+ } else if (otype == DHCPV6_OPT_AUTH && olen == -4 +
+ sizeof(struct dhcpv6_auth_reconfigure)) {
+ struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
+ if (r->protocol != 3 || r->algorithm != 1 || r->reconf_type != 2)
+ continue;
+
+ md5_state_t md5;
+ uint8_t serverhash[16], secretbytes[16], hash[16];
+ memcpy(serverhash, r->key, sizeof(serverhash));
+ memset(r->key, 0, sizeof(r->key));
+ memcpy(secretbytes, reconf_key, sizeof(secretbytes));
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i)
+ secretbytes[i] ^= 0x36;
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, buf, len);
+ md5_finish(&md5, hash);
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i) {
+ secretbytes[i] ^= 0x36;
+ secretbytes[i] ^= 0x5c;
+ }
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, hash, 16);
+ md5_finish(&md5, hash);
+
+ rcauth_ok = !memcmp(hash, serverhash, sizeof(hash));
+ }
+ }
+
+ if (rep->msg_type == DHCPV6_MSG_RECONF && !rcauth_ok)
+ return false;