Add Argon2 calibration and encryption fuzz tests

src/tests/test_encryption_fuzz.py

@@ -0,0 +1,37 @@
+import pytest
+from pathlib import Path
+from cryptography.fernet import Fernet
+from hypothesis import given, strategies as st, settings, HealthCheck
+
+from seedpass.core.encryption import EncryptionManager
+
+
+@given(blob=st.binary())
+@settings(
+    deadline=None,
+    max_examples=25,
+    suppress_health_check=[HealthCheck.function_scoped_fixture],
+)
+def test_encrypt_decrypt_roundtrip(blob: bytes, tmp_path: Path) -> None:
+    """Ensure arbitrary data round-trips through EncryptionManager."""
+    key = Fernet.generate_key()
+    mgr = EncryptionManager(key, tmp_path)
+    encrypted = mgr.encrypt_data(blob)
+    assert mgr.decrypt_data(encrypted) == blob
+
+
+@given(blob=st.binary())
+@settings(
+    deadline=None,
+    max_examples=25,
+    suppress_health_check=[HealthCheck.function_scoped_fixture],
+)
+def test_corrupted_ciphertext_fails(blob: bytes, tmp_path: Path) -> None:
+    """Corrupted ciphertext should not decrypt successfully."""
+    key = Fernet.generate_key()
+    mgr = EncryptionManager(key, tmp_path)
+    encrypted = bytearray(mgr.encrypt_data(blob))
+    if encrypted:
+        encrypted[0] ^= 0xFF
+    with pytest.raises(Exception):
+        mgr.decrypt_data(bytes(encrypted))