brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbou...@apache.org
Subject [01/21] brooklyn-client git commit: Switch to dep for dependency management
Date Tue, 20 Nov 2018 09:20:55 GMT
Repository: brooklyn-client
Updated Branches:
  refs/heads/master d8ef28462 -> 45beb3190


http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/test/test_unix_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/test/test_unix_test.go b/cli/vendor/golang.org/x/crypto/ssh/test/test_unix_test.go
deleted file mode 100644
index f1fc50b..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/test/test_unix_test.go
+++ /dev/null
@@ -1,261 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin dragonfly freebsd linux netbsd openbsd plan9
-
-package test
-
-// functional test harness for unix.
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net"
-	"os"
-	"os/exec"
-	"os/user"
-	"path/filepath"
-	"testing"
-	"text/template"
-
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/testdata"
-)
-
-const sshd_config = `
-Protocol 2
-HostKey {{.Dir}}/id_rsa
-HostKey {{.Dir}}/id_dsa
-HostKey {{.Dir}}/id_ecdsa
-Pidfile {{.Dir}}/sshd.pid
-#UsePrivilegeSeparation no
-KeyRegenerationInterval 3600
-ServerKeyBits 768
-SyslogFacility AUTH
-LogLevel DEBUG2
-LoginGraceTime 120
-PermitRootLogin no
-StrictModes no
-RSAAuthentication yes
-PubkeyAuthentication yes
-AuthorizedKeysFile	{{.Dir}}/id_user.pub
-TrustedUserCAKeys {{.Dir}}/id_ecdsa.pub
-IgnoreRhosts yes
-RhostsRSAAuthentication no
-HostbasedAuthentication no
-`
-
-var configTmpl = template.Must(template.New("").Parse(sshd_config))
-
-type server struct {
-	t          *testing.T
-	cleanup    func() // executed during Shutdown
-	configfile string
-	cmd        *exec.Cmd
-	output     bytes.Buffer // holds stderr from sshd process
-
-	// Client half of the network connection.
-	clientConn net.Conn
-}
-
-func username() string {
-	var username string
-	if user, err := user.Current(); err == nil {
-		username = user.Username
-	} else {
-		// user.Current() currently requires cgo. If an error is
-		// returned attempt to get the username from the environment.
-		log.Printf("user.Current: %v; falling back on $USER", err)
-		username = os.Getenv("USER")
-	}
-	if username == "" {
-		panic("Unable to get username")
-	}
-	return username
-}
-
-type storedHostKey struct {
-	// keys map from an algorithm string to binary key data.
-	keys map[string][]byte
-
-	// checkCount counts the Check calls. Used for testing
-	// rekeying.
-	checkCount int
-}
-
-func (k *storedHostKey) Add(key ssh.PublicKey) {
-	if k.keys == nil {
-		k.keys = map[string][]byte{}
-	}
-	k.keys[key.Type()] = key.Marshal()
-}
-
-func (k *storedHostKey) Check(addr string, remote net.Addr, key ssh.PublicKey) error {
-	k.checkCount++
-	algo := key.Type()
-
-	if k.keys == nil || bytes.Compare(key.Marshal(), k.keys[algo]) != 0 {
-		return fmt.Errorf("host key mismatch. Got %q, want %q", key, k.keys[algo])
-	}
-	return nil
-}
-
-func hostKeyDB() *storedHostKey {
-	keyChecker := &storedHostKey{}
-	keyChecker.Add(testPublicKeys["ecdsa"])
-	keyChecker.Add(testPublicKeys["rsa"])
-	keyChecker.Add(testPublicKeys["dsa"])
-	return keyChecker
-}
-
-func clientConfig() *ssh.ClientConfig {
-	config := &ssh.ClientConfig{
-		User: username(),
-		Auth: []ssh.AuthMethod{
-			ssh.PublicKeys(testSigners["user"]),
-		},
-		HostKeyCallback: hostKeyDB().Check,
-	}
-	return config
-}
-
-// unixConnection creates two halves of a connected net.UnixConn.  It
-// is used for connecting the Go SSH client with sshd without opening
-// ports.
-func unixConnection() (*net.UnixConn, *net.UnixConn, error) {
-	dir, err := ioutil.TempDir("", "unixConnection")
-	if err != nil {
-		return nil, nil, err
-	}
-	defer os.Remove(dir)
-
-	addr := filepath.Join(dir, "ssh")
-	listener, err := net.Listen("unix", addr)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer listener.Close()
-	c1, err := net.Dial("unix", addr)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	c2, err := listener.Accept()
-	if err != nil {
-		c1.Close()
-		return nil, nil, err
-	}
-
-	return c1.(*net.UnixConn), c2.(*net.UnixConn), nil
-}
-
-func (s *server) TryDial(config *ssh.ClientConfig) (*ssh.Client, error) {
-	sshd, err := exec.LookPath("sshd")
-	if err != nil {
-		s.t.Skipf("skipping test: %v", err)
-	}
-
-	c1, c2, err := unixConnection()
-	if err != nil {
-		s.t.Fatalf("unixConnection: %v", err)
-	}
-
-	s.cmd = exec.Command(sshd, "-f", s.configfile, "-i", "-e")
-	f, err := c2.File()
-	if err != nil {
-		s.t.Fatalf("UnixConn.File: %v", err)
-	}
-	defer f.Close()
-	s.cmd.Stdin = f
-	s.cmd.Stdout = f
-	s.cmd.Stderr = &s.output
-	if err := s.cmd.Start(); err != nil {
-		s.t.Fail()
-		s.Shutdown()
-		s.t.Fatalf("s.cmd.Start: %v", err)
-	}
-	s.clientConn = c1
-	conn, chans, reqs, err := ssh.NewClientConn(c1, "", config)
-	if err != nil {
-		return nil, err
-	}
-	return ssh.NewClient(conn, chans, reqs), nil
-}
-
-func (s *server) Dial(config *ssh.ClientConfig) *ssh.Client {
-	conn, err := s.TryDial(config)
-	if err != nil {
-		s.t.Fail()
-		s.Shutdown()
-		s.t.Fatalf("ssh.Client: %v", err)
-	}
-	return conn
-}
-
-func (s *server) Shutdown() {
-	if s.cmd != nil && s.cmd.Process != nil {
-		// Don't check for errors; if it fails it's most
-		// likely "os: process already finished", and we don't
-		// care about that. Use os.Interrupt, so child
-		// processes are killed too.
-		s.cmd.Process.Signal(os.Interrupt)
-		s.cmd.Wait()
-	}
-	if s.t.Failed() {
-		// log any output from sshd process
-		s.t.Logf("sshd: %s", s.output.String())
-	}
-	s.cleanup()
-}
-
-func writeFile(path string, contents []byte) {
-	f, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
-	if err != nil {
-		panic(err)
-	}
-	defer f.Close()
-	if _, err := f.Write(contents); err != nil {
-		panic(err)
-	}
-}
-
-// newServer returns a new mock ssh server.
-func newServer(t *testing.T) *server {
-	if testing.Short() {
-		t.Skip("skipping test due to -short")
-	}
-	dir, err := ioutil.TempDir("", "sshtest")
-	if err != nil {
-		t.Fatal(err)
-	}
-	f, err := os.Create(filepath.Join(dir, "sshd_config"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = configTmpl.Execute(f, map[string]string{
-		"Dir": dir,
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.Close()
-
-	for k, v := range testdata.PEMBytes {
-		filename := "id_" + k
-		writeFile(filepath.Join(dir, filename), v)
-		writeFile(filepath.Join(dir, filename+".pub"), ssh.MarshalAuthorizedKey(testPublicKeys[k]))
-	}
-
-	return &server{
-		t:          t,
-		configfile: f.Name(),
-		cleanup: func() {
-			if err := os.RemoveAll(dir); err != nil {
-				t.Error(err)
-			}
-		},
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/test/testdata_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/test/testdata_test.go b/cli/vendor/golang.org/x/crypto/ssh/test/testdata_test.go
deleted file mode 100644
index ae48c75..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/test/testdata_test.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// IMPLEMENTOR NOTE: To avoid a package loop, this file is in three places:
-// ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three
-// instances.
-
-package test
-
-import (
-	"crypto/rand"
-	"fmt"
-
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/testdata"
-)
-
-var (
-	testPrivateKeys map[string]interface{}
-	testSigners     map[string]ssh.Signer
-	testPublicKeys  map[string]ssh.PublicKey
-)
-
-func init() {
-	var err error
-
-	n := len(testdata.PEMBytes)
-	testPrivateKeys = make(map[string]interface{}, n)
-	testSigners = make(map[string]ssh.Signer, n)
-	testPublicKeys = make(map[string]ssh.PublicKey, n)
-	for t, k := range testdata.PEMBytes {
-		testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
-		if err != nil {
-			panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
-		}
-		testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
-		if err != nil {
-			panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
-		}
-		testPublicKeys[t] = testSigners[t].PublicKey()
-	}
-
-	// Create a cert and sign it for use in tests.
-	testCert := &ssh.Certificate{
-		Nonce:           []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
-		ValidAfter:      0,                              // unix epoch
-		ValidBefore:     ssh.CertTimeInfinity,           // The end of currently representable time.
-		Reserved:        []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		Key:             testPublicKeys["ecdsa"],
-		SignatureKey:    testPublicKeys["rsa"],
-		Permissions: ssh.Permissions{
-			CriticalOptions: map[string]string{},
-			Extensions:      map[string]string{},
-		},
-	}
-	testCert.SignCert(rand.Reader, testSigners["rsa"])
-	testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
-	testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
-	if err != nil {
-		panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/testdata/doc.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/testdata/doc.go b/cli/vendor/golang.org/x/crypto/ssh/testdata/doc.go
deleted file mode 100644
index fcae47c..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/testdata/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This package contains test data shared between the various subpackages of
-// the golang.org/x/crypto/ssh package. Under no circumstance should
-// this data be used for production code.
-package testdata // import "golang.org/x/crypto/ssh/testdata"

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/testdata/keys.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/testdata/keys.go b/cli/vendor/golang.org/x/crypto/ssh/testdata/keys.go
deleted file mode 100644
index 5ff1c0e..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/testdata/keys.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package testdata
-
-var PEMBytes = map[string][]byte{
-	"dsa": []byte(`-----BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQD6PDSEyXiI9jfNs97WuM46MSDCYlOqWw80ajN16AohtBncs1YB
-lHk//dQOvCYOsYaE+gNix2jtoRjwXhDsc25/IqQbU1ahb7mB8/rsaILRGIbA5WH3
-EgFtJmXFovDz3if6F6TzvhFpHgJRmLYVR8cqsezL3hEZOvvs2iH7MorkxwIVAJHD
-nD82+lxh2fb4PMsIiaXudAsBAoGAQRf7Q/iaPRn43ZquUhd6WwvirqUj+tkIu6eV
-2nZWYmXLlqFQKEy4Tejl7Wkyzr2OSYvbXLzo7TNxLKoWor6ips0phYPPMyXld14r
-juhT24CrhOzuLMhDduMDi032wDIZG4Y+K7ElU8Oufn8Sj5Wge8r6ANmmVgmFfynr
-FhdYCngCgYEA3ucGJ93/Mx4q4eKRDxcWD3QzWyqpbRVRRV1Vmih9Ha/qC994nJFz
-DQIdjxDIT2Rk2AGzMqFEB68Zc3O+Wcsmz5eWWzEwFxaTwOGWTyDqsDRLm3fD+QYj
-nOwuxb0Kce+gWI8voWcqC9cyRm09jGzu2Ab3Bhtpg8JJ8L7gS3MRZK4CFEx4UAfY
-Fmsr0W6fHB9nhS4/UXM8
------END DSA PRIVATE KEY-----
-`),
-	"ecdsa": []byte(`-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEINGWx0zo6fhJ/0EAfrPzVFyFC9s18lBt3cRoEDhS3ARooAoGCCqGSM49
-AwEHoUQDQgAEi9Hdw6KvZcWxfg2IDhA7UkpDtzzt6ZqJXSsFdLd+Kx4S3Sx4cVO+
-6/ZOXRnPmNAlLUqjShUsUBBngG0u2fqEqA==
------END EC PRIVATE KEY-----
-`),
-	"rsa": []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALdGZxkXDAjsYk10ihwU6Id2KeILz1TAJuoq4tOgDWxEEGeTrcld
-r/ZwVaFzjWzxaf6zQIJbfaSEAhqD5yo72+sCAwEAAQJBAK8PEVU23Wj8mV0QjwcJ
-tZ4GcTUYQL7cF4+ezTCE9a1NrGnCP2RuQkHEKxuTVrxXt+6OF15/1/fuXnxKjmJC
-nxkCIQDaXvPPBi0c7vAxGwNY9726x01/dNbHCE0CBtcotobxpwIhANbbQbh3JHVW
-2haQh4fAG5mhesZKAGcxTyv4mQ7uMSQdAiAj+4dzMpJWdSzQ+qGHlHMIBvVHLkqB
-y2VdEyF7DPCZewIhAI7GOI/6LDIFOvtPo6Bj2nNmyQ1HU6k/LRtNIXi4c9NJAiAr
-rrxx26itVhJmcvoUhOjwuzSlP2bE5VHAvkGB352YBg==
------END RSA PRIVATE KEY-----
-`),
-	"user": []byte(`-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEILYCAeq8f7V4vSSypRw7pxy8yz3V5W4qg8kSC3zJhqpQoAoGCCqGSM49
-AwEHoUQDQgAEYcO2xNKiRUYOLEHM7VYAp57HNyKbOdYtHD83Z4hzNPVC4tM5mdGD
-PLL8IEwvYu2wq+lpXfGQnNMbzYf9gspG0w==
------END EC PRIVATE KEY-----
-`),
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/testdata_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/testdata_test.go b/cli/vendor/golang.org/x/crypto/ssh/testdata_test.go
deleted file mode 100644
index f2828c1..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/testdata_test.go
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// IMPLEMENTOR NOTE: To avoid a package loop, this file is in three places:
-// ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three
-// instances.
-
-package ssh
-
-import (
-	"crypto/rand"
-	"fmt"
-
-	"golang.org/x/crypto/ssh/testdata"
-)
-
-var (
-	testPrivateKeys map[string]interface{}
-	testSigners     map[string]Signer
-	testPublicKeys  map[string]PublicKey
-)
-
-func init() {
-	var err error
-
-	n := len(testdata.PEMBytes)
-	testPrivateKeys = make(map[string]interface{}, n)
-	testSigners = make(map[string]Signer, n)
-	testPublicKeys = make(map[string]PublicKey, n)
-	for t, k := range testdata.PEMBytes {
-		testPrivateKeys[t], err = ParseRawPrivateKey(k)
-		if err != nil {
-			panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
-		}
-		testSigners[t], err = NewSignerFromKey(testPrivateKeys[t])
-		if err != nil {
-			panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
-		}
-		testPublicKeys[t] = testSigners[t].PublicKey()
-	}
-
-	// Create a cert and sign it for use in tests.
-	testCert := &Certificate{
-		Nonce:           []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
-		ValidAfter:      0,                              // unix epoch
-		ValidBefore:     CertTimeInfinity,               // The end of currently representable time.
-		Reserved:        []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		Key:             testPublicKeys["ecdsa"],
-		SignatureKey:    testPublicKeys["rsa"],
-		Permissions: Permissions{
-			CriticalOptions: map[string]string{},
-			Extensions:      map[string]string{},
-		},
-	}
-	testCert.SignCert(rand.Reader, testSigners["rsa"])
-	testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
-	testSigners["cert"], err = NewCertSigner(testCert, testSigners["ecdsa"])
-	if err != nil {
-		panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/transport.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/transport.go b/cli/vendor/golang.org/x/crypto/ssh/transport.go
deleted file mode 100644
index 8351d37..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/transport.go
+++ /dev/null
@@ -1,332 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"bufio"
-	"errors"
-	"io"
-)
-
-const (
-	gcmCipherID = "aes128-gcm@openssh.com"
-	aes128cbcID = "aes128-cbc"
-)
-
-// packetConn represents a transport that implements packet based
-// operations.
-type packetConn interface {
-	// Encrypt and send a packet of data to the remote peer.
-	writePacket(packet []byte) error
-
-	// Read a packet from the connection
-	readPacket() ([]byte, error)
-
-	// Close closes the write-side of the connection.
-	Close() error
-}
-
-// transport is the keyingTransport that implements the SSH packet
-// protocol.
-type transport struct {
-	reader connectionState
-	writer connectionState
-
-	bufReader *bufio.Reader
-	bufWriter *bufio.Writer
-	rand      io.Reader
-
-	io.Closer
-
-	// Initial H used for the session ID. Once assigned this does
-	// not change, even during subsequent key exchanges.
-	sessionID []byte
-}
-
-// getSessionID returns the ID of the SSH connection. The return value
-// should not be modified.
-func (t *transport) getSessionID() []byte {
-	if t.sessionID == nil {
-		panic("session ID not set yet")
-	}
-	return t.sessionID
-}
-
-// packetCipher represents a combination of SSH encryption/MAC
-// protocol.  A single instance should be used for one direction only.
-type packetCipher interface {
-	// writePacket encrypts the packet and writes it to w. The
-	// contents of the packet are generally scrambled.
-	writePacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
-
-	// readPacket reads and decrypts a packet of data. The
-	// returned packet may be overwritten by future calls of
-	// readPacket.
-	readPacket(seqnum uint32, r io.Reader) ([]byte, error)
-}
-
-// connectionState represents one side (read or write) of the
-// connection. This is necessary because each direction has its own
-// keys, and can even have its own algorithms
-type connectionState struct {
-	packetCipher
-	seqNum           uint32
-	dir              direction
-	pendingKeyChange chan packetCipher
-}
-
-// prepareKeyChange sets up key material for a keychange. The key changes in
-// both directions are triggered by reading and writing a msgNewKey packet
-// respectively.
-func (t *transport) prepareKeyChange(algs *algorithms, kexResult *kexResult) error {
-	if t.sessionID == nil {
-		t.sessionID = kexResult.H
-	}
-
-	kexResult.SessionID = t.sessionID
-
-	if ciph, err := newPacketCipher(t.reader.dir, algs.r, kexResult); err != nil {
-		return err
-	} else {
-		t.reader.pendingKeyChange <- ciph
-	}
-
-	if ciph, err := newPacketCipher(t.writer.dir, algs.w, kexResult); err != nil {
-		return err
-	} else {
-		t.writer.pendingKeyChange <- ciph
-	}
-
-	return nil
-}
-
-// Read and decrypt next packet.
-func (t *transport) readPacket() ([]byte, error) {
-	return t.reader.readPacket(t.bufReader)
-}
-
-func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
-	packet, err := s.packetCipher.readPacket(s.seqNum, r)
-	s.seqNum++
-	if err == nil && len(packet) == 0 {
-		err = errors.New("ssh: zero length packet")
-	}
-
-	if len(packet) > 0 && packet[0] == msgNewKeys {
-		select {
-		case cipher := <-s.pendingKeyChange:
-			s.packetCipher = cipher
-		default:
-			return nil, errors.New("ssh: got bogus newkeys message.")
-		}
-	}
-
-	// The packet may point to an internal buffer, so copy the
-	// packet out here.
-	fresh := make([]byte, len(packet))
-	copy(fresh, packet)
-
-	return fresh, err
-}
-
-func (t *transport) writePacket(packet []byte) error {
-	return t.writer.writePacket(t.bufWriter, t.rand, packet)
-}
-
-func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
-	changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
-
-	err := s.packetCipher.writePacket(s.seqNum, w, rand, packet)
-	if err != nil {
-		return err
-	}
-	if err = w.Flush(); err != nil {
-		return err
-	}
-	s.seqNum++
-	if changeKeys {
-		select {
-		case cipher := <-s.pendingKeyChange:
-			s.packetCipher = cipher
-		default:
-			panic("ssh: no key material for msgNewKeys")
-		}
-	}
-	return err
-}
-
-func newTransport(rwc io.ReadWriteCloser, rand io.Reader, isClient bool) *transport {
-	t := &transport{
-		bufReader: bufio.NewReader(rwc),
-		bufWriter: bufio.NewWriter(rwc),
-		rand:      rand,
-		reader: connectionState{
-			packetCipher:     &streamPacketCipher{cipher: noneCipher{}},
-			pendingKeyChange: make(chan packetCipher, 1),
-		},
-		writer: connectionState{
-			packetCipher:     &streamPacketCipher{cipher: noneCipher{}},
-			pendingKeyChange: make(chan packetCipher, 1),
-		},
-		Closer: rwc,
-	}
-	if isClient {
-		t.reader.dir = serverKeys
-		t.writer.dir = clientKeys
-	} else {
-		t.reader.dir = clientKeys
-		t.writer.dir = serverKeys
-	}
-
-	return t
-}
-
-type direction struct {
-	ivTag     []byte
-	keyTag    []byte
-	macKeyTag []byte
-}
-
-var (
-	serverKeys = direction{[]byte{'B'}, []byte{'D'}, []byte{'F'}}
-	clientKeys = direction{[]byte{'A'}, []byte{'C'}, []byte{'E'}}
-)
-
-// generateKeys generates key material for IV, MAC and encryption.
-func generateKeys(d direction, algs directionAlgorithms, kex *kexResult) (iv, key, macKey []byte) {
-	cipherMode := cipherModes[algs.Cipher]
-	macMode := macModes[algs.MAC]
-
-	iv = make([]byte, cipherMode.ivSize)
-	key = make([]byte, cipherMode.keySize)
-	macKey = make([]byte, macMode.keySize)
-
-	generateKeyMaterial(iv, d.ivTag, kex)
-	generateKeyMaterial(key, d.keyTag, kex)
-	generateKeyMaterial(macKey, d.macKeyTag, kex)
-	return
-}
-
-// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
-// described in RFC 4253, section 6.4. direction should either be serverKeys
-// (to setup server->client keys) or clientKeys (for client->server keys).
-func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
-	iv, key, macKey := generateKeys(d, algs, kex)
-
-	if algs.Cipher == gcmCipherID {
-		return newGCMCipher(iv, key, macKey)
-	}
-
-	if algs.Cipher == aes128cbcID {
-		return newAESCBCCipher(iv, key, macKey, algs)
-	}
-
-	c := &streamPacketCipher{
-		mac: macModes[algs.MAC].new(macKey),
-	}
-	c.macResult = make([]byte, c.mac.Size())
-
-	var err error
-	c.cipher, err = cipherModes[algs.Cipher].createStream(key, iv)
-	if err != nil {
-		return nil, err
-	}
-
-	return c, nil
-}
-
-// generateKeyMaterial fills out with key material generated from tag, K, H
-// and sessionId, as specified in RFC 4253, section 7.2.
-func generateKeyMaterial(out, tag []byte, r *kexResult) {
-	var digestsSoFar []byte
-
-	h := r.Hash.New()
-	for len(out) > 0 {
-		h.Reset()
-		h.Write(r.K)
-		h.Write(r.H)
-
-		if len(digestsSoFar) == 0 {
-			h.Write(tag)
-			h.Write(r.SessionID)
-		} else {
-			h.Write(digestsSoFar)
-		}
-
-		digest := h.Sum(nil)
-		n := copy(out, digest)
-		out = out[n:]
-		if len(out) > 0 {
-			digestsSoFar = append(digestsSoFar, digest...)
-		}
-	}
-}
-
-const packageVersion = "SSH-2.0-Go"
-
-// Sends and receives a version line.  The versionLine string should
-// be US ASCII, start with "SSH-2.0-", and should not include a
-// newline. exchangeVersions returns the other side's version line.
-func exchangeVersions(rw io.ReadWriter, versionLine []byte) (them []byte, err error) {
-	// Contrary to the RFC, we do not ignore lines that don't
-	// start with "SSH-2.0-" to make the library usable with
-	// nonconforming servers.
-	for _, c := range versionLine {
-		// The spec disallows non US-ASCII chars, and
-		// specifically forbids null chars.
-		if c < 32 {
-			return nil, errors.New("ssh: junk character in version line")
-		}
-	}
-	if _, err = rw.Write(append(versionLine, '\r', '\n')); err != nil {
-		return
-	}
-
-	them, err = readVersion(rw)
-	return them, err
-}
-
-// maxVersionStringBytes is the maximum number of bytes that we'll
-// accept as a version string. RFC 4253 section 4.2 limits this at 255
-// chars
-const maxVersionStringBytes = 255
-
-// Read version string as specified by RFC 4253, section 4.2.
-func readVersion(r io.Reader) ([]byte, error) {
-	versionString := make([]byte, 0, 64)
-	var ok bool
-	var buf [1]byte
-
-	for len(versionString) < maxVersionStringBytes {
-		_, err := io.ReadFull(r, buf[:])
-		if err != nil {
-			return nil, err
-		}
-		// The RFC says that the version should be terminated with \r\n
-		// but several SSH servers actually only send a \n.
-		if buf[0] == '\n' {
-			ok = true
-			break
-		}
-
-		// non ASCII chars are disallowed, but we are lenient,
-		// since Go doesn't use null-terminated strings.
-
-		// The RFC allows a comment after a space, however,
-		// all of it (version and comments) goes into the
-		// session hash.
-		versionString = append(versionString, buf[0])
-	}
-
-	if !ok {
-		return nil, errors.New("ssh: overflow reading version string")
-	}
-
-	// There might be a '\r' on the end which we should remove.
-	if len(versionString) > 0 && versionString[len(versionString)-1] == '\r' {
-		versionString = versionString[:len(versionString)-1]
-	}
-	return versionString, nil
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/ssh/transport_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/ssh/transport_test.go b/cli/vendor/golang.org/x/crypto/ssh/transport_test.go
deleted file mode 100644
index 92d83ab..0000000
--- a/cli/vendor/golang.org/x/crypto/ssh/transport_test.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"bytes"
-	"crypto/rand"
-	"encoding/binary"
-	"strings"
-	"testing"
-)
-
-func TestReadVersion(t *testing.T) {
-	longversion := strings.Repeat("SSH-2.0-bla", 50)[:253]
-	cases := map[string]string{
-		"SSH-2.0-bla\r\n":    "SSH-2.0-bla",
-		"SSH-2.0-bla\n":      "SSH-2.0-bla",
-		longversion + "\r\n": longversion,
-	}
-
-	for in, want := range cases {
-		result, err := readVersion(bytes.NewBufferString(in))
-		if err != nil {
-			t.Errorf("readVersion(%q): %s", in, err)
-		}
-		got := string(result)
-		if got != want {
-			t.Errorf("got %q, want %q", got, want)
-		}
-	}
-}
-
-func TestReadVersionError(t *testing.T) {
-	longversion := strings.Repeat("SSH-2.0-bla", 50)[:253]
-	cases := []string{
-		longversion + "too-long\r\n",
-	}
-	for _, in := range cases {
-		if _, err := readVersion(bytes.NewBufferString(in)); err == nil {
-			t.Errorf("readVersion(%q) should have failed", in)
-		}
-	}
-}
-
-func TestExchangeVersionsBasic(t *testing.T) {
-	v := "SSH-2.0-bla"
-	buf := bytes.NewBufferString(v + "\r\n")
-	them, err := exchangeVersions(buf, []byte("xyz"))
-	if err != nil {
-		t.Errorf("exchangeVersions: %v", err)
-	}
-
-	if want := "SSH-2.0-bla"; string(them) != want {
-		t.Errorf("got %q want %q for our version", them, want)
-	}
-}
-
-func TestExchangeVersions(t *testing.T) {
-	cases := []string{
-		"not\x000allowed",
-		"not allowed\n",
-	}
-	for _, c := range cases {
-		buf := bytes.NewBufferString("SSH-2.0-bla\r\n")
-		if _, err := exchangeVersions(buf, []byte(c)); err == nil {
-			t.Errorf("exchangeVersions(%q): should have failed", c)
-		}
-	}
-}
-
-type closerBuffer struct {
-	bytes.Buffer
-}
-
-func (b *closerBuffer) Close() error {
-	return nil
-}
-
-func TestTransportMaxPacketWrite(t *testing.T) {
-	buf := &closerBuffer{}
-	tr := newTransport(buf, rand.Reader, true)
-	huge := make([]byte, maxPacket+1)
-	err := tr.writePacket(huge)
-	if err == nil {
-		t.Errorf("transport accepted write for a huge packet.")
-	}
-}
-
-func TestTransportMaxPacketReader(t *testing.T) {
-	var header [5]byte
-	huge := make([]byte, maxPacket+128)
-	binary.BigEndian.PutUint32(header[0:], uint32(len(huge)))
-	// padding.
-	header[4] = 0
-
-	buf := &closerBuffer{}
-	buf.Write(header[:])
-	buf.Write(huge)
-
-	tr := newTransport(buf, rand.Reader, true)
-	_, err := tr.readPacket()
-	if err == nil {
-		t.Errorf("transport succeeded reading huge packet.")
-	} else if !strings.Contains(err.Error(), "large") {
-		t.Errorf("got %q, should mention %q", err.Error(), "large")
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/tea/cipher.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/tea/cipher.go b/cli/vendor/golang.org/x/crypto/tea/cipher.go
deleted file mode 100644
index 9c13d12..0000000
--- a/cli/vendor/golang.org/x/crypto/tea/cipher.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package tea implements the TEA algorithm, as defined in Needham and
-// Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”. See
-// http://www.cix.co.uk/~klockstone/tea.pdf for details.
-
-package tea
-
-import (
-	"crypto/cipher"
-	"encoding/binary"
-	"errors"
-)
-
-const (
-	// BlockSize is the size of a TEA block, in bytes.
-	BlockSize = 8
-
-	// KeySize is the size of a TEA key, in bytes.
-	KeySize = 16
-
-	// delta is the TEA key schedule constant.
-	delta = 0x9e3779b9
-
-	// numRounds is the standard number of rounds in TEA.
-	numRounds = 64
-)
-
-// tea is an instance of the TEA cipher with a particular key.
-type tea struct {
-	key    [16]byte
-	rounds int
-}
-
-// NewCipher returns an instance of the TEA cipher with the standard number of
-// rounds. The key argument must be 16 bytes long.
-func NewCipher(key []byte) (cipher.Block, error) {
-	return NewCipherWithRounds(key, numRounds)
-}
-
-// NewCipherWithRounds returns an instance of the TEA cipher with a given
-// number of rounds, which must be even. The key argument must be 16 bytes
-// long.
-func NewCipherWithRounds(key []byte, rounds int) (cipher.Block, error) {
-	if len(key) != 16 {
-		return nil, errors.New("tea: incorrect key size")
-	}
-
-	if rounds&1 != 0 {
-		return nil, errors.New("tea: odd number of rounds specified")
-	}
-
-	c := &tea{
-		rounds: rounds,
-	}
-	copy(c.key[:], key)
-
-	return c, nil
-}
-
-// BlockSize returns the TEA block size, which is eight bytes. It is necessary
-// to satisfy the Block interface in the package "crypto/cipher".
-func (*tea) BlockSize() int {
-	return BlockSize
-}
-
-// Encrypt encrypts the 8 byte buffer src using the key in t and stores the
-// result in dst. Note that for amounts of data larger than a block, it is not
-// safe to just call Encrypt on successive blocks; instead, use an encryption
-// mode like CBC (see crypto/cipher/cbc.go).
-func (t *tea) Encrypt(dst, src []byte) {
-	e := binary.BigEndian
-	v0, v1 := e.Uint32(src), e.Uint32(src[4:])
-	k0, k1, k2, k3 := e.Uint32(t.key[0:]), e.Uint32(t.key[4:]), e.Uint32(t.key[8:]), e.Uint32(t.key[12:])
-
-	sum := uint32(0)
-	delta := uint32(delta)
-
-	for i := 0; i < t.rounds/2; i++ {
-		sum += delta
-		v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1)
-		v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3)
-	}
-
-	e.PutUint32(dst, v0)
-	e.PutUint32(dst[4:], v1)
-}
-
-// Decrypt decrypts the 8 byte buffer src using the key in t and stores the
-// result in dst.
-func (t *tea) Decrypt(dst, src []byte) {
-	e := binary.BigEndian
-	v0, v1 := e.Uint32(src), e.Uint32(src[4:])
-	k0, k1, k2, k3 := e.Uint32(t.key[0:]), e.Uint32(t.key[4:]), e.Uint32(t.key[8:]), e.Uint32(t.key[12:])
-
-	delta := uint32(delta)
-	sum := delta * uint32(t.rounds/2) // in general, sum = delta * n
-
-	for i := 0; i < t.rounds/2; i++ {
-		v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3)
-		v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1)
-		sum -= delta
-	}
-
-	e.PutUint32(dst, v0)
-	e.PutUint32(dst[4:], v1)
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/tea/tea_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/tea/tea_test.go b/cli/vendor/golang.org/x/crypto/tea/tea_test.go
deleted file mode 100644
index eb98d1e..0000000
--- a/cli/vendor/golang.org/x/crypto/tea/tea_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tea
-
-import (
-	"bytes"
-	"testing"
-)
-
-// A sample test key for when we just want to initialize a cipher
-var testKey = []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}
-
-// Test that the block size for tea is correct
-func TestBlocksize(t *testing.T) {
-	c, err := NewCipher(testKey)
-	if err != nil {
-		t.Fatalf("NewCipher returned error: %s", err)
-	}
-
-	if result := c.BlockSize(); result != BlockSize {
-		t.Errorf("cipher.BlockSize returned %d, but expected %d", result, BlockSize)
-	}
-}
-
-// Test that invalid key sizes return an error
-func TestInvalidKeySize(t *testing.T) {
-	var key [KeySize + 1]byte
-
-	if _, err := NewCipher(key[:]); err == nil {
-		t.Errorf("invalid key size %d didn't result in an error.", len(key))
-	}
-
-	if _, err := NewCipher(key[:KeySize-1]); err == nil {
-		t.Errorf("invalid key size %d didn't result in an error.", KeySize-1)
-	}
-}
-
-// Test Vectors
-type teaTest struct {
-	rounds     int
-	key        []byte
-	plaintext  []byte
-	ciphertext []byte
-}
-
-var teaTests = []teaTest{
-	// These were sourced from https://github.com/froydnj/ironclad/blob/master/testing/test-vectors/tea.testvec
-	{
-		numRounds,
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x41, 0xea, 0x3a, 0x0a, 0x94, 0xba, 0xa9, 0x40},
-	},
-	{
-		numRounds,
-		[]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
-		[]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
-		[]byte{0x31, 0x9b, 0xbe, 0xfb, 0x01, 0x6a, 0xbd, 0xb2},
-	},
-	{
-		16,
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0xed, 0x28, 0x5d, 0xa1, 0x45, 0x5b, 0x33, 0xc1},
-	},
-}
-
-// Test encryption
-func TestCipherEncrypt(t *testing.T) {
-	// Test encryption with standard 64 rounds
-	for i, test := range teaTests {
-		c, err := NewCipherWithRounds(test.key, test.rounds)
-		if err != nil {
-			t.Fatalf("#%d: NewCipher returned error: %s", i, err)
-		}
-
-		var ciphertext [BlockSize]byte
-		c.Encrypt(ciphertext[:], test.plaintext)
-
-		if !bytes.Equal(ciphertext[:], test.ciphertext) {
-			t.Errorf("#%d: incorrect ciphertext. Got %x, wanted %x", i, ciphertext, test.ciphertext)
-		}
-
-		var plaintext2 [BlockSize]byte
-		c.Decrypt(plaintext2[:], ciphertext[:])
-
-		if !bytes.Equal(plaintext2[:], test.plaintext) {
-			t.Errorf("#%d: incorrect plaintext. Got %x, wanted %x", i, plaintext2, test.plaintext)
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/twofish/twofish.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/twofish/twofish.go b/cli/vendor/golang.org/x/crypto/twofish/twofish.go
deleted file mode 100644
index 376fa0e..0000000
--- a/cli/vendor/golang.org/x/crypto/twofish/twofish.go
+++ /dev/null
@@ -1,342 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package twofish implements Bruce Schneier's Twofish encryption algorithm.
-package twofish // import "golang.org/x/crypto/twofish"
-
-// Twofish is defined in http://www.schneier.com/paper-twofish-paper.pdf [TWOFISH]
-
-// This code is a port of the LibTom C implementation.
-// See http://libtom.org/?page=features&newsitems=5&whatfile=crypt.
-// LibTomCrypt is free for all purposes under the public domain.
-// It was heavily inspired by the go blowfish package.
-
-import "strconv"
-
-// BlockSize is the constant block size of Twofish.
-const BlockSize = 16
-
-const mdsPolynomial = 0x169 // x^8 + x^6 + x^5 + x^3 + 1, see [TWOFISH] 4.2
-const rsPolynomial = 0x14d  // x^8 + x^6 + x^3 + x^2 + 1, see [TWOFISH] 4.3
-
-// A Cipher is an instance of Twofish encryption using a particular key.
-type Cipher struct {
-	s [4][256]uint32
-	k [40]uint32
-}
-
-type KeySizeError int
-
-func (k KeySizeError) Error() string {
-	return "crypto/twofish: invalid key size " + strconv.Itoa(int(k))
-}
-
-// NewCipher creates and returns a Cipher.
-// The key argument should be the Twofish key, 16, 24 or 32 bytes.
-func NewCipher(key []byte) (*Cipher, error) {
-	keylen := len(key)
-
-	if keylen != 16 && keylen != 24 && keylen != 32 {
-		return nil, KeySizeError(keylen)
-	}
-
-	// k is the number of 64 bit words in key
-	k := keylen / 8
-
-	// Create the S[..] words
-	var S [4 * 4]byte
-	for i := 0; i < k; i++ {
-		// Computes [y0 y1 y2 y3] = rs . [x0 x1 x2 x3 x4 x5 x6 x7]
-		for j, rsRow := range rs {
-			for k, rsVal := range rsRow {
-				S[4*i+j] ^= gfMult(key[8*i+k], rsVal, rsPolynomial)
-			}
-		}
-	}
-
-	// Calculate subkeys
-	c := new(Cipher)
-	var tmp [4]byte
-	for i := byte(0); i < 20; i++ {
-		// A = h(p * 2x, Me)
-		for j := range tmp {
-			tmp[j] = 2 * i
-		}
-		A := h(tmp[:], key, 0)
-
-		// B = rolc(h(p * (2x + 1), Mo), 8)
-		for j := range tmp {
-			tmp[j] = 2*i + 1
-		}
-		B := h(tmp[:], key, 1)
-		B = rol(B, 8)
-
-		c.k[2*i] = A + B
-
-		// K[2i+1] = (A + 2B) <<< 9
-		c.k[2*i+1] = rol(2*B+A, 9)
-	}
-
-	// Calculate sboxes
-	switch k {
-	case 2:
-		for i := range c.s[0] {
-			c.s[0][i] = mdsColumnMult(sbox[1][sbox[0][sbox[0][byte(i)]^S[0]]^S[4]], 0)
-			c.s[1][i] = mdsColumnMult(sbox[0][sbox[0][sbox[1][byte(i)]^S[1]]^S[5]], 1)
-			c.s[2][i] = mdsColumnMult(sbox[1][sbox[1][sbox[0][byte(i)]^S[2]]^S[6]], 2)
-			c.s[3][i] = mdsColumnMult(sbox[0][sbox[1][sbox[1][byte(i)]^S[3]]^S[7]], 3)
-		}
-	case 3:
-		for i := range c.s[0] {
-			c.s[0][i] = mdsColumnMult(sbox[1][sbox[0][sbox[0][sbox[1][byte(i)]^S[0]]^S[4]]^S[8]], 0)
-			c.s[1][i] = mdsColumnMult(sbox[0][sbox[0][sbox[1][sbox[1][byte(i)]^S[1]]^S[5]]^S[9]], 1)
-			c.s[2][i] = mdsColumnMult(sbox[1][sbox[1][sbox[0][sbox[0][byte(i)]^S[2]]^S[6]]^S[10]], 2)
-			c.s[3][i] = mdsColumnMult(sbox[0][sbox[1][sbox[1][sbox[0][byte(i)]^S[3]]^S[7]]^S[11]], 3)
-		}
-	default:
-		for i := range c.s[0] {
-			c.s[0][i] = mdsColumnMult(sbox[1][sbox[0][sbox[0][sbox[1][sbox[1][byte(i)]^S[0]]^S[4]]^S[8]]^S[12]], 0)
-			c.s[1][i] = mdsColumnMult(sbox[0][sbox[0][sbox[1][sbox[1][sbox[0][byte(i)]^S[1]]^S[5]]^S[9]]^S[13]], 1)
-			c.s[2][i] = mdsColumnMult(sbox[1][sbox[1][sbox[0][sbox[0][sbox[0][byte(i)]^S[2]]^S[6]]^S[10]]^S[14]], 2)
-			c.s[3][i] = mdsColumnMult(sbox[0][sbox[1][sbox[1][sbox[0][sbox[1][byte(i)]^S[3]]^S[7]]^S[11]]^S[15]], 3)
-		}
-	}
-
-	return c, nil
-}
-
-// BlockSize returns the Twofish block size, 16 bytes.
-func (c *Cipher) BlockSize() int { return BlockSize }
-
-// store32l stores src in dst in little-endian form.
-func store32l(dst []byte, src uint32) {
-	dst[0] = byte(src)
-	dst[1] = byte(src >> 8)
-	dst[2] = byte(src >> 16)
-	dst[3] = byte(src >> 24)
-	return
-}
-
-// load32l reads a little-endian uint32 from src.
-func load32l(src []byte) uint32 {
-	return uint32(src[0]) | uint32(src[1])<<8 | uint32(src[2])<<16 | uint32(src[3])<<24
-}
-
-// rol returns x after a left circular rotation of y bits.
-func rol(x, y uint32) uint32 {
-	return (x << (y & 31)) | (x >> (32 - (y & 31)))
-}
-
-// ror returns x after a right circular rotation of y bits.
-func ror(x, y uint32) uint32 {
-	return (x >> (y & 31)) | (x << (32 - (y & 31)))
-}
-
-// The RS matrix. See [TWOFISH] 4.3
-var rs = [4][8]byte{
-	{0x01, 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E},
-	{0xA4, 0x56, 0x82, 0xF3, 0x1E, 0xC6, 0x68, 0xE5},
-	{0x02, 0xA1, 0xFC, 0xC1, 0x47, 0xAE, 0x3D, 0x19},
-	{0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E, 0x03},
-}
-
-// sbox tables
-var sbox = [2][256]byte{
-	{
-		0xa9, 0x67, 0xb3, 0xe8, 0x04, 0xfd, 0xa3, 0x76, 0x9a, 0x92, 0x80, 0x78, 0xe4, 0xdd, 0xd1, 0x38,
-		0x0d, 0xc6, 0x35, 0x98, 0x18, 0xf7, 0xec, 0x6c, 0x43, 0x75, 0x37, 0x26, 0xfa, 0x13, 0x94, 0x48,
-		0xf2, 0xd0, 0x8b, 0x30, 0x84, 0x54, 0xdf, 0x23, 0x19, 0x5b, 0x3d, 0x59, 0xf3, 0xae, 0xa2, 0x82,
-		0x63, 0x01, 0x83, 0x2e, 0xd9, 0x51, 0x9b, 0x7c, 0xa6, 0xeb, 0xa5, 0xbe, 0x16, 0x0c, 0xe3, 0x61,
-		0xc0, 0x8c, 0x3a, 0xf5, 0x73, 0x2c, 0x25, 0x0b, 0xbb, 0x4e, 0x89, 0x6b, 0x53, 0x6a, 0xb4, 0xf1,
-		0xe1, 0xe6, 0xbd, 0x45, 0xe2, 0xf4, 0xb6, 0x66, 0xcc, 0x95, 0x03, 0x56, 0xd4, 0x1c, 0x1e, 0xd7,
-		0xfb, 0xc3, 0x8e, 0xb5, 0xe9, 0xcf, 0xbf, 0xba, 0xea, 0x77, 0x39, 0xaf, 0x33, 0xc9, 0x62, 0x71,
-		0x81, 0x79, 0x09, 0xad, 0x24, 0xcd, 0xf9, 0xd8, 0xe5, 0xc5, 0xb9, 0x4d, 0x44, 0x08, 0x86, 0xe7,
-		0xa1, 0x1d, 0xaa, 0xed, 0x06, 0x70, 0xb2, 0xd2, 0x41, 0x7b, 0xa0, 0x11, 0x31, 0xc2, 0x27, 0x90,
-		0x20, 0xf6, 0x60, 0xff, 0x96, 0x5c, 0xb1, 0xab, 0x9e, 0x9c, 0x52, 0x1b, 0x5f, 0x93, 0x0a, 0xef,
-		0x91, 0x85, 0x49, 0xee, 0x2d, 0x4f, 0x8f, 0x3b, 0x47, 0x87, 0x6d, 0x46, 0xd6, 0x3e, 0x69, 0x64,
-		0x2a, 0xce, 0xcb, 0x2f, 0xfc, 0x97, 0x05, 0x7a, 0xac, 0x7f, 0xd5, 0x1a, 0x4b, 0x0e, 0xa7, 0x5a,
-		0x28, 0x14, 0x3f, 0x29, 0x88, 0x3c, 0x4c, 0x02, 0xb8, 0xda, 0xb0, 0x17, 0x55, 0x1f, 0x8a, 0x7d,
-		0x57, 0xc7, 0x8d, 0x74, 0xb7, 0xc4, 0x9f, 0x72, 0x7e, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
-		0x6e, 0x50, 0xde, 0x68, 0x65, 0xbc, 0xdb, 0xf8, 0xc8, 0xa8, 0x2b, 0x40, 0xdc, 0xfe, 0x32, 0xa4,
-		0xca, 0x10, 0x21, 0xf0, 0xd3, 0x5d, 0x0f, 0x00, 0x6f, 0x9d, 0x36, 0x42, 0x4a, 0x5e, 0xc1, 0xe0,
-	},
-	{
-		0x75, 0xf3, 0xc6, 0xf4, 0xdb, 0x7b, 0xfb, 0xc8, 0x4a, 0xd3, 0xe6, 0x6b, 0x45, 0x7d, 0xe8, 0x4b,
-		0xd6, 0x32, 0xd8, 0xfd, 0x37, 0x71, 0xf1, 0xe1, 0x30, 0x0f, 0xf8, 0x1b, 0x87, 0xfa, 0x06, 0x3f,
-		0x5e, 0xba, 0xae, 0x5b, 0x8a, 0x00, 0xbc, 0x9d, 0x6d, 0xc1, 0xb1, 0x0e, 0x80, 0x5d, 0xd2, 0xd5,
-		0xa0, 0x84, 0x07, 0x14, 0xb5, 0x90, 0x2c, 0xa3, 0xb2, 0x73, 0x4c, 0x54, 0x92, 0x74, 0x36, 0x51,
-		0x38, 0xb0, 0xbd, 0x5a, 0xfc, 0x60, 0x62, 0x96, 0x6c, 0x42, 0xf7, 0x10, 0x7c, 0x28, 0x27, 0x8c,
-		0x13, 0x95, 0x9c, 0xc7, 0x24, 0x46, 0x3b, 0x70, 0xca, 0xe3, 0x85, 0xcb, 0x11, 0xd0, 0x93, 0xb8,
-		0xa6, 0x83, 0x20, 0xff, 0x9f, 0x77, 0xc3, 0xcc, 0x03, 0x6f, 0x08, 0xbf, 0x40, 0xe7, 0x2b, 0xe2,
-		0x79, 0x0c, 0xaa, 0x82, 0x41, 0x3a, 0xea, 0xb9, 0xe4, 0x9a, 0xa4, 0x97, 0x7e, 0xda, 0x7a, 0x17,
-		0x66, 0x94, 0xa1, 0x1d, 0x3d, 0xf0, 0xde, 0xb3, 0x0b, 0x72, 0xa7, 0x1c, 0xef, 0xd1, 0x53, 0x3e,
-		0x8f, 0x33, 0x26, 0x5f, 0xec, 0x76, 0x2a, 0x49, 0x81, 0x88, 0xee, 0x21, 0xc4, 0x1a, 0xeb, 0xd9,
-		0xc5, 0x39, 0x99, 0xcd, 0xad, 0x31, 0x8b, 0x01, 0x18, 0x23, 0xdd, 0x1f, 0x4e, 0x2d, 0xf9, 0x48,
-		0x4f, 0xf2, 0x65, 0x8e, 0x78, 0x5c, 0x58, 0x19, 0x8d, 0xe5, 0x98, 0x57, 0x67, 0x7f, 0x05, 0x64,
-		0xaf, 0x63, 0xb6, 0xfe, 0xf5, 0xb7, 0x3c, 0xa5, 0xce, 0xe9, 0x68, 0x44, 0xe0, 0x4d, 0x43, 0x69,
-		0x29, 0x2e, 0xac, 0x15, 0x59, 0xa8, 0x0a, 0x9e, 0x6e, 0x47, 0xdf, 0x34, 0x35, 0x6a, 0xcf, 0xdc,
-		0x22, 0xc9, 0xc0, 0x9b, 0x89, 0xd4, 0xed, 0xab, 0x12, 0xa2, 0x0d, 0x52, 0xbb, 0x02, 0x2f, 0xa9,
-		0xd7, 0x61, 0x1e, 0xb4, 0x50, 0x04, 0xf6, 0xc2, 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xbe, 0x91,
-	},
-}
-
-// gfMult returns a·b in GF(2^8)/p
-func gfMult(a, b byte, p uint32) byte {
-	B := [2]uint32{0, uint32(b)}
-	P := [2]uint32{0, p}
-	var result uint32
-
-	// branchless GF multiplier
-	for i := 0; i < 7; i++ {
-		result ^= B[a&1]
-		a >>= 1
-		B[1] = P[B[1]>>7] ^ (B[1] << 1)
-	}
-	result ^= B[a&1]
-	return byte(result)
-}
-
-// mdsColumnMult calculates y{col} where [y0 y1 y2 y3] = MDS · [x0]
-func mdsColumnMult(in byte, col int) uint32 {
-	mul01 := in
-	mul5B := gfMult(in, 0x5B, mdsPolynomial)
-	mulEF := gfMult(in, 0xEF, mdsPolynomial)
-
-	switch col {
-	case 0:
-		return uint32(mul01) | uint32(mul5B)<<8 | uint32(mulEF)<<16 | uint32(mulEF)<<24
-	case 1:
-		return uint32(mulEF) | uint32(mulEF)<<8 | uint32(mul5B)<<16 | uint32(mul01)<<24
-	case 2:
-		return uint32(mul5B) | uint32(mulEF)<<8 | uint32(mul01)<<16 | uint32(mulEF)<<24
-	case 3:
-		return uint32(mul5B) | uint32(mul01)<<8 | uint32(mulEF)<<16 | uint32(mul5B)<<24
-	}
-
-	panic("unreachable")
-}
-
-// h implements the S-box generation function. See [TWOFISH] 4.3.5
-func h(in, key []byte, offset int) uint32 {
-	var y [4]byte
-	for x := range y {
-		y[x] = in[x]
-	}
-	switch len(key) / 8 {
-	case 4:
-		y[0] = sbox[1][y[0]] ^ key[4*(6+offset)+0]
-		y[1] = sbox[0][y[1]] ^ key[4*(6+offset)+1]
-		y[2] = sbox[0][y[2]] ^ key[4*(6+offset)+2]
-		y[3] = sbox[1][y[3]] ^ key[4*(6+offset)+3]
-		fallthrough
-	case 3:
-		y[0] = sbox[1][y[0]] ^ key[4*(4+offset)+0]
-		y[1] = sbox[1][y[1]] ^ key[4*(4+offset)+1]
-		y[2] = sbox[0][y[2]] ^ key[4*(4+offset)+2]
-		y[3] = sbox[0][y[3]] ^ key[4*(4+offset)+3]
-		fallthrough
-	case 2:
-		y[0] = sbox[1][sbox[0][sbox[0][y[0]]^key[4*(2+offset)+0]]^key[4*(0+offset)+0]]
-		y[1] = sbox[0][sbox[0][sbox[1][y[1]]^key[4*(2+offset)+1]]^key[4*(0+offset)+1]]
-		y[2] = sbox[1][sbox[1][sbox[0][y[2]]^key[4*(2+offset)+2]]^key[4*(0+offset)+2]]
-		y[3] = sbox[0][sbox[1][sbox[1][y[3]]^key[4*(2+offset)+3]]^key[4*(0+offset)+3]]
-	}
-	// [y0 y1 y2 y3] = MDS . [x0 x1 x2 x3]
-	var mdsMult uint32
-	for i := range y {
-		mdsMult ^= mdsColumnMult(y[i], i)
-	}
-	return mdsMult
-}
-
-// Encrypt encrypts a 16-byte block from src to dst, which may overlap.
-// Note that for amounts of data larger than a block,
-// it is not safe to just call Encrypt on successive blocks;
-// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
-func (c *Cipher) Encrypt(dst, src []byte) {
-	S1 := c.s[0]
-	S2 := c.s[1]
-	S3 := c.s[2]
-	S4 := c.s[3]
-
-	// Load input
-	ia := load32l(src[0:4])
-	ib := load32l(src[4:8])
-	ic := load32l(src[8:12])
-	id := load32l(src[12:16])
-
-	// Pre-whitening
-	ia ^= c.k[0]
-	ib ^= c.k[1]
-	ic ^= c.k[2]
-	id ^= c.k[3]
-
-	for i := 0; i < 8; i++ {
-		k := c.k[8+i*4 : 12+i*4]
-		t2 := S2[byte(ib)] ^ S3[byte(ib>>8)] ^ S4[byte(ib>>16)] ^ S1[byte(ib>>24)]
-		t1 := S1[byte(ia)] ^ S2[byte(ia>>8)] ^ S3[byte(ia>>16)] ^ S4[byte(ia>>24)] + t2
-		ic = ror(ic^(t1+k[0]), 1)
-		id = rol(id, 1) ^ (t2 + t1 + k[1])
-
-		t2 = S2[byte(id)] ^ S3[byte(id>>8)] ^ S4[byte(id>>16)] ^ S1[byte(id>>24)]
-		t1 = S1[byte(ic)] ^ S2[byte(ic>>8)] ^ S3[byte(ic>>16)] ^ S4[byte(ic>>24)] + t2
-		ia = ror(ia^(t1+k[2]), 1)
-		ib = rol(ib, 1) ^ (t2 + t1 + k[3])
-	}
-
-	// Output with "undo last swap"
-	ta := ic ^ c.k[4]
-	tb := id ^ c.k[5]
-	tc := ia ^ c.k[6]
-	td := ib ^ c.k[7]
-
-	store32l(dst[0:4], ta)
-	store32l(dst[4:8], tb)
-	store32l(dst[8:12], tc)
-	store32l(dst[12:16], td)
-}
-
-// Decrypt decrypts a 16-byte block from src to dst, which may overlap.
-func (c *Cipher) Decrypt(dst, src []byte) {
-	S1 := c.s[0]
-	S2 := c.s[1]
-	S3 := c.s[2]
-	S4 := c.s[3]
-
-	// Load input
-	ta := load32l(src[0:4])
-	tb := load32l(src[4:8])
-	tc := load32l(src[8:12])
-	td := load32l(src[12:16])
-
-	// Undo undo final swap
-	ia := tc ^ c.k[6]
-	ib := td ^ c.k[7]
-	ic := ta ^ c.k[4]
-	id := tb ^ c.k[5]
-
-	for i := 8; i > 0; i-- {
-		k := c.k[4+i*4 : 8+i*4]
-		t2 := S2[byte(id)] ^ S3[byte(id>>8)] ^ S4[byte(id>>16)] ^ S1[byte(id>>24)]
-		t1 := S1[byte(ic)] ^ S2[byte(ic>>8)] ^ S3[byte(ic>>16)] ^ S4[byte(ic>>24)] + t2
-		ia = rol(ia, 1) ^ (t1 + k[2])
-		ib = ror(ib^(t2+t1+k[3]), 1)
-
-		t2 = S2[byte(ib)] ^ S3[byte(ib>>8)] ^ S4[byte(ib>>16)] ^ S1[byte(ib>>24)]
-		t1 = S1[byte(ia)] ^ S2[byte(ia>>8)] ^ S3[byte(ia>>16)] ^ S4[byte(ia>>24)] + t2
-		ic = rol(ic, 1) ^ (t1 + k[0])
-		id = ror(id^(t2+t1+k[1]), 1)
-	}
-
-	// Undo pre-whitening
-	ia ^= c.k[0]
-	ib ^= c.k[1]
-	ic ^= c.k[2]
-	id ^= c.k[3]
-
-	store32l(dst[0:4], ia)
-	store32l(dst[4:8], ib)
-	store32l(dst[8:12], ic)
-	store32l(dst[12:16], id)
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/twofish/twofish_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/twofish/twofish_test.go b/cli/vendor/golang.org/x/crypto/twofish/twofish_test.go
deleted file mode 100644
index 303081f..0000000
--- a/cli/vendor/golang.org/x/crypto/twofish/twofish_test.go
+++ /dev/null
@@ -1,129 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package twofish
-
-import (
-	"bytes"
-	"testing"
-)
-
-var qbox = [2][4][16]byte{
-	{
-		{0x8, 0x1, 0x7, 0xD, 0x6, 0xF, 0x3, 0x2, 0x0, 0xB, 0x5, 0x9, 0xE, 0xC, 0xA, 0x4},
-		{0xE, 0xC, 0xB, 0x8, 0x1, 0x2, 0x3, 0x5, 0xF, 0x4, 0xA, 0x6, 0x7, 0x0, 0x9, 0xD},
-		{0xB, 0xA, 0x5, 0xE, 0x6, 0xD, 0x9, 0x0, 0xC, 0x8, 0xF, 0x3, 0x2, 0x4, 0x7, 0x1},
-		{0xD, 0x7, 0xF, 0x4, 0x1, 0x2, 0x6, 0xE, 0x9, 0xB, 0x3, 0x0, 0x8, 0x5, 0xC, 0xA},
-	},
-	{
-		{0x2, 0x8, 0xB, 0xD, 0xF, 0x7, 0x6, 0xE, 0x3, 0x1, 0x9, 0x4, 0x0, 0xA, 0xC, 0x5},
-		{0x1, 0xE, 0x2, 0xB, 0x4, 0xC, 0x3, 0x7, 0x6, 0xD, 0xA, 0x5, 0xF, 0x9, 0x0, 0x8},
-		{0x4, 0xC, 0x7, 0x5, 0x1, 0x6, 0x9, 0xA, 0x0, 0xE, 0xD, 0x8, 0x2, 0xB, 0x3, 0xF},
-		{0xB, 0x9, 0x5, 0x1, 0xC, 0x3, 0xD, 0xE, 0x6, 0x4, 0x7, 0xF, 0x2, 0x0, 0x8, 0xA},
-	},
-}
-
-// genSbox generates the variable sbox
-func genSbox(qi int, x byte) byte {
-	a0, b0 := x/16, x%16
-	for i := 0; i < 2; i++ {
-		a1 := a0 ^ b0
-		b1 := (a0 ^ ((b0 << 3) | (b0 >> 1)) ^ (a0 << 3)) & 15
-		a0 = qbox[qi][2*i][a1]
-		b0 = qbox[qi][2*i+1][b1]
-	}
-	return (b0 << 4) + a0
-}
-
-func TestSbox(t *testing.T) {
-	for n := range sbox {
-		for m := range sbox[n] {
-			if genSbox(n, byte(m)) != sbox[n][m] {
-				t.Errorf("#%d|%d: sbox value = %d want %d", n, m, sbox[n][m], genSbox(n, byte(m)))
-			}
-		}
-	}
-}
-
-var testVectors = []struct {
-	key []byte
-	dec []byte
-	enc []byte
-}{
-	// These tests are extracted from LibTom
-	{
-		[]byte{0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32, 0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A},
-		[]byte{0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E, 0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19},
-		[]byte{0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85, 0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3},
-	},
-	{
-		[]byte{0x88, 0xB2, 0xB2, 0x70, 0x6B, 0x10, 0x5E, 0x36, 0xB4, 0x46, 0xBB, 0x6D, 0x73, 0x1A, 0x1E, 0x88,
-			0xEF, 0xA7, 0x1F, 0x78, 0x89, 0x65, 0xBD, 0x44},
-		[]byte{0x39, 0xDA, 0x69, 0xD6, 0xBA, 0x49, 0x97, 0xD5, 0x85, 0xB6, 0xDC, 0x07, 0x3C, 0xA3, 0x41, 0xB2},
-		[]byte{0x18, 0x2B, 0x02, 0xD8, 0x14, 0x97, 0xEA, 0x45, 0xF9, 0xDA, 0xAC, 0xDC, 0x29, 0x19, 0x3A, 0x65},
-	},
-	{
-		[]byte{0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46, 0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,
-			0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B, 0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F},
-		[]byte{0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F, 0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6},
-		[]byte{0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97, 0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA},
-	},
-	// These test are derived from http://www.schneier.com/code/ecb_ival.txt
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32, 0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A},
-	},
-	{
-		[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
-			0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-		},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0xCF, 0xD1, 0xD2, 0xE5, 0xA9, 0xBE, 0x9C, 0xDF, 0x50, 0x1F, 0x13, 0xB8, 0x92, 0xBD, 0x22, 0x48},
-	},
-	{
-		[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
-			0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-		},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x37, 0x52, 0x7B, 0xE0, 0x05, 0x23, 0x34, 0xB8, 0x9F, 0x0C, 0xFC, 0xCA, 0xE8, 0x7C, 0xFA, 0x20},
-	},
-}
-
-func TestCipher(t *testing.T) {
-	for n, tt := range testVectors {
-		// Test if the plaintext (dec) is encrypts to the given
-		// ciphertext (enc) using the given key. Test also if enc can
-		// be decrypted again into dec.
-		c, err := NewCipher(tt.key)
-		if err != nil {
-			t.Errorf("#%d: NewCipher: %v", n, err)
-			return
-		}
-
-		buf := make([]byte, 16)
-		c.Encrypt(buf, tt.dec)
-		if !bytes.Equal(buf, tt.enc) {
-			t.Errorf("#%d: encrypt = %x want %x", n, buf, tt.enc)
-		}
-		c.Decrypt(buf, tt.enc)
-		if !bytes.Equal(buf, tt.dec) {
-			t.Errorf("#%d: decrypt = %x want %x", n, buf, tt.dec)
-		}
-
-		// Test that 16 zero bytes, encrypted 1000 times then decrypted
-		// 1000 times results in zero bytes again.
-		zero := make([]byte, 16)
-		buf = make([]byte, 16)
-		for i := 0; i < 1000; i++ {
-			c.Encrypt(buf, buf)
-		}
-		for i := 0; i < 1000; i++ {
-			c.Decrypt(buf, buf)
-		}
-		if !bytes.Equal(buf, zero) {
-			t.Errorf("#%d: encrypt/decrypt 1000: have %x want %x", n, buf, zero)
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/xtea/block.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/xtea/block.go b/cli/vendor/golang.org/x/crypto/xtea/block.go
deleted file mode 100644
index bf5d245..0000000
--- a/cli/vendor/golang.org/x/crypto/xtea/block.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/*
-	Implementation adapted from Needham and Wheeler's paper:
-	http://www.cix.co.uk/~klockstone/xtea.pdf
-
-	A precalculated look up table is used during encryption/decryption for values that are based purely on the key.
-*/
-
-package xtea
-
-// XTEA is based on 64 rounds.
-const numRounds = 64
-
-// blockToUint32 reads an 8 byte slice into two uint32s.
-// The block is treated as big endian.
-func blockToUint32(src []byte) (uint32, uint32) {
-	r0 := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
-	r1 := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
-	return r0, r1
-}
-
-// uint32ToBlock writes two uint32s into an 8 byte data block.
-// Values are written as big endian.
-func uint32ToBlock(v0, v1 uint32, dst []byte) {
-	dst[0] = byte(v0 >> 24)
-	dst[1] = byte(v0 >> 16)
-	dst[2] = byte(v0 >> 8)
-	dst[3] = byte(v0)
-	dst[4] = byte(v1 >> 24)
-	dst[5] = byte(v1 >> 16)
-	dst[6] = byte(v1 >> 8)
-	dst[7] = byte(v1 >> 0)
-}
-
-// encryptBlock encrypts a single 8 byte block using XTEA.
-func encryptBlock(c *Cipher, dst, src []byte) {
-	v0, v1 := blockToUint32(src)
-
-	// Two rounds of XTEA applied per loop
-	for i := 0; i < numRounds; {
-		v0 += ((v1<<4 ^ v1>>5) + v1) ^ c.table[i]
-		i++
-		v1 += ((v0<<4 ^ v0>>5) + v0) ^ c.table[i]
-		i++
-	}
-
-	uint32ToBlock(v0, v1, dst)
-}
-
-// decryptBlock decrypt a single 8 byte block using XTEA.
-func decryptBlock(c *Cipher, dst, src []byte) {
-	v0, v1 := blockToUint32(src)
-
-	// Two rounds of XTEA applied per loop
-	for i := numRounds; i > 0; {
-		i--
-		v1 -= ((v0<<4 ^ v0>>5) + v0) ^ c.table[i]
-		i--
-		v0 -= ((v1<<4 ^ v1>>5) + v1) ^ c.table[i]
-	}
-
-	uint32ToBlock(v0, v1, dst)
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/xtea/cipher.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/xtea/cipher.go b/cli/vendor/golang.org/x/crypto/xtea/cipher.go
deleted file mode 100644
index 108b426..0000000
--- a/cli/vendor/golang.org/x/crypto/xtea/cipher.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package xtea implements XTEA encryption, as defined in Needham and Wheeler's
-// 1997 technical report, "Tea extensions."
-package xtea // import "golang.org/x/crypto/xtea"
-
-// For details, see http://www.cix.co.uk/~klockstone/xtea.pdf
-
-import "strconv"
-
-// The XTEA block size in bytes.
-const BlockSize = 8
-
-// A Cipher is an instance of an XTEA cipher using a particular key.
-// table contains a series of precalculated values that are used each round.
-type Cipher struct {
-	table [64]uint32
-}
-
-type KeySizeError int
-
-func (k KeySizeError) Error() string {
-	return "crypto/xtea: invalid key size " + strconv.Itoa(int(k))
-}
-
-// NewCipher creates and returns a new Cipher.
-// The key argument should be the XTEA key.
-// XTEA only supports 128 bit (16 byte) keys.
-func NewCipher(key []byte) (*Cipher, error) {
-	k := len(key)
-	switch k {
-	default:
-		return nil, KeySizeError(k)
-	case 16:
-		break
-	}
-
-	c := new(Cipher)
-	initCipher(c, key)
-
-	return c, nil
-}
-
-// BlockSize returns the XTEA block size, 8 bytes.
-// It is necessary to satisfy the Block interface in the
-// package "crypto/cipher".
-func (c *Cipher) BlockSize() int { return BlockSize }
-
-// Encrypt encrypts the 8 byte buffer src using the key and stores the result in dst.
-// Note that for amounts of data larger than a block,
-// it is not safe to just call Encrypt on successive blocks;
-// instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
-func (c *Cipher) Encrypt(dst, src []byte) { encryptBlock(c, dst, src) }
-
-// Decrypt decrypts the 8 byte buffer src using the key k and stores the result in dst.
-func (c *Cipher) Decrypt(dst, src []byte) { decryptBlock(c, dst, src) }
-
-// initCipher initializes the cipher context by creating a look up table
-// of precalculated values that are based on the key.
-func initCipher(c *Cipher, key []byte) {
-	// Load the key into four uint32s
-	var k [4]uint32
-	for i := 0; i < len(k); i++ {
-		j := i << 2 // Multiply by 4
-		k[i] = uint32(key[j+0])<<24 | uint32(key[j+1])<<16 | uint32(key[j+2])<<8 | uint32(key[j+3])
-	}
-
-	// Precalculate the table
-	const delta = 0x9E3779B9
-	var sum uint32 = 0
-
-	// Two rounds of XTEA applied per loop
-	for i := 0; i < numRounds; {
-		c.table[i] = sum + k[sum&3]
-		i++
-		sum += delta
-		c.table[i] = sum + k[(sum>>11)&3]
-		i++
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/xtea/xtea_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/xtea/xtea_test.go b/cli/vendor/golang.org/x/crypto/xtea/xtea_test.go
deleted file mode 100644
index be711bf..0000000
--- a/cli/vendor/golang.org/x/crypto/xtea/xtea_test.go
+++ /dev/null
@@ -1,229 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package xtea
-
-import (
-	"testing"
-)
-
-// A sample test key for when we just want to initialize a cipher
-var testKey = []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}
-
-// Test that the block size for XTEA is correct
-func TestBlocksize(t *testing.T) {
-	if BlockSize != 8 {
-		t.Errorf("BlockSize constant - expected 8, got %d", BlockSize)
-		return
-	}
-
-	c, err := NewCipher(testKey)
-	if err != nil {
-		t.Errorf("NewCipher(%d bytes) = %s", len(testKey), err)
-		return
-	}
-
-	result := c.BlockSize()
-	if result != 8 {
-		t.Errorf("BlockSize function - expected 8, got %d", result)
-		return
-	}
-}
-
-// A series of test values to confirm that the Cipher.table array was initialized correctly
-var testTable = []uint32{
-	0x00112233, 0x6B1568B8, 0xE28CE030, 0xC5089E2D, 0xC5089E2D, 0x1EFBD3A2, 0xA7845C2A, 0x78EF0917,
-	0x78EF0917, 0x172682D0, 0x5B6AC714, 0x822AC955, 0x3DE68511, 0xDC1DFECA, 0x2062430E, 0x3611343F,
-	0xF1CCEFFB, 0x900469B4, 0xD448ADF8, 0x2E3BE36D, 0xB6C46BF5, 0x994029F2, 0x994029F2, 0xF3335F67,
-	0x6AAAD6DF, 0x4D2694DC, 0x4D2694DC, 0xEB5E0E95, 0x2FA252D9, 0x4551440A, 0x121E10D6, 0xB0558A8F,
-	0xE388BDC3, 0x0A48C004, 0xC6047BC0, 0x643BF579, 0xA88039BD, 0x02736F32, 0x8AFBF7BA, 0x5C66A4A7,
-	0x5C66A4A7, 0xC76AEB2C, 0x3EE262A4, 0x215E20A1, 0x215E20A1, 0x7B515616, 0x03D9DE9E, 0x1988CFCF,
-	0xD5448B8B, 0x737C0544, 0xB7C04988, 0xDE804BC9, 0x9A3C0785, 0x3873813E, 0x7CB7C582, 0xD6AAFAF7,
-	0x4E22726F, 0x309E306C, 0x309E306C, 0x8A9165E1, 0x1319EE69, 0xF595AC66, 0xF595AC66, 0x4F88E1DB,
-}
-
-// Test that the cipher context is initialized correctly
-func TestCipherInit(t *testing.T) {
-	c, err := NewCipher(testKey)
-	if err != nil {
-		t.Errorf("NewCipher(%d bytes) = %s", len(testKey), err)
-		return
-	}
-
-	for i := 0; i < len(c.table); i++ {
-		if c.table[i] != testTable[i] {
-			t.Errorf("NewCipher() failed to initialize Cipher.table[%d] correctly. Expected %08X, got %08X", i, testTable[i], c.table[i])
-			break
-		}
-	}
-}
-
-// Test that invalid key sizes return an error
-func TestInvalidKeySize(t *testing.T) {
-	// Test a long key
-	key := []byte{
-		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
-	}
-
-	_, err := NewCipher(key)
-	if err == nil {
-		t.Errorf("Invalid key size %d didn't result in an error.", len(key))
-	}
-
-	// Test a short key
-	key = []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}
-
-	_, err = NewCipher(key)
-	if err == nil {
-		t.Errorf("Invalid key size %d didn't result in an error.", len(key))
-	}
-}
-
-// Test that we can correctly decode some bytes we have encoded
-func TestEncodeDecode(t *testing.T) {
-	original := []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}
-	input := original
-	output := make([]byte, BlockSize)
-
-	c, err := NewCipher(testKey)
-	if err != nil {
-		t.Errorf("NewCipher(%d bytes) = %s", len(testKey), err)
-		return
-	}
-
-	// Encrypt the input block
-	c.Encrypt(output, input)
-
-	// Check that the output does not match the input
-	differs := false
-	for i := 0; i < len(input); i++ {
-		if output[i] != input[i] {
-			differs = true
-			break
-		}
-	}
-	if differs == false {
-		t.Error("Cipher.Encrypt: Failed to encrypt the input block.")
-		return
-	}
-
-	// Decrypt the block we just encrypted
-	input = output
-	output = make([]byte, BlockSize)
-	c.Decrypt(output, input)
-
-	// Check that the output from decrypt matches our initial input
-	for i := 0; i < len(input); i++ {
-		if output[i] != original[i] {
-			t.Errorf("Decrypted byte %d differed. Expected %02X, got %02X\n", i, original[i], output[i])
-			return
-		}
-	}
-}
-
-// Test Vectors
-type CryptTest struct {
-	key        []byte
-	plainText  []byte
-	cipherText []byte
-}
-
-var CryptTests = []CryptTest{
-	// These were sourced from http://www.freemedialibrary.com/index.php/XTEA_test_vectors
-	{
-		[]byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
-		[]byte{0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48},
-		[]byte{0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5},
-	},
-	{
-		[]byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
-		[]byte{0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41},
-		[]byte{0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8},
-	},
-	{
-		[]byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
-		[]byte{0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f},
-		[]byte{0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41},
-	},
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48},
-		[]byte{0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5},
-	},
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41},
-		[]byte{0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d},
-	},
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55},
-		[]byte{0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41},
-	},
-
-	// These vectors are from http://wiki.secondlife.com/wiki/XTEA_Strong_Encryption_Implementation#Bouncy_Castle_C.23_API
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0xDE, 0xE9, 0xD4, 0xD8, 0xF7, 0x13, 0x1E, 0xD9},
-	},
-	{
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
-		[]byte{0x06, 0x5C, 0x1B, 0x89, 0x75, 0xC6, 0xA8, 0x16},
-	},
-	{
-		[]byte{0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A},
-		[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-		[]byte{0x1F, 0xF9, 0xA0, 0x26, 0x1A, 0xC6, 0x42, 0x64},
-	},
-	{
-		[]byte{0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A},
-		[]byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
-		[]byte{0x8C, 0x67, 0x15, 0x5B, 0x2E, 0xF9, 0x1E, 0xAD},
-	},
-}
-
-// Test encryption
-func TestCipherEncrypt(t *testing.T) {
-	for i, tt := range CryptTests {
-		c, err := NewCipher(tt.key)
-		if err != nil {
-			t.Errorf("NewCipher(%d bytes), vector %d = %s", len(tt.key), i, err)
-			continue
-		}
-
-		out := make([]byte, len(tt.plainText))
-		c.Encrypt(out, tt.plainText)
-
-		for j := 0; j < len(out); j++ {
-			if out[j] != tt.cipherText[j] {
-				t.Errorf("Cipher.Encrypt %d: out[%d] = %02X, expected %02X", i, j, out[j], tt.cipherText[j])
-				break
-			}
-		}
-	}
-}
-
-// Test decryption
-func TestCipherDecrypt(t *testing.T) {
-	for i, tt := range CryptTests {
-		c, err := NewCipher(tt.key)
-		if err != nil {
-			t.Errorf("NewCipher(%d bytes), vector %d = %s", len(tt.key), i, err)
-			continue
-		}
-
-		out := make([]byte, len(tt.cipherText))
-		c.Decrypt(out, tt.cipherText)
-
-		for j := 0; j < len(out); j++ {
-			if out[j] != tt.plainText[j] {
-				t.Errorf("Cipher.Decrypt %d: out[%d] = %02X, expected %02X", i, j, out[j], tt.plainText[j])
-				break
-			}
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/xts/xts.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/xts/xts.go b/cli/vendor/golang.org/x/crypto/xts/xts.go
deleted file mode 100644
index c9a283b..0000000
--- a/cli/vendor/golang.org/x/crypto/xts/xts.go
+++ /dev/null
@@ -1,138 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
-//
-// XTS mode is typically used for disk encryption, which presents a number of
-// novel problems that make more common modes inapplicable. The disk is
-// conceptually an array of sectors and we must be able to encrypt and decrypt
-// a sector in isolation. However, an attacker must not be able to transpose
-// two sectors of plaintext by transposing their ciphertext.
-//
-// XTS wraps a block cipher with Rogaway's XEX mode in order to build a
-// tweakable block cipher. This allows each sector to have a unique tweak and
-// effectively create a unique key for each sector.
-//
-// XTS does not provide any authentication. An attacker can manipulate the
-// ciphertext and randomise a block (16 bytes) of the plaintext.
-//
-// (Note: this package does not implement ciphertext-stealing so sectors must
-// be a multiple of 16 bytes.)
-package xts // import "golang.org/x/crypto/xts"
-
-import (
-	"crypto/cipher"
-	"errors"
-)
-
-// Cipher contains an expanded key structure. It doesn't contain mutable state
-// and therefore can be used concurrently.
-type Cipher struct {
-	k1, k2 cipher.Block
-}
-
-// blockSize is the block size that the underlying cipher must have. XTS is
-// only defined for 16-byte ciphers.
-const blockSize = 16
-
-// NewCipher creates a Cipher given a function for creating the underlying
-// block cipher (which must have a block size of 16 bytes). The key must be
-// twice the length of the underlying cipher's key.
-func NewCipher(cipherFunc func([]byte) (cipher.Block, error), key []byte) (c *Cipher, err error) {
-	c = new(Cipher)
-	if c.k1, err = cipherFunc(key[:len(key)/2]); err != nil {
-		return
-	}
-	c.k2, err = cipherFunc(key[len(key)/2:])
-
-	if c.k1.BlockSize() != blockSize {
-		err = errors.New("xts: cipher does not have a block size of 16")
-	}
-
-	return
-}
-
-// Encrypt encrypts a sector of plaintext and puts the result into ciphertext.
-// Plaintext and ciphertext may be the same slice but should not overlap.
-// Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.
-func (c *Cipher) Encrypt(ciphertext, plaintext []byte, sectorNum uint64) {
-	if len(ciphertext) < len(plaintext) {
-		panic("xts: ciphertext is smaller than plaintext")
-	}
-	if len(plaintext)%blockSize != 0 {
-		panic("xts: plaintext is not a multiple of the block size")
-	}
-
-	var tweak [blockSize]byte
-	for i := 0; i < 8; i++ {
-		tweak[i] = byte(sectorNum)
-		sectorNum >>= 8
-	}
-
-	c.k2.Encrypt(tweak[:], tweak[:])
-
-	for i := 0; i < len(plaintext); i += blockSize {
-		for j := 0; j < blockSize; j++ {
-			ciphertext[i+j] = plaintext[i+j] ^ tweak[j]
-		}
-		c.k1.Encrypt(ciphertext[i:], ciphertext[i:])
-		for j := 0; j < blockSize; j++ {
-			ciphertext[i+j] ^= tweak[j]
-		}
-
-		mul2(&tweak)
-	}
-}
-
-// Decrypt decrypts a sector of ciphertext and puts the result into plaintext.
-// Plaintext and ciphertext may be the same slice but should not overlap.
-// Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.
-func (c *Cipher) Decrypt(plaintext, ciphertext []byte, sectorNum uint64) {
-	if len(plaintext) < len(ciphertext) {
-		panic("xts: plaintext is smaller than ciphertext")
-	}
-	if len(ciphertext)%blockSize != 0 {
-		panic("xts: ciphertext is not a multiple of the block size")
-	}
-
-	var tweak [blockSize]byte
-	for i := 0; i < 8; i++ {
-		tweak[i] = byte(sectorNum)
-		sectorNum >>= 8
-	}
-
-	c.k2.Encrypt(tweak[:], tweak[:])
-
-	for i := 0; i < len(plaintext); i += blockSize {
-		for j := 0; j < blockSize; j++ {
-			plaintext[i+j] = ciphertext[i+j] ^ tweak[j]
-		}
-		c.k1.Decrypt(plaintext[i:], plaintext[i:])
-		for j := 0; j < blockSize; j++ {
-			plaintext[i+j] ^= tweak[j]
-		}
-
-		mul2(&tweak)
-	}
-}
-
-// mul2 multiplies tweak by 2 in GF(2¹²⁸) with an irreducible polynomial of
-// x¹²⁸ + x⁷ + x² + x + 1.
-func mul2(tweak *[blockSize]byte) {
-	var carryIn byte
-	for j := range tweak {
-		carryOut := tweak[j] >> 7
-		tweak[j] = (tweak[j] << 1) + carryIn
-		carryIn = carryOut
-	}
-	if carryIn != 0 {
-		// If we have a carry bit then we need to subtract a multiple
-		// of the irreducible polynomial (x¹²⁸ + x⁷ + x² + x + 1).
-		// By dropping the carry bit, we're subtracting the x^128 term
-		// so all that remains is to subtract x⁷ + x² + x + 1.
-		// Subtraction (and addition) in this representation is just
-		// XOR.
-		tweak[0] ^= 1<<7 | 1<<2 | 1<<1 | 1
-	}
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-client/blob/868863aa/cli/vendor/golang.org/x/crypto/xts/xts_test.go
----------------------------------------------------------------------
diff --git a/cli/vendor/golang.org/x/crypto/xts/xts_test.go b/cli/vendor/golang.org/x/crypto/xts/xts_test.go
deleted file mode 100644
index 7a5e9fa..0000000
--- a/cli/vendor/golang.org/x/crypto/xts/xts_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package xts
-
-import (
-	"bytes"
-	"crypto/aes"
-	"encoding/hex"
-	"testing"
-)
-
-// These test vectors have been taken from IEEE P1619/D16, Annex B.
-var xtsTestVectors = []struct {
-	key        string
-	sector     uint64
-	plaintext  string
-	ciphertext string
-}{
-	{
-		"0000000000000000000000000000000000000000000000000000000000000000",
-		0,
-		"0000000000000000000000000000000000000000000000000000000000000000",
-		"917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e",
-	}, {
-		"1111111111111111111111111111111122222222222222222222222222222222",
-		0x3333333333,
-		"4444444444444444444444444444444444444444444444444444444444444444",
-		"c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0",
-	}, {
-		"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222",
-		0x3333333333,
-		"4444444444444444444444444444444444444444444444444444444444444444",
-		"af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89",
-	}, {
-		"2718281828459045235360287471352631415926535897932384626433832795",
-		0,
-		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0
 f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
-		"27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a
 282df920147beabe421ee5319d0568",
-	}, {
-		"2718281828459045235360287471352631415926535897932384626433832795",
-		1,
-		"27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a
 282df920147beabe421ee5319d0568",
-		"264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd
 2a89ccb45e001a03a867b187f225dd",
-	}, {
-		"27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592",
-		0xff,
-		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0
 f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
-		"1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4
 f36ffda9fcea70b9c6e693e148c151",
-	},
-}
-
-func fromHex(s string) []byte {
-	ret, err := hex.DecodeString(s)
-	if err != nil {
-		panic("xts: invalid hex in test")
-	}
-	return ret
-}
-
-func TestXTS(t *testing.T) {
-	for i, test := range xtsTestVectors {
-		c, err := NewCipher(aes.NewCipher, fromHex(test.key))
-		if err != nil {
-			t.Errorf("#%d: failed to create cipher: %s", i, err)
-			continue
-		}
-		plaintext := fromHex(test.plaintext)
-		ciphertext := make([]byte, len(plaintext))
-		c.Encrypt(ciphertext, plaintext, test.sector)
-
-		expectedCiphertext := fromHex(test.ciphertext)
-		if !bytes.Equal(ciphertext, expectedCiphertext) {
-			t.Errorf("#%d: encrypted failed, got: %x, want: %x", i, ciphertext, expectedCiphertext)
-			continue
-		}
-
-		decrypted := make([]byte, len(ciphertext))
-		c.Decrypt(decrypted, ciphertext, test.sector)
-		if !bytes.Equal(decrypted, plaintext) {
-			t.Errorf("#%d: decryption failed, got: %x, want: %x", i, decrypted, plaintext)
-		}
-	}
-}


Mime
View raw message