Split multipart AEAD contexts into two parts

Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 75801a1..e3903bc 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -118,6 +118,62 @@
 
 #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+#define MBEDTLS_PSA_BUILTIN_AEAD  1
+#endif
+
+/* Context structure for the Mbed TLS cipher implementation. */
+typedef struct
+{
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
+    unsigned int lengths_set : 1;
+    unsigned int is_encrypt : 1;
+    unsigned int ad_started : 1;
+    unsigned int body_started : 1;
+
+    uint8_t tag_length;
+    uint8_t nonce_length;
+
+    size_t ad_remaining;
+    size_t body_remaining;
+
+    /* Buffers for AD/data - only required until CCM gets proper multipart
+       support. */
+    uint8_t *ad_buffer;
+    size_t ad_length;
+
+    uint8_t *body_buffer;
+    size_t body_length;
+
+    uint8_t *tag_buffer;
+
+    /* buffer to store Nonce - only required until CCM and GCM get proper
+       multipart support. */
+    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
+
+    union
+    {
+        unsigned dummy; /* Enable easier initializing of the union. */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+        mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+        mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+        mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+    } ctx;
+
+} mbedtls_psa_aead_operation_t;
+
+#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+
 /*
  * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
  */
@@ -130,6 +186,9 @@
 typedef mbedtls_psa_cipher_operation_t
         mbedtls_transparent_test_driver_cipher_operation_t;
 
+typedef mbedtls_psa_aead_operation_t
+        mbedtls_transparent_test_driver_aead_operation_t;
+
 typedef struct {
     unsigned int initialised : 1;
     mbedtls_transparent_test_driver_cipher_operation_t ctx;
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 104d4bd..4fba9eb 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -65,5 +65,13 @@
 #endif
 } psa_driver_cipher_context_t;
 
+typedef union {
+    unsigned dummy; /* Make sure this union is always non-empty */
+    mbedtls_psa_aead_operation_t mbedtls_ctx;
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+    mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
+#endif
+} psa_driver_aead_context_t;
+
 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
 /* End of automatically generated file. */
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 6c5639d..6bb6f42 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -153,8 +153,6 @@
 
 struct psa_aead_operation_s
 {
-    psa_algorithm_t alg;
-    psa_key_type_t key_type;
 
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
@@ -164,50 +162,19 @@
      * any driver (i.e. none of the driver contexts are active). */
     unsigned int id;
 
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+
     unsigned int key_set : 1;
     unsigned int nonce_set : 1;
     unsigned int lengths_set : 1;
-    unsigned int is_encrypt : 1;
     unsigned int ad_started : 1;
     unsigned int body_started : 1;
 
-    uint8_t tag_length;
-    uint8_t nonce_length;
-
-    size_t ad_remaining;
-    size_t body_remaining;
-
-    /* Buffers for AD/data - only required until CCM gets proper multipart
-       support. */
-    uint8_t *ad_buffer;
-    size_t ad_length;
-
-    uint8_t *body_buffer;
-    size_t body_length;
-
-    uint8_t *tag_buffer;
-
-    /* buffer to store Nonce - only required until CCM and GCM get proper
-       multipart support. */
-    uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
-
-    union
-    {
-        unsigned dummy; /* Enable easier initializing of the union. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-    } ctx;
+    psa_driver_aead_context_t ctx;
 };
 
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
+#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4ab0c63..7190aa4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3214,6 +3214,25 @@
     return( status );
 }
 
+/* Helper function to get the base algorithm from its variants. */
+static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
+{
+    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
+    {
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+            return( PSA_ALG_CCM );
+
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+            return( PSA_ALG_GCM );
+
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+            return( PSA_ALG_CHACHA20_POLY1305 );
+
+        default:
+            return( PSA_ERROR_NOT_SUPPORTED );
+    }
+}
+
 /* Set the key for a multipart authenticated encryption operation. */
 psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
                                      mbedtls_svc_key_id_t key,
@@ -3226,6 +3245,12 @@
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
         return( PSA_ERROR_NOT_SUPPORTED );
 
+    if( operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
 
@@ -3242,6 +3267,7 @@
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    operation->key_type = psa_get_key_type( &attributes );
 
     unlock_status = psa_unlock_key_slot( slot );
 
@@ -3250,6 +3276,12 @@
         return( unlock_status );
     }
 
+    if( status == PSA_SUCCESS )
+    {
+        operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->key_set = 1;
+    }
+
     return( status );
 }
 
@@ -3265,6 +3297,12 @@
     if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
         return( PSA_ERROR_NOT_SUPPORTED );
 
+    if( operation->key_set || operation->nonce_set ||
+        operation->ad_started || operation->body_started )
+    {
+        return( PSA_ERROR_BAD_STATE );
+    }
+
     status = psa_get_and_lock_key_slot_with_policy(
                  key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
 
@@ -3281,6 +3319,7 @@
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    operation->key_type = psa_get_key_type( &attributes );
 
     unlock_status = psa_unlock_key_slot( slot );
 
@@ -3289,6 +3328,12 @@
         return( unlock_status );
     }
 
+    if( status == PSA_SUCCESS )
+    {
+        operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->key_set = 1;
+    }
+
     return( status );
 }
 
@@ -3341,14 +3386,23 @@
                                  const uint8_t *nonce,
                                  size_t nonce_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->key_set || operation->nonce_set ||
         operation->ad_started || operation->body_started )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_nonce( operation, nonce,
-                                               nonce_length ) );
+    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
+                                                nonce_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->nonce_set = 1;
+    }
+
+    return( status );
 }
 
 /* Declare the lengths of the message and additional data for multipart AEAD. */
@@ -3356,26 +3410,44 @@
                                    size_t ad_length,
                                    size_t plaintext_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->key_set || operation->lengths_set )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_set_lengths( operation, ad_length,
-                                                 plaintext_length ) );
+    status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
+                                                  plaintext_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->lengths_set = 1;
+    }
+
+    return status;
 }
  /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
                                  const uint8_t *input,
                                  size_t input_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if( !operation->nonce_set || !operation->key_set )
     {
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update_ad( operation, input,
-                                               input_length ) );
+    status = psa_driver_wrapper_aead_update_ad( operation, input,
+                                                input_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->ad_started = 1;
+    }
+
+    return status;
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
@@ -3387,6 +3459,7 @@
                               size_t output_size,
                               size_t *output_length )
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *output_length = 0;
 
@@ -3395,9 +3468,16 @@
         return( PSA_ERROR_BAD_STATE );
     }
 
-    return( psa_driver_wrapper_aead_update( operation, input, input_length,
-                                            output, output_size,
-                                            output_length ) );
+    status = psa_driver_wrapper_aead_update( operation, input, input_length,
+                                             output, output_size,
+                                             output_length );
+
+    if( status == PSA_SUCCESS )
+    {
+        operation->body_started = 1;
+    }
+
+    return status;
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
@@ -3422,6 +3502,7 @@
                                             ciphertext_size,
                                             ciphertext_length,
                                             tag, tag_size, tag_length ) );
+
 }
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
@@ -3466,7 +3547,6 @@
     operation->key_set = 0;
     operation->nonce_set = 0;
     operation->lengths_set = 0;
-    operation->is_encrypt = 0;
     operation->ad_started = 0;
     operation->body_started = 0;
 
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index f5b4dc5..8f8b74e 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -20,7 +20,6 @@
 
 #include "common.h"
 
-
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
 #include "psa_crypto_aead.h"
@@ -55,7 +54,7 @@
 
 
 static psa_status_t psa_aead_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     psa_algorithm_t alg )
@@ -66,12 +65,6 @@
     mbedtls_cipher_id_t cipher_id;
     size_t full_tag_length = 0;
 
-    if( operation->key_set || operation->nonce_set ||
-        operation->ad_started || operation->body_started )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
     key_bits = attributes->core.bits;
 
     cipher_info = mbedtls_cipher_info_from_psa( alg,
@@ -146,12 +139,12 @@
         > full_tag_length )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
+    operation->key_type = psa_get_key_type( attributes );
+
+    operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type,
                                                  key_bits,
                                                  alg );
 
-    operation->key_set = 1;
-
     return( PSA_SUCCESS );
 }
 
@@ -165,7 +158,7 @@
     uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+    mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     uint8_t *tag;
     (void) key_buffer_size;
 
@@ -275,7 +268,7 @@
     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+    mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     const uint8_t *tag = NULL;
     (void) key_buffer_size;
 
@@ -354,7 +347,8 @@
 
 /* Set the key and algorithm for a multipart authenticated encryption
  * operation. */
-psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                              const psa_key_attributes_t
                                                                     *attributes,
                                              const uint8_t *key_buffer,
@@ -377,7 +371,8 @@
 
 /* Set the key and algorithm for a multipart authenticated decryption
  * operation. */
-psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                              const psa_key_attributes_t
                                                                     *attributes,
                                              const uint8_t *key_buffer,
@@ -399,7 +394,8 @@
 }
 
 /* Set a nonce for the multipart AEAD operation*/
-psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                          const uint8_t *nonce,
                                          size_t nonce_length )
 {
@@ -454,15 +450,11 @@
         return ( PSA_ERROR_NOT_SUPPORTED );
     }
 
-    if( status == PSA_SUCCESS )
-    {
-        operation->nonce_set = 1;
-    }
-
     return( status );
 }
  /* Declare the lengths of the message and additional data for AEAD. */
-psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                            size_t ad_length,
                                            size_t plaintext_length )
 {
@@ -512,7 +504,8 @@
 }
 
 /* Pass additional data to an active multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
+                                                                    *operation,
                                          const uint8_t *input,
                                          size_t input_length )
 {
@@ -611,7 +604,7 @@
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
                                       const uint8_t *input,
                                       size_t input_length,
                                       uint8_t *output,
@@ -786,7 +779,7 @@
 
 /* Common checks for both mbedtls_psa_aead_finish() and
    mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
+static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
                                                                     *operation,
                                                     size_t output_size,
                                                     size_t tag_size )
@@ -828,7 +821,7 @@
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
-psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
                                       uint8_t *ciphertext,
                                       size_t ciphertext_size,
                                       size_t *ciphertext_length,
@@ -903,7 +896,7 @@
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
  * operation.*/
-psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
                                       uint8_t *plaintext,
                                       size_t plaintext_size,
                                       size_t *plaintext_length,
@@ -1033,7 +1026,7 @@
 }
 
 /* Abort an AEAD operation */
-psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
+psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation )
 {
     switch( operation->alg )
     {
@@ -1054,6 +1047,11 @@
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 
+    operation->lengths_set = 0;
+    operation->is_encrypt = 0;
+    operation->ad_started = 0;
+    operation->body_started = 0;
+
     mbedtls_free(operation->ad_buffer);
     operation->ad_buffer = NULL;
     operation->ad_length = 0;
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index a9d2687..4b6d6cd 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -160,37 +160,39 @@
  * -# Allocate an operation object which will be passed to all the functions
  *    listed here.
  * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
- *    #PSA_AEAD_OPERATION_INIT.
+ *    documentation for #mbedtls_psa_aead_operation_t, e.g.
+ *    #MBEDTLS_PSA_AEAD_OPERATION_INIT.
  * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key.
  * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
  *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
- *    for details.
+ *    mbedtls_psa_aead_update(). See the documentation of
+ *    mbedtls_psa_aead_set_lengths() for details.
  * -# Call either psa_aead_generate_nonce() or
  *    mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use
  *    psa_aead_generate_nonce() unless the protocol you are implementing
  *    requires a specific nonce value.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing
+ *    a fragment of the non-encrypted additional authenticated data each time.
  * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
  *    of the message to encrypt each time.
  * -# Call mbedtls_psa_aead_finish().
  *
- * If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(),
- * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
- * application may call mbedtls_psa_aead_abort() at any time after the operation
- * has been initialized.
+ * If an error occurs at any step after a call to
+ * mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a
+ * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_abort() at any time after the operation has been
+ * initialized.
  *
- * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
+ * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application
+ * must eventually terminate the operation. The following events terminate an
  * operation:
  * - A successful call to mbedtls_psa_aead_finish().
  * - A call to mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
- *                              #mbedtls_psa_aead_operation_t and not yet in use.
+ *                              #mbedtls_psa_aead_operation_t and not yet in
+ *                              use.
  * \param[in]  attributes       The attributes of the key to use for the
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
@@ -219,9 +221,12 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
-                                            const psa_key_attributes_t *attributes,
-                                            const uint8_t *key_buffer, size_t key_buffer_size,
+psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
+                                                                     *operation,
+                                            const psa_key_attributes_t
+                                                                    *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
                                             psa_algorithm_t alg);
 
 /** Set the key for a multipart authenticated decryption operation.
@@ -236,34 +241,36 @@
  * -# Allocate an operation object which will be passed to all the functions
  *    listed here.
  * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
+ *    documentation for #mbedtls_psa_aead_operation_t, e.g.
  *    #PSA_AEAD_OPERATION_INIT.
  * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key.
- * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the
- *    inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
- *    mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
- *    for details.
+ * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
+ *    the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
+ *    mbedtls_psa_aead_update(). See the documentation of
+ *    mbedtls_psa_aead_set_lengths() for details.
  * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption.
- * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
+ * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a
+ *    fragment of the non-encrypted additional authenticated data each time.
  * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
  *    of the ciphertext to decrypt each time.
  * -# Call mbedtls_psa_aead_verify().
  *
- * If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(),
- * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
- * application may call mbedtls_psa_aead_abort() at any time after the operation
- * has been initialized.
+ * If an error occurs at any step after a call to
+ * mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a
+ * call to mbedtls_psa_aead_abort(). The application may call
+ * mbedtls_psa_aead_abort() at any time after the operation has been
+ * initialized.
  *
- * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
+ * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application
+ * must eventually terminate the operation. The following events terminate an
  * operation:
  * - A successful call to mbedtls_psa_aead_verify().
  * - A call to mbedtls_psa_aead_abort().
  *
  * \param[in,out] operation     The operation object to set up. It must have
  *                              been initialized as per the documentation for
- *                              #psa_aead_operation_t and not yet in use.
+ *                              #mbedtls_psa_aead_operation_t and not yet in
+ *                              use.
  * \param[in]  attributes       The attributes of the key to use for the
  *                              operation.
  * \param[in]  key_buffer       The buffer containing the key context.
@@ -292,9 +299,12 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
-                                            const psa_key_attributes_t *attributes,
-                                            const uint8_t *key_buffer, size_t key_buffer_size,
+psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
+                                                                     *operation,
+                                            const psa_key_attributes_t
+                                                                    *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
                                             psa_algorithm_t alg);
 
 /** Set the nonce for an authenticated encryption or decryption operation.
@@ -313,9 +323,9 @@
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling mbedtls_psa_aead_abort().
  *
- * \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce()
- * instead of this function, unless implementing a protocol that requires
- * a non-random IV.
+ * \note When encrypting, applications should use
+ * mbedtls_psa_aead_generate_nonce() instead of this function, unless
+ * implementing a protocol that requires a non-random IV.
  *
  * \param[in,out] operation     Active AEAD operation.
  * \param[in] nonce             Buffer containing the nonce to use.
@@ -338,7 +348,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *nonce,
                                         size_t nonce_length);
 
@@ -350,10 +360,10 @@
  *       specification for transparent drivers.
  *
  * The application must call this function before calling
- * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for
- * the operation requires it. If the algorithm does not require it,
- * calling this function is optional, but if this function is called
- * then the implementation must enforce the lengths.
+ * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm
+ * for the operation requires it. If the algorithm does not require it, calling
+ * this function is optional, but if this function is called then the
+ * implementation must enforce the lengths.
  *
  * You may call this function before or after setting the nonce with
  * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce().
@@ -375,8 +385,8 @@
  *         Success.
  * \retval #PSA_ERROR_BAD_STATE
  *         The operation state is not valid (it must be active, and
- *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been
- *         called yet).
+ *         mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not
+ *         have been called yet).
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  *         At least one of the lengths is not acceptable for the chosen
  *         algorithm.
@@ -389,7 +399,8 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
+                                                                     *operation,
                                           size_t ad_length,
                                           size_t plaintext_length);
 
@@ -407,18 +418,19 @@
  * data to encrypt or decrypt with mbedtls_psa_aead_update().
  *
  * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
- * 2. Set the nonce with psa_aead_generate_nonce() or
- *    mbedtls_psa_aead_set_nonce().
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *    mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with
+ *    psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
  *
  * If this function returns an error status, the operation enters an error
  * state and must be aborted by calling mbedtls_psa_aead_abort().
  *
- * \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS,
- *          there is no guarantee that the input is valid. Therefore, until
- *          you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS,
- *          treat the input as untrusted and prepare to undo any action that
- *          depends on the input if mbedtls_psa_aead_verify() returns an error status.
+ * \warning When decrypting, until mbedtls_psa_aead_verify() has returned
+ *          #PSA_SUCCESS, there is no guarantee that the input is valid.
+ *          Therefore, until you have called mbedtls_psa_aead_verify() and it
+ *          has returned #PSA_SUCCESS, treat the input as untrusted and prepare
+ *          to undo any action that depends on the input if
+ *          mbedtls_psa_aead_verify() returns an error status.
  *
  * \note    For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
  *          additional data to be passed in in one go, i.e. only call
@@ -448,7 +460,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
                                         const uint8_t *input,
                                         size_t input_length);
 
@@ -460,9 +472,9 @@
  *       transparent drivers.
  *
  * Before calling this function, you must:
- * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
- *    The choice of setup function determines whether this function
- *    encrypts or decrypts its input.
+ * 1. Call either mbedtls_psa_aead_encrypt_setup() or
+ *    mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines
+ *    whether this function encrypts or decrypts its input.
  * 2. Set the nonce with psa_aead_generate_nonce() or
  * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass
  * all the additional data.
@@ -537,7 +549,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
                                      const uint8_t *input,
                                      size_t input_length,
                                      uint8_t *output,
@@ -618,7 +630,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *ciphertext,
                                      size_t ciphertext_size,
                                      size_t *ciphertext_length,
@@ -703,7 +715,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
+psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
                                      uint8_t *plaintext,
                                      size_t plaintext_size,
                                      size_t *plaintext_length,
@@ -723,11 +735,11 @@
  * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
  *
  * You may call this function any time after the operation object has
- * been initialized as described in #psa_aead_operation_t.
+ * been initialized as described in #mbedtls_psa_aead_operation_t.
  *
  * In particular, calling mbedtls_psa_aead_abort() after the operation has been
- * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or
- * mbedtls_psa_aead_verify() is safe and has no effect.
+ * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish()
+ * or mbedtls_psa_aead_verify() is safe and has no effect.
  *
  * \param[in,out] operation     Initialized AEAD operation.
  *
@@ -740,7 +752,7 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation);
+psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation);
 
 
 #endif /* PSA_CRYPTO_AEAD */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 7faedb3..7590800 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1310,10 +1310,9 @@
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = PSA_ERROR_NOT_SUPPORTED;
             status = mbedtls_test_transparent_aead_encrypt_setup(
-                        operation, attributes,
-                        key_buffer, key_buffer_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        attributes, key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
             operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@@ -1325,7 +1324,7 @@
 
             /* Fell through, meaning no accelerator supports this operation */
             status = mbedtls_psa_aead_encrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.mbedtls_ctx, attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
@@ -1360,9 +1359,9 @@
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = PSA_ERROR_NOT_SUPPORTED;
             status = mbedtls_test_transparent_aead_decrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.transparent_test_driver_ctx,
+                         attributes,
                         key_buffer, key_buffer_size,
                         alg );
             /* Declared with fallback == true */
@@ -1375,7 +1374,8 @@
 
             /* Fell through, meaning no accelerator supports this operation */
             status = mbedtls_psa_aead_decrypt_setup(
-                        operation, attributes,
+                        &operation->ctx.mbedtls_ctx,
+                         attributes,
                         key_buffer, key_buffer_size,
                         alg );
 
@@ -1401,16 +1401,18 @@
     {
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_nonce( operation, nonce,
+            return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
+                                                nonce,
                                                 nonce_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_set_nonce(
-                        operation, nonce, nonce_length ) );
+                         &operation->ctx.transparent_test_driver_ctx,
+                         nonce, nonce_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1431,18 +1433,20 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_set_lengths( operation, ad_length,
+            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
+                                                  ad_length,
                                                   plaintext_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_set_lengths(
-                        operation, ad_length, plaintext_length ) );
+                        &operation->ctx.transparent_test_driver_ctx,
+                        ad_length, plaintext_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1463,18 +1467,20 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update_ad( operation, input,
+            return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
+                                                input,
                                                 input_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_update_ad(
-                        operation, input, input_length ) );
+                        &operation->ctx.transparent_test_driver_ctx,
+                        input, input_length ) );
 
         /* Add cases for opaque driver here */
 
@@ -1498,19 +1504,21 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_update( operation, input, input_length,
+            return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
+                                             input, input_length,
                                              output, output_size,
                                              output_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_update(
-                        operation, input, input_length, output, output_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        input, input_length, output, output_size,
                         output_length ) );
 
         /* Add cases for opaque driver here */
@@ -1539,20 +1547,22 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_finish( operation, ciphertext,
+            return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+                                             ciphertext,
                                              ciphertext_size,
                                              ciphertext_length, tag,
                                              tag_size, tag_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_finish(
-                        operation, ciphertext, ciphertext_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        ciphertext, ciphertext_size,
                         ciphertext_length, tag, tag_size, tag_length ) );
 
         /* Add cases for opaque driver here */
@@ -1581,19 +1591,22 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_verify( operation, plaintext,
-                                             plaintext_size, plaintext_length,
+            return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
+                                             plaintext,
+                                             plaintext_size,
+                                             plaintext_length,
                                              tag, tag_length ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
             return( mbedtls_test_transparent_aead_verify(
-                        operation, plaintext, plaintext_size,
+                        &operation->ctx.transparent_test_driver_ctx,
+                        plaintext, plaintext_size,
                         plaintext_length, tag, tag_length ) );
 
         /* Add cases for opaque driver here */
@@ -1616,16 +1629,17 @@
 {
     switch( operation->id )
     {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_aead_abort( operation ) );
+            return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
 
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
 
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_aead_abort( operation ) );
+            return( mbedtls_test_transparent_aead_abort(
+               &operation->ctx.transparent_test_driver_ctx ) );
 
         /* Add cases for opaque driver here */
 
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 34bbc51..006d332 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -94,7 +94,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
@@ -117,7 +117,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg )
@@ -140,7 +140,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_set_nonce(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const uint8_t *nonce,
     size_t nonce_length )
 {
@@ -161,7 +161,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_set_lengths(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     size_t ad_length,
     size_t plaintext_length )
 {
@@ -183,7 +183,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_update_ad(
-    psa_aead_operation_t *operation,
+    mbedtls_transparent_test_driver_aead_operation_t *operation,
     const uint8_t *input,
     size_t input_length )
 {
@@ -204,7 +204,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_update(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    const uint8_t *input,
    size_t input_length,
    uint8_t *output,
@@ -229,7 +229,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_finish(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    uint8_t *ciphertext,
    size_t ciphertext_size,
    size_t *ciphertext_length,
@@ -256,7 +256,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_verify(
-   psa_aead_operation_t *operation,
+   mbedtls_transparent_test_driver_aead_operation_t *operation,
    uint8_t *plaintext,
    size_t plaintext_size,
    size_t *plaintext_length,
@@ -281,7 +281,7 @@
 }
 
 psa_status_t mbedtls_test_transparent_aead_abort(
-   psa_aead_operation_t *operation )
+   mbedtls_transparent_test_driver_aead_operation_t *operation )
 {
    mbedtls_test_driver_aead_hooks.hits++;