HDLC - HLS with GMAC

13 posts / 0 new
Last post
MarioJ
HDLC - HLS with GMAC

Hello,
first of all thanks for making a great job. In my project I try to connect with Elster device using optical port.
Using public clinet I'm able to read some data (I'm using GXDLMSReader for this). Unfortunatelly I'm not able to use Maintainer client. I know that device is using HLS with GMAC as Authentication. I set this parameters:
settings.client.InterfaceType = InterfaceType.HDLC;
settings.client.ClientAddress = 3;
settings.client.ServerAddress = 1;
settings.client.Ciphering.AuthenticationKey = new byte[] { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30 };
settings.client.Ciphering.BlockCipherKey = new byte[] { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30 };
settings.client.Authentication = Authentication.HighGMAC;
settings.client.Ciphering.Security = Security.Authentication;
But I'm not able to parse the response using ParseAAREResponse.
The response is: 61 2B A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 01 A3 05 A1 03 02 01 01 A4 0A 04 08 93 15 55 46 27 33 25 03 BE 06 04 04 0E 01 06 00
Am I missing something ? Or I have to set some other parameter ?

Kurumi
Kurumi's picture
HDLC - HLS with GMAC

Hi,

Then try to read your meter first with GXDLMSDirector. It's easier to visualize your settings.
You can find all settings from "Secured connections" tab.

Try to set security to DLMS_SECURITY_AUTHENTICATION_ENCRYPTION.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
Thank you for your fast reply

Thank you for your fast reply. I try to use GXDLMSDirector but I don't see GMAC Authentication. Also I was not sure what to write in System title and Invocation Counter. Choosing DLMS_SECURITY_AUTHENTICATION_ENCRYPTION did not solve my probem. Can you give me some feedback ?

Image: 
Kurumi
Kurumi's picture
HDLC - HLS with GMAC

Hi,

GMac is new in Elster. Settings file is updated. Elster settings was last modified 2012.
Start GXDLMSDirector and update manufacturer settings selecting "New Manufacturer settings available" from top menu.

Set Invocation Counter to Zero.
System title is 8 bytes long hex string. Some manufacturers expect that it's constant. For some, it can be anything. Try with Gurux123

If connection fails, try to give meter serial number. Is you meter supporting Italian Standard (UNI)?
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
I did as you said. Now I can

I did as you said. Now I can see GMAC. but after settings everything I get error as shown in image.
How to check if meter supporting Italian Standard (UNI) ?

Image: 
Kurumi
Kurumi's picture
Hi,

Hi,

After you change authentication level you need to re-read association view.

Is this error coming right away when you press connect, or is this error coming when you try to read something from the meter?

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
I get this error when I press

I get this error when I press connect. I try to change security to AuthenticationEncryption but I get different error: "Invalid password. Server to Client challenge do not match". Setting security to Encryption gives this error: "ServiceError Initiate error exception. initiate IncompatibleConformance". Do I need to set anything else?

Kurumi
Kurumi's picture
Hi,

Hi,

AuthenticationEncryption looks correct. Your block cipher key or authentication key is wrong.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
Is there any way to confirm

Is there any way to confirm that keys are incorrect ? I get them from the company which device I'm using. When I send AARE I get as a response: 61 1F A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 01 A3 05 A1 03 02 01 01 BE 06 04 04 0E 01 06 00

Kurumi
Kurumi's picture
I get this error when I press

Hi,

No. There is no way to check keys. Try to set Frame Counter to 0.1.43.1.1.255 like in pic.
You also need to set keys.

BR,

Mikko

Image: 

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
I set as you wrote but the

I set as you wrote but the result is the same

Image: 
Kurumi
Kurumi's picture
Hi,

Hi,

You should check the keys. I don't believe that they are the correct ones.
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ
they might be correct because

they might be correct because I try to use DLMS.Client.Example and I can send AARQ and parse AARE.
but I am not able to ReadDataBlock after GetApplicationAssociationRequest. Device does not respond after sending frame to it.

if (Client.IsAuthenticationRequired)
{
foreach (byte[] it in Client.GetApplicationAssociationRequest())
{
reply.Clear();
ReadDataBlock(it, reply); //<- no response here
}
Client.ParseApplicationAssociationResponse(reply.Data);
}
I try to talk with device company and they suggest that i'm not increasing frame counter when asking for: "0.0.40.0.0.255" But when I try to do that there is no change