def test_vis_change_current_pin_12():
"""
Test generation of offline PIN script with VIS PIN block with current PIN
Both PINs are 12 digits long.
Master Key Derivation = Option A
SMI/SMC using Visa Session Key Derivation
PIN encipherment with mandatory Visa padding
"""
# Verify issuer master key check digits
iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF")
assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358"
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = b"1234567890123456"
psn = b"01"
icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn)
assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("FFFF")
sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46"
sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47"
# Encrypt new PIN
pin_block = sm.format_vis_pin_block(icc_mk_ac, b"999999999999",
b"888888888888")
assert pin_block.hex().upper() == "841111112A5E67F1"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.VISA)
assert command_data.hex().upper() == "622066A74F1E974AEE671384F0D3A7B9"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000110")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "829AC5DE4B88074D"
def test_vis_change_change_current_pin(pin: Union[bytes, str],
current_pin: Union[bytes, str]) -> None:
"""
Test generation of offline PIN script with VIS PIN block with current PIN
Master Key Derivation = Option A
SMI/SMC using Visa Session Key Derivation
PIN encipherment with mandatory Visa padding
"""
# Verify issuer master key check digits
iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF")
assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358"
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = "1234567890123456"
psn = "01"
icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn)
assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("FFFF")
sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46"
sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47"
# Encrypt new PIN
pin_block = sm.format_vis_pin_block(icc_mk_ac, pin, current_pin)
assert pin_block.hex().upper() == "8C1199FFC4B001F1"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.VISA)
assert command_data.hex().upper() == "C29371CC36BA70C1EE671384F0D3A7B9"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000110")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "6AB3AD15D8B0621A"
def test_derive_visa_sm_sk_exception() -> None:
# ISS MK < 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key must be a double length DES key",
):
kd.derive_visa_sm_sk(icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAA"),
atc=bytes.fromhex("FFFF"))
# ISS MK > 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key must be a double length DES key",
):
kd.derive_visa_sm_sk(
icc_mk=bytes.fromhex(
"AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC"),
atc=bytes.fromhex("FFFF"),
)
# ATC < 2 bytes
with pytest.raises(
ValueError,
match="ATC value must be 2 bytes long",
):
kd.derive_visa_sm_sk(
icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
atc=bytes.fromhex("FF"),
)
# ATC > 2 bytes
with pytest.raises(
ValueError,
match="ATC value must be 2 bytes long",
):
kd.derive_visa_sm_sk(
icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
atc=bytes.fromhex("FFFFFF"),
)
def test_derive_visa_sm_sk() -> None:
"""
Verify visa session key derivation for secure messaging.
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("FEDCBA98765432100123456789ABCDEF")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "7B83"
# Derive ICC master key
pan = "1234567890123456"
icc_mk = kd.derive_icc_mk_b(iss_mk, pan)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "F010"
# Verify AC session key
atc = bytes.fromhex("001C")
arqc = bytes.fromhex("29CCA15AE665FA2E")
sk_sm = kd.derive_visa_sm_sk(icc_mk, atc)
assert tools.key_check_digits(sk_sm, 2).hex().upper() == "DB10"
# Command MAC generation using Session Key
command_header = bytes.fromhex("8418000008")
mac = sm.generate_command_mac(sk_sm, command_header + atc + arqc)
assert mac.hex().upper() == "DB56BA60087CEFD3"