The DIS version of 18013-5 now specifically says
The first encryption with a key shall use a counter value of 1. For each
following encryption the counter value shall be increased by 1.
in section '9.2.1.4 Mechanism". The previous version said
The counter value is an unsigned integer, which starts at 0 for both
the mDL and the mDL Reader. For each encryption the counter value shall
be increased by 1.
which for some strange reason was interpreted by someone to mean that
counters should start at 1.
Update our implementation to use 1 as now called for by the standard.
Bug: 111446262
Test: atest android.security.identity.cts
Change-Id: I09d1216713d57b54036e4f9aa6677dfa5713133c
e8a6bffec0