Homepage: https://github.com/larsmagne/eval-server.el
Author: Lars Magne Ingebrigtsen
Updated:
A framework for doing client/server things
Put the following in your .emacs: (push "~/src/eval-server.el" load-path) (autoload 'start-eval-server "eval-server" nil t) To test: (start-eval-server "lights" 8710 '(+)) (eval-at "lights" "rocket-sam" 8710 '(+ 1 2)) ~/.authinfo: machine lights port 8710 password secret Description of the protocol between client and server: The protocol is sexp-based; it's a plist that looks like this: (:iv "1m687rP6n8Ch7VfNu0joEw==" :cipher AES-256-CBC :mac HMAC-SHA256 :hmac "/svdj3fQHlzSUm8tdf74L8TnPVUzXiC9tEy5gfFSZ5E=" :message "iFfFOl/sMxLb6ExwOuxFvsnvU1L1RNp4uarw1PHSR6M=") :message is encrypted using the cipher named, and the :iv is the usual intialisation vector (i.e., a random number used as a kind of salt). All data is base64-encoded to help with avoiding binary data loss. The server should respond with the same cipher as the client requested, and if it doesn't support that, an error is returned. Speaking of which, if there's an error, :message will not be present, but instead there will be an :error "iFfFOl/sMxLb6ExwOuxFvsnvU1L1RNp4uarw1PHSR6M=" present in the response (which is encrypted the same way as the message would have been). Additionally, if the error happened during the dispatch phase of the server (i.e., when actually evalling the form the client sent over), a :signal wrong-type-argument (or the like) will be present that says what Emacs Lisp type the error was. Encryption and verification notes: The data is padded with PKCS#7 and then encrypted with AES-256-CBC. A HMAC-SHA256 of the encrypted data concatenated with the IV is sent over and checked before doing anything with the encrypted data. To prevent replay attacks on the server, the client includes a timestamp that's checked. If it's too old, or the server has seen a package with the same IV over a certain time period, the package is rejected. To prevent a MITM of the response (i.e., sending an old response in response to a new query), the client includes a nonce that's returned verbatim by the server. Both the timestamp and the nonce are part of the encrypted message.