I need to implement IPSEC and MACSEC transformations on ethernet packets (i.e. I don't need to deal with setting up parameters, security associations, or key exchange issues, just do the transformations on the packets when that is already known. Also I can nick GCM/AES implementations so I don't have to implement the actual cipher开发者_如何学Pythoning either.)
Unfortunately I am just too stupid to understand the specifications.
Does anyone know of a nice simple explanation, designed for an idiot, with diagrams and concrete examples, of what the transformations are supposed to look like?
MACsec provides three sub-functions, namely:
- Encryption/decryption
- Integrity protection
- Replay protection
These sub-functions are negotiated with other stations using MACsec Key Agreement protocol (MKA).
MACsec uses MACsec Key Agreement protocol (MKA) for exchange and agreement of secure keys between supported devices. MKA uses the EAP framework specified in IEEE 802.1X-2010 forcommunication
This illustrated guide is good for IPSEC
http://unixwiz.net/techtips/iguide-ipsec.html
And this was invaluable for packing and unpacking IP headers.
http://www.daemon.org/ip.html#proto
There appears to be a bit of a gap in the market for MACSEC though.
精彩评论