def test_gmac2():
encryption_key = bytes.fromhex("000102030405060708090A0B0C0D0E0F")
authentication_key = bytes.fromhex("D0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF")
security_control = SecurityControlField(
security_suite=0, authenticated=True, encrypted=False
)
client_invocation_counter = int.from_bytes(bytes.fromhex("00000001"), "big")
client_system_title = bytes.fromhex("4D4D4D0000000001")
# server_system_title = bytes.fromhex("4D4D4D0000BC614E")
# server_invocation_counter = int.from_bytes(bytes.fromhex("01234567"), "big")
# client_to_server_challenge = bytes.fromhex("4B35366956616759")
server_to_client_challenge = bytes.fromhex("503677524A323146")
iv = client_system_title + client_invocation_counter.to_bytes(4, "big")
assert iv == bytes.fromhex("4D4D4D000000000100000001")
# Construct an AES-GCM Cipher object with the given key and iv
encryptor = Cipher(
algorithms.AES(encryption_key),
modes.GCM(initialization_vector=iv, tag=None, min_tag_length=12),
).encryptor()
# associated_data will be authenticated but not encrypted,
# it must also be passed in on decryption.
associated_data = (
security_control.to_bytes() + authentication_key + server_to_client_challenge
)
assert associated_data == bytes.fromhex(
"10D0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF503677524A323146"
)
encryptor.authenticate_additional_data(associated_data)
# Encrypt the plaintext and get the associated ciphertext.
# GCM does not require padding.
ciphertext = encryptor.update(b"") + encryptor.finalize()
# dlms uses a tag lenght of 12 not the default of 16. Since we have set the minimum
# tag length to 12 it is ok to truncated the tag.
tag = encryptor.tag[:12]
assert ciphertext == b""
result = ciphertext + tag
assert result == bytes.fromhex("1A52FE7DD3E72748973C1E28")
