From 9fe41ddb41a8be63eae9fa0b0c61845084ebb26b Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 25 Sep 2023 09:54:02 -0400
Subject: [PATCH] add a direct test for the negative case of validSegment

Now it can't merely be `... = True` which is something, anyway.
---
 test/SpecCHK.hs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/test/SpecCHK.hs b/test/SpecCHK.hs
index f15a4e7..157e32c 100644
--- a/test/SpecCHK.hs
+++ b/test/SpecCHK.hs
@@ -34,6 +34,7 @@ import Generators (
     applyShareBitFlips,
     blockBitFlipper,
     crypttextTreeLeafBitFlipper,
+    digests,
     fingerprintBitFlipper,
     genParameters,
     shareTreeLeafBitFlipper,
@@ -53,7 +54,7 @@ import qualified Hedgehog.Range as Range
 import Tahoe.CHK (padCiphertext)
 import qualified Tahoe.CHK (decode, encode, segmentCiphertext)
 import Tahoe.CHK.Capability (Reader, dangerRealShow, pCapability, pReader, verifier)
-import Tahoe.CHK.Crypto (convergenceSecretLength)
+import Tahoe.CHK.Crypto (ciphertextSegmentHash', convergenceSecretLength)
 import Tahoe.CHK.Encrypt (encrypt)
 import Tahoe.CHK.Share (
     Share (
@@ -73,7 +74,12 @@ import Tahoe.CHK.Upload (
     memoryUploadableWithConvergence,
     store,
  )
-import Tahoe.CHK.Validate (matchingBlockHashRoot, validFingerprint, validShareRootHash)
+import Tahoe.CHK.Validate (
+    matchingBlockHashRoot,
+    validFingerprint,
+    validSegment,
+    validShareRootHash,
+ )
 import Tahoe.Server (
     nullStorageServer,
  )
@@ -139,6 +145,7 @@ tests =
         , testSizes
         , testOutOfBoundsShareNumbers
         , testProperty "decode signals error if the integrity of the shares is compromised" propIntegrity
+        , testProperty "validSegment returns False if called with a hash not related to a ciphertext by the ciphertext segment hash function" propInvalidSegment
         ]
 
 data Described descr b = Described descr b
@@ -477,3 +484,9 @@ prop_expand_template =
     checkTemplate template expanded =
         all (uncurry (==)) (B.zip template expanded)
             && checkTemplate template (B.drop (B.length template) expanded)
+
+propInvalidSegment :: Property
+propInvalidSegment = property $ do
+    ciphertext <- forAll $ Gen.bytes (Range.linear 1 64)
+    expected <- forAll $ Gen.filterT (ciphertextSegmentHash' ciphertext /=) digests
+    diff Nothing (==) (validSegment expected ciphertext)
-- 
GitLab