xref: /freebsd/sys/contrib/xz-embedded/linux/include/linux/xz.h (revision bdd1243df58e60e85101c09001d9812a789b6bc4) 
1 /*
2  * XZ decompressor
3  *
4  * Authors: Lasse Collin <lasse.collin@tukaani.org>
5  *          Igor Pavlov <https://7-zip.org/>
6  *
7  * This file has been put into the public domain.
8  * You can do whatever you want with this file.
9  */
10 
11 #ifndef XZ_H
12 #define XZ_H
13 
14 #ifdef __KERNEL__
15 #	include <linux/stddef.h>
16 #	include <linux/types.h>
17 #else
18 #ifdef __FreeBSD__
19 #	include <sys/stddef.h>
20 #	include <sys/types.h>
21 #else
22 #	include <stddef.h>
23 #	include <stdint.h>
24 #endif
25 #endif
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /* In Linux, this is used to make extern functions static when needed. */
32 #ifndef XZ_EXTERN
33 #	define XZ_EXTERN extern
34 #endif
35 
36 /**
37  * enum xz_mode - Operation mode
38  *
39  * @XZ_SINGLE:              Single-call mode. This uses less RAM than
40  *                          multi-call modes, because the LZMA2
41  *                          dictionary doesn't need to be allocated as
42  *                          part of the decoder state. All required data
43  *                          structures are allocated at initialization,
44  *                          so xz_dec_run() cannot return XZ_MEM_ERROR.
45  * @XZ_PREALLOC:            Multi-call mode with preallocated LZMA2
46  *                          dictionary buffer. All data structures are
47  *                          allocated at initialization, so xz_dec_run()
48  *                          cannot return XZ_MEM_ERROR.
49  * @XZ_DYNALLOC:            Multi-call mode. The LZMA2 dictionary is
50  *                          allocated once the required size has been
51  *                          parsed from the stream headers. If the
52  *                          allocation fails, xz_dec_run() will return
53  *                          XZ_MEM_ERROR.
54  *
55  * It is possible to enable support only for a subset of the above
56  * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC,
57  * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled
58  * with support for all operation modes, but the preboot code may
59  * be built with fewer features to minimize code size.
60  */
61 enum xz_mode {
62 	XZ_SINGLE,
63 	XZ_PREALLOC,
64 	XZ_DYNALLOC
65 };
66 
67 /**
68  * enum xz_ret - Return codes
69  * @XZ_OK:                  Everything is OK so far. More input or more
70  *                          output space is required to continue. This
71  *                          return code is possible only in multi-call mode
72  *                          (XZ_PREALLOC or XZ_DYNALLOC).
73  * @XZ_STREAM_END:          Operation finished successfully.
74  * @XZ_UNSUPPORTED_CHECK:   Integrity check type is not supported. Decoding
75  *                          is still possible in multi-call mode by simply
76  *                          calling xz_dec_run() again.
77  *                          Note that this return value is used only if
78  *                          XZ_DEC_ANY_CHECK was defined at build time,
79  *                          which is not used in the kernel. Unsupported
80  *                          check types return XZ_OPTIONS_ERROR if
81  *                          XZ_DEC_ANY_CHECK was not defined at build time.
82  * @XZ_MEM_ERROR:           Allocating memory failed. This return code is
83  *                          possible only if the decoder was initialized
84  *                          with XZ_DYNALLOC. The amount of memory that was
85  *                          tried to be allocated was no more than the
86  *                          dict_max argument given to xz_dec_init().
87  * @XZ_MEMLIMIT_ERROR:      A bigger LZMA2 dictionary would be needed than
88  *                          allowed by the dict_max argument given to
89  *                          xz_dec_init(). This return value is possible
90  *                          only in multi-call mode (XZ_PREALLOC or
91  *                          XZ_DYNALLOC); the single-call mode (XZ_SINGLE)
92  *                          ignores the dict_max argument.
93  * @XZ_FORMAT_ERROR:        File format was not recognized (wrong magic
94  *                          bytes).
95  * @XZ_OPTIONS_ERROR:       This implementation doesn't support the requested
96  *                          compression options. In the decoder this means
97  *                          that the header CRC32 matches, but the header
98  *                          itself specifies something that we don't support.
99  * @XZ_DATA_ERROR:          Compressed data is corrupt.
100  * @XZ_BUF_ERROR:           Cannot make any progress. Details are slightly
101  *                          different between multi-call and single-call
102  *                          mode; more information below.
103  *
104  * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls
105  * to XZ code cannot consume any input and cannot produce any new output.
106  * This happens when there is no new input available, or the output buffer
107  * is full while at least one output byte is still pending. Assuming your
108  * code is not buggy, you can get this error only when decoding a compressed
109  * stream that is truncated or otherwise corrupt.
110  *
111  * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer
112  * is too small or the compressed input is corrupt in a way that makes the
113  * decoder produce more output than the caller expected. When it is
114  * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR
115  * is used instead of XZ_BUF_ERROR.
116  */
117 enum xz_ret {
118 	XZ_OK,
119 	XZ_STREAM_END,
120 	XZ_UNSUPPORTED_CHECK,
121 	XZ_MEM_ERROR,
122 	XZ_MEMLIMIT_ERROR,
123 	XZ_FORMAT_ERROR,
124 	XZ_OPTIONS_ERROR,
125 	XZ_DATA_ERROR,
126 	XZ_BUF_ERROR
127 };
128 
129 /**
130  * struct xz_buf - Passing input and output buffers to XZ code
131  * @in:         Beginning of the input buffer. This may be NULL if and only
132  *              if in_pos is equal to in_size.
133  * @in_pos:     Current position in the input buffer. This must not exceed
134  *              in_size.
135  * @in_size:    Size of the input buffer
136  * @out:        Beginning of the output buffer. This may be NULL if and only
137  *              if out_pos is equal to out_size.
138  * @out_pos:    Current position in the output buffer. This must not exceed
139  *              out_size.
140  * @out_size:   Size of the output buffer
141  *
142  * Only the contents of the output buffer from out[out_pos] onward, and
143  * the variables in_pos and out_pos are modified by the XZ code.
144  */
145 struct xz_buf {
146 	const uint8_t *in;
147 	size_t in_pos;
148 	size_t in_size;
149 
150 	uint8_t *out;
151 	size_t out_pos;
152 	size_t out_size;
153 };
154 
155 /**
156  * struct xz_dec - Opaque type to hold the XZ decoder state
157  */
158 struct xz_dec;
159 
160 /**
161  * xz_dec_init() - Allocate and initialize a XZ decoder state
162  * @mode:       Operation mode
163  * @dict_max:   Maximum size of the LZMA2 dictionary (history buffer) for
164  *              multi-call decoding. This is ignored in single-call mode
165  *              (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes
166  *              or 2^n + 2^(n-1) bytes (the latter sizes are less common
167  *              in practice), so other values for dict_max don't make sense.
168  *              In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB,
169  *              512 KiB, and 1 MiB are probably the only reasonable values,
170  *              except for kernel and initramfs images where a bigger
171  *              dictionary can be fine and useful.
172  *
173  * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at
174  * once. The caller must provide enough output space or the decoding will
175  * fail. The output space is used as the dictionary buffer, which is why
176  * there is no need to allocate the dictionary as part of the decoder's
177  * internal state.
178  *
179  * Because the output buffer is used as the workspace, streams encoded using
180  * a big dictionary are not a problem in single-call mode. It is enough that
181  * the output buffer is big enough to hold the actual uncompressed data; it
182  * can be smaller than the dictionary size stored in the stream headers.
183  *
184  * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes
185  * of memory is preallocated for the LZMA2 dictionary. This way there is no
186  * risk that xz_dec_run() could run out of memory, since xz_dec_run() will
187  * never allocate any memory. Instead, if the preallocated dictionary is too
188  * small for decoding the given input stream, xz_dec_run() will return
189  * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be
190  * decoded to avoid allocating excessive amount of memory for the dictionary.
191  *
192  * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC):
193  * dict_max specifies the maximum allowed dictionary size that xz_dec_run()
194  * may allocate once it has parsed the dictionary size from the stream
195  * headers. This way excessive allocations can be avoided while still
196  * limiting the maximum memory usage to a sane value to prevent running the
197  * system out of memory when decompressing streams from untrusted sources.
198  *
199  * On success, xz_dec_init() returns a pointer to struct xz_dec, which is
200  * ready to be used with xz_dec_run(). If memory allocation fails,
201  * xz_dec_init() returns NULL.
202  */
203 XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max);
204 
205 /**
206  * xz_dec_run() - Run the XZ decoder for a single XZ stream
207  * @s:          Decoder state allocated using xz_dec_init()
208  * @b:          Input and output buffers
209  *
210  * The possible return values depend on build options and operation mode.
211  * See enum xz_ret for details.
212  *
213  * Note that if an error occurs in single-call mode (return value is not
214  * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the
215  * contents of the output buffer from b->out[b->out_pos] onward are
216  * undefined. This is true even after XZ_BUF_ERROR, because with some filter
217  * chains, there may be a second pass over the output buffer, and this pass
218  * cannot be properly done if the output buffer is truncated. Thus, you
219  * cannot give the single-call decoder a too small buffer and then expect to
220  * get that amount valid data from the beginning of the stream. You must use
221  * the multi-call decoder if you don't want to uncompress the whole stream.
222  *
223  * Use xz_dec_run() when XZ data is stored inside some other file format.
224  * The decoding will stop after one XZ stream has been decompresed. To
225  * decompress regular .xz files which might have multiple concatenated
226  * streams, use xz_dec_catrun() instead.
227  */
228 XZ_EXTERN enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b);
229 
230 /**
231  * xz_dec_catrun() - Run the XZ decoder with support for concatenated streams
232  * @s:          Decoder state allocated using xz_dec_init()
233  * @b:          Input and output buffers
234  * @finish:     This is an int instead of bool to avoid requiring stdbool.h.
235  *              As long as more input might be coming, finish must be false.
236  *              When the caller knows that it has provided all the input to
237  *              the decoder (some possibly still in b->in), it must set finish
238  *              to true. Only when finish is true can this function return
239  *              XZ_STREAM_END to indicate successful decompression of the
240  *              file. In single-call mode (XZ_SINGLE) finish is assumed to
241  *              always be true; the caller-provided value is ignored.
242  *
243  * This is like xz_dec_run() except that this makes it easy to decode .xz
244  * files with multiple streams (multiple .xz files concatenated as is).
245  * The rarely-used Stream Padding feature is supported too, that is, there
246  * can be null bytes after or between the streams. The number of null bytes
247  * must be a multiple of four.
248  *
249  * When finish is false and b->in_pos == b->in_size, it is possible that
250  * XZ_BUF_ERROR isn't returned even when no progress is possible (XZ_OK is
251  * returned instead). This shouldn't matter because in this situation a
252  * reasonable caller will attempt to provide more input or set finish to
253  * true for the next xz_dec_catrun() call anyway.
254  *
255  * For any struct xz_dec that has been initialized for multi-call mode:
256  * Once decoding has been started with xz_dec_run() or xz_dec_catrun(),
257  * the same function must be used until xz_dec_reset() or xz_dec_end().
258  * Switching between the two decoding functions without resetting results
259  * in undefined behavior.
260  *
261  * xz_dec_catrun() is only available if XZ_DEC_CONCATENATED was defined
262  * at compile time.
263  */
264 XZ_EXTERN enum xz_ret xz_dec_catrun(struct xz_dec *s, struct xz_buf *b,
265 				    int finish);
266 
267 /**
268  * xz_dec_reset() - Reset an already allocated decoder state
269  * @s:          Decoder state allocated using xz_dec_init()
270  *
271  * This function can be used to reset the multi-call decoder state without
272  * freeing and reallocating memory with xz_dec_end() and xz_dec_init().
273  *
274  * In single-call mode, xz_dec_reset() is always called in the beginning of
275  * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in
276  * multi-call mode.
277  */
278 XZ_EXTERN void xz_dec_reset(struct xz_dec *s);
279 
280 /**
281  * xz_dec_end() - Free the memory allocated for the decoder state
282  * @s:          Decoder state allocated using xz_dec_init(). If s is NULL,
283  *              this function does nothing.
284  */
285 XZ_EXTERN void xz_dec_end(struct xz_dec *s);
286 
287 /*
288  * Decompressor for MicroLZMA, an LZMA variant with a very minimal header.
289  * See xz_dec_microlzma_alloc() below for details.
290  *
291  * These functions aren't used or available in preboot code and thus aren't
292  * marked with XZ_EXTERN. This avoids warnings about static functions that
293  * are never defined.
294  */
295 /**
296  * struct xz_dec_microlzma - Opaque type to hold the MicroLZMA decoder state
297  */
298 struct xz_dec_microlzma;
299 
300 /**
301  * xz_dec_microlzma_alloc() - Allocate memory for the MicroLZMA decoder
302  * @mode        XZ_SINGLE or XZ_PREALLOC
303  * @dict_size   LZMA dictionary size. This must be at least 4 KiB and
304  *              at most 3 GiB.
305  *
306  * In contrast to xz_dec_init(), this function only allocates the memory
307  * and remembers the dictionary size. xz_dec_microlzma_reset() must be used
308  * before calling xz_dec_microlzma_run().
309  *
310  * The amount of allocated memory is a little less than 30 KiB with XZ_SINGLE.
311  * With XZ_PREALLOC also a dictionary buffer of dict_size bytes is allocated.
312  *
313  * On success, xz_dec_microlzma_alloc() returns a pointer to
314  * struct xz_dec_microlzma. If memory allocation fails or
315  * dict_size is invalid, NULL is returned.
316  *
317  * The compressed format supported by this decoder is a raw LZMA stream
318  * whose first byte (always 0x00) has been replaced with bitwise-negation
319  * of the LZMA properties (lc/lp/pb) byte. For example, if lc/lp/pb is
320  * 3/0/2, the first byte is 0xA2. This way the first byte can never be 0x00.
321  * Just like with LZMA2, lc + lp <= 4 must be true. The LZMA end-of-stream
322  * marker must not be used. The unused values are reserved for future use.
323  * This MicroLZMA header format was created for use in EROFS but may be used
324  * by others too.
325  */
326 extern struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode,
327 						       uint32_t dict_size);
328 
329 /**
330  * xz_dec_microlzma_reset() - Reset the MicroLZMA decoder state
331  * @s           Decoder state allocated using xz_dec_microlzma_alloc()
332  * @comp_size   Compressed size of the input stream
333  * @uncomp_size Uncompressed size of the input stream. A value smaller
334  *              than the real uncompressed size of the input stream can
335  *              be specified if uncomp_size_is_exact is set to false.
336  *              uncomp_size can never be set to a value larger than the
337  *              expected real uncompressed size because it would eventually
338  *              result in XZ_DATA_ERROR.
339  * @uncomp_size_is_exact  This is an int instead of bool to avoid
340  *              requiring stdbool.h. This should normally be set to true.
341  *              When this is set to false, error detection is weaker.
342  */
343 extern void xz_dec_microlzma_reset(struct xz_dec_microlzma *s,
344 				   uint32_t comp_size, uint32_t uncomp_size,
345 				   int uncomp_size_is_exact);
346 
347 /**
348  * xz_dec_microlzma_run() - Run the MicroLZMA decoder
349  * @s           Decoder state initialized using xz_dec_microlzma_reset()
350  * @b:          Input and output buffers
351  *
352  * This works similarly to xz_dec_run() with a few important differences.
353  * Only the differences are documented here.
354  *
355  * The only possible return values are XZ_OK, XZ_STREAM_END, and
356  * XZ_DATA_ERROR. This function cannot return XZ_BUF_ERROR: if no progress
357  * is possible due to lack of input data or output space, this function will
358  * keep returning XZ_OK. Thus, the calling code must be written so that it
359  * will eventually provide input and output space matching (or exceeding)
360  * comp_size and uncomp_size arguments given to xz_dec_microlzma_reset().
361  * If the caller cannot do this (for example, if the input file is truncated
362  * or otherwise corrupt), the caller must detect this error by itself to
363  * avoid an infinite loop.
364  *
365  * If the compressed data seems to be corrupt, XZ_DATA_ERROR is returned.
366  * This can happen also when incorrect dictionary, uncompressed, or
367  * compressed sizes have been specified.
368  *
369  * With XZ_PREALLOC only: As an extra feature, b->out may be NULL to skip over
370  * uncompressed data. This way the caller doesn't need to provide a temporary
371  * output buffer for the bytes that will be ignored.
372  *
373  * With XZ_SINGLE only: In contrast to xz_dec_run(), the return value XZ_OK
374  * is also possible and thus XZ_SINGLE is actually a limited multi-call mode.
375  * After XZ_OK the bytes decoded so far may be read from the output buffer.
376  * It is possible to continue decoding but the variables b->out and b->out_pos
377  * MUST NOT be changed by the caller. Increasing the value of b->out_size is
378  * allowed to make more output space available; one doesn't need to provide
379  * space for the whole uncompressed data on the first call. The input buffer
380  * may be changed normally like with XZ_PREALLOC. This way input data can be
381  * provided from non-contiguous memory.
382  */
383 extern enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s,
384 					struct xz_buf *b);
385 
386 /**
387  * xz_dec_microlzma_end() - Free the memory allocated for the decoder state
388  * @s:          Decoder state allocated using xz_dec_microlzma_alloc().
389  *              If s is NULL, this function does nothing.
390  */
391 extern void xz_dec_microlzma_end(struct xz_dec_microlzma *s);
392 
393 /*
394  * Standalone build (userspace build or in-kernel build for boot time use)
395  * needs a CRC32 implementation. For normal in-kernel use, kernel's own
396  * CRC32 module is used instead, and users of this module don't need to
397  * care about the functions below.
398  */
399 #ifndef XZ_INTERNAL_CRC32
400 #	ifdef __KERNEL__
401 #		define XZ_INTERNAL_CRC32 0
402 #	else
403 #		define XZ_INTERNAL_CRC32 1
404 #	endif
405 #endif
406 
407 /*
408  * If CRC64 support has been enabled with XZ_USE_CRC64, a CRC64
409  * implementation is needed too.
410  */
411 #ifndef XZ_USE_CRC64
412 #	undef XZ_INTERNAL_CRC64
413 #	define XZ_INTERNAL_CRC64 0
414 #endif
415 #ifndef XZ_INTERNAL_CRC64
416 #	ifdef __KERNEL__
417 #		error Using CRC64 in the kernel has not been implemented.
418 #	else
419 #		define XZ_INTERNAL_CRC64 1
420 #	endif
421 #endif
422 
423 #if XZ_INTERNAL_CRC32
424 /*
425  * This must be called before any other xz_* function to initialize
426  * the CRC32 lookup table.
427  */
428 XZ_EXTERN void xz_crc32_init(void);
429 
430 /*
431  * Update CRC32 value using the polynomial from IEEE-802.3. To start a new
432  * calculation, the third argument must be zero. To continue the calculation,
433  * the previously returned value is passed as the third argument.
434  */
435 XZ_EXTERN uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc);
436 #endif
437 
438 #if XZ_INTERNAL_CRC64
439 /*
440  * This must be called before any other xz_* function (except xz_crc32_init())
441  * to initialize the CRC64 lookup table.
442  */
443 XZ_EXTERN void xz_crc64_init(void);
444 
445 /*
446  * Update CRC64 value using the polynomial from ECMA-182. To start a new
447  * calculation, the third argument must be zero. To continue the calculation,
448  * the previously returned value is passed as the third argument.
449  */
450 XZ_EXTERN uint64_t xz_crc64(const uint8_t *buf, size_t size, uint64_t crc);
451 #endif
452 
453 #ifdef __cplusplus
454 }
455 #endif
456 
457 #endif
458