def test_vis_change_current_pin_12(): """ Test generation of offline PIN script with VIS PIN block with current PIN Both PINs are 12 digits long. Master Key Derivation = Option A SMI/SMC using Visa Session Key Derivation PIN encipherment with mandatory Visa padding """ # Verify issuer master key check digits iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF") assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358" iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = b"1234567890123456" psn = b"01" icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn) assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("FFFF") sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46" sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47" # Encrypt new PIN pin_block = sm.format_vis_pin_block(icc_mk_ac, b"999999999999", b"888888888888") assert pin_block.hex().upper() == "841111112A5E67F1" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.VISA) assert command_data.hex().upper() == "622066A74F1E974AEE671384F0D3A7B9" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000110") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "829AC5DE4B88074D"
def test_vis_change_change_current_pin(pin: Union[bytes, str], current_pin: Union[bytes, str]) -> None: """ Test generation of offline PIN script with VIS PIN block with current PIN Master Key Derivation = Option A SMI/SMC using Visa Session Key Derivation PIN encipherment with mandatory Visa padding """ # Verify issuer master key check digits iss_mk_ac = bytes.fromhex("FEDCBA98765432100123456789ABCDEF") assert tools.key_check_digits(iss_mk_ac, 3).hex().upper() == "7B8358" iss_mk_smc = bytes.fromhex("11111111111111112222222222222222") assert tools.key_check_digits(iss_mk_smc, 3).hex().upper() == "D2B91C" iss_mk_smi = bytes.fromhex("0123456789ABCDEFFEDCBA9876543210") assert tools.key_check_digits(iss_mk_smi, 3).hex().upper() == "08D7B4" # Derive ICC master keys pan = "1234567890123456" psn = "01" icc_mk_ac = kd.derive_icc_mk_a(iss_mk_ac, pan, psn) assert tools.key_check_digits(icc_mk_ac, 3).hex().upper() == "C5CACD" icc_mk_smc = kd.derive_icc_mk_a(iss_mk_smc, pan, psn) assert tools.key_check_digits(icc_mk_smc, 3).hex().upper() == "6B0F76" icc_mk_smi = kd.derive_icc_mk_a(iss_mk_smi, pan, psn) assert tools.key_check_digits(icc_mk_smi, 3).hex().upper() == "02396B" # Verify SMC/SMI session key # Common Session Key Derivation Option r = bytes.fromhex("FFFF") sk_smc = kd.derive_visa_sm_sk(icc_mk_smc, r) assert tools.key_check_digits(sk_smc, 3).hex().upper() == "BD7C46" sk_smi = kd.derive_visa_sm_sk(icc_mk_smi, r) assert tools.key_check_digits(sk_smi, 3).hex().upper() == "A41D47" # Encrypt new PIN pin_block = sm.format_vis_pin_block(icc_mk_ac, pin, current_pin) assert pin_block.hex().upper() == "8C1199FFC4B001F1" command_data = sm.encrypt_command_data(sk_smc, pin_block, sm.EncryptionType.VISA) assert command_data.hex().upper() == "C29371CC36BA70C1EE671384F0D3A7B9" # Script MAC generated using Session Key command_header = bytes.fromhex("8424000110") mac = sm.generate_command_mac(sk_smi, command_header + command_data) assert mac.hex().upper() == "6AB3AD15D8B0621A"
def test_derive_visa_sm_sk_exception() -> None: # ISS MK < 16 bytes with pytest.raises( ValueError, match="ICC Master Key must be a double length DES key", ): kd.derive_visa_sm_sk(icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAA"), atc=bytes.fromhex("FFFF")) # ISS MK > 16 bytes with pytest.raises( ValueError, match="ICC Master Key must be a double length DES key", ): kd.derive_visa_sm_sk( icc_mk=bytes.fromhex( "AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC"), atc=bytes.fromhex("FFFF"), ) # ATC < 2 bytes with pytest.raises( ValueError, match="ATC value must be 2 bytes long", ): kd.derive_visa_sm_sk( icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"), atc=bytes.fromhex("FF"), ) # ATC > 2 bytes with pytest.raises( ValueError, match="ATC value must be 2 bytes long", ): kd.derive_visa_sm_sk( icc_mk=bytes.fromhex("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"), atc=bytes.fromhex("FFFFFF"), )
def test_derive_visa_sm_sk() -> None: """ Verify visa session key derivation for secure messaging. """ # Verify issuer master key check digits iss_mk = bytes.fromhex("FEDCBA98765432100123456789ABCDEF") assert tools.key_check_digits(iss_mk, 2).hex().upper() == "7B83" # Derive ICC master key pan = "1234567890123456" icc_mk = kd.derive_icc_mk_b(iss_mk, pan) assert tools.key_check_digits(icc_mk, 2).hex().upper() == "F010" # Verify AC session key atc = bytes.fromhex("001C") arqc = bytes.fromhex("29CCA15AE665FA2E") sk_sm = kd.derive_visa_sm_sk(icc_mk, atc) assert tools.key_check_digits(sk_sm, 2).hex().upper() == "DB10" # Command MAC generation using Session Key command_header = bytes.fromhex("8418000008") mac = sm.generate_command_mac(sk_sm, command_header + atc + arqc) assert mac.hex().upper() == "DB56BA60087CEFD3"