V3 Onion Services With Client Authorization

[bitmold]

This introduces V3 Onion Services to Orbot. Right now this does not support client authorization, just the creation of V3 Onion via the user interface or through an Intent call from another application.

Currently you can backup and restore V3 Onion Services to/from disk.

There are a lot of ways in which this implementation follows the code for traditional V2 services, but be that as it may I've decided to be very selective about code reuse from V2 since in the not too distant future those services will be dropped and we'll likely want to remove a lot of it from Orbot altogether. It also would be desirable to allow users to migrate an existing V2 service to V3 but at this time that remains unimplemented.

Making this PR a "draft" right now because there remains a few things to be polished...

[bitmold]

The main menu UI for "Onion Services" has "Hosted Services" which takes you to an Activity for managing V3 Onion Services, and a new deprecated V2 submenu which allows the user to maintain their V2 Onion Services and associated client cookies

[bitmold]

The UI for V3 Onion Services is deeply similar to the old V2 UI in Orbot. Here's a small demo of deleting/restoring a service i made up with fake information.

[bitmold]

When testing this, I think the following areas should be put under special consideration:

• The coexistence of V2 and V3 services. Especially ones pointing to the same location.
• Backup and restore of Onion Services on newer versions of Android (30) as well as the pre lollipop versions we support and ship with the WRITE_EXTERNAL_STORAGE permission (APIs 16, 17, and 18)
• Being able to externally spin up a v3 onion service from outside of Orbot.

[bitmold]

At this point the remaining work to be done with this is just the creation of V3 Onion Services from other apps. I'm currently forking NetCipher to add support for a new Intent that's able to talk to Orbot from OrbotHelper in the same way that library uses the org.torproject.android.REQUEST_HS_PORT Intent action for v2 hidden services.

[bitmold]

This PR coincides with guardianproject/NetCipher#80

[eighthave]

Overall looks good, see comments for things that could be improved. I'm not familiar with the old Hidden Service code, so some of my comments might be due to my ignorance there.

[bitmold]

This pull request has changed a lot and I had to take a step back from it for about 2 months.

To summarize all of the changes this PR Includes:

• Creation of v3 onions in Orbot (though these onions are public for the time being) (This partially addresses v3 onion address generation possible in Orbot? #216)
• Integration with netcipher to have other apps create v3 onions in Orbot (also public)
• Ability to connect to non public v3 Onion Services via Client Authorization (This fully addresses Feature Request: Add 'client authorization' option for v3 onion service. #265)
  • Users can add the onion and key hash through the user interface, as well as import a formatted prexisting *.auth_private file for a service. There's basic stuff to backup/restore *.auth_privates into and out of Orbot

[bitmold]

Screenshot of client authorization being enabled on some random v3 service

Screenshot of field to add new v3 client auth info

[bitmold]

If you want to, you can export *.auth_private client authorization configuration information from Orbot to the external phone storage. Similarly Orbot can import this config info

[n8fr8]

Woohoo!