diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 29a0496bc6..3e77dceb0f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4066,19 +4066,19 @@ exit:
 #define HKDF_STATE_OUTPUT 3 /* output started */
 
 static psa_algorithm_t psa_key_derivation_get_kdf_alg(
-    const psa_key_derivation_operation_t *generator )
+    const psa_key_derivation_operation_t *operation )
 {
-    if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
-        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
+    if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
+        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
     else
-        return( generator->alg );
+        return( operation->alg );
 }
 
 
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator )
+psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
     if( kdf_alg == 0 )
     {
         /* The object has (apparently) been initialized but it is not
@@ -4088,36 +4088,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator
     else
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        if( generator->ctx.buffer.data != NULL )
+        if( operation->ctx.buffer.data != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.buffer.data,
-                             generator->ctx.buffer.size );
-            mbedtls_free( generator->ctx.buffer.data );
+            mbedtls_platform_zeroize( operation->ctx.buffer.data,
+                             operation->ctx.buffer.size );
+            mbedtls_free( operation->ctx.buffer.data );
         }
     }
     else
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
-        mbedtls_free( generator->ctx.hkdf.info );
-        status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
+        mbedtls_free( operation->ctx.hkdf.info );
+        status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
     }
     else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-             /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
+             /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
              PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
     {
-        if( generator->ctx.tls12_prf.key != NULL )
+        if( operation->ctx.tls12_prf.key != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
-                             generator->ctx.tls12_prf.key_len );
-            mbedtls_free( generator->ctx.tls12_prf.key );
+            mbedtls_platform_zeroize( operation->ctx.tls12_prf.key,
+                             operation->ctx.tls12_prf.key_len );
+            mbedtls_free( operation->ctx.tls12_prf.key );
         }
 
-        if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
+        if( operation->ctx.tls12_prf.Ai_with_seed != NULL )
         {
-            mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
-                             generator->ctx.tls12_prf.Ai_with_seed_len );
-            mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
+            mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed,
+                             operation->ctx.tls12_prf.Ai_with_seed_len );
+            mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed );
         }
     }
     else
@@ -4125,36 +4125,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator
     {
         status = PSA_ERROR_BAD_STATE;
     }
-    memset( generator, 0, sizeof( *generator ) );
+    memset( operation, 0, sizeof( *operation ) );
     return( status );
 }
 
-psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
                                         size_t *capacity)
 {
-    if( generator->alg == 0 )
+    if( operation->alg == 0 )
     {
-        /* This is a blank generator. */
+        /* This is a blank key derivation operation. */
         return PSA_ERROR_BAD_STATE;
     }
 
-    *capacity = generator->capacity;
+    *capacity = operation->capacity;
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
                                          size_t capacity )
 {
-    if( generator->alg == 0 )
+    if( operation->alg == 0 )
         return( PSA_ERROR_BAD_STATE );
-    if( capacity > generator->capacity )
+    if( capacity > operation->capacity )
         return( PSA_ERROR_INVALID_ARGUMENT );
-    generator->capacity = capacity;
+    operation->capacity = capacity;
     return( PSA_SUCCESS );
 }
 
 #if defined(MBEDTLS_MD_C)
-/* Read some bytes from an HKDF-based generator. This performs a chunk
+/* Read some bytes from an HKDF-based operation. This performs a chunk
  * of the expand phase of the HKDF algorithm. */
 static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
                                              psa_algorithm_t hash_alg,
@@ -4182,7 +4182,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
             break;
         /* We can't be wanting more output after block 0xff, otherwise
          * the capacity check in psa_key_derivation_output_bytes() would have
-         * prevented this call. It could happen only if the generator
+         * prevented this call. It could happen only if the operation
          * object was corrupted or if this function is called directly
          * inside the library. */
         if( hkdf->block_number == 0xff )
@@ -4237,7 +4237,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
 
     /* We can't be wanting more output after block 0xff, otherwise
      * the capacity check in psa_key_derivation_output_bytes() would have
-     * prevented this call. It could happen only if the generator
+     * prevented this call. It could happen only if the operation
      * object was corrupted or if this function is called directly
      * inside the library. */
     if( tls12_prf->block_number == 0xff )
@@ -4335,7 +4335,7 @@ cleanup:
     return( status );
 }
 
-/* Read some bytes from an TLS-1.2-PRF-based generator.
+/* Read some bytes from an TLS-1.2-PRF-based operation.
  * See Section 5 of RFC 5246. */
 static psa_status_t psa_key_derivation_tls12_prf_read(
                                         psa_tls12_prf_key_derivation_t *tls12_prf,
@@ -4376,53 +4376,53 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
 }
 #endif /* MBEDTLS_MD_C */
 
-psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation,
                                  uint8_t *output,
                                  size_t output_length )
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
 
-    if( generator->alg == 0 )
+    if( operation->alg == 0 )
     {
-        /* This is a blank generator. */
+        /* This is a blank operation. */
         return PSA_ERROR_BAD_STATE;
     }
 
-    if( output_length > generator->capacity )
+    if( output_length > operation->capacity )
     {
-        generator->capacity = 0;
+        operation->capacity = 0;
         /* Go through the error path to wipe all confidential data now
-         * that the generator object is useless. */
+         * that the operation object is useless. */
         status = PSA_ERROR_INSUFFICIENT_DATA;
         goto exit;
     }
-    if( output_length == 0 && generator->capacity == 0 )
+    if( output_length == 0 && operation->capacity == 0 )
     {
-        /* Edge case: this is a finished generator, and 0 bytes
+        /* Edge case: this is a finished operation, and 0 bytes
          * were requested. The right error in this case could
          * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
          * INSUFFICIENT_CAPACITY, which is right for a finished
-         * generator, for consistency with the case when
+         * operation, for consistency with the case when
          * output_length > 0. */
         return( PSA_ERROR_INSUFFICIENT_DATA );
     }
-    generator->capacity -= output_length;
+    operation->capacity -= output_length;
 
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        /* Initially, the capacity of a selection generator is always
-         * the size of the buffer, i.e. `generator->ctx.buffer.size`,
+        /* Initially, the capacity of a selection operation is always
+         * the size of the buffer, i.e. `operation->ctx.buffer.size`,
          * abbreviated in this comment as `size`. When the remaining
          * capacity is `c`, the next bytes to serve start `c` bytes
          * from the end of the buffer, i.e. `size - c` from the
-         * beginning of the buffer. Since `generator->capacity` was just
+         * beginning of the buffer. Since `operation->capacity` was just
          * decremented above, we need to serve the bytes from
-         * `size - generator->capacity - output_length` to
-         * `size - generator->capacity`. */
+         * `size - operation->capacity - output_length` to
+         * `size - operation->capacity`. */
         size_t offset =
-            generator->ctx.buffer.size - generator->capacity - output_length;
-        memcpy( output, generator->ctx.buffer.data + offset, output_length );
+            operation->ctx.buffer.size - operation->capacity - output_length;
+        memcpy( output, operation->ctx.buffer.data + offset, output_length );
         status = PSA_SUCCESS;
     }
     else
@@ -4430,13 +4430,13 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
         psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-        status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg,
+        status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
                                           output, output_length );
     }
     else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
              PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
     {
-        status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf,
+        status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
                                                kdf_alg, output,
                                                output_length );
     }
@@ -4450,12 +4450,12 @@ exit:
     if( status != PSA_SUCCESS )
     {
         /* Preserve the algorithm upon errors, but clear all sensitive state.
-         * This allows us to differentiate between exhausted generators and
-         * blank generators, so we can return PSA_ERROR_BAD_STATE on blank
-         * generators. */
-        psa_algorithm_t alg = generator->alg;
-        psa_key_derivation_abort( generator );
-        generator->alg = alg;
+         * This allows us to differentiate between exhausted operations and
+         * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
+         * operations. */
+        psa_algorithm_t alg = operation->alg;
+        psa_key_derivation_abort( operation );
+        operation->alg = alg;
         memset( output, '!', output_length );
     }
     return( status );
@@ -4476,7 +4476,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
 static psa_status_t psa_generate_derived_key_internal(
     psa_key_slot_t *slot,
     size_t bits,
-    psa_key_derivation_operation_t *generator )
+    psa_key_derivation_operation_t *operation )
 {
     uint8_t *data = NULL;
     size_t bytes = PSA_BITS_TO_BYTES( bits );
@@ -4490,7 +4490,7 @@ static psa_status_t psa_generate_derived_key_internal(
     if( data == NULL )
         return( PSA_ERROR_INSUFFICIENT_MEMORY );
 
-    status = psa_key_derivation_output_bytes( generator, data, bytes );
+    status = psa_key_derivation_output_bytes( operation, data, bytes );
     if( status != PSA_SUCCESS )
         goto exit;
 #if defined(MBEDTLS_DES_C)
@@ -4505,7 +4505,7 @@ exit:
 }
 
 psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
-                                       psa_key_derivation_operation_t *generator,
+                                       psa_key_derivation_operation_t *operation,
                                        psa_key_handle_t *handle )
 {
     psa_status_t status;
@@ -4515,7 +4515,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
     {
         status = psa_generate_derived_key_internal( slot,
                                                     attributes->bits,
-                                                    generator );
+                                                    operation );
     }
     if( status == PSA_SUCCESS )
         status = psa_finish_key_creation( slot );
@@ -4530,7 +4530,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
 psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
                                        psa_key_type_t type,
                                        size_t bits,
-                                       psa_key_derivation_operation_t *generator )
+                                       psa_key_derivation_operation_t *operation )
 {
     uint8_t *data = NULL;
     size_t bytes = PSA_BITS_TO_BYTES( bits );
@@ -4544,7 +4544,7 @@ psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
     if( data == NULL )
         return( PSA_ERROR_INSUFFICIENT_MEMORY );
 
-    status = psa_key_derivation_output_bytes( generator, data, bytes );
+    status = psa_key_derivation_output_bytes( operation, data, bytes );
     if( status != PSA_SUCCESS )
         goto exit;
 #if defined(MBEDTLS_DES_C)
@@ -4565,7 +4565,7 @@ exit:
 /****************************************************************/
 
 #if defined(MBEDTLS_MD_C)
-/* Set up an HKDF-based generator. This is exactly the extract phase
+/* Set up an HKDF-based operation. This is exactly the extract phase
  * of the HKDF algorithm.
  *
  * Note that if this function fails, you must call psa_key_derivation_abort()
@@ -4611,7 +4611,7 @@ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hk
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_MD_C)
-/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
+/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
  *
  * Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
@@ -4668,7 +4668,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup(
     return( PSA_SUCCESS );
 }
 
-/* Set up a TLS-1.2-PSK-to-MS-based generator. */
+/* Set up a TLS-1.2-PSK-to-MS-based operation. */
 static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
     psa_tls12_prf_key_derivation_t *tls12_prf,
     const unsigned char *psk,
@@ -4714,7 +4714,7 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
  * to potentially free embedded data structures and wipe confidential data.
  */
 static psa_status_t psa_key_derivation_internal(
-    psa_key_derivation_operation_t *generator,
+    psa_key_derivation_operation_t *operation,
     const uint8_t *secret, size_t secret_length,
     psa_algorithm_t alg,
     const uint8_t *salt, size_t salt_length,
@@ -4724,8 +4724,8 @@ static psa_status_t psa_key_derivation_internal(
     psa_status_t status;
     size_t max_capacity;
 
-    /* Set generator->alg even on failure so that abort knows what to do. */
-    generator->alg = alg;
+    /* Set operation->alg even on failure so that abort knows what to do. */
+    operation->alg = alg;
 
     if( alg == PSA_ALG_SELECT_RAW )
     {
@@ -4735,11 +4735,11 @@ static psa_status_t psa_key_derivation_internal(
         (void) label;
         if( label_length != 0 )
             return( PSA_ERROR_INVALID_ARGUMENT );
-        generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
-        if( generator->ctx.buffer.data == NULL )
+        operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
+        if( operation->ctx.buffer.data == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( generator->ctx.buffer.data, secret, secret_length );
-        generator->ctx.buffer.size = secret_length;
+        memcpy( operation->ctx.buffer.data, secret, secret_length );
+        operation->ctx.buffer.size = secret_length;
         max_capacity = secret_length;
         status = PSA_SUCCESS;
     }
@@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_internal(
         if( hash_size == 0 )
             return( PSA_ERROR_NOT_SUPPORTED );
         max_capacity = 255 * hash_size;
-        status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf,
+        status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
                                            secret, secret_length,
                                            hash_alg,
                                            salt, salt_length,
@@ -4776,7 +4776,7 @@ static psa_status_t psa_key_derivation_internal(
 
         if( PSA_ALG_IS_TLS12_PRF( alg ) )
         {
-            status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf,
+            status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
                                                     secret, secret_length,
                                                     hash_alg, salt, salt_length,
                                                     label, label_length );
@@ -4784,7 +4784,7 @@ static psa_status_t psa_key_derivation_internal(
         else
         {
             status = psa_key_derivation_tls12_psk_to_ms_setup(
-                &generator->ctx.tls12_prf,
+                &operation->ctx.tls12_prf,
                 secret, secret_length,
                 hash_alg, salt, salt_length,
                 label, label_length );
@@ -4800,16 +4800,16 @@ static psa_status_t psa_key_derivation_internal(
         return( status );
 
     if( capacity <= max_capacity )
-        generator->capacity = capacity;
+        operation->capacity = capacity;
     else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
-        generator->capacity = max_capacity;
+        operation->capacity = max_capacity;
     else
         return( PSA_ERROR_INVALID_ARGUMENT );
 
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
                                  psa_key_handle_t handle,
                                  psa_algorithm_t alg,
                                  const uint8_t *salt,
@@ -4821,7 +4821,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
     psa_key_slot_t *slot;
     psa_status_t status;
 
-    if( generator->alg != 0 )
+    if( operation->alg != 0 )
         return( PSA_ERROR_BAD_STATE );
 
     /* Make sure that alg is a key derivation algorithm. This prevents
@@ -4837,7 +4837,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
     if( slot->type != PSA_KEY_TYPE_DERIVE )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    status = psa_key_derivation_internal( generator,
+    status = psa_key_derivation_internal( operation,
                                           slot->data.raw.data,
                                           slot->data.raw.bytes,
                                           alg,
@@ -4845,12 +4845,12 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
                                           label, label_length,
                                           capacity );
     if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
 static psa_status_t psa_key_derivation_setup_kdf(
-    psa_key_derivation_operation_t *generator,
+    psa_key_derivation_operation_t *operation,
     psa_algorithm_t kdf_alg )
 {
     /* Make sure that kdf_alg is a supported key derivation algorithm. */
@@ -4869,7 +4869,7 @@ static psa_status_t psa_key_derivation_setup_kdf(
         {
             return( PSA_ERROR_NOT_SUPPORTED );
         }
-        generator->capacity = 255 * hash_size;
+        operation->capacity = 255 * hash_size;
         return( PSA_SUCCESS );
     }
 #endif /* MBEDTLS_MD_C */
@@ -4877,12 +4877,12 @@ static psa_status_t psa_key_derivation_setup_kdf(
         return( PSA_ERROR_NOT_SUPPORTED );
 }
 
-psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
                                        psa_algorithm_t alg )
 {
     psa_status_t status;
 
-    if( generator->alg != 0 )
+    if( operation->alg != 0 )
         return( PSA_ERROR_BAD_STATE );
 
     if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
@@ -4890,17 +4890,17 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator
     else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
     {
         psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
-        status = psa_key_derivation_setup_kdf( generator, kdf_alg );
+        status = psa_key_derivation_setup_kdf( operation, kdf_alg );
     }
     else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
     {
-        status = psa_key_derivation_setup_kdf( generator, alg );
+        status = psa_key_derivation_setup_kdf( operation, alg );
     }
     else
         return( PSA_ERROR_INVALID_ARGUMENT );
 
     if( status == PSA_SUCCESS )
-        generator->alg = alg;
+        operation->alg = alg;
     return( status );
 }
 
@@ -4972,31 +4972,31 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
 #endif /* MBEDTLS_MD_C */
 
 static psa_status_t psa_key_derivation_input_raw(
-    psa_key_derivation_operation_t *generator,
+    psa_key_derivation_operation_t *operation,
     psa_key_derivation_step_t step,
     const uint8_t *data,
     size_t data_length )
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
 
     if( kdf_alg == PSA_ALG_SELECT_RAW )
     {
-        if( generator->capacity != 0 )
+        if( operation->capacity != 0 )
             return( PSA_ERROR_INVALID_ARGUMENT );
-        generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
-        if( generator->ctx.buffer.data == NULL )
+        operation->ctx.buffer.data = mbedtls_calloc( 1, data_length );
+        if( operation->ctx.buffer.data == NULL )
             return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( generator->ctx.buffer.data, data, data_length );
-        generator->ctx.buffer.size = data_length;
-        generator->capacity = data_length;
+        memcpy( operation->ctx.buffer.data, data, data_length );
+        operation->ctx.buffer.size = data_length;
+        operation->capacity = data_length;
         status = PSA_SUCCESS;
     }
     else
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HKDF( kdf_alg ) )
     {
-        status = psa_hkdf_input( &generator->ctx.hkdf,
+        status = psa_hkdf_input( &operation->ctx.hkdf,
                                  PSA_ALG_HKDF_GET_HASH( kdf_alg ),
                                  step, data, data_length );
     }
@@ -5013,16 +5013,16 @@ static psa_status_t psa_key_derivation_input_raw(
     else
 #endif /* MBEDTLS_MD_C */
     {
-        /* This can't happen unless the generator object was not initialized */
+        /* This can't happen unless the operation object was not initialized */
         return( PSA_ERROR_BAD_STATE );
     }
 
     if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
-psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation,
                                              psa_key_derivation_step_t step,
                                              const uint8_t *data,
                                              size_t data_length )
@@ -5032,14 +5032,14 @@ psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *gen
         case PSA_KEY_DERIVATION_INPUT_LABEL:
         case PSA_KEY_DERIVATION_INPUT_SALT:
         case PSA_KEY_DERIVATION_INPUT_INFO:
-            return( psa_key_derivation_input_raw( generator, step,
+            return( psa_key_derivation_input_raw( operation, step,
                                                   data, data_length ) );
         default:
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 }
 
-psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation,
                                            psa_key_derivation_step_t step,
                                            psa_key_handle_t handle )
 {
@@ -5047,7 +5047,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener
     psa_status_t status;
     status = psa_get_key_from_slot( handle, &slot,
                                     PSA_KEY_USAGE_DERIVE,
-                                    generator->alg );
+                                    operation->alg );
     if( status != PSA_SUCCESS )
         return( status );
     if( slot->type != PSA_KEY_TYPE_DERIVE )
@@ -5060,7 +5060,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener
      * and leak values derived from the key. So be conservative. */
     if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
         return( PSA_ERROR_INVALID_ARGUMENT );
-    return( psa_key_derivation_input_raw( generator,
+    return( psa_key_derivation_input_raw( operation,
                                           step,
                                           slot->data.raw.data,
                                           slot->data.raw.bytes ) );
@@ -5151,7 +5151,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
 /* Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator,
+static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
                                                 psa_key_derivation_step_t step,
                                                 psa_key_slot_t *private_key,
                                                 const uint8_t *peer_key,
@@ -5160,7 +5160,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
     psa_status_t status;
     uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
     size_t shared_secret_length = 0;
-    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg );
+    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
 
     /* Step 1: run the secret agreement algorithm to generate the shared
      * secret. */
@@ -5175,7 +5175,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
 
     /* Step 2: set up the key derivation to generate key material from
      * the shared secret. */
-    status = psa_key_derivation_input_raw( generator, step,
+    status = psa_key_derivation_input_raw( operation, step,
                                            shared_secret, shared_secret_length );
 
 exit:
@@ -5183,7 +5183,7 @@ exit:
     return( status );
 }
 
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
                                 psa_key_derivation_step_t step,
                                 psa_key_handle_t private_key,
                                 const uint8_t *peer_key,
@@ -5191,17 +5191,17 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *g
 {
     psa_key_slot_t *slot;
     psa_status_t status;
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
+    if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
     status = psa_get_key_from_slot( private_key, &slot,
-                                    PSA_KEY_USAGE_DERIVE, generator->alg );
+                                    PSA_KEY_USAGE_DERIVE, operation->alg );
     if( status != PSA_SUCCESS )
         return( status );
-    status = psa_key_agreement_internal( generator, step,
+    status = psa_key_agreement_internal( operation, step,
                                          slot,
                                          peer_key, peer_key_length );
     if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( generator );
+        psa_key_derivation_abort( operation );
     return( status );
 }
 
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index d98470d3d2..abc73aebe5 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1716,7 +1716,7 @@ PSA decrypt: RSA OAEP-SHA-256, input too large
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
 asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
 
-Crypto generator initializers zero properly
+Crypto derivation operation object initializers zero properly
 key_derivation_init:
 
 PSA key derivation: HKDF-SHA-256, good case
@@ -1755,11 +1755,11 @@ PSA key derivation: unsupported key derivation algorithm
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
 
-PSA key derivation: invalid generator state ( double generate + read past capacity )
+PSA key derivation: invalid state (double generate + read past capacity)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 test_derive_invalid_key_derivation_state:
 
-PSA key derivation:  invalid generator state ( call read/get_capacity after init and abort )
+PSA key derivation: invalid state (call read/get_capacity after init and abort)
 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
 test_derive_invalid_key_derivation_tests:
 
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 52c41e7eba..4c28b80a60 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -525,7 +525,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
                                         psa_key_usage_t usage,
                                         psa_algorithm_t alg )
 {
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char label[16] = "This is a label.";
     size_t label_length = sizeof( label );
     unsigned char seed[16] = "abcdefghijklmnop";
@@ -536,15 +536,15 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
     {
         if( PSA_ALG_IS_HKDF( alg ) )
         {
-            PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-            PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+            PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+            PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                         PSA_KEY_DERIVATION_INPUT_SALT,
                                                         label,
                                                         label_length ) );
-            PSA_ASSERT( psa_key_derivation_input_key( &generator,
+            PSA_ASSERT( psa_key_derivation_input_key( &operation,
                                                       PSA_KEY_DERIVATION_INPUT_SECRET,
                                                       handle ) );
-            PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+            PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                         PSA_KEY_DERIVATION_INPUT_INFO,
                                                         seed,
                                                         seed_length ) );
@@ -552,16 +552,16 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
         else
         {
             // legacy
-            PSA_ASSERT( psa_key_derivation( &generator,
+            PSA_ASSERT( psa_key_derivation( &operation,
                                             handle, alg,
                                             label, label_length,
                                             seed, seed_length,
                                             sizeof( output ) ) );
         }
-        PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                         output,
                                         sizeof( output ) ) );
-        PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+        PSA_ASSERT( psa_key_derivation_abort( &operation ) );
     }
 
     return( 1 );
@@ -572,7 +572,7 @@ exit:
 
 /* We need two keys to exercise key agreement. Exercise the
  * private key against its own public key. */
-static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator,
+static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation,
                                              psa_key_handle_t handle )
 {
     psa_key_type_t private_key_type;
@@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *gen
                                        public_key, public_key_length,
                                        &public_key_length ) );
 
-    status = psa_key_derivation_key_agreement( generator, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+    status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
                                 public_key, public_key_length );
 exit:
     mbedtls_free( public_key );
@@ -664,7 +664,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
                                        psa_key_usage_t usage,
                                        psa_algorithm_t alg )
 {
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char output[1];
     int ok = 0;
 
@@ -672,12 +672,12 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
     {
         /* We need two keys to exercise key agreement. Exercise the
          * private key against its own public key. */
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
-        PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                         output,
                                         sizeof( output ) ) );
-        PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+        PSA_ASSERT( psa_key_derivation_abort( &operation ) );
     }
     ok = 1;
 
@@ -1844,7 +1844,7 @@ void derive_key_policy( int policy_usage,
 {
     psa_key_handle_t handle = 0;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -1856,7 +1856,7 @@ void derive_key_policy( int policy_usage,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &handle ) );
 
-    status = psa_key_derivation( &generator, handle,
+    status = psa_key_derivation( &operation, handle,
                                  exercise_alg,
                                  NULL, 0,
                                  NULL, 0,
@@ -1868,7 +1868,7 @@ void derive_key_policy( int policy_usage,
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -1884,7 +1884,7 @@ void agreement_key_policy( int policy_usage,
     psa_key_handle_t handle = 0;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t key_type = key_type_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -1896,8 +1896,8 @@ void agreement_key_policy( int policy_usage,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &handle ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
-    status = key_agreement_with_self( &generator, handle );
+    PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+    status = key_agreement_with_self( &operation, handle );
 
     if( policy_alg == exercise_alg &&
         ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -1906,7 +1906,7 @@ void agreement_key_policy( int policy_usage,
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -1922,7 +1922,7 @@ void raw_agreement_key_policy( int policy_usage,
     psa_key_handle_t handle = 0;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t key_type = key_type_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_status_t status;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -1943,7 +1943,7 @@ void raw_agreement_key_policy( int policy_usage,
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4009,7 +4009,7 @@ void key_derivation_init( )
 
     memset( &zero, 0, sizeof( zero ) );
 
-    /* A default generator should not be able to report its capacity. */
+    /* A default operation should not be able to report its capacity. */
     TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
                 PSA_ERROR_BAD_STATE );
     TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
@@ -4017,7 +4017,7 @@ void key_derivation_init( )
     TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
                 PSA_ERROR_BAD_STATE );
 
-    /* A default generator should be abortable without error. */
+    /* A default operation should be abortable without error. */
     PSA_ASSERT( psa_key_derivation_abort(&func) );
     PSA_ASSERT( psa_key_derivation_abort(&init) );
     PSA_ASSERT( psa_key_derivation_abort(&zero) );
@@ -4038,7 +4038,7 @@ void derive_setup( int key_type_arg,
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
     psa_status_t expected_status = expected_status_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -4050,14 +4050,14 @@ void derive_setup( int key_type_arg,
     PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
                                 &handle ) );
 
-    TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+    TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     requested_capacity ),
                 expected_status );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4068,7 +4068,7 @@ void test_derive_invalid_key_derivation_state( )
 {
     psa_key_handle_t handle = 0;
     size_t key_type = PSA_KEY_TYPE_DERIVE;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
     uint8_t buffer[42];
     size_t capacity = sizeof( buffer );
@@ -4088,25 +4088,25 @@ void test_derive_invalid_key_derivation_state( )
                                 &handle ) );
 
     /* valid key derivation */
-    PSA_ASSERT(  psa_key_derivation( &generator, handle, alg,
+    PSA_ASSERT(  psa_key_derivation( &operation, handle, alg,
                                      NULL, 0,
                                      NULL, 0,
                                      capacity ) );
 
-    /* state of generator shouldn't allow additional generation */
-    TEST_EQUAL(  psa_key_derivation( &generator, handle, alg,
+    /* state of operation shouldn't allow additional generation */
+    TEST_EQUAL(  psa_key_derivation( &operation, handle, alg,
                                      NULL, 0,
                                      NULL, 0,
                                      capacity ),
                  PSA_ERROR_BAD_STATE );
 
-    PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) );
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
 
-    TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ),
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
                 PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4118,24 +4118,24 @@ void test_derive_invalid_key_derivation_tests( )
     uint8_t output_buffer[16];
     size_t buffer_size = 16;
     size_t capacity = 0;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
 
-    TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
+    TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
                  == PSA_ERROR_BAD_STATE );
 
-    TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
+    TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
                  == PSA_ERROR_BAD_STATE );
 
-    PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
-    TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
+    TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
                  == PSA_ERROR_BAD_STATE );
 
-    TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
+    TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
                  == PSA_ERROR_BAD_STATE );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
 }
 /* END_CASE */
 
@@ -4151,7 +4151,7 @@ void derive_output( int alg_arg,
     psa_key_handle_t handle = 0;
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     uint8_t *expected_outputs[2] =
         {expected_output1->x, expected_output2->x};
     size_t output_sizes[2] =
@@ -4184,28 +4184,28 @@ void derive_output( int alg_arg,
     /* Extraction phase. */
     if( PSA_ALG_IS_HKDF( alg ) )
     {
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
                                                 requested_capacity ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_SALT,
                                                     salt->x, salt->len ) );
-        PSA_ASSERT( psa_key_derivation_input_key( &generator,
+        PSA_ASSERT( psa_key_derivation_input_key( &operation,
                                                   PSA_KEY_DERIVATION_INPUT_SECRET,
                                                   handle ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_INFO,
                                                     label->x, label->len ) );
     }
     else
     {
         // legacy
-        PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+        PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
                                         salt->x, salt->len,
                                         label->x, label->len,
                                         requested_capacity ) );
     }
-    PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+    PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
                                             &current_capacity ) );
     TEST_EQUAL( current_capacity, requested_capacity );
     expected_capacity = requested_capacity;
@@ -4214,7 +4214,7 @@ void derive_output( int alg_arg,
     for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
     {
         /* Read some bytes. */
-        status = psa_key_derivation_output_bytes( &generator,
+        status = psa_key_derivation_output_bytes( &operation,
                                      output_buffer, output_sizes[i] );
         if( expected_capacity == 0 && output_sizes[i] == 0 )
         {
@@ -4236,17 +4236,17 @@ void derive_output( int alg_arg,
         if( output_sizes[i] != 0 )
             ASSERT_COMPARE( output_buffer, output_sizes[i],
                             expected_outputs[i], output_sizes[i] );
-        /* Check the generator status. */
+        /* Check the operation status. */
         expected_capacity -= output_sizes[i];
-        PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+        PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
                                                 &current_capacity ) );
         TEST_EQUAL( expected_capacity, current_capacity );
     }
-    PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
 exit:
     mbedtls_free( output_buffer );
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4262,7 +4262,7 @@ void derive_full( int alg_arg,
     psa_key_handle_t handle = 0;
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char output_buffer[16];
     size_t expected_capacity = requested_capacity;
     size_t current_capacity;
@@ -4280,28 +4280,28 @@ void derive_full( int alg_arg,
     /* Extraction phase. */
     if( PSA_ALG_IS_HKDF( alg ) )
     {
-        PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-        PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
+        PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+        PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
                                                 requested_capacity ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_SALT,
                                                     salt->x, salt->len ) );
-        PSA_ASSERT( psa_key_derivation_input_key( &generator,
+        PSA_ASSERT( psa_key_derivation_input_key( &operation,
                                                   PSA_KEY_DERIVATION_INPUT_SECRET,
                                                   handle ) );
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_INFO,
                                                     label->x, label->len ) );
     }
     else
     {
         // legacy
-        PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+        PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
                                         salt->x, salt->len,
                                         label->x, label->len,
                                         requested_capacity ) );
     }
-    PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+    PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
                                             &current_capacity ) );
     TEST_EQUAL( current_capacity, expected_capacity );
 
@@ -4311,23 +4311,23 @@ void derive_full( int alg_arg,
         size_t read_size = sizeof( output_buffer );
         if( read_size > current_capacity )
             read_size = current_capacity;
-        PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                         output_buffer,
                                         read_size ) );
         expected_capacity -= read_size;
-        PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+        PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
                                                 &current_capacity ) );
         TEST_EQUAL( current_capacity, expected_capacity );
     }
 
-    /* Check that the generator refuses to go over capacity. */
-    TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ),
+    /* Check that the operation refuses to go over capacity. */
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
                 PSA_ERROR_INSUFFICIENT_DATA );
 
-    PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( handle );
     mbedtls_psa_crypto_free( );
 }
@@ -4351,7 +4351,7 @@ void derive_key_exercise( int alg_arg,
     psa_key_usage_t derived_usage = derived_usage_arg;
     psa_algorithm_t derived_alg = derived_alg_arg;
     size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -4364,7 +4364,7 @@ void derive_key_exercise( int alg_arg,
                                 &base_handle ) );
 
     /* Derive a key. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
@@ -4372,7 +4372,7 @@ void derive_key_exercise( int alg_arg,
     psa_set_key_algorithm( &attributes, derived_alg );
     psa_set_key_type( &attributes, derived_type );
     psa_set_key_bits( &attributes, derived_bits );
-    PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
+    PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
                                           &derived_handle ) );
 
     /* Test the key information */
@@ -4385,7 +4385,7 @@ void derive_key_exercise( int alg_arg,
         goto exit;
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_reset_key_attributes( &got_attributes );
     psa_destroy_key( base_handle );
     psa_destroy_key( derived_handle );
@@ -4407,7 +4407,7 @@ void derive_key_export( int alg_arg,
     size_t bytes1 = bytes1_arg;
     size_t bytes2 = bytes2_arg;
     size_t capacity = bytes1 + bytes2;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     uint8_t *output_buffer = NULL;
     uint8_t *export_buffer = NULL;
     psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -4425,17 +4425,17 @@ void derive_key_export( int alg_arg,
                                 &base_handle ) );
 
     /* Derive some material and output it. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
-    PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                     output_buffer,
                                     capacity ) );
-    PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+    PSA_ASSERT( psa_key_derivation_abort( &operation ) );
 
     /* Derive the same output again, but this time store it in key objects. */
-    PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+    PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
                                     salt->x, salt->len,
                                     label->x, label->len,
                                     capacity ) );
@@ -4443,7 +4443,7 @@ void derive_key_export( int alg_arg,
     psa_set_key_algorithm( &derived_attributes, 0 );
     psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
     psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
-    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
+    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
                                           &derived_handle ) );
     PSA_ASSERT( psa_export_key( derived_handle,
                                 export_buffer, bytes1,
@@ -4451,7 +4451,7 @@ void derive_key_export( int alg_arg,
     TEST_EQUAL( length, bytes1 );
     PSA_ASSERT( psa_destroy_key( derived_handle ) );
     psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
-    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
+    PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
                                           &derived_handle ) );
     PSA_ASSERT( psa_export_key( derived_handle,
                                 export_buffer + bytes1, bytes2,
@@ -4465,7 +4465,7 @@ void derive_key_export( int alg_arg,
 exit:
     mbedtls_free( output_buffer );
     mbedtls_free( export_buffer );
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( base_handle );
     psa_destroy_key( derived_handle );
     mbedtls_psa_crypto_free( );
@@ -4481,7 +4481,7 @@ void key_agreement_setup( int alg_arg,
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t expected_status = expected_status_arg;
     psa_status_t status;
@@ -4499,10 +4499,10 @@ void key_agreement_setup( int alg_arg,
      * Test cases that fail at the setup step should be changed to call
      * key_derivation_setup instead, and this function should be renamed
      * to key_agreement_fail. */
-    status = psa_key_derivation_setup( &generator, alg );
+    status = psa_key_derivation_setup( &operation, alg );
     if( status == PSA_SUCCESS )
     {
-        TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+        TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
                                        our_key,
                                        peer_key_data->x, peer_key_data->len ),
                     expected_status );
@@ -4513,7 +4513,7 @@ void key_agreement_setup( int alg_arg,
     }
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
 }
@@ -4565,7 +4565,7 @@ void key_agreement_capacity( int alg_arg,
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     size_t actual_capacity;
     unsigned char output[16];
@@ -4579,37 +4579,37 @@ void key_agreement_capacity( int alg_arg,
                                 our_key_data->x, our_key_data->len,
                                 &our_key ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-    PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+    PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+    PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
                                    our_key,
                                    peer_key_data->x, peer_key_data->len ) );
     if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
     {
         /* The test data is for info="" */
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_INFO,
                                                     NULL, 0 ) );
     }
 
     /* Test the advertized capacity. */
     PSA_ASSERT( psa_key_derivation_get_capacity(
-                    &generator, &actual_capacity ) );
+                    &operation, &actual_capacity ) );
     TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
 
     /* Test the actual capacity by reading the output. */
     while( actual_capacity > sizeof( output ) )
     {
-        PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                         output, sizeof( output ) ) );
         actual_capacity -= sizeof( output );
     }
-    PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                     output, actual_capacity ) );
-    TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ),
+    TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
                 PSA_ERROR_INSUFFICIENT_DATA );
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
 }
@@ -4624,7 +4624,7 @@ void key_agreement_output( int alg_arg,
     psa_key_handle_t our_key = 0;
     psa_algorithm_t alg = alg_arg;
     psa_key_type_t our_key_type = our_key_type_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t *actual_output = NULL;
 
@@ -4640,26 +4640,26 @@ void key_agreement_output( int alg_arg,
                                 our_key_data->x, our_key_data->len,
                                 &our_key ) );
 
-    PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
-    PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+    PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+    PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
                                    our_key,
                                    peer_key_data->x, peer_key_data->len ) );
     if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
     {
         /* The test data is for info="" */
-        PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
                                                     PSA_KEY_DERIVATION_INPUT_INFO,
                                                     NULL, 0 ) );
     }
 
-    PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+    PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                     actual_output,
                                     expected_output1->len ) );
     ASSERT_COMPARE( actual_output, expected_output1->len,
                     expected_output1->x, expected_output1->len );
     if( expected_output2->len != 0 )
     {
-        PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+        PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
                                         actual_output,
                                         expected_output2->len ) );
         ASSERT_COMPARE( actual_output, expected_output2->len,
@@ -4667,7 +4667,7 @@ void key_agreement_output( int alg_arg,
     }
 
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( our_key );
     mbedtls_psa_crypto_free( );
     mbedtls_free( actual_output );
@@ -4886,7 +4886,7 @@ void persistent_key_load_key_from_storage( data_t *data,
     size_t bits = bits_arg;
     psa_key_usage_t usage_flags = usage_flags_arg;
     psa_algorithm_t alg = alg_arg;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
     unsigned char *first_export = NULL;
     unsigned char *second_export = NULL;
     size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
@@ -4933,16 +4933,16 @@ void persistent_key_load_key_from_storage( data_t *data,
                                             data->x, data->len,
                                             &base_key ) );
                 /* Derive a key. */
-                PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
-                PSA_ASSERT( psa_key_derivation_input_key( &generator,
+                PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
+                PSA_ASSERT( psa_key_derivation_input_key( &operation,
                                                           PSA_KEY_DERIVATION_INPUT_SECRET,
                                                           base_key ) );
                 PSA_ASSERT( psa_key_derivation_input_bytes(
-                                &generator, PSA_KEY_DERIVATION_INPUT_INFO,
+                                &operation, PSA_KEY_DERIVATION_INPUT_INFO,
                                 NULL, 0 ) );
-                PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
+                PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
                                                       &handle ) );
-                PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+                PSA_ASSERT( psa_key_derivation_abort( &operation ) );
                 PSA_ASSERT( psa_destroy_key( base_key ) );
                 base_key = 0;
             }
@@ -4994,7 +4994,7 @@ exit:
     psa_reset_key_attributes( &attributes );
     mbedtls_free( first_export );
     mbedtls_free( second_export );
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
     psa_destroy_key( base_key );
     if( handle == 0 )
     {