The goal of this API is to make it easy to use and misuse resistant. The bulk of the code using this API can be reused. With the only difference being the
start() call and getting the server secret at the end when registering. When registering, the server passes a null/empty secret to
start() since it doesn't have one yet. Also
start() might not return a message. This is fine. It just means the other party sends the first message.
PAKE_USER_CLIENT PAKE_USER_SERVER PAKE_USER_A