Azure
diff --git a/‎Microsoft.WindowsAzure.Storage/includes/was/blob.h
Lines changed: 33 additions & 0 deletions b/‎Microsoft.WindowsAzure.Storage/includes/was/blob.h
Lines changed: 33 additions & 0 deletions
diff --git a/‎Microsoft.WindowsAzure.Storage/includes/was/core.h
Lines changed: 38 additions & 10 deletions b/‎Microsoft.WindowsAzure.Storage/includes/was/core.h
Lines changed: 38 additions & 10 deletions
diff --git a/‎Microsoft.WindowsAzure.Storage/includes/wascore/constants.dat
Lines changed: 4 additions & 0 deletions b/‎Microsoft.WindowsAzure.Storage/includes/wascore/constants.dat
Lines changed: 4 additions & 0 deletions
diff --git a/‎Microsoft.WindowsAzure.Storage/includes/wascore/hashing.h
Lines changed: 32 additions & 0 deletions b/‎Microsoft.WindowsAzure.Storage/includes/wascore/hashing.h
Lines changed: 32 additions & 0 deletions
@@ -1287,6 +1287,7 @@ namespace azure { namespace storage {
                 m_content_md5 = std::move(other.m_content_md5);
                 m_content_type = std::move(other.m_content_type);
                 m_etag = std::move(other.m_etag);
+                m_encryption_key_sha256 = std::move(other.m_encryption_key_sha256);
                 m_last_modified = std::move(other.m_last_modified);
                 m_type = std::move(other.m_type);
                 m_lease_status = std::move(other.m_lease_status);
@@ -1432,6 +1433,15 @@ namespace azure { namespace storage {
             return m_etag;
         }
 
+        /// <summary>
+        /// Gets the SHA-256 of the customer-provided key used to encrypt this blob.
+        /// </summary>
+        /// <returns>The base64-encoded SHA-256 value.</returns>
+        const utility::string_t& encryption_key_sha256() const
+        {
+            return m_encryption_key_sha256;
+        }
+
         /// <summary>
         /// Gets the last-modified time for the blob, expressed as a UTC value.
         /// </summary>
@@ -1583,6 +1593,7 @@ namespace azure { namespace storage {
         utility::string_t m_content_md5;
         utility::string_t m_content_type;
         utility::string_t m_etag;
+        utility::string_t m_encryption_key_sha256;
         utility::datetime m_last_modified;
         utility::datetime m_access_tier_change_time;
         blob_type m_type;
@@ -1819,6 +1830,7 @@ namespace azure { namespace storage {
                 m_stream_write_size = std::move(other.m_stream_write_size);
                 m_stream_read_size = std::move(other.m_stream_read_size);
                 m_absorb_conditional_errors_on_retry = std::move(other.m_absorb_conditional_errors_on_retry);
+                m_encryption_key = std::move(other.m_encryption_key);
             }
             return *this;
         }
@@ -1859,6 +1871,8 @@ namespace azure { namespace storage {
             m_stream_write_size.merge(other.m_stream_write_size);
             m_stream_read_size.merge(other.m_stream_read_size);
             m_absorb_conditional_errors_on_retry.merge(other.m_absorb_conditional_errors_on_retry);
+            if (m_encryption_key.empty() && !other.m_encryption_key.empty())
+                m_encryption_key = other.m_encryption_key;
         }
 
         /// <summary>
@@ -2055,6 +2069,24 @@ namespace azure { namespace storage {
             m_absorb_conditional_errors_on_retry = value;
         }
 
+        /// <summary>
+        /// Gets the customer provided encryption key.
+        /// </summary>
+        /// <returns>The customer provided encryption key.</returns>
+        const std::vector<uint8_t>& encryption_key() const
+        {
+            return m_encryption_key;
+        }
+
+        /// <summary>
+        /// Sets the customer provided encryption key.
+        /// </summary>
+        /// <param name="encryption_key">The customer provided encryption key.</returns>
+        void set_encryption_key(std::vector<uint8_t> encryption_key)
+        {
+            m_encryption_key = std::move(encryption_key);
+        }
+
     private:
 
         option_with_default<bool> m_use_transactional_md5;
@@ -2067,6 +2099,7 @@ namespace azure { namespace storage {
         option_with_default<size_t> m_stream_write_size;
         option_with_default<size_t> m_stream_read_size;
         option_with_default<bool> m_absorb_conditional_errors_on_retry;
+        std::vector<uint8_t> m_encryption_key;
     };
 
     /// <summary>
 
@@ -482,17 +482,20 @@ namespace azure { namespace storage {
     {
         none,
         md5,
+        sha256,
         crc64,
         hmac_sha256,
     };
 
     using checksum_none_t = std::integral_constant<checksum_type, checksum_type::none>;
     using checksum_md5_t = std::integral_constant<checksum_type, checksum_type::md5>;
+    using checksum_sha256_t = std::integral_constant<checksum_type, checksum_type::sha256>;
     using checksum_crc64_t = std::integral_constant<checksum_type, checksum_type::crc64>;
     using checksum_hmac_sha256_t = std::integral_constant<checksum_type, checksum_type::hmac_sha256>;
 
     constexpr auto checksum_none = checksum_none_t();
     constexpr auto checksum_md5 = checksum_md5_t();
+    constexpr auto checksum_sha256 = checksum_sha256_t();
     constexpr auto checksum_crc64 = checksum_crc64_t();
     constexpr auto checksum_hmac_sha256 = checksum_hmac_sha256_t();
 
@@ -516,9 +519,9 @@ namespace azure { namespace storage {
         /// <remarks>
         /// If the provided string is empty, this class is initialized as if checksum method isn't specified.
         /// </remarks>
-        checksum(utility::string_t md5) : m_type(checksum_type::md5), m_md5(std::move(md5))
+        checksum(utility::string_t md5) : m_type(checksum_type::md5), m_str_hash(std::move(md5))
         {
-            if (m_md5.empty())
+            if (m_str_hash.empty())
             {
                 m_type = checksum_type::none;
             }
@@ -555,7 +558,16 @@ namespace azure { namespace storage {
         /// </summary>
         /// <param name="type">Explicitly specified checksum type, must be <see cref="azure::storage::checksum_md5" />.</param>
         /// <param name="val">A string containing base64-encoded MD5.</param>
-        checksum(checksum_md5_t type, utility::string_t val) : m_type(type.value), m_md5(std::move(val))
+        checksum(checksum_md5_t type, utility::string_t val) : m_type(type.value), m_str_hash(std::move(val))
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="azure::storage::checksum" /> class with SHA-256 hash value.
+        /// </summary>
+        /// <param name="type">Explicitly specified checksum type, must be <see cref="azure::storage::checksum_sha256" />.</param>
+        /// <param name="val">A string containing base64-encoded SHA-256.</param>
+        checksum(checksum_sha256_t type, utility::string_t val) : m_type(type.value), m_str_hash(std::move(val))
         {
         }
 
@@ -573,7 +585,7 @@ namespace azure { namespace storage {
         /// </summary>
         /// <param name="type">Explicitly specified checksum type, must be <see cref="azure::storage::checksum_hmac_sha256" />.</param>
         /// <param name="val">A string containing base64-encoded HMAC-SHA256 authentication code.</param>
-        checksum(checksum_hmac_sha256_t type, utility::string_t val) : m_type(type.value), m_hmac_sha256(std::move(val))
+        checksum(checksum_hmac_sha256_t type, utility::string_t val) : m_type(type.value), m_str_hash(std::move(val))
         {
         }
 
@@ -600,8 +612,7 @@ namespace azure { namespace storage {
             if (this != &other)
             {
                 m_type = std::move(other.m_type);
-                m_md5 = std::move(other.m_md5);
-                m_hmac_sha256 = std::move(other.hmac_sha256);
+                m_str_hash = std::move(other.m_str_hash);
                 m_crc64 = std::move(other.m_crc64);
             }
             return *this;
@@ -617,6 +628,15 @@ namespace azure { namespace storage {
             return m_type == checksum_type::md5;
         }
 
+        /// <summary>
+        /// Indicates whether this is an SHA-256 checksum.
+        /// </summary>
+        /// <returns><c>true</c> if this is an SHA-256 checksum; otherwise, <c>false</c>.</returns>
+        bool is_sha256() const
+        {
+            return m_type == checksum_type::sha256;
+        }
+
         /// <summary>
         /// Indicates whether this is an HMAC-SHA256 authentication code.
         /// </summary>
@@ -650,7 +670,16 @@ namespace azure { namespace storage {
         /// <returns>A string containing base64-encoded MD5.</returns>
         const utility::string_t& md5() const
         {
-            return m_md5;
+            return m_str_hash;
+        }
+
+        /// <summary>
+        /// Gets the SHA-256 checksum.
+        /// </summary>
+        /// <returns>A string containing base64-encoded SHA-256.</returns>
+        const utility::string_t& sha256() const
+        {
+            return m_str_hash;
         }
 
         /// <summary>
@@ -659,7 +688,7 @@ namespace azure { namespace storage {
         /// <returns>A string containing base64-encoded HMAC-256 authentiction code.</returns>
         const utility::string_t& hmac_sha256() const
         {
-            return m_hmac_sha256;
+            return m_str_hash;
         }
 
         /// <summary>
@@ -675,8 +704,7 @@ namespace azure { namespace storage {
 
     private:
         checksum_type m_type;
-        utility::string_t m_md5;
-        utility::string_t m_hmac_sha256;
+        utility::string_t m_str_hash;
         uint64_t m_crc64;
     };
 
 
@@ -210,6 +210,9 @@ DAT(ms_header_file_change_time, _XPLATSTR("x-ms-file-change-time"))
 DAT(ms_header_file_id, _XPLATSTR("x-ms-file-id"))
 DAT(ms_header_file_parent_id, _XPLATSTR("x-ms-file-parent-id"))
 DAT(ms_header_previous_snapshot_url, _XPLATSTR("x-ms-previous-snapshot-url"))
+DAT(ms_header_encryption_key, _XPLATSTR("x-ms-encryption-key"))
+DAT(ms_header_encryption_key_sha256, _XPLATSTR("x-ms-encryption-key-sha256"))
+DAT(ms_header_encryption_algorithm, _XPLATSTR("x-ms-encryption-algorithm"))
 
 // header values
 DAT(header_value_storage_version, _XPLATSTR("2019-07-07"))
@@ -285,6 +288,7 @@ DAT(header_value_file_attribute_offline, _XPLATSTR("Offline"))
 DAT(header_value_file_attribute_notcontentindexed, _XPLATSTR("NotContentIndexed"))
 DAT(header_value_file_attribute_noscrubdata, _XPLATSTR("NoScrubData"))
 DAT(header_value_file_attribute_delimiter, _XPLATSTR(" | "))
+DAT(header_value_encryption_algorithm_aes256, _XPLATSTR("AES256"))
 
 // xml strings
 DAT(xml_last_modified, _XPLATSTR("Last-Modified"))
 
@@ -151,6 +151,33 @@ namespace azure { namespace storage { namespace core {
 #endif
     };
 
+    class sha256_hash_provider_impl : public cryptography_hash_provider_impl
+    {
+    public:
+        sha256_hash_provider_impl();
+        ~sha256_hash_provider_impl() override;
+
+        bool is_enabled() const override
+        {
+            return true;
+        }
+
+        void write(const uint8_t* data, size_t count) override;
+        void close() override;
+
+        checksum hash() const override
+        {
+            return checksum(checksum_sha256, utility::conversions::to_base64(m_hash));
+        }
+
+    private:
+#ifdef _WIN32
+        static BCRYPT_ALG_HANDLE algorithm_handle();
+#else // Linux
+        SHA256_CTX* m_hash_context = nullptr;
+#endif
+    };
+
     class crc64_hash_provider_impl : public hash_provider_impl
     {
     public:
@@ -215,6 +242,11 @@ namespace azure { namespace storage { namespace core {
             return hash_provider(std::make_shared<md5_hash_provider_impl>());
         }
 
+        static hash_provider create_sha256_hash_provider()
+        {
+            return hash_provider(std::make_shared<sha256_hash_provider_impl>());
+        }
+
         static hash_provider create_crc64_hash_provider()
         {
             return hash_provider(std::make_shared<crc64_hash_provider_impl>());