SAE: Fix PWE generation to use minimum loop count (k) properly

The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/common/sae.c

@@ -326,7 +326,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
 	 * attacks that attempt to determine the number of iterations required
 	 * in the loop.
 	 */
-	for (counter = 1; counter < k || !found; counter++) {
+	for (counter = 1; counter <= k || !found; counter++) {
 		u8 pwd_seed[SHA256_MAC_LEN];
 		int res;