refactor: wrap verification result

tinfoilsh · Feb 17, 2025 · 79a2085 · 79a2085
1 parent 7cc1607
commit 79a2085
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 26 deletions.
diff --git a/attestation/attestation.go b/attestation/attestation.go
@@ -31,6 +31,11 @@ type Measurement struct {
 	Registers []string
 }
 
+type Verification struct {
+	Measurement *Measurement
+	CertFP      []byte
+}
+
 // Fingerprint computes the SHA-256 hash of all measurements, or returns the single measurement if there is only one
 func (m *Measurement) Fingerprint() string {
 	if len(m.Registers) == 1 {
@@ -59,23 +64,23 @@ type Document struct {
 }
 
 // Verify checks the attestation document against its trust root and returns the inner measurements
-func (d *Document) Verify() (*Measurement, []byte, error) {
+func (d *Document) Verify() (*Verification, error) {
 	switch d.Format {
 	case AWSNitroEnclaveV1:
 		return verifyNitroAttestation(d.Body)
 	case SevGuestV1:
 		return verifySevAttestation(d.Body)
 	default:
-		return nil, nil, fmt.Errorf("unsupported attestation format: %s", d.Format)
+		return nil, fmt.Errorf("unsupported attestation format: %s", d.Format)
 	}
 }
 
 // VerifyAttestationJSON verifies an attestation document in JSON format and returns the inner measurements
-func VerifyAttestationJSON(j []byte) (*Measurement, []byte, error) {
+func VerifyAttestationJSON(j []byte) (*Verification, error) {
 	var doc Document
 	err := json.Unmarshal(j, &doc)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	return doc.Verify()

diff --git a/attestation/nitro.go b/attestation/nitro.go
@@ -13,14 +13,14 @@ var (
 
 // verifyNitroAttestation decodes a base64 encoded attestation document,
 // verifies it against the AWS root, and returns the inner measurements and user data.
-func verifyNitroAttestation(attestationDoc string) (*Measurement, []byte, error) {
+func verifyNitroAttestation(attestationDoc string) (*Verification, error) {
 	attDocBytes, err := base64.StdEncoding.DecodeString(attestationDoc)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	attestedResult, err := nitrite.Verify(attDocBytes, NitroEnclaveVerifierOpts)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	pcrs := attestedResult.Document.PCRs
@@ -33,5 +33,8 @@ func verifyNitroAttestation(attestationDoc string) (*Measurement, []byte, error)
 		},
 	}
 
-	return measurement, attestedResult.Document.UserData, nil
+	return &Verification{
+		Measurement: measurement,
+		CertFP:      attestedResult.Document.UserData,
+	}, nil
 }
diff --git a/attestation/nitro_test.go b/attestation/nitro_test.go
@@ -42,17 +42,17 @@ func TestNitroVerify(t *testing.T) {
 	undo := mockNitroVerifier()
 	defer undo()
 
-	attestation, userData, err := VerifyAttestationJSON([]byte(payload))
+	verification, err := VerifyAttestationJSON([]byte(payload))
 	assert.Nil(t, err)
-	assert.Empty(t, userData)
-	assert.Nil(t, attestation.Equals(expectedMeasurement))
+	assert.Empty(t, verification.CertFP)
+	assert.Nil(t, verification.Measurement.Equals(expectedMeasurement))
 }
 
 func TestNitroVerifyInvalidPayload(t *testing.T) {
 	undo := mockNitroVerifier()
 	defer undo()
 
-	_, _, err := VerifyAttestationJSON([]byte(`{
+	_, err := VerifyAttestationJSON([]byte(`{
 		"format": "https://tinfoil.sh/predicate/aws-nitro-enclave/v1",
 		"body": "invalid"
 	}`))
@@ -65,6 +65,6 @@ func TestNitroVerifyExpiredAttestation(t *testing.T) {
 		"body": "hEShATgioFkQ/6lpbW9kdWxlX2lkeCdpLTA4NGVlNTIxZDVmOTIxMDk2LWVuYzAxOTM2OTdkZjhlNDcwNjNmZGlnZXN0ZlNIQTM4NGl0aW1lc3RhbXAbAAABlE5MLItkcGNyc7AAWDBEBqggqpahA/zWQPqijfY4TjNZPThn2EzFnat6rM6oiXR01AWKMXRm6vEjSlbMII4BWDBLTVs2YbPvwSkgkAyA4Sbkzng8Ui3mwCoqW/evOiuTJ7hndvGI5L4cHEBKEp29pJMCWDDBHp3xYXzzMFM+Rcdcr8LaJLBN9OsKhmhIGxZp0x30ppDor2h4VTGPszX7K71Zb/sDWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWDDM5N5yesCUnVB1HrTnLihT3IzVWB8CbCUa7Zb7u2461AdTQ9WN6naoGN2rWMuzlRYFWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrY2VydGlmaWNhdGVZAn4wggJ6MIICAaADAgECAhABk2l9+ORwYwAAAABngIqeMAoGCCqGSM49BAMDMIGOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxOTA3BgNVBAMMMGktMDg0ZWU1MjFkNWY5MjEwOTYudXMtZWFzdC0yLmF3cy5uaXRyby1lbmNsYXZlczAeFw0yNTAxMTAwMjQ4NTlaFw0yNTAxMTAwNTQ5MDJaMIGTMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxPjA8BgNVBAMMNWktMDg0ZWU1MjFkNWY5MjEwOTYtZW5jMDE5MzY5N2RmOGU0NzA2My51cy1lYXN0LTIuYXdzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENZ7QlD3uDtte2sQpncHzHfhzht8VF5ttgV5jCbgVus9ZKxBAcSOy+swgQ9Zi5g0QnKtQpCYk2PXbNwDLcKkjk6xG8UqsC61jpinP+dm2nVKbTFsQdTrJ4wuTn9vdRLwoox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAKBggqhkjOPQQDAwNnADBkAjAWSk/kLXGsznhi0vVNMXWf3WJMDqia6+1YT1RDY9b2jxza0dP6L3z8/MmyWGrlAtMCMHtZMOiL7rVe+EpNHt4hePtcHxxzqlrOmUTGIj8qO/fAX9q/dCX585TlfkTCfsL2G2hjYWJ1bmRsZYRZAhUwggIRMIIBlqADAgECAhEA+TF1aBuQr+EdRsy05Of4VjAKBggqhkjOPQQDAzBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczAeFw0xOTEwMjgxMzI4MDVaFw00OTEwMjgxNDI4MDVaMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/AJU66YIwfNocOKa2pC+RjgyknNuiUv/9nLZiURLUFHlNKSx9tvjwLxYGjK3sXYHDt4S1po/6iEbZudSz33R3QlfbxNw9BcIQ9ncEAEh5M9jASgJZkSHyXlihDBNxT/0o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQJbUN2QVH55bDlvpync+Zqd9LljAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAKN/L5Ghyb1e57hifBaY0lUDjh8DQ/lbY6lijD05gJVFoR68vy47Vdiu7nG0w9at8wIxAKLzmxYFsnAopd1LoGm1AW5ltPvej+AGHWpTGX+c2vXZQ7xh/CvrA8tv7o0jAvPf9lkCwzCCAr8wggJFoAMCAQICEQC7dmR+8/QopRY/WpD3qdM3MAoGCCqGSM49BAMDMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMB4XDTI1MDEwNjEyNDgwN1oXDTI1MDEyNjEzNDgwN1owZDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTYwNAYDVQQDDC02OTM3Nzc5ZmJiZGZlMGJiLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQZnJS6l5kwgVgd3zA/+epSkC1cCHhBSehnwJrrDLJCAoIj2JJpTC5aqUWsV9b+hekthKynSnbwAVev1pLi3eOU0ocri4WNtOioUhx/fvImddCYPEM9tVPndGLYJbTqYwKjgdUwgdIwEgYDVR0TAQH/BAgwBgEB/wIBAjAfBgNVHSMEGDAWgBSQJbUN2QVH55bDlvpync+Zqd9LljAdBgNVHQ4EFgQUWz7jWsnEIRpAEH4gaSxtpfSYtq0wDgYDVR0PAQH/BAQDAgGGMGwGA1UdHwRlMGMwYaBfoF2GW2h0dHA6Ly9hd3Mtbml0cm8tZW5jbGF2ZXMtY3JsLnMzLmFtYXpvbmF3cy5jb20vY3JsL2FiNDk2MGNjLTdkNjMtNDJiZC05ZTlmLTU5MzM4Y2I2N2Y4NC5jcmwwCgYIKoZIzj0EAwMDaAAwZQIwfk16wxkpCrFQhwPJZwV0vGKiUJSuhNIooQuethG2HFRub5xreF9ugLXp3LQ5bBSRAjEAhJrWG2MsNxSeQh2itah0P7jrRF2ImZzMAeEPDDoaMrwf6H4gVqaJUZaXpxloYJc8WQMYMIIDFDCCApugAwIBAgIRALUiUwAWe48SgNSDjJ9uP+0wCgYIKoZIzj0EAwMwZDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTYwNAYDVQQDDC02OTM3Nzc5ZmJiZGZlMGJiLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwHhcNMjUwMTA5MDY1ODA1WhcNMjUwMTE0MjI1ODA1WjCBiTE8MDoGA1UEAwwzMmZiMDQ3ZjA2NWEyNTgwNC56b25hbC51cy1lYXN0LTIuYXdzLm5pdHJvLWVuY2xhdmVzMQwwCgYDVQQLDANBV1MxDzANBgNVBAoMBkFtYXpvbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/CELSfGz5Qmt59L/V5wn4/hYAYVO7CV4OwOSzefUchv4LM2p3/cKQ8TdCLu6jbbxgrZfZ7QCQi8rSztmxUBhwUV+vlo6RSBgxbVZtppyYR7Xoq3bFaGutpyweSMv5mZCo4HqMIHnMBIGA1UdEwEB/wQIMAYBAf8CAQEwHwYDVR0jBBgwFoAUWz7jWsnEIRpAEH4gaSxtpfSYtq0wHQYDVR0OBBYEFDXH18QDavT6zs7CZc6AAQoxrl+zMA4GA1UdDwEB/wQEAwIBhjCBgAYDVR0fBHkwdzB1oHOgcYZvaHR0cDovL2NybC11cy1lYXN0LTItYXdzLW5pdHJvLWVuY2xhdmVzLnMzLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tL2NybC9iYWYyNWJlZC1kNWFmLTQ4OGQtODQ0ZC04Y2VhOWExNmU1Y2QuY3JsMAoGCCqGSM49BAMDA2cAMGQCMCT2jjs/qWCKm+nXffD82eDe+EhWAgxsQigrif6tyrVxIW/5st7gFE38Wal8fBpCfQIwVO63+eLm6CSLvjgYYzuX49U1ZN7zQnBPxgtgPAgD80t1ln7j+hgcQ4EiZY4frujOWQLDMIICvzCCAkWgAwIBAgIVAJlfeeaIxs37YSDIAh9gyAmvX0jtMAoGCCqGSM49BAMDMIGJMTwwOgYDVQQDDDMyZmIwNDdmMDY1YTI1ODA0LnpvbmFsLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMxDDAKBgNVBAsMA0FXUzEPMA0GA1UECgwGQW1hem9uMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUwHhcNMjUwMTA5MTYyMDQ0WhcNMjUwMTEwMTYyMDQ0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTkwNwYDVQQDDDBpLTA4NGVlNTIxZDVmOTIxMDk2LnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASm6jRWRmZsKWV3gz8w99hrO0C0tyCKIri+4duo37r/r8Y/ODJf54sbvVU3o1BO9EcM/iOtPmre57qlYziMMorSl1NC/isUA3694XLRg3rBG5F1DfBIibhHk+OuY0SCShWjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQVeqBm82IKX6mNBq8eEsqYX4lPmzAfBgNVHSMEGDAWgBQ1x9fEA2r0+s7OwmXOgAEKMa5fszAKBggqhkjOPQQDAwNoADBlAjAUUr7SWXmsYpuh4u9HsEnj9jXiIzQsEiKp5TUirDMAMD+EzZDEq2g7hWhkhqxj/5wCMQC/EoFi7JoD70rrf8hr50W+gul+QcGShsIDQ6GMbMOMXC0oIncopLINc5DVcPKhXwFqcHVibGljX2tlefZpdXNlcl9kYXRh9mVub25jZfZYYKyfchEsQ43Iq5aEasXCc5MvGGZ2aiWgWacnaT7CbG4Ac+Z/05zHjJemTGHd4U46Ms7LZO7+M2Mt04vxWs9F153/g4bZgjBjYqZpirp4NyI+mbDW0OAa5t9BldElnx6DVg=="
 	}`
 
-	_, _, err := VerifyAttestationJSON([]byte(payload))
+	_, err := VerifyAttestationJSON([]byte(payload))
 	assert.NotNil(t, err)
 }
diff --git a/attestation/sev.go b/attestation/sev.go
@@ -46,10 +46,10 @@ var (
 	_ trust.HTTPSGetter = &getter{}
 )
 
-func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) {
+func verifySevAttestation(attestationDoc string) (*Verification, error) {
 	attDocBytes, err := base64.StdEncoding.DecodeString(attestationDoc)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	opts := verify.DefaultOptions()
@@ -61,16 +61,16 @@ func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) {
 
 	parsedReport, err := abi.ReportToProto(attDocBytes)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to parse report: %v", err)
+		return nil, fmt.Errorf("failed to parse report: %v", err)
 	}
 
 	if err := verify.SnpReport(parsedReport, opts); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	cfp, err := hex.DecodeString(string(parsedReport.ReportData))
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to decode certificate fingerprint: %v", err)
+		return nil, fmt.Errorf("failed to decode certificate fingerprint: %v", err)
 	}
 
 	measurement := &Measurement{
@@ -80,5 +80,8 @@ func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) {
 		},
 	}
 
-	return measurement, cfp, nil
+	return &Verification{
+		Measurement: measurement,
+		CertFP:      cfp,
+	}, nil
 }
diff --git a/attestation/sev_test.go b/attestation/sev_test.go
@@ -12,13 +12,13 @@ func TestSevVerify(t *testing.T) {
 	"format":"https://tinfoil.sh/predicate/snp-sev-guest/v1",
 	"body":"AgAAAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAEAAAAHAAAAAAAOSAEAAAAAAAAAAAAAAAAAAAA2NTA4M2U1OTA0YzAyNzNiNjQ0YWQ5MGU1MWUxMmE4ZDc2ZmUwN2YyYWI4YWIxNGQ3NjAxMWIzZTljN2RjYWE3/xjwoozRULthI6omat8HtO2sit6UIIXxtSg9N3UO6SSsFhmcK/7H1Cpqs5ZDVGhfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdBxIi99geB/i1RZESMaqxQ16ZvxamaRZFtfTvS1Lxyv//////////////////////////////////////////BwAAAAAADkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyerBPBb0BVIg1GpCjfyjOa7GVEfbmBlI2UlOv2mBy2PUlhAoxzCPRyGlUox+FWyw/5T1fgVISjEAzuoWzsKeXBwAAAAAADkgVNwEAFTcBAAcAAAAAAA5IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhZYloXhwZZb828qeGleqZN4eGkiOvEyJUM482aIEIgityc5bRqJSr6aRTOBRL4AuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMXv4mBcfDUnlLzSpArjSFiBY/exLh+FuPJ5LI5ieVp6eGvUCXEZ5maXMpMck33YMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
 }`
-	measurements, certFP, err := VerifyAttestationJSON([]byte(att))
+	verification, err := VerifyAttestationJSON([]byte(att))
 	assert.Nil(t, err)
 
 	expectedCertFP, err := hex.DecodeString("65083e5904c0273b644ad90e51e12a8d76fe07f2ab8ab14d76011b3e9c7dcaa7")
 	assert.Nil(t, err)
 
-	assert.Equal(t, expectedCertFP, certFP)
-	assert.Equal(t, 1, len(measurements.Registers))
-	assert.Equal(t, "ff18f0a28cd150bb6123aa266adf07b4edac8ade942085f1b5283d37750ee924ac16199c2bfec7d42a6ab3964354685f", measurements.Registers[0])
+	assert.Equal(t, expectedCertFP, verification.CertFP)
+	assert.Equal(t, 1, len(verification.Measurement.Registers))
+	assert.Equal(t, "ff18f0a28cd150bb6123aa266adf07b4edac8ade942085f1b5283d37750ee924ac16199c2bfec7d42a6ab3964354685f", verification.Measurement.Registers[0])
 }
diff --git a/client/client.go b/client/client.go
@@ -61,15 +61,15 @@ func (s *SecureClient) Verify() (*GroundTruth, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch enclave measurements: %v", err)
 	}
-	enclaveMeasurements, attestedCertFP, err := enclaveAttestation.Verify()
+	verification, err := enclaveAttestation.Verify()
 	if err != nil {
 		return nil, fmt.Errorf("failed to verify enclave measurements: %v", err)
 	}
 
-	err = codeMeasurements.Equals(enclaveMeasurements)
+	err = codeMeasurements.Equals(verification.Measurement)
 	if err == nil {
 		s.groundTruth = &GroundTruth{
-			CertFingerprint: attestedCertFP,
+			CertFingerprint: verification.CertFP,
 			Digest:          digest,
 			Measurement:     codeMeasurements.Fingerprint(),
 		}