base64 encode raw signature in Envelope

@adityasaky found that we are encoding hex representation of
signatures into base64, that would be incompatible with other
DSSE envelope signing libraries.

This commit changes the direct base64 encoding in Envelope to
decoding hex signature and then encode the bytes into base64.

Signed-off-by: Pradyumna Krishna <[email protected]>

Author: PradyumnaKrishna

securesystemslib/dsse.py

@@ -1,6 +1,7 @@
 """Dead Simple Signing Envelope
 """
 
+import binascii
 import logging
 from typing import Any, Dict, List
 
@@ -60,7 +61,9 @@ def from_dict(cls, data: dict) -> "Envelope":
 
         signatures = []
         for signature in data["signatures"]:
-            signature["sig"] = b64dec(signature["sig"]).decode("utf-8")
+            signature["sig"] = binascii.hexlify(
+                b64dec(signature["sig"])
+            ).decode("utf-8")
             signatures.append(Signature.from_dict(signature))
 
         return cls(payload, payload_type, signatures)
@@ -71,7 +74,7 @@ def to_dict(self) -> dict:
         signatures = []
         for signature in self.signatures:
             sig_dict = signature.to_dict()
-            sig_dict["sig"] = b64enc(sig_dict["sig"].encode("utf-8"))
+            sig_dict["sig"] = b64enc(binascii.unhexlify(sig_dict["sig"]))
             signatures.append(sig_dict)
 
         return {

tests/test_dsse.py

@@ -26,7 +26,7 @@ def setUpClass(cls):
 
         cls.signature_dict = {
             "keyid": "11fa391a0ed7a447",
-            "sig": "MzA0NjAyMjEwMDkzNDJlNDU2NjUyOGZjZWNmNmE3YTU=",
+            "sig": "MEYCIQCTQuRWZSj87PanpQ==",
         }
         cls.envelope_dict = {
             "payload": "aGVsbG8gd29ybGQ=",