def test_derive_icc_mk_a_no_psn(pan: Union[bytes, str]) -> None: """ Verify ICC MK derivation method A with a zero PSN. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key icc_mk = kd.derive_icc_mk_a(iss_mk, pan) # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "3F4F" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "8698A7319324FD93" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "BEA11C8F4A47EF6F"
def test_derive_icc_mk_b_pan18() -> None: """ Verify ICC MK derivation method B using 18 digit PAN. Master Key Derivation = Option B ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "123456789012345679" psn = "00" icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "C2F3" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "7C35" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "DC95BCE3EBBE0296" # ARPC Method 2 using Session Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "ECCA0C4B"
def test_derive_icc_mk_a_psn(pan: Union[bytes, str], psn: Union[bytes, str]) -> None: """ Verify ICC MK derivation method A with non-zero PSN. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "19C1FBC83EBDC0D5" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "78A372523FA35A03"
def test_derive_icc_mk_b_pan17_no_psn(pan: Union[bytes, str]) -> None: """ Verify ICC MK derivation method B using 17 digit PAN. Master Key Derivation = Option B ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key icc_mk = kd.derive_icc_mk_b(iss_mk, pan) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "4626" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "7F36" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "0BAA251EA8989442" # ARPC Method 2 using Session Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "C1C41F3A"
def test_generate_ac_visa_aprc1() -> None: r""" Test generate AC with Visa padding (\x00 padding). Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF01") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA) assert arqc.hex().upper() == "2E141C6BC4A20DA8" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "16A49AAB314B9262"
def test_derive_icc_mk_b_pan16() -> None: """ Verify ICC MK derivation method B using incompatible PAN length. Method B is applicable only if PAN is 17-19 digits long. Master Key Derivation = Option B ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "1234567890123456" icc_mk = kd.derive_icc_mk_b(iss_mk, pan) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "BAB0" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "BC19" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "0CE77D211CB5459A" # ARPC Method 2 using Session Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "8CD9AA5D"
def test_generate_ac_default_emv_arpc1() -> None: r""" Test generate AC with default EMV padding (\x80 padding). Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key. pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "4B46013359B7A58B" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "F8C9CECAABD55AD1"
def test_generate_arpc2_no_prop_auth_data() -> None: r""" Test generate ARPC using method 2 without prop auth data. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.EMV) assert arqc.hex().upper() == "4B46013359B7A58B" # ARPC Method 2 using ICC Master Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "7DFB1188"
def test_generate_ac_visa_aprc1_no_padding_required() -> None: r""" Test generate AC with Visa padding (\x00 padding). However, no padding is required. The data is already multiple of 8. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA) assert arqc.hex().upper() == "922F3E83125EB46B" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "8AE6E836084B0E80"
def test_derive_icc_mk_b_pan17_psn(): """ Verify ICC MK derivation method B using 17 digit PAN. Master Key Derivation = Option B ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = b"12345678901234567" psn = b"45" icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "0BAF" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "4262" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "5760EE07B4FA65D1" # ARPC Method 2 using Session Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "106B81D9"
def test_generate_ac_exception() -> None: # SK < 16 bytes with pytest.raises( ValueError, match="Session Key must be a double length DES key", ): ac.generate_ac( sk_ac=bytes.fromhex("AAAAAAAAAAAAAAAA"), data=bytes.fromhex("12345678901214"), ) # SK > 16 bytes with pytest.raises( ValueError, match="Session Key must be a double length DES key", ): ac.generate_ac( sk_ac=bytes.fromhex( "AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC"), data=bytes.fromhex("12345678901214"), ) # Invalid padding type with pytest.raises( TypeError, match="Padding type must be PaddingType Enum, not dict", ): ac.generate_ac( sk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"), data=bytes.fromhex("12345678901214"), padding_type={}, # type: ignore )
def test_derive_icc_mk_b_sha_pad() -> None: """ Verify ICC MK derivation method B where the algorithm is forced to convert sha digest letters into numbers. Master Key Derivation = Option B ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 2 Note: in this test sha1 does not produce 16 digits. Use decimalisation table to convert hexchars to digits. e -> 4 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "000000000000000005" psn = "23" icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "DD73" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("001C000000000000") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "04F8" # ARQC validation using Session Key cipher_text = bytes.fromhex("00000000400000000000000001248000048000012" "41911050152BF45851800001C06011203A0B800") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "8CAD6F2489C640B1" # ARPC Method 2 using Session Key arqc = bytes.fromhex("8CAD6F2489C640B1") csu = bytes.fromhex("00000000") prop_auth_data = bytes.fromhex("12345678") arpc = ac.generate_arpc_2(sk_ac, arqc, csu, prop_auth_data) assert arpc.hex().upper() == "E39F1876"
def test_derive_common_sk() -> None: """ Verify common session key derivation using algorithm type where both ARQC and ARPC are verified using derived session key. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "12345678901234567" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "19C1FBC83EBDC0D5" # ARPC Method 1 using Session Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(sk_ac, arqc, arpc_rc) assert arpc.hex().upper() == "C3620580668E5B65"