From 14916824a6b90503992fa8fe93f583f521a64223 Mon Sep 17 00:00:00 2001
From: Martin Turon <mturon@google.com>
Date: Fri, 3 Dec 2021 06:27:36 -0800
Subject: [PATCH] [msg] Initialize session counters with random per spec.
 (#12517)

---
 src/transport/MessageCounter.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/transport/MessageCounter.h b/src/transport/MessageCounter.h
index 2c48ac801e99db..7cb99f69216556 100644
--- a/src/transport/MessageCounter.h
+++ b/src/transport/MessageCounter.h
@@ -21,6 +21,7 @@
  */
 #pragma once
 
+#include <crypto/RandUtils.h>
 #include <lib/support/PersistedCounter.h>
 
 namespace chip {
@@ -106,8 +107,14 @@ class GlobalEncryptedMessageCounter : public MessageCounter
 class LocalSessionMessageCounter : public MessageCounter
 {
 public:
-    static constexpr uint32_t kInitialValue = 1;
-    LocalSessionMessageCounter() : value(kInitialValue) {}
+    static constexpr uint32_t kInitialValue                 = 1;         ///< Used for initializing peer counter
+    static constexpr uint32_t kMessageCounterRandomInitMask = 0x0FFFFFF; ///< 28-bit mask
+
+    /**
+     * Initialize a local message counter with random value between [0, 2^28-1]. This increases the difficulty of traffic analysis
+     * attacks by making it harder to determine how long a particular session has been open.
+     */
+    LocalSessionMessageCounter() { value = Crypto::GetRandU32() & kMessageCounterRandomInitMask; }
 
     Type GetType() override { return Session; }
     uint32_t Value() override { return value; }