admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Implement SSH Compression Phase 2: Integration
Some checks failed
Test / build (push) Has been cancelled
Details
Test / test (push) Has been cancelled
Details

Browse Source 
- Add compression_ctos/compression_stoc to EncryptionContext
- Default impl: CompressionContext::new(6)
- from_session_keys(): initialize compression fields
- enable_compression() method (based on KEX negotiation)
- server.rs: enable compression after NEWKEYS (if negotiated)

All 179 tests pass.
This commit is contained in:
Warren
2026-06-21 01:51:39 +08:00
parent a5375075b8
commit 93e33b04a7
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
markbase-core/src/ssh_server/cipher.rs
View File

@@ -3,6 +3,7 @@
use super::crypto::SessionKeys; use super::crypto::SessionKeys;
use super::sshbuf::SshBuf; use super::sshbuf::SshBuf;
use super::compression::CompressionContext; // Phase 2: SSH Compression
use aes::Aes128; // 改为AES-128协商算法是aes128-ctr use aes::Aes128; // 改为AES-128协商算法是aes128-ctr
use aes_gcm::{ use aes_gcm::{
aead::{Aead, KeyInit, Payload}, aead::{Aead, KeyInit, Payload},
@@ -39,6 +40,8 @@ pub struct EncryptionContext {
pub cipher_ctos: Option<Aes128Ctr>, // 客户端→服务器cipher实例持久化AES-CTR pub cipher_ctos: Option<Aes128Ctr>, // 客户端→服务器cipher实例持久化AES-CTR
pub cipher_stoc: Option<Aes128Ctr>, // 服务器→客户端cipher实例持久化AES-CTR pub cipher_stoc: Option<Aes128Ctr>, // 服务器→客户端cipher实例持久化AES-CTR
pub cipher_mode: CipherMode, // Phase 1: 区分 AES-CTR 和 AES-GCM 模式 pub cipher_mode: CipherMode, // Phase 1: 区分 AES-CTR 和 AES-GCM 模式
pub compression_ctos: CompressionContext, // Phase 2: 客户端→服务器压缩
pub compression_stoc: CompressionContext, // Phase 2: 服务器→客户端压缩
} }
/// Phase 1: 加密模式选择AES-CTR vs AES-GCM /// Phase 1: 加密模式选择AES-CTR vs AES-GCM
@@ -64,6 +67,8 @@ impl Default for EncryptionContext {
cipher_ctos: None, cipher_ctos: None,
cipher_stoc: None, cipher_stoc: None,
cipher_mode: CipherMode::AesCtr, // 默认使用 AES-CTR兼容性 cipher_mode: CipherMode::AesCtr, // 默认使用 AES-CTR兼容性
compression_ctos: CompressionContext::new(6), // Phase 2
compression_stoc: CompressionContext::new(6), // Phase 2
} }
} }
} }
@@ -113,6 +118,20 @@ impl EncryptionContext {
cipher_ctos: Some(cipher_ctos), // 持久化cipher实例 cipher_ctos: Some(cipher_ctos), // 持久化cipher实例
cipher_stoc: Some(cipher_stoc), // 持久化cipher实例 cipher_stoc: Some(cipher_stoc), // 持久化cipher实例
cipher_mode: CipherMode::AesCtr, // 默认使用 AES-CTR兼容性 cipher_mode: CipherMode::AesCtr, // 默认使用 AES-CTR兼容性
compression_ctos: CompressionContext::new(6), // Phase 2: 默认压缩级别6
compression_stoc: CompressionContext::new(6), // Phase 2: 默认压缩级别6
}
}
/// Phase 2: 启用压缩(根据 KEX 协商结果)
pub fn enable_compression(&mut self, compression_ctos: &str, compression_stoc: &str) {
if compression_ctos == "zlib" {
info!("Enabling compression (client→server)");
self.compression_ctos.enable();
}
if compression_stoc == "zlib" {
info!("Enabling compression (server→client)");
self.compression_stoc.enable();
} }
} }

10
markbase-core/src/ssh_server/server.rs
View File

@@ -321,6 +321,16 @@ fn perform_complete_kex_exchange(
info!("Setting cipher mode to AES-CTR (MtE)"); info!("Setting cipher mode to AES-CTR (MtE)");
encryption_ctx.set_cipher_mode(CipherMode::AesCtr)?; encryption_ctx.set_cipher_mode(CipherMode::AesCtr)?;
} }
// Phase 2: 根据 KEX 协商结果启用压缩compression_ctos / compression_stoc
let compression_ctos = &kex_result.compression_ctos;
let compression_stoc = &kex_result.compression_stoc;
info!("KEX negotiated compression algorithms: ctos={}, stoc={}", compression_ctos, compression_stoc);
if compression_ctos != "none" || compression_stoc != "none" {
info!("Enabling SSH compression");
encryption_ctx.enable_compression(compression_ctos, compression_stoc);
}
Ok(encryption_ctx) Ok(encryption_ctx)
} }