Fix Issue #11: Replace Base64 encoding with Base64url encoding in WebAuthn_format

[evmBrahmin]

Summary

• Addresses #11
• Updated FCL_Webauthn.sol to use a base64url encoding.
• Modified the solidity-base64url encoding code provided by hir0min to remove the '=' padding from encodings.
• Security Note: The updates have not yet been audited.
• Introduced a test for this new functionality at tests/WebAuthn_forge/test/FCL_Webauthn_Base64Url.t.sol.

Detailed Changes

FCL_Webauthn.sol:

• Transitioned to base64url encoding to ensure compatibility and correctness in encoding.
• Encoding omits trailing '=' signs

Test File: FCL_Webauthn_Base64Url.t.sol

• Uses mock data to simulate the WebAuthn Authentication API call and validate the new encoding logic. Mock Data:

  
  response: 
  authenticatorData: "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAAA"
  clientDataJSON: "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoibkNMX1h5SHd1QnNSUG1QMzIyMnBULTN2RWJJUm0wQ0l1SlprLTVvOHRsZyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  signature: "MEUCIECRE8S97mXV1Dwqqp3uF_CW3c6XvQMQrkrgjnx1lVnLAiEA00ucboY5T_qXn5MJdpYyzvid-8MROOS9-Q3QRPvqsl4"
  userHandle:"cUtqZTRBNGk0TTdDTFBGTVE4UFVOam5PU3RsRUlMdDRyOWpMdG00amtDRT0"

- Explanation of Mock Data Derivation:
  - The response object is provided directly from the WebAuthn Authentication API call and provides several fields.
  - The authenticatorDataMock is the hex representation of bytes obtained by Base64URL decoding the authenticatorData from the above response.
  - The clientDataMock is derived from the clientDataJSON in the response, after Base64URL decoding and converting to hex representation of the decoded bytes.
  - The challengeMock represents bytes from Base64URL decoding the clientDataJSON.
  - The rsMock contains the r and s values of the signature. It's important to note that the provided signature in the response object is the Base64URL encoding of the DER encoding of the signature.
  - The QMock contains the x and y values of the public key, which is generated during the registration process.
- Functions in the Test:
  - test_base64URL_format: Tests the new format and provides logs to illustrate the encoding.
  - test_webauthn_Base64URL_checkSignature: Validates the signature with the new encoding.
  - test_webauthn_format_details: Provides logs to understand the encoding process in detail.

## Request:
Kindly review the modifications and the accompanying tests to validate their efficacy.
A thorough security audit is recommended before integrating these changes into a production environment.

[rdubois-crypto]

Thanks for this perfectly documented correction.

Concerning the (necessary) audit, it will come for production ready code which is not the case yet.