Ft/update images 2 (#29)

* Update images

* Upgrade jose

* +bump images

* +otp 23 support

* +build utils

* bump images

* +drop loading libdecaf

* Remove recon

Co-authored-by: dinama <dinama@users.noreply.github.com>

Makefile

@@ -14,11 +14,11 @@ SERVICE_IMAGE_PUSH_TAG ?= $(SERVICE_IMAGE_TAG)
 
 # Base image for the service
 BASE_IMAGE_NAME := service-erlang
-BASE_IMAGE_TAG := 02a14b0cf68de5552e03a4f66f771411ff7964f8
+BASE_IMAGE_TAG := b2c2a3f8c46842488eef78a2574ba880eeff07b9
 
 # Build image tag to be used
 BUILD_IMAGE_NAME := build-erlang
-BUILD_IMAGE_TAG := 12beabfb5b6968c7566fa3d872ad1b3e8d612f46
+BUILD_IMAGE_TAG := 77025543100d92756b4d47f68538e8e70cafc7ef
 
 CALL_W_CONTAINER := all submodules compile xref lint dialyze test \
 					release clean distclean check_format format

apps/kds/src/kds_crypto.erl

@@ -44,7 +44,7 @@
 
 -type cedf() :: #cedf{}.
 
--define(CIPHER_TYPE, aes_gcm).
+-define(CIPHER_TYPE, aes_256_gcm).
 
 %% interface
 
@@ -57,7 +57,7 @@ encrypt(Key, Plain) ->
     IV = iv(),
     AAD = aad(),
     try
-        {Cipher, Tag} = crypto:block_encrypt(?CIPHER_TYPE, Key, IV, {AAD, Plain}),
+        {Cipher, Tag} = crypto:crypto_one_time_aead(?CIPHER_TYPE, Key, IV, Plain, AAD, true),
         marshall_cedf(#cedf{iv = IV, aad = AAD, cipher = Cipher, tag = Tag})
     catch
         Class:_Reason:Stacktrace ->
@@ -85,7 +85,7 @@ public_encrypt(PublicKey, Plain) ->
 decrypt(Key, MarshalledCEDF) ->
     try
         #cedf{iv = IV, aad = AAD, cipher = Cipher, tag = Tag} = unmarshall_cedf(MarshalledCEDF),
-        crypto:block_decrypt(?CIPHER_TYPE, Key, IV, {AAD, Cipher, Tag})
+        crypto:crypto_one_time_aead(?CIPHER_TYPE, Key, IV, Cipher, AAD, Tag, false)
     of
         error ->
             throw(decryption_failed);

apps/kds/test/kds_ct_utils.erl

@@ -94,8 +94,8 @@ start_clear(Config) ->
                 {shutdown_timeout, 0},
                 {keyring_rotation_lifetime, 1000},
                 {keyring_unlock_lifetime, 1000},
-                {keyring_rekeying_lifetime, 5000},
-                {keyring_initialize_lifetime, 4000},
+                {keyring_rekeying_lifetime, 3000},
+                {keyring_initialize_lifetime, 3000},
                 {shareholders, #{
                     <<"1">> => #{
                         owner => <<"ndiezel">>,

rebar.config

@@ -20,8 +20,7 @@
 {deps, [
     {lib_combin, "0.1.5"},
     {jsx, "2.9.0"},
-    {jose, "1.9.0"},
-    {libdecaf, "1.0.0"},
+    {jose, "1.11.1"},
     {prometheus, "4.6.0"},
     {prometheus_cowboy, "0.1.8"},
     {shamir                   , {git, "git@github.com:rbkmoney/shamir.git"                   , {branch, master}}},
@@ -31,7 +30,8 @@
     {erl_health               , {git, "https://github.com/rbkmoney/erlang-health.git"        , {branch, master}}},
     {cds_proto                , {git, "git@github.com:rbkmoney/cds-proto.git"                , {branch, master}}},
     {msgpack                  , {git, "https://github.com/rbkmoney/msgpack-erlang"           , {branch, master}}},
-    {scoper                   , {git, "git@github.com:rbkmoney/scoper.git"                   , {branch, master}}}
+    {scoper                   , {git, "git@github.com:rbkmoney/scoper.git"                   , {branch, master}}},
+    {logger_logstash_formatter, {git, "git@github.com:rbkmoney/logger_logstash_formatter.git", {branch, "master"}}}
 ]}.
 
 {xref_checks, [
@@ -42,21 +42,6 @@
     deprecated_functions
 ]}.
 
-{relx, [
-    {release, {kds, "0.1.0"}, [
-        {recon, load},
-        {libdecaf, load},
-        {logger_logstash_formatter, load},
-        kds
-    ]},
-    {sys_config, "./config/sys.config"},
-    {vm_args, "./config/vm.args"},
-    {dev_mode, true},
-    {include_erts, false},
-    {include_src, false},
-    {extended_start_script, true}
-]}.
-
 {dialyzer, [
     {warnings, [
         unmatched_returns,
@@ -71,14 +56,11 @@
 {profiles, [
     {prod, [
         {deps, [
-            {logger_logstash_formatter,
-                {git, "https://github.com/rbkmoney/logger_logstash_formatter.git", {ref, "87e52c755"}}},
             {recon, "2.3.2"}
         ]},
         {relx, [
             {release, {kds, "0.1.0"}, [
                 {recon, load},
-                {libdecaf, load},
                 {logger_logstash_formatter, load},
                 kds
             ]},

rebar.lock

@@ -1,6 +1,5 @@
 {"1.2.0",
 [{<<"accept">>,{pkg,<<"accept">>,<<"0.3.5">>},2},
- {<<"base64url">>,{pkg,<<"base64url">>,<<"0.0.1">>},1},
  {<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},2},
  {<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1},
  {<<"cds_proto">>,
@@ -33,16 +32,12 @@
        {ref,"2bb46054e16aaba9357747cc72b7c42e1897a56d"}},
   0},
  {<<"idna">>,{pkg,<<"idna">>,<<"6.0.1">>},2},
- {<<"jose">>,{pkg,<<"jose">>,<<"1.9.0">>},0},
+ {<<"jose">>,{pkg,<<"jose">>,<<"1.11.1">>},0},
  {<<"jsx">>,{pkg,<<"jsx">>,<<"2.9.0">>},0},
  {<<"lib_combin">>,{pkg,<<"lib_combin">>,<<"0.1.5">>},0},
- {<<"libdecaf">>,
-  {git,"https://github.com/potatosalad/erlang-libdecaf",
-       {ref,"0561aeb228b12d37468a0058530094f0a55c3c26"}},
-  0},
  {<<"logger_logstash_formatter">>,
   {git,"git@github.com:rbkmoney/logger_logstash_formatter.git",
-       {ref,"41e8e3cc3ba6d1f53f1f0a0c9eb07c32f0868205"}},
+       {ref,"87e52c755cf9e64d651e3ddddbfcd2ccd1db79db"}},
   0},
  {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},2},
  {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},2},
@@ -86,7 +81,6 @@
 [
 {pkg_hash,[
  {<<"accept">>, <<"B33B127ABCA7CC948BBE6CAA4C263369ABF1347CFA9D8E699C6D214660F10CD1">>},
- {<<"base64url">>, <<"36A90125F5948E3AFD7BE97662A1504B934DD5DAC78451CA6E9ABF85A10286BE">>},
  {<<"bear">>, <<"16264309AE5D005D03718A5C82641FCC259C9E8F09ADEB6FD79CA4271168656F">>},
  {<<"cache">>, <<"3C11DBF4CD8FCD5787C95A5FB2A04038E3729CFCA0386016EEA8C953AB48A5AB">>},
  {<<"certifi">>, <<"B7CFEAE9D2ED395695DD8201C57A2D019C0C43ECAF8B8BCB9320B40D6662F340">>},
@@ -95,7 +89,7 @@
  {<<"gproc">>, <<"CEA02C578589C61E5341FCE149EA36CCEF236CC2ECAC8691FBA408E7EA77EC2F">>},
  {<<"hackney">>, <<"5096AC8E823E3A441477B2D187E30DD3FFF1A82991A806B2003845CE72CE2D84">>},
  {<<"idna">>, <<"1D038FB2E7668CE41FBF681D2C45902E52B3CB9E9C77B55334353B222C2EE50C">>},
- {<<"jose">>, <<"4167C5F6D06FFAEBFFD15CDB8DA61A108445EF5E85AB8F5A7AD926FDF3ADA154">>},
+ {<<"jose">>, <<"59DA64010C69AAD6CDE2F5B9248B896B84472E99BD18F246085B7B9FE435DCDB">>},
  {<<"jsx">>, <<"D2F6E5F069C00266CAD52FB15D87C428579EA4D7D73A33669E12679E203329DD">>},
  {<<"lib_combin">>, <<"00F241FDCB6AFFFC1DE109A61A216C07E4E51C52CCB165656565BF660E7C78EB">>},
  {<<"metrics">>, <<"25F094DEA2CDA98213CECC3AEFF09E940299D950904393B2A29D191C346A8486">>},
@@ -111,7 +105,6 @@
  {<<"unicode_util_compat">>, <<"8516502659002CEC19E244EBD90D312183064BE95025A319A6C7E89F4BCCD65B">>}]},
 {pkg_hash_ext,[
  {<<"accept">>, <<"11B18C220BCC2EAB63B5470C038EF10EB6783BCB1FCDB11AA4137DEFA5AC1BB8">>},
- {<<"base64url">>, <<"FAB09B20E3F5DB886725544CBCF875B8E73EC93363954EB8A1A9ED834AA8C1F9">>},
  {<<"bear">>, <<"534217DCE6A719D59E54FB0EB7A367900DBFC5F85757E8C1F94269DF383F6D9B">>},
  {<<"cache">>, <<"3E7D6706DE5DF76C4D71C895B4BE62B01C3DE6EDB63197035E465C3BCE63F19B">>},
  {<<"certifi">>, <<"3B3B5F36493004AC3455966991EAF6E768CE9884693D9968055AEEEB1E575040">>},
@@ -120,7 +113,7 @@
  {<<"gproc">>, <<"580ADAFA56463B75263EF5A5DF4C86AF321F68694E7786CB057FD805D1E2A7DE">>},
  {<<"hackney">>, <<"3BF0BEBBD5D3092A3543B783BF065165FA5D3AD4B899B836810E513064134E18">>},
  {<<"idna">>, <<"A02C8A1C4FD601215BB0B0324C8A6986749F807CE35F25449EC9E69758708122">>},
- {<<"jose">>, <<"6429C4FEE52B2DDA7861EE19A4F09C8C1FFA213BEE3A1EC187828FDE95D447ED">>},
+ {<<"jose">>, <<"078F6C9FB3CD2F4CFAFC972C814261A7D1E8D2B3685C0A76EB87E158EFFF1AC5">>},
  {<<"jsx">>, <<"8EE1DB1CABAFDD578A2776A6AAAE87C2A8CE54B47B59E9EC7DAB5D7EB71CD8DC">>},
  {<<"lib_combin">>, <<"D565215B9E5B3B1EF0B1A5DEDD0CC41AEA0814D6EAD6191584B5961C9DB874D5">>},
  {<<"metrics">>, <<"69B09ADDDC4F74A40716AE54D140F93BEB0FB8978D8636EADED0C31B6F099F16">>},