I'm testing a STA device (under development) with the aironet 1200 12.3(8)ja2.
The session security is WPA, TKIP encryption (using TLS authentication).
The AP is configured for periodic re-authentication.
In addition, I also have unicast downlink traffic transmitted (from the AP's LAN side to my STA) by a PC.
Oh, and I'm also working in power-save :)
(I'd be happy to supply AP config.txt).
Anyway...to the issue:
After the TLS reauthentication and the key handshake, my STA reports MIC failures on several frames.
The whole session is encrypted so I can't actually see which frames got the bad MIC.
I've used debug prints (on my STA) to trace the problem, and I can see the bad MIC frames are detected right after the unicast key is actually installed. (any new frames received later on will be decrypted and MIC-checked using the new key).
I would assume that if this is a key-installation-timing issue, then the frames should be dropped due to "decryption failure" (bad ICV).
Is my assumption correct?
for now, I assume this is my own STA's bug (since I tried testing same scenario with Cisco STA and no MICs occured).
I'd be happy if anyone could give some general information as to how exactly the reauthentication process occurs from the AP's point of view (when exactly is the key changed to the new key and new MIC? after the GTK is installed on all clients?)