1 /* 2 * XZ decompressor 3 * 4 * Authors: Lasse Collin <lasse.collin@tukaani.org> 5 * Igor Pavlov <https://7-zip.org/> 6 * 7 * This file has been put into the public domain. 8 * You can do whatever you want with this file. 9 */ 10 11 #ifndef XZ_H 12 #define XZ_H 13 14 #ifdef __KERNEL__ 15 # include <linux/stddef.h> 16 # include <linux/types.h> 17 #else 18 # include <stddef.h> 19 # include <stdint.h> 20 #endif 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 /* In Linux, this is used to make extern functions static when needed. */ 27 #ifndef XZ_EXTERN 28 # define XZ_EXTERN extern 29 #endif 30 31 /** 32 * enum xz_mode - Operation mode 33 * 34 * @XZ_SINGLE: Single-call mode. This uses less RAM than 35 * multi-call modes, because the LZMA2 36 * dictionary doesn't need to be allocated as 37 * part of the decoder state. All required data 38 * structures are allocated at initialization, 39 * so xz_dec_run() cannot return XZ_MEM_ERROR. 40 * @XZ_PREALLOC: Multi-call mode with preallocated LZMA2 41 * dictionary buffer. All data structures are 42 * allocated at initialization, so xz_dec_run() 43 * cannot return XZ_MEM_ERROR. 44 * @XZ_DYNALLOC: Multi-call mode. The LZMA2 dictionary is 45 * allocated once the required size has been 46 * parsed from the stream headers. If the 47 * allocation fails, xz_dec_run() will return 48 * XZ_MEM_ERROR. 49 * 50 * It is possible to enable support only for a subset of the above 51 * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC, 52 * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled 53 * with support for all operation modes, but the preboot code may 54 * be built with fewer features to minimize code size. 55 */ 56 enum xz_mode { 57 XZ_SINGLE, 58 XZ_PREALLOC, 59 XZ_DYNALLOC 60 }; 61 62 /** 63 * enum xz_ret - Return codes 64 * @XZ_OK: Everything is OK so far. More input or more 65 * output space is required to continue. This 66 * return code is possible only in multi-call mode 67 * (XZ_PREALLOC or XZ_DYNALLOC). 68 * @XZ_STREAM_END: Operation finished successfully. 69 * @XZ_UNSUPPORTED_CHECK: Integrity check type is not supported. Decoding 70 * is still possible in multi-call mode by simply 71 * calling xz_dec_run() again. 72 * Note that this return value is used only if 73 * XZ_DEC_ANY_CHECK was defined at build time, 74 * which is not used in the kernel. Unsupported 75 * check types return XZ_OPTIONS_ERROR if 76 * XZ_DEC_ANY_CHECK was not defined at build time. 77 * @XZ_MEM_ERROR: Allocating memory failed. This return code is 78 * possible only if the decoder was initialized 79 * with XZ_DYNALLOC. The amount of memory that was 80 * tried to be allocated was no more than the 81 * dict_max argument given to xz_dec_init(). 82 * @XZ_MEMLIMIT_ERROR: A bigger LZMA2 dictionary would be needed than 83 * allowed by the dict_max argument given to 84 * xz_dec_init(). This return value is possible 85 * only in multi-call mode (XZ_PREALLOC or 86 * XZ_DYNALLOC); the single-call mode (XZ_SINGLE) 87 * ignores the dict_max argument. 88 * @XZ_FORMAT_ERROR: File format was not recognized (wrong magic 89 * bytes). 90 * @XZ_OPTIONS_ERROR: This implementation doesn't support the requested 91 * compression options. In the decoder this means 92 * that the header CRC32 matches, but the header 93 * itself specifies something that we don't support. 94 * @XZ_DATA_ERROR: Compressed data is corrupt. 95 * @XZ_BUF_ERROR: Cannot make any progress. Details are slightly 96 * different between multi-call and single-call 97 * mode; more information below. 98 * 99 * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls 100 * to XZ code cannot consume any input and cannot produce any new output. 101 * This happens when there is no new input available, or the output buffer 102 * is full while at least one output byte is still pending. Assuming your 103 * code is not buggy, you can get this error only when decoding a compressed 104 * stream that is truncated or otherwise corrupt. 105 * 106 * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer 107 * is too small or the compressed input is corrupt in a way that makes the 108 * decoder produce more output than the caller expected. When it is 109 * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR 110 * is used instead of XZ_BUF_ERROR. 111 */ 112 enum xz_ret { 113 XZ_OK, 114 XZ_STREAM_END, 115 XZ_UNSUPPORTED_CHECK, 116 XZ_MEM_ERROR, 117 XZ_MEMLIMIT_ERROR, 118 XZ_FORMAT_ERROR, 119 XZ_OPTIONS_ERROR, 120 XZ_DATA_ERROR, 121 XZ_BUF_ERROR 122 }; 123 124 /** 125 * struct xz_buf - Passing input and output buffers to XZ code 126 * @in: Beginning of the input buffer. This may be NULL if and only 127 * if in_pos is equal to in_size. 128 * @in_pos: Current position in the input buffer. This must not exceed 129 * in_size. 130 * @in_size: Size of the input buffer 131 * @out: Beginning of the output buffer. This may be NULL if and only 132 * if out_pos is equal to out_size. 133 * @out_pos: Current position in the output buffer. This must not exceed 134 * out_size. 135 * @out_size: Size of the output buffer 136 * 137 * Only the contents of the output buffer from out[out_pos] onward, and 138 * the variables in_pos and out_pos are modified by the XZ code. 139 */ 140 struct xz_buf { 141 const uint8_t *in; 142 size_t in_pos; 143 size_t in_size; 144 145 uint8_t *out; 146 size_t out_pos; 147 size_t out_size; 148 }; 149 150 /** 151 * struct xz_dec - Opaque type to hold the XZ decoder state 152 */ 153 struct xz_dec; 154 155 /** 156 * xz_dec_init() - Allocate and initialize a XZ decoder state 157 * @mode: Operation mode 158 * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for 159 * multi-call decoding. This is ignored in single-call mode 160 * (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes 161 * or 2^n + 2^(n-1) bytes (the latter sizes are less common 162 * in practice), so other values for dict_max don't make sense. 163 * In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB, 164 * 512 KiB, and 1 MiB are probably the only reasonable values, 165 * except for kernel and initramfs images where a bigger 166 * dictionary can be fine and useful. 167 * 168 * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at 169 * once. The caller must provide enough output space or the decoding will 170 * fail. The output space is used as the dictionary buffer, which is why 171 * there is no need to allocate the dictionary as part of the decoder's 172 * internal state. 173 * 174 * Because the output buffer is used as the workspace, streams encoded using 175 * a big dictionary are not a problem in single-call mode. It is enough that 176 * the output buffer is big enough to hold the actual uncompressed data; it 177 * can be smaller than the dictionary size stored in the stream headers. 178 * 179 * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes 180 * of memory is preallocated for the LZMA2 dictionary. This way there is no 181 * risk that xz_dec_run() could run out of memory, since xz_dec_run() will 182 * never allocate any memory. Instead, if the preallocated dictionary is too 183 * small for decoding the given input stream, xz_dec_run() will return 184 * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be 185 * decoded to avoid allocating excessive amount of memory for the dictionary. 186 * 187 * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC): 188 * dict_max specifies the maximum allowed dictionary size that xz_dec_run() 189 * may allocate once it has parsed the dictionary size from the stream 190 * headers. This way excessive allocations can be avoided while still 191 * limiting the maximum memory usage to a sane value to prevent running the 192 * system out of memory when decompressing streams from untrusted sources. 193 * 194 * On success, xz_dec_init() returns a pointer to struct xz_dec, which is 195 * ready to be used with xz_dec_run(). If memory allocation fails, 196 * xz_dec_init() returns NULL. 197 */ 198 XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max); 199 200 /** 201 * xz_dec_run() - Run the XZ decoder for a single XZ stream 202 * @s: Decoder state allocated using xz_dec_init() 203 * @b: Input and output buffers 204 * 205 * The possible return values depend on build options and operation mode. 206 * See enum xz_ret for details. 207 * 208 * Note that if an error occurs in single-call mode (return value is not 209 * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the 210 * contents of the output buffer from b->out[b->out_pos] onward are 211 * undefined. This is true even after XZ_BUF_ERROR, because with some filter 212 * chains, there may be a second pass over the output buffer, and this pass 213 * cannot be properly done if the output buffer is truncated. Thus, you 214 * cannot give the single-call decoder a too small buffer and then expect to 215 * get that amount valid data from the beginning of the stream. You must use 216 * the multi-call decoder if you don't want to uncompress the whole stream. 217 * 218 * Use xz_dec_run() when XZ data is stored inside some other file format. 219 * The decoding will stop after one XZ stream has been decompresed. To 220 * decompress regular .xz files which might have multiple concatenated 221 * streams, use xz_dec_catrun() instead. 222 */ 223 XZ_EXTERN enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b); 224 225 /** 226 * xz_dec_catrun() - Run the XZ decoder with support for concatenated streams 227 * @s: Decoder state allocated using xz_dec_init() 228 * @b: Input and output buffers 229 * @finish: This is an int instead of bool to avoid requiring stdbool.h. 230 * As long as more input might be coming, finish must be false. 231 * When the caller knows that it has provided all the input to 232 * the decoder (some possibly still in b->in), it must set finish 233 * to true. Only when finish is true can this function return 234 * XZ_STREAM_END to indicate successful decompression of the 235 * file. In single-call mode (XZ_SINGLE) finish is assumed to 236 * always be true; the caller-provided value is ignored. 237 * 238 * This is like xz_dec_run() except that this makes it easy to decode .xz 239 * files with multiple streams (multiple .xz files concatenated as is). 240 * The rarely-used Stream Padding feature is supported too, that is, there 241 * can be null bytes after or between the streams. The number of null bytes 242 * must be a multiple of four. 243 * 244 * When finish is false and b->in_pos == b->in_size, it is possible that 245 * XZ_BUF_ERROR isn't returned even when no progress is possible (XZ_OK is 246 * returned instead). This shouldn't matter because in this situation a 247 * reasonable caller will attempt to provide more input or set finish to 248 * true for the next xz_dec_catrun() call anyway. 249 * 250 * For any struct xz_dec that has been initialized for multi-call mode: 251 * Once decoding has been started with xz_dec_run() or xz_dec_catrun(), 252 * the same function must be used until xz_dec_reset() or xz_dec_end(). 253 * Switching between the two decoding functions without resetting results 254 * in undefined behavior. 255 * 256 * xz_dec_catrun() is only available if XZ_DEC_CONCATENATED was defined 257 * at compile time. 258 */ 259 XZ_EXTERN enum xz_ret xz_dec_catrun(struct xz_dec *s, struct xz_buf *b, 260 int finish); 261 262 /** 263 * xz_dec_reset() - Reset an already allocated decoder state 264 * @s: Decoder state allocated using xz_dec_init() 265 * 266 * This function can be used to reset the multi-call decoder state without 267 * freeing and reallocating memory with xz_dec_end() and xz_dec_init(). 268 * 269 * In single-call mode, xz_dec_reset() is always called in the beginning of 270 * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in 271 * multi-call mode. 272 */ 273 XZ_EXTERN void xz_dec_reset(struct xz_dec *s); 274 275 /** 276 * xz_dec_end() - Free the memory allocated for the decoder state 277 * @s: Decoder state allocated using xz_dec_init(). If s is NULL, 278 * this function does nothing. 279 */ 280 XZ_EXTERN void xz_dec_end(struct xz_dec *s); 281 282 /* 283 * Decompressor for MicroLZMA, an LZMA variant with a very minimal header. 284 * See xz_dec_microlzma_alloc() below for details. 285 * 286 * These functions aren't used or available in preboot code and thus aren't 287 * marked with XZ_EXTERN. This avoids warnings about static functions that 288 * are never defined. 289 */ 290 /** 291 * struct xz_dec_microlzma - Opaque type to hold the MicroLZMA decoder state 292 */ 293 struct xz_dec_microlzma; 294 295 /** 296 * xz_dec_microlzma_alloc() - Allocate memory for the MicroLZMA decoder 297 * @mode XZ_SINGLE or XZ_PREALLOC 298 * @dict_size LZMA dictionary size. This must be at least 4 KiB and 299 * at most 3 GiB. 300 * 301 * In contrast to xz_dec_init(), this function only allocates the memory 302 * and remembers the dictionary size. xz_dec_microlzma_reset() must be used 303 * before calling xz_dec_microlzma_run(). 304 * 305 * The amount of allocated memory is a little less than 30 KiB with XZ_SINGLE. 306 * With XZ_PREALLOC also a dictionary buffer of dict_size bytes is allocated. 307 * 308 * On success, xz_dec_microlzma_alloc() returns a pointer to 309 * struct xz_dec_microlzma. If memory allocation fails or 310 * dict_size is invalid, NULL is returned. 311 * 312 * The compressed format supported by this decoder is a raw LZMA stream 313 * whose first byte (always 0x00) has been replaced with bitwise-negation 314 * of the LZMA properties (lc/lp/pb) byte. For example, if lc/lp/pb is 315 * 3/0/2, the first byte is 0xA2. This way the first byte can never be 0x00. 316 * Just like with LZMA2, lc + lp <= 4 must be true. The LZMA end-of-stream 317 * marker must not be used. The unused values are reserved for future use. 318 * This MicroLZMA header format was created for use in EROFS but may be used 319 * by others too. 320 */ 321 extern struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode, 322 uint32_t dict_size); 323 324 /** 325 * xz_dec_microlzma_reset() - Reset the MicroLZMA decoder state 326 * @s Decoder state allocated using xz_dec_microlzma_alloc() 327 * @comp_size Compressed size of the input stream 328 * @uncomp_size Uncompressed size of the input stream. A value smaller 329 * than the real uncompressed size of the input stream can 330 * be specified if uncomp_size_is_exact is set to false. 331 * uncomp_size can never be set to a value larger than the 332 * expected real uncompressed size because it would eventually 333 * result in XZ_DATA_ERROR. 334 * @uncomp_size_is_exact This is an int instead of bool to avoid 335 * requiring stdbool.h. This should normally be set to true. 336 * When this is set to false, error detection is weaker. 337 */ 338 extern void xz_dec_microlzma_reset(struct xz_dec_microlzma *s, 339 uint32_t comp_size, uint32_t uncomp_size, 340 int uncomp_size_is_exact); 341 342 /** 343 * xz_dec_microlzma_run() - Run the MicroLZMA decoder 344 * @s Decoder state initialized using xz_dec_microlzma_reset() 345 * @b: Input and output buffers 346 * 347 * This works similarly to xz_dec_run() with a few important differences. 348 * Only the differences are documented here. 349 * 350 * The only possible return values are XZ_OK, XZ_STREAM_END, and 351 * XZ_DATA_ERROR. This function cannot return XZ_BUF_ERROR: if no progress 352 * is possible due to lack of input data or output space, this function will 353 * keep returning XZ_OK. Thus, the calling code must be written so that it 354 * will eventually provide input and output space matching (or exceeding) 355 * comp_size and uncomp_size arguments given to xz_dec_microlzma_reset(). 356 * If the caller cannot do this (for example, if the input file is truncated 357 * or otherwise corrupt), the caller must detect this error by itself to 358 * avoid an infinite loop. 359 * 360 * If the compressed data seems to be corrupt, XZ_DATA_ERROR is returned. 361 * This can happen also when incorrect dictionary, uncompressed, or 362 * compressed sizes have been specified. 363 * 364 * With XZ_PREALLOC only: As an extra feature, b->out may be NULL to skip over 365 * uncompressed data. This way the caller doesn't need to provide a temporary 366 * output buffer for the bytes that will be ignored. 367 * 368 * With XZ_SINGLE only: In contrast to xz_dec_run(), the return value XZ_OK 369 * is also possible and thus XZ_SINGLE is actually a limited multi-call mode. 370 * After XZ_OK the bytes decoded so far may be read from the output buffer. 371 * It is possible to continue decoding but the variables b->out and b->out_pos 372 * MUST NOT be changed by the caller. Increasing the value of b->out_size is 373 * allowed to make more output space available; one doesn't need to provide 374 * space for the whole uncompressed data on the first call. The input buffer 375 * may be changed normally like with XZ_PREALLOC. This way input data can be 376 * provided from non-contiguous memory. 377 */ 378 extern enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s, 379 struct xz_buf *b); 380 381 /** 382 * xz_dec_microlzma_end() - Free the memory allocated for the decoder state 383 * @s: Decoder state allocated using xz_dec_microlzma_alloc(). 384 * If s is NULL, this function does nothing. 385 */ 386 extern void xz_dec_microlzma_end(struct xz_dec_microlzma *s); 387 388 /* 389 * Standalone build (userspace build or in-kernel build for boot time use) 390 * needs a CRC32 implementation. For normal in-kernel use, kernel's own 391 * CRC32 module is used instead, and users of this module don't need to 392 * care about the functions below. 393 */ 394 #ifndef XZ_INTERNAL_CRC32 395 # ifdef __KERNEL__ 396 # define XZ_INTERNAL_CRC32 0 397 # else 398 # define XZ_INTERNAL_CRC32 1 399 # endif 400 #endif 401 402 /* 403 * If CRC64 support has been enabled with XZ_USE_CRC64, a CRC64 404 * implementation is needed too. 405 */ 406 #ifndef XZ_USE_CRC64 407 # undef XZ_INTERNAL_CRC64 408 # define XZ_INTERNAL_CRC64 0 409 #endif 410 #ifndef XZ_INTERNAL_CRC64 411 # ifdef __KERNEL__ 412 # error Using CRC64 in the kernel has not been implemented. 413 # else 414 # define XZ_INTERNAL_CRC64 1 415 # endif 416 #endif 417 418 #if XZ_INTERNAL_CRC32 419 /* 420 * This must be called before any other xz_* function to initialize 421 * the CRC32 lookup table. 422 */ 423 XZ_EXTERN void xz_crc32_init(void); 424 425 /* 426 * Update CRC32 value using the polynomial from IEEE-802.3. To start a new 427 * calculation, the third argument must be zero. To continue the calculation, 428 * the previously returned value is passed as the third argument. 429 */ 430 XZ_EXTERN uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc); 431 #endif 432 433 #if XZ_INTERNAL_CRC64 434 /* 435 * This must be called before any other xz_* function (except xz_crc32_init()) 436 * to initialize the CRC64 lookup table. 437 */ 438 XZ_EXTERN void xz_crc64_init(void); 439 440 /* 441 * Update CRC64 value using the polynomial from ECMA-182. To start a new 442 * calculation, the third argument must be zero. To continue the calculation, 443 * the previously returned value is passed as the third argument. 444 */ 445 XZ_EXTERN uint64_t xz_crc64(const uint8_t *buf, size_t size, uint64_t crc); 446 #endif 447 448 #ifdef __cplusplus 449 } 450 #endif 451 452 #endif 453