def test_generate_command_mac():
"""
Test generation of script command data MAC
Master Key Derivation = Option A
SMI using Common Session Key Derivation (EMV SU-46)
MAC generation script command is padded with 0x80
"""
# Verify issuer master key check digits
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = b"1234567890123456"
psn = b"01"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 2).hex().upper() == "0239"
# Verify SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("ABCDEF1234567890")
sk_smi = kd.derive_common_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 2).hex().upper() == "F088"
# Script MAC generated using Session Key
script_command = bytes.fromhex("8424000008")
mac = sm.generate_command_mac(sk_smi, script_command)
assert mac.hex().upper() == "CF323F09A0F6AB9E"
def test_derive_icc_mk_a_no_psn(pan: Union[bytes, str]) -> None:
"""
Verify ICC MK derivation method A with a zero PSN.
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using ICC Master Key
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
icc_mk = kd.derive_icc_mk_a(iss_mk, pan)
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "3F4F"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "8698A7319324FD93"
# ARPC Method 1 using ICC Master Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc)
assert arpc.hex().upper() == "BEA11C8F4A47EF6F"
def test_derive_icc_mk_b_pan18() -> None:
"""
Verify ICC MK derivation method B using 18 digit PAN.
Master Key Derivation = Option B
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 2
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "123456789012345679"
psn = "00"
icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "C2F3"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "7C35"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "DC95BCE3EBBE0296"
# ARPC Method 2 using Session Key
csu = bytes.fromhex("00000000")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu)
assert arpc.hex().upper() == "ECCA0C4B"
def test_derive_icc_mk_a_psn(pan: Union[bytes, str], psn: Union[bytes,
str]) -> None:
"""
Verify ICC MK derivation method A with non-zero PSN.
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using ICC Master Key
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "19C1FBC83EBDC0D5"
# ARPC Method 1 using ICC Master Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc)
assert arpc.hex().upper() == "78A372523FA35A03"
def test_derive_icc_mk_b_pan17_no_psn(pan: Union[bytes, str]) -> None:
"""
Verify ICC MK derivation method B using 17 digit PAN.
Master Key Derivation = Option B
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 2
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
icc_mk = kd.derive_icc_mk_b(iss_mk, pan)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "4626"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "7F36"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "0BAA251EA8989442"
# ARPC Method 2 using Session Key
csu = bytes.fromhex("00000000")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu)
assert arpc.hex().upper() == "C1C41F3A"
def test_generate_ac_visa_aprc1() -> None:
r"""
Test generate AC with Visa padding (\x00 padding).
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using ICC Master Key
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "9901234567890123"
psn = "45"
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF01")
arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA)
assert arqc.hex().upper() == "2E141C6BC4A20DA8"
# ARPC Method 1 using ICC Master Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc)
assert arpc.hex().upper() == "16A49AAB314B9262"
def test_derive_icc_mk_b_pan16() -> None:
"""
Verify ICC MK derivation method B using incompatible
PAN length. Method B is applicable only if PAN is
17-19 digits long.
Master Key Derivation = Option B
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 2
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "1234567890123456"
icc_mk = kd.derive_icc_mk_b(iss_mk, pan)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "BAB0"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "BC19"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "0CE77D211CB5459A"
# ARPC Method 2 using Session Key
csu = bytes.fromhex("00000000")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu)
assert arpc.hex().upper() == "8CD9AA5D"
def test_generate_ac_default_emv_arpc1() -> None:
r"""
Test generate AC with default EMV padding (\x80 padding).
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using ICC Master Key
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key.
pan = "9901234567890123"
psn = "45"
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "4B46013359B7A58B"
# ARPC Method 1 using ICC Master Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc)
assert arpc.hex().upper() == "F8C9CECAABD55AD1"
def test_generate_arpc2_no_prop_auth_data() -> None:
r"""
Test generate ARPC using method 2 without prop auth data.
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key
ARPC Method = 2
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "9901234567890123"
psn = "45"
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.EMV)
assert arqc.hex().upper() == "4B46013359B7A58B"
# ARPC Method 2 using ICC Master Key
csu = bytes.fromhex("00000000")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu)
assert arpc.hex().upper() == "7DFB1188"
def test_generate_ac_visa_aprc1_no_padding_required() -> None:
r"""
Test generate AC with Visa padding (\x00 padding).
However, no padding is required. The data is already multiple of 8.
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using ICC Master Key
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "9901234567890123"
psn = "45"
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "1DA5"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "0995"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text, ac.PaddingType.VISA)
assert arqc.hex().upper() == "922F3E83125EB46B"
# ARPC Method 1 using ICC Master Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(icc_mk, arqc, arpc_rc)
assert arpc.hex().upper() == "8AE6E836084B0E80"
def test_derive_icc_mk_b_pan17_psn():
"""
Verify ICC MK derivation method B using 17 digit PAN.
Master Key Derivation = Option B
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 2
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = b"12345678901234567"
psn = b"45"
icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "0BAF"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "4262"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "5760EE07B4FA65D1"
# ARPC Method 2 using Session Key
csu = bytes.fromhex("00000000")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu)
assert arpc.hex().upper() == "106B81D9"
def test_mastercard_pin_change_12():
"""
Test generation of offline PIN script with ISO format 2 PIN block
PIN is 12 digits long.
Master Key Derivation = Option A
SMI/SMC using Common Session Key Derivation (EMV SU-46)
PIN encipherment with optional padding when block is not
multiple of 8. However, no padding takes place because PIN
block is 8 bytes long.
"""
# Verify issuer master key check digits
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = b"1234567890123456"
psn = b"01"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("ABCDEF1234567890")
sk_smc = kd.derive_common_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "D694B8"
sk_smi = kd.derive_common_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "F088F8"
# Encrypt new PIN
pin_block = sm.format_iso9564_2_pin_block(b"999999999999")
assert pin_block.hex().upper() == "2C999999999999FF"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.MASTERCARD)
assert command_data.hex().upper() == "99AD3AF9EB3ECF0C"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000210")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "1471D88C6393BE21"
def test_ccd_pin_change(pin: Union[bytes, str]) -> None:
"""
Test generation of offline PIN script with ISO format 2 PIN block'
Common Core Definition. Mandatory padding.
Master Key Derivation = Option A
SMI/SMC using Common Session Key Derivation (EMV SU-46)
PIN encipherment with optional padding when block is not
multiple of 8. However, no padding takes place because PIN
block is 8 bytes long.
"""
# Verify issuer master key check digits
iss_mk_smc = bytes.fromhex("11111111111111112222222222222222")
assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C"
iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4"
# Derive ICC master keys
pan = "1234567890123456"
psn = "01"
icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn)
assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76"
icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn)
assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B"
# Verify SMC/SMI session key
# Common Session Key Derivation Option
r = bytes.fromhex("ABCDEF1234567890")
sk_smc = kd.derive_common_sk(icc_mk_smc, r)
assert tools.key_check_digits(sk_smc, 3).hex().upper() == "D694B8"
sk_smi = kd.derive_common_sk(icc_mk_smi, r)
assert tools.key_check_digits(sk_smi, 3).hex().upper() == "F088F8"
# Encrypt new PIN
pin_block = sm.format_iso9564_2_pin_block(pin)
assert pin_block.hex().upper() == "249999FFFFFFFFFF"
command_data = sm.encrypt_command_data(sk_smc, pin_block,
sm.EncryptionType.EMV)
assert command_data.hex().upper() == "28367E05DE3381C29D30A6055A8DEB86"
# Script MAC generated using Session Key
command_header = bytes.fromhex("8424000210")
mac = sm.generate_command_mac(sk_smi, command_header + command_data)
assert mac.hex().upper() == "69DA1EE208823022"
def test_derive_common_sk_exception() -> None:
# ISS MK < 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key must be a double length DES key",
):
kd.derive_common_sk(
icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAA"),
r=bytes.fromhex("FFFFFFFFFFFFFFFF"),
)
# ISS MK > 16 bytes
with pytest.raises(
ValueError,
match="ICC Master Key must be a double length DES key",
):
kd.derive_common_sk(
icc_mk=bytes.fromhex(
"AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC"),
r=bytes.fromhex("FFFFFFFFFFFFFFFF"),
)
# R < 8 bytes
with pytest.raises(
ValueError,
match="Diversification value must be 8 bytes long",
):
kd.derive_common_sk(
icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
r=bytes.fromhex("FFFFFFFFFFFFFF"),
)
# R > 8 bytes
with pytest.raises(
ValueError,
match="Diversification value must be 8 bytes long",
):
kd.derive_common_sk(
icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"),
r=bytes.fromhex("FFFFFFFFFFFFFFFFFF"),
)
def test_derive_icc_mk_b_sha_pad() -> None:
"""
Verify ICC MK derivation method B where the algorithm
is forced to convert sha digest letters into numbers.
Master Key Derivation = Option B
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 2
Note: in this test sha1 does not produce 16 digits.
Use decimalisation table to convert hexchars to digits.
e -> 4
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "000000000000000005"
psn = "23"
icc_mk = kd.derive_icc_mk_b(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "DD73"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("001C000000000000")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "04F8"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("00000000400000000000000001248000048000012"
"41911050152BF45851800001C06011203A0B800")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "8CAD6F2489C640B1"
# ARPC Method 2 using Session Key
arqc = bytes.fromhex("8CAD6F2489C640B1")
csu = bytes.fromhex("00000000")
prop_auth_data = bytes.fromhex("12345678")
arpc = ac.generate_arpc_2(sk_ac, arqc, csu, prop_auth_data)
assert arpc.hex().upper() == "E39F1876"
def test_derive_common_sk() -> None:
"""
Verify common session key derivation using algorithm
type where both ARQC and ARPC are verified using derived
session key.
Master Key Derivation = Option A
ARQC verification using Common Session Key Derivation
ARPC generation using Common Session Key Derivation
ARPC Method = 1
"""
# Verify issuer master key check digits
iss_mk = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210")
assert tools.key_check_digits(iss_mk, 2).hex().upper() == "08D7"
# Derive ICC master key
pan = "12345678901234567"
psn = "45"
icc_mk = kd.derive_icc_mk_a(iss_mk, pan, psn)
assert tools.key_check_digits(icc_mk, 2).hex().upper() == "FF08"
# Verify AC session key
# Common Session Key Derivation Option
r = bytes.fromhex("1234567890123456")
sk_ac = kd.derive_common_sk(icc_mk, r)
assert tools.key_check_digits(sk_ac, 2).hex().upper() == "DF82"
# ARQC validation using Session Key
cipher_text = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF")
arqc = ac.generate_ac(sk_ac, cipher_text)
assert arqc.hex().upper() == "19C1FBC83EBDC0D5"
# ARPC Method 1 using Session Key
arpc_rc = bytes.fromhex("0000")
arpc = ac.generate_arpc_1(sk_ac, arqc, arpc_rc)
assert arpc.hex().upper() == "C3620580668E5B65"
