def test_vis_change_current_pin_12():
"""
Test generation of offline PIN script with VIS PIN block with current PIN
Both PINs are 12 digits long.
Master Key Derivation = Option A
SMI/SMC using Visa Session Key Derivation
PIN encipherment with mandatory Visa padding
"""
# Verify issuer master key check digits
iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF")
assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358"
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = b"1234567890123456"
psn = b"01"
icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn)
assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("FFFF")
sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46"
sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47"
# Encrypt new PIN
pin_block = sm.format_vis_pin_block(icc_mk_ac, b"999999999999",
b"888888888888")
assert pin_block.hex().upper() == "841111112A5E67F1"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.VISA)
assert command_data.hex().upper() == "622066A74F1E974AEE671384F0D3A7B9"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000110")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "829AC5DE4B88074D"
def test_vis_change_change_current_pin(pin: Union[bytes, str],
current_pin: Union[bytes, str]) -> None:
"""
Test generation of offline PIN script with VIS PIN block with current PIN
Master Key Derivation = Option A
SMI/SMC using Visa Session Key Derivation
PIN encipherment with mandatory Visa padding
"""
# Verify issuer master key check digits
iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF")
assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358"
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = "1234567890123456"
psn = "01"
icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn)
assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("FFFF")
sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46"
sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47"
# Encrypt new PIN
pin_block = sm.format_vis_pin_block(icc_mk_ac, pin, current_pin)
assert pin_block.hex().upper() == "8C1199FFC4B001F1"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.VISA)
assert command_data.hex().upper() == "C29371CC36BA70C1EE671384F0D3A7B9"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000110")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "6AB3AD15D8B0621A"
def test_format_vis_pin_block_exception() -> None:
# PIN < 4 bytes
with pytest.raises(
ValueError,
match="PIN must be between 4 and 12 digits long",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
pin=b"123",
)
# PIN > 12 bytes
with pytest.raises(
ValueError,
match="PIN must be between 4 and 12 digits long",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
pin=b"1234567890123",
)
# ICC MK AC < 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key for AC must be a double length DES key",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAA"),
pin=b"123456789012",
)
# ICC MK AC > 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key for AC must be a double length DES key",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC"),
pin=b"123456789012",
)
# Current PIN < 4 bytes
with pytest.raises(
ValueError,
match="PIN must be between 4 and 12 digits long",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
pin=b"1234",
current_pin=b"123",
)
# Current PIN > 12 bytes
with pytest.raises(
ValueError,
match="PIN must be between 4 and 12 digits long",
):
sm.format_vis_pin_block(
icc_mk_ac=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
pin=b"1234",
current_pin=b"1234567890123",
)