To understand the source code, you only need to have a look at the deployment diagram where the attacker is drawn in red and the victim in green.They have been designed as two independent components which exchange method invocations using a simple Marshalling/UnMarshalling scheme.
Although the proof is conceptually multiplatform I have only implemented the windows part so the source code is a Microsoft Visual Studio Solution with two projects, Attacker and Victim.
- It is a dll implementing the PKCS#11 API ready to be added as a Security Device in Firefox as follows: Tools->Options->Encryption Tab->Security Devices->Load
- Instead of accessing any local device each method marshalls the parameters and sends them to the remote peer then waiting for the response to arrive.
- A file at C:\pkcs11-ip.cfg must contain the IP address where the library will be sending requests.
- Binds a socket and waits for PKCS#11 requests to arrive
- After a new request has been read, the official PKCS#11 library is used to perform the selected operation and retrieve its output sending it back to the Attacker.
I have uploaded the source code to github, it is provided with known issues so do not blame for them, this is just a PoC.
Any question, bug, improvement, whatever please leave a comment below!