Just to follow up on this set of observations and issues. Now that we are looking at making some changes to the PAKE API as part of supporting SPAKE2+, we should consider what can be done to improve the API design.
I have replicated these issues in the PSA Certified API repository, for further discussion and implementation:
Deriving multiple keys:
https://github.com/ARM-software/psa-api/issues/86
Consolidated setup function:
https://github.com/ARM-software/psa-api/issues/89
Out of band setup:
https://github.com/ARM-software/psa-api/issues/87
Need Hash in SIZE macros:
https://github.com/ARM-software/psa-api/issues/88