(In reply to Jan Engelhardt from comment #4) > I hope I got this right.. you execute > > ... "hmac(sha256)" 0xsomevalue 128 > > but get back > > ... "hmac(sha256)" 0xsomevalue 96? > > That might be a kernel issue. On 4.8.X (yes, it's not the default openSUSE), > I observe that 128 stays 128: > > # ip x s a src ::2 dst ::3 proto ah spi 0xa auth-trunc "hmac(sha256)" 0 128 > # ip x s > ... > auth-trunc hmac(sha256) 0x30 128 > > (0 -> 0x30 because '0' has ASCII code 0x30) No, it's more like I execute ... "hmac(sha256)" 0xsomevalue 128 get back ... "hmac(sha256)" 0xsomevalue 128 but then on the wire see 160 bits for the ICV. (And it happens to be that with FreeBSD which is doing the correct ICV for hmac(256) the packet is rejected.)