feat: add OIDC issuer validation for keyless signing (UCA-12)#53
Open
feat: add OIDC issuer validation for keyless signing (UCA-12)#53
Conversation
Add defense-in-depth validation of the OIDC token issuer on the signing
side. Previously, sigil accepted any OIDC token from the auto-detected
provider without checking the issuer claim, allowing CI pipeline
misconfiguration to sign modules under an unintended identity provider.
Changes:
- Add `expected_issuer` field to `KeylessConfig`
- Validate OIDC token issuer against expected value before sending to Fulcio
- Support `WSC_EXPECTED_OIDC_ISSUER` environment variable
- Add `--expected-issuer` CLI flag for `sign --keyless`
- Non-breaking: defaults to None (current behavior preserved)
Usage:
sigil sign -i module.wasm -o signed.wasm --keyless \
--expected-issuer https://token.actions.githubusercontent.com
Or via environment variable:
export WSC_EXPECTED_OIDC_ISSUER=https://token.actions.githubusercontent.com
Fixes: UCA-12
Refs: AS-12, H-5, SC-5
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ual risks Add 49 new artifacts from second-round STPA-Sec analysis covering: Part A — Residual risks from fixes: - H-12: Rekor unavailability blocks all keyless verification (DD-2 consequence) - AS-13: Environment variable injection bypasses OIDC issuer check Part B — Binary signing expansion (FEAT-2): - L-6, L-7: Firmware integrity and attestation chain continuity losses - H-13–H-16: ELF parser, MCUboot TLV, transcoding, format confusion hazards - UCA-13–UCA-17: ELF/MCUboot/format-specific unsecure control actions - AS-14–AS-17: Section injection, header manipulation, chain substitution, polyglot attacks - SC-12–SC-15: System constraints for binary signing safety - CTRL-8, CTRL-9, CP-5, CP-6: New controllers and processes - DF-11–DF-13: Binary signing and attestation chain data flows Part C — Container signing: - L-8, L-9: Container image integrity and signature persistence losses - H-17–H-20: Tag mutation, registry deletion, cosign compromise, format mismatch hazards - UCA-18–UCA-21: Container-specific unsecure control actions - AS-18–AS-21: Tag mutation, registry GC, cosign compromise, cross-image reuse attacks - SC-16–SC-19: System constraints for container signing safety - CTRL-10, CP-7: Container signing controller and process - DF-14, DF-15: Container signing and verification data flows Total: 289 artifacts across 22 types, 94.8% traceability coverage. Refs: FEAT-2, REQ-8, AS-6, UCA-12 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Four-phase plan covering 14 work items derived from 289 STPA-Sec artifacts: Phase 1 (Immediate): Typed RekorEntry enum, OIDC issuer opt-out, skip_rekor warning, OCI verification stub Phase 2 (Binary signing): ELF parser with security constraints, MCUboot TLV signing, explicit format flag, attestation chain continuity Phase 3 (Container signing): Cosign delegation with integrity check, tag-to-digest resolution, OCI 1.1 referrers, Sigstore bundle interop Phase 4 (Infrastructure): Rekor proof caching, Nix flake, build env attestation Refs: FEAT-2, FEAT-3, FEAT-4, REQ-6, REQ-8, REQ-10 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
issclaim, allowing CI misconfiguration to sign under the wrong identity providerNone(current behavior preserved)What changed
signer.rsexpected_issuer: Option<String>toKeylessConfig; validates after token acquisitionmain.rs--expected-issuerCLI flag forsign --keylesskeyless_integration.rsUsage
Context
Discovered via STPA-Sec analysis (UCA-12, AS-12). The verification side already has
--cert-oidc-issuerfor checking after the fact, but the signing side had no pre-Fulcio validation. Fulcio itself validates token authenticity but accepts tokens from any issuer in its trust list — it doesn't enforce that a particular client should only use a particular issuer.Test plan
cargo test— 591 tests pass (553 lib + 5 integration + 18 signer + 6 doc + 4 attestation)test_keyless_config_expected_issuer,test_keyless_config_expected_issuer_default_is_none🤖 Generated with Claude Code