[Crypto] Rename aes key byte array to symmetric key byte array (#30802)

* Rename aes key byte array to symmetric key byte array * Restyled by clang-format --------- Co-authored-by: Restyled.io <commits@restyled.io>
project-chip · Feb 24, 2024 · 1178664 · 1178664
1 parent 93f851b
commit 1178664
Show file tree

Hide file tree

Showing 24 changed files with 92 additions and 74 deletions.
diff --git a/src/app/icd/ICDCheckInSender.cpp b/src/app/icd/ICDCheckInSender.cpp
@@ -89,8 +89,8 @@ CHIP_ERROR ICDCheckInSender::RequestResolve(ICDMonitoringEntry & entry, FabricTa
 
  AddressResolve::NodeLookupRequest request(peerId);
 
- memcpy(mKey.AsMutable<Crypto::Aes128KeyByteArray>(), entry.key.As<Crypto::Aes128KeyByteArray>(),
- sizeof(Crypto::Aes128KeyByteArray));
+ memcpy(mKey.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), entry.key.As<Crypto::Symmetric128BitsKeyByteArray>(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
 
  CHIP_ERROR err = AddressResolve::Resolver::Instance().LookupNode(request, mAddressLookupHandle);
 

diff --git a/src/app/icd/ICDMonitoringTable.cpp b/src/app/icd/ICDMonitoringTable.cpp
@@ -42,7 +42,7 @@ CHIP_ERROR ICDMonitoringEntry::Serialize(TLV::TLVWriter & writer) const
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kCheckInNodeID), checkInNodeID));
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kMonitoredSubject), monitoredSubject));
 
- ByteSpan buf(key.As<Crypto::Aes128KeyByteArray>());
+ ByteSpan buf(key.As<Crypto::Symmetric128BitsKeyByteArray>());
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kKey), buf));
  ReturnErrorOnFailure(writer.EndContainer(outer));
  return CHIP_NO_ERROR;
@@ -70,13 +70,14 @@ CHIP_ERROR ICDMonitoringEntry::Deserialize(TLV::TLVReader & reader)
  ReturnErrorOnFailure(reader.Get(monitoredSubject));
  break;
  case to_underlying(Fields::kKey): {
- ByteSpan buf(key.AsMutable<Crypto::Aes128KeyByteArray>());
+ ByteSpan buf(key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>());
  ReturnErrorOnFailure(reader.Get(buf));
  // Since we are storing either the raw key or a key ID, we must
  // simply copy the data as is in the keyHandle.
  // Calling SetKey here would create another key in storage and will cause
  // key leakage in some implementation.
- memcpy(key.AsMutable<Crypto::Aes128KeyByteArray>(), buf.data(), sizeof(Crypto::Aes128KeyByteArray));
+ memcpy(key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), buf.data(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
  keyHandleValid = true;
  }
  break;
@@ -100,12 +101,12 @@ void ICDMonitoringEntry::Clear()
 
 CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData)
 {
- VerifyOrReturnError(keyData.size() == sizeof(Crypto::Aes128KeyByteArray), CHIP_ERROR_INVALID_ARGUMENT);
+ VerifyOrReturnError(keyData.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INVALID_ARGUMENT);
  VerifyOrReturnError(symmetricKeystore != nullptr, CHIP_ERROR_INTERNAL);
  VerifyOrReturnError(!keyHandleValid, CHIP_ERROR_INTERNAL);
 
- Crypto::Aes128KeyByteArray keyMaterial;
- memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Aes128KeyByteArray));
+ Crypto::Symmetric128BitsKeyByteArray keyMaterial;
+ memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Symmetric128BitsKeyByteArray));
 
  ReturnErrorOnFailure(symmetricKeystore->CreateKey(keyMaterial, key));
  keyHandleValid = true;
@@ -174,8 +175,8 @@ ICDMonitoringEntry & ICDMonitoringEntry::operator=(const ICDMonitoringEntry & ic
  index = icdMonitoringEntry.index;
  keyHandleValid = icdMonitoringEntry.keyHandleValid;
  symmetricKeystore = icdMonitoringEntry.symmetricKeystore;
- memcpy(key.AsMutable<Crypto::Aes128KeyByteArray>(), icdMonitoringEntry.key.As<Crypto::Aes128KeyByteArray>(),
- sizeof(Crypto::Aes128KeyByteArray));
+ memcpy(key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), icdMonitoringEntry.key.As<Crypto::Symmetric128BitsKeyByteArray>(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
 
  return *this;
 }
@@ -214,8 +215,8 @@ CHIP_ERROR ICDMonitoringTable::Set(uint16_t index, const ICDMonitoringEntry & en
  e.checkInNodeID = entry.checkInNodeID;
  e.monitoredSubject = entry.monitoredSubject;
  e.index = index;
- memcpy(e.key.AsMutable<Crypto::Aes128KeyByteArray>(), entry.key.As<Crypto::Aes128KeyByteArray>(),
- sizeof(Crypto::Aes128KeyByteArray));
+ memcpy(e.key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), entry.key.As<Crypto::Symmetric128BitsKeyByteArray>(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
 
  return e.Save(this->mStorage);
 }

diff --git a/src/app/icd/client/DefaultICDClientStorage.cpp b/src/app/icd/client/DefaultICDClientStorage.cpp
@@ -262,8 +262,9 @@ CHIP_ERROR DefaultICDClientStorage::Load(FabricIndex fabricIndex, std::vector<IC
  ReturnErrorOnFailure(reader.Next(TLV::ContextTag(ClientInfoTag::kSharedKey)));
  ByteSpan buf;
  ReturnErrorOnFailure(reader.Get(buf));
- VerifyOrReturnError(buf.size() == sizeof(Crypto::Aes128KeyByteArray), CHIP_ERROR_INTERNAL);
- memcpy(clientInfo.shared_key.AsMutable<Crypto::Aes128KeyByteArray>(), buf.data(), sizeof(Crypto::Aes128KeyByteArray));
+ VerifyOrReturnError(buf.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INTERNAL);
+ memcpy(clientInfo.shared_key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), buf.data(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
  ReturnErrorOnFailure(reader.ExitContainer(ICDClientInfoType));
  clientInfoVector.push_back(clientInfo);
  }
@@ -279,10 +280,10 @@ CHIP_ERROR DefaultICDClientStorage::Load(FabricIndex fabricIndex, std::vector<IC
 
 CHIP_ERROR DefaultICDClientStorage::SetKey(ICDClientInfo & clientInfo, const ByteSpan keyData)
 {
- VerifyOrReturnError(keyData.size() == sizeof(Crypto::Aes128KeyByteArray), CHIP_ERROR_INVALID_ARGUMENT);
+ VerifyOrReturnError(keyData.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INVALID_ARGUMENT);
 
- Crypto::Aes128KeyByteArray keyMaterial;
- memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Aes128KeyByteArray));
+ Crypto::Symmetric128BitsKeyByteArray keyMaterial;
+ memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Symmetric128BitsKeyByteArray));
 
  return mpKeyStore->CreateKey(keyMaterial, clientInfo.shared_key);
 }
@@ -300,7 +301,7 @@ CHIP_ERROR DefaultICDClientStorage::SerializeToTlv(TLV::TLVWriter & writer, cons
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kStartICDCounter), clientInfo.start_icd_counter));
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kOffset), clientInfo.offset));
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kMonitoredSubject), clientInfo.monitored_subject));
- ByteSpan buf(clientInfo.shared_key.As<Crypto::Aes128KeyByteArray>());
+ ByteSpan buf(clientInfo.shared_key.As<Crypto::Symmetric128BitsKeyByteArray>());
  ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kSharedKey), buf));
  ReturnErrorOnFailure(writer.EndContainer(ICDClientInfoContainerType));
  }

diff --git a/src/app/icd/client/DefaultICDClientStorage.h b/src/app/icd/client/DefaultICDClientStorage.h
@@ -100,7 +100,7 @@ class DefaultICDClientStorage : public ICDClientStorage
  {
  // All the fields added together
  return TLV::EstimateStructOverhead(sizeof(NodeId), sizeof(FabricIndex), sizeof(uint32_t), sizeof(uint32_t),
- sizeof(uint64_t), sizeof(Crypto::Aes128KeyByteArray));
+ sizeof(uint64_t), sizeof(Crypto::Symmetric128BitsKeyByteArray));
  }
 
  static constexpr size_t MaxICDCounterSize()

diff --git a/src/app/icd/client/ICDClientInfo.h b/src/app/icd/client/ICDClientInfo.h
@@ -44,8 +44,9 @@ struct ICDClientInfo
  start_icd_counter = other.start_icd_counter;
  offset = other.offset;
  monitored_subject = other.monitored_subject;
- ByteSpan buf(other.shared_key.As<Crypto::Aes128KeyByteArray>());
- memcpy(shared_key.AsMutable<Crypto::Aes128KeyByteArray>(), buf.data(), sizeof(Crypto::Aes128KeyByteArray));
+ ByteSpan buf(other.shared_key.As<Crypto::Symmetric128BitsKeyByteArray>());
+ memcpy(shared_key.AsMutable<Crypto::Symmetric128BitsKeyByteArray>(), buf.data(),
+ sizeof(Crypto::Symmetric128BitsKeyByteArray));
  return *this;
  }
 };

diff --git a/src/credentials/GroupDataProviderImpl.h b/src/credentials/GroupDataProviderImpl.h
@@ -156,16 +156,16 @@ class GroupDataProviderImpl : public GroupDataProvider
  public:
  GroupKeyContext(GroupDataProviderImpl & provider) : mProvider(provider) {}
 
- GroupKeyContext(GroupDataProviderImpl & provider, const Crypto::Aes128KeyByteArray & encryptionKey, uint16_t hash,
- const Crypto::Aes128KeyByteArray & privacyKey) :
+ GroupKeyContext(GroupDataProviderImpl & provider, const Crypto::Symmetric128BitsKeyByteArray & encryptionKey, uint16_t hash,
+ const Crypto::Symmetric128BitsKeyByteArray & privacyKey) :
  mProvider(provider)
 
  {
  Initialize(encryptionKey, hash, privacyKey);
  }
 
- void Initialize(const Crypto::Aes128KeyByteArray & encryptionKey, uint16_t hash,
- const Crypto::Aes128KeyByteArray & privacyKey)
+ void Initialize(const Crypto::Symmetric128BitsKeyByteArray & encryptionKey, uint16_t hash,
+ const Crypto::Symmetric128BitsKeyByteArray & privacyKey)
  {
  ReleaseKeys();
  mKeyHash = hash;

diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h
@@ -562,7 +562,7 @@ class P256Keypair : public P256KeypairBase
  bool mInitialized = false;
 };
 
-using Aes128KeyByteArray = uint8_t[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES];
+using Symmetric128BitsKeyByteArray = uint8_t[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES];
 
 /**
  * @brief Platform-specific AES key

diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp
@@ -204,7 +204,7 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
 #if CHIP_CRYPTO_BORINGSSL
  aead = EVP_aead_aes_128_ccm_matter();
 
- context = EVP_AEAD_CTX_new(aead, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray), tag_length);
+ context = EVP_AEAD_CTX_new(aead, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray), tag_length);
  VerifyOrExit(context != nullptr, error = CHIP_ERROR_NO_MEMORY);
 
  result = EVP_AEAD_CTX_seal_scatter(context, ciphertext, tag, &written_tag_len, tag_length, nonce, nonce_length, plaintext,
@@ -231,8 +231,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
  VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL);
 
  // Pass in key + nonce
- static_assert(kAES_CCM128_Key_Length == sizeof(Aes128KeyByteArray), "Unexpected key length");
- result = EVP_EncryptInit_ex(context, nullptr, nullptr, key.As<Aes128KeyByteArray>(), Uint8::to_const_uchar(nonce));
+ static_assert(kAES_CCM128_Key_Length == sizeof(Symmetric128BitsKeyByteArray), "Unexpected key length");
+ result = EVP_EncryptInit_ex(context, nullptr, nullptr, key.As<Symmetric128BitsKeyByteArray>(), Uint8::to_const_uchar(nonce));
  VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL);
 
  // Pass in plain text length
@@ -336,7 +336,7 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
 #if CHIP_CRYPTO_BORINGSSL
  aead = EVP_aead_aes_128_ccm_matter();
 
- context = EVP_AEAD_CTX_new(aead, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray), tag_length);
+ context = EVP_AEAD_CTX_new(aead, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray), tag_length);
  VerifyOrExit(context != nullptr, error = CHIP_ERROR_NO_MEMORY);
 
  result = EVP_AEAD_CTX_open_gather(context, plaintext, nonce, nonce_length, ciphertext, ciphertext_length, tag, tag_length, aad,
@@ -366,8 +366,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
  VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL);
 
  // Pass in key + nonce
- static_assert(kAES_CCM128_Key_Length == sizeof(Aes128KeyByteArray), "Unexpected key length");
- result = EVP_DecryptInit_ex(context, nullptr, nullptr, key.As<Aes128KeyByteArray>(), Uint8::to_const_uchar(nonce));
+ static_assert(kAES_CCM128_Key_Length == sizeof(Symmetric128BitsKeyByteArray), "Unexpected key length");
+ result = EVP_DecryptInit_ex(context, nullptr, nullptr, key.As<Symmetric128BitsKeyByteArray>(), Uint8::to_const_uchar(nonce));
  VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL);
 
  // Pass in cipher text length

diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp
@@ -96,7 +96,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
  }
 
  // Size of key is expressed in bits, hence the multiplication by 8.
- result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray) * 8);
+ result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(),
+ sizeof(Symmetric128BitsKeyByteArray) * 8);
  VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
  // Encrypt
@@ -133,7 +134,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
  }
 
  // Size of key is expressed in bits, hence the multiplication by 8.
- result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray) * 8);
+ result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(),
+ sizeof(Symmetric128BitsKeyByteArray) * 8);
  VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
  // Decrypt

diff --git a/src/crypto/PSASessionKeystore.cpp b/src/crypto/PSASessionKeystore.cpp
@@ -49,13 +49,14 @@ class AesKeyAttributes
 
 } // namespace
 
-CHIP_ERROR PSASessionKeystore::CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key)
+CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key)
 {
  // Destroy the old key if already allocated
  psa_destroy_key(key.As<psa_key_id_t>());
 
  AesKeyAttributes attrs;
- psa_status_t status = psa_import_key(&attrs.Get(), keyMaterial, sizeof(Aes128KeyByteArray), &key.AsMutable<psa_key_id_t>());
+ psa_status_t status =
+ psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable<psa_key_id_t>());
  VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
 
  return CHIP_NO_ERROR;

diff --git a/src/crypto/PSASessionKeystore.h b/src/crypto/PSASessionKeystore.h
@@ -25,7 +25,7 @@ namespace Crypto {
 class PSASessionKeystore : public SessionKeystore
 {
 public:
- CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) override;
+ CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) override;
  CHIP_ERROR DeriveKey(const P256ECDHDerivedSecret & secret, const ByteSpan & salt, const ByteSpan & info,
  Aes128KeyHandle & key) override;
  CHIP_ERROR DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & i2rKey,

diff --git a/src/crypto/RawKeySessionKeystore.cpp b/src/crypto/RawKeySessionKeystore.cpp
@@ -24,9 +24,9 @@ namespace Crypto {
 
 using HKDF_sha_crypto = HKDF_sha;
 
-CHIP_ERROR RawKeySessionKeystore::CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key)
+CHIP_ERROR RawKeySessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key)
 {
- memcpy(key.AsMutable<Aes128KeyByteArray>(), keyMaterial, sizeof(Aes128KeyByteArray));
+ memcpy(key.AsMutable<Symmetric128BitsKeyByteArray>(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray));
  return CHIP_NO_ERROR;
 }
 
@@ -36,30 +36,30 @@ CHIP_ERROR RawKeySessionKeystore::DeriveKey(const P256ECDHDerivedSecret & secret
  HKDF_sha_crypto hkdf;
 
  return hkdf.HKDF_SHA256(secret.ConstBytes(), secret.Length(), salt.data(), salt.size(), info.data(), info.size(),
- key.AsMutable<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray));
+ key.AsMutable<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray));
 }
 
 CHIP_ERROR RawKeySessionKeystore::DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info,
  Aes128KeyHandle & i2rKey, Aes128KeyHandle & r2iKey,
  AttestationChallenge & attestationChallenge)
 {
  HKDF_sha_crypto hkdf;
- uint8_t keyMaterial[2 * sizeof(Aes128KeyByteArray) + AttestationChallenge::Capacity()];
+ uint8_t keyMaterial[2 * sizeof(Symmetric128BitsKeyByteArray) + AttestationChallenge::Capacity()];
 
  ReturnErrorOnFailure(hkdf.HKDF_SHA256(secret.data(), secret.size(), salt.data(), salt.size(), info.data(), info.size(),
  keyMaterial, sizeof(keyMaterial)));
 
  Encoding::LittleEndian::Reader reader(keyMaterial, sizeof(keyMaterial));
 
- return reader.ReadBytes(i2rKey.AsMutable<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray))
- .ReadBytes(r2iKey.AsMutable<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray))
+ return reader.ReadBytes(i2rKey.AsMutable<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray))
+ .ReadBytes(r2iKey.AsMutable<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray))
  .ReadBytes(attestationChallenge.Bytes(), AttestationChallenge::Capacity())
  .StatusCode();
 }
 
 void RawKeySessionKeystore::DestroyKey(Aes128KeyHandle & key)
 {
- ClearSecretData(key.AsMutable<Aes128KeyByteArray>());
+ ClearSecretData(key.AsMutable<Symmetric128BitsKeyByteArray>());
 }
 
 } // namespace Crypto

diff --git a/src/crypto/RawKeySessionKeystore.h b/src/crypto/RawKeySessionKeystore.h
@@ -25,7 +25,7 @@ namespace Crypto {
 class RawKeySessionKeystore : public SessionKeystore
 {
 public:
- CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) override;
+ CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) override;
  CHIP_ERROR DeriveKey(const P256ECDHDerivedSecret & secret, const ByteSpan & salt, const ByteSpan & info,
  Aes128KeyHandle & key) override;
  CHIP_ERROR DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & i2rKey,

diff --git a/src/crypto/SessionKeystore.h b/src/crypto/SessionKeystore.h
@@ -45,7 +45,7 @@ class SessionKeystore
  * If the method returns no error, the application is responsible for destroying the handle
  * using DestroyKey() method when the key is no longer needed.
  */
- virtual CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) = 0;
+ virtual CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) = 0;
 
  /**
  * @brief Derive key from a shared secret.

diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp
@@ -183,7 +183,7 @@ struct TestAesKey
 public:
  TestAesKey(nlTestSuite * inSuite, const uint8_t * keyBytes, size_t keyLength)
  {
- Crypto::Aes128KeyByteArray keyMaterial;
+ Crypto::Symmetric128BitsKeyByteArray keyMaterial;
  memcpy(&keyMaterial, keyBytes, keyLength);
 
  CHIP_ERROR err = keystore.CreateKey(keyMaterial, key);

diff --git a/src/crypto/tests/TestSessionKeystore.cpp b/src/crypto/tests/TestSessionKeystore.cpp
@@ -110,7 +110,7 @@ void TestBasicImport(nlTestSuite * inSuite, void * inContext)
  {
  const ccm_128_test_vector & test = *testPtr;
 
- Aes128KeyByteArray keyMaterial;
+ Symmetric128BitsKeyByteArray keyMaterial;
  memcpy(keyMaterial, test.key, test.key_len);
 
  Aes128KeyHandle keyHandle;

diff --git a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp
@@ -145,7 +145,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
  }
 
  // Size of key is expressed in bits, hence the multiplication by 8.
- result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray) * 8);
+ result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(),
+ sizeof(Symmetric128BitsKeyByteArray) * 8);
  VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
  // Encrypt
@@ -182,7 +183,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
  }
 
  // Size of key is expressed in bits, hence the multiplication by 8.
- result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray) * 8);
+ result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(),
+ sizeof(Symmetric128BitsKeyByteArray) * 8);
  VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
  // Decrypt