HDLC - HLS with GMAC

18 posts / 0 new
Last post
MarioJ
HDLC - HLS with GMAC

Hello,
first of all thanks for making a great job. In my project I try to connect with Elster device using optical port.
Using public clinet I'm able to read some data (I'm using GXDLMSReader for this). Unfortunatelly I'm not able to use Maintainer client. I know that device is using HLS with GMAC as Authentication. I set this parameters:
settings.client.InterfaceType = InterfaceType.HDLC;
settings.client.ClientAddress = 3;
settings.client.ServerAddress = 1;
settings.client.Ciphering.AuthenticationKey = new byte[] { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30 };
settings.client.Ciphering.BlockCipherKey = new byte[] { 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30 };
settings.client.Authentication = Authentication.HighGMAC;
settings.client.Ciphering.Security = Security.Authentication;
But I'm not able to parse the response using ParseAAREResponse.
The response is: 61 2B A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 01 A3 05 A1 03 02 01 01 A4 0A 04 08 93 15 55 46 27 33 25 03 BE 06 04 04 0E 01 06 00
Am I missing something ? Or I have to set some other parameter ?

Kurumi
Kurumi's picture

Hi,

Then try to read your meter first with GXDLMSDirector. It's easier to visualize your settings.
You can find all settings from "Secured connections" tab.

Try to set security to DLMS_SECURITY_AUTHENTICATION_ENCRYPTION.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

Thank you for your fast reply. I try to use GXDLMSDirector but I don't see GMAC Authentication. Also I was not sure what to write in System title and Invocation Counter. Choosing DLMS_SECURITY_AUTHENTICATION_ENCRYPTION did not solve my probem. Can you give me some feedback ?

Image: 
Kurumi
Kurumi's picture

Hi,

GMac is new in Elster. Settings file is updated. Elster settings was last modified 2012.
Start GXDLMSDirector and update manufacturer settings selecting "New Manufacturer settings available" from top menu.

Set Invocation Counter to Zero.
System title is 8 bytes long hex string. Some manufacturers expect that it's constant. For some, it can be anything. Try with Gurux123

If connection fails, try to give meter serial number. Is you meter supporting Italian Standard (UNI)?
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

I did as you said. Now I can see GMAC. but after settings everything I get error as shown in image.
How to check if meter supporting Italian Standard (UNI) ?

Image: 
Kurumi
Kurumi's picture

Hi,

After you change authentication level you need to re-read association view.

Is this error coming right away when you press connect, or is this error coming when you try to read something from the meter?

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

I get this error when I press connect. I try to change security to AuthenticationEncryption but I get different error: "Invalid password. Server to Client challenge do not match". Setting security to Encryption gives this error: "ServiceError Initiate error exception. initiate IncompatibleConformance". Do I need to set anything else?

Kurumi
Kurumi's picture

Hi,

AuthenticationEncryption looks correct. Your block cipher key or authentication key is wrong.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

Is there any way to confirm that keys are incorrect ? I get them from the company which device I'm using. When I send AARE I get as a response: 61 1F A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 01 A3 05 A1 03 02 01 01 BE 06 04 04 0E 01 06 00

Kurumi
Kurumi's picture

Hi,

No. There is no way to check keys. Try to set Frame Counter to 0.1.43.1.1.255 like in pic.
You also need to set keys.

BR,

Mikko

Image: 

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

I set as you wrote but the result is the same

Image: 
Kurumi
Kurumi's picture

Hi,

You should check the keys. I don't believe that they are the correct ones.
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

they might be correct because I try to use DLMS.Client.Example and I can send AARQ and parse AARE.
but I am not able to ReadDataBlock after GetApplicationAssociationRequest. Device does not respond after sending frame to it.

if (Client.IsAuthenticationRequired)
{
foreach (byte[] it in Client.GetApplicationAssociationRequest())
{
reply.Clear();
ReadDataBlock(it, reply); //<- no response here
}
Client.ParseApplicationAssociationResponse(reply.Data);
}
I try to talk with device company and they suggest that i'm not increasing frame counter when asking for: "0.0.40.0.0.255" But when I try to do that there is no change

Kurumi
Kurumi's picture

Hi,

It's hard to say anything for sure, but you can try to set Invocation Counter (frame counter) to 0.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

The problem is fixed. Device discard packet when whole Client.GetApplicationAssociationRequest() was encrypted. Thx for your help. Can you give me some other feedback ? How to execute action which include Script table ? I see there is GXDLMSDisconnectControl. Is it a good idea to use it with GXDLMSScriptAction ? And how to call it ?

Kurumi
Kurumi's picture

Hi Mario,

So if you send your application association request without encryption it works?

Create script table object and call Execute method.

GXDLMSScriptTable s = new GXDLMSScriptTable ("OBIS CODE");
data = s.execute(client, Index);

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

MarioJ

Sending StoC cannot by crypted or device will ignore it. Can you tell me how to execute an action with parametr? How to send a parameter to method ?

Kurumi
Kurumi's picture

Hi,

Meter sends StoC and client sends CtoS. So your meter is not using encryption. Try to change "Security" from "AuthenticationEncrypt" to "None".
You can use GXDLMSClient and Method(GXDLMSObject item, int index, Object data) to execute wanted action.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi