diff --git a/test/SpecCHK.hs b/test/SpecCHK.hs
index f15a4e71687dcdf9efb5f72cb5b1254ae0cddd5d..157e32c158f3cb613184e8e01a0ba6d2e60a8549 100644
--- a/test/SpecCHK.hs
+++ b/test/SpecCHK.hs
@@ -34,6 +34,7 @@ import Generators (
applyShareBitFlips,
blockBitFlipper,
crypttextTreeLeafBitFlipper,
+ digests,
fingerprintBitFlipper,
genParameters,
shareTreeLeafBitFlipper,
@@ -53,7 +54,7 @@ import qualified Hedgehog.Range as Range
import Tahoe.CHK (padCiphertext)
import qualified Tahoe.CHK (decode, encode, segmentCiphertext)
import Tahoe.CHK.Capability (Reader, dangerRealShow, pCapability, pReader, verifier)
-import Tahoe.CHK.Crypto (convergenceSecretLength)
+import Tahoe.CHK.Crypto (ciphertextSegmentHash', convergenceSecretLength)
import Tahoe.CHK.Encrypt (encrypt)
import Tahoe.CHK.Share (
Share (
@@ -73,7 +74,12 @@ import Tahoe.CHK.Upload (
memoryUploadableWithConvergence,
store,
)
-import Tahoe.CHK.Validate (matchingBlockHashRoot, validFingerprint, validShareRootHash)
+import Tahoe.CHK.Validate (
+ matchingBlockHashRoot,
+ validFingerprint,
+ validSegment,
+ validShareRootHash,
+ )
import Tahoe.Server (
nullStorageServer,
)
@@ -139,6 +145,7 @@ tests =
, testSizes
, testOutOfBoundsShareNumbers
, testProperty "decode signals error if the integrity of the shares is compromised" propIntegrity
+ , testProperty "validSegment returns False if called with a hash not related to a ciphertext by the ciphertext segment hash function" propInvalidSegment
]
data Described descr b = Described descr b
@@ -477,3 +484,9 @@ prop_expand_template =
checkTemplate template expanded =
all (uncurry (==)) (B.zip template expanded)
&& checkTemplate template (B.drop (B.length template) expanded)
+
+propInvalidSegment :: Property
+propInvalidSegment = property $ do
+ ciphertext <- forAll $ Gen.bytes (Range.linear 1 64)
+ expected <- forAll $ Gen.filterT (ciphertextSegmentHash' ciphertext /=) digests
+ diff Nothing (==) (validSegment expected ciphertext)