Just to follow up on this set of observations and issues. Now that we are looking at making some changes to the PAKE API as part of supporting SPAKE2+, we should consider what can be done to improve the API design.

 

I have replicated these issues in the PSA Certified API repository, for further discussion and implementation:

 

Deriving multiple keys: https://github.com/ARM-software/psa-api/issues/86

Consolidated setup function: https://github.com/ARM-software/psa-api/issues/89

Out of band setup: https://github.com/ARM-software/psa-api/issues/87

Need Hash in SIZE macros: https://github.com/ARM-software/psa-api/issues/88