I am implementing application-layer encryption in Mosquitto, replicating TLS functionality. My goal is to encrypt and decrypt the topic at various stages of the MQTT communication process:
- Username/Password Decryption: I have successfully modified the authentication plugin to decrypt username/password credentials using my custom encryption library and headers.
- Subscriber Topic Decryption:
- Initially, I modified
mosquitto_subscribe_multiple(...)
in lib/actions.c
to decrypt the subscription topic before it's added to Mosquitto's routing table. This appears to function correctly. - I am now attempting to move this decryption logic to
sub__add(...)
in src/subs.c
. as this seems a better place to decrypt, however, I am encountering difficulties passing a char* key_id
into this function.
- Publisher Topic/Payload Encryption: This step has been completed successfully.
- Broker Topic Decryption (Before Subscriber Routing):
- I am struggling to determine the optimal method for passing a
char* key_id
from a published message (topic/payload) through to the subscriber. - I have attempted the following approaches:
- Adding
char* key_id
to mosquitto_internal.h
and implementing corresponding getter/setter functions. - Using
mosquitto_property_add_string(...)
, but I am unable to retrieve the string value.
- Broker Topic Encryption (Before Subscriber Delivery): This step requires the key_id to be passed through the broker.
- Subscriber Topic/Payload Decryption: This step also requires the key_id to be passed through the broker.
Specific Questions:
- Question 1 (Regarding Step 2): Where exactly should I be decrypting the subscriber topic? in
src/subs.c or lib/acrions.c or some other place?
- Question 2 (Regarding Step 4): What is the most effective method for passing a
char* key_id
from a published message to the subscriber, enabling topic and payload decryption at the subscriber? - Question 3 (Regarding Step 4): Would using
mosquitto_property_add_string(…) be a solution instead adding char* key_id to mosquitto_internal.h
?
Any assistance or guidance would be greatly appreciated.
Thank you,
Tim