SAE: Fix PWE generation to use minimum loop count (k) properly

The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index 850dd5f1517757e9675fe728f4ce9c4097baf742..9d25b2b34cee6352091e882e7b9828861d4ab805 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -326,7 +326,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
         * attacks that attempt to determine the number of iterations required
         * in the loop.
         */
-       for (counter = 1; counter < k || !found; counter++) {
+       for (counter = 1; counter <= k || !found; counter++) {
                u8 pwd_seed[SHA256_MAC_LEN];
                int res;