diff --git a/tests/fido_tests/libfido2/.gitignore b/tests/fido_tests/libfido2/.gitignore
new file mode 100644
index 000000000..47ca7076a
--- /dev/null
+++ b/tests/fido_tests/libfido2/.gitignore
@@ -0,0 +1,5 @@
+assert_param
+cred
+cred_param
+hmac_assert
+pubkey
diff --git a/tests/fido_tests/libfido2/cred-assert.sh b/tests/fido_tests/libfido2/cred-assert.sh
new file mode 100755
index 000000000..fe92f6c36
--- /dev/null
+++ b/tests/fido_tests/libfido2/cred-assert.sh
@@ -0,0 +1,22 @@
+DEVICE=$(fido2-token -L | cut -d : -f 1)
+
+if [ -z "$DEVICE" ] ; then
+  echo "No FIDO2 token found"
+  exit 1
+fi
+
+# taken from fido2-cred manpage
+
+echo credential challenge | openssl sha256 -binary | base64 > cred_param
+echo relying party >> cred_param
+echo user name >> cred_param
+dd if=/dev/urandom bs=1 count=32 | base64 >> cred_param
+fido2-cred -M -i cred_param "$DEVICE" | fido2-cred -V -o cred
+
+# taken from fido2-assert manpage
+
+echo assertion challenge | openssl sha256 -binary | base64 > assert_param
+echo relying party >> assert_param
+head -1 cred >> assert_param
+tail -n +2 cred > pubkey
+fido2-assert -G -i assert_param "$DEVICE" | fido2-assert -V pubkey es256
diff --git a/tests/fido_tests/libfido2/hmac-secret.sh b/tests/fido_tests/libfido2/hmac-secret.sh
new file mode 100755
index 000000000..83fceb585
--- /dev/null
+++ b/tests/fido_tests/libfido2/hmac-secret.sh
@@ -0,0 +1,25 @@
+DEVICE=$(fido2-token -L | cut -d : -f 1)
+
+if [ -z "$DEVICE" ] ; then
+  echo "No FIDO2 token found"
+  exit 1
+fi
+
+# taken from https://github.com/Yubico/libfido2/issues/58
+
+echo credential challenge | openssl sha256 -binary | base64 > cred_param
+echo relying party >> cred_param
+echo user name >> cred_param
+dd if=/dev/urandom bs=1 count=32 | base64 >> cred_param
+fido2-cred -M -h -i cred_param "$DEVICE" | fido2-cred -V -h -o cred
+
+# taken from https://github.com/Yubico/libfido2/issues/58
+
+echo assertion challenge | openssl sha256 -binary | base64 > assert_param
+echo relying party >> assert_param
+head -1 cred >> assert_param
+tail -n +2 cred > pubkey
+dd if=/dev/urandom bs=1 count=64 | base64 -w0 >> assert_param  # hmac salt
+fido2-assert -G -h -i assert_param "$DEVICE" > hmac_assert
+fido2-assert -V -h -i hmac_assert pubkey es256
+tail -1 hmac_assert | base64 -d | xxd  # hmac secret