Ignore unknown service types in key records (LP: #1847020)

ChangeLog

@@ -1,3 +1,10 @@
+2019-10-07 Version 0.9.5
+    - Ignore unknown service types in key records (LP: #1847020)
+      - This is required by RFC 6376 and predecessors.  It becomes important
+        now that RFC 8460, which defines a new DKIM service type exists.  This
+	change is required to avoid processing tlsrpt keys like regular email
+	keys, which is incorrect, they have different requirements.
+
 2019-09-25 Verstion 0.9.4
     - Add LICENSE to MANIFEST.in so it is included in the tarball (LP:
       #1845318)

README

@@ -11,7 +11,7 @@ signing and verification.
 
 VERSION
 
-This is dkimpy 0.9.4.
+This is dkimpy 0.9.5.
 
 REQUIREMENTS
 

dkim/__init__.py

@@ -453,6 +453,16 @@ def load_pk_from_dns(name, dnsfunc=get_txt):
       ktag = b'rsa'
   if pub[b'k'] != b'rsa' and pub[b'k'] != b'ed25519':
       raise KeyFormatError('unknown algorithm in k= tag: {0}'.format(pub[b'k']))
+  try:
+      # Ignore unknown service types, RFC 6376 3.6.1
+      if pub[b's'] != b'*' and pub[b's'] != b'email':
+          pk = None
+          keysize = None
+          ktag = None
+          raise KeyFormatError('unknown service type in s= tag: {0}'.format(pub[b's']))
+  except:
+      # Default is '*' - all service types, so no error if missing from key record
+      pass
   return pk, keysize, ktag
 
 

dkim/tests/test_dkim.py

@@ -64,7 +64,7 @@ class TestSignAndVerify(unittest.TestCase):
 
     def dnsfunc(self, domain):
         sample_dns = """\
-k=rsa; \
+k=rsa; s=email;\
 p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmBe10IgY+u7h3enWTukkqtUD5PR52T\
 b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ=="""
 

setup.py

@@ -25,7 +25,7 @@ from setuptools import setup
 import os
 import sys
 
-version = "0.9.4"
+version = "0.9.5"
 
 kw = {}  # Work-around for lack of 'or' requires in setuptools.
 try: