Lua - Generating key, iv, hmac_key attributes to be used in encryption/decryption

Question

I would really appreciate it if someone could sanity check my code, as I’m trying to use Lua to interact with my TV and create a secure pairing/connection.. Using content online from various sources, I have the following..

1. I send a url pin code request to the TV, which it presents on the screen e.g 1234 and also provides me back a Challenge Key will be something like this..

        <?xml version="1.0" encoding="utf-8"?>
            <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
            <s:Body>
                <u:X_DisplayPinCodeResponse xmlns:u="urn:panasonic-com:service:p00NetworkControl:1">
                <X_ChallengeKey>iL9XqQOMfkFWz2rvh0Xm+w==</X_ChallengeKey>
                </u:X_DisplayPinCodeResponse>
            </s:Body>
            </s:Envelope>

2. I then extract that challenge key and use it in the following way to create the other key values to do the eventual encryption.. Here is all that code below..

local bit = require("bit")
local mime = require("mime")
local binascii = require("binascii")

local data = "<X_PinCode>5852</X_PinCode>"
local challenge_key = "6Sj5RAitzqplQ860TviWLw=="

print(challenge_key)
local iv = mime.b64(challenge_key)
print("iv = " ..iv)
local iv_HEX = binascii.hexlify(challenge_key)
print("iv_HEX = " ..iv_HEX)

local iv_vals = { iv:byte(1, -1) }
local key_vals = {}

    for i = 1, 16, 4 do
        key_vals[ i ] = bit.band(bit.bnot(iv_vals[ i + 3 ]), 0xFF)
        key_vals[ i + 1 ] = bit.band(bit.bnot(iv_vals[ i + 2 ]), 0xFF)
        key_vals[ i + 2 ] = bit.band(bit.bnot(iv_vals[ i + 1 ]), 0xFF)
        key_vals[ i + 3 ] = bit.band(bit.bnot(iv_vals[ i ]), 0xFF)
    end

local key = string.char(unpack(key_vals))
print("Key = "..key)
local key_HEX = binascii.hexlify(key)
print("key_HEX = "..key_HEX)

local hmac_key_mask = binascii.unhexlify('15C95AC2B08AA7EB4E228F811E34D04FA54BA7DCAC9879FA8ACDA3FC244F3854')
local hmac_key_mask_vals = { hmac_key_mask:byte(1, -1) }
local hmac_vals = {}

    for i = 1, 32, 4 do
        hmac_vals[ i ] = bit.bxor(hmac_key_mask_vals[ i ], iv_vals[ bit.band(i + 1, 0xF) + 1 ])
        hmac_vals[ i + 1 ] = bit.bxor(hmac_key_mask_vals[ i + 1 ], iv_vals[ bit.band(i + 2, 0xF) + 1 ])
        hmac_vals[ i + 2 ] = bit.bxor(hmac_key_mask_vals[ i + 2 ], iv_vals[ bit.band(i - 1, 0xF) + 1 ])
        hmac_vals[ i + 3 ] = bit.bxor(hmac_key_mask_vals[ i + 3 ], iv_vals[ bit.band(i, 0xF) + 1 ])
    end

local hmac_key = string.char(unpack(hmac_vals))
print("hmac_key = "..hmac_key)
local hmac_key_HEX = binascii.hexlify(hmac_key)
print("hmac_key_HEX = "..hmac_key_HEX)

local payload = '000000000000'
local n = #data

    payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF))
    payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF))
    payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF))
    payload = payload .. string.char(bit.band(n, 0xFF))
    payload = payload .. data

print("payload = "..payload)

The above returns the following, which I’m struggling to take forward - please could someone let me know if these look right?

6Sj5RAitzqplQ860TviWLw==     
iv = NlNqNVJBaXR6cXBsUTg2MFR2aVdMdz09     
iv_HEX = 36536A35524169747A71706C51383630547669574C773D3D     
Key = Ž±“±½µ©±É­§žŒ½§œ     
key_HEX = 8EB193B1BDB5A9B1C9ADA79E8CBDA79C     
hmac_key = [¸®úÈé½îÙ\G³ë:é°æÚ7¬Øû¤f<[     
hmac_key_HEX = 5BB814AEFAC8E9BD1C14EED95C47B317EB3AE9B0E6DA37ACD8FBC2A4663C5B0C     
payload = 0000000000005852     

From here I then need to find an alternative way using in Lua to do the following encrypt and decrypt functions.. (Any help on ways to do these too would be appreciated.)

aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil , 1) 
    ciphertext = aes_cbc:encrypt(payload)

aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 0) 
    decrypted = aes_cbc:decrypt(encdec.base64dec(data))