PAYMENT-CRYPTOGRAPHY-DATA

DecryptData

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptEncryptionMode := [ "ECB", "CBC" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]
enum_EncryptionMode := [ "ECB", "CBC", "CFB", "CFB1", "CFB8", "CFB64", "CFB128", "OFB" ]
enum_PaddingType := [ "PKCS1", "OAEP_SHA1", "OAEP_SHA256", "OAEP_SHA512" ]

valid {
    input.Body.CipherText == STRING
    input.Body.DecryptionAttributes.Asymmetric.PaddingType == enum_PaddingType[_]
    input.Body.DecryptionAttributes.Dukpt.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.DecryptionAttributes.Dukpt.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.DecryptionAttributes.Dukpt.InitializationVector == STRING
    input.Body.DecryptionAttributes.Dukpt.KeySerialNumber == STRING
    input.Body.DecryptionAttributes.Dukpt.Mode == enum_DukptEncryptionMode[_]
    input.Body.DecryptionAttributes.Symmetric.InitializationVector == STRING
    input.Body.DecryptionAttributes.Symmetric.Mode == enum_EncryptionMode[_]
    input.Body.DecryptionAttributes.Symmetric.PaddingType == enum_PaddingType[_]
    input.ReqMap.KeyIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EncryptData

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptEncryptionMode := [ "ECB", "CBC" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]
enum_EncryptionMode := [ "ECB", "CBC", "CFB", "CFB1", "CFB8", "CFB64", "CFB128", "OFB" ]
enum_PaddingType := [ "PKCS1", "OAEP_SHA1", "OAEP_SHA256", "OAEP_SHA512" ]

valid {
    input.Body.EncryptionAttributes.Asymmetric.PaddingType == enum_PaddingType[_]
    input.Body.EncryptionAttributes.Dukpt.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.EncryptionAttributes.Dukpt.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.EncryptionAttributes.Dukpt.InitializationVector == STRING
    input.Body.EncryptionAttributes.Dukpt.KeySerialNumber == STRING
    input.Body.EncryptionAttributes.Dukpt.Mode == enum_DukptEncryptionMode[_]
    input.Body.EncryptionAttributes.Symmetric.InitializationVector == STRING
    input.Body.EncryptionAttributes.Symmetric.Mode == enum_EncryptionMode[_]
    input.Body.EncryptionAttributes.Symmetric.PaddingType == enum_PaddingType[_]
    input.Body.PlainText == STRING
    input.ReqMap.KeyIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GenerateCardValidationData

valid {
    input.Body.GenerationAttributes.AmexCardSecurityCodeVersion1.CardExpiryDate == STRING
    input.Body.GenerationAttributes.AmexCardSecurityCodeVersion2.CardExpiryDate == STRING
    input.Body.GenerationAttributes.AmexCardSecurityCodeVersion2.ServiceCode == STRING
    input.Body.GenerationAttributes.CardHolderVerificationValue.ApplicationTransactionCounter == STRING
    input.Body.GenerationAttributes.CardHolderVerificationValue.PanSequenceNumber == STRING
    input.Body.GenerationAttributes.CardHolderVerificationValue.UnpredictableNumber == STRING
    input.Body.GenerationAttributes.CardVerificationValue1.CardExpiryDate == STRING
    input.Body.GenerationAttributes.CardVerificationValue1.ServiceCode == STRING
    input.Body.GenerationAttributes.CardVerificationValue2.CardExpiryDate == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationCode.ApplicationTransactionCounter == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationCode.PanSequenceNumber == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationCode.TrackData == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationCode.UnpredictableNumber == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationValue.ApplicationTransactionCounter == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationValue.CardExpiryDate == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationValue.PanSequenceNumber == STRING
    input.Body.GenerationAttributes.DynamicCardVerificationValue.ServiceCode == STRING
    input.Body.KeyIdentifier == STRING
    input.Body.PrimaryAccountNumber == STRING
    input.Body.ValidationDataLength == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GenerateMac

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]
enum_MacAlgorithm := [ "ISO9797_ALGORITHM1", "ISO9797_ALGORITHM3", "CMAC", "HMAC_SHA224", "HMAC_SHA256", "HMAC_SHA384", "HMAC_SHA512" ]
enum_MajorKeyDerivationMode := [ "EMV_OPTION_A", "EMV_OPTION_B" ]
enum_SessionKeyDerivationMode := [ "EMV_COMMON_SESSION_KEY", "EMV2000", "AMEX", "MASTERCARD_SESSION_KEY", "VISA" ]

valid {
    input.Body.GenerationAttributes.Algorithm == enum_MacAlgorithm[_]
    input.Body.GenerationAttributes.DukptCmac.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.GenerationAttributes.DukptCmac.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.GenerationAttributes.DukptCmac.KeySerialNumber == STRING
    input.Body.GenerationAttributes.DukptIso9797Algorithm1.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.GenerationAttributes.DukptIso9797Algorithm1.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.GenerationAttributes.DukptIso9797Algorithm1.KeySerialNumber == STRING
    input.Body.GenerationAttributes.DukptIso9797Algorithm3.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.GenerationAttributes.DukptIso9797Algorithm3.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.GenerationAttributes.DukptIso9797Algorithm3.KeySerialNumber == STRING
    input.Body.GenerationAttributes.EmvMac.MajorKeyDerivationMode == enum_MajorKeyDerivationMode[_]
    input.Body.GenerationAttributes.EmvMac.PanSequenceNumber == STRING
    input.Body.GenerationAttributes.EmvMac.PrimaryAccountNumber == STRING
    input.Body.GenerationAttributes.EmvMac.SessionKeyDerivationMode == enum_SessionKeyDerivationMode[_]
    input.Body.GenerationAttributes.EmvMac.SessionKeyDerivationValue.ApplicationCryptogram == STRING
    input.Body.GenerationAttributes.EmvMac.SessionKeyDerivationValue.ApplicationTransactionCounter == STRING
    input.Body.KeyIdentifier == STRING
    input.Body.MacLength == INTEGER
    input.Body.MessageData == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GeneratePinData

enum_PinBlockFormatForPinData := [ "ISO_FORMAT_0", "ISO_FORMAT_3" ]

valid {
    input.Body.EncryptionKeyIdentifier == STRING
    input.Body.GenerationAttributes.Ibm3624NaturalPin.DecimalizationTable == STRING
    input.Body.GenerationAttributes.Ibm3624NaturalPin.PinValidationData == STRING
    input.Body.GenerationAttributes.Ibm3624NaturalPin.PinValidationDataPadCharacter == STRING
    input.Body.GenerationAttributes.Ibm3624PinFromOffset.DecimalizationTable == STRING
    input.Body.GenerationAttributes.Ibm3624PinFromOffset.PinOffset == STRING
    input.Body.GenerationAttributes.Ibm3624PinFromOffset.PinValidationData == STRING
    input.Body.GenerationAttributes.Ibm3624PinFromOffset.PinValidationDataPadCharacter == STRING
    input.Body.GenerationAttributes.Ibm3624PinOffset.DecimalizationTable == STRING
    input.Body.GenerationAttributes.Ibm3624PinOffset.EncryptedPinBlock == STRING
    input.Body.GenerationAttributes.Ibm3624PinOffset.PinValidationData == STRING
    input.Body.GenerationAttributes.Ibm3624PinOffset.PinValidationDataPadCharacter == STRING
    input.Body.GenerationAttributes.Ibm3624RandomPin.DecimalizationTable == STRING
    input.Body.GenerationAttributes.Ibm3624RandomPin.PinValidationData == STRING
    input.Body.GenerationAttributes.Ibm3624RandomPin.PinValidationDataPadCharacter == STRING
    input.Body.GenerationAttributes.VisaPin.PinVerificationKeyIndex == INTEGER
    input.Body.GenerationAttributes.VisaPinVerificationValue.EncryptedPinBlock == STRING
    input.Body.GenerationAttributes.VisaPinVerificationValue.PinVerificationKeyIndex == INTEGER
    input.Body.GenerationKeyIdentifier == STRING
    input.Body.PinBlockFormat == enum_PinBlockFormatForPinData[_]
    input.Body.PinDataLength == INTEGER
    input.Body.PrimaryAccountNumber == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ReEncryptData

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptEncryptionMode := [ "ECB", "CBC" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]
enum_EncryptionMode := [ "ECB", "CBC", "CFB", "CFB1", "CFB8", "CFB64", "CFB128", "OFB" ]
enum_PaddingType := [ "PKCS1", "OAEP_SHA1", "OAEP_SHA256", "OAEP_SHA512" ]

valid {
    input.Body.CipherText == STRING
    input.Body.IncomingEncryptionAttributes.Dukpt.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.IncomingEncryptionAttributes.Dukpt.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.IncomingEncryptionAttributes.Dukpt.InitializationVector == STRING
    input.Body.IncomingEncryptionAttributes.Dukpt.KeySerialNumber == STRING
    input.Body.IncomingEncryptionAttributes.Dukpt.Mode == enum_DukptEncryptionMode[_]
    input.Body.IncomingEncryptionAttributes.Symmetric.InitializationVector == STRING
    input.Body.IncomingEncryptionAttributes.Symmetric.Mode == enum_EncryptionMode[_]
    input.Body.IncomingEncryptionAttributes.Symmetric.PaddingType == enum_PaddingType[_]
    input.Body.OutgoingEncryptionAttributes.Dukpt.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.OutgoingEncryptionAttributes.Dukpt.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.OutgoingEncryptionAttributes.Dukpt.InitializationVector == STRING
    input.Body.OutgoingEncryptionAttributes.Dukpt.KeySerialNumber == STRING
    input.Body.OutgoingEncryptionAttributes.Dukpt.Mode == enum_DukptEncryptionMode[_]
    input.Body.OutgoingEncryptionAttributes.Symmetric.InitializationVector == STRING
    input.Body.OutgoingEncryptionAttributes.Symmetric.Mode == enum_EncryptionMode[_]
    input.Body.OutgoingEncryptionAttributes.Symmetric.PaddingType == enum_PaddingType[_]
    input.Body.OutgoingKeyIdentifier == STRING
    input.ReqMap.IncomingKeyIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TranslatePinData

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]

valid {
    input.Body.EncryptedPinBlock == STRING
    input.Body.IncomingDukptAttributes.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.IncomingDukptAttributes.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.IncomingDukptAttributes.KeySerialNumber == STRING
    input.Body.IncomingKeyIdentifier == STRING
    input.Body.IncomingTranslationAttributes.IsoFormat0.PrimaryAccountNumber == STRING
    input.Body.IncomingTranslationAttributes.IsoFormat1 == {}
    input.Body.IncomingTranslationAttributes.IsoFormat3.PrimaryAccountNumber == STRING
    input.Body.IncomingTranslationAttributes.IsoFormat4.PrimaryAccountNumber == STRING
    input.Body.OutgoingDukptAttributes.DukptKeyDerivationType == enum_DukptDerivationType[_]
    input.Body.OutgoingDukptAttributes.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.OutgoingDukptAttributes.KeySerialNumber == STRING
    input.Body.OutgoingKeyIdentifier == STRING
    input.Body.OutgoingTranslationAttributes.IsoFormat0.PrimaryAccountNumber == STRING
    input.Body.OutgoingTranslationAttributes.IsoFormat1 == {}
    input.Body.OutgoingTranslationAttributes.IsoFormat3.PrimaryAccountNumber == STRING
    input.Body.OutgoingTranslationAttributes.IsoFormat4.PrimaryAccountNumber == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

VerifyAuthRequestCryptogram

enum_MajorKeyDerivationMode := [ "EMV_OPTION_A", "EMV_OPTION_B" ]

valid {
    input.Body.AuthRequestCryptogram == STRING
    input.Body.AuthResponseAttributes.ArpcMethod1.AuthResponseCode == STRING
    input.Body.AuthResponseAttributes.ArpcMethod2.CardStatusUpdate == STRING
    input.Body.AuthResponseAttributes.ArpcMethod2.ProprietaryAuthenticationData == STRING
    input.Body.KeyIdentifier == STRING
    input.Body.MajorKeyDerivationMode == enum_MajorKeyDerivationMode[_]
    input.Body.SessionKeyDerivationAttributes.Amex.PanSequenceNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Amex.PrimaryAccountNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Emv2000.ApplicationTransactionCounter == STRING
    input.Body.SessionKeyDerivationAttributes.Emv2000.PanSequenceNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Emv2000.PrimaryAccountNumber == STRING
    input.Body.SessionKeyDerivationAttributes.EmvCommon.ApplicationTransactionCounter == STRING
    input.Body.SessionKeyDerivationAttributes.EmvCommon.PanSequenceNumber == STRING
    input.Body.SessionKeyDerivationAttributes.EmvCommon.PrimaryAccountNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Mastercard.ApplicationTransactionCounter == STRING
    input.Body.SessionKeyDerivationAttributes.Mastercard.PanSequenceNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Mastercard.PrimaryAccountNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Mastercard.UnpredictableNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Visa.PanSequenceNumber == STRING
    input.Body.SessionKeyDerivationAttributes.Visa.PrimaryAccountNumber == STRING
    input.Body.TransactionData == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

VerifyCardValidationData

valid {
    input.Body.KeyIdentifier == STRING
    input.Body.PrimaryAccountNumber == STRING
    input.Body.ValidationData == STRING
    input.Body.VerificationAttributes.AmexCardSecurityCodeVersion1.CardExpiryDate == STRING
    input.Body.VerificationAttributes.AmexCardSecurityCodeVersion2.CardExpiryDate == STRING
    input.Body.VerificationAttributes.AmexCardSecurityCodeVersion2.ServiceCode == STRING
    input.Body.VerificationAttributes.CardHolderVerificationValue.ApplicationTransactionCounter == STRING
    input.Body.VerificationAttributes.CardHolderVerificationValue.PanSequenceNumber == STRING
    input.Body.VerificationAttributes.CardHolderVerificationValue.UnpredictableNumber == STRING
    input.Body.VerificationAttributes.CardVerificationValue1.CardExpiryDate == STRING
    input.Body.VerificationAttributes.CardVerificationValue1.ServiceCode == STRING
    input.Body.VerificationAttributes.CardVerificationValue2.CardExpiryDate == STRING
    input.Body.VerificationAttributes.DiscoverDynamicCardVerificationCode.ApplicationTransactionCounter == STRING
    input.Body.VerificationAttributes.DiscoverDynamicCardVerificationCode.CardExpiryDate == STRING
    input.Body.VerificationAttributes.DiscoverDynamicCardVerificationCode.UnpredictableNumber == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationCode.ApplicationTransactionCounter == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationCode.PanSequenceNumber == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationCode.TrackData == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationCode.UnpredictableNumber == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationValue.ApplicationTransactionCounter == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationValue.CardExpiryDate == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationValue.PanSequenceNumber == STRING
    input.Body.VerificationAttributes.DynamicCardVerificationValue.ServiceCode == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

VerifyMac

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_DukptKeyVariant := [ "BIDIRECTIONAL", "REQUEST", "RESPONSE" ]
enum_MacAlgorithm := [ "ISO9797_ALGORITHM1", "ISO9797_ALGORITHM3", "CMAC", "HMAC_SHA224", "HMAC_SHA256", "HMAC_SHA384", "HMAC_SHA512" ]
enum_MajorKeyDerivationMode := [ "EMV_OPTION_A", "EMV_OPTION_B" ]
enum_SessionKeyDerivationMode := [ "EMV_COMMON_SESSION_KEY", "EMV2000", "AMEX", "MASTERCARD_SESSION_KEY", "VISA" ]

valid {
    input.Body.KeyIdentifier == STRING
    input.Body.Mac == STRING
    input.Body.MacLength == INTEGER
    input.Body.MessageData == STRING
    input.Body.VerificationAttributes.Algorithm == enum_MacAlgorithm[_]
    input.Body.VerificationAttributes.DukptCmac.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.VerificationAttributes.DukptCmac.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.VerificationAttributes.DukptCmac.KeySerialNumber == STRING
    input.Body.VerificationAttributes.DukptIso9797Algorithm1.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.VerificationAttributes.DukptIso9797Algorithm1.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.VerificationAttributes.DukptIso9797Algorithm1.KeySerialNumber == STRING
    input.Body.VerificationAttributes.DukptIso9797Algorithm3.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.VerificationAttributes.DukptIso9797Algorithm3.DukptKeyVariant == enum_DukptKeyVariant[_]
    input.Body.VerificationAttributes.DukptIso9797Algorithm3.KeySerialNumber == STRING
    input.Body.VerificationAttributes.EmvMac.MajorKeyDerivationMode == enum_MajorKeyDerivationMode[_]
    input.Body.VerificationAttributes.EmvMac.PanSequenceNumber == STRING
    input.Body.VerificationAttributes.EmvMac.PrimaryAccountNumber == STRING
    input.Body.VerificationAttributes.EmvMac.SessionKeyDerivationMode == enum_SessionKeyDerivationMode[_]
    input.Body.VerificationAttributes.EmvMac.SessionKeyDerivationValue.ApplicationCryptogram == STRING
    input.Body.VerificationAttributes.EmvMac.SessionKeyDerivationValue.ApplicationTransactionCounter == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

VerifyPinData

enum_DukptDerivationType := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256" ]
enum_PinBlockFormatForPinData := [ "ISO_FORMAT_0", "ISO_FORMAT_3" ]

valid {
    input.Body.DukptAttributes.DukptDerivationType == enum_DukptDerivationType[_]
    input.Body.DukptAttributes.KeySerialNumber == STRING
    input.Body.EncryptedPinBlock == STRING
    input.Body.EncryptionKeyIdentifier == STRING
    input.Body.PinBlockFormat == enum_PinBlockFormatForPinData[_]
    input.Body.PinDataLength == INTEGER
    input.Body.PrimaryAccountNumber == STRING
    input.Body.VerificationAttributes.Ibm3624Pin.DecimalizationTable == STRING
    input.Body.VerificationAttributes.Ibm3624Pin.PinOffset == STRING
    input.Body.VerificationAttributes.Ibm3624Pin.PinValidationData == STRING
    input.Body.VerificationAttributes.Ibm3624Pin.PinValidationDataPadCharacter == STRING
    input.Body.VerificationAttributes.VisaPin.PinVerificationKeyIndex == INTEGER
    input.Body.VerificationAttributes.VisaPin.VerificationValue == STRING
    input.Body.VerificationKeyIdentifier == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}