diff --git a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
index 985494799f..78353eaf25 100644
--- a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -247,34 +247,47 @@ string bin2hex(const hidl_vec<uint8_t>& data) {
     return retval;
 }
 
-string rsa_key = hex2str("30820275020100300d06092a864886f70d01010105000482025f3082025b"
-                         "02010002818100c6095409047d8634812d5a218176e45c41d60a75b13901"
-                         "f234226cffe776521c5a77b9e389417b71c0b6a44d13afe4e4a2805d46c9"
-                         "da2935adb1ff0c1f24ea06e62b20d776430a4d435157233c6f916783c30e"
-                         "310fcbd89b85c2d56771169785ac12bca244abda72bfb19fc44d27c81e1d"
-                         "92de284f4061edfd99280745ea6d2502030100010281801be0f04d9cae37"
-                         "18691f035338308e91564b55899ffb5084d2460e6630257e05b3ceab0297"
-                         "2dfabcd6ce5f6ee2589eb67911ed0fac16e43a444b8c861e544a05933657"
-                         "72f8baf6b22fc9e3c5f1024b063ac080a7b2234cf8aee8f6c47bbf4fd3ac"
-                         "e7240290bef16c0b3f7f3cdd64ce3ab5912cf6e32f39ab188358afcccd80"
-                         "81024100e4b49ef50f765d3b24dde01aceaaf130f2c76670a91a61ae08af"
-                         "497b4a82be6dee8fcdd5e3f7ba1cfb1f0c926b88f88c92bfab137fba2285"
-                         "227b83c342ff7c55024100ddabb5839c4c7f6bf3d4183231f005b31aa58a"
-                         "ffdda5c79e4cce217f6bc930dbe563d480706c24e9ebfcab28a6cdefd324"
-                         "b77e1bf7251b709092c24ff501fd91024023d4340eda3445d8cd26c14411"
-                         "da6fdca63c1ccd4b80a98ad52b78cc8ad8beb2842c1d280405bc2f6c1bea"
-                         "214a1d742ab996b35b63a82a5e470fa88dbf823cdd02401b7b57449ad30d"
-                         "1518249a5f56bb98294d4b6ac12ffc86940497a5a5837a6cf946262b4945"
-                         "26d328c11e1126380fde04c24f916dec250892db09a6d77cdba351024077"
-                         "62cd8f4d050da56bd591adb515d24d7ccd32cca0d05f866d583514bd7324"
-                         "d5f33645e8ed8b4a1cb3cc4a1d67987399f2a09f5b3fb68c88d5e5d90ac3"
-                         "3492d6");
+string rsa_key = hex2str(
+    "30820275020100300d06092a864886f70d01010105000482025f3082025b"
+    "02010002818100c6095409047d8634812d5a218176e45c41d60a75b13901"
+    "f234226cffe776521c5a77b9e389417b71c0b6a44d13afe4e4a2805d46c9"
+    "da2935adb1ff0c1f24ea06e62b20d776430a4d435157233c6f916783c30e"
+    "310fcbd89b85c2d56771169785ac12bca244abda72bfb19fc44d27c81e1d"
+    "92de284f4061edfd99280745ea6d2502030100010281801be0f04d9cae37"
+    "18691f035338308e91564b55899ffb5084d2460e6630257e05b3ceab0297"
+    "2dfabcd6ce5f6ee2589eb67911ed0fac16e43a444b8c861e544a05933657"
+    "72f8baf6b22fc9e3c5f1024b063ac080a7b2234cf8aee8f6c47bbf4fd3ac"
+    "e7240290bef16c0b3f7f3cdd64ce3ab5912cf6e32f39ab188358afcccd80"
+    "81024100e4b49ef50f765d3b24dde01aceaaf130f2c76670a91a61ae08af"
+    "497b4a82be6dee8fcdd5e3f7ba1cfb1f0c926b88f88c92bfab137fba2285"
+    "227b83c342ff7c55024100ddabb5839c4c7f6bf3d4183231f005b31aa58a"
+    "ffdda5c79e4cce217f6bc930dbe563d480706c24e9ebfcab28a6cdefd324"
+    "b77e1bf7251b709092c24ff501fd91024023d4340eda3445d8cd26c14411"
+    "da6fdca63c1ccd4b80a98ad52b78cc8ad8beb2842c1d280405bc2f6c1bea"
+    "214a1d742ab996b35b63a82a5e470fa88dbf823cdd02401b7b57449ad30d"
+    "1518249a5f56bb98294d4b6ac12ffc86940497a5a5837a6cf946262b4945"
+    "26d328c11e1126380fde04c24f916dec250892db09a6d77cdba351024077"
+    "62cd8f4d050da56bd591adb515d24d7ccd32cca0d05f866d583514bd7324"
+    "d5f33645e8ed8b4a1cb3cc4a1d67987399f2a09f5b3fb68c88d5e5d90ac3"
+    "3492d6");
 
-string ec_key = hex2str("308187020100301306072a8648ce3d020106082a8648ce3d030107046d30"
-                        "6b0201010420737c2ecd7b8d1940bf2930aa9b4ed3ff941eed09366bc032"
-                        "99986481f3a4d859a14403420004bf85d7720d07c25461683bc648b4778a"
-                        "9a14dd8a024e3bdd8c7ddd9ab2b528bbc7aa1b51f14ebbbb0bd0ce21bcc4"
-                        "1c6eb00083cf3376d11fd44949e0b2183bfe");
+string ec_256_key = hex2str(
+    "308187020100301306072a8648ce3d020106082a8648ce3d030107046d30"
+    "6b0201010420737c2ecd7b8d1940bf2930aa9b4ed3ff941eed09366bc032"
+    "99986481f3a4d859a14403420004bf85d7720d07c25461683bc648b4778a"
+    "9a14dd8a024e3bdd8c7ddd9ab2b528bbc7aa1b51f14ebbbb0bd0ce21bcc4"
+    "1c6eb00083cf3376d11fd44949e0b2183bfe");
+
+string ec_521_key = hex2str(
+    "3081EE020100301006072A8648CE3D020106052B810400230481D63081D3"
+    "02010104420011458C586DB5DAA92AFAB03F4FE46AA9D9C3CE9A9B7A006A"
+    "8384BEC4C78E8E9D18D7D08B5BCFA0E53C75B064AD51C449BAE0258D54B9"
+    "4B1E885DED08ED4FB25CE9A1818903818600040149EC11C6DF0FA122C6A9"
+    "AFD9754A4FA9513A627CA329E349535A5629875A8ADFBE27DCB932C05198"
+    "6377108D054C28C6F39B6F2C9AF81802F9F326B842FF2E5F3C00AB7635CF"
+    "B36157FC0882D574A10D839C1A0C049DC5E0D775E2EE50671A208431BB45"
+    "E78E70BEFE930DB34818EE4D5C26259F5C6B8E28A652950F9F88D7B4B2C9"
+    "D9");
 
 struct RSA_Delete {
     void operator()(RSA* p) { RSA_free(p); }
@@ -2385,14 +2398,14 @@ TEST_F(ImportKeyTest, RsaPublicExponentMismatch) {
 /*
  * ImportKeyTest.EcdsaSuccess
  *
- * Verifies that importing and using an ECDSA key pair works correctly.
+ * Verifies that importing and using an ECDSA P-256 key pair works correctly.
  */
 TEST_F(ImportKeyTest, EcdsaSuccess) {
     ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
                                            .Authorization(TAG_NO_AUTH_REQUIRED)
                                            .EcdsaSigningKey(256)
                                            .Digest(Digest::SHA_2_256),
-                                       KeyFormat::PKCS8, ec_key))
+                                       KeyFormat::PKCS8, ec_256_key))
         << "(Possibly b/33945114)";
 
     CheckKm0CryptoParam(TAG_ALGORITHM, Algorithm::EC);
@@ -2408,6 +2421,32 @@ TEST_F(ImportKeyTest, EcdsaSuccess) {
     VerifyMessage(message, signature, params);
 }
 
+/*
+ * ImportKeyTest.Ecdsa521Success
+ *
+ * Verifies that importing and using an ECDSA P-521 key pair works correctly.
+ */
+TEST_F(ImportKeyTest, Ecdsa521Success) {
+    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
+                                           .Authorization(TAG_NO_AUTH_REQUIRED)
+                                           .EcdsaSigningKey(521)
+                                           .Digest(Digest::SHA_2_256),
+                                       KeyFormat::PKCS8, ec_521_key))
+        << "(Possibly b/33945114)";
+
+    CheckKm0CryptoParam(TAG_ALGORITHM, Algorithm::EC);
+    CheckKm0CryptoParam(TAG_KEY_SIZE, 521U);
+    CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256);
+    CheckKm2CryptoParam(TAG_EC_CURVE, EcCurve::P_521);
+
+    CheckOrigin();
+
+    string message(32, 'a');
+    auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
+    string signature = SignMessage(message, params);
+    VerifyMessage(message, signature, params);
+}
+
 /*
  * ImportKeyTest.EcdsaSizeMismatch
  *
@@ -2419,7 +2458,7 @@ TEST_F(ImportKeyTest, EcdsaSizeMismatch) {
               ImportKey(AuthorizationSetBuilder()
                             .EcdsaSigningKey(224 /* Doesn't match key */)
                             .Digest(Digest::NONE),
-                        KeyFormat::PKCS8, ec_key));
+                        KeyFormat::PKCS8, ec_256_key));
 }
 
 /*
@@ -2438,7 +2477,7 @@ TEST_F(ImportKeyTest, EcdsaCurveMismatch) {
               ImportKey(AuthorizationSetBuilder()
                             .EcdsaSigningKey(EcCurve::P_224 /* Doesn't match key */)
                             .Digest(Digest::NONE),
-                        KeyFormat::PKCS8, ec_key))
+                        KeyFormat::PKCS8, ec_256_key))
         << "(Possibly b/36233241)";
 }