aws · andrewhop · Aug 22, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
@@ -0,0 +1,44 @@
+name: Test C++ capture_hash Implementation for Windows
+
+on:
+  pull_request:
+    branches: [ inject-hash-cpp-experiment ]
+
+jobs:
+  test-cpp-capture-hash:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        submodules: 'recursive'
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.20'
+
+    - name: Setup Visual Studio Environment
+      uses: ilammy/msvc-dev-cmd@v1
+      with:
+        arch: x64
+
+    - name: Install Dependencies (Windows)
+      run: |
+        choco install cmake --confirm --no-progress || echo "cmake already installed"
+        choco install ninja --confirm --no-progress || echo "ninja already installed"  
+        choco install strawberryperl --confirm --no-progress || echo "strawberryperl already installed"
+        choco install golang --confirm --no-progress || echo "golang already installed"
+        choco install nasm --confirm --no-progress || echo "nasm already installed"
+
+    - name: Verify Dependencies
+      run: |
+        cmake --version
+        ninja --version
+        go version
+        perl --version
+        cl
+
+    - name: Build and Test (Windows)
+      run: |
+        .\tests\ci\run_capture_hash_cpp.bat
@@ -19,9 +19,31 @@ jobs:
       fail-fast: false
 
     steps:
-    - uses: actions/checkout@v2
+    - name: Checkout main repository
+      uses: actions/checkout@v4
       with:
-        submodules: 'recursive'
+        fetch-depth: 0
+        # Don't initialize submodules yet
+
+    - name: Handle LIEF submodule specifically
+      run: |
+        git config --global --add safe.directory '*'
+        echo "Cleaning any existing LIEF directory..."
+        rm -rf third_party/lief
+
+        echo "Initializing only the LIEF submodule..."
+        git submodule init third_party/lief
+        git submodule update third_party/lief
+
+        echo "Verifying LIEF submodule..."
+        ls -la third_party/lief
+
+        echo "Now initializing remaining submodules..."
+        git submodule update --init --recursive
+
+    - name: Verify all submodules
+      run: |
+        git submodule status
 
     - name: Set up Go
       uses: actions/setup-go@v2

@@ -624,13 +624,23 @@ if(FIPS_SHARED)
     target_link_libraries(fips_empty_main PUBLIC precrypto)
     target_include_directories(fips_empty_main PRIVATE ${AWSLC_SOURCE_DIR}/include)
     target_include_directories(fips_empty_main BEFORE PRIVATE ${AWSLC_BINARY_DIR}/symbol_prefix_include)
+    if(USE_CPP_INJECT_HASH)
+      add_custom_command(OUTPUT generated_fips_shared_support.c
+              COMMAND ${CMAKE_BINARY_DIR}/util/fipstools/inject_hash_cpp/capture_hash_cpp
+              -in-executable $<TARGET_FILE:fips_empty_main>
+              > generated_fips_shared_support.c
+              WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+              DEPENDS fips_empty_main capture_hash_cpp
+              )
+    else()
     add_custom_command(OUTPUT generated_fips_shared_support.c
             COMMAND ${GO_EXECUTABLE} run
             ${AWSLC_SOURCE_DIR}/util/fipstools/capture_hash/capture_hash.go
             -in-executable $<TARGET_FILE:fips_empty_main> > generated_fips_shared_support.c
             WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
             DEPENDS fips_empty_main ${AWSLC_SOURCE_DIR}/util/fipstools/capture_hash/capture_hash.go
             )
+    endif()
     add_library(
       generated_fipsmodule
 

@@ -0,0 +1,97 @@
+@echo off
+setlocal enabledelayedexpansion
+
+REM Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+REM SPDX-License-Identifier: Apache-2.0 OR ISC
+REM Adapted from tests/ci/run_windows_tests.bat
+
+echo Running capture_hash.cpp tests...
+
+REM Setup environment (from run_windows_tests.bat)
+set SRC_ROOT=%cd%
+set BUILD_DIR=%SRC_ROOT%\test_build_dir
+
+REM Setup Visual Studio environment - using same pattern as run_windows_tests.bat
+REM We'll assume GitHub Actions provides the right VS environment, but check anyway
+cl >nul 2>&1
+if !errorlevel! neq 0 (
+    echo Error: Visual Studio build tools not available
+    exit /b 1
+)
+
+REM Build with our specific configuration (adapted from existing :build function)
+call :build RelWithDebInfo "-DFIPS=1 -DBUILD_SHARED_LIBS=1 -DUSE_CPP_INJECT_HASH=ON" || goto error
+
+cd /d "%BUILD_DIR%"
+
+REM Initialize error counter
+set ERRORS=0
+
+echo.
+echo TESTING CAPTURE_HASH.CPP WITH EDGE CASES...
+
+REM Test 1: No arguments (should fail)
+echo Running test: No arguments test
+util\fipstools\inject_hash_cpp\capture_hash_cpp.exe >nul 2>&1
+if !errorlevel! == 0 (
+    echo Test 'No arguments test' was expected to fail but succeeded
+    set /a ERRORS+=1
+) else (
+    echo Test 'No arguments test' failed as expected
+)
+
+REM Test 2: Invalid file (should fail)  
+echo Running test: Invalid file test
+util\fipstools\inject_hash_cpp\capture_hash_cpp.exe -in-executable nonexistent.exe >nul 2>&1
+if !errorlevel! == 0 (
+    echo Test 'Invalid file test' was expected to fail but succeeded
+    set /a ERRORS+=1
+) else (
+    echo Test 'Invalid file test' failed as expected
+)
+
+REM Test 3: FIPS integrity sanity check(should succeed)
+echo Running test: FIPS integrity sanity check
+crypto\crypto_test.exe >nul 2>&1
+if !errorlevel! neq 0 (
+    echo Test 'FIPS integrity sanity check' failed - FIPS module has integrity issues
+    set /a ERRORS+=1
+) else (
+    echo Test 'FIPS integrity sanity check' passed - FIPS module integrity OK
+)
+
+echo.
+echo === Summary ===
+echo Total errors: !ERRORS!
+
+if !ERRORS! gtr 0 (
+    echo One or more tests failed
+    exit /b 1
+) else (
+    echo All tests passed
+    exit /b 0
+)
+
+REM Build function copied from run_windows_tests.bat
+REM Note: The build function is intentionally duplicated from run_windows_tests.bat
+REM       as Windows batch files don't support function sharing like bash scripts.
+REM       This keeps the script self-contained and more reliable.
+:build
+@echo on
+@echo LOG: %date%-%time% %1 %2 build started with cmake generation
+cd %SRC_ROOT%
+rmdir /s /q %BUILD_DIR%
+mkdir %BUILD_DIR%
+cd %BUILD_DIR%
+
+cmake -GNinja -DCMAKE_BUILD_TYPE=%~1 %~2 %SRC_ROOT% || goto error
+
+@echo LOG: %date%-%time% %1 %2 cmake generation complete, starting build
+ninja || goto error
+@echo LOG: %date%-%time% %1 %2 build complete
+@echo off
+exit /b 0
+
+:error
+echo Failed with error #%errorlevel%.
+exit /b 1
@@ -1,28 +1,52 @@
 if(USE_CPP_INJECT_HASH)
-    add_executable(inject_hash_cpp
-        inject_hash.cpp
-        ../../../tool/args.cc
-    )
+    if(MSVC)
+        # On Windows, only build capture_hash_cpp
+        add_executable(capture_hash_cpp
+            capture_hash.cpp
+            ../../../tool/args.cc
+        )
 
-    target_include_directories(inject_hash_cpp PRIVATE
-        ${CMAKE_CURRENT_SOURCE_DIR}
-        ${CMAKE_CURRENT_BINARY_DIR}
-        ${CMAKE_SOURCE_DIR}/include
-        ${CMAKE_SOURCE_DIR}    # Add this line to find tool/internal.h
-    )
-
-    # due to aws-lc's nature of converting every warning into an error,
-    # we need to disable some warnings that are coming from the LIEF submodule
-    if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
-        target_compile_options(inject_hash_cpp PRIVATE
-            -Wno-overloaded-virtual
-            -Wno-unused-parameter
+        target_include_directories(capture_hash_cpp PRIVATE 
+            ${CMAKE_CURRENT_SOURCE_DIR}
+            ${CMAKE_CURRENT_BINARY_DIR}
+            ${CMAKE_SOURCE_DIR}/include
+            ${CMAKE_SOURCE_DIR}
+        )
+
+        target_compile_options(capture_hash_cpp PRIVATE
+            /wd4577  # Suppress 'noexcept' warning
         )
-    endif()
 
-    target_link_libraries(inject_hash_cpp PRIVATE
-        LIEF::LIEF
-        fips_hashing
-    )
+        set_target_properties(capture_hash_cpp PROPERTIES
+            CXX_STANDARD 17
+            CXX_STANDARD_REQUIRED ON
+        )
+    else()
+        add_executable(inject_hash_cpp
+            inject_hash.cpp
+            ../../../tool/args.cc
+        )
+
+        target_include_directories(inject_hash_cpp PRIVATE
+            ${CMAKE_CURRENT_SOURCE_DIR}
+            ${CMAKE_CURRENT_BINARY_DIR}
+            ${CMAKE_SOURCE_DIR}/include
+            ${CMAKE_SOURCE_DIR}    # Add this line to find tool/internal.h
+        )
+
+        # due to aws-lc's nature of converting every warning into an error,
+        # we need to disable some warnings that are coming from the LIEF submodule
+        if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
+            target_compile_options(inject_hash_cpp PRIVATE
+                -Wno-overloaded-virtual
+                -Wno-unused-parameter
+            )
+        endif()
+
+        target_link_libraries(inject_hash_cpp PRIVATE
+            LIEF::LIEF
+            fips_hashing
+        )
+    endif()
 endif()