The specification of PSA_ALG_JPAKE (in crypto_extra.h as well as in psa_crypto_api_pake_ext.pdf) includes mandatory calls to psa_pake_set_user() and psa_pake_set_peer() to set the local and peer user ids. The implementation in mbedTLS 3.3, however, disallows calls to these functions (PSA_ERROR_NOT_SUPPORTED) and uses the default ids "client" and "server" instead. These ids are often used but are not mandatory according to the J-PAKE specification in RFC8236.

Now my question: is this an limitation of the current implementation (and tests) or will the specification be changed accordingly?

Regards

Beat