4 files changed, 187 insertions, 1 deletions
diff --git a/phpBB/phpbb/passwords/driver/argon2i.php b/phpBB/phpbb/passwords/driver/argon2i.php
new file mode 100644
index 0000000000..03368f6361
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/argon2i.php
@@ -0,0 +1,78 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class argon2i extends base_native
+{
+	/** @var int Maximum memory (in bytes) that may be used to compute the Argon2 hash */
+	protected $memory_cost;
+
+	/** @var int Number of threads to use for computing the Argon2 hash */
+	protected $threads;
+
+	/** @var int Maximum amount of time it may take to compute the Argon2 hash */
+	protected $time_cost;
+
+	/**
+	* Constructor of passwords driver object
+	*
+	* @param \phpbb\config\config $config phpBB config
+	* @param \phpbb\passwords\driver\helper $helper Password driver helper
+	* @param int $memory_cost Maximum memory (optional)
+	* @param int $threads Number of threads to use (optional)
+	* @param int $time_cost Maximum amount of time (optional)
+	*/
+	public function __construct(\phpbb\config\config $config, helper $helper, $memory_cost = 1024, $threads = 2, $time_cost = 2)
+	{
+		parent::__construct($config, $helper);
+
+		/**
+		 * For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor
+		 * See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266
+		 * Don't allow cost factors to be below default settings where possible
+		 */
+		$this->memory_cost = max($memory_cost, defined('PASSWORD_ARGON2_DEFAULT_MEMORY_COST') ? PASSWORD_ARGON2_DEFAULT_MEMORY_COST : 1024);
+		$this->time_cost   = max($time_cost, defined('PASSWORD_ARGON2_DEFAULT_TIME_COST') ? PASSWORD_ARGON2_DEFAULT_TIME_COST : 2);
+		$this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ?
+									PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_algo_name()
+	{
+		return 'PASSWORD_ARGON2I';
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_options()
+	{
+		return [
+			'memory_cost' => $this->memory_cost,
+			'time_cost'   => $this->time_cost,
+			'threads'     => $this->threads
+		];
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return '$argon2i$';
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/argon2id.php b/phpBB/phpbb/passwords/driver/argon2id.php
new file mode 100644
index 0000000000..9e4b08bbb9
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/argon2id.php
@@ -0,0 +1,33 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+class argon2id extends argon2i
+{
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_algo_name()
+	{
+		return 'PASSWORD_ARGON2ID';
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function get_prefix()
+	{
+		return '$argon2id$';
+	}
+}
diff --git a/phpBB/phpbb/passwords/driver/base_native.php b/phpBB/phpbb/passwords/driver/base_native.php
new file mode 100644
index 0000000000..87498327f9
--- /dev/null
+++ b/phpBB/phpbb/passwords/driver/base_native.php
@@ -0,0 +1,75 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\passwords\driver;
+
+abstract class base_native extends base
+{
+	/**
+	* Return the constant name for this driver's algorithm
+	*
+	* @link https://www.php.net/manual/en/password.constants.php
+	*
+	* @return string
+	*/
+	abstract public function get_algo_name();
+
+	/**
+	* Return the options set for this driver instance
+	*
+	* @return array
+	*/
+	abstract public function get_options();
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function check($password, $hash, $user_row = [])
+	{
+		return password_verify($password, $hash);
+	}
+
+	/**
+	* Return the value for this driver's algorithm
+	*
+	* @return integer
+	*/
+	public function get_algo_value()
+	{
+		return constant($this->get_algo_name());
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hash($password)
+	{
+		return password_hash($password, $this->get_algo_value(), $this->get_options());
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function is_supported()
+	{
+		return defined($this->get_algo_name()) && function_exists('password_hash') && function_exists('password_needs_rehash') && function_exists('password_verify');
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function needs_rehash($hash)
+	{
+		return password_needs_rehash($hash, $this->get_algo_value(), $this->get_options());
+	}
+}
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index fad76a9fe5..54e6dce4be 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -250,7 +250,7 @@ class manager
 
 	/**
 	* Check supplied password against hash and set convert_flag if password
-	* needs to be converted to different format (preferrably newer one)
+	* needs to be converted to different format (preferably newer one)
 	*
 	* @param string $password Password that should be checked
 	* @param string $hash Stored hash