1 /*
2  * XZ decompressor
3  *
4  * Authors: Lasse Collin <lasse.collin@tukaani.org>
5  *          Igor Pavlov <http://7-zip.org/>
6  *
7  * This file has been put into the public domain.
8  * You can do whatever you want with this file.
9  */
10 
11 #ifndef XZ_H
12 #define XZ_H
13 
14 #ifdef __KERNEL__
15 #	include <linux/stddef.h>
16 #	include <linux/types.h>
17 #else
18 #	include <stddef.h>
19 #	include <stdint.h>
20 #endif
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 /* In Linux, this is used to make extern functions static when needed. */
27 #ifndef XZ_EXTERN
28 #	define XZ_EXTERN extern
29 #endif
30 
31 /* In Linux, this is used to mark the functions with __init when needed. */
32 #ifndef XZ_FUNC
33 #	define XZ_FUNC
34 #endif
35 
36 /**
37  * enum xz_mode - Operation mode
38  *
39  * @XZ_SINGLE:              Single-call mode. This uses less RAM than
40  *                          than multi-call modes, because the LZMA2
41  *                          dictionary doesn't need to be allocated as
42  *                          part of the decoder state. All required data
43  *                          structures are allocated at initialization,
44  *                          so xz_dec_run() cannot return XZ_MEM_ERROR.
45  * @XZ_PREALLOC:            Multi-call mode with preallocated LZMA2
46  *                          dictionary buffer. All data structures are
47  *                          allocated at initialization, so xz_dec_run()
48  *                          cannot return XZ_MEM_ERROR.
49  * @XZ_DYNALLOC:            Multi-call mode. The LZMA2 dictionary is
50  *                          allocated once the required size has been
51  *                          parsed from the stream headers. If the
52  *                          allocation fails, xz_dec_run() will return
53  *                          XZ_MEM_ERROR.
54  *
55  * It is possible to enable support only for a subset of the above
56  * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC,
57  * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled
58  * with support for all operation modes, but the preboot code may
59  * be built with fewer features to minimize code size.
60  */
61 enum xz_mode {
62 	XZ_SINGLE,
63 	XZ_PREALLOC,
64 	XZ_DYNALLOC
65 };
66 
67 /**
68  * enum xz_ret - Return codes
69  * @XZ_OK:                  Everything is OK so far. More input or more
70  *                          output space is required to continue. This
71  *                          return code is possible only in multi-call mode
72  *                          (XZ_PREALLOC or XZ_DYNALLOC).
73  * @XZ_STREAM_END:          Operation finished successfully.
74  * @XZ_UNSUPPORTED_CHECK:   Integrity check type is not supported. Decoding
75  *                          is still possible in multi-call mode by simply
76  *                          calling xz_dec_run() again.
77  *                          Note that this return value is used only if
78  *                          XZ_DEC_ANY_CHECK was defined at build time,
79  *                          which is not used in the kernel. Unsupported
80  *                          check types return XZ_OPTIONS_ERROR if
81  *                          XZ_DEC_ANY_CHECK was not defined at build time.
82  * @XZ_MEM_ERROR:           Allocating memory failed. This return code is
83  *                          possible only if the decoder was initialized
84  *                          with XZ_DYNALLOC. The amount of memory that was
85  *                          tried to be allocated was no more than the
86  *                          dict_max argument given to xz_dec_init().
87  * @XZ_MEMLIMIT_ERROR:      A bigger LZMA2 dictionary would be needed than
88  *                          allowed by the dict_max argument given to
89  *                          xz_dec_init(). This return value is possible
90  *                          only in multi-call mode (XZ_PREALLOC or
91  *                          XZ_DYNALLOC); the single-call mode (XZ_SINGLE)
92  *                          ignores the dict_max argument.
93  * @XZ_FORMAT_ERROR:        File format was not recognized (wrong magic
94  *                          bytes).
95  * @XZ_OPTIONS_ERROR:       This implementation doesn't support the requested
96  *                          compression options. In the decoder this means
97  *                          that the header CRC32 matches, but the header
98  *                          itself specifies something that we don't support.
99  * @XZ_DATA_ERROR:          Compressed data is corrupt.
100  * @XZ_BUF_ERROR:           Cannot make any progress. Details are slightly
101  *                          different between multi-call and single-call
102  *                          mode; more information below.
103  *
104  * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls
105  * to XZ code cannot consume any input and cannot produce any new output.
106  * This happens when there is no new input available, or the output buffer
107  * is full while at least one output byte is still pending. Assuming your
108  * code is not buggy, you can get this error only when decoding a compressed
109  * stream that is truncated or otherwise corrupt.
110  *
111  * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer
112  * is too small or the compressed input is corrupt in a way that makes the
113  * decoder produce more output than the caller expected. When it is
114  * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR
115  * is used instead of XZ_BUF_ERROR.
116  */
117 enum xz_ret {
118 	XZ_OK,
119 	XZ_STREAM_END,
120 	XZ_UNSUPPORTED_CHECK,
121 	XZ_MEM_ERROR,
122 	XZ_MEMLIMIT_ERROR,
123 	XZ_FORMAT_ERROR,
124 	XZ_OPTIONS_ERROR,
125 	XZ_DATA_ERROR,
126 	XZ_BUF_ERROR
127 };
128 
129 /**
130  * struct xz_buf - Passing input and output buffers to XZ code
131  * @in:         Beginning of the input buffer. This may be NULL if and only
132  *              if in_pos is equal to in_size.
133  * @in_pos:     Current position in the input buffer. This must not exceed
134  *              in_size.
135  * @in_size:    Size of the input buffer
136  * @out:        Beginning of the output buffer. This may be NULL if and only
137  *              if out_pos is equal to out_size.
138  * @out_pos:    Current position in the output buffer. This must not exceed
139  *              out_size.
140  * @out_size:   Size of the output buffer
141  *
142  * Only the contents of the output buffer from out[out_pos] onward, and
143  * the variables in_pos and out_pos are modified by the XZ code.
144  */
145 struct xz_buf {
146 	const uint8_t *in;
147 	size_t in_pos;
148 	size_t in_size;
149 
150 	uint8_t *out;
151 	size_t out_pos;
152 	size_t out_size;
153 };
154 
155 /**
156  * struct xz_dec - Opaque type to hold the XZ decoder state
157  */
158 struct xz_dec;
159 
160 /**
161  * xz_dec_init() - Allocate and initialize a XZ decoder state
162  * @mode:       Operation mode
163  * @dict_max:   Maximum size of the LZMA2 dictionary (history buffer) for
164  *              multi-call decoding. This is ignored in single-call mode
165  *              (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes
166  *              or 2^n + 2^(n-1) bytes (the latter sizes are less common
167  *              in practice), so other values for dict_max don't make sense.
168  *              In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB,
169  *              512 KiB, and 1 MiB are probably the only reasonable values,
170  *              except for kernel and initramfs images where a bigger
171  *              dictionary can be fine and useful.
172  *
173  * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at
174  * once. The caller must provide enough output space or the decoding will
175  * fail. The output space is used as the dictionary buffer, which is why
176  * there is no need to allocate the dictionary as part of the decoder's
177  * internal state.
178  *
179  * Because the output buffer is used as the workspace, streams encoded using
180  * a big dictionary are not a problem in single-call mode. It is enough that
181  * the output buffer is big enough to hold the actual uncompressed data; it
182  * can be smaller than the dictionary size stored in the stream headers.
183  *
184  * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes
185  * of memory is preallocated for the LZMA2 dictionary. This way there is no
186  * risk that xz_dec_run() could run out of memory, since xz_dec_run() will
187  * never allocate any memory. Instead, if the preallocated dictionary is too
188  * small for decoding the given input stream, xz_dec_run() will return
189  * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be
190  * decoded to avoid allocating excessive amount of memory for the dictionary.
191  *
192  * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC):
193  * dict_max specifies the maximum allowed dictionary size that xz_dec_run()
194  * may allocate once it has parsed the dictionary size from the stream
195  * headers. This way excessive allocations can be avoided while still
196  * limiting the maximum memory usage to a sane value to prevent running the
197  * system out of memory when decompressing streams from untrusted sources.
198  *
199  * On success, xz_dec_init() returns a pointer to struct xz_dec, which is
200  * ready to be used with xz_dec_run(). If memory allocation fails,
201  * xz_dec_init() returns NULL.
202  */
203 XZ_EXTERN struct xz_dec * XZ_FUNC xz_dec_init(
204 		enum xz_mode mode, uint32_t dict_max);
205 
206 /**
207  * xz_dec_run() - Run the XZ decoder
208  * @s:          Decoder state allocated using xz_dec_init()
209  * @b:          Input and output buffers
210  *
211  * The possible return values depend on build options and operation mode.
212  * See enum xz_ret for details.
213  *
214  * Note that if an error occurs in single-call mode (return value is not
215  * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the
216  * contents of the output buffer from b->out[b->out_pos] onward are
217  * undefined. This is true even after XZ_BUF_ERROR, because with some filter
218  * chains, there may be a second pass over the output buffer, and this pass
219  * cannot be properly done if the output buffer is truncated. Thus, you
220  * cannot give the single-call decoder a too small buffer and then expect to
221  * get that amount valid data from the beginning of the stream. You must use
222  * the multi-call decoder if you don't want to uncompress the whole stream.
223  */
224 XZ_EXTERN enum xz_ret XZ_FUNC xz_dec_run(struct xz_dec *s, struct xz_buf *b);
225 
226 /**
227  * xz_dec_reset() - Reset an already allocated decoder state
228  * @s:          Decoder state allocated using xz_dec_init()
229  *
230  * This function can be used to reset the multi-call decoder state without
231  * freeing and reallocating memory with xz_dec_end() and xz_dec_init().
232  *
233  * In single-call mode, xz_dec_reset() is always called in the beginning of
234  * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in
235  * multi-call mode.
236  */
237 XZ_EXTERN void XZ_FUNC xz_dec_reset(struct xz_dec *s);
238 
239 /**
240  * xz_dec_end() - Free the memory allocated for the decoder state
241  * @s:          Decoder state allocated using xz_dec_init(). If s is NULL,
242  *              this function does nothing.
243  */
244 XZ_EXTERN void XZ_FUNC xz_dec_end(struct xz_dec *s);
245 
246 /*
247  * Standalone build (userspace build or in-kernel build for boot time use)
248  * needs a CRC32 implementation. For normal in-kernel use, kernel's own
249  * CRC32 module is used instead, and users of this module don't need to
250  * care about the functions below.
251  */
252 #ifndef XZ_INTERNAL_CRC32
253 #	ifdef __KERNEL__
254 #		define XZ_INTERNAL_CRC32 0
255 #	else
256 #		define XZ_INTERNAL_CRC32 1
257 #	endif
258 #endif
259 
260 #if XZ_INTERNAL_CRC32
261 /*
262  * This must be called before any other xz_* function to initialize
263  * the CRC32 lookup table.
264  */
265 XZ_EXTERN void XZ_FUNC xz_crc32_init(void);
266 
267 /*
268  * Update CRC32 value using the polynomial from IEEE-802.3. To start a new
269  * calculation, the third argument must be zero. To continue the calculation,
270  * the previously returned value is passed as the third argument.
271  */
272 XZ_EXTERN uint32_t XZ_FUNC xz_crc32(
273 		const uint8_t *buf, size_t size, uint32_t crc);
274 #endif
275 
276 #ifdef __cplusplus
277 }
278 #endif
279 
280 #endif
281