mirror
/
wmbusmeters
kopia lustrzana https://github.com/weetmuts/wmbusmeters
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Do not accept non-encrypted telegrams when a key is specified.

pull/385/head
Fredrik Öhrström 2021-11-06 21:41:36 +01:00
rodzic a5694a1aab
commit d32b69a810
5 zmienionych plików z 57 dodań i 11 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

3
simulations/simulation_aes_removed.msg 100644
Wyświetl plik

@ -0,0 +1,3 @@
telegram=|6E4401068888888805077A850060852F2F|80C84AFD9308020043820183000A5415586302FCA91510F01200007B01F0120000C91200006D110000D20E0000F5090000B30400006D0000002B0000002B0000002B0000002B0000002B000000A085D9A103FFFFFFFFFFFFFFFFFFFF0A8D|
telegram=|2A442D2C998734761B168D2091D37CAC21576C78|02FF207100041308190000441308190000615B7F616713|
telegram=|AE44EE4D777777773C077A4400A0252F2F|6D142F570000426C01014C130000000082046C41218C0413000000008D04931E3A3CFE0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046D030C6F2303FD6C401F0082206C6B210BFD0F0200018C4079000000008310FD31E0040082106C6F238110FD610102FD66030002FD1700012F2F2F2F2F2F2F2F2F2F|

29
src/wmbus.cc
Wyświetl plik

@ -1010,7 +1010,7 @@ bool Telegram::parseELL(vector<uchar>::iterator &pos)
if (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) decrypted payload crc failed check, did you use the correct decryption key? "
warning("(wmbus) WARNING! decrypted payload crc failed check, did you use the correct decryption key? "
"%02x%02x payload crc (calculated %02x%02x) "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
ell_pl_crc_b[0], ell_pl_crc_b[1],
@ -1134,7 +1134,7 @@ bool Telegram::parseAFL(vector<uchar>::iterator &pos)
len != 12 &&
len != 16)
{
warning("(wmbus) bad length of mac\n");
warning("(wmbus) WARNING! bad length of mac\n");
return false;
}
afl_mac_b.clear();
@ -1415,7 +1415,24 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
{
if (tpl_sec_mode == TPLSecurityMode::AES_CBC_IV)
{
if (alreadyDecryptedCBC(pos)) return true;
if (alreadyDecryptedCBC(pos))
{
if (meter_keys && meter_keys->hasConfidentialityKey())
{
// Oups! There this telegram is already decrypted, but
// we have specified a key! Do not accept this telegram!
warning("(wmbus) WARNING! telegram should have been encrypted, but was not! "
"id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),
manufacturer(dll_mfct).c_str(),
dll_mfct,
mediaType(dll_type, dll_mfct).c_str(), dll_type,
dll_version);
return false;
}
return true;
}
if (!meter_keys) return false;
if (!meter_keys->hasConfidentialityKey())
{
@ -1433,7 +1450,7 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
if (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) decrypted content failed check, did you use the correct decryption key? "
warning("(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),
@ -1466,7 +1483,7 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
if (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) telegram mac check failed, did you use the correct decryption key? "
warning("(wmbus) WARNING! telegram mac check failed, did you use the correct decryption key? "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),
@ -1491,7 +1508,7 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
if (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) decrypted content failed check, did you use the correct decryption key? "
warning("(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),

26
tests/test_aes.sh
Wyświetl plik

@ -26,3 +26,29 @@ then
fi
if [ "$TESTRESULT" = "ERROR" ]; then echo ERROR: $TESTNAME; exit 1; fi
TESTNAME="Test that telegram really is encrypted"
TESTRESULT="ERROR"
cat > $TEST/test_expected.txt <<EOF
(wmbus) WARNING! telegram should have been encrypted, but was not! id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
(meter) newly created meter (ApWater 88888888 apator162) did not handle telegram!
(wmbus) WARNING! decrypted payload crc failed check, did you use the correct decryption key? e1d6 payload crc (calculated a528) Permanently ignoring telegrams from id: 76348799 mfct: (KAM) Kamstrup Energi (0x2c2d) type: Cold water meter (0x16) ver: 0x1b
(meter) newly created meter (Vatten 76348799 multical21) did not handle telegram!
(wmbus) WARNING! telegram should have been encrypted, but was not! id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
(meter) newly created meter (Wasser 77777777 supercom587) did not handle telegram!
EOF
$PROG --format=json simulations/simulation_aes_removed.msg \
ApWater apator162 88888888 00000000000000000000000000000000 \
Vatten multical21 76348799 28F64A24988064A079AA2C807D6102AE \
Wasser supercom587 77777777 5065747220486F6C79737A6577736B69 > $TEST/test_output.txt 2>&1
diff $TEST/test_expected.txt $TEST/test_output.txt
if [ "$?" = "0" ]
then
echo "OK: $TESTNAME"
TESTRESULT="OK"
fi
if [ "$TESTRESULT" = "ERROR" ]; then echo ERROR: $TESTNAME; exit 1; fi

4
tests/test_key_warnings.sh
Wyświetl plik

@ -13,7 +13,7 @@ $PROG --format=json simulations/simulation_bad_keys.txt room fhkvdataiii 0306571
cat > $TEST/expected_err.txt <<EOF
(meter) room: meter detection did not match the selected driver fhkvdataiii! correct driver is: fhkvdataiv
(meter) Not printing this warning again for id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
(wmbus) decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
EOF
diff $TEST/test_stderr.txt $TEST/expected_err.txt
@ -28,7 +28,7 @@ $PROG --format=json simulations/simulation_bad_keys.txt room fhkvdataiv 03065716
cat > $TEST/expected_err.txt <<EOF
(meter) room: meter detection did not match the selected driver fhkvdataiv! correct driver is: fhkvdataiii
(meter) Not printing this warning again for id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x80) ver: 0x94
(wmbus) decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
EOF
diff $TEST/test_stderr.txt $TEST/expected_err.txt

6
tests/test_wrongkeys.sh
Wyświetl plik

@ -28,11 +28,11 @@ fi
cat <<EOF > $TEST/test_expected.txt
Started config rtlwmbus on stdin listening on any
(wmbus) decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
(meter) newly created meter (ApWater 88888888 apator162) did not handle telegram!
(wmbus) decrypted payload crc failed check, did you use the correct decryption key? 979f payload crc (calculated 3431) Permanently ignoring telegrams from id: 76348799 mfct: (KAM) Kamstrup Energi (0x2c2d) type: Cold water meter (0x16) ver: 0x1b
(wmbus) WARNING! decrypted payload crc failed check, did you use the correct decryption key? 979f payload crc (calculated 3431) Permanently ignoring telegrams from id: 76348799 mfct: (KAM) Kamstrup Energi (0x2c2d) type: Cold water meter (0x16) ver: 0x1b
(meter) newly created meter (Vatten 76348799 multical21) did not handle telegram!
(wmbus) decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
(meter) newly created meter (Wasser 77777777 supercom587) did not handle telegram!
EOF