I have some questions about get data from meter by client, which use symmetric ciphering (general-glo-ciphering with authenticated/encrypted frames (SC=0x30)).
I have next settings for client:
What I should do for server agreement of current key? Should I get a certificate, digital signature, ect. Or getting Application assotiation request will be enough? Can you tell more about symmetric chiphering's stages. What we must get on each of them, one by one?
And one more: when we use TCP, we work with client and server (server as a meter's logical component), but when we use an optical cable we can use only a client and meter without a server. Is it correct?
Oh, that's interesting. But can you tell, what main difference between server with TCP and optical port connection? I only have to use GXSerial instead GXNet and use special initializing method with serial settings or do something else? Can you, if it's not difficult, show important part of code in this case. Thank you very much.
If HDLC framing is used, there are no differences. Data is same. Some meters can use WRAPPER when frame size is smaller. CRC, etc are already in TCP/IP packet, so they are not needed.
Generate packets in the same way on both communication channels. Select GXNet or GXSerial to send and receive bytes.
In example of server we have only password checking method for low level of authentication and a comment about hige level, which will be checking on next step. Either this step is what we define in client or we have to describe the high authentication functionality in special method in server class?
The client will decide what authentication level is used.
Authentication keys are set for GXDLMSAssociationLogicalName secret property.
There is own instance from GXDLMSAssociationLogicalName for each authentication level.
I've implemented secured server and initialized it like this:
public void initializer(String portName) throws Exception{
media = new GXSerial();
media.setPortName(portName); //the same port that client has
media.setBaudRate(gurux.io.BaudRate.BAUD_RATE_9600);
media.setDataBits(8);
media.setParity(Parity.NONE);
media.setStopBits(StopBits.ONE);
media.setWriteTimeout(5000);
Then I ran my server and my client an Server wrote smth like this:
18:16:54 INFO OPENING
18:16:54 INFO Settings: Port: /dev/ttyUSB0 Baud Rate: BAUD_RATE_9600 Data Bits: 8 Parity: NONE Stop Bits: ONE Eop:None
18:16:54 INFO OPEN
Public server on port
18:16:57 RECEIVED 7E
18:16:57 RECEIVED 7E
18:16:57 RECEIVED A0 54 07 03 30 A7 15 E6 E7
18:18:37 RECEIVED 7E
18:18:37 RECEIVED A0 07 07 03 73 E3 95 7E
18:19:27 RECEIVED 7E
18:19:27 RECEIVED A0 07 07 03 73 E3 95
And client wrote:
Client address: 0x3
TestServer address: 0x1
Authentication: HighGMac
Security Suite: AES_GCM_128
TestServer System Title []
Security: AUTHENTICATION_ENCRYPTION
Client system Title: []
Data send failed. Try to resend 1/3
Data send failed. Try to resend 2/3
Data send failed. Try to resend 3/3
Failed to receive reply from the device in given time.
On your trace, you are not sending SNRM as the first command to the server. Check why that is not sent.
Also, it seems that you are not reading all the bytes from the serial port on the server side.
Thank you a lot, I've got the correct data (three allowed objects) with public client.
But I still have an issue with realization of General glo ciphering with Gurux library for Installer/Maintainer client. My manufacturer sent me an example of request but if even I send it to meter directly and get correct response, I can't to parse this reply with parseAareResponse method because I get an error "Invalid tag". The same with aarqRequest method, I get response from meter with tag, that not parse with the corresponding method, because, as I think, it has tag that not to realized.
My manufacturer writes me that I must send AARQ with APDU which in xml looks like this:
<GeneralGloCiphering>
<SystemTitle Value="" />
<CipheredService Value="3000000002D......" />(31 bytes value)
</GeneralGloCiphering>
And then it must be decripted with system like next one:
01 00 00 00 06 5F 1F 04 00 40 10 19 FF FF
It is possible to realized it with Gurux Library?
Is there a possibility to add the new tag <GeneralGloCiphering> for correct parsing?
Have you call GXDLMSClient.GetData to get PDU from the received bytes? Check that ErrorCode is 0.
The invalid tag is usually thrown when decrypted data is wrong. Check your keys.
Yes, I call GXDLMSClient.GetData to get PDU from recived bytes. I've checked key and it's correct, then I checked system title(client title) and recepient title(server title) and there're correct too. And finally I've checked invocation (frame) counter and its value is correct. But when I send AARQ with gurux library method like this:
I get "null" error with next trace:
<- 12:05:41 7E A0 07 03 07 93 EC 76 7E
-> 12:05:41 7E A0 07 07 03 73 E3 95 7E
<- 12:05:41 7E A0 6B 03 07 10 AF CE E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 49 4E 53 54 41 4C 4C 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 5B 50 07 2C 5C 2E 46 34 4B 2D 69 37 3F 09 53 27 BE 23 04 21 21 1F 30 00 00 00 03 09 32 61 AE 46 ED 29 D2 59 88 C3 0F 3B 42 9D 06 69 14 2A FE D9 85 D3 4B 06 F9 67 80 7E
-> 12:05:41 7E A0 54 07 03 30 A7 15 E6 E7 00 61 46 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 01 A3 05 A1 03 02 01 06 89 07 60 85 74 05 08 02 05 AA 12 80 10 F6 72 4B 5B B9 99 47 C4 81 09 12 66 FE 40 95 96 BE 10 04 0E 08 00 06 5F 1F 04 00 40 02 9D 00 E5 00 07 30 27 7E
If I send request in hex that looks like my manufacturer want to:
reply.clear();
curClient.readDLMSPacket(request, reply);// request is copy of necessary hex request converted to bytes
secureClient.parseAareResponse(reply.getData());
I get "Connection is permanently rejected. No reason is given."
And next trace:
<- 12:18:18 7E A0 07 03 07 93 EC 76 7E
-> 12:18:18 7E A0 07 07 03 73 E3 95 7E
<- 12:18:18 7E A0 67 03 07 10 9B 59 E6 E6 00 60 59 A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 49 4E 53 54 41 4C 4C 45 89 01 64 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 0A 80 08 99 36 61 18 3D D0 2C E8 BE 24 04 22 DB 00 1F 30 00 00 00 02 D0 F5 2D F6 14 FC B2 A2 64 7E 28 68 8F D7 44 DB C4 A3 87 50 67 8D 75 FD 22 D6 E0 E0 7E
-> 12:18:19 7E A0 64 07 03 30 55 59 E6 E7 00 61 56 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 00 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 0A 80 08 42 90 14 2A F1 61 6B 8D BE 24 04 22 DB 00 1F 30 00 00 00 49 70 68 18 BF BF A6 80 E2 75 AA 5C 04 85 DB 14 8A 43 2D 13 7A 86 96 7D 60 71 D2 D8 C2 7E
I think, maybe it could be sent ciphered APDU for AARQ. Or ciphered service value is wrong. I don't sure, what to do next.
Symmetric Ciphering
Hi,
You don't need certificate, etc with GMAC. You need Block Cipher key, Authentication Key and sometimes Server and Client System Title.
Set those values using getCiphering() methods.
You can implement both client and server for all connection types. We have example from the server only for TCP/IP connection at the moment.
BR,
Mikko
Symmetric Chiphering
Oh, that's interesting. But can you tell, what main difference between server with TCP and optical port connection? I only have to use GXSerial instead GXNet and use special initializing method with serial settings or do something else? Can you, if it's not difficult, show important part of code in this case. Thank you very much.
Symmetric Ciphering
Hi,
If HDLC framing is used, there are no differences. Data is same. Some meters can use WRAPPER when frame size is smaller. CRC, etc are already in TCP/IP packet, so they are not needed.
Generate packets in the same way on both communication channels. Select GXNet or GXSerial to send and receive bytes.
BR,
Mikko
Symmetric Ciphering
Hello Mr Mikko,
In example of server we have only password checking method for low level of authentication and a comment about hige level, which will be checking on next step. Either this step is what we define in client or we have to describe the high authentication functionality in special method in server class?
Thank you
Symmetric Ciphering
Hello,
The client will decide what authentication level is used.
Authentication keys are set for GXDLMSAssociationLogicalName secret property.
There is own instance from GXDLMSAssociationLogicalName for each authentication level.
Server will handle this automatically.
BR,
Mikko
Symmetric Ciphering
Hello, Mr Mikko,
I've implemented secured server and initialized it like this:
public void initializer(String portName) throws Exception{
media = new GXSerial();
media.setPortName(portName); //the same port that client has
media.setBaudRate(gurux.io.BaudRate.BAUD_RATE_9600);
media.setDataBits(8);
media.setParity(Parity.NONE);
media.setStopBits(StopBits.ONE);
media.setWriteTimeout(5000);
media.setTrace(TraceLevel.VERBOSE);
media.addListener(this);
media.open();
addAutoAnswer();
addFrameCounter();
addLogicalDeviceName();
addMacAddressSetup();
addClock();
addRegister();
super.initialize();
}
Then I ran my server and my client an Server wrote smth like this:
18:16:54 INFO OPENING
18:16:54 INFO Settings: Port: /dev/ttyUSB0 Baud Rate: BAUD_RATE_9600 Data Bits: 8 Parity: NONE Stop Bits: ONE Eop:None
18:16:54 INFO OPEN
Public server on port
18:16:57 RECEIVED 7E
18:16:57 RECEIVED 7E
18:16:57 RECEIVED A0 54 07 03 30 A7 15 E6 E7
18:18:37 RECEIVED 7E
18:18:37 RECEIVED A0 07 07 03 73 E3 95 7E
18:19:27 RECEIVED 7E
18:19:27 RECEIVED A0 07 07 03 73 E3 95
And client wrote:
Client address: 0x3
TestServer address: 0x1
Authentication: HighGMac
Security Suite: AES_GCM_128
TestServer System Title []
Security: AUTHENTICATION_ENCRYPTION
Client system Title: []
Data send failed. Try to resend 1/3
Data send failed. Try to resend 2/3
Data send failed. Try to resend 3/3
Failed to receive reply from the device in given time.
Help me, please. What can be wrong?
Thank you.
Secured server
Hi,
On your trace, you are not sending SNRM as the first command to the server. Check why that is not sent.
Also, it seems that you are not reading all the bytes from the serial port on the server side.
BR,
Mikko
Symmetric Ciphering
Hello, Mr. Mikko,
Thank you a lot, I've got the correct data (three allowed objects) with public client.
But I still have an issue with realization of General glo ciphering with Gurux library for Installer/Maintainer client. My manufacturer sent me an example of request but if even I send it to meter directly and get correct response, I can't to parse this reply with parseAareResponse method because I get an error "Invalid tag". The same with aarqRequest method, I get response from meter with tag, that not parse with the corresponding method, because, as I think, it has tag that not to realized.
My manufacturer writes me that I must send AARQ with APDU which in xml looks like this:
<GeneralGloCiphering>
<SystemTitle Value="" />
<CipheredService Value="3000000002D......" />(31 bytes value)
</GeneralGloCiphering>
And then it must be decripted with system like next one:
01 00 00 00 06 5F 1F 04 00 40 10 19 FF FF
It is possible to realized it with Gurux Library?
Is there a possibility to add the new tag <GeneralGloCiphering> for correct parsing?
Thank you
Symmetric Ciphering
Hi,
Have you call GXDLMSClient.GetData to get PDU from the received bytes? Check that ErrorCode is 0.
The invalid tag is usually thrown when decrypted data is wrong. Check your keys.
BR,
Mikko
Symmetric Ciphering
Hello, Mr. Mikko
Yes, I call GXDLMSClient.GetData to get PDU from recived bytes. I've checked key and it's correct, then I checked system title(client title) and recepient title(server title) and there're correct too. And finally I've checked invocation (frame) counter and its value is correct. But when I send AARQ with gurux library method like this:
reply.clear();
curClient.readDLMSPacket(secureClient.aarqRequest()[0], reply);
secureClient.parseAareResponse(reply.getData());
I get "null" error with next trace:
<- 12:05:41 7E A0 07 03 07 93 EC 76 7E
-> 12:05:41 7E A0 07 07 03 73 E3 95 7E
<- 12:05:41 7E A0 6B 03 07 10 AF CE E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 49 4E 53 54 41 4C 4C 45 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 12 80 10 5B 50 07 2C 5C 2E 46 34 4B 2D 69 37 3F 09 53 27 BE 23 04 21 21 1F 30 00 00 00 03 09 32 61 AE 46 ED 29 D2 59 88 C3 0F 3B 42 9D 06 69 14 2A FE D9 85 D3 4B 06 F9 67 80 7E
-> 12:05:41 7E A0 54 07 03 30 A7 15 E6 E7 00 61 46 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 01 A3 05 A1 03 02 01 06 89 07 60 85 74 05 08 02 05 AA 12 80 10 F6 72 4B 5B B9 99 47 C4 81 09 12 66 FE 40 95 96 BE 10 04 0E 08 00 06 5F 1F 04 00 40 02 9D 00 E5 00 07 30 27 7E
If I send request in hex that looks like my manufacturer want to:
reply.clear();
curClient.readDLMSPacket(request, reply);// request is copy of necessary hex request converted to bytes
secureClient.parseAareResponse(reply.getData());
I get "Connection is permanently rejected. No reason is given."
And next trace:
<- 12:18:18 7E A0 07 03 07 93 EC 76 7E
-> 12:18:18 7E A0 07 07 03 73 E3 95 7E
<- 12:18:18 7E A0 67 03 07 10 9B 59 E6 E6 00 60 59 A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 49 4E 53 54 41 4C 4C 45 89 01 64 8A 02 07 80 8B 07 60 85 74 05 08 02 05 AC 0A 80 08 99 36 61 18 3D D0 2C E8 BE 24 04 22 DB 00 1F 30 00 00 00 02 D0 F5 2D F6 14 FC B2 A2 64 7E 28 68 8F D7 44 DB C4 A3 87 50 67 8D 75 FD 22 D6 E0 E0 7E
-> 12:18:19 7E A0 64 07 03 30 55 59 E6 E7 00 61 56 A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 00 A3 05 A1 03 02 01 00 88 02 07 80 89 07 60 85 74 05 08 02 05 AA 0A 80 08 42 90 14 2A F1 61 6B 8D BE 24 04 22 DB 00 1F 30 00 00 00 49 70 68 18 BF BF A6 80 E2 75 AA 5C 04 85 DB 14 8A 43 2D 13 7A 86 96 7D 60 71 D2 D8 C2 7E
I think, maybe it could be sent ciphered APDU for AARQ. Or ciphered service value is wrong. I don't sure, what to do next.
Can this issue be solved?
Thank you very much.
Symmetric Ciphering
Hi,
There is an error on data what meter expects.
BE 24 04 22 DB // Last byte is wrong.
Command must be GloInitiateRequest, not GeneralGloCiphering. Ask manufacturer to fix this.
BR,
Mikko