1 files changed, 18 insertions, 22 deletions
diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go
index bbcacf59..b56b9b35 100644
--- a/src/ssl/test/runner/common.go
+++ b/src/ssl/test/runner/common.go
@@ -126,6 +126,7 @@ const (
 	extensionQUICTransportParams        uint16 = 0xffa5 // draft-ietf-quic-tls-13
 	extensionChannelID                  uint16 = 30032  // not IANA assigned
 	extensionDelegatedCredentials       uint16 = 0xff02 // not IANA assigned
+	extensionPQExperimentSignal         uint16 = 54538
 )
 
 // TLS signaling cipher suite values
@@ -144,12 +145,13 @@ var tls13HelloRetryRequest = []uint8{
 type CurveID uint16
 
 const (
-	CurveP224   CurveID = 21
-	CurveP256   CurveID = 23
-	CurveP384   CurveID = 24
-	CurveP521   CurveID = 25
-	CurveX25519 CurveID = 29
-	CurveCECPQ2 CurveID = 16696
+	CurveP224    CurveID = 21
+	CurveP256    CurveID = 23
+	CurveP384    CurveID = 24
+	CurveP521    CurveID = 25
+	CurveX25519  CurveID = 29
+	CurveCECPQ2  CurveID = 16696
+	CurveCECPQ2b CurveID = 65074
 )
 
 // TLS Elliptic Curve Point Formats
@@ -499,6 +501,11 @@ type Config struct {
 
 	CertCompressionAlgs map[uint16]CertCompressionAlg
 
+	// PQExperimentSignal instructs a client to send a non-IANA defined extension
+	// that signals participation in an experiment of post-quantum key exchange
+	// methods.
+	PQExperimentSignal bool
+
 	// Bugs specifies optional misbehaviour to be used for testing other
 	// implementations.
 	Bugs ProtocolBugs
@@ -1319,21 +1326,6 @@ type ProtocolBugs struct {
 	// it was accepted.
 	SendEarlyDataExtension bool
 
-	// ExpectEarlyKeyingMaterial, if non-zero, causes a TLS 1.3 server to
-	// read an application data record after the ClientHello before it sends
-	// a ServerHello. The record's contents have the specified length and
-	// match the corresponding early exporter value. This is used to test
-	// the client using the early exporter in the 0-RTT state.
-	ExpectEarlyKeyingMaterial int
-
-	// ExpectEarlyKeyingLabel is the label to use with
-	// ExpectEarlyKeyingMaterial.
-	ExpectEarlyKeyingLabel string
-
-	// ExpectEarlyKeyingContext is the context string to use with
-	// ExpectEarlyKeyingMaterial
-	ExpectEarlyKeyingContext string
-
 	// ExpectEarlyData causes a TLS 1.3 server to read application
 	// data after the ClientHello (assuming the server is able to
 	// derive the key under which the data is encrypted) before it
@@ -1649,6 +1641,10 @@ type ProtocolBugs struct {
 	// DisableDelegatedCredentials, if true, disables client support for delegated
 	// credentials.
 	DisableDelegatedCredentials bool
+
+	// ExpectPQExperimentSignal specifies whether or not the post-quantum
+	// experiment signal should be received by a client or server.
+	ExpectPQExperimentSignal bool
 }
 
 func (c *Config) serverInit() {
@@ -1728,7 +1724,7 @@ func (c *Config) maxVersion(isDTLS bool) uint16 {
 	return ret
 }
 
-var defaultCurvePreferences = []CurveID{CurveCECPQ2, CurveX25519, CurveP256, CurveP384, CurveP521}
+var defaultCurvePreferences = []CurveID{CurveCECPQ2b, CurveCECPQ2, CurveX25519, CurveP256, CurveP384, CurveP521}
 
 func (c *Config) curvePreferences() []CurveID {
 	if c == nil || len(c.CurvePreferences) == 0 {