@opentdf/sdk 0.2.0-beta.1758 → 0.2.0

package/tdf3/src/tdf.ts

@@ -1,35 +1,16 @@
-import { unsigned } from './utils/buffer-crc32.js';
 import { exportSPKI, importX509 } from 'jose';
-import { DecoratedReadableStream } from './client/DecoratedReadableStream.js';
-import { fetchKasPubKey as fetchKasPubKeyV2, fetchWrappedKey } from '../../src/access.js';
-import { DecryptParams } from './client/builders.js';
-import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js';
-import * as assertions from './assertions.js';
 
 import {
-  KeyAccessType,
-  KeyInfo,
-  Manifest,
-  Policy,
-  Remote as KeyAccessRemote,
-  SplitKey,
-  Wrapped as KeyAccessWrapped,
-  KeyAccess,
-  KeyAccessObject,
-  SplitType,
-} from './models/index.js';
-import { base64 } from '../../src/encodings/index.js';
-import {
-  type Chunker,
-  ZipReader,
-  ZipWriter,
-  base64ToBuffer,
-  keyMerge,
-  buffToString,
-  concatUint8,
-} from './utils/index.js';
-import { Binary } from './binary.js';
-import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../../src/access.js';
+  KasPublicKeyAlgorithm,
+  KasPublicKeyInfo,
+  OriginAllowList,
+  fetchKasPubKey as fetchKasPubKeyV2,
+  fetchWrappedKey,
+  publicKeyAlgorithmToJwa,
+} from '../../src/access.js';
+import { type AuthProvider, reqSignature } from '../../src/auth/auth.js';
+import { allPool, anyPool } from '../../src/concurrency.js';
+import { base64, hex } from '../../src/encodings/index.js';
 import {
   ConfigurationError,
   DecryptError,
@@ -39,17 +20,40 @@ import {
   UnsafeUrlError,
   UnsupportedFeatureError as UnsupportedError,
 } from '../../src/errors.js';
-import { htmlWrapperTemplate } from './templates/index.js';
-
-// configurable
-// TODO: remove dependencies from ciphers so that we can open-source instead of relying on other Virtru libs
-import { AesGcmCipher } from './ciphers/index.js';
-import { type AuthProvider, reqSignature } from '../../src/auth/auth.js';
+import { generateKeyPair } from '../../src/nanotdf-crypto/generateKeyPair.js';
+import { keyAgreement } from '../../src/nanotdf-crypto/keyAgreement.js';
+import { pemPublicToCrypto } from '../../src/nanotdf-crypto/pemPublicToCrypto.js';
+import { type Chunker } from '../../src/seekable.js';
 import { PolicyObject } from '../../src/tdf/PolicyObject.js';
-import { type CryptoService, type DecryptResult } from './crypto/declarations.js';
-import { CentralDirectory } from './utils/zip-reader.js';
+import { tdfSpecVersion } from '../../src/version.js';
+import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js';
+import * as assertions from './assertions.js';
+import { Binary } from './binary.js';
+import { AesGcmCipher } from './ciphers/aes-gcm-cipher.js';
 import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
-import { allPool, anyPool } from '../../src/concurrency.js';
+import { DecryptParams } from './client/builders.js';
+import { DecoratedReadableStream } from './client/DecoratedReadableStream.js';
+import {
+  AnyKeyPair,
+  PemKeyPair,
+  type CryptoService,
+  type DecryptResult,
+} from './crypto/declarations.js';
+import {
+  ECWrapped,
+  KeyAccessType,
+  KeyInfo,
+  Manifest,
+  Policy,
+  SplitKey,
+  Wrapped,
+  KeyAccess,
+  KeyAccessObject,
+  SplitType,
+} from './models/index.js';
+import { unsigned } from './utils/buffer-crc32.js';
+import { ZipReader, ZipWriter, keyMerge, concatUint8 } from './utils/index.js';
+import { CentralDirectory } from './utils/zip-reader.js';
 
 // TODO: input validation on manifest JSON
 const DEFAULT_SEGMENT_SIZE = 1024 * 1024;
@@ -77,6 +81,7 @@ export type Metadata = {
 
 export type BuildKeyAccess = {
   type: KeyAccessType;
+  alg?: KasPublicKeyAlgorithm;
   url?: string;
   kid?: string;
   publicKey: string;
@@ -86,8 +91,8 @@ export type BuildKeyAccess = {
 
 type Segment = {
   hash: string;
-  segmentSize: number | undefined;
-  encryptedSegmentSize: number | undefined;
+  segmentSize?: number;
+  encryptedSegmentSize?: number;
 };
 
 type EntryInfo = {
@@ -97,20 +102,37 @@ type EntryInfo = {
   fileByteCount?: number;
 };
 
+type Mailbox<T> = Promise<T> & {
+  set: (value: T) => void;
+  reject: (error: Error) => void;
+};
+
+function mailbox<T>(): Mailbox<T> {
+  let set: (value: T) => void;
+  let reject: (error: Error) => void;
+
+  const promise = new Promise<T>((resolve, rejectFn) => {
+    set = resolve;
+    reject = rejectFn;
+  }) as Mailbox<T>;
+
+  promise.set = set!;
+  promise.reject = reject!;
+
+  return promise;
+}
+
 type Chunk = {
   hash: string;
+  plainSegmentSize?: number;
   encryptedOffset: number;
   encryptedSegmentSize?: number;
-  decryptedChunk?: null | DecryptResult;
-  promise: Promise<unknown>;
-  _resolve?: (value: unknown) => void;
-  _reject?: (value: unknown) => void;
+  decryptedChunk: Mailbox<DecryptResult>;
 };
 
 export type IntegrityAlgorithm = 'GMAC' | 'HS256';
 
 export type EncryptConfiguration = {
-  allowedKases?: string[];
   allowList?: OriginAllowList;
   cryptoService: CryptoService;
   dpopKeys: CryptoKeyPair;
@@ -144,6 +166,7 @@ export type DecryptConfiguration = {
   assertionVerificationKeys?: AssertionVerificationKeys;
   noVerifyAssertions?: boolean;
   concurrencyLimit?: number;
+  wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
 };
 
 export type UpsertConfiguration = {
@@ -180,58 +203,17 @@ export async function fetchKasPublicKey(
   return fetchKasPubKeyV2(kas, algorithm || 'rsa:2048');
 }
 
-/**
- *
- * @param payload The TDF content to encode in HTML
- * @param manifest A copy of the manifest
- * @param transferUrl reader web-service start page
- * @return utf-8 encoded HTML data
- */
-export function wrapHtml(
-  payload: Uint8Array,
-  manifest: Manifest | string,
-  transferUrl: string
-): Uint8Array {
-  const { origin } = new URL(transferUrl);
-  const exportManifest: string = typeof manifest === 'string' ? manifest : JSON.stringify(manifest);
-
-  const fullHtmlString = htmlWrapperTemplate({
-    transferUrl,
-    transferBaseUrl: origin,
-    manifest: base64.encode(exportManifest),
-    payload: buffToString(payload, 'base64'),
-  });
-
-  return new TextEncoder().encode(fullHtmlString);
-}
-
-export function unwrapHtml(htmlPayload: ArrayBuffer | Uint8Array | Binary | string) {
-  let html;
-  if (htmlPayload instanceof ArrayBuffer || ArrayBuffer.isView(htmlPayload)) {
-    html = new TextDecoder().decode(htmlPayload);
-  } else {
-    html = htmlPayload.toString();
-  }
-  const payloadRe = /<input id=['"]?data-input['"]?[^>]*?value=['"]?([a-zA-Z0-9+/=]+)['"]?/;
-  const reResult = payloadRe.exec(html);
-  if (reResult === null) {
-    throw new InvalidFileError('Payload is missing');
-  }
-  const base64Payload = reResult[1];
-  try {
-    return base64ToBuffer(base64Payload);
-  } catch (e) {
-    throw new InvalidFileError('There was a problem extracting the TDF3 payload', e);
-  }
-}
-
-export async function extractPemFromKeyString(keyString: string): Promise<string> {
+export async function extractPemFromKeyString(
+  keyString: string,
+  alg: KasPublicKeyAlgorithm
+): Promise<string> {
   let pem: string = keyString;
 
   // Skip the public key extraction if we find that the KAS url provides a
   // PEM-encoded key instead of certificate
   if (keyString.includes('CERTIFICATE')) {
-    const cert = await importX509(keyString, 'RS256', { extractable: true });
+    const a = publicKeyAlgorithmToJwa(alg);
+    const cert = await importX509(keyString, a, { extractable: true });
     pem = await exportSPKI(cert);
   }
 
@@ -258,32 +240,34 @@ export async function buildKeyAccess({
   kid,
   metadata,
   sid = '',
+  alg = 'rsa:2048',
 }: BuildKeyAccess): Promise<KeyAccess> {
-  /** Internal function to keep it DRY */
-  function createKeyAccess(
-    type: KeyAccessType,
-    kasUrl: string,
-    kasKeyIdentifier: string | undefined,
-    pubKey: string,
-    metadata?: Metadata
-  ) {
-    switch (type) {
-      case 'wrapped':
-        return new KeyAccessWrapped(kasUrl, kasKeyIdentifier, pubKey, metadata, sid);
-      case 'remote':
-        return new KeyAccessRemote(kasUrl, kasKeyIdentifier, pubKey, metadata, sid);
-      default:
-        throw new ConfigurationError(`buildKeyAccess: Key access type ${type} is unknown`);
-    }
-  }
-
   // if url and pulicKey are specified load the key access object with them
-  if (url && publicKey) {
-    return createKeyAccess(type, url, kid, await extractPemFromKeyString(publicKey), metadata);
+  if (!url && !publicKey) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No source for kasUrl or pubKey');
+  } else if (!url) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No kasUrl');
+  } else if (!publicKey) {
+    throw new ConfigurationError('TDF.buildKeyAccess: No kas public key');
   }
 
-  // All failed. Raise an error.
-  throw new ConfigurationError('TDF.buildKeyAccess: No source for kasUrl or pubKey');
+  let pubKey: string;
+  try {
+    pubKey = await extractPemFromKeyString(publicKey, alg);
+  } catch (e) {
+    throw new ConfigurationError(
+      `TDF.buildKeyAccess: Invalid public key [${publicKey}], caused by [${e}]`,
+      e
+    );
+  }
+  switch (type) {
+    case 'wrapped':
+      return new Wrapped(url, kid, pubKey, metadata, sid);
+    case 'ec-wrapped':
+      return new ECWrapped(url, kid, pubKey, metadata, sid);
+    default:
+      throw new ConfigurationError(`buildKeyAccess: Key access type [${type}] is unsupported`);
+  }
 }
 
 export function validatePolicyObject(policy: Policy): void {
@@ -312,7 +296,6 @@ async function _generateManifest(
     url: '0.payload',
     protocol: 'zip',
     isEncrypted: true,
-    schemaVersion: '3.0.0',
     ...(mimeType && { mimeType }),
   };
 
@@ -323,25 +306,34 @@ async function _generateManifest(
     // generate the manifest first, then insert integrity information into it
     encryptionInformation: encryptionInformationStr,
     assertions: assertions,
+    schemaVersion: tdfSpecVersion,
   };
 }
 
 async function getSignature(
-  unwrappedKeyBinary: Binary,
-  payloadBinary: Binary,
-  algorithmType: IntegrityAlgorithm,
-  cryptoService: CryptoService
-) {
+  unwrappedKey: Uint8Array,
+  content: Uint8Array,
+  algorithmType: IntegrityAlgorithm
+): Promise<Uint8Array> {
   switch (algorithmType.toUpperCase()) {
     case 'GMAC':
       // use the auth tag baked into the encrypted payload
-      return buffToString(Uint8Array.from(payloadBinary.asByteArray()).slice(-16), 'hex');
-    case 'HS256':
+      return content.slice(-16);
+    case 'HS256': {
       // simple hmac is the default
-      return await cryptoService.hmac(
-        buffToString(new Uint8Array(unwrappedKeyBinary.asArrayBuffer()), 'hex'),
-        buffToString(new Uint8Array(payloadBinary.asArrayBuffer()), 'utf-8')
+      const cryptoKey = await crypto.subtle.importKey(
+        'raw',
+        unwrappedKey,
+        {
+          name: 'HMAC',
+          hash: { name: 'SHA-256' },
+        },
+        true,
+        ['sign', 'verify']
       );
+      const signature = await crypto.subtle.sign('HMAC', cryptoKey, content);
+      return new Uint8Array(signature);
+    }
     default:
       throw new ConfigurationError(`Unsupported signature alg [${algorithmType}]`);
   }
@@ -375,7 +367,7 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
   let bytesProcessed = 0;
   let crcCounter = 0;
   let fileByteCount = 0;
-  let aggregateHash = '';
+  const segmentHashList: Uint8Array[] = [];
 
   const zipWriter = new ZipWriter();
   const manifest = await _generateManifest(
@@ -468,14 +460,16 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
         fileByteCount = 0;
 
         // hash the concat of all hashes
-        const payloadSigStr = await getSignature(
-          cfg.keyForEncryption.unwrappedKeyBinary,
-          Binary.fromString(aggregateHash),
-          cfg.integrityAlgorithm,
-          cfg.cryptoService
+        const aggregateHash = await concatenateUint8Array(segmentHashList);
+
+        const payloadSig = await getSignature(
+          new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+          aggregateHash,
+          cfg.integrityAlgorithm
         );
-        manifest.encryptionInformation.integrityInformation.rootSignature.sig =
-          base64.encode(payloadSigStr);
+
+        const rootSig = base64.encodeArrayBuffer(payloadSig);
+        manifest.encryptionInformation.integrityInformation.rootSignature.sig = rootSig;
         manifest.encryptionInformation.integrityInformation.rootSignature.alg =
           cfg.integrityAlgorithm;
 
@@ -581,18 +575,16 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
       cfg.keyForEncryption.unwrappedKeyBinary
     );
     const payloadBuffer = new Uint8Array(encryptedResult.payload.asByteArray());
-    const payloadSigStr = await getSignature(
-      cfg.keyForEncryption.unwrappedKeyBinary,
-      encryptedResult.payload,
-      cfg.segmentIntegrityAlgorithm,
-      cfg.cryptoService
+    const payloadSig = await getSignature(
+      new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+      new Uint8Array(encryptedResult.payload.asArrayBuffer()),
+      cfg.segmentIntegrityAlgorithm
     );
 
-    // combined string of all hashes for root signature
-    aggregateHash += payloadSigStr;
+    segmentHashList.push(new Uint8Array(payloadSig));
 
     segmentInfos.push({
-      hash: base64.encode(payloadSigStr),
+      hash: base64.encodeArrayBuffer(payloadSig),
       segmentSize: chunk.length === segmentSizeDefault ? undefined : chunk.length,
       encryptedSegmentSize:
         payloadBuffer.length === encryptedSegmentSizeDefault ? undefined : payloadBuffer.length,
@@ -660,6 +652,7 @@ async function unwrapKey({
   dpopKeys,
   concurrencyLimit,
   cryptoService,
+  wrappingKeyAlgorithm,
 }: {
   manifest: Manifest;
   allowedKases: OriginAllowList;
@@ -667,6 +660,7 @@ async function unwrapKey({
   concurrencyLimit?: number;
   dpopKeys: CryptoKeyPair;
   cryptoService: CryptoService;
+  wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
 }) {
   if (authProvider === undefined) {
     throw new ConfigurationError(
@@ -678,9 +672,18 @@ async function unwrapKey({
 
   async function tryKasRewrap(keySplitInfo: KeyAccessObject): Promise<RewrapResponseData> {
     const url = `${keySplitInfo.url}/v2/rewrap`;
-    const ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(
-      await cryptoService.generateKeyPair()
-    );
+    let ephemeralEncryptionKeysRaw: AnyKeyPair;
+    let ephemeralEncryptionKeys: PemKeyPair;
+    if (wrappingKeyAlgorithm === 'ec:secp256r1') {
+      ephemeralEncryptionKeysRaw = await generateKeyPair();
+      ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(ephemeralEncryptionKeysRaw);
+    } else if (wrappingKeyAlgorithm === 'rsa:2048' || !wrappingKeyAlgorithm) {
+      ephemeralEncryptionKeysRaw = await cryptoService.generateKeyPair();
+      ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(ephemeralEncryptionKeysRaw);
+    } else {
+      throw new ConfigurationError(`Unsupported wrapping key algorithm [${wrappingKeyAlgorithm}]`);
+    }
+
     const clientPublicKey = ephemeralEncryptionKeys.publicKey;
 
     const requestBodyStr = JSON.stringify({
@@ -693,13 +696,31 @@ async function unwrapKey({
     const jwtPayload = { requestBody: requestBodyStr };
     const signedRequestToken = await reqSignature(jwtPayload, dpopKeys.privateKey);
 
-    const { entityWrappedKey, metadata } = await fetchWrappedKey(
+    const { entityWrappedKey, metadata, sessionPublicKey } = await fetchWrappedKey(
       url,
       { signedRequestToken },
       authProvider,
       '0.0.1'
     );
 
+    if (wrappingKeyAlgorithm === 'ec:secp256r1') {
+      const serverEphemeralKey: CryptoKey = await pemPublicToCrypto(sessionPublicKey);
+      const ekr = ephemeralEncryptionKeysRaw as CryptoKeyPair;
+      const kek = await keyAgreement(ekr.privateKey, serverEphemeralKey, {
+        hkdfSalt: new TextEncoder().encode('salt'),
+        hkdfHash: 'SHA-256',
+      });
+      const wrappedKeyAndNonce = base64.decodeArrayBuffer(entityWrappedKey);
+      const iv = wrappedKeyAndNonce.slice(0, 12);
+      const wrappedKey = wrappedKeyAndNonce.slice(12);
+
+      const dek = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, kek, wrappedKey);
+
+      return {
+        key: new Uint8Array(dek),
+        metadata,
+      };
+    }
     const key = Binary.fromString(base64.decode(entityWrappedKey));
     const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey(
       key,
@@ -769,17 +790,22 @@ async function decryptChunk(
   hash: string,
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
-  cryptoService: CryptoService
+  isLegacyTDF: boolean
 ): Promise<DecryptResult> {
   if (segmentIntegrityAlgorithm !== 'GMAC' && segmentIntegrityAlgorithm !== 'HS256') {
+    throw new UnsupportedError(`Unsupported integrity alg [${segmentIntegrityAlgorithm}]`);
   }
-  const segmentHashStr = await getSignature(
-    reconstructedKeyBinary,
-    Binary.fromArrayBuffer(encryptedChunk.buffer),
-    segmentIntegrityAlgorithm,
-    cryptoService
+  const segmentSig = await getSignature(
+    new Uint8Array(reconstructedKeyBinary.asArrayBuffer()),
+    encryptedChunk,
+    segmentIntegrityAlgorithm
   );
-  if (hash !== btoa(segmentHashStr)) {
+
+  const segmentHash = isLegacyTDF
+    ? base64.encode(hex.encodeArrayBuffer(segmentSig))
+    : base64.encodeArrayBuffer(segmentSig);
+
+  if (hash !== segmentHash) {
     throw new IntegrityError('Failed integrity check on segment hash');
   }
   return await cipher.decrypt(encryptedChunk, reconstructedKeyBinary);
@@ -792,7 +818,8 @@ async function updateChunkQueue(
   reconstructedKeyBinary: Binary,
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
-  cryptoService: CryptoService
+  cryptoService: CryptoService,
+  isLegacyTDF: boolean
 ) {
   const chunksInOneDownload = 500;
   let requests = [];
@@ -833,6 +860,7 @@ async function updateChunkQueue(
             slice,
             cipher,
             segmentIntegrityAlgorithm,
+            isLegacyTDF,
           });
         }
       })()
@@ -845,8 +873,8 @@ export async function sliceAndDecrypt({
   reconstructedKeyBinary,
   slice,
   cipher,
-  cryptoService,
   segmentIntegrityAlgorithm,
+  isLegacyTDF,
 }: {
   buffer: Uint8Array;
   reconstructedKeyBinary: Binary;
@@ -854,9 +882,10 @@ export async function sliceAndDecrypt({
   cipher: SymmetricCipher;
   cryptoService: CryptoService;
   segmentIntegrityAlgorithm: IntegrityAlgorithm;
+  isLegacyTDF: boolean;
 }) {
   for (const index in slice) {
-    const { encryptedOffset, encryptedSegmentSize, _resolve, _reject } = slice[index];
+    const { encryptedOffset, encryptedSegmentSize, plainSegmentSize } = slice[index];
 
     const offset =
       slice[0].encryptedOffset === 0 ? encryptedOffset : encryptedOffset % slice[0].encryptedOffset;
@@ -864,6 +893,10 @@ export async function sliceAndDecrypt({
       buffer.slice(offset, offset + (encryptedSegmentSize as number))
     );
 
+    if (encryptedChunk.length !== encryptedSegmentSize) {
+      throw new DecryptError('Failed to fetch entire segment');
+    }
+
     try {
       const result = await decryptChunk(
         encryptedChunk,
@@ -871,18 +904,16 @@ export async function sliceAndDecrypt({
         slice[index]['hash'],
         cipher,
         segmentIntegrityAlgorithm,
-        cryptoService
+        isLegacyTDF
       );
-      slice[index].decryptedChunk = result;
-      if (_resolve) {
-        _resolve(null);
+      if (plainSegmentSize && result.payload.length() !== plainSegmentSize) {
+        throw new DecryptError(
+          `incorrect segment size: found [${result.payload.length()}], expected [${plainSegmentSize}]`
+        );
       }
+      slice[index].decryptedChunk.set(result);
     } catch (e) {
-      if (_reject) {
-        _reject(e);
-      } else {
-        throw e;
-      }
+      slice[index].decryptedChunk.reject(e);
     }
   }
 }
@@ -905,6 +936,7 @@ export async function readStream(cfg: DecryptConfiguration) {
     encryptedSegmentSizeDefault: defaultSegmentSize,
     rootSignature,
     segmentHashAlg,
+    segmentSizeDefault,
     segments,
   } = manifest.encryptionInformation.integrityInformation;
   const { metadata, reconstructedKeyBinary } = await unwrapKey({
@@ -918,25 +950,28 @@ export async function readStream(cfg: DecryptConfiguration) {
   const keyForDecryption = await cfg.keyMiddleware(reconstructedKeyBinary);
   const encryptedSegmentSizeDefault = defaultSegmentSize || DEFAULT_SEGMENT_SIZE;
 
-  // check the combined string of hashes
-  const aggregateHash = segments.map(({ hash }) => base64.decode(hash)).join('');
+  // check if the TDF is a legacy TDF
+  const specVersion = manifest.schemaVersion || manifest.tdf_spec_version;
+  const isLegacyTDF = !specVersion || specVersion.startsWith('3.');
+
+  // Decode each hash and store it in an array of Uint8Array
+  const segmentHashList = segments.map(
+    ({ hash }) => new Uint8Array(base64.decodeArrayBuffer(hash))
+  );
+
+  // Concatenate all segment hashes into a single Uint8Array
+  const aggregateHash = await concatenateUint8Array(segmentHashList);
+
   const integrityAlgorithm = rootSignature.alg;
   if (integrityAlgorithm !== 'GMAC' && integrityAlgorithm !== 'HS256') {
     throw new UnsupportedError(`Unsupported integrity alg [${integrityAlgorithm}]`);
   }
-  const payloadSigStr = await getSignature(
-    keyForDecryption,
-    Binary.fromString(aggregateHash),
-    integrityAlgorithm,
-    cfg.cryptoService
-  );
 
-  if (
-    manifest.encryptionInformation.integrityInformation.rootSignature.sig !==
-    base64.encode(payloadSigStr)
-  ) {
-    throw new IntegrityError('Failed integrity check on root signature');
-  }
+  const payloadSig = await getSignature(
+    new Uint8Array(keyForDecryption.asArrayBuffer()),
+    aggregateHash,
+    integrityAlgorithm
+  );
 
   if (!cfg.noVerifyAssertions) {
     for (const assertion of manifest.assertions || []) {
@@ -952,31 +987,40 @@ export async function readStream(cfg: DecryptConfiguration) {
           assertionKey = foundKey;
         }
       }
-      await assertions.verify(assertion, aggregateHash, assertionKey);
+      await assertions.verify(assertion, aggregateHash, assertionKey, isLegacyTDF);
     }
   }
 
+  const rootSig = isLegacyTDF
+    ? base64.encode(hex.encodeArrayBuffer(payloadSig))
+    : base64.encodeArrayBuffer(payloadSig);
+
+  if (manifest.encryptionInformation.integrityInformation.rootSignature.sig !== rootSig) {
+    throw new IntegrityError('Failed integrity check on root signature');
+  }
+
   let mapOfRequestsOffset = 0;
   const chunkMap = new Map(
-    segments.map(({ hash, encryptedSegmentSize = encryptedSegmentSizeDefault }) => {
-      const result = (() => {
-        let _resolve, _reject;
-        const chunk: Chunk = {
-          hash,
-          encryptedOffset: mapOfRequestsOffset,
-          encryptedSegmentSize,
-          promise: new Promise((resolve, reject) => {
-            _resolve = resolve;
-            _reject = reject;
-          }),
-        };
-        chunk._resolve = _resolve;
-        chunk._reject = _reject;
-        return chunk;
-      })();
-      mapOfRequestsOffset += encryptedSegmentSize || encryptedSegmentSizeDefault;
-      return [hash, result];
-    })
+    segments.map(
+      ({
+        hash,
+        encryptedSegmentSize = encryptedSegmentSizeDefault,
+        segmentSize = segmentSizeDefault,
+      }) => {
+        const result = (() => {
+          const chunk: Chunk = {
+            hash,
+            encryptedOffset: mapOfRequestsOffset,
+            encryptedSegmentSize,
+            decryptedChunk: mailbox<DecryptResult>(),
+            plainSegmentSize: segmentSize,
+          };
+          return chunk;
+        })();
+        mapOfRequestsOffset += encryptedSegmentSize;
+        return [hash, result];
+      }
+    )
   );
 
   const cipher = new AesGcmCipher(cfg.cryptoService);
@@ -993,7 +1037,8 @@ export async function readStream(cfg: DecryptConfiguration) {
     keyForDecryption,
     cipher,
     segmentIntegrityAlg,
-    cfg.cryptoService
+    cfg.cryptoService,
+    isLegacyTDF
   );
 
   let progress = 0;
@@ -1005,16 +1050,11 @@ export async function readStream(cfg: DecryptConfiguration) {
       }
 
       const [hash, chunk] = chunkMap.entries().next().value;
-      if (!chunk.decryptedChunk) {
-        await chunk.promise;
-      }
-      const decryptedSegment = chunk.decryptedChunk;
+      const decryptedSegment = await chunk.decryptedChunk;
 
       controller.enqueue(new Uint8Array(decryptedSegment.payload.asByteArray()));
       progress += chunk.encryptedSegmentSize;
       cfg.progressHandler?.(progress);
-
-      chunk.decryptedChunk = null;
       chunkMap.delete(hash);
     },
     ...(cfg.fileStreamServiceWorker && { fileStreamServiceWorker: cfg.fileStreamServiceWorker }),
@@ -1023,8 +1063,12 @@ export async function readStream(cfg: DecryptConfiguration) {
   const outputStream = new DecoratedReadableStream(underlyingSource);
 
   outputStream.manifest = manifest;
-  outputStream.emit('manifest', manifest);
   outputStream.metadata = metadata;
-  outputStream.emit('rewrap', metadata);
   return outputStream;
 }
+
+async function concatenateUint8Array(uint8arrays: Uint8Array[]): Promise<Uint8Array> {
+  const blob = new Blob(uint8arrays);
+  const buffer = await blob.arrayBuffer();
+  return new Uint8Array(buffer);
+}