From db1905ba3c2e45899bdd21fa9663cc05741fb15a Mon Sep 17 00:00:00 2001
From: Trammell hudson <hudson@trmm.net>
Date: Wed, 15 Jul 2020 14:03:33 +0200
Subject: [PATCH] tpm2-pcr-validate: test various attestation failures

Signed-off-by: Trammell hudson <hudson@trmm.net>
---
 sbin/tpm2-pcr-validate |  10 ++++++---
 tests/pcrs-t490.txt    |   6 +++++
 tests/quote-t490.tgz   | Bin 0 -> 15334 bytes
 tests/test-verify.sh   |  50 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 tests/pcrs-t490.txt
 create mode 100644 tests/quote-t490.tgz
 create mode 100755 tests/test-verify.sh

diff --git a/sbin/tpm2-pcr-validate b/sbin/tpm2-pcr-validate
index 63247355..684135a4 100755
--- a/sbin/tpm2-pcr-validate
+++ b/sbin/tpm2-pcr-validate
@@ -26,7 +26,7 @@ with open(sys.argv[1]) as f:
 	pcrs = load(f, Loader=Loader)["pcrs"][alg]
 
 fail = False
-verbose = True
+verbose = False
 pcr_list = []
 
 for pcr in pcrs:
@@ -38,8 +38,10 @@ for pcr in pcrs:
 
 pcr_list = "%s:%s" % (alg, ",".join(pcr_list))
 
-for filename in sys.argv[2:0]:
-	with open(sys.argv[2]) as f:
+for filename in sys.argv[2:]:
+	with open(filename) as f:
+		if verbose:
+			print("%s: Reading PCRs" % (filename))
 		quote = load(f, Loader=Loader)["pcrs"][alg]
 
 	for pcr in pcrs:
@@ -50,6 +52,8 @@ for filename in sys.argv[2:0]:
 		elif good_pcr != quote[pcr]:
 			print("%s: PCR%d mismatch %x" % (filename, pcr, quote[pcr]), file=sys.stderr)
 			fail = True
+		elif verbose:
+			print("%s: PCR%d: %s matches %s" % (filename, pcr, quote[pcr], good_pcr))
 
 if fail:
 	print("%s: FAILED VALIDATION" % (pcr_list), file=sys.stderr)
diff --git a/tests/pcrs-t490.txt b/tests/pcrs-t490.txt
new file mode 100644
index 00000000..e625d94f
--- /dev/null
+++ b/tests/pcrs-t490.txt
@@ -0,0 +1,6 @@
+pcrs:
+  sha256:
+    0 : 0x3FBF10A9DD919CD821C71C71B203F3839233120537798917F53714F1EFF7F036
+    1 : 0x6BAD0D93219F5B1E3BA7031BAB290ECA4D973AE6468145847A49D44BCC0905BD
+    2 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
+    4 : 0xC28F2726BA0A11B9FBA161419FF95BE3DA6CA9ADDC286D5FA1E1E9EC0B79DC35
diff --git a/tests/quote-t490.tgz b/tests/quote-t490.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5be21fb65d645df1812d0caf9c60d865737b4aae
GIT binary patch
literal 15334
zcmV<CI~l|uiwFP{=?-521MFG}I8<%_KC{?n>@#+0NRo;(3qsNu6k}iVO2uI83}cX9
zvW3dts!|bBq?O8+Hd&HNBvNRxL<l7b-;B}ww*5cf_5Z%=`>xA9*O})$+x;x(xqs(5
z=lm#M%6@@Pz)uCpgc^Y`6Eg8_2x9RdfW@nWcvWU893B9%pqd&8V8EZ-Ej9uJ7!*1N
z1JG$S#y=}JSN{Jh76C|r0|;WC2?FBGa~Lzk^jqE%aVD!KWWCzW@Zu*YmIYmnUtn)=
z6ma7+A1WB&0x%M4ex;k&js3YS>n>@`=EUoyl*6%-Tt>ZOxg{5cdT_SCdsy@M*FgO*
z&_6+)@P+=dGx}Foo!9@b07Mgj%&7hXfQj}$;HJ0z;s?o;x<rGVX8B3WW?xQAq|0z-
zs}vsXkq2-B5daAg<Yw0d>d<{laufRavtvK57>jmrIN8f_?f_(&{WJ5GysGw+N_43*
zZSJSCA>L0G9Xn+uNR^UWKe>F$sye{3uVw!W+<H+synYWfBf>R8W{amvY-i-S;eMK-
zQcO`&o{?w5MUOy>(nY>;b$@>7N3D&MPVKZ-?-_Qjkjd#=vaoH0@whPTLs`$!g$0xw
z89VN*QM+h&hkktT0i8E>LpRr)okU+Ug9}mrkgO%3L!|>Lerq|Bw>3Y4b>Pe+_I?cL
zDHhSrs#v^fd1+-kD0OnoL?XVgJ{B%;y<vA~kS$R!<uP<LYNT)Ynd$)gkfcw~1NYR4
zi3}z2v#*XFp`j1xy&7t=JO7(6-G2m3{X5ft^1_}&|9C9;<^3OI-~aLR`u`OGqu@zk
z6f7tM28BSOXits<CH~D_4^Q*A9c|l}X@4;BB?9E*<WY)U7dyrWfgm{m&<2YHc{pJ<
za84AIv<@o+O0yyel!%qJiH9?tM)jsTGw3v559a`k>3XaJD9_4=p%yUnG1lfL7=1Fv
z(3e4_`%qmxC=4owM8trqpo|zFb|n^vC9qe;1~ER|mr>@jh=Ry{*%t^00E>bMu+kCG
zD9F4$g2EsGBr6JXia8@W;6moCFIWT@2Sp>$l1~mA6~({W%3D(mbjQd@lCH%%g1W2%
z7`PUw0jhJtnWq4#0<PfXUd9RG;NXHnL}lF>3_nd3mEhoD<p74VGtEbZdHGc6R6kmP
z2ZKfrQ335(96}JtG~5g{$tHt_SWyto$>A2s0fq1)JzO+Z@u~!Z9uCBcfg<d5C@-&-
zH6Fjt+I$^x9SQuq0&J!Nb335HyxuE8Hx@My+!5Riim?j_V);Q{UKmapghBu)6xaol
z*crlDO>iYMjoFV37y<&xWc~riS$|oAAipRKuZ%@N;0OqmSs+^g<P+s!E~^!|nFIjj
zXEh|i8Uq{#<-mZvtT>7lhcXwPAS<>Q&I5AIw8aepjXqBi1Oi_Tt^zeb$3bYU^6Zoa
zP@MzmRAo1BniIu4z{AaVX7&OYJ`6t}s+Wf^15{<%-EX7?W36Is<CQY@W>R-L(w&=B
z7Q$_L&t&ROrnl(AwS+#rD8FY8Z0+>^5SxO6%j~}UP!XA3w6L_1BkD~cRN^`1#6F(&
zjF=6l`z#Ty(?_?ZY>&uFZyN^;R;2px7nrhnc-pY1CXygkt~^n<SjkvCd*pJpalLN6
z-*N7069q6gf1-PZlYh7Uv9~q;4g43MG&{fTFo`zJ^H`z022wg2fLN{5dO+yRN~(N|
zwDVPd3m>5AHhN**`$~-wizIQtFxI})%cHjQ!=3Q9wd9p!1MBZ}KR$Wn@TtSpCWQ@y
zxI8CaFTt*6`zvnSZkYwzmnm{iE;EIfziZUBd-6Ja8Ew7xSY9CK^gRBD@VoC{^Z57R
zOY?Q6{^U01dj4bPez*SvvGe=CUjd4fvkTSrclTl*zYG3>GzL|f7WgyQ_MGp3)d=6b
z|HTqiar65B6_~art&I=|<N#zVYOSMpA+_Uzek7^e<0zs;HM5&Yc;8>SPcB<^LH<Di
zmVbAUSp&v=;5!4bUK|4e90C{u+<F-zaRBRu5E3TF3^A9hL=0@RkF=}Apvpu~bVf;6
zX%v-+lp@w9CnuKjw`u;?0ng(ru=VffO#g{(%%OiQ4*$LWaccAW{}q5R4<s<7+uzy;
zIP<^&Iu(Mao~EWhmaUTZzW^JF-i;ULP!HKD_D&uBc5rM+Z7wDZ;8no4NA{S#j8-m8
zDt{?|t;qq+E`vz@?OP2S$#py&<#RJ=>nBXv)WKda)YB1hy4s)kPCBsD=-9nObV8<%
zL{f;y+zdC8mnf7Vgo-CJDa2#r_Agq!PZhK&`Z#2E_Vyz~+Eo9wS((Q?em>atKfuH7
zC$=%?{tx@@_kSz_OPII+zXYsr{urUYiGA>i6JjBQu@NmR0v!^XRLlfyFElE+`nxYR
zdSnM+7@qIPKHZCe@7|oZ2G#svtu>*9e=u)Y%c}4?BesrE@w<mHkN+R2K~!IcH|=N2
ze@5p7!gso#4OLauRMo%LKb|oE{r{H%_J5==W*%04RA-E#9!8(FPCz_61IqgP!rHT;
zS;m8%#yykHN}LXVhfBSADAPH(CX)1G_~GVbS1uue7cmtL&Eg7qj}Pce%3rY1vQI{h
z#cC9W83q#1A&@X9G_$TLfMY&S>I2q*8h{0CKU1@~BiP(ozS)?m>xTvRy|a;YG+M0N
zuuJhE63BlAVF;90<qBust{fd8j({D{(f1$Vstr2r)={%6+XQD=KEJGn{58P8d3Ozj
zFP6VoMb7X|$TFxc$dG6i2}1%7g1KO)oI~!WHJ6TPwg%G=R0Yv3?u9M55`3s;Rln5}
zHt*0ZFXs<<J9X1Ld`s^nJbj~ymnx(AB%OSlfCMC*mfv4m7%J@gaJi_kPMoj!ewl;9
z^@F8dpH7fkO^F<A-nLm@_z!rqcoyWjr=Q(nj>1ncgn}Zs!loZ0f%YN^uYd{K`-fbV
zc%pJ6Dq?AQamx~g*3i@sRUuq0Bo=SPlV|^A9{P@0+>ca&m7`$t`z%~5WL`f~$wdOj
z@uOW&yON(dzSC-5^0Zen=*}f&a_2UcaQ^D}{)neM?Ec=I<>mPSZ`1u^($&MQBYOKf
zl7?NvUMSqZ9n74E^x+LJg3|)rI@06AIlIdeWrt{=yrd5orWI^>+%lcb=3P0<yZ$d;
z$X{!1-zVvMK1PU6^XNwX(%Xf-g-fFakbw2^@m_6l>!L+k=POAS9iO5O+?uq$V*fN!
zK$~c*WZJ^&A(3Qmh|wcj6Tc=*6Y1~fyLrAn{CU1#!nD_(ru=)7NTA+1%)QJiu2}j^
z_4`OeM-99DqPOLT%!H38-9DKgDR%cOLM}Gp?8qA@AG|eLLo_t$ORh<|WkqUO62^@L
z>OPS#D(=YAFWdFHwZvwbQ`kX5LQqg-K9>0IoXnbRe%3PrrTt}m?VbjqJU*Z!4Yn)+
z@x|y_umY%nGY|;SnV~K~WBwQb<m<+d`^oN=7b?F!DCp_n{*p@xB2f~J1fDibk<12Q
zdVGd4&|n)MbbMfQ?c}XCyPgxFb^QgBt0!RJHx8X`w0YK8m;+=W)9zZ%%e}cqaYgwe
z8<!2yKj)P)!~Lc=R#nM8Chl-f(r9bDaSx1w<$_VrWVW9H571YHYV<na=KHO4f#(;_
z1xDsrAy9x7;pXKgQ+z3Ilwiu|BraZVJDL~Go#I2mqCw#q7X)6UG1ZqAM8g;}T$Hg3
z!38sp2fU(Rq+-m;EPn$Wh{er#9N<7ToCX%e6Yy#q#Q5;6C}B4GOZzgHZ^NbZO-{}a
z9|T*v9&~stCmic9C36O?DNdf|wVs?9zPiD%F*DavCfu7`<%p=iQ5Keuy5!m`d^0p~
z<k__moWzyQ!|8YaNONroK=&M`DP3?Oi0W`1z9R8)dCenE8`Iz-*;fJH(3~~rM=xOG
z9$LwNSf1yjo42vBG^f9wV`-)Co(<BC-TCdCqy6H7Pugw4H`cy2@Vs_39j*gAin0_y
zpjJKE>$S-k%@ZIdiPY@s&(vR_nUi;D^jYCWk+)pck3M#s1P@+L%DO+THC!{kBOZI{
z_$0z)bXxIDWl`&D-8~A24wdKeTmLZ?cNUWoT&LZ+-*Pz36o*#6(DOzMvi0#Ewr_(u
zXgV{I3;5xpaP)L=J6X)wKb|ozcBG%6ohZS-cimTR4?irx{=5(80AUcw^p8Hk`%%xH
zO<7!E^C&f^t35Si=U_69Tr_aIDXA2dMB1cHH`O##IN^3qas53{>DS-@H)TbbZo<cB
zj|Q5w_VOxH+Re;{revR-xVvSS0GFae)6=5nJ@m91U+RwGoXe+f2J%yd%bIYFo9b^o
zpl&YqHa!V&l_+ijck%iaS^r^PB)4dFJH@Ocb-+<-?RNUuYmXeoTC;bWm&N&4SHxlC
z5P~h0gnS@OkgK=k#v9@(;<bv`N24aJkHi#5syRU3rb`xI*?3;Grq?(^cndLvt7qIt
z=*{vSN!onn-iyQ>r5~-8dcVw~@KTgTXwBvZ$HjK5La6wKnkf;BYOkj$`=XOlgT6K)
z_1cJ$oKYc4K%ns33<i(hM**$fNT8Bbh7Q_%YBNFViWH(gsz-B-C)9l)W|7BAD=u~8
zl#ODD?@h?(ZN}T#8w8nor~lrFw9FPOXNH%mPKSpJr<<m4;uc6dNYZB-kyA_~lKR<*
z?6V|A?b<+9{?>?i{pW;>0cF_275h@SWc?po5mh|lODn>P{@TvWWk$MkH08Q<2<8c7
z$-ZX&K~LL11!Qz?$bT$3??(!GQUE!sEZW)OI+0KmDbS4BzPCzC{Dyag?0P|)v@@ou
z1V{BWVhCR^S!2~@>+9wk=2Kkvj>z5Ok#A7<cDd$)SNDx;7;=(Iy66RdsCj?a<YWkR
z`Sj5o@5wze0bUup65dsPRTpm&3!?WXLz)q$gN*Z>vSvHg6FqC~cYj>9@n$tA&(lh1
zy+g2tcdyTMY`mT}*Z!u5I5CR?v(V^E1)Z`NbNud&HC!%eznzV&seiq_ul88yhVjSa
z?k(p#mRj6R$&T&L=;q;VzLoJb-neXVr%pnU%ao!B#hfd?!k`a9DWU$zj6@`jUk};8
z<{8nTnm?3W7-g_Jtnn)|^1}jinvs-G;?hz+Lr|?~J^3ph`PJ<!<nnA<bBA`=KOttq
zOpK0<)0Zbo9yx8blRL_9^uwO@m)%PolvlsHvYniGB|A3r<ktL8R7?LeP*=mon9?`<
z6gd(#H<pI4K{e<uh3wdU^*FM`^C98vstM17)5<DWIk!s1t9_FCll#njXq58H=#_u2
zFIi;ykv8O#gHRvdbWD!NzG9Pi#8iAh*mlto&k0E*`&dGN93nSBM$z~~kYM%3gh_AV
z6d>mOb4}Ml4^e}o!us3#kyzWh)tnB`$n?#OJ7v#aROW5XjS|W$rlt+Asm*0r`$%SN
zG*sB$u3VmFy8va8;85Bn85)&s8ya8nt+2&s_s5?&nBqS4G1v}<Gbwje9PLitLI$Ha
zdYIzA&lWa<f_SiFrY!7RWk;rdp(YzEED98wQ4<PbO9^oI@O5L*e6fNvE?sag6qhB{
z#fRqW@`aD$jE7<X&6R;6(dd3OI)&lEtf2*JuzeJ9Kg`EiyL-@GFy<6GBLrhYp?gso
ze%=&kD#nueP&i`%uq?&nKmr!0!E#(wV@Fk4Q7|&%r}S9~RAl#A_Q!qx+bm$`Gz+(S
zigr~L*eaY;xcRz!!gi}3bQ2d}tI;clQr9_wexJVn@ZuL6oN=K-VrKj=khv>G_9WeY
z*RlQlp~K6&-(609#MAlw8vNvGP`Z8H2&efWmt2eR>KL<ROl<v>O6RfZsB3R}@79l6
zc{*t#NyX0>Pfl@+H{L?$3q4=7GtuvI_5zdsGq2J=ir#3xey6eLmddMx1M=~({>0(<
z*EfwONJ7HMZAEK$d$)DLclN!*!}|mwO8&3Lqfx7-7xSpN2N_J4m|blv@K^dHZ-T!e
zMEm7os#e`nrDLDycE|h9>>hlt`j7U$0xYVnZF|!l0@6sRfaEX?B_ZA2r7+YmbV{fw
zU7`pG64D|ltso$Xgh)s$AtERsBB@A9{G0F`&%lZIyUzPx-*;U+n~A;mJ!{>2?Wfja
ztr_xbP3SY@X0PsEY@fG`sVnl44Dt!RI;Nfb`R*kg<jvzhXHIH>EusP;#m3{rM#Dr4
z5IT;A32G$pi?guUkZDhs$ZkWB^_UFm<zISL9$^Nd`RxM~=$M2j@WIsF6R-ee04WH;
z?&QLqnT2Q}yKa7OX5qfu_|?nE*=Wmr@H0GC+ozs-QV&=3EQ?((#B>M1h^YtBfoP>`
zq^pIf>`ySXbaUWw{CVGZCl|WdBX^GSy0|%8d0Kk7^MYyt>I0~{px%N?3+k#Fs0<Kp
z@Nakap##MHmzj*Z5N(L&FEbfsf0_JwNJZ9e|DcA0^Bcj&d>s_FL=i`g-pV2NgCmBX
zus^-~>t}77+_}s$Pv2<Z0eALA<1ao>DuwK{E|FR-f3W(7j(E0`OXpov)e&ZBMc8N1
zOp|4X)i>1Ch3rsNfj*f&-ve2CzEn}=jg!T>l{^H~51I*REtER#l43u#6;09~&p0s|
z$5_fi7^Sk!eunhYO8@11-4`pdntf(TqGM9(w?>@(97ry`u9F*vX~m0>OkB_(pvH>-
zj*}z(DBWulm*$(R{;RZ*li8tdIh%%luaSu3xBUFST_v9&ii{8o4VoV7sF9f{;0}tt
zVaI8FS$19ffqyeM{nJtH5#ZQrl6akY@dy60tgvot8hqNx{L9&O0io)`CA>s0C_<e#
zqj;)C$|pZHjE=Xn1<l7v&!35mmX{Lsr$Y>^$rxF;5mj#jF&f`JMepaG+R&7e^cm&W
zz_(+&=%hUxkGxbwvJ#5bC0AddL*dW(1A_TLND%&38A%5lu$}Eg?{tVG?Co@5@hK=-
zsK&^YH_vOtsb>!Oy7}$157fMNApaf<g-UDPfXeiha|QyXpENul7n@_S=oH@aVdzVi
zVmuzA>r(ojNPy&WG0d$h!CZ8~XF9W#{(L57Md*tuy5+Kj)6T+aW4G2LeC{+LiJxTA
zGhrpHwo()V{f&#yDM&r-Vd->biRO!@#V-uh1$&@DwW)thFY{tXSc|Z=gX$uYr(|Y_
z2U7$rw+MjtB_X8%fny!jf>-1QUVany)_!Rnl8E-@Rx4w-Dc{)j4RQczE2Zf_D;_VG
zRsFV$7-8-FvxhoBzV~VcS|Dl+dcU7s)*qf+7J|uT{9X(q#FMl19jIp-fq&7KMU6rZ
z|6WSRyz2wNl#cq>lx`=k9F}0hg!uV>NicVJ|2u3zqjs{_go8nE&z=0^46|QfXehVA
z1#!b{&I;j6iRr4L+A<x^Gj&R0`sH}Ghrw)*+2Xyln2517qp>@MHkI6H8=eYJD_o09
zK3QEo;X&DlugY*H?gLy(NazAp*Lxv5m2rrV1%G?`TZwXubfgR$?K7<mcR2aWvRDG&
z%F~P$gkxJ2CRp1+hMA(zQ$I(rDph&_BxWbbvg{(=-x~>J!yZ|<P`0~=UdAi-3cWR%
zxH3^qs{OX#fDKF6FV5l>zc!umB_UD@1z8^Qh(3#ZEK^Wj8+6Agv&Dc;#bRc&*48lP
z5aX}Q+ypO9v2!RzW285~6S=7-)qAszv+_mfb*D8L7dhj*rn;fk)iTT0?ZYz6z(_{j
zIz3Fw?`C&guqD5eB3X@;{^0xP{ckO|Q&CFc+iE)L`nj~nV8QMGKEr%CuHLa;FS7Ju
zS}ax|H#g<BAa&!7JI@q0*=wcQBUzM^g-^<4A+Zc2HxyR<UxbRCUVb`+d#XIGz1ESs
zpM^pajoRIe(MR@`$7b_do{EWR*0o0VPtwO(r_<eM+L8k6*nugws;*D0fe})?c--Hu
zA4Hz29e93&tOCsozM2e&0N&9iCmmQHQ9L?Tq>+<ZD5D!G)<<X(pjqn9=EA0GFKO5}
zdCHD2Rfp)ap{BI?$dmB5EquV}B1u?NcgiB-YqN?V)mzM_)kduFM>lH;+4M#>-oAba
zOCsjBr2VK_@WNDU?pc1n@)fmrS|3iU-FPK$>e?euxAw7bRMRTrhU9Zp>wdIv-3f<V
zcOYop_IuV%f`O-K5e@T<35DGbJ&C9GS4&*LjBRJ_!mddXt2?`S*fPn$-JBhePH;XF
z@PoTnguQ1)eDo07Jp&@&H!D3kd8K{Zf$dr{3^XDbpCBI$y4zI*clkv2cmG?}{+-EI
ziw0J>6i3D?H**wGwUi_>%2|`Mi4j_k;A}47Nw8m@_`<E3+7rPt`1li_?z2nQvkxG2
zZERw`Iv>=oGu8+`s7>=|c#!qktVsqbawq63fqHnW*{KVnG;*naX$6*{#pWj|JXc$t
zc|JCFinb)B&lguG>Nh|Yt`B#gAnxxYvvl3kBrB0#z_*BaWkG90mx7s4jM3Y6I+Rdl
zhBtgL+R-w!#7y1;bHcCt%k84i7uK9_6n*Asyn$hSU5bmiRM6ylbsdgUa0_b^7XKik
zY2cod_D0qcX^B`^#9Fb8c^94}b!1hc>1mq|K$H|xxIozw(p<`9aO_P-Rz8dCTK3ps
zCaZEQClvZ+ewgd#_J%#WUxRFF%FRERtcw3j&HNMh7~9O&sp&kRZQQmNH~!vav2;xO
zd61*&>k1U-CK5P2C8VfZ8??+3^tfExiy`?m29sVmh#}VJX?DG-I-!lYp@`1~M%2^d
zr7_La=cfFxUS(>0eIqW37H-9i_`XOJSW7=8Nk8SY;eO}bSX*nur<61XY&NP?){S=F
zER!#$pJTY|LWH@cDP|z@u~$EKbvXIYWdJAn3jNHz3<G@<#_YES?CG%ZoAmrYq*CV3
zjHC*(p87VNovd6KWAa6r=aVeu=7NF+DN}uANf6s;1LTJmXP^B*GL*n>9Oof>B-#s|
zVn&NNaa)z|cotWdesrYIgioK~I9F5)YpW?Pc|zNXg`iw*Zd+8A-R255zWWZ<WF_}I
zg{QC&>l9*>f@Zt=vr~xM+qjFx{J+#G6oT?Wp)i4;okDPze`gos@Bd%n%n3QO$C>4D
z&cFDDzwZ^^!*x)7DTimLLYVzL^eVO|p$wX?)hOjvoY|Nw1f}k^g!oO$a`5yQl-%*X
zOPuLH)RdB?u0@Mg>TZ6j?!McYO&xJnD#Fw#&=&gix<bpGYc;b*QpDwL*>h1hp{1;f
zg`Q<|EvhG!Y5c|mk{G<b)Ch}fmPvXkd#l$u?`a92U;0rs<c&VGJ%djd|0b}4hJ330
z`6bCq9~jx$TGr?FFVKJTi}QQFAY1AqGV!+5B2ukZ*yW?`DT)^UY+Ru?hR6%OmuKrR
zb#N!ui#b9qapBIE$Bn*}a{BZW!VwWBn->Z~uU3U1G+YhISTI>wIwI$FU4afw0mF;8
zap&wxGSS}r>=j-FTf_~_mwxFLV(p%Toc#S5`i|FFt+Rh})k{Zt@w5<wdIswy5+;{x
zzc>~0f?658ngExS>u)spoZhh9iJ*IZ)Oq|*I*$Ul(%X<%9V-_J3rKAZ1<uGrFS1>p
zCzE26rc-|4=r62jM6S0uWeCfmBnWtLz98W3wLmHCn~xd3VN@>Co~Qe&8NK#MFG!l5
zo~fp^P>bTl^ZbO{%=FPiBpY6-x7}}rwbs;VS7K=rjToe+!)J*m98V8Ql2A!DcVsEo
zs}&`YG2rUnta({o$tkYH$q3!BV@7HuH~UG$HUzP$B5yKDK7W*S+LNul1tV+ueD|cF
zu5YDgSua^PPVG~Vk#{F<UVAf3{hgPB(w_Id&Gq7w6EA}XX1~<&2NdY5P;-B^y^Yh}
zx!|@?_;ffV_zoAdDnI7}iSmMNXjzON)HA~_z)mdd^s(&Of_}`xwgE|_^q}tBsus6c
zXgwINiz^Vz=8P97!vsp!%XM<O{AaSUT$}G!RDGtCwHa5?CBC75^-&t-ozjplTZ!nC
zWxN+|Y6eF&MFp5iWqju$8cpnR@Ek8kmNAE{<8&{7RO^0Qz~!ZL;xts~rGvKH?U3TH
z0&qK;rBYFUP5m4w_f}^3nsf*owO&R*t8wxw<c=;yjzaut-e%TusW@6w^m7yOW5Fh3
z66c;OP`c@TJk3%vcxe&?n<H!GM6`SZK-5PQK1M9SW`W^)JZHX(Ej`^x$b3~eu42^N
zWwlB*Bs6Y$v=Cix&bq!l%MVHEi4&8&lv8aKXowm=aQ5TJ^x=bw{b2m4{TV-SF7EvY
z8TUZ^2>Y-2VkiW%=Znw$etxfG2kJl425Gso_F2l)!`9gi35Jjz<=+b%d=M}t6o!F0
z;cnR2+ZEW^h4=^kSE%wpxb~=?{{6fG(#gu%%l&5ua3^|b{?o`YO!zc&oCj}g^2JI#
zvKnBnLGts@7htyOUYo-XeENbZXmF(`a#6VWVRixcWeXpy?J?zZm;y{LV~vycqbbh?
zJ*Oi0hNE02-U*d?$j7srgqok^s(q($53!=fmg+W*lhaapLR3fK@<i_pTV*KyR%Odc
zJm*~bTXjzHVp6?rS?A89+o{bU8BepD3T|)89LJ9vrFq;rQcw1=-h^$A%^MPF!hvVc
z60T!T$@ScpL8od)Y4I-ndax~?yX^TZnYx_AJ}bvN1<pIrbDDNkr<{y*b}C~X6eMrZ
z=wmCago;YVaD8~$?)CYBuKJ280cNQ6V;Sn)(oshmuNmW0>xvjZBZmywBIo{cJTdPK
zy2uU6#su&7=(SXhqz{+%igf;+knm<%zwPGdOj8TnZt=Kilm3n*>PCqEUP#b@s6kZH
zmC_YL<o=_O0IDyjyr9nRxoU_YH<W)j7#RN&4Add2zps%7gMq|93kH8u_Mu^bV&k%_
z);*tkr_y;5iE1%z5+}}cq~z{fxwc)3IWV<|cr4aAKKW?4Pv5pMkDUGY=M(G|Zy9bz
z4B_?DzEs5*w6VKBL)VWPol8xXom}}*5-NDHvCg=ub{zBh7s}rJ2HSay{9#=OO^9L6
z^yRI%`|3Bo&s+|1H>lTUc83`+W<}^XW4^_~n_Z0@>-g?>qi|uFAOiQtxfTYut2!0a
z&n!pB#QCg?{U^TVw^L@PiRYFi*GqRr2bt+IY=?iTVo->7E_PR!N|Q`8o5<iOJ$B1I
zf|-4x<Gs6xnZ!d=^O+G0(%fFWsqf42!R1%A!fX_1qB4ug#QiyJvAmw%Qnk2LUWfCt
z$~P2-L9Alon>f|F(V;BV!kuk!nSM+BT?L8pdSBxs^kDR}UmguQjU$<b-urhid(vPb
zdSeYPoS_qGp5y+|J}&2O($&-9`;d|*K;E$H!d?GIh$07pZ`Bj$PJI-}#P`Hrrq)k<
z?akGVMK|3QhIaP>=~t|gDnBmEC)mj+nH$%<9X=XTVGDBJBExu<J@}2gYAx=r<Sez^
z*NzBNdx?h_y)M)o_;#aa3f*rk@uA;}`UM#|T#P5Ajc{F6466JB{TG<UzSGyesEm#!
z4wH)wnJQsQe0Hbp#qI3#7JccKxJ)&kq+VCV7v(C`64KfXt~vAPVRm|DThJT%{c#L2
z6|+3Bq+n9o<(+xpu&doG%Pf9U0w7)Xafh;6YtkZFbHY3QIV!e>;OVfH&PqJa0BiKS
zCMQaX4~`-J{1^3g;@`&*y#ZFr#yVBa7|HxRsWrh^8TOxNcjhOe2Ayk<2a$ZWMChBh
za!$~6YcOPMe{w99yq;^WCdC+IoraH!U*ZkST2J}W7enI4erjkOLk`ws5{z@oUi9{r
zd?&gNUsU{y!GVmBkIme8MGrWfukyHu5=mICaH-?YBYf<FNJwf>@q+w8-D-?H1m4Fj
ztb!Vi3JkKS=Vjtq%@w;0Ut}cLUPQ&y&IDDcI9T5!W6FEx>L0HSVJ5QZ>lIT>OtC*>
z%!!YUivQGVJ0&G=k+g6QS-<LJKX0)Hd34#iy4m|l)Y^3n*aRxRAumauDBCLCpux~F
zuw&_aA?_1W5ue#`s0a7LtPY_KD&Fu%9PRw=Oe2{`Kg>>(rjMK(S2b+8fM0<bddAcC
zVS+0vUguUr=8t2{=s6EgygOa!^&#!NGhRF1T&ZRvOKrPR%okLAAM0^H20Pctx>FCM
zGA}>1#^Fjod&&Ovm72C1^W_VR-Kh93%Nh1%zbc)tR@}8$w)vZ~IEF*g%*nSXdAOio
z+a?@Q@n@Q*wI7R}&4}b0n03lEzdSFt{-J8?n6;<rw@(y7%Ce~V=pU2B$Uc6_C<!V;
zTj)?}58f!-X||DaaiyNyZaLpoQSmqzzF=d8>qe%Vmu}6Hz7=D7xs^=Sj&2|KIVZ5<
zn6~f%{HLZ|Lo4T!`6eHXE%p*hG{%#Nt(Z^GI0X|^w?(>AQSo>qX6jmGxHI0Bj$~c_
zr#H(nLZZgfoZVu)wT+UkQ&>^)1W#pR-sbyOBtx?Etv&fFFReesTq7VVnpi8Jj!w7q
zK*bYM$BJC!UKD&N-i4iQIpS(8(pmgHM&8t%*ulQPCj2@oo`~pKtMi$ebZ36rD{kXq
zDr9(9A1U5B%R!Oee@=sxg5&_cW${O1JhNg$YoH+1GfLw1Mic>nQ)$BYN&6;8yU7MB
zp42)2OXtj{Iz-gt`?d6IcRqGq<BWB_@zSG%d66>2HU$+=rGA#cM5ZYR=V`B`1{Umu
zc&CU3q9bm#jF{(S-rE>LR6I35?94Wn#cWyvhQu+&cXJcm&v=v^bxF%Q`<ktKx)1Q@
zOzdQp=84%7G^<r<AY#LHNd2JV>%1-dgV#P94Vfr%0AI^>zvAm4Bio#I`45isT}l<k
zoXOfL=WQ&o{V|L6R#EX>?t}cNs~p=V!e3`MiJ8Re8O_K1SkRo+Z2X9;js5isDxSyX
z79u2P#a)Z>J~iV*5(bwtgC;0X-pSJ3-bzlbq62t{4g0#T7sP<QN?HEOWS6k7?h>;1
zVp_)q&zbO^sN=B*{1xtO)lvb8R5nG1mv1d^(FFts3~`|$@d8pHAeHbz4=P?*s)t!H
z>UdzkDL(oqW^)lW2X%aedHFI<C5A<Hun9UU{#-|L+K9x$U0v<swF~3^^-mTYJ<huO
zxa!?-A-C(0a7V?<B)n}6OucG}bGeK#W<;i%o3}J~DUEf*mssWXpeJPvDqi6gE}ZQn
zc2dabS^Ige*QBd2j2-QV1et9c=(xr>j7L!MT48)!?g3>KT@uHem{}qt%5{Be2y3%m
z)OCH2N`b%yQ1Ql7N?*eCrenuNhMG*?@<<1B@s1$E*C`N!V+~RyoTjLFdj|4r-s4gc
zIZ@M>9$mmTkLgrMoxVQaPBz))_UbY30e|ZdrmGP3#^__LRt4*Ghl<*H&bR^rVS!M$
z?$}kH?$%?dcxMXsZP%6|;x|Q%JeO+Q9$H<lw;o<9jcqSyUBW->eE}8k`YqbIhegRx
zH%s2);i-g;W>O|Ek|lE6sj<P@woOY<RJ@zLM7b`e9b|D;JUPAtW7%aY7rWaf0>kwa
zcjH~IlXVC1qczls&hvNmA0Cew5go1$sD<VZJYcwff!Fa{9DCmYD&Cu|C{d7WeZlog
z!FWmSs7yq+Yn}0Mz2Xy-)z)m4(if<B|J+LJr$N1;_Hk$Obp2o5)}iivKtVQu+ngo3
z$-liYj*1T$676`rj4RV|H=&_Bv_08Ks$KjuDY2n5=UaUt12Y6FKHNAVc$un|!SA(3
zU4{aI>*7}yVT-}-yRXiE9EqV6FG9sf^eGyBy<N5xRrDZ^zz&Yc@AD0Fx+x!PMdil)
z!bq+X6(9K>_Ba)IwQ?LivppKux(#hcR6Jcw;F+e`$fY-yOU$VFs2iE#os;<VI1k;e
z+t}x{W_!iHX*zxm`%%zGTzgHC9u=Q>r`NLa)-%c)k1EniwU}D~<uP~XcR4ayHdfUn
ze8$qK_*7*i6(8J|M{o1<){^;j*bL*=yCO`0(dK#U3Qp-07%D!e>^P&KUT<a*kpi2M
zkNtQy6S3~?`vXW%RYk>M58V5x`1^~zno;V-TLnqDerxL8RroXKKdsC=FXV8>J{vhN
z7ln#1ux0%a=g8XoWzp6&Z176(dr`GEapI4K{x7l2yTuHcQ1OM+g?w6UWbU)KAMhZK
ziOlll1tTD5`C0C)3gP9wG0s567k$LQ|8a%uE&19y|5@}g4TM(F%&}t9p>|ou5mia_
zN2vHRjT4^)Eg1`Jv7$urgfM99Dhb=DusKBNTWyPm#)<S$@f8c+gMpdKjr`1(v0(xf
z?Xg_^MbwkSE@7$x0^ivT1X1yozPRC7DHvv7->5j2i5{!GXk$CLrg!QxdL+A0f4b@*
zD!w{2$M!Rgjbcg}?%Xx4z`9hs_EViyJ}K!IJ!3&{i4U}YBVJ9uf@i_NP|O3CvM1C(
zuE%A_b1_b3Q&ygj;18=m5PzGf>T*lwIQ;3^%W~;d1N&PdO$gc88Q|zR)1PAM<FBIP
zTS)kAs46Dc0uyw}TN1t!xKFcQ9mpW89IL5qLOdLbM8&t+2S-Zwrr)_}c)Tp8PD@$I
zT%)KDm*#C)|9z(f@2wS7e23`zGo!xCpYx+Ol_^&mCD!UsX`QRKHZtfJSU<BQ*@225
zXq!$DSVC|L`f0?szf?lP&r{(jPdT`$Nq3-At}d>l;-|P+rbYFo`%F*Nw|-OTF;Wno
zdwTUz5UuQOXQPkB-3RcS!%pI7z68DW5HC=s8+r+pZPh)xwFZ@p4#|JX&^L6zzinCO
zYIt+C^lp56wYG8WN0*R!XsBV2Mer<{P4YV@N3;X@&QfSMPoj#W;(0Dtgj>WtZKI$9
z)0`8Ylq`%mNfZb4r<IBUt{mk@Mjsn@y=zOaH_?Bsn>No0Lk?d`o2|ad1QoAWnM^bx
zUcIGgocB_w^ISRQy!fs4vcw0MAJWX;w=And#d{6YkYo{sZC?;Yqs9Mp!UE5mkeop0
zLR;vkg|G+$dtOw0vsj4;OF`n2xre;xu+XcxcLm0bZ8-|ObFgEsgCd`UQ1PPZp*j+T
z4P7&|xhLBe@}wRNxE=TDZcMz!-QAEQSdoW{k4>8UzO=6Okzcam+jz8MN0^(o-R6pR
z!~MmqZ`En$N~m}%1Cv2A?<5|I0{vweqjr(~D&d+e;BDkNwV=*z)h~yNmwVY<=!xI?
zRB=N{`-&CWu$5Zjz%8-%h*K?U!AQi&4IE%^LC{{$HyYXMJt>FJuH`O6C!zhKUOREz
zod6g)2fu@v$2%lxK*QZA-mmz@E8?AYwbJ#^Sf`#-R2-xExu6K`54~vCN><NGS11?P
zb0r5=Z^E1Q57;9JfO|R@-s@tcHBMf+;wKPl_L$}KNv_UzT1LtEFwADE=p}BjfG16A
z97|Hea*v(4dtr5*)`a`zFYUjo0@i>N;0#;@A2Q&>39tc>00P+g!alTJ62C1)`t8vE
z+uun3BEOy9`5-##+5heG$3`zJ3;T9Eo;oAGR3?bx$=8dD_=cnefKM`S8)D5ffK9Jw
zq$F+%8AI;1(sIu@VG93FA1#Mm^v?G+p*H&dtf$}B%>CNv+JGnc-UDoONAT#cw*dIr
z+P~a`KWEDmG{;Pc_JXE-ToXAj$b6?Dp^%>d0K#H0+@xENEtYJPz9(9)ovs|rScnPY
zXG*zB6zAk4&<lR{=C!&^4Wbs+9GdP=QoVPTDE7;bJcRA<>za@tXCD-m*<<><!t80x
zALQ5LyHGUr-?R+vw+lP`g8%t_-1#`(Z%q^aI>O-@wv6RO()S1@5jkWhZPrx+;N574
zt&Fww?aPADinK%;YkMvQ;s+Y8ksO(!Pwn3HgfRWWNcQ;Vx3~l@<wTx|r=3h=ae&L`
zD?e`m`fv59VaeDAG(Rq;mI>#V9KJ5zy3v<K0EC^fcS95=vZa=nw9pbF7&eIBWTdj{
zSi~a2Ggb}StW<%6%Q1c~)1%#g{keop18jIJ@D{l3)=UGQrvvB#2H*t12r3sdzyh2^
z;p9UYA~NHQp3^n=VV1Q(N19eNw3Yxc?Ll-Nzmz&NQXQTB(UWjJA?IFMDn03Nf+Oib
zO~_<S&LNy|_qkj|;RM;;_;%~H*c}VsQ)thf`q4P{+VJOxfxTsegU9cT(3i4GWt@J(
z`lT#q2pt_069$+9a)3Ob1it=SiYed@*zTH#Hy{YW03PuAcN7i)u5M$ZT<!R_2sWpR
z#iIm<z-zZ8kwFF=GG^e_Ms=*)rAN`ri({9ZaY0`lG8_#>h&qsGmYF>jtqY|zMf>xs
z<w85`Y9YJzdH@C>4=3=BI0IfFOQzpYOn@2y2hYGkv)H*?hqMIK-WzYGB_;+24b^8&
zl9&QUP=TG6kpHD6)W8}n!4jOo@}0r!_5hFlti=>;rM-8KU_CY<hd;KBfs(qchJns*
zy*qREy?3ue29O2yNE%QE>yQC-0de3GAhN4fa6lMrVJKK1Hy{8$TY(!l*y7fJ5O~Gh
z;CV}M;{)H>0Q?}%0(^#nn-%yF0?QBpc8o%0w?0x}FBTrWM>8snfj{2jJrw^S<k-I;
ztXHOuMoj<=*SLRX565qr6-<VwevtTaf@GGzmq@bx8Tw?(>fKU#hriHBu|qVH59G5`
zFFT+IIxT7Nj_h1F0AS#s0(ykKs{=^P)dDG>+s^s)n1r~H#Xm6iRxEdTeYdyDPVXRR
zHQf%625YFzw|shg%J6*VILv2c1i;nJ$jfBchJOSU8pX-iN(v$5Zktq5iFR{k@lYo-
ze9&?F3(gXUa+X5jEDv)2GuF-v$1}qqWiq)HR-}0HCzKAdPGx12u~Gb1(k-HaS2Jk*
zqoAURiU4>WY?rmsN^og((SxRXzL_q~w~S2qV`%t&e9|WIWnU)yzhEtTC~N86dd~pr
zfIg_N*1Kcx82G0TFb3#p5}|{t>V-+^<x@8*vJX)XO>rY`jU{LGQIB`Eb{+^Q{^)cZ
z0dVZKgWWZWXWN;QJ>4_1JZG^zN!HI=<#U(>Xl3=Z3~~PFlx0vT^Zi50Xa_0J<H_~+
z8Rl+gT%tVTmOLd8vnIAp0F3G3z`Qp4pL@Y@;Fja?j<=`13_hHzHN2>%%fny98S45M
zl%)=(EW1xx3ba`%P&X8Jb>q+4`c{#Jk-lu2)cs0Ejc|_QW%Pr@sr%9FvaVrL3Ek`n
z{*pn4xaCBlLjcsx3lnPM4ZI896xcRzMibJphjx>kbCve1Mba_^6)67aN-c+?)QW$h
z)cl{B9~ALdD}>ibrG>q~#W={CwFUhfPBxU~dOLQ6$NSM$f9H920stup!Qq~^pF3y0
zP<H7vwVp4QF#obsl|XXqy9TD<hp%1!g0<wKtmXGvYXXMg73{cn4RF)_6W-pr%0-+U
z8|wE{mR{Wy7e0jdFvg&ScPyU3O?iJBB;}L(2R4$=34o|Rxq?nE%4;m~^m*>j!sQ-I
zEDcM9jo@1(S7Q1;7BBGr3*L%{@P_V(CNA)-F1TreZT@%M3xr=iU71}_yPfi#<Gz}p
zCI&U;A(qLP9I&AZ8^nAab1|kMzR<EYsKkl@5R1N5J%YLF`;FiD9g)Trzx;Qu*d7#`
zA-3^L<1Lj*dXN5sf8e3~_Yw(9Fzb{9ty2TEPmNvYtqQ*C{i)s@yarKV=U?0IXL)(8
zoV}bJoZ(hH4!iSj_x`(WX=!2M&TDC9?c(6<!)tAW<h5{i_TT~E9K3YDo|$=vxqd1}
z^Be}W)Ev@4TTfL2U_n2>4GObY&hsB^!jzR%jy1MW@z-yG^b>wv49<59|4%I(3U0uz
zg=>IEY<Kg9-=o$+3op#X!ykFitR8vxf&#UEmM-=ou89GUo74FY{U>ODB0S|?tQy6O
zPS7<?iej#}j@;mTMUf$9PcHEmIr->iRZ=w4>xrZ%NfE#MUl5l$lsNw(#DBN)zjsc%
z)OWH4oZqOolMKo6<;+MuW7Da^WEJY0Sox+;0Ei>p9<Qpu_PpKC!KG@pd3@=q+e^)>
zADuZ0KQ`Uf=dWVlp$K<yKsq6qc4kvbxwts&%;njcAY<d^?8qd&Gsj26W#<3@{JXvN
zf2%C?f3Yl#f3Ymgf3YmAf3Ym=f3d8c5uDNAbTHD;CRmjq;O-zIWAH1G6+<M&7DE82
zDc|7oAQ!E9PD}aa+fdmX&!TC;rGb%7^Q2Lk=v1C5MeILc|8#19O5D!eg`+9eM^mbg
zrc@tIsXm%geKe)|&!$vk?ZvnKc=Y2$K~C`-tXYBq8#l7AZ6T^F(U=54A1R;kcUxT9
zjbp*MhB6~Hfs&<M#ZCj)*5R)cqI9ML#=+!d#|>&qY3uG}DyCpr6{O{PKl7FyDS~z~
z?7Xt<@88(p_t8*$=6W+%J;GA|EMAqK+0Qt3ZT~^<7dY^9ULLzUM;+s8&#@{MAiYJR
zMHF?6@8`(ZHV!H9tL%+*F@b)-2XF@yNNd0m+|vZ$U>fPMJIsvS9c2DHDH3lY2@G;m
zxZxv?98kD2PRv~$WsY8<SgzM(RXqH?7{J~Cs<}zlzb)&3BB=ET3b)(kp?y&fe;RyD
zg$ynMeBP^fn|H5m|83dHVK9Evm99@~B3~iOfeB`?ZA8>P_d-sI2?7APs(PEufV_kZ
zPlDM-g8SrHU17?2*?S_x%mn_Ef|&ykz|T@gKla)wkLd!%AIgu|e?><l1iGX!cE9lq
z4GkN>WY~EI>!u>z)hE-Q@zb|5h$;U2W4}97J&AyyncoU;&ngqq?4|Xu?^SuGeFfW$
zRb&W&<!-vUr_oM~d>c~Vag!*<f7E))&^Bi{OE*5D<CdqK+!<+CbGBDSx_h8DVSSr~
zz&ujpjOxrJuF-PzS;h6`5CXvOt*7aiF&L2*e0q82Qq}lnVOh>PwAR-J<}0s{E8wi3
z`6u^kW2Y&Oq2`;^=gVn)WlO$Ivfp9Tp05d+b0`}j09+Q{rEkVcO7Qedk|O+vP5_+r
zRg+g2Ge3$wl%KX#>ahV?Yd$=0E<Xy$JS-O<ARUf8`7@st-hZRB--?g`Oc<DB(*OLD
zrb?+(>C{{?hyy9+uS*#eq<^kR$0a0Ca(A$1a<&08z~A#VLL6CVPlN;9{pYG!d_rOw
zxYN$B%)uS@7O%q~(7i>loPRt4mgDYW?RNOGi~ZI0Fg_?BA0Jd;XLbGV_qg!w@BVM0
z`FDwBt;tzRk2&V^h49(C`uR2Q-@7di`*EvUkmNsiRKz{j85Q{h&dB!anA4!1xQOnw
zq-e?0kHIjX)|E@ORld!n+%#7Tj5>2(PpOl<E!6&^ni}2Flt`qGu=YN`*8N6US=sky
zY|2&Itl*)J^~ja_OlIz6T`2)l1M(<`>ND7y%6?xG^K9>nzQmz}rl!+`68k*0P2~2A
z)t*?MZb@F_oUO1`svf+pDQWVe)b+u%slj{KHA(zoll&7w+?ur7eIFL>ouaKYOdd}&
zjl)Ub8ZUeqm+nVv++t=NtbDF}TiRdSjZw+Ux7p#;S6mkYwR`E%?sR&CT(z;HdpEGK
zBuHg4_7Y3~9Eg9`FWF(itwe%)j*=xR%<Cu1t&Lf4z>F>bkmMZ-IFJ_pA!(G^O990o
zXCcDrg6Xgj=r5U><<DEX_j_-<zXHd-GwQ?bxO;cGE#bSF-XTka&s|x*c<)i*V@}^L
zM{Qb+z(%tBnkfn~ub#(w1@sgeJW9k|f}U;CW55|A%hO*Uczuy+db~kvD9JP><{Y*A
z+c>+7MB(e%VUBehBCcH?7b!6$^iK-B(Ni#?Wss`xB~yL3U5Fo(Vu4SEmf}8op=7hV
zuZ-rHuV1?ahM&!lNp6dXqSm&~hZH`YTXdqNo)}bBpZw9U#kr`;KZz?AKi<xG1AWvM
z{pOD~1%@k`XiYd;jY+R&hdZ;*&&E7`*1h>@hLK;(9rKx(Tk#d#RkZCpSK3lWks@BF
z6<otgqS)^7<gT1EyM|1V$orm1G1P%UOkmSU?^sj8=2a&hSF>S<Uwv4FNlzn!X^#XD
z-l-`rb?@=1HGPu$hyaM34{KE?ckH)K40sf&aWO~x-dtAvieCnK-fW`gZDjpFagW#T
zM*`RKB9GkTk$XIHk4NtD|B8G3*9GYa|1XvNyZrU{zwiA17wYdnK%lUr-+%u9B76`g
zn2iP0S^#1r0zO$;THC+`h2i{gD?TBJkcb5Y3bz)qfC=(jS~7vU!tI1$a<_%^owX7a
zfWqK{Hp2WuFl)GlFkHaeg3nUKieHf58V(Z@f!PT1TfhaanRcw(430p!StCG~jsN$I
zj^s#=<VcR>NRH%4j^s#=<VcR>NRH%4j^s#=<VcR>NRH%4j^s#=<bNvv583)j2mqh}
E00O~&Hvj+t

literal 0
HcmV?d00001

diff --git a/tests/test-verify.sh b/tests/test-verify.sh
new file mode 100755
index 00000000..1cc04272
--- /dev/null
+++ b/tests/test-verify.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+# Verify that the quote verification works
+set -e -o pipefail
+export LC_ALL=C
+
+die() { echo "$@" >&2 ; exit 1 ; }
+warn() { echo "$@" >&2 ; }
+
+DIR="`dirname $0`"
+export PATH="$DIR/../sbin:$DIR/../bin:$PATH"
+
+warn "----- Good test -----"
+tpm2-attest verify \
+	"$DIR/quote-t490.tgz" \
+	"$DIR/pcrs-t490.txt" \
+	abcdef \
+	"$DIR/../certs" \
+> /tmp/attest-good.log \
+|| die "attestion verification failed"
+
+
+warn "--- Wrong nonce (should fail)"
+tpm2-attest verify \
+	"$DIR/quote-t490.tgz" \
+	"$DIR/pcrs-t490.txt" \
+	12345678 \
+	"$DIR/../certs" \
+> /tmp/attest-fail.log \
+&& die "wrong nonce: attestion verification should have failed"
+
+warn "--- Wrong PCRs (should fail)"
+sed -e 's/0xC/0xD/' < "$DIR/pcrs-t490.txt" > /tmp/bad-pcrs.txt
+tpm2-attest verify \
+	"$DIR/quote-t490.tgz" \
+	"/tmp/bad-pcrs.txt" \
+	abcdef \
+	"$DIR/../certs" \
+>> /tmp/attest-fail.log \
+&& die "wrong PCRs: attestion verification should have failed"
+
+warn "--- Missing PCR (should fail)"
+( cat "$DIR/pcrs-t490.txt" ; echo "    5 : 0xC28F2726BA0A11B9FBA161419FF95BE3DA6CA9ADDC286D5FA1E1E9EC0B79DC35" ) > /tmp/bad-pcrs.txt
+tpm2-attest verify \
+	"$DIR/quote-t490.tgz" \
+	"/tmp/bad-pcrs.txt" \
+	abcdef \
+	"$DIR/../certs" \
+>> /tmp/attest-fail.log \
+&& die "missing PCR: attestion verification should have failed"
+