Application association failing for ISKRA meter

6 posts / 0 new
Last post
Siemens-US
Application association failing for ISKRA meter

Hi

I am trying to make an application association for ISKRA meter that supports HIGH_GMAC level of authentication and Security Suite level-1. While trying to make the association I am getting following response from the meter:-

00 01 00 01 00 15 00 56 61 54 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 01 A3 05 A1 03 02 01 01 A4 0A 04 08 49 53 4B 68 74 13 F8 D6 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 22 80 20 43 38 49 50 6A 4F 56 66 62 6E 59 74 61 42 41 56 30 41 6D 5A 4E 70 2B 6E 30 34 33 6A 42 59 76 48

This corresponds to following:-

<WRAPPER len="94" >
<TargetAddress Value="1" />
<SourceAddress Value="21" />
<PDU>
<AssociationResponse>
<ApplicationContextName Value="LN_WITH_CIPHERING" />
<!--PERMANENT_REJECTED-->
<AssociationResult Value="1" />
<ResultSourceDiagnostic>
<!--NO_REASON_GIVEN-->
<ACSEServiceUser Value="1" />
</ResultSourceDiagnostic>
<RespondingAPTitle Value="49534B687413F8D6" />
<ResponderACSERequirement Value="1" />
<MechanismName Value="HighGMac" />
<RespondingAuthentication Value="433849506A4F5666626E59746142415630416D5A4E702B6E3034336A42597648" />
</AssociationResponse>
</PDU>
</WRAPPER>

As you can see in the response i am getting error with "NO REASON GIVEN". What can be the possible reason I am getting this error?

Thanks
Yatin
Siemens-US

Kurumi
Kurumi's picture

Hi Yatin,

Check following:
-Authentication key
-Block cipher key

Make sure that they are correct.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Siemens-US

Thanks Mikko.

I have just asked the meter manufacturers to recheck the provided keys.
Do you suspect this may be the issue from the message I posted?

Also the meter manufacturer has also provided me a master key. Does this key is also needed while application establishment as a dedicated key?

Thanks
Yatin

Kurumi
Kurumi's picture

Hi,
You did not send request bytes. What is your InvocationCounter value?
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Siemens-US

Hi

Following is the AARQ message:-

00 01 00 15 00 01 00 5F 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 45 49 50 31 32 33 34 35 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 5B 67 1B 44 62 6C 1B 2B 13 3D 0D 1B 4B 14 15 3E BE 23 04 21 21 1F 30 00 00 00 00 A0 E6 68 30 6C F0 02 03 99 03 22 05 3C AA 6B 79 5F AA 6A CE 88 67 CF 45 79 54

The invocation counter value is 0. From the code of Gurux it seems the the AARQ request always have 0 invocation counter. The counter then increases with each request.

I am using following code to make theAARQ request:-

settings.client.setClientAddress(21);
settings.client.setServerAddress(1);
settings.client.setAuthentication(Authentication.HIGH_GMAC);
settings.client.getCiphering().setSystemTitle("EIP12345".getBytes());
settings.client.getCiphering().setSecurity(Security.AUTHENTICATION_ENCRYPTION);
settings.client.setSecuritySuite(SecuritySuite.AES_GCM_128);
settings.client.getCiphering().setBlockCipherKey(GXCommon.hexToBytes("******"));
settings.client.getCiphering().setAuthenticationKey(GXCommon.hexToBytes("*******"));
settings.client.getProposedConformance().add(Conformance.GENERAL_PROTECTION);

Note:- client system title is a random string that I am passing.

Thanks
Yatin

Kurumi
Kurumi's picture

Hi Yatin,

Your data seems to be correct. Can you log in if you don't use ciphering with GMAC?
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi