After a bit more research and thanks to this repo I discovered that challengeHash is actually the SHA-256 hash of the Base64 URL-safe encoding of the JSON string {"challenge":"<YOUR_CHALLENGE_HERE>"}. This still doesn't seem to work with Apple's example, but I was able to verify it with my own attestation object.