From 86efa852df8e7542070ef51e6143f99b2be1c4b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 Mar 2023 09:26:40 +0100
Subject: [PATCH] Mention EC J-PAKE opaque passwords.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unrelated to the other changes, other than I noticed it was missing
while making the other edits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 docs/use-psa-crypto.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index f46d36ec1e..4d72f990d7 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -98,6 +98,19 @@ register a PSA key for use with a PSK key exchange.
 **Use in TLS:** opt-in. The application needs to register the key using one of
 the new APIs to get the benefits.
 
+### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange
+
+**New API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`.
+Call this function from an application to register a PSA key for use with the
+TLS 1.2 EC J-PAKE key exchange.
+
+**Benefits:** isolation of long-term secrets.
+
+**Limitations:** none.
+
+**Use in TLS:** opt-in. The application needs to register the key using one of
+the new APIs to get the benefits.
+
 ### PSA-based operations in the Cipher layer
 
 There is a new API function `mbedtls_cipher_setup_psa()` to set up a context