diff --git a/src/netdev.c b/src/netdev.c
index 7b1a18c6..71369537 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -795,6 +795,13 @@ static void netdev_set_gtk(uint32_t ifindex, uint8_t key_index,
 
 	l_debug("%d", netdev->index);
 
+	if (crypto_cipher_key_len(cipher) != gtk_len) {
+		l_error("Unexpected key length: %d", gtk_len);
+		netdev_setting_keys_failed(netdev,
+					MPDU_REASON_CODE_INVALID_GROUP_CIPHER);
+		return;
+	}
+
 	switch (cipher) {
 	case CRYPTO_CIPHER_CCMP:
 		memcpy(gtk_buf, gtk, 16);
@@ -824,13 +831,6 @@ static void netdev_set_gtk(uint32_t ifindex, uint8_t key_index,
 		return;
 	}
 
-	if (crypto_cipher_key_len(cipher) != gtk_len) {
-		l_error("Unexpected key length: %d", gtk_len);
-		netdev_setting_keys_failed(netdev,
-					MPDU_REASON_CODE_INVALID_GROUP_CIPHER);
-		return;
-	}
-
 	msg = netdev_build_cmd_new_key_group(netdev, cipher, key_index,
 						gtk_buf, gtk_len,
 						rsc, rsc_len);
@@ -858,6 +858,13 @@ static void netdev_set_igtk(uint32_t ifindex, uint8_t key_index,
 
 	l_debug("%d", netdev->index);
 
+	if (crypto_cipher_key_len(cipher) != igtk_len) {
+		l_error("Unexpected key length: %d", igtk_len);
+		netdev_setting_keys_failed(netdev,
+					MPDU_REASON_CODE_INVALID_GROUP_CIPHER);
+		return;
+	}
+
 	switch (cipher) {
 	case CRYPTO_CIPHER_BIP:
 		memcpy(igtk_buf, igtk, 16);
@@ -869,13 +876,6 @@ static void netdev_set_igtk(uint32_t ifindex, uint8_t key_index,
 		return;
 	}
 
-	if (crypto_cipher_key_len(cipher) != igtk_len) {
-		l_error("Unexpected key length: %d", igtk_len);
-		netdev_setting_keys_failed(netdev,
-					MPDU_REASON_CODE_INVALID_GROUP_CIPHER);
-		return;
-	}
-
 	msg = netdev_build_cmd_new_key_group(netdev, cipher, key_index,
 						igtk_buf, igtk_len,
 						ipn, ipn_len);