From 79a2085504ce6045ec5b9b41292910a5d52ed903 Mon Sep 17 00:00:00 2001 From: Nate Sales Date: Mon, 17 Feb 2025 15:50:20 -0800 Subject: [PATCH] refactor: wrap verification result --- attestation/attestation.go | 13 +++++++++---- attestation/nitro.go | 11 +++++++---- attestation/nitro_test.go | 10 +++++----- attestation/sev.go | 15 +++++++++------ attestation/sev_test.go | 8 ++++---- client/client.go | 6 +++--- 6 files changed, 37 insertions(+), 26 deletions(-) diff --git a/attestation/attestation.go b/attestation/attestation.go index d6ed1d4..e696a2e 100644 --- a/attestation/attestation.go +++ b/attestation/attestation.go @@ -31,6 +31,11 @@ type Measurement struct { Registers []string } +type Verification struct { + Measurement *Measurement + CertFP []byte +} + // Fingerprint computes the SHA-256 hash of all measurements, or returns the single measurement if there is only one func (m *Measurement) Fingerprint() string { if len(m.Registers) == 1 { @@ -59,23 +64,23 @@ type Document struct { } // Verify checks the attestation document against its trust root and returns the inner measurements -func (d *Document) Verify() (*Measurement, []byte, error) { +func (d *Document) Verify() (*Verification, error) { switch d.Format { case AWSNitroEnclaveV1: return verifyNitroAttestation(d.Body) case SevGuestV1: return verifySevAttestation(d.Body) default: - return nil, nil, fmt.Errorf("unsupported attestation format: %s", d.Format) + return nil, fmt.Errorf("unsupported attestation format: %s", d.Format) } } // VerifyAttestationJSON verifies an attestation document in JSON format and returns the inner measurements -func VerifyAttestationJSON(j []byte) (*Measurement, []byte, error) { +func VerifyAttestationJSON(j []byte) (*Verification, error) { var doc Document err := json.Unmarshal(j, &doc) if err != nil { - return nil, nil, err + return nil, err } return doc.Verify() diff --git a/attestation/nitro.go b/attestation/nitro.go index a515731..327474c 100644 --- a/attestation/nitro.go +++ b/attestation/nitro.go @@ -13,14 +13,14 @@ var ( // verifyNitroAttestation decodes a base64 encoded attestation document, // verifies it against the AWS root, and returns the inner measurements and user data. -func verifyNitroAttestation(attestationDoc string) (*Measurement, []byte, error) { +func verifyNitroAttestation(attestationDoc string) (*Verification, error) { attDocBytes, err := base64.StdEncoding.DecodeString(attestationDoc) if err != nil { - return nil, nil, err + return nil, err } attestedResult, err := nitrite.Verify(attDocBytes, NitroEnclaveVerifierOpts) if err != nil { - return nil, nil, err + return nil, err } pcrs := attestedResult.Document.PCRs @@ -33,5 +33,8 @@ func verifyNitroAttestation(attestationDoc string) (*Measurement, []byte, error) }, } - return measurement, attestedResult.Document.UserData, nil + return &Verification{ + Measurement: measurement, + CertFP: attestedResult.Document.UserData, + }, nil } diff --git a/attestation/nitro_test.go b/attestation/nitro_test.go index c41188e..3f3c0db 100644 --- a/attestation/nitro_test.go +++ b/attestation/nitro_test.go @@ -42,17 +42,17 @@ func TestNitroVerify(t *testing.T) { undo := mockNitroVerifier() defer undo() - attestation, userData, err := VerifyAttestationJSON([]byte(payload)) + verification, err := VerifyAttestationJSON([]byte(payload)) assert.Nil(t, err) - assert.Empty(t, userData) - assert.Nil(t, attestation.Equals(expectedMeasurement)) + assert.Empty(t, verification.CertFP) + assert.Nil(t, verification.Measurement.Equals(expectedMeasurement)) } func TestNitroVerifyInvalidPayload(t *testing.T) { undo := mockNitroVerifier() defer undo() - _, _, err := VerifyAttestationJSON([]byte(`{ + _, err := VerifyAttestationJSON([]byte(`{ "format": "https://tinfoil.sh/predicate/aws-nitro-enclave/v1", "body": "invalid" }`)) @@ -65,6 +65,6 @@ func TestNitroVerifyExpiredAttestation(t *testing.T) { "body": "hEShATgioFkQ/6lpbW9kdWxlX2lkeCdpLTA4NGVlNTIxZDVmOTIxMDk2LWVuYzAxOTM2OTdkZjhlNDcwNjNmZGlnZXN0ZlNIQTM4NGl0aW1lc3RhbXAbAAABlE5MLItkcGNyc7AAWDBEBqggqpahA/zWQPqijfY4TjNZPThn2EzFnat6rM6oiXR01AWKMXRm6vEjSlbMII4BWDBLTVs2YbPvwSkgkAyA4Sbkzng8Ui3mwCoqW/evOiuTJ7hndvGI5L4cHEBKEp29pJMCWDDBHp3xYXzzMFM+Rcdcr8LaJLBN9OsKhmhIGxZp0x30ppDor2h4VTGPszX7K71Zb/sDWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWDDM5N5yesCUnVB1HrTnLihT3IzVWB8CbCUa7Zb7u2461AdTQ9WN6naoGN2rWMuzlRYFWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrY2VydGlmaWNhdGVZAn4wggJ6MIICAaADAgECAhABk2l9+ORwYwAAAABngIqeMAoGCCqGSM49BAMDMIGOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxOTA3BgNVBAMMMGktMDg0ZWU1MjFkNWY5MjEwOTYudXMtZWFzdC0yLmF3cy5uaXRyby1lbmNsYXZlczAeFw0yNTAxMTAwMjQ4NTlaFw0yNTAxMTAwNTQ5MDJaMIGTMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxPjA8BgNVBAMMNWktMDg0ZWU1MjFkNWY5MjEwOTYtZW5jMDE5MzY5N2RmOGU0NzA2My51cy1lYXN0LTIuYXdzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENZ7QlD3uDtte2sQpncHzHfhzht8VF5ttgV5jCbgVus9ZKxBAcSOy+swgQ9Zi5g0QnKtQpCYk2PXbNwDLcKkjk6xG8UqsC61jpinP+dm2nVKbTFsQdTrJ4wuTn9vdRLwoox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAKBggqhkjOPQQDAwNnADBkAjAWSk/kLXGsznhi0vVNMXWf3WJMDqia6+1YT1RDY9b2jxza0dP6L3z8/MmyWGrlAtMCMHtZMOiL7rVe+EpNHt4hePtcHxxzqlrOmUTGIj8qO/fAX9q/dCX585TlfkTCfsL2G2hjYWJ1bmRsZYRZAhUwggIRMIIBlqADAgECAhEA+TF1aBuQr+EdRsy05Of4VjAKBggqhkjOPQQDAzBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczAeFw0xOTEwMjgxMzI4MDVaFw00OTEwMjgxNDI4MDVaMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/AJU66YIwfNocOKa2pC+RjgyknNuiUv/9nLZiURLUFHlNKSx9tvjwLxYGjK3sXYHDt4S1po/6iEbZudSz33R3QlfbxNw9BcIQ9ncEAEh5M9jASgJZkSHyXlihDBNxT/0o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQJbUN2QVH55bDlvpync+Zqd9LljAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAKN/L5Ghyb1e57hifBaY0lUDjh8DQ/lbY6lijD05gJVFoR68vy47Vdiu7nG0w9at8wIxAKLzmxYFsnAopd1LoGm1AW5ltPvej+AGHWpTGX+c2vXZQ7xh/CvrA8tv7o0jAvPf9lkCwzCCAr8wggJFoAMCAQICEQC7dmR+8/QopRY/WpD3qdM3MAoGCCqGSM49BAMDMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMB4XDTI1MDEwNjEyNDgwN1oXDTI1MDEyNjEzNDgwN1owZDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTYwNAYDVQQDDC02OTM3Nzc5ZmJiZGZlMGJiLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQZnJS6l5kwgVgd3zA/+epSkC1cCHhBSehnwJrrDLJCAoIj2JJpTC5aqUWsV9b+hekthKynSnbwAVev1pLi3eOU0ocri4WNtOioUhx/fvImddCYPEM9tVPndGLYJbTqYwKjgdUwgdIwEgYDVR0TAQH/BAgwBgEB/wIBAjAfBgNVHSMEGDAWgBSQJbUN2QVH55bDlvpync+Zqd9LljAdBgNVHQ4EFgQUWz7jWsnEIRpAEH4gaSxtpfSYtq0wDgYDVR0PAQH/BAQDAgGGMGwGA1UdHwRlMGMwYaBfoF2GW2h0dHA6Ly9hd3Mtbml0cm8tZW5jbGF2ZXMtY3JsLnMzLmFtYXpvbmF3cy5jb20vY3JsL2FiNDk2MGNjLTdkNjMtNDJiZC05ZTlmLTU5MzM4Y2I2N2Y4NC5jcmwwCgYIKoZIzj0EAwMDaAAwZQIwfk16wxkpCrFQhwPJZwV0vGKiUJSuhNIooQuethG2HFRub5xreF9ugLXp3LQ5bBSRAjEAhJrWG2MsNxSeQh2itah0P7jrRF2ImZzMAeEPDDoaMrwf6H4gVqaJUZaXpxloYJc8WQMYMIIDFDCCApugAwIBAgIRALUiUwAWe48SgNSDjJ9uP+0wCgYIKoZIzj0EAwMwZDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTYwNAYDVQQDDC02OTM3Nzc5ZmJiZGZlMGJiLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwHhcNMjUwMTA5MDY1ODA1WhcNMjUwMTE0MjI1ODA1WjCBiTE8MDoGA1UEAwwzMmZiMDQ3ZjA2NWEyNTgwNC56b25hbC51cy1lYXN0LTIuYXdzLm5pdHJvLWVuY2xhdmVzMQwwCgYDVQQLDANBV1MxDzANBgNVBAoMBkFtYXpvbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/CELSfGz5Qmt59L/V5wn4/hYAYVO7CV4OwOSzefUchv4LM2p3/cKQ8TdCLu6jbbxgrZfZ7QCQi8rSztmxUBhwUV+vlo6RSBgxbVZtppyYR7Xoq3bFaGutpyweSMv5mZCo4HqMIHnMBIGA1UdEwEB/wQIMAYBAf8CAQEwHwYDVR0jBBgwFoAUWz7jWsnEIRpAEH4gaSxtpfSYtq0wHQYDVR0OBBYEFDXH18QDavT6zs7CZc6AAQoxrl+zMA4GA1UdDwEB/wQEAwIBhjCBgAYDVR0fBHkwdzB1oHOgcYZvaHR0cDovL2NybC11cy1lYXN0LTItYXdzLW5pdHJvLWVuY2xhdmVzLnMzLnVzLWVhc3QtMi5hbWF6b25hd3MuY29tL2NybC9iYWYyNWJlZC1kNWFmLTQ4OGQtODQ0ZC04Y2VhOWExNmU1Y2QuY3JsMAoGCCqGSM49BAMDA2cAMGQCMCT2jjs/qWCKm+nXffD82eDe+EhWAgxsQigrif6tyrVxIW/5st7gFE38Wal8fBpCfQIwVO63+eLm6CSLvjgYYzuX49U1ZN7zQnBPxgtgPAgD80t1ln7j+hgcQ4EiZY4frujOWQLDMIICvzCCAkWgAwIBAgIVAJlfeeaIxs37YSDIAh9gyAmvX0jtMAoGCCqGSM49BAMDMIGJMTwwOgYDVQQDDDMyZmIwNDdmMDY1YTI1ODA0LnpvbmFsLnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMxDDAKBgNVBAsMA0FXUzEPMA0GA1UECgwGQW1hem9uMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUwHhcNMjUwMTA5MTYyMDQ0WhcNMjUwMTEwMTYyMDQ0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTkwNwYDVQQDDDBpLTA4NGVlNTIxZDVmOTIxMDk2LnVzLWVhc3QtMi5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASm6jRWRmZsKWV3gz8w99hrO0C0tyCKIri+4duo37r/r8Y/ODJf54sbvVU3o1BO9EcM/iOtPmre57qlYziMMorSl1NC/isUA3694XLRg3rBG5F1DfBIibhHk+OuY0SCShWjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQVeqBm82IKX6mNBq8eEsqYX4lPmzAfBgNVHSMEGDAWgBQ1x9fEA2r0+s7OwmXOgAEKMa5fszAKBggqhkjOPQQDAwNoADBlAjAUUr7SWXmsYpuh4u9HsEnj9jXiIzQsEiKp5TUirDMAMD+EzZDEq2g7hWhkhqxj/5wCMQC/EoFi7JoD70rrf8hr50W+gul+QcGShsIDQ6GMbMOMXC0oIncopLINc5DVcPKhXwFqcHVibGljX2tlefZpdXNlcl9kYXRh9mVub25jZfZYYKyfchEsQ43Iq5aEasXCc5MvGGZ2aiWgWacnaT7CbG4Ac+Z/05zHjJemTGHd4U46Ms7LZO7+M2Mt04vxWs9F153/g4bZgjBjYqZpirp4NyI+mbDW0OAa5t9BldElnx6DVg==" }` - _, _, err := VerifyAttestationJSON([]byte(payload)) + _, err := VerifyAttestationJSON([]byte(payload)) assert.NotNil(t, err) } diff --git a/attestation/sev.go b/attestation/sev.go index 50d6f58..b6e4b3f 100644 --- a/attestation/sev.go +++ b/attestation/sev.go @@ -46,10 +46,10 @@ var ( _ trust.HTTPSGetter = &getter{} ) -func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) { +func verifySevAttestation(attestationDoc string) (*Verification, error) { attDocBytes, err := base64.StdEncoding.DecodeString(attestationDoc) if err != nil { - return nil, nil, err + return nil, err } opts := verify.DefaultOptions() @@ -61,16 +61,16 @@ func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) { parsedReport, err := abi.ReportToProto(attDocBytes) if err != nil { - return nil, nil, fmt.Errorf("failed to parse report: %v", err) + return nil, fmt.Errorf("failed to parse report: %v", err) } if err := verify.SnpReport(parsedReport, opts); err != nil { - return nil, nil, err + return nil, err } cfp, err := hex.DecodeString(string(parsedReport.ReportData)) if err != nil { - return nil, nil, fmt.Errorf("failed to decode certificate fingerprint: %v", err) + return nil, fmt.Errorf("failed to decode certificate fingerprint: %v", err) } measurement := &Measurement{ @@ -80,5 +80,8 @@ func verifySevAttestation(attestationDoc string) (*Measurement, []byte, error) { }, } - return measurement, cfp, nil + return &Verification{ + Measurement: measurement, + CertFP: cfp, + }, nil } diff --git a/attestation/sev_test.go b/attestation/sev_test.go index dde344d..34745a2 100644 --- a/attestation/sev_test.go +++ b/attestation/sev_test.go @@ -12,13 +12,13 @@ func TestSevVerify(t *testing.T) { "format":"https://tinfoil.sh/predicate/snp-sev-guest/v1", "body":"AgAAAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAEAAAAHAAAAAAAOSAEAAAAAAAAAAAAAAAAAAAA2NTA4M2U1OTA0YzAyNzNiNjQ0YWQ5MGU1MWUxMmE4ZDc2ZmUwN2YyYWI4YWIxNGQ3NjAxMWIzZTljN2RjYWE3/xjwoozRULthI6omat8HtO2sit6UIIXxtSg9N3UO6SSsFhmcK/7H1Cpqs5ZDVGhfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdBxIi99geB/i1RZESMaqxQ16ZvxamaRZFtfTvS1Lxyv//////////////////////////////////////////BwAAAAAADkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyerBPBb0BVIg1GpCjfyjOa7GVEfbmBlI2UlOv2mBy2PUlhAoxzCPRyGlUox+FWyw/5T1fgVISjEAzuoWzsKeXBwAAAAAADkgVNwEAFTcBAAcAAAAAAA5IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhZYloXhwZZb828qeGleqZN4eGkiOvEyJUM482aIEIgityc5bRqJSr6aRTOBRL4AuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMXv4mBcfDUnlLzSpArjSFiBY/exLh+FuPJ5LI5ieVp6eGvUCXEZ5maXMpMck33YMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }` - measurements, certFP, err := VerifyAttestationJSON([]byte(att)) + verification, err := VerifyAttestationJSON([]byte(att)) assert.Nil(t, err) expectedCertFP, err := hex.DecodeString("65083e5904c0273b644ad90e51e12a8d76fe07f2ab8ab14d76011b3e9c7dcaa7") assert.Nil(t, err) - assert.Equal(t, expectedCertFP, certFP) - assert.Equal(t, 1, len(measurements.Registers)) - assert.Equal(t, "ff18f0a28cd150bb6123aa266adf07b4edac8ade942085f1b5283d37750ee924ac16199c2bfec7d42a6ab3964354685f", measurements.Registers[0]) + assert.Equal(t, expectedCertFP, verification.CertFP) + assert.Equal(t, 1, len(verification.Measurement.Registers)) + assert.Equal(t, "ff18f0a28cd150bb6123aa266adf07b4edac8ade942085f1b5283d37750ee924ac16199c2bfec7d42a6ab3964354685f", verification.Measurement.Registers[0]) } diff --git a/client/client.go b/client/client.go index 089eb5b..784a1cc 100644 --- a/client/client.go +++ b/client/client.go @@ -61,15 +61,15 @@ func (s *SecureClient) Verify() (*GroundTruth, error) { if err != nil { return nil, fmt.Errorf("failed to fetch enclave measurements: %v", err) } - enclaveMeasurements, attestedCertFP, err := enclaveAttestation.Verify() + verification, err := enclaveAttestation.Verify() if err != nil { return nil, fmt.Errorf("failed to verify enclave measurements: %v", err) } - err = codeMeasurements.Equals(enclaveMeasurements) + err = codeMeasurements.Equals(verification.Measurement) if err == nil { s.groundTruth = &GroundTruth{ - CertFingerprint: attestedCertFP, + CertFingerprint: verification.CertFP, Digest: digest, Measurement: codeMeasurements.Fingerprint(), }