initial import of main veilid core

2021-11-22 11:28:30 -05:00
parent c4cd54e020
commit 9e94a6a96f
218 changed files with 34880 additions and 1 deletions
--- a/veilid-core/src/tests/common/mod.rs
+++ b/veilid-core/src/tests/common/mod.rs
@@ -0,0 +1,8 @@
+pub mod test_connection_table;
+pub mod test_crypto;
+pub mod test_dht_key;
+pub mod test_envelope_receipt;
+pub mod test_host_interface;
+pub mod test_table_store;
+pub mod test_veilid_config;
+pub mod test_veilid_core;
--- a/veilid-core/src/tests/common/test_connection_table.rs
+++ b/veilid-core/src/tests/common/test_connection_table.rs
@@ -0,0 +1,104 @@
+use crate::connection_table::*;
+use crate::intf::*;
+use crate::xx::*;
+use crate::*;
+
+pub async fn test_add_get_remove() {
+    let table = ConnectionTable::new();
+
+    let c1 = NetworkConnection::Dummy(DummyNetworkConnection {});
+    let c2 = NetworkConnection::Dummy(DummyNetworkConnection {});
+    let c3 = NetworkConnection::Dummy(DummyNetworkConnection {});
+
+    let a1 = ConnectionDescriptor::new_no_local(PeerAddress::new(
+        Address::IPV4(Ipv4Addr::new(127, 0, 0, 1)),
+        8080,
+        ProtocolType::TCP,
+    ));
+    let a2 = ConnectionDescriptor::new_no_local(PeerAddress::new(
+        Address::IPV4(Ipv4Addr::new(127, 0, 0, 1)),
+        8080,
+        ProtocolType::TCP,
+    ));
+    let a3 = ConnectionDescriptor::new(
+        PeerAddress::new(
+            Address::IPV6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)),
+            8090,
+            ProtocolType::TCP,
+        ),
+        SocketAddr::V6(SocketAddrV6::new(
+            Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1),
+            8080,
+            0,
+            0,
+        )),
+    );
+    let a4 = ConnectionDescriptor::new(
+        PeerAddress::new(
+            Address::IPV6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)),
+            8090,
+            ProtocolType::TCP,
+        ),
+        SocketAddr::V6(SocketAddrV6::new(
+            Ipv6Addr::new(1, 0, 0, 0, 0, 0, 0, 1),
+            8080,
+            0,
+            0,
+        )),
+    );
+    let a5 = ConnectionDescriptor::new(
+        PeerAddress::new(
+            Address::Hostname("example.com".to_owned()),
+            8090,
+            ProtocolType::WSS,
+        ),
+        SocketAddr::V6(SocketAddrV6::new(
+            Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1),
+            8080,
+            0,
+            0,
+        )),
+    );
+
+    assert_eq!(a1, a2);
+    assert_ne!(a3, a4);
+    assert_ne!(a4, a5);
+
+    assert_eq!(table.connection_count(), 0);
+    assert_eq!(table.get_connection(&a1), None);
+    let entry1 = table.add_connection(a1.clone(), c1.clone()).unwrap();
+
+    assert_eq!(table.connection_count(), 1);
+    assert_eq!(table.remove_connection(&a3), Err(()));
+    assert_eq!(table.remove_connection(&a4), Err(()));
+    assert_eq!(table.connection_count(), 1);
+    assert_eq!(table.get_connection(&a1), Some(entry1.clone()));
+    assert_eq!(table.get_connection(&a1), Some(entry1.clone()));
+    assert_eq!(table.connection_count(), 1);
+    assert_eq!(table.add_connection(a1.clone(), c1.clone()), Err(()));
+    assert_eq!(table.add_connection(a1.clone(), c2.clone()), Err(()));
+    assert_eq!(table.connection_count(), 1);
+    assert_eq!(table.get_connection(&a1), Some(entry1.clone()));
+    assert_eq!(table.get_connection(&a1), Some(entry1.clone()));
+    assert_eq!(table.connection_count(), 1);
+    assert_eq!(table.remove_connection(&a2), Ok(entry1.clone()));
+    assert_eq!(table.connection_count(), 0);
+    assert_eq!(table.remove_connection(&a2), Err(()));
+    assert_eq!(table.connection_count(), 0);
+    assert_eq!(table.get_connection(&a2), None);
+    assert_eq!(table.get_connection(&a1), None);
+    assert_eq!(table.connection_count(), 0);
+    let entry2 = table.add_connection(a1.clone(), c1.clone()).unwrap();
+    assert_eq!(table.add_connection(a2.clone(), c1), Err(()));
+    let entry3 = table.add_connection(a3.clone(), c2.clone()).unwrap();
+    let entry4 = table.add_connection(a4.clone(), c3.clone()).unwrap();
+    assert_eq!(table.connection_count(), 3);
+    assert_eq!(table.remove_connection(&a2), Ok(entry2.clone()));
+    assert_eq!(table.remove_connection(&a3), Ok(entry3.clone()));
+    assert_eq!(table.remove_connection(&a4), Ok(entry4.clone()));
+    assert_eq!(table.connection_count(), 0);
+}
+
+pub async fn test_all() {
+    test_add_get_remove().await;
+}
--- a/veilid-core/src/tests/common/test_crypto.rs
+++ b/veilid-core/src/tests/common/test_crypto.rs
@@ -0,0 +1,140 @@
+use super::test_veilid_config::*;
+use crate::dht::crypto::*;
+use crate::dht::key;
+use crate::xx::*;
+use crate::*;
+
+static LOREM_IPSUM:&[u8] = b"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. ";
+
+fn setup_veilid_core() -> VeilidCoreSetup {
+    VeilidCoreSetup {
+        state_change_callback: Arc::new(
+            move |change: VeilidStateChange| -> SystemPinBoxFuture<()> {
+                Box::pin(async move {
+                    trace!("state_change_callback: {:?}", change);
+                })
+            },
+        ),
+        config_callback: Arc::new(config_callback),
+    }
+}
+
+async fn startup(core: VeilidCore) -> VeilidAPI {
+    trace!("test_table_store: starting");
+    let api = core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    api
+}
+
+async fn shutdown(api: VeilidAPI) {
+    trace!("test_table_store: shutting down");
+    api.shutdown().await;
+    trace!("test_table_store: finished");
+}
+
+pub async fn test_enc_dec() {
+    trace!("test_enc_dec");
+
+    let n1 = Crypto::get_random_nonce();
+    let n2 = loop {
+        let n = Crypto::get_random_nonce();
+        if n != n1 {
+            break n;
+        }
+    };
+
+    let ss1 = Crypto::get_random_secret();
+    let ss2 = loop {
+        let ss = Crypto::get_random_secret();
+        if ss != ss1 {
+            break ss;
+        }
+    };
+
+    let mut body = LOREM_IPSUM.to_vec();
+    let body2 = body.clone();
+    let size_before_encrypt = body.len();
+    assert!(
+        Crypto::encrypt_in_place(&mut body, &n1, &ss1, None).is_ok(),
+        "encrypt should succeed"
+    );
+    let size_after_encrypt = body.len();
+    assert!(
+        size_after_encrypt - size_before_encrypt == ENCRYPTION_OVERHEAD,
+        "overhead should match"
+    );
+    let mut body3 = body.clone();
+    let mut body4 = body.clone();
+    let mut body5 = body.clone();
+    assert!(
+        Crypto::decrypt_in_place(&mut body, &n1, &ss1, None).is_ok(),
+        "decrypt should succeed"
+    );
+    assert_eq!(body, body2, "results should be the same");
+
+    assert!(
+        Crypto::decrypt_in_place(&mut body3, &n2, &ss1, None).is_err(),
+        "decrypt with wrong nonce should fail"
+    );
+    assert_ne!(body3, body, "failure changes data");
+
+    assert!(
+        Crypto::decrypt_in_place(&mut body4, &n1, &ss2, None).is_err(),
+        "decrypt with wrong secret should fail"
+    );
+    assert_ne!(body4, body, "failure changes data");
+
+    assert!(
+        Crypto::decrypt_in_place(&mut body5, &n1, &ss2, Some(b"foobar")).is_err(),
+        "decrypt with wrong associated data should fail"
+    );
+    assert_ne!(body5, body, "failure changes data");
+
+    assert!(
+        Crypto::decrypt(LOREM_IPSUM, &n1, &ss1, None).is_err(),
+        "should fail authentication"
+    );
+
+    let body5 = Crypto::encrypt(LOREM_IPSUM, &n1, &ss1, None).unwrap();
+    let body6 = Crypto::decrypt(&body5, &n1, &ss1, None).unwrap();
+    let body7 = Crypto::encrypt(LOREM_IPSUM, &n1, &ss1, None).unwrap();
+    assert_eq!(body6, LOREM_IPSUM);
+    assert_eq!(body5, body7);
+}
+pub async fn test_dh(crypto: Crypto) {
+    trace!("test_dh");
+    let (dht_key, dht_key_secret) = key::generate_secret();
+    let (dht_key2, dht_key_secret2) = key::generate_secret();
+
+    let r1 = Crypto::compute_dh(&dht_key, &dht_key_secret2).unwrap();
+    let r2 = Crypto::compute_dh(&dht_key2, &dht_key_secret).unwrap();
+    let r3 = Crypto::compute_dh(&dht_key, &dht_key_secret2).unwrap();
+    let r4 = Crypto::compute_dh(&dht_key2, &dht_key_secret).unwrap();
+    assert_eq!(r1, r2);
+    assert_eq!(r3, r4);
+    assert_eq!(r2, r3);
+    trace!("dh: {:?}", r1);
+
+    // test cache
+    let r5 = crypto.cached_dh(&dht_key, &dht_key_secret2).unwrap();
+    let r6 = crypto.cached_dh(&dht_key2, &dht_key_secret).unwrap();
+    let r7 = crypto.cached_dh(&dht_key, &dht_key_secret2).unwrap();
+    let r8 = crypto.cached_dh(&dht_key2, &dht_key_secret).unwrap();
+    assert_eq!(r1, r5);
+    assert_eq!(r2, r6);
+    assert_eq!(r3, r7);
+    assert_eq!(r4, r8);
+    trace!("cached_dh: {:?}", r5);
+}
+
+pub async fn test_all() {
+    let core = VeilidCore::new();
+    let api = startup(core.clone()).await;
+    let crypto = core.crypto();
+    test_enc_dec().await;
+    test_dh(crypto).await;
+    shutdown(api.clone()).await;
+    assert_eq!(api.is_shutdown(), true);
+}
--- a/veilid-core/src/tests/common/test_dht_key.rs
+++ b/veilid-core/src/tests/common/test_dht_key.rs
@@ -0,0 +1,323 @@
+use crate::dht::key;
+use crate::xx::*;
+use core::convert::TryFrom;
+
+static LOREM_IPSUM:&str = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. ";
+static CHEEZBURGER: &str = "I can has cheezburger";
+static EMPTY_KEY: [u8; key::DHT_KEY_LENGTH] = [0u8; key::DHT_KEY_LENGTH];
+static EMPTY_KEY_SECRET: [u8; key::DHT_KEY_SECRET_LENGTH] = [0u8; key::DHT_KEY_SECRET_LENGTH];
+
+pub async fn test_generate_secret() {
+    // Verify keys generate
+    let (dht_key, dht_key_secret) = key::generate_secret();
+    let (dht_key2, dht_key_secret2) = key::generate_secret();
+
+    // Verify byte patterns are different between public and secret
+    assert_ne!(dht_key.bytes, dht_key_secret.bytes);
+    assert_ne!(dht_key2.bytes, dht_key_secret2.bytes);
+
+    // Verify the keys and secrets are different across keypairs
+    assert_ne!(dht_key, dht_key2);
+    assert_ne!(dht_key_secret, dht_key_secret2);
+}
+
+pub async fn test_sign_and_verify() {
+    // Make two keys
+    let (dht_key, dht_key_secret) = key::generate_secret();
+    let (dht_key2, dht_key_secret2) = key::generate_secret();
+    // Sign the same message twice
+    let dht_sig = key::sign(&dht_key, &dht_key_secret, LOREM_IPSUM.as_bytes()).unwrap();
+    trace!("dht_sig: {:?}", dht_sig);
+    let dht_sig_b = key::sign(&dht_key, &dht_key_secret, LOREM_IPSUM.as_bytes()).unwrap();
+    // Sign a second message
+    let dht_sig_c = key::sign(&dht_key, &dht_key_secret, CHEEZBURGER.as_bytes()).unwrap();
+    trace!("dht_sig_c: {:?}", dht_sig_c);
+    // Verify they are the same signature
+    assert_eq!(dht_sig, dht_sig_b);
+    // Sign the same message with a different key
+    let dht_sig2 = key::sign(&dht_key2, &dht_key_secret2, LOREM_IPSUM.as_bytes()).unwrap();
+    // Verify a different key gives a different signature
+    assert_ne!(dht_sig2, dht_sig_b);
+
+    // Try using the wrong secret to sign
+    let a1 = key::sign(&dht_key, &dht_key_secret, LOREM_IPSUM.as_bytes()).unwrap();
+    let a2 = key::sign(&dht_key2, &dht_key_secret2, LOREM_IPSUM.as_bytes()).unwrap();
+    let b1 = key::sign(&dht_key, &dht_key_secret2, LOREM_IPSUM.as_bytes()).unwrap();
+    let b2 = key::sign(&dht_key2, &dht_key_secret, LOREM_IPSUM.as_bytes()).unwrap();
+    assert_ne!(a1, b1);
+    assert_ne!(a2, b2);
+    assert_ne!(a1, b2);
+    assert_ne!(a2, b1);
+    assert_ne!(a1, a2);
+    assert_ne!(b1, b2);
+    assert_ne!(a1, b2);
+    assert_ne!(b1, a2);
+
+    assert_eq!(key::verify(&dht_key, LOREM_IPSUM.as_bytes(), &a1), Ok(()));
+    assert_eq!(key::verify(&dht_key2, LOREM_IPSUM.as_bytes(), &a2), Ok(()));
+    assert_eq!(
+        key::verify(&dht_key, LOREM_IPSUM.as_bytes(), &b1),
+        Err("Verification failed".to_owned())
+    );
+    assert_eq!(
+        key::verify(&dht_key2, LOREM_IPSUM.as_bytes(), &b2),
+        Err("Verification failed".to_owned())
+    );
+
+    // Try verifications that should work
+    assert_eq!(
+        key::verify(&dht_key, LOREM_IPSUM.as_bytes(), &dht_sig),
+        Ok(())
+    );
+    assert_eq!(
+        key::verify(&dht_key, LOREM_IPSUM.as_bytes(), &dht_sig_b),
+        Ok(())
+    );
+    assert_eq!(
+        key::verify(&dht_key2, LOREM_IPSUM.as_bytes(), &dht_sig2),
+        Ok(())
+    );
+    assert_eq!(
+        key::verify(&dht_key, CHEEZBURGER.as_bytes(), &dht_sig_c),
+        Ok(())
+    );
+    // Try verifications that shouldn't work
+    assert_eq!(
+        key::verify(&dht_key2, LOREM_IPSUM.as_bytes(), &dht_sig),
+        Err("Verification failed".to_owned())
+    );
+    assert_eq!(
+        key::verify(&dht_key, LOREM_IPSUM.as_bytes(), &dht_sig2),
+        Err("Verification failed".to_owned())
+    );
+    assert_eq!(
+        key::verify(&dht_key2, CHEEZBURGER.as_bytes(), &dht_sig_c),
+        Err("Verification failed".to_owned())
+    );
+    assert_eq!(
+        key::verify(&dht_key, CHEEZBURGER.as_bytes(), &dht_sig),
+        Err("Verification failed".to_owned())
+    );
+}
+
+pub async fn test_key_conversions() {
+    // Test default key
+    let (dht_key, dht_key_secret) = (key::DHTKey::default(), key::DHTKeySecret::default());
+    assert_eq!(dht_key.bytes, EMPTY_KEY);
+    assert_eq!(dht_key.valid, false);
+    assert_eq!(dht_key_secret.bytes, EMPTY_KEY_SECRET);
+    assert_eq!(dht_key_secret.valid, false);
+    let dht_key_string = String::from(&dht_key);
+    trace!("dht_key_string: {:?}", dht_key_string);
+    let dht_key_string2 = String::from(&dht_key);
+    trace!("dht_key_string2: {:?}", dht_key_string2);
+    assert_eq!(dht_key_string, dht_key_string2);
+
+    let dht_key_secret_string = String::from(&dht_key_secret);
+    trace!("dht_key_secret_string: {:?}", dht_key_secret_string);
+    assert_eq!(dht_key_secret_string, dht_key_string);
+
+    // Make different keys
+    let (dht_key2, dht_key_secret2) = key::generate_secret();
+    trace!("dht_key2: {:?}", dht_key2);
+    trace!("dht_key_secret2: {:?}", dht_key_secret2);
+    let (dht_key3, _dht_key_secret3) = key::generate_secret();
+    trace!("dht_key3: {:?}", dht_key3);
+    trace!("_dht_key_secret3: {:?}", _dht_key_secret3);
+
+    let dht_key2_string = String::from(&dht_key2);
+    let dht_key2_string2 = String::from(&dht_key2);
+    let dht_key3_string = String::from(&dht_key3);
+    assert_eq!(dht_key2_string, dht_key2_string2);
+    assert_ne!(dht_key3_string, dht_key2_string);
+    let dht_key_secret2_string = String::from(&dht_key_secret2);
+    assert_ne!(dht_key_secret2_string, dht_key_secret_string);
+    assert_ne!(dht_key_secret2_string, dht_key2_string);
+
+    // Assert they convert back correctly
+    let dht_key_back = key::DHTKey::try_from(dht_key_string.as_str()).unwrap();
+    let dht_key_back2 = key::DHTKey::try_from(dht_key_string2.as_str()).unwrap();
+    assert_eq!(dht_key_back, dht_key_back2);
+    assert_eq!(dht_key_back, dht_key);
+    assert_eq!(dht_key_back2, dht_key);
+
+    let dht_key_secret_back = key::DHTKeySecret::try_from(dht_key_secret_string.as_str()).unwrap();
+    assert_eq!(dht_key_secret_back, dht_key_secret);
+
+    let dht_key2_back = key::DHTKey::try_from(dht_key2_string.as_str()).unwrap();
+    let dht_key2_back2 = key::DHTKey::try_from(dht_key2_string2.as_str()).unwrap();
+    assert_eq!(dht_key2_back, dht_key2_back2);
+    assert_eq!(dht_key2_back, dht_key2);
+    assert_eq!(dht_key2_back2, dht_key2);
+
+    let dht_key_secret2_back =
+        key::DHTKeySecret::try_from(dht_key_secret2_string.as_str()).unwrap();
+    assert_eq!(dht_key_secret2_back, dht_key_secret2);
+
+    // Assert string roundtrip
+    assert_eq!(String::from(&dht_key2_back), dht_key2_string);
+    assert!(key::DHTKey::try_from("") == Ok(key::DHTKey::default()));
+    assert!(key::DHTKeySecret::try_from("") == Ok(key::DHTKeySecret::default()));
+    // These conversions should fail
+    assert!(key::DHTKey::try_from("whatever").is_err());
+    assert!(key::DHTKeySecret::try_from("whatever").is_err());
+    assert!(key::DHTKey::try_from(" ").is_err());
+    assert!(key::DHTKeySecret::try_from(" ").is_err());
+    assert!(key::DHTKey::try_from(
+        "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+    )
+    .is_err());
+    assert!(key::DHTKeySecret::try_from(
+        "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+    )
+    .is_err());
+}
+
+pub async fn test_encode_decode() {
+    let dht_key = key::DHTKey::try_decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").unwrap();
+    let dht_key_secret =
+        key::DHTKeySecret::try_decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").unwrap();
+    let dht_key_b = key::DHTKey::new(EMPTY_KEY);
+    let dht_key_secret_b = key::DHTKeySecret::new(EMPTY_KEY_SECRET);
+    assert_eq!(dht_key, dht_key_b);
+    assert_eq!(dht_key_secret, dht_key_secret_b);
+
+    let (dht_key2, dht_key_secret2) = key::generate_secret();
+
+    let e1 = dht_key.encode();
+    trace!("e1:  {:?}", e1);
+    assert_eq!(e1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".to_owned());
+    let e1s = dht_key_secret.encode();
+    trace!("e1s: {:?}", e1s);
+    let e2 = dht_key2.encode();
+    trace!("e2:  {:?}", e2);
+    let e2s = dht_key_secret2.encode();
+    trace!("e2s: {:?}", e2s);
+
+    let d1 = key::DHTKey::try_decode(e1.as_str()).unwrap();
+    trace!("d1:  {:?}", d1);
+    assert_eq!(dht_key, d1);
+
+    let d1s = key::DHTKeySecret::try_decode(e1s.as_str()).unwrap();
+    trace!("d1s: {:?}", d1s);
+    assert_eq!(dht_key_secret, d1s);
+
+    let d2 = key::DHTKey::try_decode(e2.as_str()).unwrap();
+    trace!("d2:  {:?}", d2);
+    assert_eq!(dht_key2, d2);
+
+    let d2s = key::DHTKeySecret::try_decode(e2s.as_str()).unwrap();
+    trace!("d2s: {:?}", d2s);
+    assert_eq!(dht_key_secret2, d2s);
+
+    // Failures
+    let f1 = key::DHTKeySecret::try_decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+    assert_eq!(f1, Err("Incorrect length in decode".to_owned()));
+    let f2 = key::DHTKeySecret::try_decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&");
+    assert_eq!(f2, Err("Failed to decode".to_owned()));
+}
+
+async fn test_hash() {
+    let mut s = BTreeSet::<key::DHTKey>::new();
+
+    let k1 = key::generate_hash("abc".as_bytes());
+    let k2 = key::generate_hash("abcd".as_bytes());
+    let k3 = key::generate_hash("".as_bytes());
+    let k4 = key::generate_hash(" ".as_bytes());
+    let k5 = key::generate_hash(LOREM_IPSUM.as_bytes());
+    let k6 = key::generate_hash(CHEEZBURGER.as_bytes());
+
+    s.insert(k1);
+    s.insert(k2);
+    s.insert(k3);
+    s.insert(k4);
+    s.insert(k5);
+    s.insert(k6);
+    assert_eq!(s.len(), 6);
+
+    let v1 = key::generate_hash("abc".as_bytes());
+    let v2 = key::generate_hash("abcd".as_bytes());
+    let v3 = key::generate_hash("".as_bytes());
+    let v4 = key::generate_hash(" ".as_bytes());
+    let v5 = key::generate_hash(LOREM_IPSUM.as_bytes());
+    let v6 = key::generate_hash(CHEEZBURGER.as_bytes());
+
+    assert_eq!(k1, v1);
+    assert_eq!(k2, v2);
+    assert_eq!(k3, v3);
+    assert_eq!(k4, v4);
+    assert_eq!(k5, v5);
+    assert_eq!(k6, v6);
+
+    key::validate_hash("abc".as_bytes(), &v1);
+    key::validate_hash("abcd".as_bytes(), &v2);
+    key::validate_hash("".as_bytes(), &v3);
+    key::validate_hash(" ".as_bytes(), &v4);
+    key::validate_hash(LOREM_IPSUM.as_bytes(), &v5);
+    key::validate_hash(CHEEZBURGER.as_bytes(), &v6);
+}
+
+async fn test_operations() {
+    let k1 = key::generate_hash(LOREM_IPSUM.as_bytes());
+    let k2 = key::generate_hash(CHEEZBURGER.as_bytes());
+    let k3 = key::generate_hash("abc".as_bytes());
+
+    // Get distance
+    let d1 = key::distance(&k1, &k2);
+    let d2 = key::distance(&k2, &k1);
+    let d3 = key::distance(&k1, &k3);
+    let d4 = key::distance(&k2, &k3);
+
+    trace!("d1={:?}", d1);
+    trace!("d2={:?}", d2);
+    trace!("d3={:?}", d3);
+    trace!("d4={:?}", d4);
+
+    // Verify commutativity
+    assert_eq!(d1, d2);
+    assert!(d1 <= d2);
+    assert!(d1 >= d2);
+    assert!(!(d1 < d2));
+    assert!(!(d1 > d2));
+    assert_eq!(d2, d1);
+    assert!(d2 <= d1);
+    assert!(d2 >= d1);
+    assert!(!(d2 < d1));
+    assert!(!(d2 > d1));
+
+    // Verify nibbles
+    assert_eq!(d1.nibble(0), 0x9u8);
+    assert_eq!(d1.nibble(1), 0x4u8);
+    assert_eq!(d1.nibble(2), 0x3u8);
+    assert_eq!(d1.nibble(3), 0x6u8);
+    assert_eq!(d1.nibble(63), 0x6u8);
+
+    assert_eq!(d1.first_nonzero_nibble(), Some((0, 0x9u8)));
+    assert_eq!(d2.first_nonzero_nibble(), Some((0, 0x9u8)));
+    assert_eq!(d3.first_nonzero_nibble(), Some((1, 0x4u8)));
+    assert_eq!(d4.first_nonzero_nibble(), Some((0, 0x9u8)));
+
+    // Verify bits
+    assert_eq!(d1.bit(0), true);
+    assert_eq!(d1.bit(1), false);
+    assert_eq!(d1.bit(7), false);
+    assert_eq!(d1.bit(8), false);
+    assert_eq!(d1.bit(14), true);
+    assert_eq!(d1.bit(15), false);
+    assert_eq!(d1.bit(254), true);
+    assert_eq!(d1.bit(255), false);
+
+    assert_eq!(d1.first_nonzero_bit(), Some(0));
+    assert_eq!(d2.first_nonzero_bit(), Some(0));
+    assert_eq!(d3.first_nonzero_bit(), Some(5));
+    assert_eq!(d4.first_nonzero_bit(), Some(0));
+}
+
+pub async fn test_all() {
+    test_generate_secret().await;
+    test_sign_and_verify().await;
+    test_key_conversions().await;
+    test_encode_decode().await;
+    test_hash().await;
+    test_operations().await;
+}
--- a/veilid-core/src/tests/common/test_envelope_receipt.rs
+++ b/veilid-core/src/tests/common/test_envelope_receipt.rs
@@ -0,0 +1,83 @@
+use super::test_veilid_config::*;
+use crate::dht::crypto::*;
+use crate::dht::envelope::*;
+use crate::dht::key::*;
+use crate::dht::receipt::*;
+use crate::xx::*;
+use crate::*;
+
+pub async fn test_envelope_round_trip() {
+    info!("--- test envelope round trip ---");
+    let veilid_core = VeilidCore::new();
+    let api = veilid_core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    // Get crypto
+    let crypto = veilid_core.crypto();
+
+    // Create envelope
+    let ts = 0x12345678ABCDEF69u64;
+    let nonce = Crypto::get_random_nonce();
+    let (sender_id, sender_secret) = generate_secret();
+    let (recipient_id, recipient_secret) = generate_secret();
+    let envelope = Envelope::new(0, ts, nonce, sender_id, recipient_id);
+
+    // Create arbitrary body
+    let body = b"This is an arbitrary body";
+
+    // Serialize to bytes
+    let enc_data = envelope
+        .to_encrypted_data(crypto.clone(), body, &sender_secret)
+        .expect("failed to encrypt data");
+
+    // Deserialize from bytes
+    let envelope2 =
+        Envelope::from_data(&enc_data).expect("failed to deserialize envelope from data");
+
+    let body2 = envelope2
+        .decrypt_body(crypto.clone(), &enc_data, &recipient_secret)
+        .expect("failed to decrypt envelope body");
+
+    envelope2
+        .decrypt_body(crypto.clone(), &enc_data, &sender_secret)
+        .expect_err("should have failed to decrypt using wrong secret");
+
+    // Compare envelope and body
+    assert_eq!(envelope, envelope2);
+    assert_eq!(body.to_vec(), body2);
+    api.shutdown().await;
+}
+
+pub async fn test_receipt_round_trip() {
+    info!("--- test receipt round trip ---");
+    // Create arbitrary body
+    let body = b"This is an arbitrary body";
+
+    // Create receipt
+    let nonce = Crypto::get_random_nonce();
+    let (sender_id, sender_secret) = generate_secret();
+    let receipt = Receipt::try_new(0, nonce, sender_id, body).expect("should not fail");
+
+    // Serialize to bytes
+    let mut enc_data = receipt
+        .to_signed_data(&sender_secret)
+        .expect("failed to make signed data");
+
+    // Deserialize from bytes
+    let receipt2 =
+        Receipt::from_signed_data(&enc_data).expect("failed to deserialize envelope from data");
+
+    // Should not validate even when a single bit is changed
+    enc_data[5] = 0x01;
+    Receipt::from_signed_data(&enc_data)
+        .expect_err("should have failed to decrypt using wrong secret");
+
+    // Compare receipts
+    assert_eq!(receipt, receipt2);
+}
+
+pub async fn test_all() {
+    test_envelope_round_trip().await;
+    test_receipt_round_trip().await;
+}
--- a/veilid-core/src/tests/common/test_host_interface.rs
+++ b/veilid-core/src/tests/common/test_host_interface.rs
@@ -0,0 +1,533 @@
+use crate::xx::*;
+use crate::*;
+
+cfg_if! {
+    if #[cfg(target_arch = "wasm32")] {
+        use js_sys::*;
+    } else {
+        use std::time::{Duration, SystemTime};
+    }
+}
+
+pub async fn test_log() {
+    info!("testing log");
+}
+
+pub async fn test_get_timestamp() {
+    info!("testing get_timestamp");
+    let t1 = intf::get_timestamp();
+    let t2 = intf::get_timestamp();
+    assert!(t2 >= t1);
+}
+
+pub async fn test_eventual() {
+    info!("testing Eventual");
+    {
+        let e1 = Eventual::new();
+        let i1 = e1.instance_clone(1u32);
+        let i2 = e1.instance_clone(2u32);
+        let i3 = e1.instance_clone(3u32);
+        drop(i3);
+        let i4 = e1.instance_clone(4u32);
+        drop(i2);
+
+        let jh = intf::spawn(async move {
+            intf::sleep(1000).await;
+            e1.resolve();
+        });
+
+        assert_eq!(i1.await, 1u32);
+        assert_eq!(i4.await, 4u32);
+
+        jh.await;
+    }
+    {
+        let e1 = Eventual::new();
+        let i1 = e1.instance_clone(1u32);
+        let i2 = e1.instance_clone(2u32);
+        let i3 = e1.instance_clone(3u32);
+        let i4 = e1.instance_clone(4u32);
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            let i5 = e1.instance_clone(5u32);
+            let i6 = e1.instance_clone(6u32);
+            assert_eq!(i1.await, 1u32);
+            assert_eq!(i5.await, 5u32);
+            assert_eq!(i6.await, 6u32);
+        });
+        intf::sleep(1000).await;
+        let resolved = e1_c1.resolve();
+        drop(i2);
+        drop(i3);
+        assert_eq!(i4.await, 4u32);
+        resolved.await;
+        jh.await;
+    }
+    {
+        let e1 = Eventual::new();
+        let i1 = e1.instance_clone(1u32);
+        let i2 = e1.instance_clone(2u32);
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            assert_eq!(i1.await, 1u32);
+            assert_eq!(i2.await, 2u32);
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve().await;
+
+        jh.await;
+
+        e1_c1.reset();
+        //
+        let j1 = e1.instance_clone(1u32);
+        let j2 = e1.instance_clone(2u32);
+        let jh = intf::spawn(async move {
+            assert_eq!(j1.await, 1u32);
+            assert_eq!(j2.await, 2u32);
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve().await;
+
+        jh.await;
+
+        e1_c1.reset();
+    }
+}
+
+pub async fn test_eventual_value() {
+    info!("testing Eventual Value");
+    {
+        let e1 = EventualValue::<u32>::new();
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let i3 = e1.instance();
+        drop(i3);
+        let i4 = e1.instance();
+        drop(i2);
+
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            intf::sleep(1000).await;
+            e1_c1.resolve(3u32);
+        });
+
+        assert_eq!(i1.await, ());
+        assert_eq!(i4.await, ());
+        jh.await;
+        assert_eq!(e1.take_value(), Some(3u32));
+    }
+    {
+        let e1 = EventualValue::new();
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let i3 = e1.instance();
+        let i4 = e1.instance();
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            let i5 = e1.instance();
+            let i6 = e1.instance();
+            assert_eq!(i1.await, ());
+            assert_eq!(i5.await, ());
+            assert_eq!(i6.await, ());
+        });
+        intf::sleep(1000).await;
+        let resolved = e1_c1.resolve(4u16);
+        drop(i2);
+        drop(i3);
+        assert_eq!(i4.await, ());
+        resolved.await;
+        jh.await;
+        assert_eq!(e1_c1.take_value(), Some(4u16));
+    }
+    {
+        let e1 = EventualValue::new();
+        assert_eq!(e1.take_value(), None);
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            assert_eq!(i1.await, ());
+            assert_eq!(i2.await, ());
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve(5u32).await;
+        jh.await;
+        assert_eq!(e1_c1.take_value(), Some(5u32));
+        e1_c1.reset();
+        assert_eq!(e1_c1.take_value(), None);
+        //
+        let j1 = e1.instance();
+        let j2 = e1.instance();
+        let jh = intf::spawn(async move {
+            assert_eq!(j1.await, ());
+            assert_eq!(j2.await, ());
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve(6u32).await;
+        jh.await;
+        assert_eq!(e1_c1.take_value(), Some(6u32));
+        e1_c1.reset();
+        assert_eq!(e1_c1.take_value(), None);
+    }
+}
+
+pub async fn test_eventual_value_clone() {
+    info!("testing Eventual Value Clone");
+    {
+        let e1 = EventualValueClone::<u32>::new();
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let i3 = e1.instance();
+        drop(i3);
+        let i4 = e1.instance();
+        drop(i2);
+
+        let jh = intf::spawn(async move {
+            intf::sleep(1000).await;
+            e1.resolve(3u32);
+        });
+
+        assert_eq!(i1.await, 3);
+        assert_eq!(i4.await, 3);
+
+        jh.await;
+    }
+
+    {
+        let e1 = EventualValueClone::new();
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let i3 = e1.instance();
+        let i4 = e1.instance();
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            let i5 = e1.instance();
+            let i6 = e1.instance();
+            assert_eq!(i1.await, 4);
+            assert_eq!(i5.await, 4);
+            assert_eq!(i6.await, 4);
+        });
+        intf::sleep(1000).await;
+        let resolved = e1_c1.resolve(4u16);
+        drop(i2);
+        drop(i3);
+        assert_eq!(i4.await, 4);
+        resolved.await;
+        jh.await;
+    }
+
+    {
+        let e1 = EventualValueClone::new();
+        let i1 = e1.instance();
+        let i2 = e1.instance();
+        let e1_c1 = e1.clone();
+        let jh = intf::spawn(async move {
+            assert_eq!(i1.await, 5);
+            assert_eq!(i2.await, 5);
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve(5u32).await;
+        jh.await;
+        e1_c1.reset();
+        //
+        let j1 = e1.instance();
+        let j2 = e1.instance();
+        let jh = intf::spawn(async move {
+            assert_eq!(j1.await, 6);
+            assert_eq!(j2.await, 6);
+        });
+        intf::sleep(1000).await;
+        e1_c1.resolve(6u32).await;
+        jh.await;
+        e1_c1.reset();
+    }
+}
+pub async fn test_interval() {
+    info!("testing interval");
+
+    let tick: Arc<Mutex<u32>> = Arc::new(Mutex::new(0u32));
+    let stopper = intf::interval(1000, move || {
+        let tick = tick.clone();
+        async move {
+            let mut tick = tick.lock();
+            trace!("tick {}", tick);
+            *tick += 1;
+        }
+    });
+
+    intf::sleep(5500).await;
+
+    stopper.await;
+}
+
+pub async fn test_timeout() {
+    info!("testing timeout");
+
+    let tick: Arc<Mutex<u32>> = Arc::new(Mutex::new(0u32));
+    let tick_1 = tick.clone();
+    assert!(
+        intf::timeout(2500, async move {
+            let mut tick = tick_1.lock();
+            trace!("tick {}", tick);
+            intf::sleep(1000).await;
+            *tick += 1;
+            trace!("tick {}", tick);
+            intf::sleep(1000).await;
+            *tick += 1;
+            trace!("tick {}", tick);
+            intf::sleep(1000).await;
+            *tick += 1;
+            trace!("tick {}", tick);
+            intf::sleep(1000).await;
+            *tick += 1;
+        })
+        .await
+        .is_err(),
+        "should have timed out"
+    );
+
+    let ticks = *tick.lock();
+    assert!(ticks <= 2);
+}
+
+pub async fn test_sleep() {
+    info!("testing sleep");
+    cfg_if! {
+        if #[cfg(target_arch = "wasm32")] {
+
+            let t1 = Date::now();
+            intf::sleep(1000).await;
+            let t2 = Date::now();
+            assert!((t2-t1) >= 1000.0);
+
+        } else {
+
+            let sys_time = SystemTime::now();
+            let one_sec = Duration::from_secs(1);
+
+            intf::sleep(1000).await;
+            assert!(sys_time.elapsed().unwrap() >= one_sec);
+        }
+    }
+}
+
+pub async fn test_protected_store() {
+    info!("testing protected store");
+
+    let _ = intf::remove_user_secret("test", "_test_key").await;
+    let _ = intf::remove_user_secret("test", "_test_broken").await;
+
+    let d1: [u8; 0] = [];
+
+    assert_eq!(
+        intf::save_user_secret("test", "_test_key", &[2u8, 3u8, 4u8]).await,
+        Ok(false)
+    );
+    info!("testing saving user secret");
+    assert_eq!(
+        intf::save_user_secret("test", "_test_key", &d1).await,
+        Ok(true)
+    );
+    info!("testing loading user secret");
+    assert_eq!(
+        intf::load_user_secret("test", "_test_key").await,
+        Ok(Some(d1.to_vec()))
+    );
+    info!("testing loading user secret again");
+    assert_eq!(
+        intf::load_user_secret("test", "_test_key").await,
+        Ok(Some(d1.to_vec()))
+    );
+    info!("testing loading broken user secret");
+    assert_eq!(
+        intf::load_user_secret("test", "_test_broken").await,
+        Ok(None)
+    );
+    info!("testing loading broken user secret again");
+    assert_eq!(
+        intf::load_user_secret("test", "_test_broken").await,
+        Ok(None)
+    );
+    info!("testing remove user secret");
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_key").await,
+        Ok(true)
+    );
+    info!("testing remove user secret again");
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_key").await,
+        Ok(false)
+    );
+    info!("testing remove broken user secret");
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_broken").await,
+        Ok(false)
+    );
+    info!("testing remove broken user secret again");
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_broken").await,
+        Ok(false)
+    );
+
+    let d2: [u8; 10] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10];
+
+    assert_eq!(
+        intf::save_user_secret("test", "_test_key", &[2u8, 3u8, 4u8]).await,
+        Ok(false)
+    );
+    assert_eq!(
+        intf::save_user_secret("test", "_test_key", &d2).await,
+        Ok(true)
+    );
+    assert_eq!(
+        intf::load_user_secret("test", "_test_key").await,
+        Ok(Some(d2.to_vec()))
+    );
+    assert_eq!(
+        intf::load_user_secret("test", "_test_key").await,
+        Ok(Some(d2.to_vec()))
+    );
+    assert_eq!(
+        intf::load_user_secret("test", "_test_broken").await,
+        Ok(None)
+    );
+    assert_eq!(
+        intf::load_user_secret("test", "_test_broken").await,
+        Ok(None)
+    );
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_key").await,
+        Ok(true)
+    );
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_key").await,
+        Ok(false)
+    );
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_broken").await,
+        Ok(false)
+    );
+    assert_eq!(
+        intf::remove_user_secret("test", "_test_broken").await,
+        Ok(false)
+    );
+
+    let _ = intf::remove_user_secret("test", "_test_key").await;
+    let _ = intf::remove_user_secret("test", "_test_broken").await;
+}
+
+cfg_if! {
+    if #[cfg(not(target_arch = "wasm32"))] {
+        pub async fn test_network_interfaces() {
+            info!("testing network interfaces");
+            let t1 = intf::get_timestamp();
+            let mut interfaces = intf::utils::network_interfaces::NetworkInterfaces::new();
+            let count = 100;
+            for _ in 0..count {
+                if let Err(e) = interfaces.refresh() {
+                    error!("error refreshing interfaces: {}", e);
+                }
+            }
+            let t2 = intf::get_timestamp();
+            let tdiff = ((t2 - t1) as f64)/1000000.0f64;
+            info!("running network interface test with {} iterations took {} seconds", count, tdiff);
+        }
+    }
+}
+
+pub async fn test_get_random_u64() {
+    info!("testing random number generator for u64");
+    let t1 = intf::get_timestamp();
+    let count = 10000;
+    for _ in 0..count {
+        let _ = intf::get_random_u64();
+    }
+    let t2 = intf::get_timestamp();
+    let tdiff = ((t2 - t1) as f64) / 1000000.0f64;
+    info!(
+        "running network interface test with {} iterations took {} seconds",
+        count, tdiff
+    );
+}
+
+pub async fn test_get_random_u32() {
+    info!("testing random number generator for u32");
+    let t1 = intf::get_timestamp();
+    let count = 10000;
+    for _ in 0..count {
+        let _ = intf::get_random_u32();
+    }
+    let t2 = intf::get_timestamp();
+    let tdiff = ((t2 - t1) as f64) / 1000000.0f64;
+    info!(
+        "running network interface test with {} iterations took {} seconds",
+        count, tdiff
+    );
+}
+
+pub async fn test_single_future() {
+    info!("testing single future");
+    let sf = SingleFuture::<u32>::new();
+    assert_eq!(sf.check().await, Ok(None));
+    assert_eq!(
+        sf.single_spawn(async {
+            intf::sleep(2000).await;
+            69
+        })
+        .await,
+        Ok(None)
+    );
+    assert_eq!(sf.check().await, Ok(None));
+    assert_eq!(sf.single_spawn(async { panic!() }).await, Ok(None));
+    assert_eq!(sf.join().await, Ok(Some(69)));
+    assert_eq!(
+        sf.single_spawn(async {
+            intf::sleep(1000).await;
+            37
+        })
+        .await,
+        Ok(None)
+    );
+    intf::sleep(2000).await;
+    assert_eq!(
+        sf.single_spawn(async {
+            intf::sleep(1000).await;
+            27
+        })
+        .await,
+        Ok(Some(37))
+    );
+    intf::sleep(2000).await;
+    assert_eq!(sf.join().await, Ok(Some(27)));
+    assert_eq!(sf.check().await, Ok(None));
+}
+
+pub async fn test_tools() {
+    info!("testing retry_falloff_log");
+    let mut last_us = 0u64;
+    for x in 0..1024 {
+        let cur_us = x as u64 * 1000000u64;
+        if retry_falloff_log(last_us, cur_us, 10_000_000u64, 6_000_000_000u64, 2.0f64) {
+            info!("   retry at {} secs", timestamp_to_secs(cur_us));
+            last_us = cur_us;
+        }
+    }
+}
+
+pub async fn test_all() {
+    test_log().await;
+    test_get_timestamp().await;
+    test_tools().await;
+    test_get_random_u64().await;
+    test_get_random_u32().await;
+    test_sleep().await;
+    #[cfg(not(target_arch = "wasm32"))]
+    test_network_interfaces().await;
+    test_single_future().await;
+    test_eventual().await;
+    test_eventual_value().await;
+    test_eventual_value_clone().await;
+    test_interval().await;
+    test_timeout().await;
+    test_protected_store().await;
+}
--- a/veilid-core/src/tests/common/test_table_store.rs
+++ b/veilid-core/src/tests/common/test_table_store.rs
@@ -0,0 +1,184 @@
+use super::test_veilid_config::*;
+use crate::dht::key;
+use crate::intf::*;
+use crate::xx::*;
+use crate::*;
+
+fn setup_veilid_core() -> VeilidCoreSetup {
+    VeilidCoreSetup {
+        state_change_callback: Arc::new(
+            move |change: VeilidStateChange| -> SystemPinBoxFuture<()> {
+                Box::pin(async move {
+                    trace!("state_change_callback: {:?}", change);
+                })
+            },
+        ),
+        config_callback: Arc::new(config_callback),
+    }
+}
+
+async fn startup(core: VeilidCore) -> VeilidAPI {
+    trace!("test_table_store: starting");
+    core.startup(setup_veilid_core())
+        .await
+        .expect("startup failed")
+}
+
+async fn shutdown(api: VeilidAPI) {
+    trace!("test_table_store: shutting down");
+    api.shutdown().await;
+    trace!("test_table_store: finished");
+}
+
+pub async fn test_delete_open_delete(ts: TableStore) {
+    trace!("test_delete_open_delete");
+
+    let _ = ts.delete("test");
+    let db = ts.open("test", 3).await.expect("should have opened");
+    assert!(
+        ts.delete("test").await.is_err(),
+        "should fail because file is opened"
+    );
+    drop(db);
+    assert!(
+        ts.delete("test").await.is_ok(),
+        "should succeed because file is closed"
+    );
+    let db = ts.open("test", 3).await.expect("should have opened");
+    assert!(
+        ts.delete("test").await.is_err(),
+        "should fail because file is opened"
+    );
+    drop(db);
+    let db = ts.open("test", 3).await.expect("should have opened");
+    assert!(
+        ts.delete("test").await.is_err(),
+        "should fail because file is opened"
+    );
+    drop(db);
+    assert!(
+        ts.delete("test").await.is_ok(),
+        "should succeed because file is closed"
+    );
+}
+
+pub async fn test_store_delete_load(ts: TableStore) {
+    trace!("test_store_delete_load");
+
+    let _ = ts.delete("test");
+    let db = ts.open("test", 3).await.expect("should have opened");
+    assert!(
+        ts.delete("test").await.is_err(),
+        "should fail because file is opened"
+    );
+
+    assert_eq!(
+        db.load(0, b"foo").await,
+        Ok(None),
+        "should not load missing key"
+    );
+    assert!(
+        db.store(1, b"foo", b"1234567890").await.is_ok(),
+        "should store new key"
+    );
+    assert_eq!(
+        db.load(0, b"foo").await,
+        Ok(None),
+        "should not load missing key"
+    );
+    assert_eq!(db.load(1, b"foo").await, Ok(Some(b"1234567890".to_vec())));
+
+    assert!(
+        db.store(1, b"bar", b"FNORD").await.is_ok(),
+        "should store new key"
+    );
+    assert!(
+        db.store(0, b"bar", b"ABCDEFGHIJKLMNOPQRSTUVWXYZ")
+            .await
+            .is_ok(),
+        "should store new key"
+    );
+    assert!(
+        db.store(2, b"bar", b"FNORD").await.is_ok(),
+        "should store new key"
+    );
+    assert!(
+        db.store(2, b"baz", b"QWERTY").await.is_ok(),
+        "should store new key"
+    );
+    assert!(
+        db.store(2, b"bar", b"QWERTYUIOP").await.is_ok(),
+        "should store new key"
+    );
+
+    assert_eq!(db.load(1, b"bar").await, Ok(Some(b"FNORD".to_vec())));
+    assert_eq!(
+        db.load(0, b"bar").await,
+        Ok(Some(b"ABCDEFGHIJKLMNOPQRSTUVWXYZ".to_vec()))
+    );
+    assert_eq!(db.load(2, b"bar").await, Ok(Some(b"QWERTYUIOP".to_vec())));
+    assert_eq!(db.load(2, b"baz").await, Ok(Some(b"QWERTY".to_vec())));
+
+    assert_eq!(db.delete(1, b"bar").await, Ok(true));
+    assert_eq!(db.delete(1, b"bar").await, Ok(false));
+    assert!(
+        db.delete(4, b"bar").await.is_err(),
+        "can't delete from column that doesn't exist"
+    );
+
+    drop(db);
+    let db = ts.open("test", 3).await.expect("should have opened");
+
+    assert_eq!(db.load(1, b"bar").await, Ok(None));
+    assert_eq!(
+        db.load(0, b"bar").await,
+        Ok(Some(b"ABCDEFGHIJKLMNOPQRSTUVWXYZ".to_vec()))
+    );
+    assert_eq!(db.load(2, b"bar").await, Ok(Some(b"QWERTYUIOP".to_vec())));
+    assert_eq!(db.load(2, b"baz").await, Ok(Some(b"QWERTY".to_vec())));
+}
+
+pub async fn test_cbor(ts: TableStore) {
+    trace!("test_cbor");
+
+    let _ = ts.delete("test");
+    let db = ts.open("test", 3).await.expect("should have opened");
+    let (dht_key, _) = key::generate_secret();
+
+    assert!(db.store_cbor(0, b"asdf", &dht_key).await.is_ok());
+
+    assert_eq!(db.load_cbor::<key::DHTKey>(0, b"qwer").await, Ok(None));
+
+    let d = match db.load_cbor::<key::DHTKey>(0, b"asdf").await {
+        Ok(x) => x,
+        Err(e) => {
+            assert!(false, "couldn't decode cbor: {}", e);
+            return;
+        }
+    };
+    assert_eq!(d, Some(dht_key), "keys should be equal");
+
+    assert!(
+        db.store(1, b"foo", b"1234567890").await.is_ok(),
+        "should store new key"
+    );
+
+    assert!(
+        db.load_cbor::<key::DHTKey>(1, b"foo").await.is_err(),
+        "should fail to load cbor"
+    );
+}
+
+pub async fn test_all() {
+    let core = VeilidCore::new();
+    let api = startup(core.clone()).await;
+
+    let ts = core.table_store();
+    test_delete_open_delete(ts.clone()).await;
+    test_store_delete_load(ts.clone()).await;
+    test_cbor(ts.clone()).await;
+
+    let _ = ts.delete("test").await;
+
+    shutdown(api).await;
+}
--- a/veilid-core/src/tests/common/test_veilid_config.rs
+++ b/veilid-core/src/tests/common/test_veilid_config.rs
@@ -0,0 +1,307 @@
+use crate::xx::*;
+use crate::*;
+cfg_if! {
+    if #[cfg(not(target_arch = "wasm32"))] {
+        use std::fs::File;
+        use std::io::prelude::*;
+        use std::path::PathBuf;
+
+        static CERTFILE: &str = r#"-----BEGIN CERTIFICATE-----
+MIIDbzCCAlegAwIBAgIRALB/PvRpqN55Pk7L33NNsvcwDQYJKoZIhvcNAQELBQAw
+FDESMBAGA1UEAwwJTm9jdGVtIENBMB4XDTIwMDkwODIxMDkwMFoXDTMwMDkwNjIx
+MDkwMFowHDEaMBgGA1UEAwwRKi5ub2N0ZW0uaW50ZXJuYWwwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDRbAtA2dIlTPaQUN43/bdGi2wuDzCXk36TcfOr
+YoxGsyJV6QpcIdmtrPN2WbkuDmA/G+0BUcQPvBfA/pFRHQElrzMhGR23Mp6IK7YR
+pomUa1DQSJyMw/WM9V0+tidp5tJSeUCB+qKhLBrztD5XXjdhU6WA1J0y26XQoBqs
+RZbPV8mce4LxVaQptkf4NB4/jnr3M1/FWEri60xBw3blWGaLP6gza3vqAr8pqEY4
+zXU4q+egLbRIOwxwBJ0/vcyO6BdSzA1asWJCddXQJkUQrLl3OQ+44FMsAFyzCOiK
+DVoqD2z4IJvIRT6TH8OcYvrotytlsNXS4ja9r32tTR1/DxUrAgMBAAGjgbMwgbAw
+CQYDVR0TBAIwADAdBgNVHQ4EFgQUhjP4CArB3wWGHfavf7mRxaYshKMwRAYDVR0j
+BD0wO4AUKAOv10AaiIUHgOtx0Mk6ZaZ/tGWhGKQWMBQxEjAQBgNVBAMMCU5vY3Rl
+bSBDQYIJAISVWafozd3RMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF
+oDAcBgNVHREEFTATghEqLm5vY3RlbS5pbnRlcm5hbDANBgkqhkiG9w0BAQsFAAOC
+AQEAMfVGtpXdkxflSQY2DzIUXLp9cZQnu4A8gww8iaLAg5CIUijP71tb2JJ+SsRx
+W3p14YMhOYtswIvGTtXWzMgfAivwrxCcJefnqDAG9yviWoA0CSQe21nRjEqN6nyh
+CS2BIkOcNNf10TD9sNo7z6IIXNjok7/F031JvH6pBgZ8Bq4IE/ANIuAvxwslPrqT
+80qnWtAc5TzNNR1CT+fyZwMEpeW5fMZQnrSyUMsNv06Jydl/7IkGvlmbwihZOg95
+Vty37pyzrXU5s/DY1zi5aYoFiK7/4bNEy9mRL9ero+kCvQfea0Yt2rITKQkCYvKu
+MQTNaSyo6GTifW5InckkQIsnTQ==
+-----END CERTIFICATE-----"#;
+
+        static KEYFILE: &str = r#"-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRbAtA2dIlTPaQ
+UN43/bdGi2wuDzCXk36TcfOrYoxGsyJV6QpcIdmtrPN2WbkuDmA/G+0BUcQPvBfA
+/pFRHQElrzMhGR23Mp6IK7YRpomUa1DQSJyMw/WM9V0+tidp5tJSeUCB+qKhLBrz
+tD5XXjdhU6WA1J0y26XQoBqsRZbPV8mce4LxVaQptkf4NB4/jnr3M1/FWEri60xB
+w3blWGaLP6gza3vqAr8pqEY4zXU4q+egLbRIOwxwBJ0/vcyO6BdSzA1asWJCddXQ
+JkUQrLl3OQ+44FMsAFyzCOiKDVoqD2z4IJvIRT6TH8OcYvrotytlsNXS4ja9r32t
+TR1/DxUrAgMBAAECggEBAMIAK+CUqCbjyBliwKjvwWN5buqwKZyRBxXB3y/qJ/aq
+pWkea/lzZjqMWDFP5sryiFiOHx00yMKmxP6FFMsmalSlm2DS6oM2QkP08kIhm5vB
+WmjIizWfpo5BEnMwvQxOxpGeP5LpQtS5jfIrDAFVh0oC+fOBgmqFrXK5jlv+Tzmc
+9PzoF5lgy8CHw3NxuScJpEhA1vTzu5N7sTdiTDKqY1ph2+RFlf30oyx4whoRVpIC
+w8vp3WbLu/yAGuN5S14mYJW2Qgi8/rVCDStROEKOeB99mt1MG5lX7iuagzS/95Lr
+2m1Nya0+7hkkpq6Y3Wqne9H0NLasJK8PU8ZaEc6BwTkCgYEA8iLVBrt4W/Cc5hry
+8LWCMX8P25z7WIRYswnPvqwTwE0f6Q1ddWIaR9GPWUHgoRC4Z0b0MKolwo9s8RPE
+GBuTOCy8ArSgYb1jNpsanGIWg6mZZgfylKdMdCMXMAAYF1/sTXeqCDY+FSCzEAvZ
+hzppcCpiKV7Pa9aOo7o3/IeUBZcCgYEA3WmyvscG27R18XASJYL8Y4DuFvvnTHMp
+YnxJIoS1+0TnUD2QqXUnXKbnTioWs7t990YAjbsHvK4fVsbnkuEm/as0oYbC8vU1
+W3XN0HrpiacGcYIcXU4AY4XvY8t3y76FycJAT9Q6QztVofI5DmXV+8qsyrEegUys
+wPIkkumCJ40CgYBKT3hTPZudk8WDNQgT6ZCQQi+Kta3Jp6xVHhC8srDJFqJRcsGY
+8ceg/OZifT5EEA6X24W7naxC/qNvhSJsR6Ix3kDBD9AczvOw4X8UOWIxfA5Q6uV+
+y61CAzbti0nZep3Z1HzBUmxRLZzmssxKnRmYy9keWzOLI+jYxKDEBpPd9wKBgAY1
+pquvDUQwJXal+/xNViK8RPEkE3KTcD+w2KQ9MJVhc1NOxrXZ8Uap76bDi2tzAK9k
+qTNQYYErKPnYDjqSUfOfT5SQIPuLYPm1rhYAvHf91TJtwbnkLCKeaP5VgICYUUw9
+RGx4uUGVcmteTbdXp86t+naczQw3SEkJAXmVTu8pAoGATF7xXifMUSL1v43Ybrmc
+RikQyDecRspMYLOCNmPWI2PPz6MAjm8jDCsXK52HUK4mUqrd/W3rqnl+TrJsXOnH
+Ww6tESPaF1kCVyV2Jx/5m8qsE9y5Bds7eMo2JF8vnAKFX6t4KwZiyHBymj6uelNc
+wFAbkZY9eS/x6P7qrpd7dUA=
+-----END PRIVATE KEY-----"#;
+    }
+}
+
+cfg_if! {
+
+    if #[cfg(target_arch = "wasm32")] {
+        pub fn get_tablestore_path() -> String {
+            String::new()
+        }
+        pub fn get_certfile_path() -> String {
+            String::new()
+        }
+        pub fn get_keyfile_path() -> String {
+            String::new()
+        }
+    }
+    else {
+
+        fn get_data_dir() -> PathBuf {
+            let out;
+            cfg_if! {
+                if #[cfg(target_os = "android")] {
+                    out = PathBuf::from(intf::utils::android::get_files_dir());
+                } else {
+                    use directories::*;
+
+                    if let Some(my_proj_dirs) = ProjectDirs::from("org", "Veilid", "VeilidCoreTests") {
+                        out = PathBuf::from(my_proj_dirs.data_local_dir());
+                    } else {
+                        out = PathBuf::from("./");
+                    }
+                }
+            }
+            out
+        }
+
+        pub fn get_tablestore_path() -> String {
+            let mut out = get_data_dir();
+            std::fs::create_dir_all(&out).unwrap();
+
+            out.push("tablestore");
+
+            out.into_os_string().into_string().unwrap()
+        }
+
+        pub fn get_certfile_path() -> String {
+            let mut out = get_data_dir();
+            std::fs::create_dir_all(&out).unwrap();
+
+            out.push("cert.pem");
+            // Initialize certfile
+            if !out.exists() {
+                debug!("creating certfile at {:?}", out);
+                File::create(&out).unwrap().write_all(CERTFILE.as_bytes()).unwrap();
+            }
+
+            out.into_os_string().into_string().unwrap()
+        }
+
+        pub fn get_keyfile_path() -> String {
+            let mut out = get_data_dir();
+            std::fs::create_dir_all(&out).unwrap();
+
+            out.push("key.pem");
+
+            // Initialize keyfile
+            if !out.exists() {
+                debug!("creating keyfile at {:?}", out);
+                File::create(&out).unwrap().write_all(KEYFILE.as_bytes()).unwrap();
+            }
+
+            out.into_os_string().into_string().unwrap()
+        }
+    }
+}
+
+pub fn setup_veilid_core() -> VeilidCoreSetup {
+    VeilidCoreSetup {
+        state_change_callback: Arc::new(
+            move |change: VeilidStateChange| -> SystemPinBoxFuture<()> {
+                Box::pin(async move {
+                    trace!("state_change_callback: {:?}", change);
+                })
+            },
+        ),
+        config_callback: Arc::new(config_callback),
+    }
+}
+
+pub fn config_callback(key: String) -> Result<Box<dyn core::any::Any>, String> {
+    match key.as_str() {
+        "namespace" => Ok(Box::new(String::from(""))),
+        "capabilities.protocol_udp" => Ok(Box::new(true)),
+        "capabilities.protocol_connect_tcp" => Ok(Box::new(true)),
+        "capabilities.protocol_accept_tcp" => Ok(Box::new(true)),
+        "capabilities.protocol_connect_ws" => Ok(Box::new(true)),
+        "capabilities.protocol_accept_ws" => Ok(Box::new(true)),
+        "capabilities.protocol_connect_wss" => Ok(Box::new(true)),
+        "capabilities.protocol_accept_wss" => Ok(Box::new(true)),
+        "tablestore.directory" => Ok(Box::new(get_tablestore_path())),
+        "network.max_connections" => Ok(Box::new(16u32)),
+        "network.connection_initial_timeout" => Ok(Box::new(2_000_000u64)),
+        "network.node_id" => Ok(Box::new(dht::key::DHTKey::default())),
+        "network.node_id_secret" => Ok(Box::new(dht::key::DHTKeySecret::default())),
+        "network.bootstrap" => Ok(Box::new(vec![String::from("asdf"), String::from("qwer")])),
+        "network.rpc.concurrency" => Ok(Box::new(2u32)),
+        "network.rpc.queue_size" => Ok(Box::new(128u32)),
+        "network.rpc.max_timestamp_behind" => Ok(Box::new(Some(10_000_000u64))),
+        "network.rpc.max_timestamp_ahead" => Ok(Box::new(Some(10_000_000u64))),
+        "network.rpc.timeout" => Ok(Box::new(10_000_000u64)),
+        "network.rpc.max_route_hop_count" => Ok(Box::new(7u8)),
+        "network.dht.resolve_node_timeout" => Ok(Box::new(Option::<u64>::None)),
+        "network.dht.resolve_node_count" => Ok(Box::new(20u32)),
+        "network.dht.resolve_node_fanout" => Ok(Box::new(3u32)),
+        "network.dht.max_find_node_count" => Ok(Box::new(20u32)),
+        "network.dht.get_value_timeout" => Ok(Box::new(Option::<u64>::None)),
+        "network.dht.get_value_count" => Ok(Box::new(20u32)),
+        "network.dht.get_value_fanout" => Ok(Box::new(3u32)),
+        "network.dht.set_value_timeout" => Ok(Box::new(Option::<u64>::None)),
+        "network.dht.set_value_count" => Ok(Box::new(20u32)),
+        "network.dht.set_value_fanout" => Ok(Box::new(5u32)),
+        "network.dht.min_peer_count" => Ok(Box::new(20u32)),
+        "network.dht.min_peer_refresh_time" => Ok(Box::new(2000000u64)),
+        "network.dht.validate_dial_info_receipt_time" => Ok(Box::new(5000000u64)),
+        "network.upnp" => Ok(Box::new(false)),
+        "network.natpmp" => Ok(Box::new(false)),
+        "network.address_filter" => Ok(Box::new(true)),
+        "network.tls.certificate_path" => Ok(Box::new(get_certfile_path())),
+        "network.tls.private_key_path" => Ok(Box::new(get_keyfile_path())),
+        "network.tls.connection_initial_timeout" => Ok(Box::new(2_000_000u64)),
+        "network.application.path" => Ok(Box::new(String::from("/app"))),
+        "network.application.https.enabled" => Ok(Box::new(true)),
+        "network.application.https.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.application.http.enabled" => Ok(Box::new(true)),
+        "network.application.http.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.protocol.udp.enabled" => Ok(Box::new(true)),
+        "network.protocol.udp.socket_pool_size" => Ok(Box::new(0u32)),
+        "network.protocol.udp.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.protocol.udp.public_address" => Ok(Box::new(Option::<String>::None)),
+        "network.protocol.tcp.connect" => Ok(Box::new(true)),
+        "network.protocol.tcp.listen" => Ok(Box::new(true)),
+        "network.protocol.tcp.max_connections" => Ok(Box::new(32u32)),
+        "network.protocol.tcp.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.protocol.tcp.public_address" => Ok(Box::new(Option::<String>::None)),
+        "network.protocol.ws.connect" => Ok(Box::new(true)),
+        "network.protocol.ws.listen" => Ok(Box::new(true)),
+        "network.protocol.ws.max_connections" => Ok(Box::new(16u32)),
+        "network.protocol.ws.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.protocol.ws.path" => Ok(Box::new(String::from("/ws"))),
+        "network.protocol.ws.public_address" => Ok(Box::new(Option::<String>::None)),
+        "network.protocol.wss.connect" => Ok(Box::new(true)),
+        "network.protocol.wss.listen" => Ok(Box::new(true)),
+        "network.protocol.wss.max_connections" => Ok(Box::new(16u32)),
+        "network.protocol.wss.listen_address" => Ok(Box::new(String::from("[::1]:5150"))),
+        "network.protocol.wss.path" => Ok(Box::new(String::from("/ws"))),
+        "network.protocol.wss.public_address" => Ok(Box::new(Option::<String>::None)),
+        "network.leases.max_server_signal_leases" => Ok(Box::new(256u32)),
+        "network.leases.max_server_relay_leases" => Ok(Box::new(8u32)),
+        "network.leases.max_client_signal_leases" => Ok(Box::new(2u32)),
+        "network.leases.max_client_relay_leases" => Ok(Box::new(2u32)),
+        _ => Err(format!("config key '{}' doesn't exist", key)),
+    }
+}
+
+pub async fn test_config() {
+    let mut vc = VeilidConfig::new();
+    match vc.init(Arc::new(config_callback)).await {
+        Ok(()) => (),
+        Err(e) => {
+            error!("Error: {}", e);
+            assert!(false);
+        }
+    }
+    let inner = vc.get();
+    assert_eq!(inner.namespace, String::from(""));
+    assert_eq!(inner.capabilities.protocol_udp, true);
+    assert_eq!(inner.capabilities.protocol_connect_tcp, true);
+    assert_eq!(inner.capabilities.protocol_accept_tcp, true);
+    assert_eq!(inner.capabilities.protocol_connect_ws, true);
+    assert_eq!(inner.capabilities.protocol_accept_ws, true);
+    assert_eq!(inner.capabilities.protocol_connect_wss, true);
+    assert_eq!(inner.capabilities.protocol_accept_wss, true);
+    assert_eq!(inner.tablestore.directory, get_tablestore_path());
+    assert_eq!(inner.network.max_connections, 16);
+    assert_eq!(inner.network.connection_initial_timeout, 2_000_000u64);
+    assert!(inner.network.node_id.valid);
+    assert!(inner.network.node_id_secret.valid);
+    assert_eq!(
+        inner.network.bootstrap,
+        vec![String::from("asdf"), String::from("qwer")]
+    );
+    assert_eq!(inner.network.rpc.concurrency, 2u32);
+    assert_eq!(inner.network.rpc.queue_size, 128u32);
+    assert_eq!(inner.network.rpc.timeout, 10_000_000u64);
+    assert_eq!(inner.network.rpc.max_route_hop_count, 7u8);
+    assert_eq!(inner.network.dht.resolve_node_timeout, Option::<u64>::None);
+    assert_eq!(inner.network.dht.resolve_node_count, 20u32);
+    assert_eq!(inner.network.dht.resolve_node_fanout, 3u32);
+    assert_eq!(inner.network.dht.get_value_timeout, Option::<u64>::None);
+    assert_eq!(inner.network.dht.get_value_count, 20u32);
+    assert_eq!(inner.network.dht.get_value_fanout, 3u32);
+    assert_eq!(inner.network.dht.set_value_timeout, Option::<u64>::None);
+    assert_eq!(inner.network.dht.set_value_count, 20u32);
+    assert_eq!(inner.network.dht.set_value_fanout, 5u32);
+    assert_eq!(inner.network.dht.min_peer_count, 20u32);
+    assert_eq!(inner.network.dht.min_peer_refresh_time, 2000000u64);
+    assert_eq!(
+        inner.network.dht.validate_dial_info_receipt_time,
+        5000000u64
+    );
+
+    assert_eq!(inner.network.upnp, false);
+    assert_eq!(inner.network.natpmp, false);
+    assert_eq!(inner.network.address_filter, true);
+    assert_eq!(inner.network.tls.certificate_path, get_certfile_path());
+    assert_eq!(inner.network.tls.private_key_path, get_keyfile_path());
+    assert_eq!(inner.network.tls.connection_initial_timeout, 2_000_000u64);
+
+    assert_eq!(inner.network.application.path, "/app");
+    assert_eq!(inner.network.application.https.enabled, true);
+    assert_eq!(inner.network.application.https.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.application.http.enabled, true);
+    assert_eq!(inner.network.application.http.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.protocol.udp.enabled, true);
+    assert_eq!(inner.network.protocol.udp.socket_pool_size, 0u32);
+    assert_eq!(inner.network.protocol.udp.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.protocol.udp.public_address, None);
+    assert_eq!(inner.network.protocol.tcp.connect, true);
+    assert_eq!(inner.network.protocol.tcp.listen, true);
+    assert_eq!(inner.network.protocol.tcp.max_connections, 32u32);
+    assert_eq!(inner.network.protocol.tcp.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.protocol.tcp.public_address, None);
+    assert_eq!(inner.network.protocol.ws.connect, true);
+    assert_eq!(inner.network.protocol.ws.listen, true);
+    assert_eq!(inner.network.protocol.ws.max_connections, 16u32);
+    assert_eq!(inner.network.protocol.ws.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.protocol.ws.path, "/ws");
+    assert_eq!(inner.network.protocol.ws.public_address, None);
+    assert_eq!(inner.network.protocol.wss.connect, true);
+    assert_eq!(inner.network.protocol.wss.listen, true);
+    assert_eq!(inner.network.protocol.wss.max_connections, 16u32);
+    assert_eq!(inner.network.protocol.wss.listen_address, "[::1]:5150");
+    assert_eq!(inner.network.protocol.wss.path, "/ws");
+    assert_eq!(inner.network.protocol.wss.public_address, None);
+}
+
+pub async fn test_all() {
+    test_config().await;
+}
--- a/veilid-core/src/tests/common/test_veilid_core.rs
+++ b/veilid-core/src/tests/common/test_veilid_core.rs
@@ -0,0 +1,53 @@
+use super::test_veilid_config::*;
+use crate::xx::*;
+use crate::*;
+
+pub async fn test_startup_shutdown() {
+    trace!("test_startup_shutdown: starting");
+    let veilid_core = VeilidCore::new();
+    let api = veilid_core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    trace!("test_startup_shutdown: shutting down");
+    api.shutdown().await;
+    trace!("test_startup_shutdown: finished");
+}
+
+pub async fn test_attach_detach() {
+    let veilid_core = VeilidCore::new();
+
+    info!("--- test normal order ---");
+    let api = veilid_core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    api.attach().await;
+    intf::sleep(5000).await;
+    api.detach().await;
+    api.wait_for_state(VeilidState::Attachment(AttachmentState::Detached))
+        .await;
+    api.shutdown().await;
+
+    info!("--- test auto detach ---");
+    let api = veilid_core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    api.attach().await;
+    intf::sleep(5000).await;
+    api.shutdown().await;
+
+    info!("--- test detach without attach ---");
+    let api = veilid_core
+        .startup(setup_veilid_core())
+        .await
+        .expect("startup failed");
+    api.detach().await;
+    api.shutdown().await;
+}
+
+pub async fn test_all() {
+    test_startup_shutdown().await;
+    test_attach_detach().await;
+}