+ } else if (otype == DHCPV6_OPT_SERVERID) {
+ if (server_id_len)
+ serverid_ok = (olen + 4U == server_id_len) && !memcmp(
+ &odata[-4], server_id, server_id_len);
+ else
+ serverid_ok = true;
+ } else if (otype == DHCPV6_OPT_AUTH && olen == -4 +
+ sizeof(struct dhcpv6_auth_reconfigure)) {
+ struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
+ if (r->protocol != 3 || r->algorithm != 1 || r->reconf_type != 2)
+ continue;
+
+ md5_state_t md5;
+ uint8_t serverhash[16], secretbytes[16], hash[16];
+ memcpy(serverhash, r->key, sizeof(serverhash));
+ memset(r->key, 0, sizeof(r->key));
+ memcpy(secretbytes, reconf_key, sizeof(secretbytes));
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i)
+ secretbytes[i] ^= 0x36;
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, buf, len);
+ md5_finish(&md5, hash);
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i) {
+ secretbytes[i] ^= 0x36;
+ secretbytes[i] ^= 0x5c;
+ }
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, hash, 16);
+ md5_finish(&md5, hash);
+
+ rcauth_ok = !memcmp(hash, serverhash, sizeof(hash));
+ } else if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) {
+ rcmsg = odata[0];
+ } else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) {
+ ia_present = true;
+ if (olen < sizeof(struct dhcpv6_ia_hdr))
+ options_valid = false;
+ }
+ else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) ||
+ (otype == DHCPV6_OPT_PD_EXCLUDE)) {
+ // Options are not allowed on global level
+ options_valid = false;
+ }
+ }
+
+ if (!options_valid)
+ return false;
+
+ if (type == DHCPV6_MSG_INFO_REQ && ia_present)
+ return false;
+
+ if (rep->msg_type == DHCPV6_MSG_RECONF) {
+ if ((rcmsg != DHCPV6_MSG_RENEW && rcmsg != DHCPV6_MSG_INFO_REQ) ||
+ (rcmsg == DHCPV6_MSG_INFO_REQ && ia_present) ||
+ !rcauth_ok || IN6_IS_ADDR_MULTICAST(daddr))
+ return false;
+ }