🐛 fix the challenge encoding in hex

README.md

@@ -53,9 +53,9 @@ bash scripts/run.sh --challenge 1711126985 --username qdqd.smoo.th --pretty true
 ```json
 {
   "user": {
-    "id": "SVHZltDBSZebeyn1V-Pn7A",
+    "id": "X9TI3KgNTy2-7jg0Gt4biA",
     "name": "qdqd.smoo.th",
-    "displayName": "qdqd.smoo.th -- 24/03/2024 19:49:05"
+    "displayName": "qdqd.smoo.th -- 24/03/2024 19:59:48"
   },
   "config": {
     "ChallengeLength": 10,
@@ -73,44 +73,44 @@ bash scripts/run.sh --challenge 1711126985 --username qdqd.smoo.th --pretty true
     "challenge": "MTcxMTEyNjk4NQ==",
     "rpId": "smoo.th",
     "rpName": "Smooth Keys",
-    "user": "SVHZltDBSZebeyn1V-Pn7A",
+    "user": "X9TI3KgNTy2-7jg0Gt4biA",
     "userName": "qdqd.smoo.th",
-    "userDisplayName": "qdqd.smoo.th -- 24/03/2024 19:49:05"
+    "userDisplayName": "qdqd.smoo.th -- 24/03/2024 19:59:48"
   },
   "responseDecoded": {
-    "id": "0x7b25c4f4f37bf773acd525a318f370b728bbf019aef9b1db71d9a11d551f5cb4",
-    "rawId": "eyXE9PN793Os1SWjGPNwtyi78Bmu-bHbcdmhHVUfXLQ",
+    "id": "0x0a3b24861fe1044e693ace74b4055b1bab83ece919e17b13fd80256e4d758d5e",
+    "rawId": "Cjskhh_hBE5pOs50tAVbG6uD7OkZ4XsT_YAlbk11jV4",
     "AttestationObject": {
       "raw64": "",
       "fmt": "packed",
       "attStmt": {
         "alg": -7,
-        "sig": "0x30450220470ef6cab72c76c90c2ed5b74083308537131016cf613512b083a96c2779b26102210089eb3f9396d8912226fee7f1675570c28969421a552b8ed9f433cc71c8c014a7",
-        "r": "0x470ef6cab72c76c90c2ed5b74083308537131016cf613512b083a96c2779b261",
-        "s": "0x89eb3f9396d8912226fee7f1675570c28969421a552b8ed9f433cc71c8c014a7"
+        "sig": "0x3045022100ed74a1a8a1357b3716e44ac4b794a364821098843f28721886e270e8e264eb1c02201ebbe05b440f21294c89b5454f1b99d0207fe6944dac634237ad9dd67c47765d",
+        "r": "0xed74a1a8a1357b3716e44ac4b794a364821098843f28721886e270e8e264eb1c",
+        "s": "0x1ebbe05b440f21294c89b5454f1b99d0207fe6944dac634237ad9dd67c47765d"
       },
       "authData": {
         "rpIdHash": "0x8d39d641f9950ae5e0c14e7b76a61878abeeda4ac38c4b94313025fc065501b2",
         "flags": "01000101",
         "signCount": "0x00000000",
-        "aaguid": "0x8af783840123be8fd93769912f48360a",
+        "aaguid": "0x1fd0bdfd1955a44c7899bb02ea76a9db",
         "credentialIdLength": 32,
-        "credentialId": "0x7b25c4f4f37bf773acd525a318f370b728bbf019aef9b1db71d9a11d551f5cb4",
-        "credentialPublicKey": "0xa50102032620012158207e00adf2f1d98330aa927c4ee30be6167c958b194f5cbb6aa46b08ae30bc1e712258202ee151b687caa8f5c4053539edcbb3f45f67d5818101f5fff43ae352dbadac0f",
-        "pubKeyX": "0x7e00adf2f1d98330aa927c4ee30be6167c958b194f5cbb6aa46b08ae30bc1e71",
-        "pubKeyY": "0x2ee151b687caa8f5c4053539edcbb3f45f67d5818101f5fff43ae352dbadac0f"
+        "credentialId": "0x0a3b24861fe1044e693ace74b4055b1bab83ece919e17b13fd80256e4d758d5e",
+        "credentialPublicKey": "0xa5010203262001215820928ddaee82830b1dddc2b3f1c5ff0c447b8f5513788a423a07a07c3da534f64c2258205118e06ce456daa6f3b0f811b3d2d6321f944c8f81f0313b96ff7475d85f59af",
+        "pubKeyX": "0x928ddaee82830b1dddc2b3f1c5ff0c447b8f5513788a423a07a07c3da534f64c",
+        "pubKeyY": "0x5118e06ce456daa6f3b0f811b3d2d6321f944c8f81f0313b96ff7475d85f59af"
       }
     },
     "ClientDataJSON": {
       "type": "webauthn.create",
-      "challenge": "0x4d5463784d5445794e6a6b344e51",
+      "challenge": "0x31373131313236393835",
       "origin": "https://smoo.th"
     }
   },
   "response": {
-    "attestationObject": "0xa363666d74667061636b65646761747453746d74a263616c672663736967584730450220470ef6cab72c76c90c2ed5b74083308537131016cf613512b083a96c2779b26102210089eb3f9396d8912226fee7f1675570c28969421a552b8ed9f433cc71c8c014a768617574684461746158a48d39d641f9950ae5e0c14e7b76a61878abeeda4ac38c4b94313025fc065501b245000000008af783840123be8fd93769912f48360a00207b25c4f4f37bf773acd525a318f370b728bbf019aef9b1db71d9a11d551f5cb4a50102032620012158207e00adf2f1d98330aa927c4ee30be6167c958b194f5cbb6aa46b08ae30bc1e712258202ee151b687caa8f5c4053539edcbb3f45f67d5818101f5fff43ae352dbadac0f",
+    "attestationObject": "0xa363666d74667061636b65646761747453746d74a263616c67266373696758473045022100ed74a1a8a1357b3716e44ac4b794a364821098843f28721886e270e8e264eb1c02201ebbe05b440f21294c89b5454f1b99d0207fe6944dac634237ad9dd67c47765d68617574684461746158a48d39d641f9950ae5e0c14e7b76a61878abeeda4ac38c4b94313025fc065501b245000000001fd0bdfd1955a44c7899bb02ea76a9db00200a3b24861fe1044e693ace74b4055b1bab83ece919e17b13fd80256e4d758d5ea5010203262001215820928ddaee82830b1dddc2b3f1c5ff0c447b8f5513788a423a07a07c3da534f64c2258205118e06ce456daa6f3b0f811b3d2d6321f944c8f81f0313b96ff7475d85f59af",
     "clientDataJSON": "0x7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a224d5463784d5445794e6a6b344e51222c226f726967696e223a2268747470733a2f2f736d6f6f2e7468227d",
-    "authData": "0x8d39d641f9950ae5e0c14e7b76a61878abeeda4ac38c4b94313025fc065501b245000000008af783840123be8fd93769912f48360a00207b25c4f4f37bf773acd525a318f370b728bbf019aef9b1db71d9a11d551f5cb4a50102032620012158207e00adf2f1d98330aa927c4ee30be6167c958b194f5cbb6aa46b08ae30bc1e712258202ee151b687caa8f5c4053539edcbb3f45f67d5818101f5fff43ae352dbadac0f"
+    "authData": "0x8d39d641f9950ae5e0c14e7b76a61878abeeda4ac38c4b94313025fc065501b245000000001fd0bdfd1955a44c7899bb02ea76a9db00200a3b24861fe1044e693ace74b4055b1bab83ece919e17b13fd80256e4d758d5ea5010203262001215820928ddaee82830b1dddc2b3f1c5ff0c447b8f5513788a423a07a07c3da534f64c2258205118e06ce456daa6f3b0f811b3d2d6321f944c8f81f0313b96ff7475d85f59af"
   }
 }
 ```

cmd/webauthn-mock/register.go

@@ -338,8 +338,14 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	// override the challenge to be a hex string
-	clientData.Challenge = encodeToHex([]byte(clientData.Challenge))
+
+	// Decode the Base64URL string to bytes then encode to hex
+	decodedBytes, err := base64.RawURLEncoding.DecodeString(clientData.Challenge)
+	if err != nil {
+		fmt.Println("Error decoding base64URL:", err)
+		return
+	}
+	clientData.Challenge = encodeToHex(decodedBytes)
 
 	// Decode the attestationObject from Base64
 	decodedAttestationObjectBytes, err := base64.RawURLEncoding.DecodeString(WebauthnResponse.Response.AttestationObject)