admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Implement Phase 1: AES-256-GCM algorithm negotiation and cipher mode setting
Some checks failed
Test / test (push) Has been cancelled
Details
Test / build (push) Has been cancelled
Details

Browse Source 
Performance optimization Phase 1 implementation:
- Add aes-gcm crate dependency (v0.10)
- Add CipherMode enum (AesCtr vs AesGcm)
- Modify KEX algorithm negotiation: add aes256-gcm@openssh.com
- Dynamic cipher mode setting based on KEX result
- Fix HMAC trait conflict with fully-qualified syntax

Strategy: Conservative approach
- Support AES-GCM algorithm negotiation (OpenSSH compatible)
- Dynamic cipher mode setting
- AES-CTR fallback preserved (packet processing unchanged)

Next steps:
- Test OpenSSH client AES-GCM negotiation
- Implement AES-GCM packet processing if needed
- Continue to Phase 4 (parallel encryption)
This commit is contained in:
Warren
2026-06-19 10:10:53 +08:00
parent c59e33f6e4
commit 3575ab7e66
5 changed files with 77 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
markbase-core/src/ssh_server/kex.rs
View File

@@ -50,9 +50,9 @@ impl KexProposal {
// 主机密钥算法优先Ed25519
server_host_key_algorithms: "ssh-ed25519,rsa-sha2-256,rsa-sha2-512".to_string(),
// 加密算法AES-256-CTR推荐
encryption_algorithms_ctos: "aes256-ctr,aes128-ctr".to_string(),
encryption_algorithms_stoc: "aes256-ctr,aes128-ctr".to_string(),
// 加密算法:优先 AES-256-GCMAEAD性能优化fallback 到 AES-CTR
encryption_algorithms_ctos: "aes256-gcm@openssh.com,aes256-ctr,aes128-ctr".to_string(),
encryption_algorithms_stoc: "aes256-gcm@openssh.com,aes256-ctr,aes128-ctr".to_string(),
// MAC算法HMAC-SHA256
mac_algorithms_ctos: "hmac-sha2-256,hmac-sha2-512".to_string(),
@@ -76,8 +76,8 @@ impl KexProposal {
Self {
kex_algorithms: "curve25519-sha256,diffie-hellman-group14-sha256".to_string(),
server_host_key_algorithms: "ssh-ed25519,rsa-sha2-256".to_string(),
encryption_algorithms_ctos: "aes256-ctr,aes128-ctr".to_string(),
encryption_algorithms_stoc: "aes256-ctr,aes128-ctr".to_string(),
encryption_algorithms_ctos: "aes256-gcm@openssh.com,aes256-ctr,aes128-ctr".to_string(),
encryption_algorithms_stoc: "aes256-gcm@openssh.com,aes256-ctr,aes128-ctr".to_string(),
mac_algorithms_ctos: "hmac-sha2-256".to_string(),
mac_algorithms_stoc: "hmac-sha2-256".to_string(),
compression_algorithms_ctos: "none".to_string(),