- Updated gitignore file

- Updated README for Python project
- Completed Node.js project
- Created README for Node.js project

Author: Ricky

.gitignore

@@ -6,4 +6,6 @@ idea/
 __pycache__/
 
 # JetBrains IDE
-.idea/
+.idea/
+
+node_modules/

js/README.md

@@ -0,0 +1,122 @@
+# 🛡️ DLMS Crypto Tool
+
+**DLMS Crypto Tool** is a Node.js package and command-line interface (CLI) utility for encrypting, decrypting, generate encryption key, and authenticating DLMS APDU messages.
+
+## ✨ Features
+
+- **🔒 Encryption:** Encrypts DLMS APDU messages.
+- **🔑 Decryption:** Decrypts APDU messages.
+- **🧾 Authentication:** Generates authentication tags.
+- **💻 CLI Interface:** Interact with the tool via a command‑line utility (`dlmscli`).
+- **📁 File I/O Support:** Optionally load input data from files and output results to files.
+- **📝 Verbose Mode:** Provides detailed logging for debugging and traceability.
+- **✅ Well-Tested:** Unit tests are provided with Mocha to ensure core functionality.
+
+## 🚀 Requirements
+
+- Node.js vs23.11.0 (tested only with this version)
+- [Commander](https://www.npmjs.com/package/commander)
+- [Mocha](https://mochajs.org/) if you want run Unit tests
+- npm (comes with Node.js)
+
+## 📦 Installation
+
+You can install the package globally from npm to get the CLI:
+
+```
+npm install -g dlms_crypto_tool
+```
+
+Or install it as a dependecy in your project:
+
+```
+npm install dlms_crypto_tool
+```
+
+## How to use it
+
+The package provide a CLI command called `dlmscli`.
+
+🔑 Generate a Random Encryption Key
+
+```
+dlmscli key
+```
+
+🔐 Encrypt an APDU Message
+
+System Title = 5249435249435249\
+Frame Counter = 80000001\
+Encryption Key = 454E4352595054494F4E4B45594B4559\
+Authentication Key = 41555448454E5449434154494F4E4B45\
+APDU = c001810001000060010aff0200
+
+```
+dlmscli encrypt 5249435249435249 80000001 454E4352595054494F4E4B45594B4559 41555448454E5449434154494F4E4B45 c001810001000060010aff0200
+```
+*Tip:* Use --infile <path> to load input from a file and --outfile <path> to save the output
+
+🔓 Decrypt an APDU Message
+
+System Title = 5249435249435249\
+Frame Counter = 80000001\
+Encryption Key = 454E4352595054494F4E4B45594B4559\
+Authentication Key = 41555448454E5449434154494F4E4B45\
+APDU = 0de63f2331a09aa85e8830f5f3
+
+```
+dlmscli decrypt 5249435249435249 80000001 454E4352595054494F4E4B45594B4559 41555448454E5449434154494F4E4B45 0de63f2331a09aa85e8830f5f3
+```
+Result
+```
+Encrypted/Decrypted APDU: c001810001000060010aff0200
+```
+
+🔎 Authenticate an APDU Message
+
+System Title = 5249435249435249\
+Frame Counter = 00000001\
+Encryption Key = 454E4352595054494F4E4B45594B4559\
+Authentication Key = 41555448454E5449434154494F4E4B45\
+APDU = 0de63f2331a09aa85e8830f5f3
+```
+dlmscli auth 5249435249435249 00000001 454E4352595054494F4E4B45594B4559 41555448454E5449434154494F4E4B45 0de63f2331a09aa85e8830f5f3
+```
+Result
+```
+TAG: 62d423292e0fe5320370881d
+```
+
+## 🧪 Running Tests
+
+To run unit test using Mocha, follow these steps:
+
+1. Clone the repository and install the development dependencies:
+
+```
+git clone https://github.com/YourUsername/dlms-crypto-tool.git
+cd dlms-crypto-tool
+npm install
+```
+2. Run tests:
+
+```
+
+npm test
+```
+
+## 🤝 Contributing
+
+Contributions are welcome! To contribute:
+
+1. Fork the repository.
+
+2. Create a new branch for your changes.
+
+3. Write tests for your modifications.
+
+4. Submit a pull request with a detailed explanation of your changes.
+
+## 📜 License
+
+This project is licensed under the GNU General Public License v3.0

js/bin/dlmscli.js

@@ -0,0 +1,81 @@
+const crypto = require("crypto");
+const {program} = require("commander");
+const fs = require("fs");
+const {encryptAPDU, decryptAPDU, authAPDU} = require("../lib/dlmsCryptoTool");
+
+program
+    .version('0.0.1')
+    .description('CLI tool for encrypting, decrypting, and authenticating DLMS APDU');
+
+program
+    .command('key')
+    .description('Generate a random 16 bytes encryption key')
+    .action(() => {
+        const key = crypto.randomBytes(16).toString('hex');
+        console.log(`Encryption Key: ${key}`)
+    });
+
+program
+    .command('encrypt <system_title> <frame_counter> <encryption_key> <aad> <apdu>')
+    .option('--infile <path>', 'Read APDU from a file')
+    .option('--outfile <path>', 'Write output to a file')
+    .option('-v, --verbose', 'Enables verbose mode')
+    .description('Encrypt an APDU message')
+    .action((system_title, frame_counter, encryption_key, aad, apdu, options) => {
+
+        if (options.infile) {
+
+            apdu = fs.readFileSync(options.infile, 'utf8').trim();
+            if (options.verbose) console.log(`Read APDU from ${options.infile}`);
+        }
+
+        const result = encryptAPDU(system_title, frame_counter, encryption_key, aad, apdu);
+        // Split ciphertext & tag (tag is last 32 hex characters corresponding to 16 bytes).
+        const ciphertext = result.slice(0, result.length - 32);
+        const tag = result.slice(result.length - 32);
+        const output = `Encrypted APDU: ${ciphertext}\nAuthentication TAG: ${tag}`;
+
+        if (options.outfile) {
+
+            fs.writeFileSync(options.outfile, output);
+            if (options.verbose) console.log(`Written output to ${options.outfile}`);
+
+        } else {
+
+            console.log(output);
+
+        }
+
+    });
+
+program
+    .command('decrypt <system_title> <frame_counter> <encryption_key> <aad> <ciphertext>')
+    .option('--infile <path>', 'Read ciphertext from a file')
+    .option('--outfile <path>', 'Write output to a file')
+    .description('Decrypt an APDU message')
+    .action((system_title, frame_counter, encryption_key, aad, ciphertext, options) => {
+        if (options.infile) {
+            ciphertext = fs.readFileSync(options.infile, 'utf8').trim();
+        }
+        try {
+            const plaintext = decryptAPDU(system_title, frame_counter, encryption_key, aad, ciphertext);
+            const output = `Decrypted APDU: ${plaintext}`;
+            if (options.outfile) {
+                fs.writeFileSync(options.outfile, output);
+            } else {
+                console.log(output);
+            }
+        } catch (err) {
+            console.error('Decryption failed:', err.message);
+        }
+    });
+
+program
+    .command('auth <system_title> <frame_counter> <encryption_key> <authentication_key> <stoc>')
+    .description('Generate an authentication tag for an APDU')
+    .action((system_title, frame_counter, encryption_key, authentication_key, stoc) => {
+        const tag = authAPDU(system_title, frame_counter, encryption_key, authentication_key, stoc);
+        console.log(`Authentication TAG: ${tag}`);
+    });
+
+program.parse(process.argv);

js/index.js

@@ -0,0 +1,115 @@
+const crypto = require("crypto");
+
+// Security header constans
+const SECURITY_HEADER = {
+
+    auth: '10',
+    data: '30'
+
+};
+
+// Create IV by concatenating system_title and frame_counter (hex string)
+function createIV(system_title, frame_counter){
+
+    // Concatenation of hex strings and conversion to Buffer
+    return Buffer.from(system_title + frame_counter, 'hex');
+}
+
+/**
+ * Encrypts an APDU message using AES-GCM.
+ * @param {string} system_title - Hex string
+ * @param {string} frame_counter - Hex string
+ * @param {string} encryption_key - Hex string key
+ * @param {string} additional_auth_data - Additional AAD without the header (hex string)
+ * @param {string} plaintext - Plaintext APDU as a hex string
+ * @returns {string} The ciphertext with appended auth tag as a hex string
+ */
+function encryptAPDU(system_title, frame_counter, encryption_key,additional_auth_data,
+                     plaintext) {
+
+    const iv = createIV(system_title, frame_counter);
+    const keyBuffer = Buffer.from(encryption_key, 'hex');
+    const aadBuffer = Buffer.from(SECURITY_HEADER.data + additional_auth_data, 'hex');
+
+    const cipher = crypto.createCipheriv('aes-128-gcm', keyBuffer, iv, {authTagLength: 16});
+    cipher.setAAD(aadBuffer);
+
+    // Encrypt the plaintext (which is provided as a hex string)
+    const plaitextBuffer = Buffer.from(plaintext, 'hex');
+    const encrypted = Buffer.concat([cipher.update(plaitextBuffer), cipher.final()]);
+    const tag = cipher.getAuthTag();
+
+    // Return concatenated ciphertext + tag as hex string.
+    return Buffer.concat([encrypted, tag]).toString('hex');
+    
+}
+
+/**
+ * Decrypts an APDU message using AES-GCM.
+ * @param {string} system_title - Hex string representing the system title.
+ * @param {string} frame_counter - Hex string representing the frame counter.
+ * @param {string} encryption_key - Hex string decryption key.
+ * @param {string} additional_auth_data - Hex string of additional authentication data.
+ * @param {string} ciphertextWithTagHex - Hex string that contains both ciphertext and appended auth tag.
+ * @returns {string} The decrypted APDU as a hex string.
+ */
+function decryptAPDU(system_title, frame_counter, encryption_key,
+                     additional_auth_data, ciphertextWithTagHex) {
+
+    const buffer = Buffer.from(ciphertextWithTagHex, 'hex');
+    const iv = createIV(system_title, frame_counter);
+    const keybuffer = Buffer.from(encryption_key, 'hex');
+    const aadBuffer = Buffer.from(SECURITY_HEADER.data + additional_auth_data, 'hex');
+
+    // Separate tag (last 16 bytes) from cipheredtext.
+    const tag = buffer.slice(buffer.length - 16);
+    const cipheredtext = buffer.slice(0, buffer.length - 16);
+
+    const decipher = crypto.createDecipheriv('aes-128-gcm', keybuffer, iv, {authTagLength: 16});
+
+    decipher.setAAD(aadBuffer);
+    decipher.setAuthTag(tag);
+
+    const decrypted = Buffer.concat([decipher.update(cipheredtext), decipher.final()]);
+
+    return decrypted.toString('hex');
+
+}
+
+/**
+ * Generates an authentication tag by encrypting an empty plaintext.
+ * @param {string} system_title - Hex string representing the system title.
+ * @param {string} frame_counter - Hex string representing the frame counter.
+ * @param {string} encryption_key - Hex string encryption key.
+ * @param {string} authentication_key - Hex string authentication key.
+ * @param {string} stoc - Hex string
+ * @returns {string} A truncated auth tag (hex string, last 8 hex characters removed).
+ */
+function authAPDU(system_title, frame_counter, encryption_key,authentication_key,stoc){
+
+    const iv = createIV(system_title, frame_counter);
+    const keybuffer = Buffer.from(encryption_key, 'hex');
+    const aadBuffer = Buffer.from(SECURITY_HEADER.auth + authentication_key + stoc, 'hex');
+
+    const cipher = crypto.createCipheriv('aes-128-gcm', keybuffer, iv, {authTagLength: 16});
+
+    cipher.setAAD(aadBuffer);
+
+    // Encrypt an empty plaintext buffer
+    cipher.update(Buffer.alloc(0));
+    cipher.final();
+
+    const tag = cipher.getAuthTag().toString('hex');
+
+    // Truncate last 8 hex characters
+    return tag.slice(0, tag.length - 8);
+
+}
+
+module.exports = {
+    createIV,
+    encryptAPDU,
+    decryptAPDU,
+    authAPDU,
+    SECURITY_HEADER,
+};