman. Why do you think that it's not encryted or there is no signature?

BR,
Mikko

<HDLC len="E3" >
<!-- Logical address:1, Physical address:11956 -->
<TargetAddress Value="6EB4" />
<SourceAddress Value="30" />
<FrameType Value="32" />
<PDU>
<GeneralCiphering>
<TransactionId Value="0000000000000001" />
<OriginatorSystemTitle Value="3132333435363738" />
<RecipientSystemTitle Value="3132333435363738" />
<DateTime Value="" />
<OtherInformation Value="" />
<KeyInfo>
<AgreedKey>
<KeyParameters Value="01" />
<KeyCipheredData Value="952DC0AFC441D33680AFE0295169C634A8CC793D66FB7C638BCF2CCF907A35D4FBFE764F703C1FF2CDF47A6221722C214EE1880819212CC01B6E7DDDE8221425FFD40833D3A2C87A17B96B3F66DE9058F90B2DAE14928C75EC8309C90F4F241CCA36F5AC209987C07D8F3C42AE971B400815A14F89A854F986CED457F68AADB7" />
</AgreedKey>
</KeyInfo>
<CipheredContent Value="310000000014BD5CC635B3BF83D3842A7DE8E56AFAEF9BA0BCECBF51C998972D3A13B8F3AF81985A8E4C005D350FCE11" />
</GeneralCiphering>
</PDU>
</HDLC>

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,
Our meter supports general signing, how can we set gurux to support general signing ?

Kurumi
Kurumi's picture

Hi,

We are implementing the general signing at the moment.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

aoudumbarpawar

Hii,
Thank you very much for such a great support.

Will wait for next release which supports general signing

Best Regards,
Aoudumbar Pawar