Add streaming S3 transfers and sccache test flow

SMB protocol:
- Fix SPNEGO DER encoding for payloads >127 bytes
- Fix Create/Write request offset calculations (off-by-one)
- Fix Create/Write response minimum size checks
- Handle STATUS_PENDING by looping for final response
- Offer SMB 3.0.0/3.0.2 dialect fallbacks in negotiate
- Add NTLMSSP Version field and echo server negotiate flags
- Cap max read/write to 64KB to avoid oversized messages

SMB3 message signing:
- SHA-512 and AES-128-CMAC via CommonCrypto FFI
- SP800-108 KDF signing key derivation from session base key
- Preauth integrity hash tracking through handshake
- Sign all post-auth messages with AES-128-CMAC

S3 layer:
- Map SMB NotFound → S3 NoSuchKey (404), PermissionDenied → 403
- Streaming PutObject via channel-backed body

Test harness:
- make test runs sccache integration against SMB share
- Cold build populates cache, warm build verifies 100% hit rate

Author: lukekim

CLAUDE.md

@@ -18,7 +18,7 @@ spio is an S3-compatible API proxy that translates S3 HTTP requests into SMB 3.1
 ```bash
 make                           # fmt + lint + test + build (default target)
 make release                   # optimized release build
-make lint                      # cargo fmt --check + cargo clippy
+make lint                      # fmt-check + check + strict clippy + rustdoc warnings
 make test                      # sccache integration test (requires SPIO_SMB_USER/PASS)
 make fmt                       # auto-format
 make clean                     # cargo clean
@@ -39,11 +39,11 @@ The binary requires these environment variables:
 
 The codebase has three modules:
 
-- **`s3`** — HTTP layer. Parses incoming S3 API requests and produces XML responses. `router.rs` is the central dispatch (path-style bucket routing). Covers GetObject, PutObject, CopyObject, DeleteObject, HeadObject, ListObjectsV1/V2, multipart uploads, and stub endpoints for ACL/tagging/versioning. Auth is SigV4 (header + presigned URL) in `auth.rs`. `xml.rs` is a hand-rolled XML builder. `multipart.rs` manages upload state in-memory, with parts stored as temp files under `.spio-uploads/` on the SMB share. `body.rs` implements `SpioBody`, a zero-copy streaming response body (channel-backed for large reads, inline for XML/errors).
+- **`s3`** — HTTP layer. Parses incoming S3 API requests and produces XML responses. `router.rs` is the central dispatch (path-style bucket routing). Covers GetObject, PutObject, CopyObject, DeleteObject, HeadObject, ListObjectsV1/V2, multipart uploads, and stub endpoints for ACL/tagging/versioning. `xml.rs` is a hand-rolled XML builder. `multipart.rs` manages upload state in-memory, with parts stored as temp files under `.spio-uploads/` on the SMB share. `body.rs` implements `SpioBody`, a zero-copy streaming response body (channel-backed for large reads, inline for XML/errors).
 
-- **`smb`** — Wire protocol client. `protocol.rs` defines SMB 3.1.x packet structures (little-endian). `client.rs` manages the TCP connection, negotiate/session-setup handshake, and exposes operations (tree connect, create, read, write, close, query directory, query info). `auth.rs` implements NTLMv2 challenge-response. `ops.rs` provides the high-level `ShareSession` abstraction the S3 layer consumes (list, read, write, delete, stat, copy).
+- **`smb`** — Wire protocol client. `protocol.rs` defines SMB 3.1.x packet structures (little-endian). `client.rs` manages the TCP connection, negotiate/session-setup handshake, and exposes operations (tree connect, create, read, write, close, query directory). `auth.rs` implements NTLMv2 challenge-response. `ops.rs` provides the high-level `ShareSession` abstraction the S3 layer consumes (list, read, write, delete, stat, copy).
 
-- **`crypto`** — FFI bindings to macOS CommonCrypto (`Security.framework`/`libcommonCrypto`). Exposes MD4, SHA-256, HMAC-MD5, HMAC-SHA256. No Rust crypto crates.
+- **`crypto`** — FFI bindings to macOS CommonCrypto (`Security.framework`/`libcommonCrypto`). Exposes MD4, SHA-256, and HMAC-MD5. No Rust crypto crates.
 
 **Request flow:** HTTP request → `s3::router::handle_request` → S3 operation → `smb::ops::ShareSession` method → `smb::client::SmbClient` wire operations → TCP to SMB server.
 

Cargo.toml

@@ -20,6 +20,17 @@ http = "1"
 bytes = "1"
 percent-encoding = "2"
 
+[lints.rust]
+warnings = "deny"
+unsafe_op_in_unsafe_fn = "deny"
+unused_lifetimes = "deny"
+unused_qualifications = "deny"
+
+[lints.clippy]
+all = { level = "deny", priority = -1 }
+cargo = { level = "deny", priority = -1 }
+cargo_common_metadata = "allow"
+
 [profile.release]
 opt-level = 3
 lto = "fat"

Makefile

@@ -1,26 +1,29 @@
-.PHONY: build release check fmt lint clippy test clean all
+.PHONY: build release check fmt fmt-check clippy doc lint test clean all
 
 all: fmt lint test build
 
 build:
-	cargo build
+	cargo build --locked --all-targets --all-features
 
 release:
-	cargo build --release
+	cargo build --release --locked
 
 check:
-	cargo check
+	cargo check --locked --all-targets --all-features
 
 fmt:
-	cargo fmt
+	cargo fmt --all
 
 fmt-check:
-	cargo fmt --check
+	cargo fmt --all --check
 
 clippy:
-	cargo clippy -- -W clippy::all
+	cargo clippy --locked --all-targets --all-features -- -D warnings -D clippy::all -D clippy::cargo -A clippy::cargo-common-metadata
 
-lint: fmt-check clippy
+doc:
+	RUSTDOCFLAGS="-D warnings" cargo doc --locked --workspace --no-deps --document-private-items
+
+lint: fmt-check check clippy doc
 
 test: build
 	./scripts/test-sccache.sh

README.md

@@ -10,8 +10,6 @@ S3-compatible API proxy to SMB file shares. Translates S3 HTTP requests into SMB
 
 GetObject (range + conditional), PutObject, CopyObject, DeleteObject, HeadObject, ListObjectsV1/V2, ListBuckets, multipart uploads (create/upload-part/complete/abort/list-parts/list-uploads), HeadBucket, GetBucketLocation, and stubs for ACL, tagging, and versioning.
 
-Auth: AWS Signature V4 (Authorization header and presigned URLs).
-
 ## Build
 
 Requires Rust (edition 2024) and macOS 26+.
@@ -20,7 +18,7 @@ Requires Rust (edition 2024) and macOS 26+.
 make                # fmt + lint + test + build
 make release        # optimized release build
 make test           # run tests
-make lint           # cargo fmt --check + cargo clippy
+make lint           # fmt-check + check + strict clippy + rustdoc warnings
 ```
 
 ## Configuration

src/crypto/ffi.rs

@@ -6,21 +6,33 @@ use std::os::raw::{c_uint, c_void};
 const CC_MD4_DIGEST_LENGTH: usize = 16;
 const CC_MD5_DIGEST_LENGTH: usize = 16;
 const CC_SHA256_DIGEST_LENGTH: usize = 32;
+const CC_SHA512_DIGEST_LENGTH: usize = 64;
 
 // HMAC algorithm identifiers (from CommonCrypto/CommonHMAC.h)
 const K_CC_HMAC_ALG_MD5: c_uint = 1;
 const K_CC_HMAC_ALG_SHA256: c_uint = 2;
 
+// CCCrypt constants
+const K_CC_ENCRYPT: u32 = 0;
+const K_CC_ALGORITHM_AES128: u32 = 0;
+const K_CC_OPTION_ECB_MODE: u32 = 2;
+
+const AES_BLOCK_SIZE: usize = 16;
+
 unsafe extern "C" {
     // CC_MD4
     fn CC_MD4(data: *const c_void, len: c_uint, md: *mut u8) -> *mut u8;
 
     // CC_MD5
+    #[cfg(test)]
     fn CC_MD5(data: *const c_void, len: c_uint, md: *mut u8) -> *mut u8;
 
     // CC_SHA256
     fn CC_SHA256(data: *const c_void, len: c_uint, md: *mut u8) -> *mut u8;
 
+    // CC_SHA512
+    fn CC_SHA512(data: *const c_void, len: c_uint, md: *mut u8) -> *mut u8;
+
     // CCHmac
     fn CCHmac(
         algorithm: c_uint,
@@ -30,6 +42,21 @@ unsafe extern "C" {
         data_length: usize,
         mac_out: *mut c_void,
     );
+
+    // CCCrypt — single-shot encrypt/decrypt
+    fn CCCrypt(
+        op: u32,
+        alg: u32,
+        options: u32,
+        key: *const c_void,
+        key_length: usize,
+        iv: *const c_void,
+        data_in: *const c_void,
+        data_in_length: usize,
+        data_out: *mut c_void,
+        data_out_available: usize,
+        data_out_moved: *mut usize,
+    ) -> i32;
 }
 
 /// Compute MD4 digest. Used in NTLM password hashing.
@@ -45,7 +72,8 @@ pub fn md4(data: &[u8]) -> [u8; 16] {
     out
 }
 
-/// Compute MD5 digest. Used in NTLMv2 computations.
+#[cfg(test)]
+/// Compute MD5 digest. Used in tests for the CommonCrypto binding.
 pub fn md5(data: &[u8]) -> [u8; 16] {
     let mut out = [0u8; CC_MD5_DIGEST_LENGTH];
     unsafe {
@@ -87,7 +115,20 @@ pub fn sha256(data: &[u8]) -> [u8; 32] {
     out
 }
 
-/// Compute HMAC-SHA256. Used in AWS Signature V4.
+/// Compute SHA-512 digest. Used for SMB 3.1.1 preauth integrity hash.
+pub fn sha512(data: &[u8]) -> [u8; 64] {
+    let mut out = [0u8; CC_SHA512_DIGEST_LENGTH];
+    unsafe {
+        CC_SHA512(
+            data.as_ptr() as *const c_void,
+            data.len() as c_uint,
+            out.as_mut_ptr(),
+        );
+    }
+    out
+}
+
+/// Compute HMAC-SHA256. Used in signing key derivation (SP800-108 KDF).
 pub fn hmac_sha256(key: &[u8], data: &[u8]) -> [u8; 32] {
     let mut out = [0u8; CC_SHA256_DIGEST_LENGTH];
     unsafe {
@@ -103,6 +144,95 @@ pub fn hmac_sha256(key: &[u8], data: &[u8]) -> [u8; 32] {
     out
 }
 
+/// AES-ECB encrypt a single 16-byte block.
+fn aes128_ecb_block(key: &[u8; 16], block: &[u8; 16]) -> [u8; 16] {
+    let mut out = [0u8; 16];
+    let mut out_len: usize = 0;
+    unsafe {
+        CCCrypt(
+            K_CC_ENCRYPT,
+            K_CC_ALGORITHM_AES128,
+            K_CC_OPTION_ECB_MODE,
+            key.as_ptr() as *const c_void,
+            16,
+            std::ptr::null(),
+            block.as_ptr() as *const c_void,
+            16,
+            out.as_mut_ptr() as *mut c_void,
+            16,
+            &mut out_len,
+        );
+    }
+    out
+}
+
+/// Compute AES-128-CMAC (RFC 4493). Used for SMB 3.x message signing.
+pub fn aes128_cmac(key: &[u8; 16], data: &[u8]) -> [u8; 16] {
+    // Step 1: Generate subkeys
+    let zero_block = [0u8; AES_BLOCK_SIZE];
+    let l = aes128_ecb_block(key, &zero_block);
+
+    let k1 = dbl_block(&l);
+    let k2 = dbl_block(&k1);
+
+    // Step 2: Determine number of blocks
+    let n = if data.is_empty() {
+        1
+    } else {
+        (data.len() + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE
+    };
+    let complete = !data.is_empty() && data.len() % AES_BLOCK_SIZE == 0;
+
+    // Step 3: Build the last block
+    let mut last = [0u8; AES_BLOCK_SIZE];
+    if complete {
+        let start = (n - 1) * AES_BLOCK_SIZE;
+        last.copy_from_slice(&data[start..start + AES_BLOCK_SIZE]);
+        xor_block(&mut last, &k1);
+    } else {
+        // Pad with 10*
+        let start = (n - 1) * AES_BLOCK_SIZE;
+        let remaining = data.len() - start;
+        last[..remaining].copy_from_slice(&data[start..]);
+        last[remaining] = 0x80;
+        // rest is already zero
+        xor_block(&mut last, &k2);
+    }
+
+    // Step 4: CBC-MAC
+    let mut x = [0u8; AES_BLOCK_SIZE];
+    for i in 0..n - 1 {
+        let start = i * AES_BLOCK_SIZE;
+        let mut block = [0u8; AES_BLOCK_SIZE];
+        block.copy_from_slice(&data[start..start + AES_BLOCK_SIZE]);
+        xor_block(&mut block, &x);
+        x = aes128_ecb_block(key, &block);
+    }
+    xor_block(&mut last, &x);
+    aes128_ecb_block(key, &last)
+}
+
+/// Double a block in GF(2^128) with the AES-CMAC polynomial.
+fn dbl_block(block: &[u8; 16]) -> [u8; 16] {
+    let mut out = [0u8; 16];
+    let mut carry = 0u8;
+    for i in (0..16).rev() {
+        out[i] = (block[i] << 1) | carry;
+        carry = block[i] >> 7;
+    }
+    if block[0] & 0x80 != 0 {
+        out[15] ^= 0x87; // Rb for 128-bit block
+    }
+    out
+}
+
+/// XOR two 16-byte blocks in place.
+fn xor_block(a: &mut [u8; 16], b: &[u8; 16]) {
+    for i in 0..16 {
+        a[i] ^= b[i];
+    }
+}
+
 /// Encode bytes as lowercase hex string.
 pub fn hex_encode(bytes: &[u8]) -> String {
     const HEX: &[u8; 16] = b"0123456789abcdef";

src/crypto/mod.rs

@@ -5,4 +5,4 @@
 
 mod ffi;
 
-pub use ffi::{hex_encode, hmac_md5, hmac_sha256, md4, sha256};
+pub use ffi::{aes128_cmac, hex_encode, hmac_md5, hmac_sha256, md4, sha256, sha512};