diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs index 70c0eeeb76f..f0ef0377a95 100644 --- a/oak_attestation_verification/src/verifier.rs +++ b/oak_attestation_verification/src/verifier.rs @@ -76,10 +76,12 @@ pub fn to_attestation_results( verify_result: &anyhow::Result, ) -> AttestationResults { match verify_result { + #[allow(deprecated)] Ok(extracted_evidence) => AttestationResults { status: Status::Success.into(), encryption_public_key: extracted_evidence.encryption_public_key.clone(), signing_public_key: extracted_evidence.signing_public_key.clone(), + extracted_evidence: Some(extracted_evidence.clone()), ..Default::default() }, Err(err) => AttestationResults { diff --git a/proto/attestation/verification.proto b/proto/attestation/verification.proto index 4ee169e343a..06dcb17c1f5 100644 --- a/proto/attestation/verification.proto +++ b/proto/attestation/verification.proto @@ -42,12 +42,22 @@ message AttestationResults { // Contains the verified public key for encryption whenever the status // indicates success. The key is serialized as an X25519 octet string. - bytes encryption_public_key = 3; + // + // Deprecated: will be replaced by the + // `extracted_evidence.encryption_public_key` field. For now both are + // populated. + bytes encryption_public_key = 3 [deprecated = true]; // Contains the verified public key for signing whenever the status // indicates success. The key is serialized using the SEC 1 // Elliptic-Curve-Point-to-Octet-String conversion. - bytes signing_public_key = 4; + // + // Deprecated: will be replaced by the `extracted_evidence.signing_public_key` + // field. For now both are populated. + bytes signing_public_key = 4 [deprecated = true]; + + // Contains the evidence values whenever the status indicates success. + ExtractedEvidence extracted_evidence = 5; } // Evidence values extracted from attestation evidence during verification.