eval-server

Homepage: https://github.com/larsmagne/eval-server.el

Author: Lars Magne Ingebrigtsen

Updated:

Summary

A framework for doing client/server things

Commentary

Put the following in your .emacs:

(push "~/src/eval-server.el" load-path)
(autoload 'start-eval-server "eval-server" nil t)

To test:

(start-eval-server "lights" 8710 '(+))
(eval-at "lights" "rocket-sam" 8710 '(+ 1 2))

~/.authinfo:
machine lights port 8710 password secret

Description of the protocol between client and server:

The protocol is sexp-based; it's a plist that looks like this:

(:iv "1m687rP6n8Ch7VfNu0joEw=="
 :cipher AES-256-CBC
 :mac HMAC-SHA256
 :hmac "/svdj3fQHlzSUm8tdf74L8TnPVUzXiC9tEy5gfFSZ5E="
 :message "iFfFOl/sMxLb6ExwOuxFvsnvU1L1RNp4uarw1PHSR6M=")

:message is encrypted using the cipher named, and the :iv is the
usual intialisation vector (i.e., a random number used as a kind of
salt).

All data is base64-encoded to help with avoiding binary data loss.

The server should respond with the same cipher as the client
requested, and if it doesn't support that, an error is returned.
Speaking of which, if there's an error, :message will not be
present, but instead there will be an

:error "iFfFOl/sMxLb6ExwOuxFvsnvU1L1RNp4uarw1PHSR6M="

present in the response (which is encrypted the same way as the
message would have been).

Additionally, if the error happened during the dispatch phase of
the server (i.e., when actually evalling the form the client sent
over), a

:signal wrong-type-argument

(or the like) will be present that says what Emacs Lisp type the
error was.

Encryption and verification notes:

The data is padded with PKCS#7 and then encrypted with AES-256-CBC.
A HMAC-SHA256 of the encrypted data concatenated with the IV is
sent over and checked before doing anything with the encrypted
data.

To prevent replay attacks on the server, the client includes a
timestamp that's checked.  If it's too old, or the server has seen
a package with the same IV over a certain time period, the package
is rejected.

To prevent a MITM of the response (i.e., sending an old response in
response to a new query), the client includes a nonce that's
returned verbatim by the server.

Both the timestamp and the nonce are part of the encrypted message.

Dependencies

Reverse dependencies