[mosquitto-dev] Modifying mosquitto source in C to use my own encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] Modifying mosquitto source in C to use my own encryption/decryption on broker.

From: Tim Dhillon <tim@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Mar 2025 20:27:15 +0000
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

I am implementing application-layer encryption in Mosquitto, replicating TLS functionality. My goal is to encrypt and decrypt the topic at various stages of the MQTT communication process:

Username/Password Decryption: I have successfully modified the authentication plugin to decrypt username/password credentials using my custom encryption library and headers.
Subscriber Topic Decryption:
- Initially, I modified mosquitto_subscribe_multiple(...) in lib/actions.c to decrypt the subscription topic before it's added to Mosquitto's routing table. This appears to function correctly.
- I am now attempting to move this decryption logic to sub__add(...) in src/subs.c. as this seems a better place to decrypt, however, I am encountering difficulties passing a char* key_id into this function.
Publisher Topic/Payload Encryption: This step has been completed successfully.
Broker Topic Decryption (Before Subscriber Routing):
- I am struggling to determine the optimal method for passing a char* key_id from a published message (topic/payload) through to the subscriber.
- I have attempted the following approaches:
  - Adding char* key_id to mosquitto_internal.h and implementing corresponding getter/setter functions.
  - Using mosquitto_property_add_string(...), but I am unable to retrieve the string value.
Broker Topic Encryption (Before Subscriber Delivery): This step requires the key_id to be passed through the broker.
Subscriber Topic/Payload Decryption: This step also requires the key_id to be passed through the broker.

Specific Questions:

Question 1 (Regarding Step 2): Where exactly should I be decrypting the subscriber topic? in src/subs.c or lib/acrions.c or some other place?
Question 2 (Regarding Step 4): What is the most effective method for passing a char* key_id from a published message to the subscriber, enabling topic and payload decryption at the subscriber?
Question 3 (Regarding Step 4): Would using mosquitto_property_add_string(…) be a solution instead adding char* key_id to mosquitto_internal.h?

Any assistance or guidance would be greatly appreciated.

Thank you,

Tim

Follow-Ups:
- Re: [mosquitto-dev] Modifying mosquitto source in C to use my own encryption/decryption on broker.
  - From: Greg Troxel

Prev by Date: [mosquitto-dev] Version 2.0.21 released
Next by Date: Re: [mosquitto-dev] Modifying mosquitto source in C to use my own encryption/decryption on broker.
Previous by thread: [mosquitto-dev] Version 2.0.21 released
Next by thread: Re: [mosquitto-dev] Modifying mosquitto source in C to use my own encryption/decryption on broker.
Index(es):
- Date
- Thread

Breadcrumbs