keychain with md5 doesn't work on newer Linux

[mwinter-osr]

See on latest master as of May 3, 2024 (git sha 53820a5)

The topotest test_keychain fails on Debian 12 and Ubuntu 24.04 (It does work on Debian 10 and Ubuntu 18.04, unknown on others):

test_keychain: test_send_accept
AssertionError: assert False
 +  where False = is_key_active(<lib.topogen.TopoRouter object at 0x7fb3f89a50>, 'kc', 1, 0)
E   AssertionError: assert False
     +  where False = is_key_active(<lib.topogen.TopoRouter object at 0x7fb3f89a50>, 'kc', 1, 0)

The issue can be seen in the router logs of the topotest:

r1# conf t
r1(config)# key chain kc
r1(config-keychain)#  key 1
r1(config-keychain-key)#   key-string theSecret
r1(config-keychain-key)#   crypto-algorithm md5
% Unknown command:   crypto-algorithm md5
r1(config-keychain-key)#  exit
r1(config-keychain)# exit
r1(config)#

My guess (not verified) is that the lib used doesn't support md5 anymore on newer systems.

[mwinter-osr]

This is probably related to #8443

[donaldsharp]

      cryptographic_algorithm,
      cryptographic_algorithm_cmd,
      "cryptographic-algorithm "
      "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>$algo",
      "Cryptographic-algorithm\n"
      "Use MD5 algorithm\n"
      "Use HMAC-SHA-1 algorithm\n"
      "Use HMAC-SHA-256 algorithm\n"
      "Use HMAC-SHA-384 algorithm\n"
      "Use HMAC-SHA-512 algorithm\n")
{
	nb_cli_enqueue_change(vty, "./crypto-algorithm", NB_OP_CREATE, algo);
	return nb_cli_apply_changes(vty, NULL);
}```

[davischw]

Seems to work just fine on Ubuntu 24.04 LTS with the official FRR 10.0 package (for Ubuntu 22.04) from deb.frrouting.org.

[ton31337]

@mwinter-osr shouldn't be cryptographic-algorithm md5?

[choppsv1]

Not sure why this test is failing on Ubuntu 24.04 this may be a red-herring. The configuration error has always been present; however, the test is not actually testing the hash algorithm, but when the keys are enabled which still functioned correctly.