USB Fingerprint Reader Test Plan
From Genunix
1 Introduction
1.1 Authors
Raymond Chen/Henry Jiang
1.2 Test Sponsor
Tim Foster
1.3 Test Plan Approval
| Title | Name | Version | Date |
|---|---|---|---|
| Development Lead | Gaopeng Chen | 2007/09/10 | |
| Development Manager | |||
| Test Sponsor | Tim Foster | 2007/10/20 |
1.4 Open Source Project
- Is this an open source development project? Yes
- Does this project use any open source test software? No
1.5 Revision History
| Date | Revision | Comments | Approval/Status |
|---|---|---|---|
| 2007-09-01 | 0.1 | Initial Draft | In Work |
| 2007-09-10 | 0.2 | Iteam reviewed | Approved |
| 2007-10-20 | 1.0 | Test sponsor reviewed. | Approved |
1.6 References
- Fingerprint Authentication project
- CR 6498965: fingerprint reader should be supported
- Common Biometric Exchange File Format (NISTIR 6529)
1.7 Staffing
| Name | Role | % Commitment | Duration |
|---|---|---|---|
| Henry Jiang | Test Engineer | 50% | 5 months |
1.8 Glossary
| Term | Definition |
|---|---|
| PAM | Pluggable Authentication Module,The PAM framework, libpam, consists of an interface library and multiple authentication service modules. The PAM interface library is the layer implementing the Application Programming Interface ( API ). |
| CBEFF | Common Biometric Exchange File Format, is widely used for bio authentication. |
| SPI | Service Provider Interface, programming interface between PAM library and PAM service modules |
2 Test Program Summary
This program verifies USB fingerprint authentication solution for Solaris. USB fingerprint authentication solution provides a fingerprint reader support framework, a new PAM service and a new management command. The following components are involved:
- libfpr, a library on top of libusb, provides two sets of interfaces. One set is for applications and the other is for customized fingerprint device driver and fingerprint matching algorithms.
- pam_bio, an pluggable module for PAM stack and also an application to use libfpr. It provides the background authentication service for PAM.
- GUI interface, the end user of fingerprint/PAM authentication. It provides authentication for X window users ( We only tested as a user, JDS team responsible for it).
- bioadm, the command line interface to manage and configure fingerprint database.
- fpr_vendor.so, vendor's specific implementation of algorithm and device driver.
Since the fingerprint support is an authentication solution for Solaris, it poses a very sensitive security issue. Much of the test effort will be focused on the security related parts. This solution also involves libraries. Another focus will be on these library interfaces stability and MT-safety. Besides, user experience, GUI and CLI, is also a test component.
3 Operational Factors
3.1 Assumptions
Assumption #1
- Support for NIS,NISPLUS, LDAP was not in this scope.
Assumption #2
- For plug-in devices do not have hardware dependencies, there will be no specific machines, but will cover Intel/AMD64/Sparc platform.
3.2 Dependencies
Dependency #1
- PSARC/2007/331 logindevperm device exception list.
Dependency #2
- Fingerprint reader support from JDS team.
3.3 Risks
Risk #1
- Description: The project is still under PSARC review and the final interfaces may take an extended period for final approval. Design shifts could cause test breakage and delay the implementation of some tests.
- Likelihood of Occurrence: High
- Mitigation and Contingency Plan: Tests will be developed for stable interfaces first. Some of the instability involves function names but not their functionality. This shouldn't hold up test development. We'll set up other types of testing first to give the PSARC issue time to settle out and try to isolate our exposure to the problem as much as possible.
Risk #2
- Description: Finger print products don't have a standard, when more devices are supported, the interfaces may change.
- Likelihood of Occurrence: High
- Mitigation and Contingency Plan: Test suites will be keep updated.
4 Test Development
| Test Name | Automated or Manual | Test Type | Project Component | Description |
|---|---|---|---|---|
| libfpr_ts | Automated | Functional | libfpr | test interface of libfpr |
| fpr_auto | Automated | Functional | pam_bio/bioadm | a loadable module for automatic fingerprint authentication test. |
| bioadm_test | Automated | Functional | bioadm | bioadm command test. |
5 Areas of Testing
5.1 Functional Testing
pam_bio SPI test:
For different entry services(PAM consumers), configure the pam_bio as the service provider(PAM service modules). The current solution supports three PAM consumers--dtlogin, xscreensaver and gdm.
- 1) Test the three applications with correct setting in pam.conf.
- 2) Test the three application with incorrect setting in pam.conf.
libfpr and fpr_vendor.so test:
- Run libfpr_ts to test the application and driver interface of libfpr.
bioadm command test:
- a test program will be written to test the command.
- check it can be run with correct role set.
5.2 Regression Testing
This project presents a new Solaris system authentication method. It must not cause any regression on the existing authentication process.
- Verify no regression on username-password authentication method on local system.
- Verify no regression on remote system authentication services,like rlogin,ssh,ftp,telnet etc.
- we can also select these SECURITY testsuite from DIYPIT.
gss_api (1.12.1) ipsec_kef (1.3) krb5_srv_cmd (1.4.3) ssh (2.0.0)
5.3 Conformance Testing
This project is going to add a service module to Solaris PAM framework and a command line interface. It needs to verify:
- The new service module is conformed with Solaris PAM framework.
- The new command is conformed with Solaris CLIP (Command Line Interface Paradigm) specification.
5.4 Stress/Robustness Testing
- we will develop an module( fpr_auto) to automatically send good/bad finger image for auth.
verify it works properly under high stress.
5.5 Performance Testing
- By sent in 1000 finger print images (good/bad), to measure average verification time should be less than 1 sec.
5.6 Memory Leak Testing
mdb ::findleaks will be run with libumem for every testsuite to detect memory leaks.
1) UMEM_DEBUG=default UMEM_LOGGING=transaction LD_PRELOAD=libumem.so.1 ./test
2) ps -ef | grep test
3) gcore PID
4) mdb core.PID
5) ::findleaks
5.7 Required Feature Testing
- Zones Testing
- zlogin will not support it, but we can verify bioadm in local zone by export finger print devices .
- ZFS Testing
- no ZFS related specific testing.
- Trusted Extensions Testing
- Testing the above feature can be run when trusted extension enabled.
- xVM Testing
- finger print should work as the same in dom0 as in solaris.
- Concurrent Testing in Different zones/Dom.
- finger print IO is exclusive, if the reader is being used in one Zone or Dom, the other accesses in another Zone or Dom will return a open failure.
5.8 Interoperability Testing
There are no interoperability requirements for this project.
5.9 Testing Not Covered
None
5.10 Documentation Testing
bioadm/libfpr is already cover by functional testing.
5.11 Internationalization Testing
6 Test Execution
6.1 Hardware Test Configurations
The testing should be run on these devices:
- 0483.2016, SGS Thomson Microelectronics (embedded in laptops)
- 061a.0200, Veridicom International FPS200
- 045e.00bd, Microsoft Fingerprint Reader
- 045e.00bb, Microsoft Keyboard with Fingerprint Reader
- 05ba.0007, U.are.U fingerprint device (not verified)
- 05ba.000a, U.are.U fingerprint device (not verified)
- Dell 270/ SB1500/ Ultra20 will be used as test machine.
In addition to these supported hardware, we will try to get as many unsupported devices
to test it will fail gracefully.
SunRay testing: we will setup a SunRay server connect with 2 Sunray clients, it can work on server as normal Solaris, also can work on clients with correct configuration. <Note: SunRay right now is not officially supported, but make sure it will not borke the system>
Multi finger print testing
- configure different PAM service with different finger print reader(specfic vid/pid or serial no), both should work correctly.
- configure same PAM service with 2 different finger print reader(specfic vid/pid or serial no), register 1 finger on each, both should be required when verifying.
- Not specially configured for different PAM service, only first one finger print reader can work.
6.2 Software Test Configurations
- X86 32-bit kernel (debug, non-debug)
- X64 64-bit kernel (debug, non-debug)
- Sparc 64-bit kernel (debug, non-debug)
6.3 Extrapolation Strategy (if applicable)
N/A
6.4 Pre-Integration PIT Run
- Is a pre-integration PIT run is required? (REQUIRED, RECOMMENDED, NONE)?
NONE
6.5 Test Execution Matrix
| Test Name | DELL 270 | Sun Blade 1500 | Ultra 20 | Comments |
|---|---|---|---|---|
| libfpr_ts | ||||
| bioadm | ||||
| dtlogin | ||||
| xscreensaver |
7 Schedules and Milestones
| Milestone | Target Date (yyyy-mm-dd) | Actual Date (yyyy-mm-dd) |
|---|---|---|
| Dev prototype finised | 03/30/07 | 03/30/07 |
| Test Plan First Draft | 6/22 | 6/22 |
| C-TEAM Inception review | 6/20 | 6/20 |
| Test Plan I-team reviewed | 6/29 | 9/10 |
| Test Plan approved | 7/15 | 10/20 |
| Test development Start | 7/2 | 10/2 |
| PSARC Commitment review | 10/17 | 10/17 |
| Test development Completed | 10/30 | |
| Full Test start | 10/30 | |
| Putback | 11/20(snv77) |
8 Post-Integration Testing Information
8.1 Test Suite Integration Requirements
| Test Suite Name | Source Integration Location | Target Integration Date | Comments |
|---|---|---|---|
| libfpr_ts | onstc2 | 08/03 |
8.2 Test Suite Execution Integration Requirements
| Test Suite Name | Test Execution Group | Comments |
|---|---|---|
8.3 Other Post-Integration Requirements
None
(OpenSolaris Test Plan)
