Implement Phase 1: AES-256-GCM algorithm negotiation and cipher mode setting

Performance optimization Phase 1 implementation:
- Add aes-gcm crate dependency (v0.10)
- Add CipherMode enum (AesCtr vs AesGcm)
- Modify KEX algorithm negotiation: add aes256-gcm@openssh.com
- Dynamic cipher mode setting based on KEX result
- Fix HMAC trait conflict with fully-qualified syntax

Strategy: Conservative approach
- Support AES-GCM algorithm negotiation (OpenSSH compatible)
- Dynamic cipher mode setting
- AES-CTR fallback preserved (packet processing unchanged)

Next steps:
- Test OpenSSH client AES-GCM negotiation
- Implement AES-GCM packet processing if needed
- Continue to Phase 4 (parallel encryption)

markbase-core/src/ssh_server/server.rs

@@ -268,7 +268,7 @@ fn perform_complete_kex_exchange(
     let mut kex_state = KexState::new(
         client_version,
         "SSH-2.0-MarkBaseSSH_1.0".to_string(),
-        kex_result,
+        kex_result.clone(),  // Phase 1: clone kex_result for cipher mode setting
     )?;
 
     kex_state.save_kexinit_payloads(&client_kexinit, &server_kexinit);
@@ -304,7 +304,20 @@ fn perform_complete_kex_exchange(
     }
 
     let session_keys = kex_state.exchange_handler.compute_session_keys()?;
-    let encryption_ctx = EncryptionContext::from_session_keys(&session_keys);
+    let mut encryption_ctx = EncryptionContext::from_session_keys(&session_keys);
+    
+    // Phase 1: 根据 KEX 协商结果设置加密模式（AES-GCM vs AES-CTR）
+    let encryption_algorithm = &kex_result.encryption_stoc;
+    info!("KEX negotiated encryption algorithm: {}", encryption_algorithm);
+    
+    use crate::ssh_server::cipher::CipherMode;
+    if encryption_algorithm.contains("gcm") {
+        info!("Setting cipher mode to AES-GCM (AEAD)");
+        encryption_ctx.set_cipher_mode(CipherMode::AesGcm)?;
+    } else {
+        info!("Setting cipher mode to AES-CTR (MtE)");
+        encryption_ctx.set_cipher_mode(CipherMode::AesCtr)?;
+    }
 
     Ok(encryption_ctx)
 }