def test_derive_icc_mk_a_no_psn(pan: Union[bytes, str]) -> None: """ Verify ICC MK derivation method A with a zero PSN. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key icc_mk = kd.derive_icc_mk_a(iss_mk, pan) # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "3F4F" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "8698A7319324FD93" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "BEA11C8F4A47EF6F"
def test_generate_command_mac(): """ Test generation of script command data MAC Master Key Derivation = Option A SMI using Common Session Key Derivation (EMV SU-46) MAC generation script command is padded with 0x80 """ # Verify issuer master key check digits iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 2).hex().upper() == "08D7" # Derive ICC master key pan = b"1234567890123456" psn = b"01" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 2).hex().upper() == "0239" # Verify SMI session key # Common Session Key Derivation Option r = bytes.fromhex("ABCDEF1234567890") sk_smi = kd.derive_common_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 2).hex().upper() == "F088" # Script MAC generated using Session Key script_command = bytes.fromhex("8424000008") mac = sm.generate_command_mac(sk_smi, script_command) assert mac.hex().upper() == "CF323F09A0F6AB9E"
def test_generate_ac_visa_aprc1() -> None: r""" Test generate AC with Visa padding (\x00 padding). Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF01") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA) assert arqc.hex().upper() == "2E141C6BC4A20DA8" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "16A49AAB314B9262"
def test_derive_icc_mk_a_psn(pan: Union[bytes, str], psn: Union[bytes, str]) -> None: """ Verify ICC MK derivation method A with non-zero PSN. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "19C1FBC83EBDC0D5" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "78A372523FA35A03"
def test_generate_ac_default_emv_arpc1() -> None: r""" Test generate AC with default EMV padding (\x80 padding). Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key. pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "4B46013359B7A58B" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "F8C9CECAABD55AD1"
def test_generate_arpc2_no_prop_auth_data() -> None: r""" Test generate ARPC using method 2 without prop auth data. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key ARPC Method = 2 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.EMV) assert arqc.hex().upper() == "4B46013359B7A58B" # ARPC Method 2 using ICC Master Key csu = bytes.fromhex("00000000") arpc = ac.generate_arpc_2(sk_ac, arqc, csu) assert arpc.hex().upper() == "7DFB1188"
def test_generate_ac_visa_aprc1_no_padding_required() -> None: r""" Test generate AC with Visa padding (\x00 padding). However, no padding is required. The data is already multiple of 8. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using ICC Master Key ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "9901234567890123" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA) assert arqc.hex().upper() == "922F3E83125EB46B" # ARPC Method 1 using ICC Master Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc) assert arpc.hex().upper() == "8AE6E836084B0E80"
def test_vis_change_current_pin_12(): """ Test generation of offline PIN script with VIS PIN block with current PIN Both PINs are 12 digits long. Master Key Derivation = Option A SMI/SMC using Visa Session Key Derivation PIN encipherment with mandatory Visa padding """ # Verify issuer master key check digits iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF") assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358" iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = b"1234567890123456" psn = b"01" icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn) assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("FFFF") sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46" sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47" # Encrypt new PIN pin_block = sm.format_vis_pin_block(icc_mk_ac, b"999999999999", b"888888888888") assert pin_block.hex().upper() == "841111112A5E67F1" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.VISA) assert command_data.hex().upper() == "622066A74F1E974AEE671384F0D3A7B9" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000110") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "829AC5DE4B88074D"
def test_vis_change_change_current_pin(pin: Union[bytes, str], current_pin: Union[bytes, str]) -> None: """ Test generation of offline PIN script with VIS PIN block with current PIN Master Key Derivation = Option A SMI/SMC using Visa Session Key Derivation PIN encipherment with mandatory Visa padding """ # Verify issuer master key check digits iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF") assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358" iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = "1234567890123456" psn = "01" icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn) assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("FFFF") sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46" sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47" # Encrypt new PIN pin_block = sm.format_vis_pin_block(icc_mk_ac, pin, current_pin) assert pin_block.hex().upper() == "8C1199FFC4B001F1" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.VISA) assert command_data.hex().upper() == "C29371CC36BA70C1EE671384F0D3A7B9" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000110") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "6AB3AD15D8B0621A"
def test_mastercard_pin_change_12(): """ Test generation of offline PIN script with ISO format 2 PIN block PIN is 12 digits long. Master Key Derivation = Option A SMI/SMC using Common Session Key Derivation (EMV SU-46) PIN encipherment with optional padding when block is not multiple of 8. However, no padding takes place because PIN block is 8 bytes long. """ # Verify issuer master key check digits iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = b"1234567890123456" psn = b"01" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("ABCDEF1234567890") sk_smc = kd.derive_common_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "D694B8" sk_smi = kd.derive_common_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "F088F8" # Encrypt new PIN pin_block = sm.format_iso9564_2_pin_block(b"999999999999") assert pin_block.hex().upper() == "2C999999999999FF" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.MASTERCARD) assert command_data.hex().upper() == "99AD3AF9EB3ECF0C" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000210") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "1471D88C6393BE21"
def test_ccd_pin_change(pin: Union[bytes, str]) -> None: """ Test generation of offline PIN script with ISO format 2 PIN block' Common Core Definition. Mandatory padding. Master Key Derivation = Option A SMI/SMC using Common Session Key Derivation (EMV SU-46) PIN encipherment with optional padding when block is not multiple of 8. However, no padding takes place because PIN block is 8 bytes long. """ # Verify issuer master key check digits iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = "1234567890123456" psn = "01" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("ABCDEF1234567890") sk_smc = kd.derive_common_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "D694B8" sk_smi = kd.derive_common_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "F088F8" # Encrypt new PIN pin_block = sm.format_iso9564_2_pin_block(pin) assert pin_block.hex().upper() == "249999FFFFFFFFFF" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.EMV) assert command_data.hex().upper() == "28367E05DE3381C29D30A6055A8DEB86" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000210") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "69DA1EE208823022"
def test_derive_common_sk() -> None: """ Verify common session key derivation using algorithm type where both ARQC and ARPC are verified using derived session key. Master Key Derivation = Option A ARQC verification using Common Session Key Derivation ARPC generation using Common Session Key Derivation ARPC Method = 1 """ # Verify issuer master key check digits iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7" # Derive ICC master key pan = "12345678901234567" psn = "45" icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08" # Verify AC session key # Common Session Key Derivation Option r = bytes.fromhex("1234567890123456") sk_ac = kd.derive_common_sk(icc_mk, r) assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82" # ARQC validation using Session Key cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF") arqc = ac.generate_ac(sk_ac, cipher_text) assert arqc.hex().upper() == "19C1FBC83EBDC0D5" # ARPC Method 1 using Session Key arpc_rc = bytes.fromhex("0000") arpc = ac.generate_arpc_1(sk_ac, arqc, arpc_rc) assert arpc.hex().upper() == "C3620580668E5B65"