The transformation implementation is an actual code or interface to hardware which implements a certain transformation with precisely defined behavior.
The transformation object (TFM) is an instance of a transformation implementation. There can be multiple transformation objects associated with a single transformation implementation. Each of those transformation objects is held by a crypto API consumer or another transformation. Transformation object is allocated when a crypto API consumer requests a transformation implementation. The consumer is then provided with a structure, which contains a transformation object (TFM).
The structure that contains transformation objects may also be referred to as a "cipher handle". Such a cipher handle is always subject to the following phases that are reflected in the API calls applicable to such a cipher handle:
Initialization of a cipher handle.
Execution of all intended cipher operations applicable for the handle where the cipher handle must be furnished to every API call.
Destruction of a cipher handle.
When using the initialization API calls, a cipher handle is created and returned to the consumer. Therefore, please refer to all initialization API calls that refer to the data structure type a consumer is expected to receive and subsequently to use. The initialization API calls have all the same naming conventions of crypto_alloc_*.
The transformation context is private data associated with the transformation object.