simple explanations for macsec and ipsec

I need to implement IPSEC and MACSEC transformations on ethernet packets (i.e. I don't need to deal with setting up parameters, security associations, or key exchange issues, just do the transformations on the packets when that is already known. Also I can nick GCM/AES implementations so I don't have to implement the actual cipher开发者_如何学Pythoning either.)

Unfortunately I am just too stupid to understand the specifications.

Does anyone know of a nice simple explanation, designed for an idiot, with diagrams and concrete examples, of what the transformations are supposed to look like?

MACsec provides three sub-functions, namely:

• Encryption/decryption
• Integrity protection
• Replay protection

These sub-functions are negotiated with other stations using MACsec Key Agreement protocol (MKA).

MACsec uses MACsec Key Agreement protocol (MKA) for exchange and agreement of secure keys between supported devices. MKA uses the EAP framework specified in IEEE 802.1X-2010 forcommunication

This illustrated guide is good for IPSEC

http://unixwiz.net/techtips/iguide-ipsec.html

And this was invaluable for packing and unpacking IP headers.

http://www.daemon.org/ip.html#proto

There appears to be a bit of a gap in the market for MACSEC though.