1 /* SPDX-License-Identifier: 0BSD */ 2 3 /* 4 * XZ decompressor 5 * 6 * Authors: Lasse Collin <lasse.collin@tukaani.org> 7 * Igor Pavlov <https://7-zip.org/> 8 */ 9 10 #ifndef XZ_H 11 #define XZ_H 12 13 #ifdef __KERNEL__ 14 # include <linux/stddef.h> 15 # include <linux/types.h> 16 #else 17 # include <stddef.h> 18 # include <stdint.h> 19 #endif 20 21 /** 22 * enum xz_mode - Operation mode 23 * 24 * @XZ_SINGLE: Single-call mode. This uses less RAM than 25 * multi-call modes, because the LZMA2 26 * dictionary doesn't need to be allocated as 27 * part of the decoder state. All required data 28 * structures are allocated at initialization, 29 * so xz_dec_run() cannot return XZ_MEM_ERROR. 30 * @XZ_PREALLOC: Multi-call mode with preallocated LZMA2 31 * dictionary buffer. All data structures are 32 * allocated at initialization, so xz_dec_run() 33 * cannot return XZ_MEM_ERROR. 34 * @XZ_DYNALLOC: Multi-call mode. The LZMA2 dictionary is 35 * allocated once the required size has been 36 * parsed from the stream headers. If the 37 * allocation fails, xz_dec_run() will return 38 * XZ_MEM_ERROR. 39 * 40 * It is possible to enable support only for a subset of the above 41 * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC, 42 * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled 43 * with support for all operation modes, but the preboot code may 44 * be built with fewer features to minimize code size. 45 */ 46 enum xz_mode { 47 XZ_SINGLE, 48 XZ_PREALLOC, 49 XZ_DYNALLOC 50 }; 51 52 /** 53 * enum xz_ret - Return codes 54 * @XZ_OK: Everything is OK so far. More input or more 55 * output space is required to continue. This 56 * return code is possible only in multi-call mode 57 * (XZ_PREALLOC or XZ_DYNALLOC). 58 * @XZ_STREAM_END: Operation finished successfully. 59 * @XZ_UNSUPPORTED_CHECK: Integrity check type is not supported. Decoding 60 * is still possible in multi-call mode by simply 61 * calling xz_dec_run() again. 62 * Note that this return value is used only if 63 * XZ_DEC_ANY_CHECK was defined at build time, 64 * which is not used in the kernel. Unsupported 65 * check types return XZ_OPTIONS_ERROR if 66 * XZ_DEC_ANY_CHECK was not defined at build time. 67 * @XZ_MEM_ERROR: Allocating memory failed. This return code is 68 * possible only if the decoder was initialized 69 * with XZ_DYNALLOC. The amount of memory that was 70 * tried to be allocated was no more than the 71 * dict_max argument given to xz_dec_init(). 72 * @XZ_MEMLIMIT_ERROR: A bigger LZMA2 dictionary would be needed than 73 * allowed by the dict_max argument given to 74 * xz_dec_init(). This return value is possible 75 * only in multi-call mode (XZ_PREALLOC or 76 * XZ_DYNALLOC); the single-call mode (XZ_SINGLE) 77 * ignores the dict_max argument. 78 * @XZ_FORMAT_ERROR: File format was not recognized (wrong magic 79 * bytes). 80 * @XZ_OPTIONS_ERROR: This implementation doesn't support the requested 81 * compression options. In the decoder this means 82 * that the header CRC32 matches, but the header 83 * itself specifies something that we don't support. 84 * @XZ_DATA_ERROR: Compressed data is corrupt. 85 * @XZ_BUF_ERROR: Cannot make any progress. Details are slightly 86 * different between multi-call and single-call 87 * mode; more information below. 88 * 89 * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls 90 * to XZ code cannot consume any input and cannot produce any new output. 91 * This happens when there is no new input available, or the output buffer 92 * is full while at least one output byte is still pending. Assuming your 93 * code is not buggy, you can get this error only when decoding a compressed 94 * stream that is truncated or otherwise corrupt. 95 * 96 * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer 97 * is too small or the compressed input is corrupt in a way that makes the 98 * decoder produce more output than the caller expected. When it is 99 * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR 100 * is used instead of XZ_BUF_ERROR. 101 */ 102 enum xz_ret { 103 XZ_OK, 104 XZ_STREAM_END, 105 XZ_UNSUPPORTED_CHECK, 106 XZ_MEM_ERROR, 107 XZ_MEMLIMIT_ERROR, 108 XZ_FORMAT_ERROR, 109 XZ_OPTIONS_ERROR, 110 XZ_DATA_ERROR, 111 XZ_BUF_ERROR 112 }; 113 114 /** 115 * struct xz_buf - Passing input and output buffers to XZ code 116 * @in: Beginning of the input buffer. This may be NULL if and only 117 * if in_pos is equal to in_size. 118 * @in_pos: Current position in the input buffer. This must not exceed 119 * in_size. 120 * @in_size: Size of the input buffer 121 * @out: Beginning of the output buffer. This may be NULL if and only 122 * if out_pos is equal to out_size. 123 * @out_pos: Current position in the output buffer. This must not exceed 124 * out_size. 125 * @out_size: Size of the output buffer 126 * 127 * Only the contents of the output buffer from out[out_pos] onward, and 128 * the variables in_pos and out_pos are modified by the XZ code. 129 */ 130 struct xz_buf { 131 const uint8_t *in; 132 size_t in_pos; 133 size_t in_size; 134 135 uint8_t *out; 136 size_t out_pos; 137 size_t out_size; 138 }; 139 140 /* 141 * struct xz_dec - Opaque type to hold the XZ decoder state 142 */ 143 struct xz_dec; 144 145 /** 146 * xz_dec_init() - Allocate and initialize a XZ decoder state 147 * @mode: Operation mode 148 * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for 149 * multi-call decoding. This is ignored in single-call mode 150 * (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes 151 * or 2^n + 2^(n-1) bytes (the latter sizes are less common 152 * in practice), so other values for dict_max don't make sense. 153 * In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB, 154 * 512 KiB, and 1 MiB are probably the only reasonable values, 155 * except for kernel and initramfs images where a bigger 156 * dictionary can be fine and useful. 157 * 158 * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at 159 * once. The caller must provide enough output space or the decoding will 160 * fail. The output space is used as the dictionary buffer, which is why 161 * there is no need to allocate the dictionary as part of the decoder's 162 * internal state. 163 * 164 * Because the output buffer is used as the workspace, streams encoded using 165 * a big dictionary are not a problem in single-call mode. It is enough that 166 * the output buffer is big enough to hold the actual uncompressed data; it 167 * can be smaller than the dictionary size stored in the stream headers. 168 * 169 * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes 170 * of memory is preallocated for the LZMA2 dictionary. This way there is no 171 * risk that xz_dec_run() could run out of memory, since xz_dec_run() will 172 * never allocate any memory. Instead, if the preallocated dictionary is too 173 * small for decoding the given input stream, xz_dec_run() will return 174 * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be 175 * decoded to avoid allocating excessive amount of memory for the dictionary. 176 * 177 * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC): 178 * dict_max specifies the maximum allowed dictionary size that xz_dec_run() 179 * may allocate once it has parsed the dictionary size from the stream 180 * headers. This way excessive allocations can be avoided while still 181 * limiting the maximum memory usage to a sane value to prevent running the 182 * system out of memory when decompressing streams from untrusted sources. 183 * 184 * On success, xz_dec_init() returns a pointer to struct xz_dec, which is 185 * ready to be used with xz_dec_run(). If memory allocation fails, 186 * xz_dec_init() returns NULL. 187 */ 188 struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max); 189 190 /** 191 * xz_dec_run() - Run the XZ decoder 192 * @s: Decoder state allocated using xz_dec_init() 193 * @b: Input and output buffers 194 * 195 * The possible return values depend on build options and operation mode. 196 * See enum xz_ret for details. 197 * 198 * Note that if an error occurs in single-call mode (return value is not 199 * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the 200 * contents of the output buffer from b->out[b->out_pos] onward are 201 * undefined. This is true even after XZ_BUF_ERROR, because with some filter 202 * chains, there may be a second pass over the output buffer, and this pass 203 * cannot be properly done if the output buffer is truncated. Thus, you 204 * cannot give the single-call decoder a too small buffer and then expect to 205 * get that amount valid data from the beginning of the stream. You must use 206 * the multi-call decoder if you don't want to uncompress the whole stream. 207 */ 208 enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b); 209 210 /** 211 * xz_dec_reset() - Reset an already allocated decoder state 212 * @s: Decoder state allocated using xz_dec_init() 213 * 214 * This function can be used to reset the multi-call decoder state without 215 * freeing and reallocating memory with xz_dec_end() and xz_dec_init(). 216 * 217 * In single-call mode, xz_dec_reset() is always called in the beginning of 218 * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in 219 * multi-call mode. 220 */ 221 void xz_dec_reset(struct xz_dec *s); 222 223 /** 224 * xz_dec_end() - Free the memory allocated for the decoder state 225 * @s: Decoder state allocated using xz_dec_init(). If s is NULL, 226 * this function does nothing. 227 */ 228 void xz_dec_end(struct xz_dec *s); 229 230 /** 231 * DOC: MicroLZMA decompressor 232 * 233 * This MicroLZMA header format was created for use in EROFS but may be used 234 * by others too. **In most cases one needs the XZ APIs above instead.** 235 * 236 * The compressed format supported by this decoder is a raw LZMA stream 237 * whose first byte (always 0x00) has been replaced with bitwise-negation 238 * of the LZMA properties (lc/lp/pb) byte. For example, if lc/lp/pb is 239 * 3/0/2, the first byte is 0xA2. This way the first byte can never be 0x00. 240 * Just like with LZMA2, lc + lp <= 4 must be true. The LZMA end-of-stream 241 * marker must not be used. The unused values are reserved for future use. 242 */ 243 244 /* 245 * struct xz_dec_microlzma - Opaque type to hold the MicroLZMA decoder state 246 */ 247 struct xz_dec_microlzma; 248 249 /** 250 * xz_dec_microlzma_alloc() - Allocate memory for the MicroLZMA decoder 251 * @mode: XZ_SINGLE or XZ_PREALLOC 252 * @dict_size: LZMA dictionary size. This must be at least 4 KiB and 253 * at most 3 GiB. 254 * 255 * In contrast to xz_dec_init(), this function only allocates the memory 256 * and remembers the dictionary size. xz_dec_microlzma_reset() must be used 257 * before calling xz_dec_microlzma_run(). 258 * 259 * The amount of allocated memory is a little less than 30 KiB with XZ_SINGLE. 260 * With XZ_PREALLOC also a dictionary buffer of dict_size bytes is allocated. 261 * 262 * On success, xz_dec_microlzma_alloc() returns a pointer to 263 * struct xz_dec_microlzma. If memory allocation fails or 264 * dict_size is invalid, NULL is returned. 265 */ 266 struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode, 267 uint32_t dict_size); 268 269 /** 270 * xz_dec_microlzma_reset() - Reset the MicroLZMA decoder state 271 * @s: Decoder state allocated using xz_dec_microlzma_alloc() 272 * @comp_size: Compressed size of the input stream 273 * @uncomp_size: Uncompressed size of the input stream. A value smaller 274 * than the real uncompressed size of the input stream can 275 * be specified if uncomp_size_is_exact is set to false. 276 * uncomp_size can never be set to a value larger than the 277 * expected real uncompressed size because it would eventually 278 * result in XZ_DATA_ERROR. 279 * @uncomp_size_is_exact: This is an int instead of bool to avoid 280 * requiring stdbool.h. This should normally be set to true. 281 * When this is set to false, error detection is weaker. 282 */ 283 void xz_dec_microlzma_reset(struct xz_dec_microlzma *s, uint32_t comp_size, 284 uint32_t uncomp_size, int uncomp_size_is_exact); 285 286 /** 287 * xz_dec_microlzma_run() - Run the MicroLZMA decoder 288 * @s: Decoder state initialized using xz_dec_microlzma_reset() 289 * @b: Input and output buffers 290 * 291 * This works similarly to xz_dec_run() with a few important differences. 292 * Only the differences are documented here. 293 * 294 * The only possible return values are XZ_OK, XZ_STREAM_END, and 295 * XZ_DATA_ERROR. This function cannot return XZ_BUF_ERROR: if no progress 296 * is possible due to lack of input data or output space, this function will 297 * keep returning XZ_OK. Thus, the calling code must be written so that it 298 * will eventually provide input and output space matching (or exceeding) 299 * comp_size and uncomp_size arguments given to xz_dec_microlzma_reset(). 300 * If the caller cannot do this (for example, if the input file is truncated 301 * or otherwise corrupt), the caller must detect this error by itself to 302 * avoid an infinite loop. 303 * 304 * If the compressed data seems to be corrupt, XZ_DATA_ERROR is returned. 305 * This can happen also when incorrect dictionary, uncompressed, or 306 * compressed sizes have been specified. 307 * 308 * With XZ_PREALLOC only: As an extra feature, b->out may be NULL to skip over 309 * uncompressed data. This way the caller doesn't need to provide a temporary 310 * output buffer for the bytes that will be ignored. 311 * 312 * With XZ_SINGLE only: In contrast to xz_dec_run(), the return value XZ_OK 313 * is also possible and thus XZ_SINGLE is actually a limited multi-call mode. 314 * After XZ_OK the bytes decoded so far may be read from the output buffer. 315 * It is possible to continue decoding but the variables b->out and b->out_pos 316 * MUST NOT be changed by the caller. Increasing the value of b->out_size is 317 * allowed to make more output space available; one doesn't need to provide 318 * space for the whole uncompressed data on the first call. The input buffer 319 * may be changed normally like with XZ_PREALLOC. This way input data can be 320 * provided from non-contiguous memory. 321 */ 322 enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s, struct xz_buf *b); 323 324 /** 325 * xz_dec_microlzma_end() - Free the memory allocated for the decoder state 326 * @s: Decoder state allocated using xz_dec_microlzma_alloc(). 327 * If s is NULL, this function does nothing. 328 */ 329 void xz_dec_microlzma_end(struct xz_dec_microlzma *s); 330 331 /* 332 * Standalone build (userspace build or in-kernel build for boot time use) 333 * needs a CRC32 implementation. For normal in-kernel use, kernel's own 334 * CRC32 module is used instead, and users of this module don't need to 335 * care about the functions below. 336 */ 337 #ifndef XZ_INTERNAL_CRC32 338 # ifdef __KERNEL__ 339 # define XZ_INTERNAL_CRC32 0 340 # else 341 # define XZ_INTERNAL_CRC32 1 342 # endif 343 #endif 344 345 #if XZ_INTERNAL_CRC32 346 /* 347 * This must be called before any other xz_* function to initialize 348 * the CRC32 lookup table. 349 */ 350 void xz_crc32_init(void); 351 352 /* 353 * Update CRC32 value using the polynomial from IEEE-802.3. To start a new 354 * calculation, the third argument must be zero. To continue the calculation, 355 * the previously returned value is passed as the third argument. 356 */ 357 uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc); 358 #endif 359 #endif 360