remove error type

We remove the error type as requested in review, and keep the existing
string error. In the test now, we check using string contains instead.

Author: porridgewithraisins

ssh/keys.go

@@ -1271,15 +1271,6 @@ func (*PassphraseMissingError) Error() string {
 	return "ssh: this private key is passphrase protected"
 }
 
-type unsupportedCipherError struct {
-	BadCipher        string
-	SupportedCiphers []string
-}
-
-func (e *unsupportedCipherError) Error() string {
-	return fmt.Sprintf("ssh: unknown cipher %q, only supports one of %q", e.BadCipher, strings.Join(e.SupportedCiphers, ","))
-}
-
 // ParseRawPrivateKey returns a private key from a PEM encoded private key. It supports
 // RSA, DSA, ECDSA, and Ed25519 private keys in PKCS#1, PKCS#8, OpenSSL, and OpenSSH
 // formats. If the private key is encrypted, it will return a PassphraseMissingError.
@@ -1438,10 +1429,7 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
 			cbc := cipher.NewCBCDecrypter(c, iv)
 			cbc.CryptBlocks(privKeyBlock, privKeyBlock)
 		default:
-			return nil, &unsupportedCipherError{
-				BadCipher:        cipherName,
-				SupportedCiphers: []string{"aes256-ctr", "aes256-cbc"},
-			}
+			return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc")
 		}
 
 		return privKeyBlock, nil
@@ -1502,7 +1490,7 @@ type openSSHEncryptedPrivateKey struct {
 	NumKeys      uint32
 	PubKey       []byte
 	PrivKeyBlock []byte
-	Rest         []byte `ssh:"rest"`
+    Rest         []byte `ssh:"rest"`
 }
 
 type openSSHPrivateKey struct {

ssh/keys_test.go

@@ -272,19 +272,18 @@ func TestParseEncryptedPrivateKeysWithPassphrase(t *testing.T) {
 }
 
 func TestParseEncryptedPrivateKeysWithUnsupportedCiphers(t *testing.T) {
-	for _, tt := range testdata.PEMEncryptedKeysForUnsupportedCiphers {
-		t.Run(tt.Name, func(t *testing.T) {
-			_, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte(tt.EncryptionKey))
-			var e *unsupportedCipherError
-			if !errors.As(err, &e) {
-				t.Errorf("got error %v, want UnsupportedCipherError", err)
-			}
-
-			if e.BadCipher != tt.Cipher {
-				t.Errorf("got badcipher %q, wanted %q", e.BadCipher, tt.Cipher)
-			}
-		})
-	}
+    for _, tt := range testdata.UnsupportedCipherData {
+        t.Run(tt.Name, func(t *testing.T){
+            _, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte(tt.EncryptionKey))
+            if err == nil {
+                t.Fatalf("expected 'unknown cipher' error for %q, got nil", tt.Name)
+                // If this cipher is now supported, remove it from testdata.UnsupportedCipherData
+            }
+            if !strings.Contains(err.Error(), "unknown cipher") {
+                t.Errorf("wanted 'unknown cipher' error, got %v", err.Error())
+            }
+        })
+    }
 }
 
 func TestParseEncryptedPrivateKeysWithIncorrectPassphrase(t *testing.T) {

ssh/testdata/keys.go

@@ -216,15 +216,12 @@ var SSHCertificates = map[string][]byte{
 `),
 }
 
-type PEMEncryptedKey struct {
+var PEMEncryptedKeys = []struct {
 	Name              string
 	EncryptionKey     string
 	IncludesPublicKey bool
-	Cipher            string
 	PEMBytes          []byte
-}
-
-var PEMEncryptedKeys = []PEMEncryptedKey{
+}{
 	0: {
 		Name:          "rsa-encrypted",
 		EncryptionKey: "r54-G0pher_t3st$",
@@ -313,12 +310,14 @@ gbDGyT3bXMQtagvCwoW+/oMTKXiZP5jCJpEO8=
 	},
 }
 
-var PEMEncryptedKeysForUnsupportedCiphers = []PEMEncryptedKey{
+var UnsupportedCipherData = []struct {
+    Name string
+    EncryptionKey string
+    PEMBytes []byte
+} {
 	0: {
 		Name:              "ed25519-encrypted-chacha20-poly1305",
 		EncryptionKey:     "password",
-		IncludesPublicKey: true,
-		Cipher:            "chacha20-poly1305@openssh.com",
 		PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAAHWNoYWNoYTIwLXBvbHkxMzA1QG9wZW5zc2guY29tAAAABm
 JjcnlwdAAAABgAAAAQdPyPIjXDRAVHskY0yp9SWwAAAGQAAAABAAAAMwAAAAtzc2gtZWQy
@@ -332,8 +331,6 @@ vYAJZExx2XLgJFEtHCVmJjYzwxx7yC7+s6u/XjrSlZS60RHunOPKyq+C+s48sejXvmX+t5
 	1: {
 		Name:              "ed25519-encrypted-aes128-gcm",
 		EncryptionKey:     "password",
-		IncludesPublicKey: true,
-		Cipher:            "aes128-gcm@openssh.com",
 		PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAAFmFlczEyOC1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA
 AAGAAAABBeMJIOqiyFwNCvDv6f8tQeAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAA
@@ -347,8 +344,6 @@ EuVmM0FqS8lbT2ynYSe3va0Qyw13jEO5qbtCuyG+C5GejL7kX4Z64=
 	2: {
 		Name:              "ed25519-encrypted-aes256-gcm",
 		EncryptionKey:     "password",
-		IncludesPublicKey: true,
-		Cipher:            "aes256-gcm@openssh.com",
 		PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAAFmFlczI1Ni1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA
 AAGAAAABBR1p3vH2Wr/HPL+q20L2rjAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAA
@@ -361,6 +356,7 @@ kv2ceuJMLT04TrKc2+RUkj4CQYnz7p8EkgZlUozx8wBSxKFGnkP7k=
 	},
 }
 
+
 // SKData contains a list of PubKeys backed by U2F/FIDO2 Security Keys and their test data.
 var SKData = []struct {
 	Name         string