@opentdf/sdk 0.1.0-beta.1718 → 0.2.0-beta.1941

package/tdf3/src/tdf.ts

@@ -1,71 +1,59 @@
-import axios, { AxiosError } from 'axios';
-import { unsigned } from './utils/buffer-crc32.js';
 import { exportSPKI, importX509 } from 'jose';
-import { DecoratedReadableStream } from './client/DecoratedReadableStream.js';
-import { EntityObject } from '../../src/tdf/index.js';
-import { pemToCryptoPublicKey, validateSecureUrl } from '../../src/utils.js';
-import { DecryptParams } from './client/builders.js';
-import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js';
-import * as assertions from './assertions.js';
 
 import {
-  AttributeSet,
-  isRemote as isRemoteKeyAccess,
-  KeyAccessType,
-  KeyInfo,
-  Manifest,
-  Policy,
-  Remote as KeyAccessRemote,
-  SplitKey,
-  UpsertResponse,
-  Wrapped as KeyAccessWrapped,
-  KeyAccess,
-  KeyAccessObject,
-  SplitType,
-} from './models/index.js';
-import { base64 } from '../../src/encodings/index.js';
-import {
-  type Chunker,
-  ZipReader,
-  ZipWriter,
-  base64ToBuffer,
-  isAppIdProviderCheck,
-  keyMerge,
-  buffToString,
-  concatUint8,
-} from './utils/index.js';
-import { Binary } from './binary.js';
-import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../../src/access.js';
+  KasPublicKeyAlgorithm,
+  KasPublicKeyInfo,
+  OriginAllowList,
+  fetchKasPubKey as fetchKasPubKeyV2,
+  fetchWrappedKey,
+  publicKeyAlgorithmToJwa,
+} from '../../src/access.js';
+import { type AuthProvider, reqSignature } from '../../src/auth/auth.js';
+import { allPool, anyPool } from '../../src/concurrency.js';
+import { base64, hex } from '../../src/encodings/index.js';
 import {
   ConfigurationError,
   DecryptError,
   InvalidFileError,
   IntegrityError,
   NetworkError,
-  PermissionDeniedError,
-  ServiceError,
-  TdfError,
-  UnauthenticatedError,
   UnsafeUrlError,
   UnsupportedFeatureError as UnsupportedError,
 } from '../../src/errors.js';
-import { htmlWrapperTemplate } from './templates/index.js';
-
-// configurable
-// TODO: remove dependencies from ciphers so that we can open-source instead of relying on other Virtru libs
-import { AesGcmCipher } from './ciphers/index.js';
+import { generateKeyPair } from '../../src/nanotdf-crypto/generateKeyPair.js';
+import { keyAgreement } from '../../src/nanotdf-crypto/keyAgreement.js';
+import { pemPublicToCrypto } from '../../src/nanotdf-crypto/pemPublicToCrypto.js';
+import { type Chunker } from '../../src/seekable.js';
+import { PolicyObject } from '../../src/tdf/PolicyObject.js';
+import { tdfSpecVersion } from '../../src/version.js';
+import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js';
+import * as assertions from './assertions.js';
+import { Binary } from './binary.js';
+import { AesGcmCipher } from './ciphers/aes-gcm-cipher.js';
+import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
+import { DecryptParams } from './client/builders.js';
+import { DecoratedReadableStream } from './client/DecoratedReadableStream.js';
+import {
+  AnyKeyPair,
+  PemKeyPair,
+  type CryptoService,
+  type DecryptResult,
+} from './crypto/declarations.js';
 import {
-  type AuthProvider,
-  AppIdAuthProvider,
-  HttpRequest,
-  type HttpMethod,
-  reqSignature,
-} from '../../src/auth/auth.js';
-import PolicyObject from '../../src/tdf/PolicyObject.js';
-import { type CryptoService, type DecryptResult } from './crypto/declarations.js';
+  ECWrapped,
+  KeyAccessType,
+  KeyInfo,
+  Manifest,
+  Policy,
+  SplitKey,
+  Wrapped,
+  KeyAccess,
+  KeyAccessObject,
+  SplitType,
+} from './models/index.js';
+import { unsigned } from './utils/buffer-crc32.js';
+import { ZipReader, ZipWriter, keyMerge, concatUint8 } from './utils/index.js';
 import { CentralDirectory } from './utils/zip-reader.js';
-import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
-import { allPool, anyPool } from '../../src/concurrency.js';
 
 // TODO: input validation on manifest JSON
 const DEFAULT_SEGMENT_SIZE = 1024 * 1024;
@@ -92,20 +80,19 @@ export type Metadata = {
 };
 
 export type BuildKeyAccess = {
-  attributeSet?: AttributeSet;
   type: KeyAccessType;
+  alg?: KasPublicKeyAlgorithm;
   url?: string;
   kid?: string;
   publicKey: string;
-  attributeUrl?: string;
   metadata?: Metadata;
   sid?: string;
 };
 
 type Segment = {
   hash: string;
-  segmentSize: number | undefined;
-  encryptedSegmentSize: number | undefined;
+  segmentSize?: number;
+  encryptedSegmentSize?: number;
 };
 
 type EntryInfo = {
@@ -115,20 +102,37 @@ type EntryInfo = {
   fileByteCount?: number;
 };
 
+type Mailbox<T> = Promise<T> & {
+  set: (value: T) => void;
+  reject: (error: Error) => void;
+};
+
+function mailbox<T>(): Mailbox<T> {
+  let set: (value: T) => void;
+  let reject: (error: Error) => void;
+
+  const promise = new Promise<T>((resolve, rejectFn) => {
+    set = resolve;
+    reject = rejectFn;
+  }) as Mailbox<T>;
+
+  promise.set = set!;
+  promise.reject = reject!;
+
+  return promise;
+}
+
 type Chunk = {
   hash: string;
+  plainSegmentSize?: number;
   encryptedOffset: number;
   encryptedSegmentSize?: number;
-  decryptedChunk?: null | DecryptResult;
-  promise: Promise<unknown>;
-  _resolve?: (value: unknown) => void;
-  _reject?: (value: unknown) => void;
+  decryptedChunk: Mailbox<DecryptResult>;
 };
 
 export type IntegrityAlgorithm = 'GMAC' | 'HS256';
 
 export type EncryptConfiguration = {
-  allowedKases?: string[];
   allowList?: OriginAllowList;
   cryptoService: CryptoService;
   dpopKeys: CryptoKeyPair;
@@ -139,9 +143,7 @@ export type EncryptConfiguration = {
   contentStream: ReadableStream<Uint8Array>;
   mimeType?: string;
   policy: Policy;
-  entity?: EntityObject;
-  attributeSet?: AttributeSet;
-  authProvider?: AuthProvider | AppIdAuthProvider;
+  authProvider?: AuthProvider;
   byteLimit: number;
   progressHandler?: (bytesProcessed: number) => void;
   keyForEncryption: KeyInfo;
@@ -152,9 +154,8 @@ export type EncryptConfiguration = {
 export type DecryptConfiguration = {
   allowedKases?: string[];
   allowList?: OriginAllowList;
-  authProvider: AuthProvider | AppIdAuthProvider;
+  authProvider: AuthProvider;
   cryptoService: CryptoService;
-  entity?: EntityObject;
 
   dpopKeys: CryptoKeyPair;
 
@@ -165,13 +166,13 @@ export type DecryptConfiguration = {
   assertionVerificationKeys?: AssertionVerificationKeys;
   noVerifyAssertions?: boolean;
   concurrencyLimit?: number;
+  wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
 };
 
 export type UpsertConfiguration = {
   allowedKases?: string[];
   allowList?: OriginAllowList;
-  authProvider: AuthProvider | AppIdAuthProvider;
-  entity?: EntityObject;
+  authProvider: AuthProvider;
 
   privateKey: CryptoKey;
 
@@ -186,12 +187,6 @@ export type RewrapRequest = {
 
 export type KasPublicKeyFormat = 'pkcs8' | 'jwks';
 
-type KasPublicKeyParams = {
-  algorithm?: KasPublicKeyAlgorithm;
-  fmt?: KasPublicKeyFormat;
-  v?: '1' | '2';
-};
-
 export type RewrapResponse = {
   entityWrappedKey: string;
   sessionPublicKey: string;
@@ -205,148 +200,20 @@ export async function fetchKasPublicKey(
   kas: string,
   algorithm?: KasPublicKeyAlgorithm
 ): Promise<KasPublicKeyInfo> {
-  if (!kas) {
-    throw new ConfigurationError('KAS definition not found');
-  }
-  // Logs insecure KAS. Secure is enforced in constructor
-  validateSecureUrl(kas);
-  const infoStatic = { url: kas, algorithm: algorithm || 'rsa:2048' };
-  const params: KasPublicKeyParams = {};
-  if (algorithm) {
-    params.algorithm = algorithm;
-  }
-  const v2Url = `${kas}/v2/kas_public_key`;
-  try {
-    const response: { data: string | KasPublicKeyInfo } = await axios.get(v2Url, {
-      params: {
-        ...params,
-        v: '2',
-      },
-    });
-    const publicKey =
-      typeof response.data === 'string'
-        ? await extractPemFromKeyString(response.data)
-        : response.data.publicKey;
-    return {
-      publicKey,
-      key: pemToCryptoPublicKey(publicKey),
-      ...infoStatic,
-      ...(typeof response.data !== 'string' && response.data.kid && { kid: response.data.kid }),
-    };
-  } catch (cause) {
-    const status = cause?.response?.status;
-    switch (status) {
-      case 400:
-      case 404:
-        // KAS does not yet implement v2, maybe
-        break;
-      case 401:
-        throw new UnauthenticatedError(`[${v2Url}] requires auth`, cause);
-      case 403:
-        throw new PermissionDeniedError(`[${v2Url}] permission denied`, cause);
-      default:
-        if (status && status >= 400 && status < 500) {
-          throw new ConfigurationError(
-            `[${v2Url}] request error [${status}] [${cause.name}] [${cause.message}]`,
-            cause
-          );
-        }
-        throw new NetworkError(
-          `[${v2Url}] error [${status}] [${cause.name}] [${cause.message}]`,
-          cause
-        );
-    }
-  }
-  // Retry with v1 params
-  const v1Url = `${kas}/kas_public_key`;
-  try {
-    const response: { data: string | KasPublicKeyInfo } = await axios.get(v1Url, {
-      params,
-    });
-    const publicKey =
-      typeof response.data === 'string'
-        ? await extractPemFromKeyString(response.data)
-        : response.data.publicKey;
-    // future proof: allow v2 response even if not specified.
-    return {
-      publicKey,
-      key: pemToCryptoPublicKey(publicKey),
-      ...infoStatic,
-      ...(typeof response.data !== 'string' && response.data.kid && { kid: response.data.kid }),
-    };
-  } catch (cause) {
-    const status = cause?.response?.status;
-    switch (status) {
-      case 401:
-        throw new UnauthenticatedError(`[${v1Url}] requires auth`, cause);
-      case 403:
-        throw new PermissionDeniedError(`[${v1Url}] permission denied`, cause);
-      default:
-        if (status && status >= 400 && status < 500) {
-          throw new ConfigurationError(
-            `[${v2Url}] request error [${status}] [${cause.name}] [${cause.message}]`,
-            cause
-          );
-        }
-        throw new NetworkError(
-          `[${v1Url}] error [${status}] [${cause.name}] [${cause.message}]`,
-          cause
-        );
-    }
-  }
+  return fetchKasPubKeyV2(kas, algorithm || 'rsa:2048');
 }
-/**
- *
- * @param payload The TDF content to encode in HTML
- * @param manifest A copy of the manifest
- * @param transferUrl reader web-service start page
- * @return utf-8 encoded HTML data
- */
-export function wrapHtml(
-  payload: Uint8Array,
-  manifest: Manifest | string,
-  transferUrl: string
-): Uint8Array {
-  const { origin } = new URL(transferUrl);
-  const exportManifest: string = typeof manifest === 'string' ? manifest : JSON.stringify(manifest);
-
-  const fullHtmlString = htmlWrapperTemplate({
-    transferUrl,
-    transferBaseUrl: origin,
-    manifest: base64.encode(exportManifest),
-    payload: buffToString(payload, 'base64'),
-  });
 
-  return new TextEncoder().encode(fullHtmlString);
-}
-
-export function unwrapHtml(htmlPayload: ArrayBuffer | Uint8Array | Binary | string) {
-  let html;
-  if (htmlPayload instanceof ArrayBuffer || ArrayBuffer.isView(htmlPayload)) {
-    html = new TextDecoder().decode(htmlPayload);
-  } else {
-    html = htmlPayload.toString();
-  }
-  const payloadRe = /<input id=['"]?data-input['"]?[^>]*?value=['"]?([a-zA-Z0-9+/=]+)['"]?/;
-  const reResult = payloadRe.exec(html);
-  if (reResult === null) {
-    throw new InvalidFileError('Payload is missing');
-  }
-  const base64Payload = reResult[1];
-  try {
-    return base64ToBuffer(base64Payload);
-  } catch (e) {
-    throw new InvalidFileError('There was a problem extracting the TDF3 payload', e);
-  }
-}
-
-export async function extractPemFromKeyString(keyString: string): Promise<string> {
+export async function extractPemFromKeyString(
+  keyString: string,
+  alg: KasPublicKeyAlgorithm
+): Promise<string> {
   let pem: string = keyString;
 
   // Skip the public key extraction if we find that the KAS url provides a
   // PEM-encoded key instead of certificate
   if (keyString.includes('CERTIFICATE')) {
-    const cert = await importX509(keyString, 'RS256', { extractable: true });
+    const a = publicKeyAlgorithmToJwa(alg);
+    const cert = await importX509(keyString, a, { extractable: true });
     pem = await exportSPKI(cert);
   }
 
@@ -360,7 +227,6 @@ export async function extractPemFromKeyString(keyString: string): Promise<string
  * is missing it throws an error.
  * @param  {Object} options
  * @param  {String} options.type - enum representing how the object key is treated
- * @param  {String} options.attributeUrl - URL of the attribute to use for pubKey and kasUrl. Omit to use default.
  * @param  {String} options.url - directly set the KAS URL
  * @param  {String} options.publicKey - directly set the (KAS) public key
  * @param  {String?} options.kid - Key identifier of KAS public key
@@ -368,56 +234,40 @@ export async function extractPemFromKeyString(keyString: string): Promise<string
  * @return {KeyAccess}- the key access object loaded
  */
 export async function buildKeyAccess({
-  attributeSet,
   type,
   url,
   publicKey,
   kid,
-  attributeUrl,
   metadata,
   sid = '',
+  alg = 'rsa:2048',
 }: BuildKeyAccess): Promise<KeyAccess> {
-  /** Internal function to keep it DRY */
-  function createKeyAccess(
-    type: KeyAccessType,
-    kasUrl: string,
-    kasKeyIdentifier: string | undefined,
-    pubKey: string,
-    metadata?: Metadata
-  ) {
-    switch (type) {
-      case 'wrapped':
-        return new KeyAccessWrapped(kasUrl, kasKeyIdentifier, pubKey, metadata, sid);
-      case 'remote':
-        return new KeyAccessRemote(kasUrl, kasKeyIdentifier, pubKey, metadata, sid);
-      default:
-        throw new ConfigurationError(`buildKeyAccess: Key access type ${type} is unknown`);
-    }
-  }
-
-  // If an attributeUrl is provided try to load with that first.
-  if (attributeUrl && attributeSet) {
-    const attr = attributeSet.get(attributeUrl);
-    if (attr && attr.kasUrl && attr.pubKey) {
-      return createKeyAccess(type, attr.kasUrl, attr.kid, attr.pubKey, metadata);
-    }
-  }
-
   // if url and pulicKey are specified load the key access object with them
-  if (url && publicKey) {
-    return createKeyAccess(type, url, kid, await extractPemFromKeyString(publicKey), metadata);
+  if (!url && !publicKey) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No source for kasUrl or pubKey');
+  } else if (!url) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No kasUrl');
+  } else if (!publicKey) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No kas public key');
   }
 
-  // Assume the default attribute is the source for kasUrl and pubKey
-  const defaultAttr = attributeSet?.getDefault();
-  if (defaultAttr) {
-    const { pubKey, kasUrl } = defaultAttr;
-    if (pubKey && kasUrl) {
-      return createKeyAccess(type, kasUrl, kid, await extractPemFromKeyString(pubKey), metadata);
-    }
+  let pubKey: string;
+  try {
+    pubKey = await extractPemFromKeyString(publicKey, alg);
+  } catch (e) {
+    throw new ConfigurationError(
+      `TDF.buildKeyAccess: Invalid public key [${publicKey}], caused by [${e}]`,
+      e
+    );
+  }
+  switch (type) {
+    case 'wrapped':
+      return new Wrapped(url, kid, pubKey, metadata, sid);
+    case 'ec-wrapped':
+      return new ECWrapped(url, kid, pubKey, metadata, sid);
+    default:
+      throw new ConfigurationError(`buildKeyAccess: Key access type [${type}] is unsupported`);
   }
-  // All failed. Raise an error.
-  throw new ConfigurationError('TDF.buildKeyAccess: No source for kasUrl or pubKey');
 }
 
 export function validatePolicyObject(policy: Policy): void {
@@ -446,7 +296,6 @@ async function _generateManifest(
     url: '0.payload',
     protocol: 'zip',
     isEncrypted: true,
-    schemaVersion: '3.0.0',
     ...(mimeType && { mimeType }),
   };
 
@@ -457,137 +306,39 @@ async function _generateManifest(
     // generate the manifest first, then insert integrity information into it
     encryptionInformation: encryptionInformationStr,
     assertions: assertions,
+    schemaVersion: tdfSpecVersion,
   };
 }
 
 async function getSignature(
-  unwrappedKeyBinary: Binary,
-  payloadBinary: Binary,
-  algorithmType: IntegrityAlgorithm,
-  cryptoService: CryptoService
-) {
+  unwrappedKey: Uint8Array,
+  content: Uint8Array,
+  algorithmType: IntegrityAlgorithm
+): Promise<Uint8Array> {
   switch (algorithmType.toUpperCase()) {
     case 'GMAC':
       // use the auth tag baked into the encrypted payload
-      return buffToString(Uint8Array.from(payloadBinary.asByteArray()).slice(-16), 'hex');
-    case 'HS256':
+      return content.slice(-16);
+    case 'HS256': {
       // simple hmac is the default
-      return await cryptoService.hmac(
-        buffToString(new Uint8Array(unwrappedKeyBinary.asArrayBuffer()), 'hex'),
-        buffToString(new Uint8Array(payloadBinary.asArrayBuffer()), 'utf-8')
+      const cryptoKey = await crypto.subtle.importKey(
+        'raw',
+        unwrappedKey,
+        {
+          name: 'HMAC',
+          hash: { name: 'SHA-256' },
+        },
+        true,
+        ['sign', 'verify']
       );
+      const signature = await crypto.subtle.sign('HMAC', cryptoKey, content);
+      return new Uint8Array(signature);
+    }
     default:
       throw new ConfigurationError(`Unsupported signature alg [${algorithmType}]`);
   }
 }
 
-function buildRequest(method: HttpMethod, url: string, body?: unknown): HttpRequest {
-  return {
-    headers: {},
-    method: method,
-    url: url,
-    body,
-  };
-}
-
-export async function upsert({
-  allowedKases,
-  allowList,
-  authProvider,
-  entity,
-  privateKey,
-  unsavedManifest,
-  ignoreType,
-}: UpsertConfiguration): Promise<UpsertResponse> {
-  const allowed = (() => {
-    if (allowList) {
-      return allowList;
-    }
-    if (!allowedKases) {
-      throw new ConfigurationError('Upsert cannot be done without allowlist');
-    }
-    return new OriginAllowList(allowedKases);
-  })();
-  const { keyAccess, policy } = unsavedManifest.encryptionInformation;
-  const isAppIdProvider = authProvider && isAppIdProviderCheck(authProvider);
-  if (authProvider === undefined) {
-    throw new ConfigurationError('Upsert cannot be done without auth provider');
-  }
-  return Promise.all(
-    keyAccess.map(async (keyAccessObject) => {
-      // We only care about remote key access objects for the policy sync portion
-      const isRemote = isRemoteKeyAccess(keyAccessObject);
-      if (!ignoreType && !isRemote) {
-        return;
-      }
-
-      if (!allowed.allows(keyAccessObject.url)) {
-        throw new UnsafeUrlError(`Unexpected KAS url: [${keyAccessObject.url}]`);
-      }
-
-      const url = `${keyAccessObject.url}/${isAppIdProvider ? '' : 'v2/'}upsert`;
-
-      //TODO I dont' think we need a body at all for KAS requests
-      // Do we need ANY of this if it's already embedded in the EO in the Bearer OIDC token?
-      const body: Record<string, unknown> = {
-        keyAccess: keyAccessObject,
-        policy: unsavedManifest.encryptionInformation.policy,
-        entity: isAppIdProviderCheck(authProvider) ? entity : undefined,
-        authToken: undefined,
-        clientPayloadSignature: undefined,
-      };
-
-      if (isAppIdProviderCheck(authProvider)) {
-        body.authToken = await reqSignature({}, privateKey);
-      } else {
-        body.clientPayloadSignature = await reqSignature(body, privateKey);
-      }
-      const httpReq = await authProvider.withCreds(buildRequest('POST', url, body));
-
-      try {
-        const response = await axios.post(httpReq.url, httpReq.body, {
-          headers: httpReq.headers,
-        });
-
-        // Remove additional properties which were needed to sync, but not that we want to save to
-        // the manifest
-        delete keyAccessObject.wrappedKey;
-        delete keyAccessObject.encryptedMetadata;
-        delete keyAccessObject.policyBinding;
-
-        if (isRemote) {
-          // Decode the policy and extract only the required info to save -- the uuid
-          const decodedPolicy = JSON.parse(base64.decode(policy));
-          unsavedManifest.encryptionInformation.policy = base64.encode(
-            JSON.stringify({ uuid: decodedPolicy.uuid })
-          );
-        }
-        return response.data;
-      } catch (e) {
-        if (e.response) {
-          if (e.response.status >= 500) {
-            throw new ServiceError('upsert failure', e);
-          } else if (e.response.status === 403) {
-            throw new PermissionDeniedError('upsert failure', e);
-          } else if (e.response.status === 401) {
-            throw new UnauthenticatedError('upsert auth failure', e);
-          } else if (e.response.status === 400) {
-            throw new ConfigurationError('upsert bad request; likely a configuration error', e);
-          } else {
-            throw new NetworkError('upsert server error', e);
-          }
-        } else if (e.request) {
-          throw new NetworkError('upsert request failure', e);
-        }
-        throw new TdfError(
-          `Unable to perform upsert operation on the KAS: [${e.name}: ${e.message}], response: [${e?.response?.body}]`,
-          e
-        );
-      }
-    })
-  );
-}
-
 export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedReadableStream> {
   if (!cfg.authProvider) {
     throw new ConfigurationError('No authorization middleware defined');
@@ -616,7 +367,7 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
   let bytesProcessed = 0;
   let crcCounter = 0;
   let fileByteCount = 0;
-  let aggregateHash = '';
+  const segmentHashList: Uint8Array[] = [];
 
   const zipWriter = new ZipWriter();
   const manifest = await _generateManifest(
@@ -630,17 +381,6 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
     // Set in encrypt; should never be reached.
     throw new ConfigurationError('internal: please use "loadTDFStream" first to load a manifest.');
   }
-  const pkKeyLike = cfg.dpopKeys.privateKey;
-
-  // For all remote key access objects, sync its policy
-  const upsertResponse = await upsert({
-    allowedKases: cfg.allowList ? undefined : cfg.allowedKases,
-    allowList: cfg.allowList,
-    authProvider: cfg.authProvider,
-    entity: cfg.entity,
-    privateKey: pkKeyLike,
-    unsavedManifest: manifest,
-  });
 
   // determine default segment size by writing empty buffer
   const { segmentSizeDefault } = cfg;
@@ -720,14 +460,16 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
         fileByteCount = 0;
 
         // hash the concat of all hashes
-        const payloadSigStr = await getSignature(
-          cfg.keyForEncryption.unwrappedKeyBinary,
-          Binary.fromString(aggregateHash),
-          cfg.integrityAlgorithm,
-          cfg.cryptoService
+        const aggregateHash = await concatenateUint8Array(segmentHashList);
+
+        const payloadSig = await getSignature(
+          new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+          aggregateHash,
+          cfg.integrityAlgorithm
         );
-        manifest.encryptionInformation.integrityInformation.rootSignature.sig =
-          base64.encode(payloadSigStr);
+
+        const rootSig = base64.encodeArrayBuffer(payloadSig);
+        manifest.encryptionInformation.integrityInformation.rootSignature.sig = rootSig;
         manifest.encryptionInformation.integrityInformation.rootSignature.alg =
           cfg.integrityAlgorithm;
 
@@ -803,12 +545,6 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
   const plaintextStream = new DecoratedReadableStream(underlingSource);
   plaintextStream.manifest = manifest;
 
-  if (upsertResponse) {
-    plaintextStream.upsertResponse = upsertResponse;
-    plaintextStream.tdfSize = totalByteCount;
-    plaintextStream.algorithm = manifest.encryptionInformation.method.algorithm;
-  }
-
   return plaintextStream;
 
   // nested helper fn's
@@ -839,18 +575,16 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
       cfg.keyForEncryption.unwrappedKeyBinary
     );
     const payloadBuffer = new Uint8Array(encryptedResult.payload.asByteArray());
-    const payloadSigStr = await getSignature(
-      cfg.keyForEncryption.unwrappedKeyBinary,
-      encryptedResult.payload,
-      cfg.segmentIntegrityAlgorithm,
-      cfg.cryptoService
+    const payloadSig = await getSignature(
+      new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+      new Uint8Array(encryptedResult.payload.asArrayBuffer()),
+      cfg.segmentIntegrityAlgorithm
     );
 
-    // combined string of all hashes for root signature
-    aggregateHash += payloadSigStr;
+    segmentHashList.push(new Uint8Array(payloadSig));
 
     segmentInfos.push({
-      hash: base64.encode(payloadSigStr),
+      hash: base64.encodeArrayBuffer(payloadSig),
       segmentSize: chunk.length === segmentSizeDefault ? undefined : chunk.length,
       encryptedSegmentSize:
         payloadBuffer.length === encryptedSegmentSizeDefault ? undefined : payloadBuffer.length,
@@ -917,31 +651,39 @@ async function unwrapKey({
   authProvider,
   dpopKeys,
   concurrencyLimit,
-  entity,
   cryptoService,
+  wrappingKeyAlgorithm,
 }: {
   manifest: Manifest;
   allowedKases: OriginAllowList;
-  authProvider: AuthProvider | AppIdAuthProvider;
+  authProvider: AuthProvider;
   concurrencyLimit?: number;
   dpopKeys: CryptoKeyPair;
-  entity: EntityObject | undefined;
   cryptoService: CryptoService;
+  wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
 }) {
   if (authProvider === undefined) {
     throw new ConfigurationError(
-      'upsert requires auth provider; must be configured in client constructor'
+      'rewrap requires auth provider; must be configured in client constructor'
     );
   }
   const { keyAccess } = manifest.encryptionInformation;
   const splitPotentials = splitLookupTableFactory(keyAccess, allowedKases);
-  const isAppIdProvider = authProvider && isAppIdProviderCheck(authProvider);
 
   async function tryKasRewrap(keySplitInfo: KeyAccessObject): Promise<RewrapResponseData> {
-    const url = `${keySplitInfo.url}/${isAppIdProvider ? '' : 'v2/'}rewrap`;
-    const ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(
-      await cryptoService.generateKeyPair()
-    );
+    const url = `${keySplitInfo.url}/v2/rewrap`;
+    let ephemeralEncryptionKeysRaw: AnyKeyPair;
+    let ephemeralEncryptionKeys: PemKeyPair;
+    if (wrappingKeyAlgorithm === 'ec:secp256r1') {
+      ephemeralEncryptionKeysRaw = await generateKeyPair();
+      ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(ephemeralEncryptionKeysRaw);
+    } else if (wrappingKeyAlgorithm === 'rsa:2048' || !wrappingKeyAlgorithm) {
+      ephemeralEncryptionKeysRaw = await cryptoService.generateKeyPair();
+      ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(ephemeralEncryptionKeysRaw);
+    } else {
+      throw new ConfigurationError(`Unsupported wrapping key algorithm [${wrappingKeyAlgorithm}]`);
+    }
+
     const clientPublicKey = ephemeralEncryptionKeys.publicKey;
 
     const requestBodyStr = JSON.stringify({
@@ -952,33 +694,33 @@ async function unwrapKey({
     });
 
     const jwtPayload = { requestBody: requestBodyStr };
-    const signedRequestToken = await reqSignature(
-      isAppIdProvider ? {} : jwtPayload,
-      dpopKeys.privateKey
+    const signedRequestToken = await reqSignature(jwtPayload, dpopKeys.privateKey);
+
+    const { entityWrappedKey, metadata, sessionPublicKey } = await fetchWrappedKey(
+      url,
+      { signedRequestToken },
+      authProvider,
+      '0.0.1'
     );
 
-    let requestBody;
-    if (isAppIdProvider) {
-      requestBody = {
-        keyAccess: keySplitInfo,
-        policy: manifest.encryptionInformation.policy,
-        entity: {
-          ...entity,
-          publicKey: clientPublicKey,
-        },
-        authToken: signedRequestToken,
-      };
-    } else {
-      requestBody = {
-        signedRequestToken,
+    if (wrappingKeyAlgorithm === 'ec:secp256r1') {
+      const serverEphemeralKey: CryptoKey = await pemPublicToCrypto(sessionPublicKey);
+      const ekr = ephemeralEncryptionKeysRaw as CryptoKeyPair;
+      const kek = await keyAgreement(ekr.privateKey, serverEphemeralKey, {
+        hkdfSalt: new TextEncoder().encode('salt'),
+        hkdfHash: 'SHA-256',
+      });
+      const wrappedKeyAndNonce = base64.decodeArrayBuffer(entityWrappedKey);
+      const iv = wrappedKeyAndNonce.slice(0, 12);
+      const wrappedKey = wrappedKeyAndNonce.slice(12);
+
+      const dek = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, kek, wrappedKey);
+
+      return {
+        key: new Uint8Array(dek),
+        metadata,
       };
     }
-
-    const httpReq = await authProvider.withCreds(buildRequest('POST', url, requestBody));
-    const {
-      data: { entityWrappedKey, metadata },
-    } = await axios.post(httpReq.url, httpReq.body, { headers: httpReq.headers });
-
     const key = Binary.fromString(base64.decode(entityWrappedKey));
     const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey(
       key,
@@ -1010,7 +752,7 @@ async function unwrapKey({
         try {
           return await tryKasRewrap(keySplitInfo);
         } catch (e) {
-          throw handleRewrapError(e as Error | AxiosError);
+          throw handleRewrapError(e as Error);
         }
       };
     }
@@ -1035,31 +777,11 @@ async function unwrapKey({
   }
 }
 
-function handleRewrapError(error: Error | AxiosError) {
-  if (axios.isAxiosError(error)) {
-    if (error.response?.status && error.response?.status >= 500) {
-      return new ServiceError('rewrap failure', error);
-    } else if (error.response?.status === 403) {
-      return new PermissionDeniedError('rewrap failure', error);
-    } else if (error.response?.status === 401) {
-      return new UnauthenticatedError('rewrap auth failure', error);
-    } else if (error.response?.status === 400) {
-      return new InvalidFileError(
-        'rewrap bad request; could indicate an invalid policy binding or a configuration error',
-        error
-      );
-    } else {
-      return new NetworkError('rewrap server error', error);
-    }
-  } else {
-    if (error.name === 'InvalidAccessError' || error.name === 'OperationError') {
-      return new DecryptError('unable to unwrap key from kas', error);
-    }
-    return new InvalidFileError(
-      `Unable to decrypt the response from KAS: [${error.name}: ${error.message}]`,
-      error
-    );
+function handleRewrapError(error: Error) {
+  if (error.name === 'InvalidAccessError' || error.name === 'OperationError') {
+    return new DecryptError('unable to unwrap key from kas', error);
   }
+  return error;
 }
 
 async function decryptChunk(
@@ -1068,17 +790,22 @@ async function decryptChunk(
   hash: string,
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
-  cryptoService: CryptoService
+  isLegacyTDF: boolean
 ): Promise<DecryptResult> {
   if (segmentIntegrityAlgorithm !== 'GMAC' && segmentIntegrityAlgorithm !== 'HS256') {
+    throw new UnsupportedError(`Unsupported integrity alg [${segmentIntegrityAlgorithm}]`);
   }
-  const segmentHashStr = await getSignature(
-    reconstructedKeyBinary,
-    Binary.fromArrayBuffer(encryptedChunk.buffer),
-    segmentIntegrityAlgorithm,
-    cryptoService
+  const segmentSig = await getSignature(
+    new Uint8Array(reconstructedKeyBinary.asArrayBuffer()),
+    encryptedChunk,
+    segmentIntegrityAlgorithm
   );
-  if (hash !== btoa(segmentHashStr)) {
+
+  const segmentHash = isLegacyTDF
+    ? base64.encode(hex.encodeArrayBuffer(segmentSig))
+    : base64.encodeArrayBuffer(segmentSig);
+
+  if (hash !== segmentHash) {
     throw new IntegrityError('Failed integrity check on segment hash');
   }
   return await cipher.decrypt(encryptedChunk, reconstructedKeyBinary);
@@ -1091,7 +818,8 @@ async function updateChunkQueue(
   reconstructedKeyBinary: Binary,
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
-  cryptoService: CryptoService
+  cryptoService: CryptoService,
+  isLegacyTDF: boolean
 ) {
   const chunksInOneDownload = 500;
   let requests = [];
@@ -1132,6 +860,7 @@ async function updateChunkQueue(
             slice,
             cipher,
             segmentIntegrityAlgorithm,
+            isLegacyTDF,
           });
         }
       })()
@@ -1144,8 +873,8 @@ export async function sliceAndDecrypt({
   reconstructedKeyBinary,
   slice,
   cipher,
-  cryptoService,
   segmentIntegrityAlgorithm,
+  isLegacyTDF,
 }: {
   buffer: Uint8Array;
   reconstructedKeyBinary: Binary;
@@ -1153,9 +882,10 @@ export async function sliceAndDecrypt({
   cipher: SymmetricCipher;
   cryptoService: CryptoService;
   segmentIntegrityAlgorithm: IntegrityAlgorithm;
+  isLegacyTDF: boolean;
 }) {
   for (const index in slice) {
-    const { encryptedOffset, encryptedSegmentSize, _resolve, _reject } = slice[index];
+    const { encryptedOffset, encryptedSegmentSize, plainSegmentSize } = slice[index];
 
     const offset =
       slice[0].encryptedOffset === 0 ? encryptedOffset : encryptedOffset % slice[0].encryptedOffset;
@@ -1163,6 +893,10 @@ export async function sliceAndDecrypt({
       buffer.slice(offset, offset + (encryptedSegmentSize as number))
     );
 
+    if (encryptedChunk.length !== encryptedSegmentSize) {
+      throw new DecryptError('Failed to fetch entire segment');
+    }
+
     try {
       const result = await decryptChunk(
         encryptedChunk,
@@ -1170,18 +904,16 @@ export async function sliceAndDecrypt({
         slice[index]['hash'],
         cipher,
         segmentIntegrityAlgorithm,
-        cryptoService
+        isLegacyTDF
       );
-      slice[index].decryptedChunk = result;
-      if (_resolve) {
-        _resolve(null);
+      if (plainSegmentSize && result.payload.length() !== plainSegmentSize) {
+        throw new DecryptError(
+          `incorrect segment size: found [${result.payload.length()}], expected [${plainSegmentSize}]`
+        );
       }
+      slice[index].decryptedChunk.set(result);
     } catch (e) {
-      if (_reject) {
-        _reject(e);
-      } else {
-        throw e;
-      }
+      slice[index].decryptedChunk.reject(e);
     }
   }
 }
@@ -1204,6 +936,7 @@ export async function readStream(cfg: DecryptConfiguration) {
     encryptedSegmentSizeDefault: defaultSegmentSize,
     rootSignature,
     segmentHashAlg,
+    segmentSizeDefault,
     segments,
   } = manifest.encryptionInformation.integrityInformation;
   const { metadata, reconstructedKeyBinary } = await unwrapKey({
@@ -1211,32 +944,34 @@ export async function readStream(cfg: DecryptConfiguration) {
     authProvider: cfg.authProvider,
     allowedKases: allowList,
     dpopKeys: cfg.dpopKeys,
-    entity: cfg.entity,
     cryptoService: cfg.cryptoService,
   });
   // async function unwrapKey(manifest: Manifest, allowedKases: string[], authProvider: AuthProvider | AppIdAuthProvider, publicKey: string, privateKey: string, entity: EntityObject) {
   const keyForDecryption = await cfg.keyMiddleware(reconstructedKeyBinary);
   const encryptedSegmentSizeDefault = defaultSegmentSize || DEFAULT_SEGMENT_SIZE;
 
-  // check the combined string of hashes
-  const aggregateHash = segments.map(({ hash }) => base64.decode(hash)).join('');
+  // check if the TDF is a legacy TDF
+  const specVersion = manifest.schemaVersion || manifest.tdf_spec_version;
+  const isLegacyTDF = !specVersion || specVersion.startsWith('3.');
+
+  // Decode each hash and store it in an array of Uint8Array
+  const segmentHashList = segments.map(
+    ({ hash }) => new Uint8Array(base64.decodeArrayBuffer(hash))
+  );
+
+  // Concatenate all segment hashes into a single Uint8Array
+  const aggregateHash = await concatenateUint8Array(segmentHashList);
+
   const integrityAlgorithm = rootSignature.alg;
   if (integrityAlgorithm !== 'GMAC' && integrityAlgorithm !== 'HS256') {
     throw new UnsupportedError(`Unsupported integrity alg [${integrityAlgorithm}]`);
   }
-  const payloadSigStr = await getSignature(
-    keyForDecryption,
-    Binary.fromString(aggregateHash),
-    integrityAlgorithm,
-    cfg.cryptoService
-  );
 
-  if (
-    manifest.encryptionInformation.integrityInformation.rootSignature.sig !==
-    base64.encode(payloadSigStr)
-  ) {
-    throw new IntegrityError('Failed integrity check on root signature');
-  }
+  const payloadSig = await getSignature(
+    new Uint8Array(keyForDecryption.asArrayBuffer()),
+    aggregateHash,
+    integrityAlgorithm
+  );
 
   if (!cfg.noVerifyAssertions) {
     for (const assertion of manifest.assertions || []) {
@@ -1252,31 +987,40 @@ export async function readStream(cfg: DecryptConfiguration) {
           assertionKey = foundKey;
         }
       }
-      await assertions.verify(assertion, aggregateHash, assertionKey);
+      await assertions.verify(assertion, aggregateHash, assertionKey, isLegacyTDF);
     }
   }
 
+  const rootSig = isLegacyTDF
+    ? base64.encode(hex.encodeArrayBuffer(payloadSig))
+    : base64.encodeArrayBuffer(payloadSig);
+
+  if (manifest.encryptionInformation.integrityInformation.rootSignature.sig !== rootSig) {
+    throw new IntegrityError('Failed integrity check on root signature');
+  }
+
   let mapOfRequestsOffset = 0;
   const chunkMap = new Map(
-    segments.map(({ hash, encryptedSegmentSize = encryptedSegmentSizeDefault }) => {
-      const result = (() => {
-        let _resolve, _reject;
-        const chunk: Chunk = {
-          hash,
-          encryptedOffset: mapOfRequestsOffset,
-          encryptedSegmentSize,
-          promise: new Promise((resolve, reject) => {
-            _resolve = resolve;
-            _reject = reject;
-          }),
-        };
-        chunk._resolve = _resolve;
-        chunk._reject = _reject;
-        return chunk;
-      })();
-      mapOfRequestsOffset += encryptedSegmentSize || encryptedSegmentSizeDefault;
-      return [hash, result];
-    })
+    segments.map(
+      ({
+        hash,
+        encryptedSegmentSize = encryptedSegmentSizeDefault,
+        segmentSize = segmentSizeDefault,
+      }) => {
+        const result = (() => {
+          const chunk: Chunk = {
+            hash,
+            encryptedOffset: mapOfRequestsOffset,
+            encryptedSegmentSize,
+            decryptedChunk: mailbox<DecryptResult>(),
+            plainSegmentSize: segmentSize,
+          };
+          return chunk;
+        })();
+        mapOfRequestsOffset += encryptedSegmentSize;
+        return [hash, result];
+      }
+    )
   );
 
   const cipher = new AesGcmCipher(cfg.cryptoService);
@@ -1293,7 +1037,8 @@ export async function readStream(cfg: DecryptConfiguration) {
     keyForDecryption,
     cipher,
     segmentIntegrityAlg,
-    cfg.cryptoService
+    cfg.cryptoService,
+    isLegacyTDF
   );
 
   let progress = 0;
@@ -1305,16 +1050,11 @@ export async function readStream(cfg: DecryptConfiguration) {
       }
 
       const [hash, chunk] = chunkMap.entries().next().value;
-      if (!chunk.decryptedChunk) {
-        await chunk.promise;
-      }
-      const decryptedSegment = chunk.decryptedChunk;
+      const decryptedSegment = await chunk.decryptedChunk;
 
       controller.enqueue(new Uint8Array(decryptedSegment.payload.asByteArray()));
       progress += chunk.encryptedSegmentSize;
       cfg.progressHandler?.(progress);
-
-      chunk.decryptedChunk = null;
       chunkMap.delete(hash);
     },
     ...(cfg.fileStreamServiceWorker && { fileStreamServiceWorker: cfg.fileStreamServiceWorker }),
@@ -1323,8 +1063,12 @@ export async function readStream(cfg: DecryptConfiguration) {
   const outputStream = new DecoratedReadableStream(underlyingSource);
 
   outputStream.manifest = manifest;
-  outputStream.emit('manifest', manifest);
   outputStream.metadata = metadata;
-  outputStream.emit('rewrap', metadata);
   return outputStream;
 }
+
+async function concatenateUint8Array(uint8arrays: Uint8Array[]): Promise<Uint8Array> {
+  const blob = new Blob(uint8arrays);
+  const buffer = await blob.arrayBuffer();
+  return new Uint8Array(buffer);
+}