3.2.4.3 Computing the Desired Group Key

The group key returned by the Group Key Distribution Protocol server might not have the same group key identifier requested by the client, as specified in section 3.1.4.1. At other times, the client might find a cached key that can be used to derive the requested key, thereby avoiding a network round trip. In these cases, some processing is required on the client side to compute the key that must be returned to the caller. The client MUST compute the group key to be returned to the calling layer as follows:

  1. If the root key identifier was not specified in the request from the higher layer (for example, the higher layer requesting the most recent key), and the server returned a public key, the client MUST return the public key to the caller.

  2. Otherwise, the server MUST have returned a seed key. If no root key identifier was specified in the request from the higher layer (for example, the higher layer was requesting the most recent key), then:

    • If the server's response contains an L2 key, return that to the caller.

    • Otherwise, use the L1 key in the server's response to derive the L2 key with L2 index 31, as specified in section 3.1.4.1.2, and return that to the caller.

  3. If the server returned a seed key in response to a request with a specified root key identifier, then:

    • If the response contains an L2 key whose group key identifier matches the requested group key identifier, return this L2 key to the caller.

    • Otherwise, if the response contains an L2 key whose group key identifier is newer than the requested group key but that has the same L0 and L1 indices, use this to derive the requested group key, as specified in section 3.1.4.1.2, and return the result to the caller.

  4. Otherwise, if the response contains an L1 key that has the same L0 index and the same or greater L1 index as the requested group key, use this to derive the requested group key, as specified in section 3.1.4.1.2, and return the result to the caller.