Fix IEEE 802.11r key derivation function to match with the standard

IEEE Std 802.11r-2008, 8.5.1.5.2 starts the 'i' counter from 1, not 0.
Note: this breaks interoperability with previous versions. [Bug 303]

hostapd/ChangeLog

@@ -13,6 +13,8 @@ ChangeLog for hostapd
 	* fixed EAPOL/EAP reauthentication when using an external RADIUS
 	  authentication server
 	* fixed TNC with EAP-TTLS
+	* fixed IEEE 802.11r key derivation function to match with the standard
+	  (note: this breaks interoperability with previous version) [Bug 303]
 
 2009-01-06 - v0.6.7
 	* added support for Wi-Fi Protected Setup (WPS)

src/crypto/sha256.c

@@ -122,7 +122,7 @@ void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
 void sha256_prf(const u8 *key, size_t key_len, const char *label,
 		const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
 {
-	u16 counter = 0;
+	u16 counter = 1;
 	size_t pos, plen;
 	u8 hash[SHA256_MAC_LEN];
 	const u8 *addr[4];

wpa_supplicant/ChangeLog

@@ -16,6 +16,8 @@ ChangeLog for wpa_supplicant
 	  Drives (UFD) (CONFIG_WPS_UFD=y)
 	* driver_ndis: add PAE group address to the multicast address list to
 	  fix wired IEEE 802.1X authentication
+	* fixed IEEE 802.11r key derivation function to match with the standard
+	  (note: this breaks interoperability with previous version) [Bug 303]
 
 2009-01-06 - v0.6.7
 	* added support for Wi-Fi Protected Setup (WPS)